Method and system for controlled distribution of application code and content data within a computer network
First Claim
Patent Images
1. A method for secure communication between a client and a server in a database processing system, the method comprising:
- generating a client message at the client;
retrieving an embedded server public key from a read-only memory structure in an article of manufacture in the client, the read-only memory structure having an embedded client private key, the embedded server public key and the embedded client private key not being related by a public/private key pair relationship, the embedded client private key being associated with a client public key generated and stored exclusively outside the client;
encrypting the client message with the embedded server public key;
sending the client message to the server;
receiving a server message including application code from the server at the client in response to the client message, the application code having a first portion encrypted with a server private key and a second portion which is not encrypted by a public key algorithm, wherein the first portion of the application code is small relative to the second portion of the application code;
authenticating the first portion of the application code with the embedded server public key; and
authenticating the second portion of the application code using an integrity checking algorithm that is less computationally expensive than a public key algorithm,wherein the application code is either program source code or compiled program source code.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure communication methodology is presented. The client device is configured to download application code and/or content data from a server operated by a service provider. Embedded within the client is a client private key, a client serial number, and a copy of a server public key. The client forms a request, which includes the client serial number, encrypts the request with the server public key, and sends the download request to the server. The server decrypts the request with the server'"'"'s private key and authenticates the client. The received client serial number is used to search for a client public key that corresponds to the embedded client private key. The server encrypts its response, which includes the requested information, with the client public key of the requesting client, and only the private key in the requesting client can be used to decrypt the information downloaded from the server.
140 Citations
5 Claims
-
1. A method for secure communication between a client and a server in a database processing system, the method comprising:
-
generating a client message at the client; retrieving an embedded server public key from a read-only memory structure in an article of manufacture in the client, the read-only memory structure having an embedded client private key, the embedded server public key and the embedded client private key not being related by a public/private key pair relationship, the embedded client private key being associated with a client public key generated and stored exclusively outside the client; encrypting the client message with the embedded server public key; sending the client message to the server; receiving a server message including application code from the server at the client in response to the client message, the application code having a first portion encrypted with a server private key and a second portion which is not encrypted by a public key algorithm, wherein the first portion of the application code is small relative to the second portion of the application code; authenticating the first portion of the application code with the embedded server public key; and authenticating the second portion of the application code using an integrity checking algorithm that is less computationally expensive than a public key algorithm, wherein the application code is either program source code or compiled program source code. - View Dependent Claims (2, 3)
-
-
4. A method for secure communication between a client and a server in a data processing system, the method comprising:
-
receiving a client message from the client; retrieving a server private key; decrypting the client message with the server private key; retrieving a client serial number from the decrypted client message; retrieving a client public key that is associatively stored with the retrieved client serial number, wherein the client public key corresponds to an embedded client private key in a read-only memory structure in an article of manufacture in the client and is generated and stored exclusively outside the client; and generating a server message including application code at the server in response to the client message, the application code having a first portion encrypted with the server private key and a second portion which is not encrypted by a public key algorithm, the first portion being authenticable with a server public key and the second portion being authenticable with an integrity checking algorithm that is less computationally expensive than a public key algorithm, wherein the first portion of the application code is small relative to the second portion of the application code; wherein the read-only memory structure has an embedded server public key, the embedded server public key and the embedded client private key not being related by a public/private key pair relationship, wherein the application code is either program source code or compiled program source code. - View Dependent Claims (5)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsHofstee, Harm Peter, Kahle, James Allan, Dubey, Pradeep K., Craft, David John
-
Primary Examiner(s)Pich; Ponnoreay
-
Application NumberUS09/833,342Publication NumberTime in Patent Office3,106 DaysField of Search380201-203, 380/258, 380268-273, 380277-286, 380 44- 47, 380/30, 709201-206, 709208-211, 709217-219, 711/4, 711100-103, 711154-164, 711/216, 712/32, 712/34, 712 36- 38, 713150-152, 713155-156, 713159-162, 713168-176, 713180-194, 713200-201, 717171-178US Class Current726/22CPC Class CodesH04L 2463/102 applying security measure f...H04L 63/0823 using certificates cryptogr...H04L 63/126 the source of the received ...H04L 63/145 the attack involving the pr...
