US Patent:
20030037239, Feb 20, 2003
Inventors:
Lok Leung - Austin TX, US
Anthony Nadalin - Austin TX, US
Bruce Rich - Round Rock TX, US
Thoedore Shrader - Austin TX, US
Assignee:
INTERNATIONAL BUSINESS MACHINES CORPORATION - ARMONK NY
International Classification:
H04L009/00
Abstract:
Various aspects of the invention may be found in software that performs mutual authentication between a plurality of interconnected software module. The modules contain security tools that allow for the verifying, authenticating, and/or authorizing of a caller module and an invoked module. Before a caller module invokes another module, the caller performs functions that verify, authenticate, and/or authorize the invoked module. Upon success, the module is invoked. However, upon failure, the module is not invoked. In one case, the calling class uses embedded certificates or keys relating to the invoked class. Upon a possibility of invoking the class, the calling module obtains a digitally signed codebase of the invoked class, and verifies, authenticates, and/or authorizes the code based upon the signature and/or the characteristics of the certificate. Conversely, the invoked class performs similar functionality upon being invoked. When the calling class invokes the second class through a constructor, the steps that verify, authenticate, and/or authorize the calling class are implemented in the constructor. These steps are aided by digital signatures of the calling class codebase, and certificates and/or keys relating to the calling class that are embedded in the invoked class. If these steps fail, the constructor fails and the invoked class is not implemented. If the steps succeed, the calling class and the invoked class may interact normally.