-
公开(公告)号:US08001596B2
公开(公告)日:2011-08-16
申请号:US11743755
申请日:2007-05-03
IPC分类号: G06F11/00
摘要: A method to apply a protection mechanism to a binary object includes using operating system resources to load a binary object from a storage medium along with a manifest and a digital signature. Authentication of the binary object is performed using the digital signature and the manifest is read to determine a category of protection for the binary object. The operating system selects a protection mechanism corresponding to the protection category and injects protection mechanism code, along with the binary object into a binary image on computer RAM. When the binary image is accessed, the protection mechanism executes and either allows full access and functionality to the binary object or prevents proper access and operation of the binary object. The protection mechanisms may be updated independently from the information on the storage medium.
摘要翻译: 将保护机制应用于二进制对象的方法包括使用操作系统资源将二进制对象与清单和数字签名一起从存储介质加载。 使用数字签名执行二进制对象的认证,读取清单以确定二进制对象的保护类别。 操作系统选择对应于保护类别的保护机制,并将保护机制代码与二进制对象一起注入计算机RAM中的二进制映像。 当访问二进制图像时,保护机制执行,并允许对二进制对象的完全访问和功能,或者阻止二进制对象的正确访问和操作。 可以独立于存储介质上的信息更新保护机制。
-
公开(公告)号:US20080276314A1
公开(公告)日:2008-11-06
申请号:US11743755
申请日:2007-05-03
IPC分类号: G06F19/00
摘要: A method to apply a protection mechanism to a binary object includes using operating system resources to load a binary object from a storage medium along with a manifest and a digital signature. Authentication of the binary object is performed using the digital signature and the manifest is read to determine a category of protection for the binary object. The operating system selects a protection mechanism corresponding to the protection category and injects protection mechanism code, along with the binary object into a binary image on computer RAM. When the binary image is accessed, the protection mechanism executes and either allows full access and functionality to the binary object or prevents proper access and operation of the binary object. The protection mechanisms may be updated independently from the information on the storage medium.
摘要翻译: 将保护机制应用于二进制对象的方法包括使用操作系统资源将二进制对象与清单和数字签名一起从存储介质加载。 使用数字签名执行二进制对象的认证,读取清单以确定二进制对象的保护类别。 操作系统选择对应于保护类别的保护机制,并将保护机制代码与二进制对象一起注入计算机RAM中的二进制映像。 当访问二进制图像时,保护机制执行,并允许对二进制对象的完全访问和功能,或者阻止二进制对象的正确访问和操作。 可以独立于存储介质上的信息更新保护机制。
-
公开(公告)号:US20080229115A1
公开(公告)日:2008-09-18
申请号:US11687252
申请日:2007-03-16
申请人: Matthias Hermann Wollnik , Nir Ben-Zvi , Aaron Goldsmid , Hakki Tunc Bostanci , Karan Singh Dhillon , Nathan Jeffrey Ide , John Richard McDowell , David John Linsley
发明人: Matthias Hermann Wollnik , Nir Ben-Zvi , Aaron Goldsmid , Hakki Tunc Bostanci , Karan Singh Dhillon , Nathan Jeffrey Ide , John Richard McDowell , David John Linsley
IPC分类号: H04L9/32
CPC分类号: G06F21/14 , H04L9/0825 , H04L2209/16
摘要: In an example embodiment, executable files are individually encrypted utilizing a symmetric cryptographic key. For each user to be given access to the obfuscated file, the symmetric cryptographic key is encrypted utilizing a public key of a respective public/private key pair. A different public key/private key pair is utilized for each user. Obfuscated files are formed comprising the encrypted executable files and a respective encrypted symmetric cryptographic key. The private keys of the public/private key pairs are stored on respective smart cards. The smart cards are distributed to the users. When a user wants to invoke the functionality of an obfuscated file, the user provides the private key via his/her smart card. The private key is retrieved and is utilized to decrypt the appropriate portion of the obfuscated file. The symmetric cryptographic key obtained therefrom is utilized to decrypt the encrypted executable file.
摘要翻译: 在示例实施例中,使用对称加密密钥对可执行文件进行单独加密。 为了使每个用户被访问该混淆文件,使用相应的公共/私人密钥对的公开密钥对对称加密密钥进行加密。 每个用户使用不同的公钥/私钥对。 形成包含加密的可执行文件和相应加密的对称加密密钥的混淆文件。 公钥/私钥对的私钥存储在相应的智能卡上。 智能卡分发给用户。 当用户想要调用混淆文件的功能时,用户通过他/她的智能卡提供私钥。 检索私钥并用于解密混淆文件的适当部分。 从其获得的对称密码密钥用于解密加密的可执行文件。
-
公开(公告)号:US20090319761A1
公开(公告)日:2009-12-24
申请号:US12144699
申请日:2008-06-24
申请人: Hakki Tunc Bostanci , Nathan Jeffrey Ide , Matthias Hermann Wollnik , John Richard McDowell , Karan Singh Dhillon , Aaron Payne Goldsmid
发明人: Hakki Tunc Bostanci , Nathan Jeffrey Ide , Matthias Hermann Wollnik , John Richard McDowell , Karan Singh Dhillon , Aaron Payne Goldsmid
IPC分类号: G06F9/318
CPC分类号: G06F9/30181 , G06F21/123 , G06F21/125
摘要: Restricting execution by a computing device of instructions within an application program. The application program is modified such that execution of the selected instructions is dependent upon a corresponding expected state of one or more hardware components in the computing device. In an embodiment, the application program is modified to place the hardware components in the expected states prior to execution of the corresponding selected instructions. Creating the dependency on the hardware components prevents the unintended or malicious execution of the selected instructions.
摘要翻译: 由计算设备限制应用程序内的指令执行。 应用程序被修改为使得所选择的指令的执行取决于计算设备中的一个或多个硬件组件的对应的预期状态。 在一个实施例中,修改应用程序以在执行相应的所选择的指令之前将硬件组件置于预期状态。 创建对硬件组件的依赖性可防止所选指令的意外或恶意执行。
-
公开(公告)号:US08010773B2
公开(公告)日:2011-08-30
申请号:US12144699
申请日:2008-06-24
申请人: Hakki Tunc Bostanci , Nathan Jeffrey Ide , Matthias Hermann Wollnik , John Richard McDowell , Karan Singh Dhillon , Aaron Payne Goldsmid
发明人: Hakki Tunc Bostanci , Nathan Jeffrey Ide , Matthias Hermann Wollnik , John Richard McDowell , Karan Singh Dhillon , Aaron Payne Goldsmid
CPC分类号: G06F9/30181 , G06F21/123 , G06F21/125
摘要: Restricting execution by a computing device of instructions within an application program. The application program is modified such that execution of the selected instructions is dependent upon a corresponding expected state of one or more hardware components in the computing device. In an embodiment, the application program is modified to place the hardware components in the expected states prior to execution of the corresponding selected instructions. Creating the dependency on the hardware components prevents the unintended or malicious execution of the selected instructions.
摘要翻译: 由计算设备限制应用程序内的指令执行。 应用程序被修改为使得所选择的指令的执行取决于计算设备中的一个或多个硬件组件的对应的预期状态。 在一个实施例中,修改应用程序以在执行相应的所选择的指令之前将硬件组件置于预期状态。 创建对硬件组件的依赖性可防止所选指令的意外或恶意执行。
-
6.发明授权Software protection through interdependent parameter cloud constrained software execution 有权软件保护通过相互依赖的参数云限制软件执行公开(公告)号:US08800048B2
公开(公告)日:2014-08-05
申请号:US12123471
申请日:2008-05-20
申请人: Matthias Wollnik , Nathan Ide , Andrey Lelikov , John Richard McDowell , Aaron Payne Goldsmid , Karan Singh Dhillon
发明人: Matthias Wollnik , Nathan Ide , Andrey Lelikov , John Richard McDowell , Aaron Payne Goldsmid , Karan Singh Dhillon
CPC分类号: G06F21/14 , G06F21/125 , G06F2221/074
摘要: Methods and a tool or instrument for performing the methods of protecting a computer program with a parameter cloud are disclosed. A parameter cloud comprising a plurality of elements may be created. Called functions of a computer program may have defined expected parameter cloud states so that proper behavior of the called function is achieved when the parameter cloud state is the expected parameter cloud state. An expected parameter cloud state may include a selected set of elements of the parameter cloud having assigned values. Static portions of the called functions may depend on a current parameter cloud state, and calling functions may transform the parameter cloud state prior to calling their respective called functions. The methods and instrument may operate on original source code or post-binary targets of the computer program. A fingerprint may be used to identify a specific computer program from a sequence of state transitions.
摘要翻译: 公开了用于执行用参数云保护计算机程序的方法的方法和工具或仪器。 可以创建包括多个元素的参数云。 计算机程序的调用函数可能定义了预期参数云状态,以便当参数云状态为预期参数云状态时,可以实现被调用函数的正确行为。 期望的参数云状态可以包括具有分配值的参数云的所选择的一组元素。 被叫函数的静态部分可以取决于当前参数云状态,并且调用函数可以在调用它们各自的被调用函数之前变换参数云状态。 方法和仪器可以对计算机程序的原始源代码或后二进制目标进行操作。 可以使用指纹来从一系列状态转换中识别特定的计算机程序。
-
7.发明申请公开(公告)号:US20090293041A1
公开(公告)日:2009-11-26
申请号:US12123471
申请日:2008-05-20
申请人: Matthias Wollnik , Nathan Ide , Andrey Lelikov , John Richard McDowell , Aaron Payne Goldsmid , Karan Singh Dhillon
发明人: Matthias Wollnik , Nathan Ide , Andrey Lelikov , John Richard McDowell , Aaron Payne Goldsmid , Karan Singh Dhillon
IPC分类号: G06F9/44
CPC分类号: G06F21/14 , G06F21/125 , G06F2221/074
摘要: Methods and a tool or instrument for performing the methods of protecting a computer program with a parameter cloud are disclosed. A parameter cloud comprising a plurality of elements may be created. Called functions of a computer program may have defined expected parameter cloud states so that proper behavior of the called function is achieved when the parameter cloud state is the expected parameter cloud state. An expected parameter cloud state may include a selected set of elements of the parameter cloud having assigned values. Static portions of the called functions may depend on a current parameter cloud state, and calling functions may transform the parameter cloud state prior to calling their respective called functions. The methods and instrument may operate on original source code or post-binary targets of the computer program. A fingerprint may be used to identify a specific computer program from a sequence of state transitions.
摘要翻译: 公开了用于执行用参数云保护计算机程序的方法的方法和工具或仪器。 可以创建包括多个元素的参数云。 计算机程序的调用函数可能定义了预期参数云状态,以便当参数云状态为预期参数云状态时,可以实现被调用函数的正确行为。 期望的参数云状态可以包括具有分配值的参数云的所选择的一组元素。 被叫函数的静态部分可以取决于当前参数云状态,并且调用函数可以在调用它们各自的被调用函数之前变换参数云状态。 方法和仪器可以对计算机程序的原始源代码或后二进制目标进行操作。 可以使用指纹来从一系列状态转换中识别特定的计算机程序。
-
-
-
-
-
-
搜索结果
7 条记录 (耗时 0.034 秒)
