Methodology for trustworthy software build
US11520902B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | Mar 6, 2020 |
| Grant date | Dec 6, 2022 |
| Priority date | — |
| Expiry date | Oct 30, 2040 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/033
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
A certificate-based methodology is used to establish the trustworthy relationship between source codes and produced binary files for a given software build. The trustworthy relationship between the source code and binary files is generated by recording build information during building of the source code. The build information may include build environment information, framework information, source files identification, intermediately generated files information, final binary files information, file operations during building of the source code, and/or commands/operations during building of the source code. A certificate is generated using the build information for establishing a relationship between the source code and a binary file created from the source code, and the certificate is signed with a public cryptographic key. A software release package is provided to the recipient including at least the source code, final binary files generated from the source code, and the certificate.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.