Software verification system, method and computer program element

US 20030135746A1
Filed: 01/14/2002
Published: 07/17/2003
Est. Priority Date: 01/14/2002
Status: Active Grant

First Claim

Patent Images

1. A verification system for a computer software installation, comprising:

a primary library file, the primary library file having a digital signature;

a loader program arranged to obtain a digital signature key and further arranged to load the primary library file; and

a plurality of secondary files arranged to be referenced by the primary library file, each of the plurality of secondary files having a digital signature;

wherein the loader program is arranged to verify and selectively load the primary library file by comparing the obtained digital signature key with the digital signature of the primary library file, the primary library file being further arranged to subsequently verify and selectively load the plurality of secondary files by calling the loader program to compare the obtained digital signature key with the digital signature of each of the plurality of secondary files.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A software security system is arranged to verify the authenticity of each element of a Java Virtual Machine installation. A digital signature is attached to each file of the JVM installation. A loader (20) verifies the digital signature of the JVM DLL (30). The JVM DLL 30 then verifies the digital signature of each other DLL and configuration file to be loaded (40, 50, 60, 70), and only loads those files which have successfully verified digital signatures. In this way the security of the JVM is enhanced, a user has greater confidence that the Java applications will function correctly, and the detection of incorrect or damaged JVM installations is improved.

Citations

13 Claims

1. A verification system for a computer software installation, comprising:
- a primary library file, the primary library file having a digital signature;
  
  a loader program arranged to obtain a digital signature key and further arranged to load the primary library file; and
  
  a plurality of secondary files arranged to be referenced by the primary library file, each of the plurality of secondary files having a digital signature;
  
  wherein the loader program is arranged to verify and selectively load the primary library file by comparing the obtained digital signature key with the digital signature of the primary library file, the primary library file being further arranged to subsequently verify and selectively load the plurality of secondary files by calling the loader program to compare the obtained digital signature key with the digital signature of each of the plurality of secondary files.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The verification system of claim 1, further characterised by:
    - the plurality of files including at least one tertiary file referenced by at least one secondary file of the plurality of secondary files, wherein after successful verification and selective loading of the at least one secondary file, the at least one secondary file is arranged to manage the verification and selective loading of the at least one tertiary file.
  - 3. The verification system of claim 2, further characterised by:
    - the digital signature key being a public key obtained via the internet.
  - 4. The verification system of claim 2, further characterised by:
    - the digital signature key being a hidden public key internal to the loader program, the loader program being arranged to use the hidden public key in the event that a public key cannot be obtained via the internet.
  - 5. The verification system of claim 2, further characterised by:
    - the digital signature key comprising a number of keys including a private key provided by an administrator, wherein the plurality of files includes at least one administrator-configurable file, and wherein the loader program is further arranged to verify the digital signature of the at least one administrator-configurable file using the private key.
  - 6. The verification system of claim 5, further characterised by:
    - the software installation being a Java Virtual Machine installation.

7. A verification method for a computer software installation, the method comprising the steps of:
- launching a loader program arranged to load files and further arranged to obtain a digital signature key;
  
  using the loader program to verify the authenticity of a digital signature incorporated in a primary library file by comparing said digital signature with the digital signature key;
  
  selectively loading the primary library file in dependence upon the successful verification of its digital signature;
  
  using the primary library file and the loader program to verify the authenticity of digital signatures incorporated in each of the secondary files by comparing them with the digital signature key; and
  
  , selectively loading the secondary files in dependence upon the successful verification of their digital signatures.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The verification method of claim 7, further characterised by:
    - the plurality of files including at least one tertiary file referenced by at least one secondary file of the plurality of secondary files, the method comprising the further steps of;
      
      after successful verification and selective loading of the at least one secondary files;
      
      using the at least one secondary file to manage the verification and selective loading of the at least one tertiary file.
  - 9. The verification method of claim 8, further characterised by:
    - the digital signature key being a public key obtained via the internet.
  - 10. The verification method of claim 8, further characterised by:
    - the digital signature key being a hidden public key internal to the loader program, the loader program being arranged to use the hidden public key in the event that a public key cannot be obtained via the internet.
  - 11. The verification method of claim 8, further characterised by:
    - the digital signature key comprising a number of keys including a private key provided by an administrator, wherein the plurality of files includes at least one administrator-configurable file, and wherein the loader program is further arranged to verify and selectively load the digital signature of the at least one administrator-configurable file using the private key.
  - 12. The verification method of claim 8, further characterised by:
    - the software installation being a Java Virtual Machine installation.
  - 13. A computer program element comprising computer program means for performing the method of claim 7.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
International Business Machines Corporation
Inventors
Pistoia, Marco, Nadalin, Anthony Joseph, Koved, Lawrence, Abbott, Paul Harry

Granted Patent

US 7,496,757 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/53   by executing in a restricte...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

Software verification system, method and computer program element

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Software verification system, method and computer program element

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links