摘要 |
A signed application descriptor file (206) is used instead of X.509 certificates to authenticate a portable application code, such as a JAVA archive (JAR) file. The signed ADF includes an application descriptor file (302), file hash (304) of the JAR file (301), a developer descriptor file (308), signed time stamp (310), and a developer's certificate (312). A network client device (202) includes limited computing resources (212) and a virtual machine environment for executing the portable code (208). Furthermore the client device contains a set of cryptographic, digital keys for authenticating parts of the signed ADF, which are further used to authenticate the JAR file.
|