Electrical computers and digital processing systems: support – Computer program modification detection by cryptography
Reexamination Certificate
1999-07-22
2004-10-05
Hua, Ly V. (Department: 2135)
Electrical computers and digital processing systems: support
Computer program modification detection by cryptography
C713S164000, C713S167000, C713S152000, C713S152000
Reexamination Certificate
active
06802006
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to computer systems. More particularly, the present invention relates to a system and method of verifying the authenticity of dynamically connectable executable images.
2. Description of the Related Technology
New object models now provide for the dynamic integration of software applications at run time. For example, Windows, an operating system licensed by Microsoft Inc., allows for the dynamic integration of a software application with a dynamic link library during the execution of the software application. Upon a user request for the execution of the software application, a program loader copies a “disk image” of the application from disk storage to main memory to create a “process image.” The disk image refers to the executable image before it is loaded, whereas the process image refers to the executable image after it is loaded in memory. Both the disk image and the process image typically include a fix-up section that identifies which portions of the software need to be fixed-up to reference the dynamic link library at run time.
Significantly, after loading, the process image is different then the disk image. As such, a checksum that had been prepared with respect to the disk image would no longer match the checksum of the process image, even if the process image had not been improperly tampered with.
Therefore, there is a need for a system that can verify the identity of a software application in a dynamic loading environment. In particular, the system should be able to determine whether a software application that has been dynamically connected to another data object has been tampered with subsequent to the execution of the software application.
SUMMARY OF THE INVENTION
One embodiment of the invention includes a system for determining the authenticity of an executable image, the system comprising an executable image having one or more pointers, and a validator capable of generating at a first point in time a reference digital signature based upon a selected content of the executable image excluding each of the pointers, wherein the validator generates an authenticity digital signature at a second point in time based upon the selected content of the executable image excluding each of the pointers, and wherein the validator determines whether the reference digital signature matches the authenticity digital signature.
Another embodiment of the invention includes a system for determining the authenticity of an executable image, the system comprising an executable image having one or more pointers and wherein the executable image includes information specifying whether each of the pointers reference locations that are within the executable image, and a validator capable of determining whether each of pointers references a respective location that is within the executable image.
Yet another embodiment of the invention includes a system for determining the authenticity of an executable image, the system comprising a first executable image, a second executable image that includes a pointer that references a location within the first executable image, and a validator capable of determining whether the pointer references a location within the first executable image.
Yet another embodiment of the invention includes a system capable of determining the authenticity of an executable image, the system comprising: a first executable image, a second executable image, comprising an import table including the identifier of the first executable image and one or more external pointers, each of the external pointers referencing a location within the first executable image, and a code section containing machine code and one or more import pointers, each of the import pointers referencing a location within the import table, and a validator capable of generating at a first point in time a reference digital signature based upon a selected content of the executable image, the selected contents excluding each of the import pointers and the external pointers, wherein the validator generates an authenticity digital signature at a second point in time based upon the selected content of the executable image excluding each of the one or more pointers, wherein the validator determines whether the reference digital signature matches the authenticity digital signature, wherein the validator determines whether each of the import pointers reference a location within the first executable image, and wherein the validator determines whether the import pointer references a location within the first executable image.
REFERENCES:
patent: 4919545 (1990-04-01), Yu
patent: 5023907 (1991-06-01), Johnson et al.
patent: 5103476 (1992-04-01), Waite et al.
patent: 5222134 (1993-06-01), Waite et al.
patent: 5235642 (1993-08-01), Wobber et al.
patent: 5319705 (1994-06-01), Halter et al.
patent: 5321841 (1994-06-01), East et al.
patent: 5375240 (1994-12-01), Grundy
patent: 5400403 (1995-03-01), Fahn et al.
patent: 5559884 (1996-09-01), Davidson et al.
patent: 5572590 (1996-11-01), Chess
patent: 5692047 (1997-11-01), McManis
patent: 5757914 (1998-05-01), McManis
patent: 5940513 (1999-08-01), Aucsmith et al.
patent: 5970145 (1999-10-01), McManis
patent: 6026293 (2000-02-01), Osborn
patent: 6070239 (2000-05-01), McManis
patent: 6189146 (2001-02-01), Misra et al.
patent: 6209099 (2001-03-01), Saunders
patent: 6253324 (2001-06-01), Field et al.
patent: 6307955 (2001-10-01), Zank et al.
patent: 6510516 (2003-01-01), Benson et al.
patent: 6546487 (2003-04-01), McManis
patent: 2001/0034818 (2001-10-01), May et al.
patent: 0 367 700 (1989-12-01), None
patent: 0 567 800 (1993-02-01), None
patent: 0 653 695 (1994-02-01), None
patent: 0 689 120 (1995-06-01), None
patent: 0778520 (1997-06-01), None
patent: WO00/14631 (2000-03-01), None
Hua Ly V.
MacPherson Kwok Chen & Heid
Macrovision Corporation
Park David S.
LandOfFree
System and method of verifying the authenticity of... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method of verifying the authenticity of..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method of verifying the authenticity of... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3285342