Security information for software parts
First Claim
Patent Images
1. A method of identifying a software part, comprising:
- signing security information for the software part with a security information digital signature to form signed security information, wherein the security information identifies a security policy for the software part that specifies how the software part is checked based on whether the software part is critical or non-critical;
signing the software part with a software part digital signature;
checking the software part digital signature using the signed security information, wherein the signed security information includes information that indicates how the software part digital signature is checked to determine whether the software part is correct, such that the security information identifies an acceptable digital signature for the software part digital signature, an acceptable certificate authority, and an approved system on which the software part is approved to be used; and
in response to a determination that the software part digital signature is correct, associating the signed security information with the software part such that the software part includes the signed security information.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method of identifying a security policy for a software part. Security information for the software part is signed with a security information digital signature to form signed security information. The security information identifies a security policy for the software part. The signed security information is associated with the software part.
-
Citations
19 Claims
-
1. A method of identifying a software part, comprising:
-
signing security information for the software part with a security information digital signature to form signed security information, wherein the security information identifies a security policy for the software part that specifies how the software part is checked based on whether the software part is critical or non-critical; signing the software part with a software part digital signature; checking the software part digital signature using the signed security information, wherein the signed security information includes information that indicates how the software part digital signature is checked to determine whether the software part is correct, such that the security information identifies an acceptable digital signature for the software part digital signature, an acceptable certificate authority, and an approved system on which the software part is approved to be used; and in response to a determination that the software part digital signature is correct, associating the signed security information with the software part such that the software part includes the signed security information. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus, comprising:
-
a security information generator configured to generate security information for a software part, wherein the security information identifies a security policy for the software part, wherein the security policy specifies how the software part is checked based on whether the software part is critical or non-critical, and the signed security information indicates how a software part digital signature is checked to determine whether the software part is correct, such that the signed security information identifies an acceptable digital signature for the software part digital signature, an acceptable certification authority, and an approved system on which the software part is approved to be used; a security information signer configured to; sign the security information for the software part with a security information digital signature to form the signed security information; sign the software part with the software part digital signature; and a security information associator configured to; check the software part digital signature using the signed security information; and associate the signed security information with the software part in response to a determination that the software part is correct such that the software part includes the signed security information. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A method of identifying a security policy for a software part, comprising:
-
receiving, by a processor unit on a vehicle, the software part and security information for the software part, wherein the security information identifies the security policy for the software part, is signed with a security information digital signature, and is associated with the software part, wherein the security policy specifies how the software part is checked based on whether the software part is critical or non-critical, and wherein the software part is signed with a software part digital signature that is included with the software part; checking the security information digital signature, by the processor unit on the vehicle, to determine whether the security information is correct based on the security information, such that the security information identifies an acceptable digital signature for the software part digital signature, an acceptable certificate authority, and an approved system on which the software part is approved to be used; and in response to a determination that the security information is correct, using the signed security information to check the software part, by the processor unit on the vehicle, to determine whether the software part is correct. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification