[go: up one dir, main page]

HK1000846B - System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources - Google Patents

System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources Download PDF

Info

Publication number
HK1000846B
HK1000846B HK97102468.3A HK97102468A HK1000846B HK 1000846 B HK1000846 B HK 1000846B HK 97102468 A HK97102468 A HK 97102468A HK 1000846 B HK1000846 B HK 1000846B
Authority
HK
Hong Kong
Prior art keywords
program
object class
message digest
verifiable
anprogram
Prior art date
Application number
HK97102468.3A
Other languages
Chinese (zh)
Other versions
HK1000846A1 (en
Inventor
查尔斯‧E‧麦克马尼斯
Original Assignee
太阳微系统有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US08/569,398 external-priority patent/US5692047A/en
Application filed by 太阳微系统有限公司 filed Critical 太阳微系统有限公司
Publication of HK1000846B publication Critical patent/HK1000846B/en
Publication of HK1000846A1 publication Critical patent/HK1000846A1/en

Links

Abstract

A computer system includes a program executer that executes verifiable architecture neutral programs and a class loader that prohibits the loading and execution of non-verifiable programs unless the non-verifiable program resides in a trusted repository of such programs, or the non-verifiable program is indirectly verifiable by way of a digital signature on the non-verifiable program that proves the program was produced by a trusted source. Each object classes include at least one program, each program comprising a program selected from the group consisting of architecture neutral programs and architecture specific programs, a specified one of object classes is loaded into a user address space for execution when execation of any program in the one object class is requested.

Description

System and method for executing verifiable program
Technical Field
The present invention relates generally to distributed computer systems and, more particularly, to a system and method wherein a program interpreter of a program whose integrity is verifiable includes a means for using a non-verifiable program from a trusted source and for denying execution of other non-verifiable programs.
Background
The term "structure" as defined herein is intended to mean the operational characteristics of a type of computer model. Examples of different structures are: apple (Macintosh) computers, IBM PC machines using DOS or Windows operating systems, SUN Microsystems computers running Solaris operating systems, and computer systems using Unix operating systems.
The term "neutral architecture" as defined herein means the ability of a program, such as a program written in the Java (a trademark of Sun microsystems, Inc.), to execute on a variety of computer platforms employing several different computer architectures.
The term "specific structure" is defined herein to mean the requirement for a program to be executed on a computer platform that employs only a single computer structure. For example, an object code program written in the 80486 assembly language can only be executed on a computer that employs an IBM PC compatible architecture (the program also executes in other computers that include IBMPC compatible machine emulators).
Important features of the neutral architecture program (ANProgram) include the structural independence of programs written in the neutral architecture language (ANLanguage). For example, a Java bytecode program can be executed on any computer platform having a Java bytecode compiler. Another important feature of Java bytecode programs is that their integrity is checked directly by the Java bytecode verifier before execution. The Java bytecode verifier determines whether the program meets a predetermined integrity criterion. Such criteria include operand stack and data type usage restriction rules, which ensure that the Java bytecode program does not overflow or underflow the operand stack of the execution computer and that all program instructions use only data of known data types. As a result, Java bytecode programs cannot generate object pointers and typically cannot access system resources that are not explicitly authorized for use by the user.
Unfortunately, the distributed executable program written in ANLanguange makes the ANProgramm less efficient to run than it would be if it were able to take advantage of a particular architecture. For example, Java bytecode interpreters typically execute Java bytecode programs with a runtime that is 2.5 to 5 times slower than the runtime of equivalent structure-specific programs (ASProgram) compiled with the corresponding structure-specific language (ASLanguage). This is certainly a significant efficiency penalty when in fact the factor of five times the speed penalty is considered to be particularly unsuitable for an ANProgram executor such as an interpreter, as some users may require or persist with the ability to use equivalent programs compiled in an ASLanguage.
A compiler that can compile the ANProgram into an equivalent ASPromgram can be written. However, they can be prohibitively expensive for the end user. Furthermore, the integrity of an equivalent compiled aspprogram cannot be verified directly from the compiled aspprogram code by the ANProgram integrity checker. Thus, in a Java bytecode program, using an ANProgram compiled into an equivalent ASProgram may result in a loss of one of the most valuable features of anlangue.
However, there are some legitimate tasks that can be performed by integrity-non-verifiable ASProgram but not by integrity-verifiable ANProgram, including tasks that would otherwise violate the operand stack and data type usage restriction rules applied to integrity-verifiable ANProgram. In addition, such ASPROGRAMs perform much faster than ANPROGRAMs. As a result, there is good reason why it is desirable to design a computer system that not only primarily executes integrity-verifiable ANProgram, but also has the capability of executing integrity-non-verifiable ASProgram.
Although it is possible for an ANProgram to be compiled by a third party, such compilation requires that the third party be authenticated, i.e., it must be possible to verify in the compiled ASProgram information that the information was compiled by a particular trusted third party. Preferably, it should also be possible to certify that the compiled aspprogram is generated by a specific reliable compiler. Also, since the integrity of the compiled aspprogram cannot be verified directly in view of the predetermined integrity criterion, the compiled aspprogram should include information that identifies the corresponding ANProgram and ASLanguage being compiled in a verifiable manner.
Disclosure of Invention
It is, therefore, an object of the present invention to provide an ANProgram compiler and a compiling method that enable a user of an aspprogram compiled from a corresponding ANProgram to authenticate a compiler of the ANProgram, the corresponding ANProgram, and an ASLanguage for compiling the aspprogram.
It is another object of the present invention to provide an ANProgram executor and execution method that enables an executed integrity-verifiable ANProgram to invoke integrity-unverifiable asprograms that are reliable or have verifiable sources and compilation information to enable execution of substantially all legitimate tasks while preventing the source, compilation information, and integrity-unverifiable asprograms from being invoked.
In summary, the present invention includes a program executor for executing a verifiable neutral structure program, and a class loader that prevents the loading and execution of a non-verifiable program unless (A) the non-verifiable program resides in a trusted save area of such program, or (B) the non-verifiable program is indirectly verified by a digital mark generated on the non-verifiable program that proves that the program was generated by a trusted source.
In a preferred embodiment. Each verifiable program is a structure-neutral program that is embodied in an object class having a numeric token that includes a message digest uniquely associated with the program.
The non-verifiable programs are embodied as object classes that contain a key that indicates that the program (called a method) is a non-verifiable program. In the preferred embodiment, the non-verifiable program is typically a structured program compiled using a compiler. Each such object class includes:
compiled, structure-specific code;
if there is a corresponding neutral structure program (sometimes none), there is information for the corresponding neutral structure program that includes a copy of the message digest for the corresponding neutral structure program;
a digital marker marked with the compiler's private key by a reliable "compiler" that produces the object class (e.g., by compiling the source program); and
if the code in the object class is generated by a compiler, the digital mark is marked by the compiler with the compiler's private key.
A commonly available, trusted public key holding area holds the public key, sometimes also referred to as the designation means, for the compiler and the trusted compiler. Using the public key, all recipients of the object class having the non-verifiable program can decrypt the digital token in the object class to verify that the object class was generated by a trusted party, that the non-verifiable program code for the object class was generated by a specified compiler (if any), and that the identity of the corresponding neutral structure program (if any) was also verified. In addition, in the event that the non-verifiable program code in the object class has a corresponding verifiable program, a potential user of the object class can use the program verifier to verify proper operation of the corresponding verifiable program prior to executing the non-verifiable program code of the object class.
Drawings
Other objects and features of the present invention will become more fully apparent from the following detailed description and appended claims, taken in conjunction with the accompanying drawings, in which:
FIG. 1 is a block diagram of a distributed computer system including a preferred embodiment of the present invention;
FIG. 2 illustrates the structure of a neutral architecture procedure in accordance with a preferred embodiment of the present invention;
FIG. 3 illustrates the structure of a compiled, structure-specific program generated in accordance with a preferred embodiment of the present invention;
FIG. 4 illustrates objects and associated object classes in accordance with a preferred embodiment of the present invention.
Detailed Description
Referring to fig. 1, a computer network 100 is shown having a plurality of client computers 102, a server computer 104 and a trusted key store 106. Client computers 102 are connected to each other and to server computer 104 and trusted key store 106 via network communication connection 108. The network communication connection may be a local or wide area network, the Internet, a combination thereof, or some other type of network communication connection.
If most of the client computers 102 are desktop computers, such as Sun workstations, IBM-compatible computers, and apple computers, the fact that any of the computers may be a client computer. Each client computer includes a CPU110, a user interface 112, a memory 114, and a network communication interface 116. The network communication interface enables the client computers to communicate with each other and with the server computer 104 and the reliable key store 106 via the network communication connection 108.
The memory 114 of each client computer 102 stores an operating system 118, a network communications manager 120, an ANProgram executor 122, an ASProgram executor 124 and an ANProgram integrity checker 126, an ANProgram compile preprocessor 128, a tag generator 130, a tag checker 132, a compiler information (Complnfo) checker 134, an object class loader 136, a user address space 138, a reliable object class save area 140, an unreliable object class save area 142, and a list of known reliable compilers and reliable compilers 144. The operating system is run by the CPU110 and controls and coordinates the execution of the programs 120 on the CPU 136 according to commands sent from the user via the user interface 112.
The ANProgram executor 122 of each client computer 102 executes the ANProgram stored in the object classes in the reliable and unreliable object class holding areas 140 and 142. In addition, the ANProgram program is written in ANLanguage, for which the user can establish predetermined integrity criteria, such as stack and data usage restriction rules, so that the ANProgram does not perform illegal tasks. Thus, by determining whether the ANProgram meets a predetermined integrity criterion, the integrity of the program can be verified directly by the ANProgram integrity checker 126 before execution. These anprograms are therefore considered integrity verifiable anprograms.
In a preferred embodiment, the integrity verifiable ANprogram is written in the Java bytecode language. In addition, the ANProgram executor 122 and the ANProgram integrity checker 126 are a Java bytecode interpreter compiler and a Java bytecode program checker, respectively, that execute and check the Java bytecode program, respectively. The Java bytecode verifier and interpreter are products of Sun Microsystems ltd.
However, each client computer 102 has an associated specific structure under which programs may be written in a corresponding ASLanguage and executed by the ASProgram executor 122. ASLanguge does not require that ASProgramm written in ASLanguge satisfy a predetermined ANLanguge integrity criterion. As a result, the asprograms are able to perform tasks that cannot be performed by the anprograms, since they are not limited by the predetermined anlangue's integrity criteria. Unfortunately, however, this also means that their integrity cannot be verified directly by the ANProgram integrity checker 126, so they are considered integrity-unverifiable.
Nonetheless, as noted previously, the ANProgram runs less efficiently than the same program compiled with aslangugage. Thus, a user of the client computer 102 may wish to have an bioprogram compiled by the server computer 104 with an ASLanguage associated with the user's client computer so that the compiled bioprogram can be executed by the ASProgram executor 124. Alternatively, if the compiled ASPROGRAM is sent and executed by the ASPROGRAM enforcer 124 of another client computer, the user may wish to have the ANPROGRAM compiled with the ASLANGUAGE associated with the other client computer.
Preprocessing structure-neutral programs for compilation
Referring to fig. 1 and 2, if a source (origperty) wishes to have an ANProgram compiled by the server computer 104, origperty sends a command via the user interface 112 to invoke the ANProgram compilation preprocessor 128 and instruct it to preprocess the ANProgram for compilation. The ANprogram may be in an object class that is contained in one of the reliable or unreliable object class holding areas 140 or 142. Table 1 contains pseudo code representing procedures employed by the ANProgram pre-processor 128, which pre-processor 128 pre-processes the ANProgram compiled by the server computer 104. The pseudo code used in tables 1-3 is in a common computer language format. The pseudo code used in this description is for illustration only and is readily understood by any computer programmer skilled in the art.
Referring to fig. 1 and 2 and table 1, the ANProgram compile preprocessor 128 first calls the ANProgram integrity checker 126 and instructs it to check the integrity of the ANProgram code 202 of the ANProgram 200. This is done to ensure that the ANProgram code meets predetermined anlanguane integrity criteria before the ANProgram is sent to the server computer 104 for compilation. If the ANProgram code does not meet the predetermined integrity criteria, the ANProgram integrity checker sends a failure result back to the ANProgram pre-processor. The ANProgram compile preprocessor then terminates the compile preprocessor process and generates an appropriate message indicating this.
However, if the ANProgram code 202 does meet the predetermined integrity criteria, the ANProgram integrity checker 126 returns a pass result to the ANProgram pre-compiler 128. The ANProgram compilation preprocessor then calls the tag generator 130 and instructs it to generate a digital tag of origpity (Digitalsignature)OP)210 that can be verified to ensure that the ANProgram was produced by reliable origpartiy. Mark Generator Generation (Digitalsig)natureOP) Generating a Message Digest (MD) of the ANProgram code 202OP). It first computes a hash function (HashFunction) of the data bits of an ANProgram codeOP). The hash function employed may be a predetermined hash function or a hash function selected by origperty. In this context, due to the HashFunctionOPDigitalsignature for origpertyOPThus, HashFunction was adopted according to origpertyOP
The tag generator 130 then uses the origpity's private key (origpity' sPrivateKey) to generate a Message Digest (MD)OP)212 and HashFunctionOPIdentification of (HashFunction)OPID) 214. The tag generator then adds origpity' sID 216 in the plain to the ends of encrypted items 212 and 214 to form DigitalsignatureOP. The origperty's PrivateKey and ID are provided by origperty via the user interface 112.
In DigitalSignatureOP210, the ANProgram compile preprocessor 128 appends it to the ANProgram code 202. The ANProgram compilation preprocessor then generates a message that indicates that the ANProgram 200 compiled for the server computer 104 has been preprocessed.
Origperty then sends a command to the network communications manager 120 via the user interface 112 to transfer the ANProgram 200 to the server computer 104, along with a variable (aslangie ID) specifying the specific structural language with which the program is to be compiled and a variable (Compiler ID) specifying the Compiler to be employed. The network communications manager retrieves the ANProgram from the reliable or unreliable object class storage area 140 or 142 in which it is stored and provides it to the network communications interface 116. The network communications manager then instructs the network communications interface to communicate the ANprogram and the specified variable to the server computer.
Compiling a structure-neutral program
The transmitted ANProgram 200 is then received by the server computer 104. The server computer includes: a CPU150, a user interface 152, a memory 154, and a network communication interface 156. The network communication interface enables the server computer to communicate with the client computer 102 and the trusted key store 106 via a network communication connection 108.
The memory 154 of the server computer 104 stores an operating system 158, a network communication manager 160, an ANprogram compiler 162, a tag checker 164, an ANprogram integrity checker 166, a tag generator 168, an ANprogram save area 170, and an ASprogram save area 172. An operating system runs on the CPU150 and controls and coordinates the execution of the programs 160 on the CPU 168 according to commands sent by a compiler (CompParty) via the user interface 152.
The network communication interface 156 receives the ANProgram 200 and informs the network communication manager 160 that it has received. Then, the network communication manager places the received ANProgram in the ANProgram holding area 170. If the server computer 104 is configured as an autocomplete device, the network communication manager 160 does so automatically. Otherwise, the network communications manager moves the ANprogram into the save area 170 only when Comparty sends a command via a user interface.
The ANProgram compiler 162 is then invoked to compile the ANProgram 200, either automatically or according to a command sent by Comparty via the user interface 152. Table 2 contains pseudo code employed by the ANProgram compiler to represent the compilation process for compiling the ANProgram.
Referring to fig. 1-2 and table 2, the ANProgram compiler 162 first calls the tag checker 164 to check the digitalgauthentication in the received ANProgram 200OP210 to determine DigitalSignatureOPIndeed, a marker on the source side of the ANProgram (as opposed to, for example, a pseudo marker or origperty marker on some other version of the ANProgram). Specifically, the marker verifier obtains the public key (PublicKey) of origpity from the reliable key holding area 106 using the ID 216 of origpty in Clear Text in the received ANProgram. The marker verifier then utilizes the origperty's public key pairDigitalSigna tureOPMiddle encrypted MDOP212 and HashFunctionOPThe ID241 is decrypted.
The ANProgram 200 is then generated by computing the corresponding HashFunction of the ANProgram code 202 of the received ANProgramOPThe tag checker 164 generates the MD to be decryptedOP212 a detected message digest (TestMD) of the matchOP). Decrypted Digital SignatureOPHas function ofOPThe ID214 is used to determine the correct HashFunction to employOP. Then decrypted MDOPAnd has produced TestMDOPComparing them with each other to verify Digital SignatureOP210。
If MDOP212 and TestMDOPIf there is no match, the tag checker 164 sends a failure result back to the ANProgram compiler 162. The ANProgram compiler then terminates the compilation process and generates an appropriate message.
On the other hand, if MDOP212 and TestMDOPIf there is a match, the tag checker 164 sends a pass result back to the ANProgram compiler 162 and the ANProgram compiler calls the ANProgram integrity checker 166. It instructs the ANProgram integrity checker to check the integrity of the received ANProgram code 202 of the ANProgram. The method and purpose are the same as in the previous discussion of pre-processing the part of the ANProgram used for compilation. Therefore, if the ANProgram code does not meet the predetermined integrity criteria, the ANProgram integrity checker sends a failure result back to the ANProgram compiler. The ANProgram compiler then terminates the compilation process and generates an appropriate message indicating this.
However, if the received ANProgram code 202 of the ANProgram 200 meets the predetermined integrity criterion, the ANProgram integrity checker 166 returns a pass result to the ANProgram compiler 162. The ANProgram compiler then compiles the ANProgram code into an ASLanguage determined by the ASLanguage ID specified by origpty. Referring now to FIGS. 1-3 and Table 2, the compiler combines ANProgram code 202, Digital SignatureOP210 and the compiled ASProgramm code 302 are placed in an ASProgramm vaultThe memory area 172 stores the ASProgram 300.
The ANProgram compiler 162 then calls the tag generator 168 and commands it to generate the ANProgram compiler's digital tag (Digitalsignature)C)320, the numeric indicia 320 can be verified to ensure that the ASProgram 300 is compiled by a reliable ANProgram compiler. This is in contrast to the generation of Digitalsignature described aboveOPIn a similar manner. However, in this case, the identified informational parties are the ASPROGRAM code and DigitaLSignatureOP. With corresponding HashFunctionCAnother predetermined hash function of ID324 may be used to generate the Digitalsignation to be usedCMessage digest MD of identified informational partyC322, the private key of the ANProgram Compiler (Compiler' sPrivateKey) is used to encrypt the MDCAnd HashFunctionCID, and the ANProgram Compiler's identification (Compiler's ID) is added to the encrypted MD in the clearCAnd HashFunctionCThe end of the ID. The Compiler's scrivatekey and the Compiler's ID are provided by the ANProgram Compiler.
The ANProgram compiler 162 calls the token generator 168 a second time to generate a Digital token (Digital Signature) for the compiler (ComParty)CP)312, the digital signature 312 can be verified by the end user to ensure that the ASProgram 300 is produced by authentic compaparty. This is in contrast to the generation of Digitalsignature described aboveOP(in discussing preprocessing the ANProgram portion for compilation) in a similar manner. However, here by computing a predetermined or selected hash function (HashFuncti) of the data bits of the ASProgram codeonCP)、DigitalSignatureOPOr DigitalSignatureCTo generate DigitaltSignatureCPMessage Digest (MD)CP)314. Same HashFunctionOPSimilarly, herein, due to HashFunctionCPDigitalsignature for ComppertyCPHence the Digitalsignation adopted according to CompPartyCP
The mark generator 168 then encrypts the MD with the ComParty's private key (ComParty's PrivateKey)CP314 and HashFuncttionCPID of (A), (B)HashFunctionCPID) 316. The tag generator then adds CompParty's identification 318 to the end of encrypted items 314 and 316 in the clear to form a DigitaLSignatureCP312. The ComParty's PrivateKey and ID are provided by ComParty via the user interface 152.
In DigitalSignatureC320 and DigitalSignatureCP312, the ANProgram compiler 162 appends them to the aspprogram code 302 so that the resulting compiled aspprogram file or object code has the following components:
the code of the ANprogram is used to select the ANprogram,
DigitalSignatureOP
the code of the ASprogram (r) is,
DigitalSignatureCand an
DigitalSignatureCP
The ANProgram compiler then generates a message stating that the ANProgram 200 has been compiled into an ASProgram 300 and is ready to be sent to origParty.
Comparity then utilizes the network communications manager 160 to transfer the ASprogram 300 to the origportiy client computer 102. The network communications manager does this by retrieving the ASprogram from the ASprogram repository 172 that stores the ASprogram and provides it to the network communications interface 156. The network communications manager then instructs the network communications interface to transmit the ANprogram to the origportiy client computer.
Object and object class generation and distribution
The transferred ASProgram 300 is then received by the origpatch client computer's network communication interface 116 and notifies the network communication manager 120 that it has received. Origpartity then issues a command via the user interface 152 instructing the network communications manager to retrieve the ASProgram received from the network communications interface, causing the network communications manager to place the received ASProgram into the unreliable object class holding area 142 of the origpartity client computer. Once completed, origperty may treat the retrieved ASprogram as a new object class for only one method (i.e., compiled program code), or may generate an object class that includes ASprogram 300 and other ANprogram and ASprograms.
FIG. 4 illustrates an exemplary object class 400 in accordance with the present invention. The object classes may include one or more ASPROGRAMs 402 and/or one or more ANPROGRAMs 404 and a virtual function table 410. For each ASPROGRAM, the VIEW table contains a corresponding identifier (native _ ASPROGRAM ID)412 that indicates that the program is an ASPROGRAM (i.e., native program) and not a program compiled using ANLanguage, and a corresponding pointer 414 is pointed to the native program. Likewise, for each ANprogram, the virtual function table contains a corresponding identification (ANprogram ID)416 and a corresponding pointer (Ptr)418 to the ANprogram. Each object 420 of such an object class includes an object header 422 that points to the object class 400.
Thus, origperty can generate an object 420 and an object class 400 using the ASprogram 300 received from the server computer 104 as an ASprogram 402 in the object class.
If origperty wishes to distribute an object and object class, including ASprogram 300 and ANprogram, to different executors (executeParty), origperty issues a command via user interface 112 instructing the network communications manager to pass these items to the executeParty client computer 102. The network communications manager does this by retrieving the items from the unreliable object class store 142 where they are stored and provides them to the network communications interface 116 via appropriate transport instructions. Additionally, origpartity's network traffic manager may respond to requests made by an ExecuteParty to copy a particular object class 400.
Execution of structure-specific and structure-neutral programs in object classes
The network communication interface 116 of the client computer 102 receives the communicated object and object class and notifies the network communication manager that it has been received. Thus, ExecuteParty issues a command via the user interface 112 instructing the network communications manager to retrieve the objects and object classes received from the network communications interface. The network communications manager then stores the received object and object class in the unreliable object class store 142.
The unreliable object class save area 142 of each client computer 102 includes unreliable objects and their associated object classes. These object classes are unreliable because any ANProgram they contain has not been checked for their integrity, and for any ASProgram they contain has not been checked for the integrity of their source, nor has it been compiled from the corresponding ANProgram.
The reliable object class holding area 140 of each client computer 102 includes reliable objects and their associated object classes. These object classes are reliable because any ANProgram they contain has their integrity verified by the ANProgram integrity checker 126 and any ASProgram they contain has been confirmed to be reliable. In fact, some or all of the object classes in the reliable object class save area 140 need not have numerical labels because the target classes are reliable and there is no reason to perform an integrity check on the methods of the object classes.
An ideal object class would include primarily ANProgram but may also include ASProgram so that substantially all legitimate tasks for that object class can be performed, as previously described. Thus, the ANProgram executor 122 is capable of executing an integrity-verifiable ANProgram and invoking the ASProgram executor to execute an integrity-non-verifiable ASProgram that is either (1) in a reliable object class in the reliable object class repository 140 or (2) in an unreliable object class in the unreliable object class repository 142 and has a verifiable DigitaLsignatureOP、DigitalSignatureCPAnd DigitalSignatureCInformation so that substantially all legitimate tasks can be performed. Thus, it does not have DigitalsignationOP、DigitalSignatureCPAnd DigitalSignatureCASProgramms of unreliable object classes whose information or its digital signature cannot be verified are prohibited from executing. Table 3 contains pseudo code employed by the ANProgram executor to represent the execution process.
Referring to fig. 1-4 and table 3, in an executepperty (e.g., origperty or another party) client computer 102, an ANProgram executor 122 may execute an ANProgram that attempts to invoke a method in a particular object class. Initially the method call is processed by object class loader 136, and object class loader 136 determines whether the object class has been loaded. If the object class has been loaded into the Executeparty user address space 138, the ANProgram executor 122 executes the called method if the called method is an ANProgram, and the ASProgram executor 124 executes the called method if the called method is an ASProgram.
However, if the object class is not loaded into Executeparty's user address space 138, object class loader 136 loads the object class into Executeparty's user address space and determines whether execution of the invoked method is permitted. For example, if the object class is loaded from the reliable object class save area 140, the called method is allowed to be executed and an execution procedure is called. If the called method is an ANprogram, the execution process (see Table 3) calls the ANprogram executor, or else calls the ASprogram executor 124 to execute the called method.
However, if the object class is loaded from the unreliable object class store 142, the object class loader 136 checks the object header of the object to determine if its object class contains any ASprogram. It does this by determining if a native _ ASProgram ID exists in the virtual function table of the object.
If there are no ASPROGRAMs in the object class, the object class loader 136 calls the ANPROGRAM integrity checker 126 to check the integrity of the ANPROGRAM in the object class. This is the same way and for the purpose of verifying the integrity of the ANProgram 200 (in the section discussing the compilation of an ANProgram) as described previously. So, if the integrity of any ANprogram is not verified, the ANprogram integrity checker passes a failure result back to the class loader and the class loader terminates the class loading process and generates an appropriate message indicating this. However, if the ANProgram integrity checker returns a pass result indicating that all ANPrograms of the object class are checked, the class loader can execute the calling method.
If there are any ASPROGRAMs in the object class, the object class loader 136 calls the tag checker 132 to check the compiler tag DigitaSignatureCAnd ComParty tag DigitalsignatureCP. If any ASPROGRAM does not include a digitalSignatureCPAnd a digitalSignatureCThe integrity of the source of the ASProgram cannot be verified and therefore the tag verifier sends a failure result back to the ANProgram executor. The class loader then terminates the object class load call and generates an appropriate message indicating that this has occurred.
Furthermore, if all ASPROGRAMs in the object class do not contain a DigitaLSignatureCPAnd a digitalSignatureCThe identification of the compiler and the party indicated in the two numerical labels are compared to the reliable compiler or reliable compiler known list 144. If any ASPROGRAM in the object class is compiled by ComParty or a compiler not included in known trusted and trusted compiler parties, the object class loading process is terminated, thereby preventing execution of the invoked method. If the ASLanguage determined in any ASProgram does not match the ASLanguage employed by the ASProgram executor 124, the object class loading process is likewise terminated.
However, if all ASPROGRAMs in the object class include a DigitalsignatureCPAnd a digitalSignatureCAnd determining ComParty and compiler to be reliable for all ASProgramsThe compiler and compiler of (a), and the ASLanguage used by all ASProgram executors are used by the ASProgram executors, the verifier is marked to be identical to the one described above for verifying DigitalSignatureOPThese flags are checked in the same manner as discussed in the section of the ANProgram 200. However, in this case, the compiler and the ComParty's public key are retrieved from the reliable Key holder 106 and used to decrypt the DigitaSignature, respectivelyCMD inCAnd HashFunctionCID and digitalSignatureCPMD inCPAnd HashFunctionCPAnd (4) ID. In addition, corresponding to the decrypted MDCPAnd MDCDetect message digest (TestMD)CAnd TestMDCP) According to the decrypted HashFuncttionCID and HashFunctionCPHashFuncti with respectively-identified IDsonCAnd HashFunctionCPBy calculating the hash code on the ASProgramm code data bits plus the TestMDCDigitalSignature ofOPAnd hash code on the same data bit plus TestMDCPDigitalSignature ofCTo produce.
If the Digitalsignature of each ASProgrammCAnd/or DigitalSignatureCPIs not verified (i.e., MD)C≠TestMDCAnd/or MDCP≠TestMDCP) The tag checker 132 returns a failure result to the object class loader 136. The class loader then terminates the class loading process and generates an appropriate message that explains this.
However, if the Digitalsignature of each ASProgrammCAnd DigitalSignatureCPAre all verified (i.e., MD)C=TestMDCAnd MDCP=TestMDCP) The ASPROGRAM executor 124 again calls the tag checker 132 to check the origpoint tag (Digitalsignation) of the ANPROGRAM compiled into ASPROGRAMOP). To verify the origperty digital mark, each DigitalsignatureOPIt is checked in the same manner as described above in connection with the compiled portion of the ANProgram 200.
If each is compiled to the Digitalsignature of the ANprogram of the ASprogramOPAnd when the class loader is verified, the class loader calls an ANProgram integrity checker to verify the integrity of each ANProgram in the object class and the ANProgram compiled into the ASProgram. This is done in the same manner as described above. If the integrity of any of these ANPrograms is not verified, the ANProgram integrity checker sends a failure result back to the class loader, which terminates the class loading process and generates an appropriate message.
However, if the integrity of each ANprogram is verified, the ANprogram integrity checker 126 returns a pass result to the object class loader 136. The class loader then calls the ANProgram executor or the ASProgram executor to execute the appropriate called method.
As can be seen from the foregoing, executerporty guarantees that only those unreliable object classes of the aspprogram that have integrity-verifiable ANProgram and a digital signature of the aspprogram that can be verified in the unreliable holding area 142 will be loaded and have their programs executed.
OTHER EMBODIMENTS
Some of the features of the invention described above are optional and so those skilled in the art will appreciate that other embodiments exist which do not include these features.
For example, the illustrated ANProgram compiler generates a DigitaLsignature for Comparty and ANProgram compilers, respectivelyCPAnd a digitalSignatureC. However, the ANProgram compiler can also be simply constructed to generate only one of these numerical labels that can be verified by the compiler or compiler used to compile the ASProgram.
Similarly, the program executors that have been described require a Digitalsignature checkCPAnd a digitalSignatureC. However, it is also possible to construct a device that requires only one of these digital signatures to be verified and another digital signature contained in the verified ASProgrammIn the case of (2), a program executor that performs selective verification. In addition, it is also possible to construct a program executor that skips a step of checking the integrity of the ANProgram corresponding to each ASProgram, provided that the compiler is assumed to be authentic, and that the compiler has a obligation to check the integrity of each ANProgram compiled into one ASProgram before executing the compilation.
If ExecuterParty is OrigParty, ExecuterParty should be aware that it actually sends the ANProgram 200 to ComParty's server computer 104 to compile it into the ASProgram 300. In this case, it is possible to construct a verification system for digitalSignature in ANProgram without calling a marker checkerOPThe object class loader 136. Furthermore, ExecuterParty simply compares DigitaIlsignatures in native copies of ANProgramsOPDigitalsignature with compiled ASProgramOP. Furthermore, since the integrity of the ANprogram has been verified during pre-processing for the compilation process before being sent to the compilation server computer, it is also possible to construct a class loader that does not invoke the ANprogram integrity checker 126 to check the integrity of the ANprogram corresponding to an invoked ASprogram. In addition, since the integrity of the ANProgram is checked by the ANProgram integrity checker called by the compiler and class loader before the corresponding ASProgram is executed, it is also possible to construct the ANProgram compile preprocessor 128 that does not call the ANProgram integrity checker during the preprocessing process for compilation.
The present invention has been described above with reference to several specific embodiments, which are intended to be exemplary and not limiting. Various modifications may be made thereto by those skilled in the art without departing from the spirit and scope of the invention as defined by the appended claims.
TABLE 1
Pseudo code representing a structure-neutral program pre-processing method for compilation
Procedure:Prepare for Compiling(ANProgram code,OrigParty′s PrivateKey,and  OrigParty′s ID)  {        <!-- SIPO <DP n="14"> -->        <dp n="d14"/>  Verify integrity of ANProgram with ANProgram integtrty verifier  If failed result     {abort and generate failed result message}  Generate MDOP=HashFunctionOP(ANProgram code)  Generate DigitalSignatureOP=Encrypt(MDOP+HashFunctionOP ID,OrigParty′s  PrivateKey)+ClearText(OrigParty′s ID)  Appond DigitalSignatureOP to ANProgram code  Generate message that ANProgram is prepared for compiling  Return  }
TABLE 2
Pseudo code representing the compilation of ANPrograms and the generation of ASPrograms
Procedure:Compile(ANProgram,CompParty′s ID,ASLAngage ID,CompParty′s  PrivateKey,Compiler′s ID,and Compiler′s PrivateKey)  {  Retrieve OrigParty′s PublicKey from trusted dey repository using ClearText  OrigParty′s ID in DigitalSignatureOP  Decrypt(MDOP+HashFunctionOP ID in DigitalSignatureOP,OrigParty′s  PublicKey)  Gencrate TestMDOF=HashFunctionOP(ANProgram code)using  HashFunctionOP identified by decrypted HashFunctionOP ID  Compare decrypted MDOP and TostMDOP  If decrypted MDOP≠TestMDOP  {  /*DigitalSignatureOP of OrigParty not vcrified*/  Generate failed result message  }  Else  {  /*DigitalsignatureOP of OrigParty has been verified*/  Verify integrity of ANProgram with ANProgram integrity verifier        <!-- SIPO <DP n="15"> -->        <dp n="d15"/>  If failed result     {     abort and generate failed result message     }  Else     {     /*ANProgram has been verified*/     Compile ANProgram code into ASLanguage identified by      ASLanguage ID to generate ASProgram code     Generate MDC=HashFunctionCS(ASProgram code+DigitalSignatureOP)     Generate DigitalSignatureC=Encrypt(MDC+HashFunctionC ID,     ANProgrom Compiler′s PrivateKey)+ClearText     ANProgram Compiler′s ID     Generate MDCP=HashFunctionCP(ASProgram code+     DigitalSignatureOP+DigitalSignatureC)     Generate DigitalSignatureCP=Encrypt(MDCP+HashFunctionCP     ID,CompParty′s PrivateKey)+ClearText CompParty′s ID     Generate and Return File or Object containing:       ANProgram Code,       DigitalSignatureOP,       ASProgram Code,       DigitalSignatureC,and       DigitalSignatureCP     /*ASProgram has been compiled and generated*/     }    }  }
TABLE 3
Pseudo code representing execution method of program of specific structure
Procedure:Execute(ObjectClass,Program)  {        <!-- SIPO <DP n="16"> -->        <dp n="d16"/>  If the Program is a verifiable program  {Execute Program using the Bytecode Interpreter}  Else  {Execute Program using the compiled program executer}  }Procedure:ClassLoad(Objectclass,Program)  {  If Object Class has already been loaded into ExecuterParty′s address space   {   Call Execute(ObjectClass,Program)   Return   }   /*The Object Class has not been loaded*/   Load Object Class into ExecuterParty′s address space   IF Object Class was loaded from Trusted Object Class Repository   {   Call Execute(ObjectClass,Program)   Return   }  /*Object Class was loaded from Untrusted Object Class Repository*/  If Object Class does not contain any ASPrograms designated as    native_ASPrograms in Object Header of Object    {    Verify integrity of all ANPrograms of Object Class with ANProgramintegrity verifier  If failed result     {      Abort with appropriate failed result message      }  Else      /*Integrity of all ANPrograms of Object Class have been verified*/        <!-- SIPO <DP n="17"> -->        <dp n="d17"/>    {Call Execute(ObjectClass,Program)}  Return  }  /*Object Class does contain ASPrograms designated as native_ASProgramsin Object Header if Object*/  If any ASProgram doe not contain a DigitalSignatureCP and aDigitalSignatureC  {  /*Compiling Party and Complier of every ASProgran cannot be verified*/  Generate appropriate message  Return  }  For each ASProgram in Object Class:  {Determine identity of CompParty and Compiler and determine  ASLanguage used by ASProgram}  If identity of CompParty for any ASProgram is not a known,trusted,Compiling Party,or thd identity of Compiler is not a known,trusted Compiler,orthe identified ASLanguage is not one used by the ASProgram Executer  {  generate appropriate message  Return  }  For each ASProgram in Object Class:  {  Retrieve CompParty′s PublicKey from trusted key repository usingClearText CompParty′s ID in DigitalSignatureCP  Decrypt(MDCP+HashFunctionCP ID in DigitalSignatureCP,CompParty′s     PublicKey)  Generate TestMDCP=HashFunctionCP(ASProgram code+DigitalSignatureOP  +DigitalSignatureC in ASProgram)using HashFunctionCP identified by     decrypted HashFunctionCP ID        <!-- SIPO <DP n="18"> -->        <dp n="d18"/>  Compare decrypted MDCP and TestMDCP  }  If decrypted MDCP≠TestMDCP for any ASProgram  {  /*DigitalSignatureCP for every ASProgram has not been verified*/  Generate appropriate failed result message  Return  }  /*DigitalSignatureCP for every ASProgram has been verified*/  For each ASProgram in Object Class:  {  Retrieve ANProgram CompParty′s PublicKey from trusted key repository    using ClearText ANProgram CompParty′s ID in DigitalSignatureC  Decrypt(MDC+HashFunctionC ID in DigitalSignatureC,ANProgram    CompParty′s PublicKey)  Generate TestMDC=HashFunctionC(ASProgram code+DigitalSignatureOP)    using HashFunctionC identified by decrypted HashFunctionC ID  Compare decrypted MDC and TestMDC  }  If decrypted MDC≠TestMDC for any ASProgram  {  /*DigitalSignatureC for every ASProgram in Object Class has not been  verified*/  Generate appropriate failed result message  Return  }  /*DigitalSignatureC for every ASProgram in Object Class has been verified*/  For each ASProgram from which an  ASProgram in Object Class wascompiled:  {        <!-- SIPO <DP n="19"> -->        <dp n="d19"/>  Retrieve CompParty′s PublicKey from trusted key repository usingClearText CompParty′s ID in DigitalSignatureOP  Decrypt(MDOP+HashFunctionOP ID in DigitalSignatureOP,CompParty′s  PublicKey)  Generate TestMDOP=HashFunctionOP(ASProgram code)using  HashFunctionOP identified by decrypted HashFunctionOP ID  Compare decrypted MDOP and TestMDOP  }  If decrypted MDOP≠TestMDOP for any ANProgram  {  /*DigitalSignatureOP for every ANProgram from which an ASProgram in  Object Class was Compiled not verified*/  Generate failed result message  Return  }  /*The DigitalSignatureOP in every ASProgram in Object Class is verified*/  Verify integrity of ANPrograms in Object class and ANPrograms from which  ASPrograms in Object Class were compiled with ANProgram integrity    verifier  If failed result  {  Generate failed result message  Return  }  /*Integrity of all ANPrograms in Object class and all ANPrograms fromwhich ASPrograms in Object Class were compiled have been verified*/  Call Execute(ObjectClass,Program)  }

Claims (12)

1. A computer system for facilitating execution of a verifiable program using a non-verifiable program from a trusted source, the computer system comprising a computer, the computer comprising:
a program integrity checker which checks whether a program written in the neutral structure language satisfies a predetermined program integrity criterion;
a digital mark checker that checks a digital mark of a program source side included in the program;
an unreliable object class holding area which stores the unreliable object class;
a reliable object class storage area which stores reliable object classes;
each of the object classes includes at least one program, each program containing a program selected from a group of programs including (a) a neutral structure program written in a neutral structure language and (B) a specific structure program written in a specific structure language whose integrity cannot be checked by an integrity checker;
a special structure program executor;
a neutral structure program executor;
a user address space; and
a class loader for loading a particular object class into user address space for execution when requested to execute any program in said object class, said class loader comprising program security logic for preventing loading of any requested object class that includes at least one structure-specific program and that is not in said secured object class holding area unless each structure-specific program in said requested object class includes a digital signature and said digital signature is successfully verified by said digital signature verifier.
2. The computer system for facilitating execution of a verifiable program utilizing a non-verifiable program from a trusted source as recited in claim 1, said class loader comprising verifier logic for invoking said program integrity verifier to verify each neutral structure program in a requested object class when said requested object class is not stored in said trusted object class holding area and includes at least one neutral structure program;
the program security logic further prevents loading of any requested object classes not in the reliable object class save area when the requested object classes include at least one neutral structure program whose integrity is not verified by the program integrity checker.
3. The computer system for facilitating execution of a verifiable program utilizing a non-verifiable program from a trustworthy source as recited in claim 1,
each of said digital tokens associated with said architecture-specific program including a tagger identifier and an encrypted message, said encrypted message including an architecture-specific program message digest generated using a message digest function, wherein said encrypted message has been encrypted using a private key associated with said identification compilation; and
the digital signature verifier includes logic for preprocessing a particular digital signature by obtaining a public key associated with a compiler identified by the tagger identifier, decrypting an encrypted message of the digital signature using the public key to generate a decrypted message digest, generating a test message by performing the message digest function on a particular configuration program associated with the digital signature, comparing the test message digest with the decrypted message digest, and signaling a failure if the decrypted message digest does not match the test message digest.
4. The computer system for facilitating execution of a verifiable program utilizing a non-verifiable program from a trustworthy source as recited in claim 1,
the program security logic also prevents loading of any requested object classes that include at least one structure-specific program that are not in the secured object class holding area unless each structure-specific program in the requested object class includes two digital tokens and the digital tokens are verified against each other by the digital token verifier.
Each of said digital tokens associated with one of said architecture-specific programs including a token party identifier and an encrypted message, said encrypted message including a message generated by a predetermined process, wherein said encrypted message has been encrypted using a private key associated with said identified compiler;
the digital signature verifier includes logic for preprocessing a particular digital signature by obtaining a public key associated with a compiler identified by the tagger identifier, decrypting an encrypted message of the digital signature using the public key to produce a decrypted message digest, producing a detected message digest by performing the predetermined process on a particular configuration program associated with the digital signature, comparing the detected message digest with the decrypted message digest, and signaling a failure if the decrypted message digest does not match the detected message digest; and
the program security logic is operable to prevent loading of the requested object class that is not in the secured object class holding area unless each structure-specific program in the requested object class includes a first numeric token to indicate that the compiler belongs to a first set of trustees and a second numeric token to indicate that the compiler belongs to a second set of trustees.
5. The computer system for facilitating execution of a verifiable program utilizing a non-verifiable program from a trustworthy source as recited in claim 1,
the program security logic is operable to prevent loading of requested object classes that are not in the reliable object class holding area unless each structure-specific program in the requested object class includes a message digest for an associated structure-neutral program and the message digest matches a detected message digest generated by the program security logic by performing a predetermined message digest process on the associated structure-neutral program.
6. A method for facilitating execution of a verifiable program in a computer system using a non-verifiable program from a trusted source, the method comprising the steps of:
storing the unreliable object class in an unreliable object class save area;
storing the reliable object class in a reliable object class storage area;
each of the object classes includes at least one program, each program containing a program selected from a group of programs including (a) a neutral structure program written in a neutral structure language and (B) a specific structure program written in a specific structure language whose integrity cannot be checked by the integrity checker;
loading the requested object class into the user address space for execution when any program in the requested object class is requested to be executed unless the loading of the requested object class is prohibited by a breach of security, including preventing loading of any requested object class that includes at least one structure-specific program that is not in the secured object class holding area unless each structure-specific program in the requested object class includes a digital signature and the digital signature is successfully verified by the digital signature verifier.
7. The method for facilitating execution of a verifiable program in a computer system utilizing a non-verifiable program from a reliable source as recited in claim 6, said object class loading step comprising (a) checking the integrity of each neutral structure program in the requested object class when the requested object class is not stored in said reliable object class holding area and includes at least one neutral structure program, and (B) preventing loading of the requested object class when the requested object class includes at least one neutral structure program whose integrity is not checked, unless the requested object class is in said reliable object class holding area.
8. The method for facilitating execution of a verifiable program in a computer system utilizing a non-verifiable program from a trustworthy source as recited in claim 6,
each of said digital tokens associated with one of said architected programs including a tagger identifier and an encrypted message including an architected program's message digest generated using a message digest function, wherein said encrypted message has been encrypted using a private key associated with said identified compiler; and
the object class loading step comprises: preprocessing a particular digital token by obtaining a public key associated with a compiler identified by the tagger identifier, decrypting the digitally signed encrypted message using the public key to produce a decrypted message digest, generating a test message by performing the message digest function on a specific configuration program associated with the digital token, comparing the test message digest and the decrypted message digest, and signaling a failure if the decrypted message digest does not match the test message digest.
9. The method for facilitating execution of a verifiable program in a computer system utilizing a non-verifiable program from a trustworthy source as recited in claim 6,
the object class loading step comprises preventing loading of any requested object classes that include at least one structure-specific program that are not in the reliable object class save area unless each structure-specific program includes two digital tokens in the requested object class and the digital tokens are successfully verified by the digital token verifier.
Each of said digital tokens associated with a particular said architectural program including a token party identifier and an encrypted message, said encrypted message including a message generated by a predetermined process, wherein said encrypted message has been encrypted using a private key associated with said identifying compiler;
the object class loading step comprises: preprocessing a particular digital token by obtaining a public key associated with a compiler identified by the tagger identifier, decrypting the digitally signed encrypted message using the public key to produce a decrypted message digest, producing a detected message digest by performing the predetermined process on a particular configuration program associated with the digital token, comparing the detected message digest with the decrypted message digest, and signaling a failure if the decrypted message digest does not match the detected message digest; and
the object class loading step further comprises: the loading of requested object classes not in said secured object class holding area is prevented unless each constructor in the requested object class includes a first numeric indicator for indicating that the compiler belongs to a first group of trusted parties and a second numeric indicator for indicating that the compiler belongs to a second group of trusted parties.
10. The method for facilitating execution of a verifiable program in a computer system utilizing a non-verifiable program from a trustworthy source as recited in claim 6,
the object class loading step comprises: the loading of requested object classes that are not in the reliable object class save area is prevented unless each architected program in the requested object class includes a message digest for an associated architecture-neutral program, and the message digest matches a detected message digest generated by the program security logic performing a predetermined message digest process on the associated architecture-neutral program.
11. A memory for storing a data program for execution in a data preprocessing system, the memory comprising an operating system, a network communication manager, a neutral structure program compilation preprocessor, a token generator, a compiler dialect checker, and a list of reliable compilers and reliable compilers, the memory further comprising:
a program integrity checker which checks that a program written in a neutral structure language satisfies a predetermined program integrity criterion;
a digital mark checker that checks a digital mark on the source program side included in the program;
an unreliable object class holding area which stores the unreliable object class;
a reliable object class storage area which stores reliable object classes;
each of the object classes includes at least one program, each program containing a program selected from a group of programs including (a) a neutral structure program written in a neutral structure language and (B) a specific structure program written in a specific structure language whose integrity cannot be checked by the integrity checker;
a special structure program executor;
a neutral structure program executor;
a user address space; and
a class loader for loading a particular object class into user address space for execution when requested to execute any program in said object class, said class loader comprising program security instructions for preventing loading of any requested object class that includes at least one structure-specific program and that is not in said secured object class holding area unless each structure-specific program in said requested object class includes a digital signature and said digital signature is successfully verified by said digital signature verifier.
12. The memory of claim 11, the class loader comprising checker instructions for invoking the program integrity checker to check each neutral structure program in the requested object class when the requested object class is not stored in the reliable object class save area and includes at least one neutral structure program;
the program security instructions further prevent loading of any requested object classes not in the reliable object class save area, the requested object classes including at least one neutral structure program whose integrity is not verified by the program integrity checker.
HK97102468A 1995-12-08 1997-12-17 System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources HK1000846A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US569,398 1990-08-17
US08/569,398 US5692047A (en) 1995-12-08 1995-12-08 System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources

Publications (2)

Publication Number Publication Date
HK1000846B true HK1000846B (en) 2003-04-11
HK1000846A1 HK1000846A1 (en) 2003-04-11

Family

ID=24275287

Family Applications (1)

Application Number Title Priority Date Filing Date
HK97102468A HK1000846A1 (en) 1995-12-08 1997-12-17 System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources

Country Status (11)

Country Link
US (2) US5692047A (en)
EP (1) EP0778520B1 (en)
JP (1) JP4112033B2 (en)
KR (1) KR100433319B1 (en)
CN (1) CN1097771C (en)
AU (1) AU717615B2 (en)
CA (1) CA2190556A1 (en)
DE (1) DE69634684T2 (en)
HK (1) HK1000846A1 (en)
SG (1) SG75108A1 (en)
TW (1) TW355768B (en)

Families Citing this family (254)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10361802B1 (en) 1999-02-01 2019-07-23 Blanding Hovenweep, Llc Adaptive pattern recognition based control system and method
US7743248B2 (en) * 1995-01-17 2010-06-22 Eoriginal, Inc. System and method for a remote access service enabling trust and interoperability when retrieving certificate status from multiple certification authority reporting components
US7162635B2 (en) * 1995-01-17 2007-01-09 Eoriginal, Inc. System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents
US6237096B1 (en) * 1995-01-17 2001-05-22 Eoriginal Inc. System and method for electronic transmission storage and retrieval of authenticated documents
US7124302B2 (en) 1995-02-13 2006-10-17 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US7095854B1 (en) 1995-02-13 2006-08-22 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US6157721A (en) * 1996-08-12 2000-12-05 Intertrust Technologies Corp. Systems and methods using cryptography to protect secure computing environments
US7069451B1 (en) 1995-02-13 2006-06-27 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
US5943422A (en) 1996-08-12 1999-08-24 Intertrust Technologies Corp. Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels
US6948070B1 (en) 1995-02-13 2005-09-20 Intertrust Technologies Corporation Systems and methods for secure transaction management and electronic rights protection
US7165174B1 (en) 1995-02-13 2007-01-16 Intertrust Technologies Corp. Trusted infrastructure support systems, methods and techniques for secure electronic commerce transaction and rights management
US7133845B1 (en) 1995-02-13 2006-11-07 Intertrust Technologies Corp. System and methods for secure transaction management and electronic rights protection
US6658568B1 (en) 1995-02-13 2003-12-02 Intertrust Technologies Corporation Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management
US20120166807A1 (en) 1996-08-12 2012-06-28 Intertrust Technologies Corp. Systems and Methods Using Cryptography to Protect Secure Computing Environments
US7133846B1 (en) 1995-02-13 2006-11-07 Intertrust Technologies Corp. Digital certificate support system, methods and techniques for secure electronic commerce transaction and rights management
US7143290B1 (en) 1995-02-13 2006-11-28 Intertrust Technologies Corporation Trusted and secure techniques, systems and methods for item delivery and execution
US5892900A (en) 1996-08-30 1999-04-06 Intertrust Technologies Corp. Systems and methods for secure transaction management and electronic rights protection
ATE441897T1 (en) 1995-02-13 2009-09-15 Intertrust Tech Corp SYSTEMS AND METHODS FOR MANAGING SECURED TRANSACTIONS AND PROTECTING ELECTRONIC RIGHTS
EP0846297A4 (en) * 1995-05-30 2002-07-31 Corp For Nat Res Initiatives DISTRIBUTED TASK VERSION SYSTEM
FR2742245B1 (en) * 1995-12-08 1998-01-23 Transtar METHOD FOR HANDLING DATA MODELS USED IN SOFTWARE ENGINEERING
US5692047A (en) * 1995-12-08 1997-11-25 Sun Microsystems, Inc. System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources
US6075863A (en) * 1996-02-28 2000-06-13 Encanto Networks Intelligent communication device
US6421704B1 (en) 1998-03-20 2002-07-16 Sun Microsystems, Inc. Method, apparatus, and product for leasing of group membership in a distributed system
US6463446B1 (en) 1998-02-26 2002-10-08 Sun Microsystems, Inc. Method and apparatus for transporting behavior in an event-based distributed system
US6938263B2 (en) 1996-04-23 2005-08-30 Sun Microsystems, Inc. System and method for facilitating dynamic loading of “stub” information to enable a program operating in one address space to invoke processing of a remote method or procedure in another address space
US6578044B1 (en) 1997-11-17 2003-06-10 Sun Microsystems, Inc. Method and system for typesafe attribute matching
US6138238A (en) 1997-12-11 2000-10-24 Sun Microsystems, Inc. Stack-based access control using code and executor identifiers
US6832223B1 (en) 1996-04-23 2004-12-14 Sun Microsystems, Inc. Method and system for facilitating access to a lookup service
US6393497B1 (en) 1998-03-20 2002-05-21 Sun Microsystems, Inc. Downloadable smart proxies for performing processing associated with a remote procedure call in a distributed system
US6466947B2 (en) 1998-03-20 2002-10-15 Sun Microsystems, Inc. Apparatus and method for dynamically verifying information in a distributed system
US6438614B2 (en) 1998-02-26 2002-08-20 Sun Microsystems, Inc. Polymorphic token based control
US6247026B1 (en) 1996-10-11 2001-06-12 Sun Microsystems, Inc. Method, apparatus, and product for leasing of delegation certificates in a distributed system
US6282652B1 (en) 1998-02-26 2001-08-28 Sun Microsystems, Inc. System for separately designating security requirements for methods invoked on a computer
US6487607B1 (en) 1998-02-26 2002-11-26 Sun Microsystems, Inc. Methods and apparatus for remote method invocation
US6598094B1 (en) 1998-03-20 2003-07-22 Sun Microsystems, Inc. Method and apparatus for determining status of remote objects in a distributed system
US6560656B1 (en) 1998-02-26 2003-05-06 Sun Microsystems, Inc. Apparatus and method for providing downloadable code for use in communicating with a device in a distributed system
US6446070B1 (en) 1998-02-26 2002-09-03 Sun Microsystems, Inc. Method and apparatus for dynamic distributed computing over a network
US6185611B1 (en) 1998-03-20 2001-02-06 Sun Microsystem, Inc. Dynamic lookup service in a distributed system
US6237024B1 (en) 1998-03-20 2001-05-22 Sun Microsystem, Inc. Method and apparatus for the suspension and continuation of remote processes
US5978484A (en) * 1996-04-25 1999-11-02 Microsoft Corporation System and method for safety distributing executable objects
US5794049A (en) * 1996-06-05 1998-08-11 Sun Microsystems, Inc. Computer system and method for executing architecture specific code with reduced run-time memory space requirements
US6161121A (en) * 1996-07-01 2000-12-12 Sun Microsystems, Inc. Generic transfer of exclusive rights
US5987123A (en) * 1996-07-03 1999-11-16 Sun Microsystems, Incorporated Secure file system
AU2004240210B2 (en) * 1996-08-12 2008-03-06 Intertrust Technologies Corporation Systems and methods using cryptography to protect secure computing environments
AU2003203649B2 (en) * 1996-08-12 2006-03-02 Intertrust Technologies Corporation Systems and methods using cryptography to protect secure computing environments
US7590853B1 (en) * 1996-08-12 2009-09-15 Intertrust Technologies Corporation Systems and methods using cryptography to protect secure computing environments
US6089460A (en) * 1996-09-13 2000-07-18 Nippon Steel Corporation Semiconductor device with security protection function, ciphering and deciphering method thereof, and storage medium for storing software therefor
US6857099B1 (en) 1996-09-18 2005-02-15 Nippon Steel Corporation Multilevel semiconductor memory, write/read method thereto/therefrom and storage medium storing write/read program
US5958050A (en) * 1996-09-24 1999-09-28 Electric Communities Trusted delegation system
US6728737B2 (en) 1996-10-11 2004-04-27 Sun Microsystems, Inc. Method and system for leasing storage
US5832529A (en) 1996-10-11 1998-11-03 Sun Microsystems, Inc. Methods, apparatus, and product for distributed garbage collection
US6237009B1 (en) 1996-10-11 2001-05-22 Sun Microsystems, Inc. Lease renewal service
US5944823A (en) * 1996-10-21 1999-08-31 International Business Machines Corporations Outside access to computer resources through a firewall
US7058822B2 (en) 2000-03-30 2006-06-06 Finjan Software, Ltd. Malicious mobile code runtime monitoring system and methods
US8079086B1 (en) 1997-11-06 2011-12-13 Finjan, Inc. Malicious mobile code runtime monitoring system and methods
US9219755B2 (en) 1996-11-08 2015-12-22 Finjan, Inc. Malicious mobile code runtime monitoring system and methods
US7613926B2 (en) * 1997-11-06 2009-11-03 Finjan Software, Ltd Method and system for protecting a computer and a network from hostile downloadables
US6154844A (en) * 1996-11-08 2000-11-28 Finjan Software, Ltd. System and method for attaching a downloadable security profile to a downloadable
US6167520A (en) * 1996-11-08 2000-12-26 Finjan Software, Inc. System and method for protecting a client during runtime from hostile downloadables
US5937193A (en) * 1996-11-27 1999-08-10 Vlsi Technology, Inc. Circuit arrangement for translating platform-independent instructions for execution on a hardware platform and method thereof
US6367012B1 (en) * 1996-12-06 2002-04-02 Microsoft Corporation Embedding certifications in executable files for network transmission
US6148401A (en) * 1997-02-05 2000-11-14 At&T Corp. System and method for providing assurance to a host that a piece of software possesses a particular property
US7062500B1 (en) 1997-02-25 2006-06-13 Intertrust Technologies Corp. Techniques for defining, using and manipulating rights management data structures
US5915085A (en) * 1997-02-28 1999-06-22 International Business Machines Corporation Multiple resource or security contexts in a multithreaded application
US5905895A (en) * 1997-03-07 1999-05-18 International Business Machines Corporation Method and system for optimizing non-native bytecodes before bytecode interpretation
US5946493A (en) * 1997-03-28 1999-08-31 International Business Machines Corporation Method and system in a data processing system for association of source code instructions with an optimized listing of object code instructions
US6167522A (en) * 1997-04-01 2000-12-26 Sun Microsystems, Inc. Method and apparatus for providing security for servers executing application programs received via a network
US6381698B1 (en) 1997-05-21 2002-04-30 At&T Corp System and method for providing assurance to a host that a piece of software possesses a particular property
ATE246820T1 (en) * 1997-05-29 2003-08-15 Sun Microsystems Inc METHOD AND DEVICE FOR SEALING AND SIGNATING OBJECTS
US6175924B1 (en) * 1997-06-20 2001-01-16 International Business Machines Corp. Method and apparatus for protecting application data in secure storage areas
US6065046A (en) * 1997-07-29 2000-05-16 Catharon Productions, Inc. Computerized system and associated method of optimally controlled storage and transfer of computer programs on a computer network
US5970252A (en) * 1997-08-12 1999-10-19 International Business Machines Corporation Method and apparatus for loading components in a component system
US5978579A (en) * 1997-08-12 1999-11-02 International Business Machines Corporation Architecture for customizable component system
US6195794B1 (en) 1997-08-12 2001-02-27 International Business Machines Corporation Method and apparatus for distributing templates in a component system
US6182279B1 (en) 1997-08-12 2001-01-30 International Business Machines Corporation Method and apparatus for storing templates in a component system
US6093215A (en) * 1997-08-12 2000-07-25 International Business Machines Corporation Method and apparatus for building templates in a component system
US6009524A (en) * 1997-08-29 1999-12-28 Compact Computer Corp Method for the secure remote flashing of a BIOS memory
US6397331B1 (en) * 1997-09-16 2002-05-28 Safenet, Inc. Method for expanding secure kernel program memory
US6185678B1 (en) * 1997-10-02 2001-02-06 Trustees Of The University Of Pennsylvania Secure and reliable bootstrap architecture
US6957427B1 (en) 1997-10-15 2005-10-18 Sun Microsystems, Inc. Remote object activation in a distributed system
US6128774A (en) * 1997-10-28 2000-10-03 Necula; George C. Safe to execute verification of software
US7092914B1 (en) 1997-11-06 2006-08-15 Intertrust Technologies Corporation Methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information
US7975305B2 (en) * 1997-11-06 2011-07-05 Finjan, Inc. Method and system for adaptive rule-based content scanners for desktop computers
US7418731B2 (en) * 1997-11-06 2008-08-26 Finjan Software, Ltd. Method and system for caching at secure gateways
US8225408B2 (en) * 1997-11-06 2012-07-17 Finjan, Inc. Method and system for adaptive rule-based content scanners
IL122314A (en) 1997-11-27 2001-03-19 Security 7 Software Ltd Method and system for enforcing a communication security policy
US6334189B1 (en) * 1997-12-05 2001-12-25 Jamama, Llc Use of pseudocode to protect software from unauthorized use
US6044467A (en) * 1997-12-11 2000-03-28 Sun Microsystems, Inc. Secure class resolution, loading and definition
US6418444B1 (en) 1997-12-11 2002-07-09 Sun Microsystems, Inc. Method and apparatus for selective excution of a computer program
US6510516B1 (en) 1998-01-16 2003-01-21 Macrovision Corporation System and method for authenticating peer components
US7268700B1 (en) 1998-01-27 2007-09-11 Hoffberg Steven M Mobile communication device
US6604127B2 (en) 1998-03-20 2003-08-05 Brian T. Murphy Dynamic lookup service in distributed system
JP2002505491A (en) * 1998-02-26 2002-02-19 サンマイクロシステムズ インコーポレーテッド Apparatus and method for dynamic information certification in a distributed system
WO1999044133A2 (en) 1998-02-26 1999-09-02 Sun Microsystems, Inc. Method and system for deterministic hashes to identify remote methods
AU3003399A (en) * 1998-03-13 1999-09-27 2Way Corporation Method and apparatus for publishing documents in a protected environment
US5999732A (en) * 1998-03-23 1999-12-07 Sun Microsystems, Inc. Techniques for reducing the cost of dynamic class initialization checks in compiled code
US6684332B1 (en) 1998-06-10 2004-01-27 International Business Machines Corporation Method and system for the exchange of digitally signed objects over an insecure network
AU4568299A (en) * 1998-06-15 2000-01-05 Dmw Worldwide, Inc. Method and apparatus for assessing the security of a computer system
US6131165A (en) * 1998-06-18 2000-10-10 Sun Microsystems, Inc. Permit for controlling access to services in protected memory systems
US6792606B2 (en) 1998-07-17 2004-09-14 International Business Machines Corporation Method and apparatus for object persistence
US6223287B1 (en) 1998-07-24 2001-04-24 International Business Machines Corporation Method for establishing a secured communication channel over the internet
US6735696B1 (en) * 1998-08-14 2004-05-11 Intel Corporation Digital content protection using a secure booting method and apparatus
US6202201B1 (en) 1998-09-23 2001-03-13 Netcreate Systems, Inc. Text object compilation method and system
US6154842A (en) * 1998-10-13 2000-11-28 Motorola, Inc. Method and system for reducing time and power requirements for executing computer-readable instruction streams in an execution environment having run-time security constraints
US6802006B1 (en) * 1999-01-15 2004-10-05 Macrovision Corporation System and method of verifying the authenticity of dynamically connectable executable images
US6880155B2 (en) 1999-02-02 2005-04-12 Sun Microsystems, Inc. Token-based linking
WO2000059239A1 (en) * 1999-03-31 2000-10-05 Telefonaktiebolaget Lm Ericsson (Publ) Distribution of service execution environments with respect to a centralized service supplier environment
AU4071500A (en) * 1999-04-05 2000-10-23 Manage Com Management agent and system including the same
US6901518B1 (en) 1999-04-08 2005-05-31 Sun Microsystems, Inc. Method and system for establishing trust in downloaded proxy code
US6748580B1 (en) 1999-04-22 2004-06-08 International Business Machines Corporation Method and apparatus for creating software tools using a JTML interface
US6782478B1 (en) * 1999-04-28 2004-08-24 Thomas Probert Techniques for encoding information in computer code
US7421586B2 (en) * 1999-05-12 2008-09-02 Fraunhofer Gesselschaft Protecting mobile code against malicious hosts
AU4674300A (en) * 1999-05-25 2000-12-12 Motorola, Inc. Pre-verification of applications in mobile computing
US6877163B1 (en) 1999-06-14 2005-04-05 Sun Microsystems, Inc. Method and system for dynamic proxy classes
US6681329B1 (en) * 1999-06-25 2004-01-20 International Business Machines Corporation Integrity checking of a relocated executable module loaded within memory
US6658567B1 (en) 1999-06-25 2003-12-02 Geomechanics International, Inc. Method and logic for locking geological data and an analyzer program that analyzes the geological data
US7650504B2 (en) * 1999-07-22 2010-01-19 Macrovision Corporation System and method of verifying the authenticity of dynamically connectable executable images
US7243236B1 (en) * 1999-07-29 2007-07-10 Intertrust Technologies Corp. Systems and methods for using cryptography to protect secure and insecure computing environments
US7430670B1 (en) 1999-07-29 2008-09-30 Intertrust Technologies Corp. Software self-defense systems and methods
US6950867B1 (en) * 1999-07-30 2005-09-27 Intertrust Technologies Corp. System and method for managing transaction record delivery using an acknowledgement-monitoring process and a failure-recovery process with modifying the predefined fault condition
US6675298B1 (en) * 1999-08-18 2004-01-06 Sun Microsystems, Inc. Execution of instructions using op code lengths longer than standard op code lengths to encode data
US7406603B1 (en) 1999-08-31 2008-07-29 Intertrust Technologies Corp. Data protection systems and methods
KR100682290B1 (en) * 1999-09-07 2007-02-15 소니 가부시끼 가이샤 Content management systems, devices, methods, and program storage media
US6985885B1 (en) * 1999-09-21 2006-01-10 Intertrust Technologies Corp. Systems and methods for pricing and selling digital goods
US6684387B1 (en) 1999-09-23 2004-01-27 International Business Machines Corporation Method and apparatus for verifying Enterprise Java Beans
US6748538B1 (en) * 1999-11-03 2004-06-08 Intel Corporation Integrity scanner
US7158993B1 (en) 1999-11-12 2007-01-02 Sun Microsystems, Inc. API representation enabling submerged hierarchy
US6976258B1 (en) 1999-11-30 2005-12-13 Ensim Corporation Providing quality of service guarantees to virtual hosts
FI111567B (en) * 1999-12-27 2003-08-15 Nokia Corp Procedure for loading the program module
JP2001195247A (en) * 2000-01-07 2001-07-19 Nec Corp System and method for verifying and guaranteeing safety of software
US6711607B1 (en) 2000-02-04 2004-03-23 Ensim Corporation Dynamic scheduling of task streams in a multiple-resource system to ensure task stream quality of service
US6529985B1 (en) 2000-02-04 2003-03-04 Ensim Corporation Selective interception of system calls
US6560613B1 (en) 2000-02-08 2003-05-06 Ensim Corporation Disambiguating file descriptors
US6754716B1 (en) 2000-02-11 2004-06-22 Ensim Corporation Restricting communication between network devices on a common network
US7343421B1 (en) 2000-02-14 2008-03-11 Digital Asset Enterprises Llc Restricting communication of selected processes to a set of specific network addresses
US6745386B1 (en) * 2000-03-09 2004-06-01 Sun Microsystems, Inc. System and method for preloading classes in a data processing device that does not have a virtual memory manager
US6948003B1 (en) 2000-03-15 2005-09-20 Ensim Corporation Enabling a service provider to provide intranet services
US6986132B1 (en) 2000-04-28 2006-01-10 Sun Microsytems, Inc. Remote incremental program binary compatibility verification using API definitions
US6883163B1 (en) 2000-04-28 2005-04-19 Sun Microsystems, Inc. Populating resource-constrained devices with content verified using API definitions
US6651186B1 (en) 2000-04-28 2003-11-18 Sun Microsystems, Inc. Remote incremental program verification using API definitions
US6868447B1 (en) 2000-05-09 2005-03-15 Sun Microsystems, Inc. Mechanism and apparatus for returning results of services in a distributed computing environment
US7395333B1 (en) 2000-05-09 2008-07-01 Sun Microsystems, Inc. Method and apparatus to obtain negotiated service advertisement
US7200848B1 (en) 2000-05-09 2007-04-03 Sun Microsystems, Inc. Migrating processes using data representation language representations of the processes in a distributed computing environment
US6850979B1 (en) 2000-05-09 2005-02-01 Sun Microsystems, Inc. Message gates in a distributed computing environment
US6973493B1 (en) 2000-05-09 2005-12-06 Sun Microsystems, Inc. Mechanism and apparatus for security of newly spawned repository spaces in a distributed computing environment
US7010573B1 (en) 2000-05-09 2006-03-07 Sun Microsystems, Inc. Message gates using a shared transport in a distributed computing environment
US7080078B1 (en) 2000-05-09 2006-07-18 Sun Microsystems, Inc. Mechanism and apparatus for URI-addressable repositories of service advertisements and other content in a distributed computing environment
US7016966B1 (en) 2000-05-09 2006-03-21 Sun Microsystems, Inc. Generating results gates in a distributed computing environment
US7243356B1 (en) 2000-05-09 2007-07-10 Sun Microsystems, Inc. Remote method invocation with secure messaging in a distributed computing environment
US7188251B1 (en) 2000-05-09 2007-03-06 Sun Microsystems, Inc. System and method for secure message-based leasing of resources in a distributed computing environment
US6898618B1 (en) 2000-05-09 2005-05-24 Sun Microsystems, Inc. Client-specified display services in a distributed computing environment
US6862594B1 (en) 2000-05-09 2005-03-01 Sun Microsystems, Inc. Method and apparatus to discover services using flexible search criteria
US6917976B1 (en) 2000-05-09 2005-07-12 Sun Microsystems, Inc. Message-based leasing of resources in a distributed computing environment
US6918084B1 (en) 2000-05-09 2005-07-12 Sun Microsystems, Inc. Spawning new repository spaces using information provided in advertisement schema messages
US8082491B1 (en) 2000-05-09 2011-12-20 Oracle America, Inc. Dynamic displays in a distributed computing environment
US7577834B1 (en) 2000-05-09 2009-08-18 Sun Microsystems, Inc. Message authentication using message gates in a distributed computing environment
US6970869B1 (en) 2000-05-09 2005-11-29 Sun Microsystems, Inc. Method and apparatus to discover services and negotiate capabilities
US7072967B1 (en) 2000-05-09 2006-07-04 Sun Microsystems, Inc. Efficient construction of message endpoints
US7370091B1 (en) 2000-05-09 2008-05-06 Sun Microsystems, Inc. Method and apparatus for obtaining space advertisements
US6950875B1 (en) 2000-05-09 2005-09-27 Sun Microsystems, Inc. Message conductors in a distributed computing environment
US7260543B1 (en) 2000-05-09 2007-08-21 Sun Microsystems, Inc. Automatic lease renewal with message gates in a distributed computing environment
US7065574B1 (en) 2000-05-09 2006-06-20 Sun Microsystems, Inc. Messaging system using pairs of message gates in a distributed computing environment
US6985937B1 (en) 2000-05-11 2006-01-10 Ensim Corporation Dynamically modifying the resources of a virtual server
US6907421B1 (en) 2000-05-16 2005-06-14 Ensim Corporation Regulating file access rates according to file type
US6760815B1 (en) 2000-06-02 2004-07-06 Sun Microsystems, Inc. Caching mechanism for a virtual heap
US6934755B1 (en) 2000-06-02 2005-08-23 Sun Microsystems, Inc. System and method for migrating processes on a network
US6957237B1 (en) 2000-06-02 2005-10-18 Sun Microsystems, Inc. Database store for a virtual heap
US6941410B1 (en) 2000-06-02 2005-09-06 Sun Microsystems, Inc. Virtual heap for a virtual machine
US6865657B1 (en) 2000-06-02 2005-03-08 Sun Microsystems, Inc. Garbage collector for a virtual heap
US6922782B1 (en) * 2000-06-15 2005-07-26 International Business Machines Corporation Apparatus and method for ensuring data integrity of unauthenticated code
US7124408B1 (en) * 2000-06-28 2006-10-17 Microsoft Corporation Binding by hash
US7117371B1 (en) 2000-06-28 2006-10-03 Microsoft Corporation Shared names
AU7182701A (en) 2000-07-06 2002-01-21 David Paul Felsher Information record infrastructure, system and method
US7143024B1 (en) 2000-07-07 2006-11-28 Ensim Corporation Associating identifiers with virtual processes
AU6371500A (en) 2000-07-25 2002-02-05 Mediadna Inc System and method of verifying the authenticity of dynamically connectable executable images
US7552333B2 (en) * 2000-08-04 2009-06-23 First Data Corporation Trusted authentication digital signature (tads) system
CA2417919C (en) * 2000-08-04 2012-02-07 Lynn Henry Wheeler Method and system for using electronic communications for an electronic contract
US6909691B1 (en) 2000-08-07 2005-06-21 Ensim Corporation Fairly partitioning resources while limiting the maximum fair share
US7032114B1 (en) * 2000-08-30 2006-04-18 Symantec Corporation System and method for using signatures to detect computer intrusions
US6981245B1 (en) 2000-09-14 2005-12-27 Sun Microsystems, Inc. Populating binary compatible resource-constrained devices with content verified using API definitions
AU9084201A (en) * 2000-09-14 2002-03-26 Sun Microsystems Inc Remote incremental program binary compatibility verification using api definitions
US6732211B1 (en) 2000-09-18 2004-05-04 Ensim Corporation Intercepting I/O multiplexing operations involving cross-domain file descriptor sets
US6964039B2 (en) * 2000-12-13 2005-11-08 Esmertec Ag Method to create optimized machine code through combined verification and translation of JAVA™ bytecode
US7219354B1 (en) 2000-12-22 2007-05-15 Ensim Corporation Virtualizing super-user privileges for multiple virtual processes
US7296275B2 (en) 2001-01-04 2007-11-13 Sun Microsystems, Inc. Method and system for passing objects in a distributed system using serialization contexts
FR2819602B1 (en) * 2001-01-12 2003-02-21 Gemplus Card Int METHOD FOR MANAGING COMPUTER APPLICATIONS BY THE OPERATING SYSTEM OF A MULTI-APPLICATION COMPUTER SYSTEM
EP1233333A1 (en) * 2001-02-19 2002-08-21 Hewlett-Packard Company Process for executing a downloadable service receiving restrictive access rights to al least one profile file
US6618736B1 (en) 2001-03-09 2003-09-09 Ensim Corporation Template-based creation and archival of file systems
US7181017B1 (en) 2001-03-23 2007-02-20 David Felsher System and method for secure three-party communications
US6978451B2 (en) * 2001-05-31 2005-12-20 Esmertec Ag Method for fast compilation of preverified JAVA bytecode to high quality native machine code
DE10131395B4 (en) * 2001-06-28 2006-08-17 Daimlerchrysler Ag Method for transmitting software modules
US7237121B2 (en) * 2001-09-17 2007-06-26 Texas Instruments Incorporated Secure bootloader for securing digital devices
GB0121064D0 (en) 2001-08-31 2001-10-24 Transitive Technologies Ltd Obtaining translation of generic code representation
US7660887B2 (en) 2001-09-07 2010-02-09 Sun Microsystems, Inc. Systems and methods for providing dynamic quality of service for a distributed system
US7756969B1 (en) 2001-09-07 2010-07-13 Oracle America, Inc. Dynamic provisioning of identification services in a distributed system
US20030050981A1 (en) * 2001-09-13 2003-03-13 International Business Machines Corporation Method, apparatus, and program to forward and verify multiple digital signatures in electronic mail
US7143313B2 (en) 2001-11-09 2006-11-28 Sun Microsystems, Inc. Support interface module bug submitter
US7266731B2 (en) 2001-11-13 2007-09-04 Sun Microsystems, Inc. Method and apparatus for managing remote software code update
US7146500B2 (en) * 2001-11-14 2006-12-05 Compass Technology Management, Inc. System for obtaining signatures on a single authoritative copy of an electronic record
US7496757B2 (en) * 2002-01-14 2009-02-24 International Business Machines Corporation Software verification system, method and computer program element
US7240213B1 (en) * 2002-03-15 2007-07-03 Waters Edge Consulting, Llc. System trustworthiness tool and methodology
US20030188180A1 (en) * 2002-03-28 2003-10-02 Overney Gregor T. Secure file verification station for ensuring data integrity
US20030216927A1 (en) * 2002-05-17 2003-11-20 V. Sridhar System and method for automated safe reprogramming of software radios
US20070118899A1 (en) * 2002-05-17 2007-05-24 Satyam Computer Services Limited Of Mayfair Centre System and method for automated safe reprogramming of software radios
WO2004023313A1 (en) * 2002-09-04 2004-03-18 Fraunhofer Crcg, Inc. Protecting mobile code against malicious hosts cross references to related applications
US9818136B1 (en) 2003-02-05 2017-11-14 Steven M. Hoffberg System and method for determining contingent relevance
US6965968B1 (en) 2003-02-27 2005-11-15 Finjan Software Ltd. Policy-based caching
US9781154B1 (en) 2003-04-01 2017-10-03 Oracle International Corporation Systems and methods for supporting information security and sub-system operational protocol conformance
US10063523B2 (en) * 2005-09-14 2018-08-28 Oracle International Corporation Crafted identities
US10275723B2 (en) * 2005-09-14 2019-04-30 Oracle International Corporation Policy enforcement via attestations
US8468330B1 (en) 2003-06-30 2013-06-18 Oracle International Corporation Methods, systems, and data structures for loading and authenticating a module
GB0318197D0 (en) * 2003-08-02 2003-09-03 Koninkl Philips Electronics Nv Copy-protecting applications in a digital broadcasting system
GB0318198D0 (en) * 2003-08-02 2003-09-03 Koninkl Philips Electronics Nv Copy-protected application for digital broadcasting system
US7263690B1 (en) * 2003-11-14 2007-08-28 Sun Microsystems, Inc. Mechanism for safe byte code in a tracing framework
US7516331B2 (en) * 2003-11-26 2009-04-07 International Business Machines Corporation Tamper-resistant trusted java virtual machine and method of using the same
EP1538509A1 (en) * 2003-12-04 2005-06-08 Axalto S.A. Method for securing a program execution against radiation attacks
US7287243B2 (en) * 2004-01-06 2007-10-23 Hewlett-Packard Development Company, L.P. Code verification system and method
US7752453B2 (en) 2004-01-08 2010-07-06 Encryption Solutions, Inc. Method of encrypting and transmitting data and system for transmitting encrypted data
US8031865B2 (en) * 2004-01-08 2011-10-04 Encryption Solutions, Inc. Multiple level security system and method for encrypting data within documents
US7526643B2 (en) * 2004-01-08 2009-04-28 Encryption Solutions, Inc. System for transmitting encrypted data
US7792874B1 (en) 2004-01-30 2010-09-07 Oracle America, Inc. Dynamic provisioning for filtering and consolidating events
US7500108B2 (en) 2004-03-01 2009-03-03 Microsoft Corporation Metered execution of code
US7647581B2 (en) * 2004-06-30 2010-01-12 International Business Machines Corporation Evaluating java objects across different virtual machine vendors
US7539975B2 (en) * 2004-06-30 2009-05-26 International Business Machines Corporation Method, system and product for determining standard Java objects
US7493596B2 (en) * 2004-06-30 2009-02-17 International Business Machines Corporation Method, system and program product for determining java software code plagiarism and infringement
US7590589B2 (en) 2004-09-10 2009-09-15 Hoffberg Steven M Game theoretic prioritization scheme for mobile ad hoc networks permitting hierarchal deference
US8312431B1 (en) * 2004-09-17 2012-11-13 Oracle America, Inc. System and computer readable medium for verifying access to signed ELF objects
CN101065716A (en) 2004-11-22 2007-10-31 诺基亚公司 Method and device for verifying the integrity of platform software of an electronic device
JP4727278B2 (en) * 2005-04-05 2011-07-20 株式会社エヌ・ティ・ティ・ドコモ Application program verification system, application program verification method, and computer program
US8375369B2 (en) * 2005-04-26 2013-02-12 Apple Inc. Run-time code injection to perform checks
US8838974B2 (en) * 2005-07-15 2014-09-16 The Mathworks, Inc. System and method for verifying the integrity of read-only components in deployed mixed-mode applications
US7895651B2 (en) 2005-07-29 2011-02-22 Bit 9, Inc. Content tracking in a network security system
US8272058B2 (en) 2005-07-29 2012-09-18 Bit 9, Inc. Centralized timed analysis in a network security system
US8984636B2 (en) 2005-07-29 2015-03-17 Bit9, Inc. Content extractor and analysis system
US8874477B2 (en) 2005-10-04 2014-10-28 Steven Mark Hoffberg Multifactorial optimization system and method
JP4537940B2 (en) * 2005-11-21 2010-09-08 株式会社ソニー・コンピュータエンタテインメント Information processing apparatus and program execution control method
US8250559B2 (en) * 2006-04-12 2012-08-21 Oracle America, Inc. Supporting per-program classpaths with class sharing in a multi-tasking virtual machine
KR100728517B1 (en) * 2006-12-28 2007-06-15 메크로비젼 코오포레이션 System and method for authenticity of dynamically connectable executable images
CN101226569A (en) * 2007-01-19 2008-07-23 国际商业机器公司 Method and device for checking code module in virtual machine
US9122864B2 (en) * 2008-08-05 2015-09-01 International Business Machines Corporation Method and apparatus for transitive program verification
US8301903B2 (en) * 2009-02-27 2012-10-30 Research In Motion Limited Low-level code signing mechanism
US9117071B2 (en) * 2009-06-03 2015-08-25 Apple Inc. Methods and apparatuses for secure compilation
US8677329B2 (en) 2009-06-03 2014-03-18 Apple Inc. Methods and apparatuses for a compiler server
CN102598017B (en) * 2009-11-13 2016-03-09 爱迪德技术有限公司 Improve the system and method for its tamper-proof capabilities of Java bytecode
US8782434B1 (en) 2010-07-15 2014-07-15 The Research Foundation For The State University Of New York System and method for validating program execution at run-time
US8904189B1 (en) * 2010-07-15 2014-12-02 The Research Foundation For The State University Of New York System and method for validating program execution at run-time using control flow signatures
JP6199297B2 (en) 2011-10-17 2017-09-20 インタートラスト テクノロジーズ コーポレイション Systems and methods for protecting and managing genomes and other information
US9015680B1 (en) * 2012-02-24 2015-04-21 Google Inc. Differential analysis of translation of software for the detection of flaws
US9122873B2 (en) 2012-09-14 2015-09-01 The Research Foundation For The State University Of New York Continuous run-time validation of program execution: a practical approach
US10001978B2 (en) * 2015-11-11 2018-06-19 Oracle International Corporation Type inference optimization
KR101691600B1 (en) * 2016-04-28 2017-01-02 지티원 주식회사 Program Analysis Method Based on Common Structure Transformation and Apparatus Therefor
CN111770206B (en) * 2020-08-31 2020-12-29 支付宝(杭州)信息技术有限公司 A method for deploying smart contracts, blockchain nodes and storage media
US12079374B2 (en) * 2021-12-01 2024-09-03 International Business Machines Corporation Secure software compilation and software verification
US11809839B2 (en) 2022-01-18 2023-11-07 Robert Lyden Computer language and code for application development and electronic and optical communication

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5224160A (en) * 1987-02-23 1993-06-29 Siemens Nixdorf Informationssysteme Ag Process for securing and for checking the integrity of the secured programs
US4868877A (en) * 1988-02-12 1989-09-19 Fischer Addison M Public key/signature cryptosystem with enhanced digital signature certification
GB8901932D0 (en) * 1989-01-28 1989-03-15 Int Computers Ltd Data processing system
US4926476A (en) * 1989-02-03 1990-05-15 Motorola, Inc. Method and apparatus for secure execution of untrusted software
US5280613A (en) * 1990-06-25 1994-01-18 Hewlett-Packard Company ANDF installer using the HPcode-Plus compiler intermediate language
US5504814A (en) * 1991-07-10 1996-04-02 Hughes Aircraft Company Efficient security kernel for the 80960 extended architecture
US5301231A (en) * 1992-02-12 1994-04-05 International Business Machines Corporation User defined function facility
US5421006A (en) * 1992-05-07 1995-05-30 Compaq Computer Corp. Method and apparatus for assessing integrity of computer system software
FR2703800B1 (en) * 1993-04-06 1995-05-24 Bull Cp8 Method for signing a computer file, and device for implementing it.
US5475753A (en) * 1993-11-12 1995-12-12 Matsushita Electric Corporation Of America Apparatus and method for certifying the delivery of information
US5559884A (en) * 1994-06-30 1996-09-24 Microsoft Corporation Method and system for generating and auditing a signature for a computer program
US5692047A (en) * 1995-12-08 1997-11-25 Sun Microsystems, Inc. System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources

Similar Documents

Publication Publication Date Title
CN1097771C (en) System and method for executing checking program
HK1000846B (en) System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources
CN1103968C (en) System and method for generating trusted, architecture specific, compiled versions of architecture neutral programs
US6922782B1 (en) Apparatus and method for ensuring data integrity of unauthenticated code
JP3982857B2 (en) System and method for protecting the use of dynamically linked executable modules
US7117371B1 (en) Shared names
US6327652B1 (en) Loading and identifying a digital rights management operating system
JP3786722B2 (en) Method and apparatus for effective use of progressive object-oriented program using digital signature
US7434263B2 (en) System and method for secure storage data using a key
US20040177168A1 (en) Verbose hardware identification for binding a software package to a computer system having tolerance for hardware changes
EP1577767A2 (en) Code rewriting
US7591014B2 (en) Program authentication on environment
US20120066512A1 (en) Real-time secure self-aquiring root authority
JP4698925B2 (en) System and method for verifying authenticity of dynamically connectable executable images
US20040139342A1 (en) Method and apparatus for protecting external call references
CN116910712A (en) Code protection method, system, electronic device and storage medium
Zhao et al. Research on security protection mechanism of android app
HK1001142A (en) System and method for generating trusted, architecture specific, compiled versions of architecture neutral programs
CN114117363B (en) An authorization method and storage medium for dynamically generating license verification methods
US20250384136A1 (en) Self-Version Verification for Shared Libraries
Collberg et al. bianlian: Remote Tamper-Resistance with Continuous Replacement
Valdez Protecting executable software
CN1205475A (en) Information processing apparatus and method and recording medium