Electrical computers and digital processing systems: support – Computer program modification detection by cryptography
Reexamination Certificate
2004-03-05
2010-11-09
Vu, Kimyen (Department: 2435)
Electrical computers and digital processing systems: support
Computer program modification detection by cryptography
C717S168000, C717S172000, C726S022000
Reexamination Certificate
active
07831838
ABSTRACT:
Dynamic run-time verification of a module which is loaded in memory (in whole or in part) for execution is enabled by storing hashes of smaller portions of the module (e.g. page-level hashes) as they should look when loaded into memory for execution. After an initial authentication is completed, hashes of smaller portions of the module are stored. These hashes consist of the portion of memory as modified by changes which would be made by the operating system loader operating normally. Thus, the hashes can be used to verify that the portion as loaded into memory for execution is 1) a correct copy of the portion of the software module, 2) correctly modified for execution by the processor, and 3) not tampered with since loading. Additionally, during execution of the module, new portions/pages of the module which are loaded can be verified to ensure that they have not been changed, and a list of hot pages of the module can be made, including pages to be continually re-verified, in order to ensure that no changes have been made in the module.
REFERENCES:
patent: 5339430 (1994-08-01), Lundin et al.
patent: 5530757 (1996-06-01), Krawczyk
patent: 5625693 (1997-04-01), Rohatgi et al.
patent: 5757914 (1998-05-01), McManis
patent: 5768382 (1998-06-01), Schneier et al.
patent: 5907619 (1999-05-01), Davis
patent: 5944821 (1999-08-01), Angelo
patent: 5970143 (1999-10-01), Schneier et al.
patent: 6105137 (2000-08-01), Graunke et al.
patent: 6484315 (2002-11-01), Ziese
patent: 6546487 (2003-04-01), McManis
patent: 6560776 (2003-05-01), Breggin et al.
patent: 6681329 (2004-01-01), Fetkovich et al.
patent: 6715116 (2004-03-01), Lester et al.
patent: 6854645 (2005-02-01), Somers et al.
patent: 6961852 (2005-11-01), Craft
patent: 7103779 (2006-09-01), Kiehtreiber et al.
patent: 7197545 (2007-03-01), Davie
patent: 7325126 (2008-01-01), Ivanov et al.
patent: 7356815 (2008-04-01), Sarfati et al.
patent: 7412480 (2008-08-01), Baentsch et al.
patent: 7644287 (2010-01-01), Oerting et al.
patent: 2002/0194484 (2002-12-01), Bolosky et al.
patent: 2003/0172370 (2003-09-01), Satuloori et al.
patent: 2004/0243807 (2004-12-01), Hughes et al.
patent: 2005/0010767 (2005-01-01), Craft
patent: 2005/0188214 (2005-08-01), Worley et al.
patent: 2005/0198517 (2005-09-01), Ivanov et al.
Catuogno, L. et al., “A Format-Independent Architecture for Run-Time Integrity Checking of Executable Code”,Dipartimento di Informatica ed Applicazioni, Universita di Salerno, Baronissi (SA) Italy,third Conference on Security in Communication Networks, Sep. 12-13, 2002, 16 pages.
Ko, C. et al., “Detecting and Countering System Intrusions Using Software Wrappers”,Proceedings of the 9thUSENIX Security Symposium, Aug. 14-17, 2000, Denver, Colorado.
Lee, C.H. et al., “A Novel Application of the Phone Card and Its Authentication in Mobile Communications”, Journal of Information Science and Engineering, 1999, 15(4), 471-484.
Ross, M. et al., “ClearTrust takes the Upper Hand in Web-Based Authentication”, Network Computing, 2000, 11(11), 58.
Impson, J., “Modular Authentication for Linux”, Network Computing, 13(5), Mar. 4, 2002, 92-97.
Brender Scott A.
Marr Michael David
Microsoft Corporation
Shan April Y
Vu Kimyen
Woodcock & Washburn LLP
LandOfFree
Portion-level in-memory module authentication does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Portion-level in-memory module authentication, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Portion-level in-memory module authentication will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-4176648