CN1527963A - Trust grant and revocation from a master key to secondary keys - Google Patents
Trust grant and revocation from a master key to secondary keys Download PDFInfo
- Publication number
- CN1527963A CN1527963A CNA018232930A CN01823293A CN1527963A CN 1527963 A CN1527963 A CN 1527963A CN A018232930 A CNA018232930 A CN A018232930A CN 01823293 A CN01823293 A CN 01823293A CN 1527963 A CN1527963 A CN 1527963A
- Authority
- CN
- China
- Prior art keywords
- code
- trust
- key
- partner
- toxinicide
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
- Lock And Its Accessories (AREA)
Abstract
A method and apparatus is provided that allows code signed by a master key to grant trust to an arbitrary second key, and also allows code, referred to as an antidote and also signed by the master key to revoke permanently the trust given to the second key.
Description
Background of invention
Technical field
The present invention relates to safe trust.More specifically, the present invention relates to allow authorize trust to secondary key (secondary key) arbitrarily, and the code that allows equally to be called toxinicide (antidote) by the master key signature is forever cancelled the trust that gives secondary key by the code of master key signature.
Description of the Prior Art
Briefly, computer system is in a kind of like this state, makes each group relatively easily a large amount of codes to be distributed to the great amount of terminals user.For the infringement that the code of protecting them or their product are not subjected to hacker and unknown material, this class group understands application safety mechanism usually.The example of security mechanism is to use the trust (trust) of certificate revocation table (CRL).
In this article, the definition of trust has two parts.First is an identity of setting up the participant.Usually, the participant has the analog by the lertter of introduction of certain other entity signature.Signature so-called licence of entity or CA.Licence or briefly become certificate has been set up participant's name and signature.Other that can exchange use with certificate is master key, super key or system's certificate.Therefore, participant's identity is the lertter of introduction by the CA signature.
Second portion is to trust statement, and it can be the letter that the participant is trusted in statement according to above analog.That is, the first step is to set up participant's identity, and second step provided the agreement (agreement) that this identity is trusted in statement.This identity and agreement operate together and break the wall of mistrust.
From the viewpoint of common computer system, trust the example of carrying out and finish by using CRL.The use of CRL and issued Software Bundling.What distributed software was relevant is system's certificate.This certificate and a plurality of other certificate are arranged in certificate database together.The use of certificate is suitable for being applied in the distribution by the other software of the same issuing entity of distribution first system code.Sometimes, they are called patch.The patch of signature means the software of trusting patch and original signature to the terminal user.
Wish the partner or sell main code and the released together complicacy that can increase another layer of primal system code.In order to make the code of all three types, promptly primal system code, patch and partner's code are seamlessly worked together, and they generally need be by same certificate signature.
Current, have in fault and the situation at partner's code by certificate signature, then system code and its patch in the hole in.Current remedying is to revise partner's code for correction and it is issued once more.But, because wrong partner's code is by the certificate signature, so the right of certificate must be undone.The right of certificate revocation can influence the trust of authorizing to the primal system code of being signed and any patch that it is signed.Need before the partner's code that reissues primal system code, its patch and proofreaied and correct, create second master key or certificate is signed them.
The process of the software that obviously, reissues (primal system and patch) wastes time and energy and too expensive burden often for company.
When the quantity of partner's software was huge, another groundwork of company was exactly to reissue partner's software of having proofreaied and correct, and situation is like this usually.
If the partner of company provides the code that comprises aggressiveness and can not be undone timely and effectively, and the said firm or its partner know that just then this is very disadvantageous for company after its distribution.
R.Sudama, D.M.Griffin, B.Johnson, D.Sealy, the United States Patent (USP) 5 of J.Shelhamer and O.H.Tallman, disclose the method that is used for providing to management server safety practice 619,657 (on April 8th, 1997), it utilizes the trusting relationship database to come the mutual trust between the verification management server to concern.A kind of safe method that provides is provided in this invention, is used for distributing bookkeeping between computer networking component, has used mutual trust, mutual authentication management service network to arrive selected host computer system with serve operations.Common identification and trust build on from submitting to point to each transmission link of the management server of appointment, and the management server request ISP of this appointment carries out the bookkeeping on the selected main frame.
But the trust identification that people such as Sudama require the standard technique of the prior art of querying database to be concerned about does not comprise cancels trust.
M.Gasser, A.C.Goldstein, C.W.Kaufman and B.W.Lampson, U.S. Patent No. 55,224, disclose a kind of method 163 (on June 29th, 1993), it is used for by using dialogue public/private encryption key to entrust from the mandate of another entity of an entity to single calculating dialogue of distributed computing system.Last at computer dialog, private encryption key is eliminated and stops computer dialog.
People such as Gasser propose based on safety interim or dialogue.In addition, the user need prove the workstation with private encryption key of opinion be to be authorized to come representative of consumer to speak.
The trust that provides fabulous, simple and effective method to authorize partner's code before cancelling is favourable.
Allow partner's code by itself, unique certificate signature, and the issue that does not influence by other code of other certificate signature is favourable.
Cancel the sub-key (minor key) of the trust that is used to eliminate partner's code and specify partner's code that new sub-key is proofreaied and correct trust grant or that revise again, rather than to issue or send all codes by the master key signature once more be favourable.
Summary of the invention
A kind of method and apparatus is provided, has mainly increased by two functional elements to the user.First functional elements is to allow code by the master key signature to any secondary key or sub-key vest right or trust.Second functional elements allows to be signed and be called by master key the permanent right that gives specific secondary key of eliminating of code of toxinicide.
Master key only is used for signing minimum code element.These code elements are passed on and are authorized or refuse trust to secondary key.Thereby thereby the code of these parts is very little and very simple guaranteed can not make mistakes in the code do not need to cancel master key.
The idea of toxinicide is, can for good and all refuse the trust to secondary key.In case use toxinicide by reruning the trust code, then secondary key is incited somebody to action failure force forever.From the viewpoint of using, this code snippet is moved to resist found destruction to security as a upgrading.The upgrading of operation toxinicide has prevented that for good and all the user of upgrading is put into notice on the trust code of destroyed.In case destroyed, this makes that the trust of authorizing is good.
Summary of drawings
Fig. 1 illustrates the synoptic diagram according to the belief system of prior art; And
Fig. 2 illustrates the synoptic diagram according to belief system of the present invention.
Embodiment
A kind of method and apparatus is provided, substantially to the user two functional elements.First functional elements is to allow by the code of master key signature to any second or sub-key vest right or trust.Second functional elements allows to be signed and be called by master key the permanent right that gives specific secondary key of eliminating of code of toxinicide.
Master key only is used for signing minimum code element.These code elements are passed on and are authorized or refuse trust to secondary key.Thereby thereby the code of these parts is very little and very simple guaranteed can not make mistakes in the code do not need to cancel master key.
The idea of toxinicide is, can for good and all refuse the trust to secondary key.In case use toxinicide by reruning the trust code, then secondary key is with invalid.From the viewpoint of using, this code snippet is moved to resist found destruction to security as a upgrading.The upgrading of operation toxinicide has prevented that for good and all the user of upgrading is put into notice on the trust code of destroyed.In case destroyed, this makes that the trust of authorizing is good.
Example problem
Can understand the present invention by example problem and its solution.Example is that the client sends software to the terminal user and client's partner wishes can regarding the software that additional software sends to the user as.When client's software and partner's software both during by single master key signature problem produced.
With reference to figure 1, prior art provides master key 100 signature clients' system code 101.After certain time point, the additional patch of client's issue code 102, it is also worked to guarantee all codes harmoniously by master key 100 signature.
When the needs transmission or distribution is relevant with client codes or during the client partner code 103 that increases thereon, master key 100 is also signed partner's code 103.It is dangerous that this signature 104 of being undertaken by master key 100 can be regarded as, because partner's code 103 may have mistake.When partner's code 103 was big code body, this can be special trouble.
When client's release code (101-103) and some partner's code 103 were wrong, problem had produced.Aligning step according to prior art is that the mistake of proofreading and correct in partner's code 103 is also issued all codes (101-103) of issuing before that comprise correction and signed by master key 100 once more subsequently once more.
The solution of example problem
According to preferred embodiment of the present invention, this way to solve the problem is as follows.With reference to figure 2, the partner produces second or sub-key 200.The client provides by the mandate of master key 100 signatures or trusts code 201, and it allows to trust sub-key 200 substantially and has the right that approaches master key 100 substantially.Constitute partner's code 202 of being trusted together by the authorization code 201 of master key 100 signatures and partner's code 103 of signing by sub-key 100.
In order to cancel use by the sub-key authorization code 201 of master key 100 signatures and the trust of creating by partner's code 103 of sub-key 100 signatures, created the code that is called toxinicide code 203, it also is distributed to the user of partner's code 202 of being trusted where necessary by master key 100 signatures.
Provide application programming interface (API) interpolation/elimination of small fragment to trust code 204 to client 205.This API204 is also by master key 100 signatures.Each all visits authorization code 201 and toxinicide code 203 this API and guarantees that system 205 has the ability of adding or eliminating the trust of being authorized by sub-key 200.
According to preferred embodiment of the present invention, its enforcement is as follows.At first, interpolation/elimination trust API204 is added to system 205.Subsequently, the client writes the authorization code 201 of each small fragment of visiting API204 and the toxinicide code 203 of small fragment simply.In preferred embodiment, any API, mandate and toxinicide code by, but be not limited to the code compiling of JavaScript programming language or any other general purpose.
It should be noted that according to the authorizing and cancel outside the foundation structure of standard and carry out of trust of the present invention, as using according to the certificate of prior art and cancelling tabulation.Equally, it should be noted that master key or certificate are to trust code, as relative with another certificate of trust or key according to prior art according to the present invention.
It should be noted that the present invention not the certificate of necessity cancel the standard universal mechanism of tabulation, confirm that thus particular certificate need visit the central area and check and cancel.In preferred embodiment of the present invention, terminal user's download and upgrade, wherein cancelling of trusting carried in this upgrading.
It should be noted that eliminating the toxinicide code 203 of trusting has than authorization code 201 and the higher together right of partner's code 203 of being signed of adding trust.That is, toxinicide code 203 has permanent meaning, when using in the toxinicide code 203 and after, when system 205 runs into by partner's code 202 of the trust of sub-key 200 signatures, system will continue execution cancelling the trust of sub-key 200.
According to preferred embodiment of the present invention, cancelling sub-key 200 backs and when the partner is filled with unbounded confidence to the modification code 103 of issue once more, issuing the interpolation that new sub-key also can recover to trust.
It should be noted that if the client has a plurality of partners then in one embodiment of the invention, each partner can have its distinctive sub-key.
Terminal user's viewpoint
According to prior art, present dialog box to the terminal user, whether the inquiry terminal user trusts the code that will load or move.This dialogue can make the terminal user puzzled usually.
According to preferred embodiment of the present invention, avoided this dialog box.When the terminal user required to add the upgrading that comprises partner's code, in fact the terminal user had received the authorization code of (by master key) signature and partner's code of (by sub-key) signature, and can not receive any inquiry.End-user experience the common no joint working of system code, any additional patch and powerful partner's code.
Though describe the present invention in detail with reference to special preferred embodiment, the technician who has ordinary skill in the present technique field will understand, can carry out the raising of various modifications and do not deviate from the spirit and scope of following claims.
Claims (15)
1. one kind is used for being authorized to any secondary key by master key and trusts and from its method of cancelling described trust of authorizing, it is characterized in that, comprising:
Provide the authorization code of signing by described master key to authorize trust to described any secondary key; And
Provide the toxinicide code of signing by described master key to cancel the described trust of authorizing to described arbitrary key.
2. the method for claim 1 is characterized in that, described toxinicide code is nonvolatil to described the cancelling of described trust of authorizing.
3. the method for claim 1 is characterized in that, the quantity of described authorization code is quite few, and the quantity of wherein said toxinicide code is quite few.
4. the method for claim 1 is characterized in that, described toxinicide code is used as the upgrade software operation with the destruction of antagonism to security.
5. method as claimed in claim 4 is characterized in that, described toxinicide code is Downloadable.
6. the method for claim 1 is characterized in that, comprises a plurality of secondary keys, they each respectively with a plurality of partner entities in one be associated.
7. the method for claim 1 is characterized in that, described mandate and toxinicide code are versatility codes, and with, but be not limited to any the writing among Java language and the JavaScript.
8. one kind is used for being authorized trust and being cancelled the device of described trust of authorizing from it by the partner of master key to system, it is characterized in that, comprising:
Sub-key, it and described partner are associated;
General authorized entity, it and described sub-key are associated, and the described entity of being signed by described master key is used for authorizing trust to described partner;
The antidote,universal entity, it and described sub-key are associated, and the described entity of being signed by described master key is used for cancelling described trust of authorizing from described partner; And
To the interface of described system, it is used for authorizing trust and cancelling its trust to described partner, and described interface is signed by described master key.
9. device as claimed in claim 8 is characterized in that,
Described system comprises system code;
Described partner comprises partner's code;
Described authorized entity comprises general authorization code;
Described toxinicide entity comprises the antidote,universal code; And
Described interface is application programming interfaces (API).
10. device as claimed in claim 8 is characterized in that the application of described toxinicide entity forever has precedence over the application of described authorized entity.
11. device as claimed in claim 8, it is characterized in that, this device be suitable for after time point on add an additional partner, accordingly by the additional sub-key of described master key signature, accordingly by the additional authorization entity of described master key signature with accordingly by the additional toxinicide entity of described master key signature.
12. device as claimed in claim 9 is characterized in that, described mandate and toxinicide code usefulness, but be not limited to, be that any is write among Java language and the JavaScript.
13. device as claimed in claim 8 is characterized in that, the very simple and described toxinicide entity of described authorized entity is very simple, thereby has eliminated the chance of wrong appearance.
14. device as claimed in claim 8 is characterized in that, described authorized entity uses described system interface to realize authorizing of described trust, and described toxinicide entity uses described system interface to realize that the described of described trust of authorizing cancel.
15. device as claimed in claim 8 is characterized in that, described sub-key is created by described partner.
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| PCT/US2001/017128 WO2003003176A1 (en) | 2001-05-25 | 2001-05-25 | Trust grant and revocation from a master key to secondary keys |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1527963A true CN1527963A (en) | 2004-09-08 |
| CN1326006C CN1326006C (en) | 2007-07-11 |
Family
ID=21742601
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB018232930A Expired - Fee Related CN1326006C (en) | 2001-05-25 | 2001-05-25 | Trust grant and revocation from a master key to secondary keys |
Country Status (6)
| Country | Link |
|---|---|
| EP (1) | EP1390828A1 (en) |
| JP (1) | JP2004535118A (en) |
| CN (1) | CN1326006C (en) |
| AU (1) | AU2001263462B2 (en) |
| CA (1) | CA2447649C (en) |
| WO (1) | WO2003003176A1 (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106716343A (en) * | 2014-09-25 | 2017-05-24 | 电子湾有限公司 | Transaction verification through enhanced authentication |
| US10372518B2 (en) | 2017-03-17 | 2019-08-06 | Accenture Global Solutions Limited | Extensible single point orchestration system for application program interfaces |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2007328473A (en) * | 2006-06-07 | 2007-12-20 | Nec Corp | Electronic introduction letter preparation system, electronic introduction letter preparation device and electronic introduction letter preparation method to be used for the same |
| KR20140100908A (en) * | 2013-02-07 | 2014-08-18 | 페어차일드 세미컨덕터 코포레이션 | Secure crypto key generation and distribution |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4919545A (en) * | 1988-12-22 | 1990-04-24 | Gte Laboratories Incorporated | Distributed security procedure for intelligent networks |
| US5224163A (en) * | 1990-09-28 | 1993-06-29 | Digital Equipment Corporation | Method for delegating authorization from one entity to another through the use of session encryption keys |
| US5761669A (en) * | 1995-06-06 | 1998-06-02 | Microsoft Corporation | Controlling access to objects on multiple operating systems |
| WO2000077974A1 (en) * | 1999-06-11 | 2000-12-21 | Liberate Technologies | Hierarchical open security information delegation and acquisition |
-
2001
- 2001-05-25 WO PCT/US2001/017128 patent/WO2003003176A1/en active IP Right Grant
- 2001-05-25 JP JP2003509288A patent/JP2004535118A/en active Pending
- 2001-05-25 AU AU2001263462A patent/AU2001263462B2/en not_active Ceased
- 2001-05-25 CA CA002447649A patent/CA2447649C/en not_active Expired - Fee Related
- 2001-05-25 EP EP01937758A patent/EP1390828A1/en not_active Ceased
- 2001-05-25 CN CNB018232930A patent/CN1326006C/en not_active Expired - Fee Related
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106716343A (en) * | 2014-09-25 | 2017-05-24 | 电子湾有限公司 | Transaction verification through enhanced authentication |
| US10372518B2 (en) | 2017-03-17 | 2019-08-06 | Accenture Global Solutions Limited | Extensible single point orchestration system for application program interfaces |
| US10467071B2 (en) | 2017-03-17 | 2019-11-05 | Accenture Global Solutions Limited | Extensible key management system for application program interfaces |
Also Published As
| Publication number | Publication date |
|---|---|
| EP1390828A1 (en) | 2004-02-25 |
| AU2001263462B2 (en) | 2005-09-29 |
| CA2447649A1 (en) | 2003-01-09 |
| CN1326006C (en) | 2007-07-11 |
| JP2004535118A (en) | 2004-11-18 |
| WO2003003176A1 (en) | 2003-01-09 |
| CA2447649C (en) | 2008-07-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8341747B2 (en) | Method to provide a secure virtual machine launcher | |
| CA2923740C (en) | Software code signing system and method | |
| US7793101B2 (en) | Verifiable virtualized storage port assignments for virtual machines | |
| CN100533451C (en) | System and method for enhanced layer of security to protect a file system from malicious programs | |
| US20040054889A1 (en) | Methods and system for providing a public key fingerprint list in a PK system | |
| US20050166041A1 (en) | Authentication in a distributed computing environment | |
| CN1881879A (en) | Public key framework and method for checking user | |
| CN1991856A (en) | Locking applications for specially marked content | |
| WO2006039771A1 (en) | System and method for access control | |
| WO2006093561A2 (en) | Secure software communication method and system | |
| CN101065716A (en) | Method and device for verifying the integrity of platform software of an electronic device | |
| CN1759402A (en) | Hardware-based credential management | |
| WO2023151504A1 (en) | Internet of things-based data processing method and apparatus | |
| CN114157432A (en) | Digital certificate acquisition method, device, electronic equipment, system and storage medium | |
| US8683198B2 (en) | Master key trust grants and revocations for minor keys | |
| CN1527963A (en) | Trust grant and revocation from a master key to secondary keys | |
| CN117527180A (en) | Quantum password migration resistant method for block chain | |
| US20100138645A1 (en) | Method for moving rights objects into other device in digital rights management | |
| AU2001263462A1 (en) | Trust grant and revocation from a master key to secondary keys | |
| US7711957B2 (en) | Granting access to a computer-based object | |
| WO2023127379A1 (en) | Method for installing electronic certificate and system for for installing electronic certificate | |
| US20230053907A1 (en) | Method and apparatus for flexible configuration managment using external identity management service | |
| CN114650160B (en) | Digital certificate processing method and device, storage medium and electronic equipment | |
| CN101939752B (en) | Method and device for managing authorization of right object in digital rights management | |
| CN112385179A (en) | Method for monitoring digital certificates |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20070711 Termination date: 20100525 |