Data processing: software development – installation – and managem – Software program development tool – Translation of code
Reexamination Certificate
1998-07-02
2001-06-26
Powell, Mark R. (Department: 2122)
Data processing: software development, installation, and managem
Software program development tool
Translation of code
C717S152000
Reexamination Certificate
active
06253374
ABSTRACT:
FIELD OF THE INVENTION
This invention relates in general to validating a program, and more particularly to validating a signed program prior to execution time and an unsigned program at execution time.
BACKGROUND OF THE INVENTION
As more and more people rely upon computers to perform a variety of tasks, the importance of system reliability or system robustness increases. Ideally, a computer should operate without error. However, in reality, errors occur during operation. Therefore, the key to increasing system robustness is decreasing the number of errors.
One factor that can negatively impact system robustness is the execution of an invalid program. If an invalid program is executed, then an error can occur. The severity of the error is unpredictable. A benign error might cause an error message to be presented to the user. However, a more serious error might require that the user restart the computer. Therefore, to increase system robustness, the execution of an invalid program should be prevented.
A computer user can obtain files containing executable programs from a number of different sources, including downloading files from a network, such as the Internet. A program obtained from a familiar source, such as an established computer software company, is more likely to have undergone extensive testing and debugging to ensure that the program is valid, than a program obtained from an unfamiliar source, such as an unknown author of an Internet page.
One possible solution to the problem of executing an invalid program would be to only execute programs that have been validated. If a program is signed, then the program could be validated during the signing process. A set of inputs to the program could be tested as a prerequisite to signing the program. If the program can execute without error for the tested set of inputs, then a digital signature would be associated with the program to indicate that the program is valid for the tested set of inputs. To prevent the execution of an invalid program, only signed programs would be executed. A drawback to this solution is that there are many valid programs that are not signed. These programs are commonly referred to as legacy programs. If only signed programs are allowed to be executed, then legacy programs cannot be executed, even though many of the legacy programs are valid. Thus, there is a need in the art for a method for preventing the execution of an invalid program that allows the execution of both signed and unsigned programs.
Another possible solution to the problem of executing an invalid program would be to check the input parameters to the instructions of the program before executing the instructions. A program is invalid if the parameters used by any of the instructions of the program during execution are invalid. Therefore, the input parameters used by an instruction could be checked before the instruction is executed to prevent the execution of an invalid program. A disadvantage of this solution is that it is slow. Typically, the performance of a program is critical at the time the program is executed. If the input parameters to each instruction are checked before each instruction is executed, then the parameter checking degrades the performance of the program. Thus, there is also a need in the art for a method for preventing the execution of an invalid program without the delay associated with parameter checking.
SUMMARY OF THE INVENTION
The present invention meets the needs described above by providing a method for validating both signed and unsigned programs. A program is validated by checking the input parameters to the instructions of the program to prevent errors associated with executing an instruction using an invalid input parameter. A signed program is validated during the signing process, whereas an unsigned program is validated when it is executed. By validating a program when the program is signed, the execution performance of the signed program is not adversely affected.
To validate a program during the signing process, the input parameters to the instructions of the program are checked to detect invalid parameters that could cause a system error. The input parameters are checked for a predetermined range of inputs to the program. As used herein, the term “input parameter” refers to a parameter used by an instruction of the program and the term “input to the program” refers to a parameter used by the program as a whole. An input to the program determines the input parameters to the instructions of the program. In addition to checking the input parameters, the structure of the file that contains the program can also be checked to determine whether the file satisfies any structural requirements. If no errors are detected in the input parameters and the file is structurally correct, then the file is signed. The file is signed by associating a digital signature with the file. If an error is detected in the input parameters or the file is structurally flawed, then the program is not signed.
In one embodiment of the invention, the program is written using an interpreted computer language, such as the “TrueType” computer language, the “JAVA” computer language, or the “PostScript” computer language. If the program is written using the TrueType computer language, then the instructions of the program are commonly referred to as hints. Hints are written in a font language, such as TrueType, and specify how a glyph outline is to be rendered. When a glyph is rasterized, the hints of the glyph are executed. To validate a font file including hints, the rasterizer rasterizes all of the glyphs of the font within a predetermined size range to determine whether the input parameters to the hints are valid. The size range is determined so that the most common glyph sizes are within the range. In the case of a TrueType font file, the size range is the input to the program and determines the input parameters to the hints.
A determination is also made as to whether the structure of the font file satisfies the structural requirements specified by the TrueType specification. If the input parameters to the hints are valid and the structure of the font file is valid, then the font file is signed. Otherwise an error occurs and the font file is not signed. Preferably, if an error occurs, an error message is generated that identifies the failing glyph.
To prevent the execution of an invalid program, the program is checked prior to execution to determine whether the program has been validated for a given program input. If the program was validated when the program was signed, then the program can be executed without repeating the validation. However, if the program was not previously validated, then the program is validated at the time of execution to prevent the execution of an invalid program.
In response to a request to load the program, the program is checked to determine whether a valid digital signature is associated with the program. If a valid digital signature is associated with the program, then a flag is set indicating that the program is valid and the program is loaded. If the program is not associated with a valid digital signature, then for each instruction of the program, the input parameters to the instruction are checked prior to executing the instruction.
After the program is loaded and a request to execute the program using a selected input to the program is detected, then the flag is checked to determine whether the program is valid. If the flag is set, then the selected input is compared to the predetermined range of inputs to the program. The predetermined range of inputs is the same range of inputs as used to validate the program at signing time. If the selected input is within the predetermined range of inputs to the program, then the program is executed using the selected input without further validation. If the flag is not set or the selected input is not within the predetermined range of inputs, then input parameter checking is performed for each instruction of the program prior to executing the instruction.
Th
Chinn Donald D.
Dresevic Bodin
Hitchcock Gregory C.
Kilpatrick & Stockton LLP
Microsoft Corporation
Nguyen-Ba Hoang-Vu Antony
Powell Mark R.
Pratt, Esq. John S.
LandOfFree
Method for validating a signed program prior to execution... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for validating a signed program prior to execution..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for validating a signed program prior to execution... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2489906