公开(公告)号：US20070234430A1

公开(公告)日：2007-10-04

申请号：US11754024

申请日：2007-05-25

申请人： Aaron Goldsmid ,  Nir Ben-Zvi ,  Sekhar Chintalapati ,  Karan Dhillon ,  Nathan Ide ,  David Linsley ,  Ping Xie

发明人： Aaron Goldsmid ,  Nir Ben-Zvi ,  Sekhar Chintalapati ,  Karan Dhillon ,  Nathan Ide ,  David Linsley ,  Ping Xie

IPC分类号： H04L9/00

CPC分类号： G06F21/125 ,  G06F21/121 ,  G06F21/52 ,  G06F2221/2105

摘要： A first process operating on a computer comprises code to be executed in connection therewith, where the code includes at least one triggering device. A digital license corresponds to the first process and sets forth terms and conditions for operating the first process. A second process operating on the computer proxy-executes code corresponding to each triggering device of the first process on behalf of such first process. The second process includes a selection of options to thwart reverse engineering by a debugger if a debugger is detected. The options include execution by a proxy engine of a re-routed call, crashing the first process, detection ad elimination of a debugger related interrupt a call to an arbitrary function.

摘要翻译： 在计算机上操作的第一进程包括要与其一起执行的代码，其中代码包括至少一个触发设备。 数字许可证对应于第一个进程，并列出了操作第一个进程的条款和条件。 在计算机代理上操作的第二进程代表第一进程执行对应于第一进程的每个触发装置的代码。 如果检测到调试器，第二个过程包括一些选项来阻止调试器的逆向工程。 选项包括代理引擎执行重新路由呼叫，崩溃第一个进程，检测广告消除调试器相关中断对任意函数的调用。

公开(公告)号：US08522015B2

公开(公告)日：2013-08-27

申请号：US12163792

申请日：2008-06-27

申请人： Aaron Goldsmid ,  Ping Xie ,  Scott Miller ,  Nir Ben Zvi ,  Nathan Jeffrey Ide ,  Manoj R. Mehta

发明人： Aaron Goldsmid ,  Ping Xie ,  Scott Miller ,  Nir Ben Zvi ,  Nathan Jeffrey Ide ,  Manoj R. Mehta

IPC分类号： H04L9/32 ,  H04L9/28 ,  H04L9/00

CPC分类号： G06F21/53 ,  H04L9/3236 ,  H04L9/3247 ,  H04L2209/603 ,  H04L2209/76

摘要： Presented is an anti-tampering method that validates and protects specific sections of a binary file. In one embodiment, this method permits a proxy engine to execute (via emulation by a virtual machine) the protected code on behalf of the binary in kernel mode upon successful completion of an integrity check. The integrity check can optionally check only the specific parts of code that the developer wishes to validate. The integrity check can cross binary boundaries. Moreover, the integrity check can be done on a hard drive or in memory. Furthermore, since the encrypted code is executed by the proxy engine in kernel mode, hackers are further deterred from modifying the code. Additionally, a method of creating a protected binary file is described herein.

摘要翻译： 提出了一种防篡改方法，用于验证和保护二进制文件的特定部分。 在一个实施例中，该方法允许代理引擎在成功完成完整性检查后，以内核模式代表二进制文件执行（通​​过虚拟机的仿真）保护的代码。 完整性检查可以选择仅检查开发人员希望验证的代码的特定部分。 完整性检查可以跨越二进制边界。 此外，完整性检查可以在硬盘驱动器或内存中进行。 此外，由于加密代码在内核模式下由代理引擎执行，黑客进一步阻止修改代码。 此外，这里描述了创建受保护的二进制文件的方法。

公开(公告)号：US20090327711A1

公开(公告)日：2009-12-31

申请号：US12163792

申请日：2008-06-27

申请人： Aaron Goldsmid ,  Ping Xie ,  Scott Miller ,  Nir Ben Zvi ,  Nathan Jeffrey Ide ,  Manoj R. Mehta

发明人： Aaron Goldsmid ,  Ping Xie ,  Scott Miller ,  Nir Ben Zvi ,  Nathan Jeffrey Ide ,  Manoj R. Mehta

IPC分类号： H04L9/28 ,  H04L9/00

CPC分类号： G06F21/53 ,  H04L9/3236 ,  H04L9/3247 ,  H04L2209/603 ,  H04L2209/76

摘要： Presented is an anti-tampering method that validates and protects specific sections of a binary file. In one embodiment, this method permits a proxy engine to execute (via emulation by a virtual machine) the protected code on behalf of the binary in kernel mode upon successful completion of an integrity check. The integrity check can optionally check only the specific parts of code that the developer wishes to validate. The integrity check can cross binary boundaries. Moreover, the integrity check can be done on a hard drive or in memory. Furthermore, since the encrypted code is executed by the proxy engine in kernel mode, hackers are further deterred from modifying the code. Additionally, a method of creating a protected binary file is described herein.

摘要翻译： 提出了一种防篡改方法，用于验证和保护二进制文件的特定部分。 在一个实施例中，该方法允许代理引擎在成功完成完整性检查后，以内核模式代表二进制文件执行（通​​过虚拟机的仿真）保护的代码。 完整性检查可以选择仅检查开发人员希望验证的代码的特定部分。 完整性检查可以跨越二进制边界。 此外，完整性检查可以在硬盘驱动器或内存中进行。 此外，由于加密代码在内核模式下由代理引擎执行，黑客进一步阻止修改代码。 此外，这里描述了创建受保护的二进制文件的方法。

公开(公告)号：US20070101131A1

公开(公告)日：2007-05-03

申请号：US11265265

申请日：2005-11-01

申请人： Ivan Davtchev ,  Karan Dhillon ,  Nir Zvi ,  Aaron Goldsmid ,  Ping Xie ,  Yifat Sagiv

发明人： Ivan Davtchev ,  Karan Dhillon ,  Nir Zvi ,  Aaron Goldsmid ,  Ping Xie ,  Yifat Sagiv

IPC分类号： H04L9/00

CPC分类号： G06F21/64

摘要： A security flag stored in a trusted store is utilized to determine if the trusted store has been subjected to tampering. The security flag is indicative of a globally unique identifier (GUID), the version of the trusted store, and a counter. The security flag is created when the trusted store is created. Each time a critical event occurs, the security flag is updated to indicate the occurrence thereof. The security flag also is stored in a write-once portion of the system registry. At appropriate times, the security flag stored in the trusted store is compared with the corresponding security flag stored in the write-once registry. If the security flags match within a predetermined tolerance, it is determined that the trusted store has not been subjected to tampering. If the security flags do not match, or if a security flag is missing, it is determined that the trusted store has been subjected to tampering.

摘要翻译： 使用存储在可信存储中的安全标志来确定可信存储是否已经被篡改。 安全标志指示全局唯一标识符（GUID），可信存储的版本和计数器。 创建可信存储时创建安全标志。 每当发生紧急事件时，安全标志被更新以指示其发生。 安全标志也存储在系统注册表的一次写入部分中。 在适当的时间，将存储在可信存储中的安全标志与存储在一次写入注册表中的对应的安全标志进行比较。 如果安全标志在预定公差内匹配，则确定可信存储没有遭受篡改。 如果安全标志不匹配，或者如果安全标志丢失，则确定可信存储已经受到篡改。

公开(公告)号：US08001596B2

公开(公告)日：2011-08-16

申请号：US11743755

申请日：2007-05-03

申请人： Matthias Wollnik ,  Nir Ben Zvi ,  Hakki Tunc Bostanci ,  John Richard McDowell ,  Aaron Goldsmid

发明人： Matthias Wollnik ,  Nir Ben Zvi ,  Hakki Tunc Bostanci ,  John Richard McDowell ,  Aaron Goldsmid

IPC分类号： G06F11/00

CPC分类号： G06F21/51 ,  G06F21/54

摘要： A method to apply a protection mechanism to a binary object includes using operating system resources to load a binary object from a storage medium along with a manifest and a digital signature. Authentication of the binary object is performed using the digital signature and the manifest is read to determine a category of protection for the binary object. The operating system selects a protection mechanism corresponding to the protection category and injects protection mechanism code, along with the binary object into a binary image on computer RAM. When the binary image is accessed, the protection mechanism executes and either allows full access and functionality to the binary object or prevents proper access and operation of the binary object. The protection mechanisms may be updated independently from the information on the storage medium.

摘要翻译： 将保护机制应用于二进制对象的方法包括使用操作系统资源将二进制对象与清单和数字签名一起从存储介质加载。 使用数字签名执行二进制对象的认证，读取清单以确定二进制对象的保护类别。 操作系统选择对应于保护类别的保护机制，并将保护机制代码与二进制对象一起注入计算机RAM中的二进制映像。 当访问二进制图像时，保护机制执行，并允许对二进制对象的完全访问和功能，或者阻止二进制对象的正确访问和操作。 可以独立于存储介质上的信息更新保护机制。

公开(公告)号：US20080276314A1

公开(公告)日：2008-11-06

申请号：US11743755

申请日：2007-05-03

申请人： MATTHIAS WOLLNIK ,  Nir Ben-Zvi ,  Hakki Tunc Bostanci ,  John Richard McDowell ,  Aaron Goldsmid

发明人： MATTHIAS WOLLNIK ,  Nir Ben-Zvi ,  Hakki Tunc Bostanci ,  John Richard McDowell ,  Aaron Goldsmid

IPC分类号： G06F19/00

CPC分类号： G06F21/51 ,  G06F21/54

摘要： A method to apply a protection mechanism to a binary object includes using operating system resources to load a binary object from a storage medium along with a manifest and a digital signature. Authentication of the binary object is performed using the digital signature and the manifest is read to determine a category of protection for the binary object. The operating system selects a protection mechanism corresponding to the protection category and injects protection mechanism code, along with the binary object into a binary image on computer RAM. When the binary image is accessed, the protection mechanism executes and either allows full access and functionality to the binary object or prevents proper access and operation of the binary object. The protection mechanisms may be updated independently from the information on the storage medium.

摘要翻译： 将保护机制应用于二进制对象的方法包括使用操作系统资源将二进制对象与清单和数字签名一起从存储介质加载。 使用数字签名执行二进制对象的认证，读取清单以确定二进制对象的保护类别。 操作系统选择对应于保护类别的保护机制，并将保护机制代码与二进制对象一起注入计算机RAM中的二进制映像。 当访问二进制图像时，保护机制执行，并允许对二进制对象的完全访问和功能，或者阻止二进制对象的正确访问和操作。 可以独立于存储介质上的信息更新保护机制。

公开(公告)号：US20080229115A1

公开(公告)日：2008-09-18

申请号：US11687252

申请日：2007-03-16

申请人： Matthias Hermann Wollnik ,  Nir Ben-Zvi ,  Aaron Goldsmid ,  Hakki Tunc Bostanci ,  Karan Singh Dhillon ,  Nathan Jeffrey Ide ,  John Richard McDowell ,  David John Linsley

发明人： Matthias Hermann Wollnik ,  Nir Ben-Zvi ,  Aaron Goldsmid ,  Hakki Tunc Bostanci ,  Karan Singh Dhillon ,  Nathan Jeffrey Ide ,  John Richard McDowell ,  David John Linsley

IPC分类号： H04L9/32

CPC分类号： G06F21/14 ,  H04L9/0825 ,  H04L2209/16

摘要： In an example embodiment, executable files are individually encrypted utilizing a symmetric cryptographic key. For each user to be given access to the obfuscated file, the symmetric cryptographic key is encrypted utilizing a public key of a respective public/private key pair. A different public key/private key pair is utilized for each user. Obfuscated files are formed comprising the encrypted executable files and a respective encrypted symmetric cryptographic key. The private keys of the public/private key pairs are stored on respective smart cards. The smart cards are distributed to the users. When a user wants to invoke the functionality of an obfuscated file, the user provides the private key via his/her smart card. The private key is retrieved and is utilized to decrypt the appropriate portion of the obfuscated file. The symmetric cryptographic key obtained therefrom is utilized to decrypt the encrypted executable file.

摘要翻译： 在示例实施例中，使用对称加密密钥对可执行文件进行单独加密。 为了使每个用户被访问该混淆文件，使用相应的公共/私人密钥对的公开密钥对对称加密密钥进行加密。 每个用户使用不同的公钥/私钥对。 形成包含加密的可执行文件和相应加密的对称加密密钥的混淆文件。 公钥/私钥对的私钥存储在相应的智能卡上。 智能卡分发给用户。 当用户想要调用混淆文件的功能时，用户通过他/她的智能卡提供私钥。 检索私钥并用于解密混淆文件的适当部分。 从其获得的对称密码密钥用于解密加密的可执行文件。