	US 7,603,703 B2
	Method and system for controlled distribution of application code and content data within a computer network
David John Craft, Austin, Tex. (US); Pradeep K. Dubey, New Delhi (India); Harm Peter Hofstee, Austin, Tex. (US); and James Allan Kahle, Austin, Tex. (US)
Assigned to International Business Machines Corporation, Armonk, N.Y. (US)
Filed on Apr. 12, 2001, as Appl. No. 9/833,342.
Prior Publication US 2002/0150243 A1, Oct. 17, 2002
Int. Cl. H04K 1/00 (2006.01); H04L 9/00 (2006.01)

U.S. Cl. 726—22 [726/26; 705/50; 705/51]

5 Claims

1. A method for secure communication between a client and a server in a database processing system, the method comprising:

generating a client message at the client;

retrieving an embedded server public key from a read-only memory structure in an article of manufacture in the client, the read-only memory structure having an embedded client private key, the embedded server public key and the embedded client private key not being related by a public/private key pair relationship, the embedded client private key being associated with a client public key generated and stored exclusively outside the client;

encrypting the client message with the embedded server public key;

sending the client message to the server;

receiving a server message including application code from the server at the client in response to the client message, the application code having a first portion encrypted with a server private key and a second portion which is not encrypted by a public key algorithm, wherein the first portion of the application code is small relative to the second portion of the application code;

authenticating the first portion of the application code with the embedded server public key; and

authenticating the second portion of the application code using an integrity checking algorithm that is less computationally expensive than a public key algorithm,

wherein the application code is either program source code or compiled program source code.