1. Technical Field
The present invention is directed to an apparatus and method for ensuring data integrity of unauthenticated code. In particular, the present invention is directed to an apparatus and method for authenticating unauthenticated code based on hash value information obtained in automatically authenticated code.
2. Description of Related Art
The use of platform independent code, such as JAVA, has increased with increase usage of the Internet. “JAVA” is a trademark of Sun Microsystems, Inc. This is because the Internet provides information, services, and computer programs to millions of client devices which may be configured in any number of different ways. Because it is rather impractical to require all client devices to adhere to a particular configuration, platform independent code provides a solution for allowing computer programs to execute properly on virtually all client devices, independent of the particular configuration of the client device.
JAVA is a programming language from Sun that is designed for Internet (World Wide Web) and intranet applications. JAVA programs can be called from within HTML documents or launched stand alone. JAVA is an interpreted language that uses an intermediate language. The source code of a JAVA program is compiled into “byte code,” which cannot be run by itself. The byte code must be converted into machine code at runtime.
Upon finding a JAVA applet, the Web browser on the client device switches to its JAVA interpreter, i.e. the JAVA Virtual Machine (JVM), which translates the byte code into machine code and runs it. This means JAVA programs are not dependent on any specific hardware and will run in any computer with the JAVA Virtual Machine.
While the JAVA code is platform independent, often JAVA applets will need native code, such as dynamically linked library files (.dll files), in order for the JAVA code to be executed correctly on a particular client device. These native code files are typically downloaded when the executed JAVA code indicates that a native code file is required.
JAVA applets and applications are routinely downloaded from servers to client devices over the Internet. During transmission of these JAVA applets and applications, it is possible that random corruption may occur such that the JAVA code that is received at the client device is not the same as the JAVA code sent by the server. More troublesome is the possibility of interception by a third party who may purposefully corrupt the JAVA code, e.g., by inserting a virus or the like.
Presently, known JAVA Application Program Interfaces (API) allow for some ability to check data integrity of JAVA code through the generation of digital signatures, e.g. through a one-way hash function or the like. However, currently, there is no API which allows for authentication of native code that is needed by the JAVA code. In other words, while the JAVA code may be authenticated as having not been corrupted during transmission from a server to the client device, the native code cannot be authenticated in this way.
One solution to this problem is to build a signature and certificate mechanism into the code that downloads the native code. While this solution is possible, it requires a large amount of overhead. Another solution is to not check the data integrity of the native code. This solution is not acceptable because it provides an avenue through which the security of the client devices may be compromised.
Thus, it would be beneficial to have an apparatus and method by which the data integrity of both the automatically authenticated code, e.g., the platform independent code, and the unauthenticated code, e.g., the native code, can be authenticated.