1. Field of the Invention
The present invention relates to systems and methods for signing data for use on devices, and in particular to a system and method for providing generic entity and user access management of code signing services.
2. Description of the Related Art
It is beneficial in some circumstances to provide data to devices which have already been distributed to end users (e.g. fielded devices). Such data may be needed to update the device(s) to newer configurations or to perform additional functions, to ameliorate software “bugs” or other issues, or to simply replace data already resident in the device that may have been compromised. Such data may include software instructions (e.g. code) update fielded devices by providing data such as software code to those devices remotely.
One of the problems with the remote downloading of such data to fielded devices is that the data may be from an unauthorized source. An entity providing the data to the fielded devices may pose as a legitimate source of the data, yet provide data that is designed to compromise the security or functionality of the device. For example, the user of the device may be mislead into believing that their device needs a software update in order to function properly, and may be provided a bogus uniform resource location (URL) from which to download the software update. If the user downloads and installs the software update from the bogus URL, the code that is actually downloaded may include a virus or other malware that negatively affects the operation of the device, perhaps compromising all of the data (including the user's private information) that was stored by the device before the infected.
To prevent the foregoing problems, code signing techniques can be used to digitally sign data such as executables and scripts. Such signatures confirm the identity of the author of the data and guarantee that the data has not been altered or otherwise corrupted since it was signed. Most code signing paradigms provide a digital signature mechanism to verify the identity of the author of the data or build system, and a checksum to verify that the data object has not been modified. Such code signing paradigms typically use authentication mechanisms such as public key infrastructure (PKI) technologies, which rely on data publishers securing their private keys against unauthorized access. The public key used to authenticate the data signature should be traceable back to a trusted root certificate authority (CA). If the data signature is traced to a CA that the device user trusts, the user is presumed to be able to trust the legitimacy and authorship of the data that is signed with a key generated by that CA.
Systems for code signing are known in the art. However, such systems do not provide a framework that allows different organizations or companies to structure their data signing permission needs as they see fit or to safely permit data signing by other independent organizations. For example, assume Company A produces a set top box that can use a chip that can execute software from Company 1 or Company 2. Company A may desire to establish a data signing framework that allows Company 1 to sign data that it installs into their set top boxes, without providing Company 2 with access to that data signing framework. Similarly, Company A may desire to establish a data signing framework that allows Company 2 to establish a data signing framework that excludes (or includes) Company 1. What is needed is a system and method that provides management of code signing services by generic entities. The present invention satisfies that need.