	US 12,111,957 B2
	Software provenance validation
Claire Novotny, New York, NY (US); Jared Parsons, Kirkland, WA (US); Jason R. Shaver, Redmond, WA (US); Jobst-Immo Landwerth, Redmond, WA (US); Richard Steele Gibson, Covington, WA (US); and Tomas Matousek, Redmond, WA (US)
Assigned to Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed by Microsoft Technology Licensing, LLC, Redmond, WA (US)
Filed on Jun. 8, 2021, as Appl. No. 17/342,451.
Prior Publication US 2022/0391541 A1, Dec. 8, 2022
Int. Cl. H04L 9/00 (2022.01); G06F 8/41 (2018.01); G06F 8/71 (2018.01); G06F 21/57 (2013.01); G06F 21/64 (2013.01)

CPC G06F 21/64 (2013.01) [G06F 8/41 (2013.01); G06F 8/71 (2013.01); G06F 21/57 (2013.01)]

20 Claims

1. A computing system equipped for software provenance validation, the computing system comprising:

a digital memory; and

a processor in operable communication with the digital memory, the processor configured to perform software provenance validation steps which include (a) acquiring a provenance manifest and getting a candidate binary, (b) obtaining at least one candidate item, (c) attempting to build a validation binary based on the provenance manifest and the at least one candidate item, (d) when the attempting yields a success in building the validation binary, comparing the validation binary to the candidate binary, and producing a provenance attestation according to a result of comparing the binaries, (e) when the attempting yields a failure to build the validation binary, producing the provenance attestation according the failure, wherein the attempting yields the failure at least partially in response to finding an indication of at least one of the following: use of a non-deterministic compiler, use of a local storage to store a program part, storage of a program part outside of any publicly accessible location, or storage of a program part outside of any internet-accessible repository.