US 11,809,572 B2
Trust validation for software artifacts
Florian Fritz, Filderstadt (DE); Timo Kussmaul, Boeblingen (DE); Dennis Zeisberg, Bielefeld (DE); Angel Nunez Mencias, Stuttgart (DE); Dimitrij Pankratz, Boeblingen (DE); Stefan Liesche, Böblingen (DE); and Sebastian Hense, Boeblingen (DE)
Assigned to International Business Machines Corporation, Armonk, NY (US)
Filed by International Business Machines Corporation, Armonk, NY (US)
Filed on Sep. 13, 2021, as Appl. No. 17/472,972.
Prior Publication US 2023/0079773 A1, Mar. 16, 2023
Int. Cl. G06F 21/00 (2013.01); G06F 21/57 (2013.01); G06F 21/64 (2013.01)
CPC G06F 21/577 (2013.01) [G06F 21/64 (2013.01); G06F 2221/033 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method for building trusted executable software using trusted building units, wherein a path between said building units is untrusted, the method comprises:
generating, by each of the trusted building units, an identifier for identifying an output of a respective trusted building unit, wherein the respective trusted building unit also generates a signed confirmative certificate comprising said identifier;
utilizing, by each of said distributed trusted building units, output results of at least one of a predecessor build unit of said trusted building unit as input;
validating that each of said signed confirmative certificates conforms to a predefined set of policy rules; and
upon a failed validating of said signed confirmative certificate of one of said trusted building units, terminating said building of said trusted executable software.