Computer network protection using cryptographic sealing software agents

Abstract

A method and apparatus for protecting software objects from external modification is described. A cryptographic seal protects the object at the object level and also supports secure inter-object communication. A software object (101) is packaged in a crypto seal (103), which provides a cryptographic code hasher (105) for performing a cryptographic form of hashing on the code of object (101), a crypto seal communications authenticator (107) which authenticates communications received by object (101), a crypto seal encryptor (108) which encrypts communications sent by the object (101), a challenge manager (106) which causes the cryptographic code hasher (105) to perform its hashing function on the code of object (101) periodically and on demand when a challenge message is received, and a communications interface (109) which controls inter-object communication. A system (100) which employs crypto sealed objects includes a crypto seal coordinator (119). Coordinator (119) coordinates activities of all crypto seals (103) in the network and causes each crypto seal (103) to be periodically challenged to perform a hash function on the code of its packaged object. Coordinator (119) is provided with a coordinator authenticator/encryptor (123) which authenticates communications received from crypto seals (103) and encrypts communications sent by coordinator (119), a registry (121) in which the identification and location of each crypto seal (103) is recorded, and a network activity monitor (125) which monitors for excess processing by crypto seals (103).