公开(公告)号：US08271803B2

公开(公告)日：2012-09-18

申请号：US11754024

申请日：2007-05-25

申请人： Aaron Payne Goldsmid ,  Nir Ben-Zvi ,  Sekhar P. Chintalapati ,  Karan Singh Dhillon ,  Nathan Ide ,  David John Linsley ,  Ping Xie

发明人： Aaron Payne Goldsmid ,  Nir Ben-Zvi ,  Sekhar P. Chintalapati ,  Karan Singh Dhillon ,  Nathan Ide ,  David John Linsley ,  Ping Xie

IPC分类号： G06F21/00

CPC分类号： G06F21/125 ,  G06F21/121 ,  G06F21/52 ,  G06F2221/2105

摘要： A first process operating on a computer comprises code to be executed in connection therewith, where the code includes at least one triggering device. A digital license corresponds to the first process and sets forth terms and conditions for operating the first process. A second process operating on the computer proxy-executes code corresponding to each triggering device of the first process on behalf of such first process. The second process includes a selection of options to thwart reverse engineering by a debugger if a debugger is detected. The options include execution by a proxy engine of a re-routed call, crashing the first process, detection ad elimination of a debugger related interrupt a call to an arbitrary function.

摘要翻译： 在计算机上操作的第一进程包括要与其一起执行的代码，其中代码包括至少一个触发设备。 数字许可证对应于第一个进程，并列出了操作第一个进程的条款和条件。 在计算机代理上操作的第二进程代表第一进程执行对应于第一进程的每个触发装置的代码。 如果检测到调试器，第二个过程包括一些选项来阻止调试器的逆向工程。 选项包括代理引擎执行重新路由呼叫，崩溃第一个进程，检测广告消除调试器相关中断对任意函数的调用。

公开(公告)号：US08800048B2

公开(公告)日：2014-08-05

申请号：US12123471

申请日：2008-05-20

申请人： Matthias Wollnik ,  Nathan Ide ,  Andrey Lelikov ,  John Richard McDowell ,  Aaron Payne Goldsmid ,  Karan Singh Dhillon

发明人： Matthias Wollnik ,  Nathan Ide ,  Andrey Lelikov ,  John Richard McDowell ,  Aaron Payne Goldsmid ,  Karan Singh Dhillon

IPC分类号： G06F21/00 ,  G06F21/14 ,  G06F21/12

CPC分类号： G06F21/14 ,  G06F21/125 ,  G06F2221/074

摘要： Methods and a tool or instrument for performing the methods of protecting a computer program with a parameter cloud are disclosed. A parameter cloud comprising a plurality of elements may be created. Called functions of a computer program may have defined expected parameter cloud states so that proper behavior of the called function is achieved when the parameter cloud state is the expected parameter cloud state. An expected parameter cloud state may include a selected set of elements of the parameter cloud having assigned values. Static portions of the called functions may depend on a current parameter cloud state, and calling functions may transform the parameter cloud state prior to calling their respective called functions. The methods and instrument may operate on original source code or post-binary targets of the computer program. A fingerprint may be used to identify a specific computer program from a sequence of state transitions.

摘要翻译： 公开了用于执行用参数云保护计算机程序的方法的方法和工具或仪器。 可以创建包括多个元素的参数云。 计算机程序的调用函数可能定义了预期参数云状态，以便当参数云状态为预期参数云状态时，可以实现被调用函数的正确行为。 期望的参数云状态可以包括具有分配值的参数云的所选择的一组元素。 被叫函数的静态部分可以取决于当前参数云状态，并且调用函数可以在调用它们各自的被调用函数之前变换参数云状态。 方法和仪器可以对计算机程序的原始源代码或后二进制目标进行操作。 可以使用指纹来从一系列状态转换中识别特定的计算机程序。

公开(公告)号：US20090293041A1

公开(公告)日：2009-11-26

申请号：US12123471

申请日：2008-05-20

申请人： Matthias Wollnik ,  Nathan Ide ,  Andrey Lelikov ,  John Richard McDowell ,  Aaron Payne Goldsmid ,  Karan Singh Dhillon

发明人： Matthias Wollnik ,  Nathan Ide ,  Andrey Lelikov ,  John Richard McDowell ,  Aaron Payne Goldsmid ,  Karan Singh Dhillon

IPC分类号： G06F9/44

CPC分类号： G06F21/14 ,  G06F21/125 ,  G06F2221/074

摘要： Methods and a tool or instrument for performing the methods of protecting a computer program with a parameter cloud are disclosed. A parameter cloud comprising a plurality of elements may be created. Called functions of a computer program may have defined expected parameter cloud states so that proper behavior of the called function is achieved when the parameter cloud state is the expected parameter cloud state. An expected parameter cloud state may include a selected set of elements of the parameter cloud having assigned values. Static portions of the called functions may depend on a current parameter cloud state, and calling functions may transform the parameter cloud state prior to calling their respective called functions. The methods and instrument may operate on original source code or post-binary targets of the computer program. A fingerprint may be used to identify a specific computer program from a sequence of state transitions.

摘要翻译： 公开了用于执行用参数云保护计算机程序的方法的方法和工具或仪器。 可以创建包括多个元素的参数云。 计算机程序的调用函数可能定义了预期参数云状态，以便当参数云状态为预期参数云状态时，可以实现被调用函数的正确行为。 期望的参数云状态可以包括具有分配值的参数云的所选择的一组元素。 被叫函数的静态部分可以取决于当前参数云状态，并且调用函数可以在调用它们各自的被调用函数之前变换参数云状态。 方法和仪器可以对计算机程序的原始源代码或后二进制目标进行操作。 可以使用指纹来从一系列状态转换中识别特定的计算机程序。

公开(公告)号：US20070234430A1

公开(公告)日：2007-10-04

申请号：US11754024

申请日：2007-05-25

申请人： Aaron Goldsmid ,  Nir Ben-Zvi ,  Sekhar Chintalapati ,  Karan Dhillon ,  Nathan Ide ,  David Linsley ,  Ping Xie

发明人： Aaron Goldsmid ,  Nir Ben-Zvi ,  Sekhar Chintalapati ,  Karan Dhillon ,  Nathan Ide ,  David Linsley ,  Ping Xie

IPC分类号： H04L9/00

CPC分类号： G06F21/125 ,  G06F21/121 ,  G06F21/52 ,  G06F2221/2105

摘要： A first process operating on a computer comprises code to be executed in connection therewith, where the code includes at least one triggering device. A digital license corresponds to the first process and sets forth terms and conditions for operating the first process. A second process operating on the computer proxy-executes code corresponding to each triggering device of the first process on behalf of such first process. The second process includes a selection of options to thwart reverse engineering by a debugger if a debugger is detected. The options include execution by a proxy engine of a re-routed call, crashing the first process, detection ad elimination of a debugger related interrupt a call to an arbitrary function.

摘要翻译： 在计算机上操作的第一进程包括要与其一起执行的代码，其中代码包括至少一个触发设备。 数字许可证对应于第一个进程，并列出了操作第一个进程的条款和条件。 在计算机代理上操作的第二进程代表第一进程执行对应于第一进程的每个触发装置的代码。 如果检测到调试器，第二个过程包括一些选项来阻止调试器的逆向工程。 选项包括代理引擎执行重新路由呼叫，崩溃第一个进程，检测广告消除调试器相关中断对任意函数的调用。

公开(公告)号：US20120110644A1

公开(公告)日：2012-05-03

申请号：US12938363

申请日：2010-11-02

申请人： Stefan Thom ,  Nathan Ide ,  Scott Daniel Anderson ,  Robert Karl Spiger ,  David J. Linsley ,  Mark Fishel Novak ,  Magnus Nyström

发明人： Stefan Thom ,  Nathan Ide ,  Scott Daniel Anderson ,  Robert Karl Spiger ,  David J. Linsley ,  Mark Fishel Novak ,  Magnus Nyström

IPC分类号： H04L9/32 ,  G06F15/16 ,  G06F21/00

CPC分类号： G06F21/57 ,  G06F2221/2101 ,  H04L9/0897

摘要： An event log can comprise, not only entries associated with components instantiated since a most recent power on of a computing device, but also entries of components instantiated prior to that power on, such as components that were instantiated, and represent, a state of the computing device prior to hibernation that has now been resumed. Upon hibernation, the current values of the Platform Configuration Registers (PCRs) of a Trusted Platform Module (trusted execution environment), as well as a quote of those current values, and a current value of a monotonic counter of the trusted execution environment can be logged. The monotonic counter can be incremented at each power on to track successive generations of the computing device and to guard against an intervening, not-logged generation. A subsequent parsing of the event log can verify the prior generational entries with reference to the PCR values in the log that are associated with those generations.

摘要翻译： 事件日志不仅可以包括与计算设备的最近上电后实例化的组件相关联的条目，而且还可以包括在该上电之前实例化的组件的条目，诸如被实例化的组件，并且表示 休眠前的计算设备现在已经恢复。 休眠后，可信平台模块（可信执行环境）的平台配置寄存器（PCR）的当前值以及当前值的引用以及可信执行环境的单调计数器的当前值可以是 记录。 在每次打开电源时，单调计数器可以递增，以跟踪计算设备的连续几代，并防止中间，未记录的一代。 事件日志的后续解析可以参考日志中与这些世代相关联的PCR值来验证先前的生成条目。

公开(公告)号：US08627464B2

公开(公告)日：2014-01-07

申请号：US12938363

申请日：2010-11-02

申请人： Stefan Thom ,  Nathan Ide ,  Scott Danie Anderson ,  Robert Karl Spiger ,  David J. Linsley ,  Mark Fishel Novak ,  Magnus Nyström

发明人： Stefan Thom ,  Nathan Ide ,  Scott Danie Anderson ,  Robert Karl Spiger ,  David J. Linsley ,  Mark Fishel Novak ,  Magnus Nyström

IPC分类号： G06F12/14

CPC分类号： G06F21/57 ,  G06F2221/2101 ,  H04L9/0897

摘要： An event log can comprise, not only entries associated with components instantiated since a most recent power on of a computing device, but also entries of components instantiated prior to that power on, such as components that were instantiated, and represent, a state of the computing device prior to hibernation that has now been resumed. Upon hibernation, the current values of the Platform Configuration Registers (PCRs) of a Trusted Platform Module (trusted execution environment), as well as a quote of those current values, and a current value of a monotonic counter of the trusted execution environment can be logged. The monotonic counter can be incremented at each power on to track successive generations of the computing device and to guard against an intervening, not-logged generation. A subsequent parsing of the event log can verify the prior generational entries with reference to the PCR values in the log that are associated with those generations.

摘要翻译： 事件日志不仅可以包括与计算设备的最近上电后实例化的组件相关联的条目，而且还可以包括在该上电之前实例化的组件的条目，诸如被实例化的组件，并且表示 休眠前的计算设备现在已经恢复。 休眠后，可信平台模块（可信执行环境）的平台配置寄存器（PCR）的当前值以及当前值的引用以及可信执行环境的单调计数器的当前值可以是 记录。 在每次打开电源时，单调计数器可以递增，以跟踪计算设备的连续几代，并防止中间，未记录的一代。 事件日志的后续解析可以参考日志中与这些世代相关联的PCR值来验证先前的生成条目。