1. Field of the Invention
The present invention generally relates to data security and content protection. More specifically, the present invention relates to a system, method and storage medium embodying computer-readable code for verifying the integrity of a system with multiple components.
2. Discussion of the Related Art
Network computer systems and public networks, such as the Internet, hold tremendous potential for many industries. The network computer systems and public networks provide users with vast amount of data that can be quickly and cost effectively accessed from virtually anywhere. The Internet, for example, allows users to access databases such as web page servers from any computer connected to the Internet. Along with the emergence of public networks and network computer systems comes an imperative need to not only preserve the confidentiality of some of the sensitive information traveling on the network and between computer system, but to also prevent unwanted taking by unauthorized users of the computer systems. If such measure is not taken, sensitive, private, licensed, or copyrighted information may be accessed, modified, or intercepted by an unauthorized party. The problem is especially alarming in electronic media distribution and digital rights management, where the distributors wish to control distribution and distribute the content only to authorized users. Therefore, network computer systems, and the software systems therein, must be able to confirm the identity of their users or visitors before granting access to private information and to make sure that the security of the software systems is not compromised. A user or visitor as referred to herein is a person or a program that interacts with the program modules.
In order to combat these attacks, users need methods of authenticating the origin of the software system and validating the integrity of the software system. Many existing methods today address one aspect of the problem, but not the other, especially in light of the continuing improvement in computer technology. In the past, most of the software systems contain a few components that need to be signed and verified. With the advent of technology, software systems now contain many components, most of which relate to each other and which need to be signed and verified. For example, a large system contains multiple object components—plug-ins, codes, agents, modules, etc.—that are related to each other. These multiple object components are utilized in different combinations to carry out different functions for the system.
In order to keep the integrity of the software system intact and prevent unwanted interception or modification, the integrity of these multiple object components needs to be established before they are allowed to act in the system. A conventional method for providing signature and verification of closely related components is to use multiple binary description files for each component. Before the action of each object component is to be performed, information needed for verification and other operation is extracted from its corresponding binary description file. Therefore, when a verification agent needs to verify different object components that are part of a group that is to carry out a certain function for the system, the verification agent has to parse a multitude of binary description file. More importantly, the verification agent has to keep track of all the binary description files, wasting resources and making the job complex and time consuming. Using a different binary description file for each component makes complex a binary description file distribution system. Managing many binary description files, one for each components, adds complexity and overhead to normal software operation. Therefore, there is a need for a new system and method of verifying the integrity of a system with multiple components, reducing the expense of signature verification.