摘要 |
In the invention executables are assigned either a vendor identity (VID) at build time or a null VID of zero, with the VID included as part of the metadata in the executable file format. All allocated VIDs are distributed to all signing authorities to ensure the correct VIDs are contained within application packages at signing time. An installer for a computing device determines firstly whether or not a software package for installation has been signed. If the package is signed it is installed on the device. However, if the package is unsigned, the installer will only install the package on the device if it contains a null VID. The installer is the sole method of installing software on the device. The invention allows the computing device to have as much confidence in an application's VID as it has in the digital certificate with which the application was signed when installed.
|