Electrical computers and digital processing systems: support – Computer program modification detection by cryptography
Reexamination Certificate
1997-12-23
2001-06-26
Trammell, James P (Department: 2162)
Electrical computers and digital processing systems: support
Computer program modification detection by cryptography
C713S188000
Reexamination Certificate
active
06253324
ABSTRACT:
TECHNICAL FIELD
This invention relates to client/server computer applications and to methods of preventing unauthorized clients or clients that have been tampered with from utilizing services of security-sensitive computer programs.
BACKGROUND OF THE INVENTION
Increasingly, personal computers are being used to store sensitive information and to perform sensitive transactions such as financial transactions. This has increased the need for securing such computers against unauthorized use and access. However, it is also becoming much more common for personal computers to be connected to public networks such as the Internet. This latter trend has increased the potential for unauthorized access to personal computer data and executable components.
One common way to interfere with operations of a computer is to infect it with a so-called “virus.” A computer virus is an executable component that either masquerades as some legitimate and desirable program or that attaches itself to a legitimate program. Although many viruses are simply destructive, carefully designed viruses can potentially be used to actively perform unauthorized fraudulent operations on a personal computer. With the common connection of computers to the Internet, it is quite possible for a virus to read sensitive data from a personal computer and transmit it to some third party over the Internet. It is also possible for a virus to perform financial transactions on behalf of a user. For example, a virus or other maliciously-designed program component might obtain a credit card number from the user's computer, and then call executable components within the user's computer to order merchandise with the stolen credit card number.
U.S. patent application Ser. No. 08/884,864, noted above, describes an architecture for storing and protecting a user's data secrets such a passwords, PINs (personal identification numbers), credit card numbers, etc. The architecture includes a server program that provides services to requesting client programs. These services include securely storing data secrets for requesting clients. A particular client can submit data to be safeguarded, and can subsequently request that same data. The data can also be returned to other clients, based on criteria specified by the user or by the client that originally submitted the data. For instance, a client might specify that data is to be returned to any client having a valid cryptographic certificate signed by a particular authority.
Using an architecture such as this, there is a danger that a given program might submit data for safekeeping, and that an imposter program might then request that information. Various measures are available to thwart such an attack. One method of protection is to require user authentication (such as password entry or insertion of a hardware token) before surrendering any sensitive data to a requesting program. However, this tactic alone does not protect against some types of attacks. For instance, a hostile program might be designed to appear and act just like a legitimate program, while performing its hostile actions behind the scenes. Thus, the user might be fooled into providing authentication in response to requests by a hostile program.
Another method of protection is to install an anti-virus program or some other means of verifying the integrity of on-disk program images. This method either detects known viruses or verifies that program files have not been tampered with since their original installation on a user's hard disk. A program for performing this task runs either continuously or periodically to examine image files on a user's computer. In addition, a verification can be performed before loading any program into executable memory. When using methods such as these, a user can usually assume that all programs on the computer's hard disk are legitimate, authorized, non-virus applications.
Still, there is a possibility that a hostile program module might attach itself to a legitimate program after the legitimate program is loaded from disk into executable memory. Specifically, an attacking program might modify the memory image of a legitimate application program in order to alter its execution, and to thereby gain access to sensitive information or to perform unauthorized actions on behalf of the user.
The inventors have developed a way to detect and subsequently prevent such an attack.
SUMMARY OF THE INVENTION
The invention includes a client program that requests services from a server program. Before performing services for a particular client program, the server program insists that the client program identify itself. The server program then analyzes both the image file of the client program on secondary storage and the executable image of the client program in executable memory. The server program first verifies the integrity of the image file, and then compares non-writeable sections of the executable image with the verified image file. The comparison preferably comprises performing a hash on portions of both the image files and the executable image, and then comparing the resulting hash values. The server program provides the requested services to the client program only if both the image file and the executable image can be verified.
REFERENCES:
patent: 4919545 (1990-04-01), Yu
patent: 5050212 (1991-09-01), Dyson
patent: 5202923 (1993-04-01), Kuriyama
patent: 5214700 (1993-05-01), Pinkas et al.
patent: 5220603 (1993-06-01), Parker
patent: 5224160 (1993-06-01), Paulini et al.
patent: 5235642 (1993-08-01), Wobber et al.
patent: 5276444 (1994-01-01), McNair
patent: 5530757 (1996-06-01), Krawczyk
patent: 5560008 (1996-09-01), Johnson et al.
patent: 5625693 (1997-04-01), Rohatgi et al.
patent: 5757915 (1998-05-01), Aucsmith et al.
patent: 5818936 (1998-10-01), Mashayekhi
patent: 5835727 (1998-11-01), Wong et al.
patent: 5881151 (1999-03-01), Yamamoto
patent: 5881152 (1999-03-01), Moos
patent: 5935249 (1999-08-01), Stern et al.
patent: 5970145 (1999-10-01), McManis
patent: 5978484 (1999-11-01), Apperson et al.
patent: 6049877 (2000-04-01), White
patent: 0 442 839 A3 (1991-01-01), None
patent: 0 456 386 A2 (1991-04-01), None
patent: 0 717 339 A2 (1995-11-01), None
patent: 0 820 017 A2 (1997-03-01), None
Cooper Allan
Field Scott
Thomlinson Matthew W.
Lee & Hayes PLLC
Microsoft Corporation
Myhre James W.
Trammell James P
LandOfFree
Server verification of requesting clients does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Server verification of requesting clients, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Server verification of requesting clients will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2438419