Support for portable trusted software

Assignee

• International Business Machines Corporation · US

Inventors

• Asit Dan · Babylon, US
• Rajiv Ramaswami · Ossining, US
• Dinkar Sitaram · Yorktown Heights, US

Key dates

Classification

• Technology area (CPC H)Electricity
• CPC primaryH04L63/101
• WIPO fieldDigital communication
• WIPO sectorElectrical engineering

Abstract

A form of authentication is provided wherein a trusted third party signs a certificate to identify the author of a program and to secure its integrity. The program code is encapsulated or otherwise associated with the certificate and an access control list (ACL). The access control list describes the permissions and resources required by the code. An enforcement mechanism which allocates system permissions and resources in accordance with the ACL. In a preferred embodiment, a code production system communicates with a certification agency, which is a trusted third party. The certification agency issues a certificate for the code and a certificate for the access list of that code. Once the certificate is issued it is not possible for any party to modify the code or access list without invalidating the certificate. The code and its ACL, along with their certificates are stored on a server. A client downloading the code or access list can verify the integrity of the code/access list and the system can enforce the access list such that the permissions and resources are not exceeded.