CN1326006C - Trust grant and revocation from a master key to secondary keys - Google Patents
Trust grant and revocation from a master key to secondary keys Download PDFInfo
- Publication number
- CN1326006C CN1326006C CNB018232930A CN01823293A CN1326006C CN 1326006 C CN1326006 C CN 1326006C CN B018232930 A CNB018232930 A CN B018232930A CN 01823293 A CN01823293 A CN 01823293A CN 1326006 C CN1326006 C CN 1326006C
- Authority
- CN
- China
- Prior art keywords
- code
- key
- trust
- partner
- sub
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Abstract
The present invention provides a method and a device, which allows a code signed by a master key to grant trust to optional secondary keys, and also allows a code referred to as an antidote and also signed by the master key to revoke permanently the trust granted to the secondary keys.
Description
Technical field
The present invention relates to safe trust.More specifically, the present invention relates to allow authorize trust to secondary key (secondary key) arbitrarily, and the code that allows equally to be called toxinicide (antidote) by the master key signature is forever cancelled the trust that gives secondary key by the code of master key signature.
Background technology
Briefly, computer system is in a kind of like this state, makes each group relatively easily a large amount of codes to be distributed to the great amount of terminals user.For the infringement that the code of protecting them or their product are not subjected to hacker and unknown material, this class group understands application safety mechanism usually.The example of security mechanism is to use the trust (trust) of certificate revocation table (CRL).
In this article, the definition of trust has two parts.First is an identity of setting up the participant.Usually, the participant has the analog by the lertter of introduction of certain other entity signature.Signature so-called licence of entity or CA.Licence or briefly become certificate has been set up participant's name and signature.Other that can exchange use with certificate is master key, super key or system's certificate.Therefore, participant's identity is the lertter of introduction by the CA signature.
Second portion is to trust statement, and it can be the letter that the participant is trusted in statement according to above analog.That is, the first step is to set up participant's identity, and second step provided the agreement (agreement) that this identity is trusted in statement.This identity and agreement operate together and break the wall of mistrust.
From the viewpoint of common computer system, trust the example of carrying out and finish by using CRL.The use of CRL and issued Software Bundling.What distributed software was relevant is system's certificate.This certificate and a plurality of other certificate are arranged in certificate database together.The use of certificate is suitable for being applied in the distribution by the other software of the same issuing entity of distribution first system code.Sometimes, they are called patch.The patch of signature means the software of trusting patch and original signature to the terminal user.
Wish the partner or sell main code and the released together complicacy that can increase another layer of primal system code.In order to make the code of all three types, promptly primal system code, patch and partner's code are seamlessly worked together, and they generally need be by same certificate signature.
Current, have in fault and the situation at partner's code by certificate signature, then system code and its patch in the hole in.Current remedying is to revise partner's code for correction and it is issued once more.But, because wrong partner's code is by the certificate signature, so the right of certificate must be undone.The right of certificate revocation can influence the trust of authorizing to the primal system code of being signed and any patch that it is signed.Need before the partner's code that reissues primal system code, its patch and proofreaied and correct, create second master key or certificate is signed them.
The process of the software that obviously, reissues (primal system and patch) wastes time and energy and too expensive burden often for company.
When the quantity of partner's software was huge, another groundwork of company was exactly to reissue partner's software of having proofreaied and correct, and situation is like this usually.
If the partner of company provides the code that comprises aggressiveness and can not be undone timely and effectively, and the said firm or its partner know that just then this is very disadvantageous for company after its distribution.
R.Sudama, D.M.Griffin, B.Johnson, D.Sealy, the United States Patent (USP) 5 of J.Shelhamer and O.H.Tallman, disclose the method that is used for providing to management server safety practice 619,657 (on April 8th, 1997), it utilizes the trusting relationship database to come the mutual trust between the verification management server to concern.A kind of safe method that provides is provided in this invention, is used for distributing bookkeeping between computer networking component, has used mutual trust, mutual authentication management service network to arrive selected host computer system with serve operations.Common identification and trust build on from submitting to point to each transmission link of the management server of appointment, and the management server request ISP of this appointment carries out the bookkeeping on the selected main frame.
But the trust identification that people such as Sudama require the standard technique of the prior art of querying database to be concerned about does not comprise cancels trust.
M.Gasser, A.C.Goldstein, C.W.Kaufman and B.W.Lampson, U.S. Patent No. 55,224, disclose a kind of method 163 (on June 29th, 1993), it is used for by using dialogue public/private encryption key to entrust from the mandate of another entity of an entity to single calculating dialogue of distributed computing system.Last at computer dialog, private encryption key is eliminated and stops computer dialog.
People such as Gasser propose based on safety interim or dialogue.In addition, the user need prove the workstation with private encryption key of opinion be to be authorized to come representative of consumer to speak.
The trust that provides fabulous, simple and effective method to authorize partner's code before cancelling is favourable.
Allow partner's code by itself, unique certificate signature, and the issue that does not influence by other code of other certificate signature is favourable.
Cancel the sub-key (minor key) of the trust that is used to eliminate partner's code and specify partner's code that new sub-key is proofreaied and correct trust grant or that revise again, rather than to issue or send all codes by the master key signature once more be favourable.
Summary of the invention
A kind of method and apparatus is provided, has mainly increased by two functional elements to the user.First functional elements is to allow code by the master key signature to any secondary key or sub-key vest right or trust.Second functional elements allows to be signed and be called by master key the permanent right that gives specific secondary key of eliminating of code of toxinicide.
Master key only is used for signing minimum code element.These code elements are passed on and are authorized or refuse trust to secondary key.Thereby thereby the code of these parts is very little and very simple guaranteed can not make mistakes in the code do not need to cancel master key.
The idea of toxinicide is, can for good and all refuse the trust to secondary key.In case use toxinicide by reruning the trust code, then secondary key is incited somebody to action failure force forever.From the viewpoint of using, this code snippet is moved to resist found destruction to security as a upgrading.The upgrading of operation toxinicide has prevented that for good and all the user of upgrading is put into notice on the trust code of destroyed.In case destroyed, this makes that the trust of authorizing is good.
According to one aspect of the present invention, provide a kind of and authorized the method for trusting and therefrom cancelling described trust of authorizing to partner's code of a system with master key.This method may further comprise the steps:
Sub-key is provided, and described sub-key is used for described partner's code signing, and the code that is provided by a partner is provided described partner's code;
The sub-key authorization code is provided, and described authorization code is signed through described master key, is used for authorizing trust to described partner's code;
In response to cancelling the needs of described trust of authorizing, distribute relevant sub-key toxinicide code, described sub-key toxinicide code is signed through described master key, be used for cancelling described trust of authorizing, and described toxinicide code is nonvolatil to cancelling of described trust of authorizing from described partner's code; And
In response to calling from described sub-key authorization code and described sub-key toxinicide code, the application programming interfaces by described master key signature are provided, be used for determining whether described system has the ability to authorize trust and therefrom cancel trust to described partner's code;
Wherein said system comprises system code.
According to another aspect of the present invention, provide a kind of and authorized the device of trusting and therefrom cancelling described trust of authorizing to partner's code of a system with master key.This device comprises:
Sub-key, it is used for described partner's code signing, and the code that is provided by a partner is provided described partner's code;
The sub-key authorization code, described authorization code is signed through described master key, is used for authorizing trust to described partner's code;
Be used to respond to cancelling the needs of described trust of authorizing, the device that distributes relevant sub-key toxinicide code, wherein said sub-key toxinicide code is signed through described master key and is exempted from, be used for cancelling described trust of authorizing, and the application of described authorization code is for good and all cancelled in the application of described toxinicide code from described partner's code; And
Application programming interfaces, it is signed by described master key, is used in response to the calling from described sub-key authorization code and described sub-key toxinicide code, determines whether described system has the ability to authorize trust or therefrom cancel trust to described partner's code;
Wherein said system comprises system code.
Description of drawings
Fig. 1 illustrates the synoptic diagram according to the belief system of prior art; And
Fig. 2 illustrates the synoptic diagram according to belief system of the present invention.
Embodiment
A kind of method and apparatus is provided, substantially to the user two functional elements.First functional elements is to allow by the code of master key signature to any second or sub-key vest right or trust.Second functional elements allows to be signed and be called by master key the permanent right that gives specific secondary key of eliminating of code of toxinicide.
Master key only is used for signing minimum code element.These code elements are passed on and are authorized or refuse trust to secondary key.Thereby thereby the code of these parts is very little and very simple guaranteed can not make mistakes in the code do not need to cancel master key.
The idea of toxinicide is, can for good and all refuse the trust to secondary key.In case use toxinicide by reruning the trust code, then secondary key is with invalid.From the viewpoint of using, this code snippet is moved to resist found destruction to security as a upgrading.The upgrading of operation toxinicide has prevented that for good and all the user of upgrading is put into notice on the trust code of destroyed.In case destroyed, this makes that the trust of authorizing is good.
Example problem
Can understand the present invention by example problem and its solution.Example is that the client sends software to the terminal user and client's partner wishes can regarding the software that additional software sends to the user as.When client's software and partner's software both during by single master key signature problem produced.
With reference to figure 1, prior art provides master key 100 signature clients' system code 101.After certain time point, the additional patch of client's issue code 102, it is also worked to guarantee all codes harmoniously by master key 100 signature.
When the needs transmission or distribution is relevant with client codes or during the client partner code 103 that increases thereon, master key 100 is also signed partner's code 103.It is dangerous that this signature 104 of being undertaken by master key 100 can be regarded as, because partner's code 103 may have mistake.When partner's code 103 was big code body, this can be special trouble.
When client's release code (101-103) and some partner's code 103 were wrong, problem had produced.Aligning step according to prior art is that the mistake of proofreading and correct in partner's code 103 is also issued all codes (101-103) of issuing before that comprise correction and signed by master key 100 once more subsequently once more.
The solution of example problem
According to preferred embodiment of the present invention, this way to solve the problem is as follows.With reference to figure 2, the partner produces second or sub-key 200.The client provides by the mandate of master key 100 signatures or trusts code 201, and it allows to trust sub-key 200 substantially and has the right that approaches master key 100 substantially.Constitute partner's code 202 of being trusted together by the authorization code 201 of master key 100 signatures and partner's code 103 of signing by sub-key 200.
In order to cancel use by the sub-key authorization code 201 of master key 100 signatures and the trust of creating by partner's code 103 of sub-key 100 signatures, created the code that is called toxinicide code 203, it also is distributed to the user of partner's code 202 of being trusted where necessary by master key 100 signatures.
Provide application programming interface (API) interpolation/elimination of small fragment to trust code 204 to client 205.This API204 is also by master key 100 signatures.Each all visits authorization code 201 and toxinicide code 203 this API and guarantees that system 205 has the ability of adding or eliminating the trust of being authorized by sub-key 200.
According to preferred embodiment of the present invention, its enforcement is as follows.At first, interpolation/elimination trust API204 is added to system 205.Subsequently, the client writes the authorization code 201 of each small fragment of visiting API204 and the toxinicide code 203 of small fragment simply.In preferred embodiment, any API, mandate and toxinicide code by, but be not limited to Java or JavaScript programming language, the perhaps code compiling of any other general purpose.
It should be noted that be to carry out outside the foundation structure of standard according to trust grant of the present invention with cancelling, this uses certificate and cancels tabulation the same with prior art.Equally, it should be noted that according to the present invention that master key or certificate are to trust code, this is opposite with another certificate of trust or key in the prior art.
It should be noted that the present invention not the certificate of necessity cancel the standard universal mechanism of tabulation, confirm that thus particular certificate need visit the central area and check and cancel.In preferred embodiment of the present invention, terminal user's download and upgrade, wherein cancelling of trusting carried in this upgrading.
It should be noted that eliminating the toxinicide code 203 of trusting has than authorization code 201 and the higher together right of partner's code 203 of being signed of adding trust.That is, toxinicide code 203 has permanent meaning, when using in the toxinicide code 203 and after, when system 205 runs into by partner's code 202 of the trust of sub-key 200 signatures, system will continue execution cancelling the trust of sub-key 200.
According to preferred embodiment of the present invention, cancelling sub-key 200 backs and when the partner is filled with unbounded confidence to the modification code 103 of issue once more, can issue the interpolation that a new sub-key also can recover to trust.
It should be noted that if the client has a plurality of partners then in one embodiment of the invention, each partner can have its distinctive sub-key.
Terminal user's viewpoint
According to prior art, present dialog box to the terminal user, whether the inquiry terminal user trusts the code that will load or move.This dialogue can make the terminal user puzzled usually.
According to preferred embodiment of the present invention, avoided this dialog box.When the terminal user required to add the upgrading that comprises partner's code, in fact the terminal user had received the authorization code of (by master key) signature and partner's code of (by sub-key) signature, and can not receive any inquiry.End-user experience the common no joint working of system code, any additional patch and powerful partner's code.
Though describe the present invention in detail with reference to special preferred embodiment, the technician who has ordinary skill in the present technique field will understand, can carry out the raising of various modifications and do not deviate from the spirit and scope of following claims.
Claims (12)
1. the method for authorizing trust and therefrom cancelling described trust of authorizing to partner's code of a system with master key is characterized in that, may further comprise the steps:
Sub-key is provided, and described sub-key is used for described partner's code signing, and the code that is provided by a partner is provided described partner's code;
The sub-key authorization code is provided, and described authorization code is signed through described master key, is used for authorizing trust to described partner's code;
In response to cancelling the needs of described trust of authorizing, distribute relevant sub-key toxinicide code, described sub-key toxinicide code is signed through described master key, be used for cancelling described trust of authorizing, and described toxinicide code is nonvolatil to cancelling of described trust of authorizing from described partner's code; And
In response to calling from described sub-key authorization code and described sub-key toxinicide code, the application programming interfaces by described master key signature are provided, be used for determining whether described system has the ability to authorize trust and therefrom cancel trust to described partner's code;
Wherein said system comprises system code.
2. the method for claim 1 is characterized in that, the quantity of the quantity of described authorization code and described toxinicide code is few as to be enough to guarantee that described code is faultless.
3. the method for claim 1 is characterized in that, described toxinicide code is used as the upgrade software operation, with the destruction of antagonism to security.
4. method as claimed in claim 3 is characterized in that, described toxinicide code is Downloadable.
5. the method for claim 1 is characterized in that, also comprises the steps: to provide a plurality of sub-keys, and each described sub-key all is coupled with relevant partner's code.
6. the method for claim 1 is characterized in that, described authorization code and described toxinicide code are with any the writing among Java language and the JavaScript.
7. a device of authorizing trust and therefrom cancelling described trust of authorizing to partner's code of a system with master key is characterized in that, comprising:
Sub-key, it is used for described partner's code signing, and the code that is provided by a partner is provided described partner's code;
The sub-key authorization code, described authorization code is signed through described master key, is used for authorizing trust to described partner's code;
Be used to respond to cancelling the needs of described trust of authorizing, the device that distributes relevant sub-key toxinicide code, wherein said sub-key toxinicide code is signed through described master key and is exempted from, be used for cancelling described trust of authorizing, and the application of described authorization code is for good and all cancelled in the application of described toxinicide code from described partner's code; And
Application programming interfaces, it is signed by described master key, is used in response to the calling from described sub-key authorization code and described sub-key toxinicide code, determines whether described system has the ability to authorize trust or therefrom cancel trust to described partner's code;
Wherein said system comprises system code.
8. device as claimed in claim 7, it is characterized in that this device is suitable for adding additional partner's code, by the corresponding additional sub-key of described master key signature, by the corresponding additional authorization code of described master key signature with by the corresponding additional toxinicide code of described master key signature.
9. device as claimed in claim 7 is characterized in that, described authorization code and toxinicide code are with any the writing among Java language and the JavaScript.
10. device as claimed in claim 7 is characterized in that, described authorization code and described toxinicide code are simple must to be enough to guarantee that they are faultless.
11. device as claimed in claim 7 is characterized in that, described authorization code uses described application programming interfaces to realize authorizing of described trust, and described toxinicide code uses described application programming interfaces to realize cancelling described trust of authorizing.
12. device as claimed in claim 7 is characterized in that, described sub-key is created by a partner relevant with described partner's code.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/US2001/017128 WO2003003176A1 (en) | 2001-05-25 | 2001-05-25 | Trust grant and revocation from a master key to secondary keys |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1527963A CN1527963A (en) | 2004-09-08 |
| CN1326006C true CN1326006C (en) | 2007-07-11 |
Family
ID=21742601
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB018232930A Expired - Fee Related CN1326006C (en) | 2001-05-25 | 2001-05-25 | Trust grant and revocation from a master key to secondary keys |
Country Status (6)
| Country | Link |
|---|---|
| EP (1) | EP1390828A1 (en) |
| JP (1) | JP2004535118A (en) |
| CN (1) | CN1326006C (en) |
| AU (1) | AU2001263462B2 (en) |
| CA (1) | CA2447649C (en) |
| WO (1) | WO2003003176A1 (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2007328473A (en) * | 2006-06-07 | 2007-12-20 | Nec Corp | Electronic introduction letter preparation system, electronic introduction letter preparation device and electronic introduction letter preparation method to be used for the same |
| KR20140100908A (en) * | 2013-02-07 | 2014-08-18 | 페어차일드 세미컨덕터 코포레이션 | Secure crypto key generation and distribution |
| US9363267B2 (en) * | 2014-09-25 | 2016-06-07 | Ebay, Inc. | Transaction verification through enhanced authentication |
| US10467071B2 (en) | 2017-03-17 | 2019-11-05 | Accenture Global Solutions Limited | Extensible key management system for application program interfaces |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4919545A (en) * | 1988-12-22 | 1990-04-24 | Gte Laboratories Incorporated | Distributed security procedure for intelligent networks |
| US5224163A (en) * | 1990-09-28 | 1993-06-29 | Digital Equipment Corporation | Method for delegating authorization from one entity to another through the use of session encryption keys |
| US5761669A (en) * | 1995-06-06 | 1998-06-02 | Microsoft Corporation | Controlling access to objects on multiple operating systems |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU3712300A (en) * | 1999-06-11 | 2001-01-02 | Liberate Technologies | Hierarchical open security information delegation and acquisition |
-
2001
- 2001-05-25 CN CNB018232930A patent/CN1326006C/en not_active Expired - Fee Related
- 2001-05-25 AU AU2001263462A patent/AU2001263462B2/en not_active Ceased
- 2001-05-25 WO PCT/US2001/017128 patent/WO2003003176A1/en active IP Right Grant
- 2001-05-25 EP EP01937758A patent/EP1390828A1/en not_active Ceased
- 2001-05-25 JP JP2003509288A patent/JP2004535118A/en active Pending
- 2001-05-25 CA CA002447649A patent/CA2447649C/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4919545A (en) * | 1988-12-22 | 1990-04-24 | Gte Laboratories Incorporated | Distributed security procedure for intelligent networks |
| US5224163A (en) * | 1990-09-28 | 1993-06-29 | Digital Equipment Corporation | Method for delegating authorization from one entity to another through the use of session encryption keys |
| US5761669A (en) * | 1995-06-06 | 1998-06-02 | Microsoft Corporation | Controlling access to objects on multiple operating systems |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1527963A (en) | 2004-09-08 |
| JP2004535118A (en) | 2004-11-18 |
| EP1390828A1 (en) | 2004-02-25 |
| CA2447649A1 (en) | 2003-01-09 |
| AU2001263462B2 (en) | 2005-09-29 |
| WO2003003176A1 (en) | 2003-01-09 |
| CA2447649C (en) | 2008-07-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100485699C (en) | Method for obtaining and verifying credentials | |
| US7904952B2 (en) | System and method for access control | |
| US7793101B2 (en) | Verifiable virtualized storage port assignments for virtual machines | |
| US6335972B1 (en) | Framework-based cryptographic key recovery system | |
| US20050251691A1 (en) | Data authentication method and agent based system | |
| CN110875925A (en) | Information processing apparatus, authorization system, and authentication method | |
| CN1759402A (en) | Hardware-based credential management | |
| WO2007036129A1 (en) | A method, system, mobile terminal and ri server for revoking the right object | |
| JP4226556B2 (en) | Program execution control device, OS, client terminal, server, program execution control system, program execution control method, program execution control program | |
| WO2021117406A1 (en) | Use right information processing device, use right information processing system, and use right information processing method, based on smart contract | |
| US8683198B2 (en) | Master key trust grants and revocations for minor keys | |
| CN1326006C (en) | Trust grant and revocation from a master key to secondary keys | |
| CN112968779B (en) | Security authentication and authorization control method, control system and program storage medium | |
| CN112104463A (en) | Electronic seal system based on alliance block chain and application method | |
| AU2001263462A1 (en) | Trust grant and revocation from a master key to secondary keys | |
| JPH11215120A (en) | Communication equipment | |
| WO2023127379A1 (en) | Method for installing electronic certificate and system for for installing electronic certificate | |
| US20230053907A1 (en) | Method and apparatus for flexible configuration managment using external identity management service | |
| JP4816920B2 (en) | Authentication system and authentication method | |
| CN100372289C (en) | Method for obtaining RO affirmance in DRM system | |
| JP3829650B2 (en) | Device and method for issuing unique data | |
| TC | Web Services Atomic Transaction (WS-AtomicTransaction) 1.1 | |
| Ismail | Authentication mechanisms for mobile agents | |
| CN113228014A (en) | Establishing a protected data communication connection between a control device of a people mover and a mobile device | |
| CN101939752A (en) | Method and device for managing authorization of right object in digital rights management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070711 Termination date: 20100525 |