Electrical computers and digital processing systems: support – Computer program modification detection by cryptography
Reexamination Certificate
1999-02-01
2003-05-20
Smithers, Matthew (Department: 2134)
Electrical computers and digital processing systems: support
Computer program modification detection by cryptography
C713S176000, C380S030000, C380S279000
Reexamination Certificate
active
06567917
ABSTRACT:
TECHNICAL FIELD OF THE INVENTION
This invention relates generally to the field of computer security, and more particularly to a method and system for providing tamper-resistant executable software.
BACKGROUND OF THE INVENTION
Computer networks have become an increasingly important means for communicating public and private information between and within distributed locations. The Internet is one example of a public network commonly used for communicating public and private information. Internet web servers provide access to public information, such as news, business information and government information, which the Internet makes readily available around the world. The Internet is also becoming a popular forum for business transactions, including securities transactions and sales of goods and services. A large number of people have come to depend upon reliable Internet access and secure communications on a day-by-day and even second-by-second basis. Like the Internet, private networks also have become common means for communicating important information. Private networks, such as company intranets, local area networks (LANs), and wide area networks (WANs) generally limit access on a user-by-user basis and communicate data over dedicated lines or by controlling access through passwords, encryption or other security measures.
One danger to reliable and secure network communications is posed by hackers or other unauthorized users disrupting or interfering with network resources. The danger posed by unauthorized access to computer network resources can vary from simple embarrassment to substantial financial losses. For example, serious financial disruptions occur when hackers obtain financial account information or credit card information and use that information to misappropriate funds.
Typically, network administrators use various levels of security measures to protect the network against unauthorized use. Hackers, on the other hand, attempt to find and attack vulnerabilities of the security measures and network devices in order to obtain unauthorized entry to the computer network. Although sophisticated security measures can provide significant barriers to hackers, virtually any security measure can be breached through a vulnerability with enough effort.
SUMMARY OF THE INVENTION
The present invention provides tamper-resistant executable software that substantially eliminates or reduces disadvantages and problems associated with prior systems and methods. In particular, the software self-determines whether it has been tampered with and will refuse to execute if tampering is detected.
In accordance with one embodiment of the present invention, tamper-resistant software is provided by determining an initial value of a specified property for an executable file. The executable file is then encrypted based on the initial value of the specified property. The initial value of the specified property is associated with the encrypted executable file and later used to decrypt the encrypted executable file. An execution-time value of the specified property is determined for the decrypted executable file. The execution-time value of the specified property is compared to the initial value of the specified property to determine whether tampering has occurred. The decrypted executable file is executed in response to the execution-time value of the specified property matching the initial value of the specified property.
More particularly, in accordance with a particular embodiment of the present invention, an encrypted value of the specified property is determined for the encrypted executable file and inserted into the encrypted executable file along with the initial value of the specified property. During storage, the encrypted value may be periodically extracted and compared to a current value of the specified property for the encrypted executable file to determine if tampering has occurred. If tampering is detected during storage, prior to execution or during execution of the executable file, an alarm is generated to alert the operator to the tampering. In addition, the executable file may refuse to execute or terminate execution in response to detecting tampering. In this and other embodiments, the specified property may be a hash or check sum of file length.
Technical advantages of the present invention include providing tamper-resistant executable software. In particular, software, the only arbiter available at execution-time, self-determines whether or not unauthorized tampering has occurred. In addition, the software may self-determine whether unauthorized tampering has occurred during storage or execution of the software. As a result, applications into which viruses or other harmful code has been inserted will not execute.
Additional technical advantages of the present invention include providing a method and system by which a software provider may determine whether a customer has modified software in violation of a license agreement or such that the provider is not responsible for resulting problems or maintenance of the software. In particular, such modification with supplied software may cause the software to not execute or to generate an alarm. As a result, a software provider may be assured that customers are not modifying supplied software without authorization.
Other technical advantages will be readily apparent to one skilled in the art from the following figures, description, and claims.
REFERENCES:
patent: 5005200 (1991-04-01), Fischer
patent: 5032979 (1991-07-01), Hecht et al.
patent: 5101402 (1992-03-01), Chiu et al.
patent: 5278901 (1994-01-01), Shieh et al.
patent: 5337360 (1994-08-01), Fischer
patent: 5414833 (1995-05-01), Hershey et al.
patent: 5448724 (1995-09-01), Hayashi
patent: 5488715 (1996-01-01), Wainwright
patent: 5524238 (1996-06-01), Miller et al.
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5606668 (1997-02-01), Shwed
patent: 5621889 (1997-04-01), Lermuzeaux et al.
patent: 5699513 (1997-12-01), Feigen et al.
patent: 5757915 (1998-05-01), Aucsmith et al.
patent: 5793763 (1998-08-01), Mayes et al.
patent: 5796942 (1998-08-01), Esbensen
patent: 5798706 (1998-08-01), Kraemer et al.
patent: 5805801 (1998-09-01), Holloway et al.
patent: 5826014 (1998-10-01), Coley et al.
patent: 5919257 (1999-07-01), Trostle
patent: 5931946 (1999-08-01), Terada et al.
patent: 5940513 (1999-08-01), Aucsmith et al.
patent: 5991399 (1999-11-01), Graunke et al.
patent: 5991881 (1999-11-01), Conklin et al.
“Preliminary Report on Advanced Security Audit Trail Analysis on UNIX,” N. Habra et al., pp. 1-34 (found at http://www.cs.purdue.edu/coast/archive/data/categ24.html), Sep. 1994.
“IDIOT-Users Guide,” M. Crosbie, et al., pp. 1-63, (found at http://www.cs.purdue.edu/coast/archive/data/categ24.html), Sep. 1996.
“An Introduction to Intrusion Detection,” A. Sundaram, pp. 1-10, (found at http://www.cs.purdue.edu/coast/archive/data/categ24.html).
“Use of A Taxonomy of Security Faults,” T. Aslam, et al., pp. 1-10, (found at http://www.cs.purdue.edu/coast/archive/data/categ24.html), Sep. 1996.
“Artificial Intelligence and Intrusion Detection: Current and Future Directions,” Jeremy Frank, pp. 1-12, (found at http://www.cs.purdue.edu/coast/archive/data/categ24.html), Jun. 1994.
“ASAX Conceptual Overview,” ASAX Brochure, A. Mounji, (found at http://www.cs.purdue.edu/coast/archive/data/categ24.html).
“GrlDS-A Graph Based Intrusion Detection System For Large Networks,” S. Staniford-Chen, et al., 10 pages, (found at http://www.cs.purdue.edu/coast/archive/data/categ24.html).
“A Pattern Matching Model For Misuse Intrusion Detection,” S. Kumar, et al., pp. 1-11, (found at http://www.cs.purdue.edu/coast/archive/data/categ24.html).
“An Application of Pattern Matching in Intrusion Detection”, S. Kumar, et al., pp. 1-55, (found at http://www.cs.purdue.edu/coast/archive/data/categ24.html), Jun. 1994.
“A Software Architecture to Support Misuse Intrusion Detection”, S. Kumar, et al., pp. 1-17, (found at http://www.cs.purdue.edu/coast/archive/data/categ24.html), Mar. 1995.
“Applying Genetic Programming
Baker & Botts L.L.P.
Callahan Paul
Cisco Technology Inc.
Smithers Matthew
LandOfFree
Method and system for providing tamper-resistant executable... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for providing tamper-resistant executable..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for providing tamper-resistant executable... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3030360