公开(公告)号：US20150324590A1

公开(公告)日：2015-11-12

申请号：US14388232

申请日：2012-03-26

申请人： Robert KRTEN ,  Hongrul DONG ,  Clifford LIEM

发明人： Robert KRTEN ,  Hongrul DONG ,  Clifford LIEM

IPC分类号： G06F21/60 ,  G06F17/30

CPC分类号： G06F21/60 ,  G06F17/30097 ,  G06F21/125 ,  G06F21/14 ,  G06F21/64 ,  G06F2221/2107 ,  H04L9/0894 ,  H04L9/3239 ,  H04L2209/16

摘要： In the present disclosure, a hash function is computed over a known image, for example, an address range in a program. The result of the hash function is known to be the same at two distinct points in time, before the program is run, i.e. signing at build-time, and during the running of the program, i.e. run time. The value that the programmer wishes to hide, i.e. the secret value, is also known at build-time. At build-time, the secret value is combined with the hash in such a way that the combining operation can be reversed at run time. This combined value, i.e. the salt, is stored along with the program. Later, at runtime, the program computes the same hash value as was computed at signing time, and does the reverse combining operation in order to reveal the secret value.

摘要翻译： 在本公开中，在已知图像上计算散列函数，例如程序中的地址范围。 在运行程序之前的两个不同的时间点，即在构建时签署，以及程序的运行，即运行时间，已知哈希函数的结果是相同的。 程序员希望隐藏的值，即秘密值，在构建时也是已知的。 在构建时，秘密值与哈希结合，使得组合操作在运行时可以颠倒。 该组合值，即盐，与程序一起存储。 后来，在运行时，程序计算与在签名时计算的哈希值相同的哈希值，并进行反向组合操作，以显示秘密值。

公开(公告)号：US20170147331A1

公开(公告)日：2017-05-25

申请号：US15426090

申请日：2017-02-07

申请人： Clifford LIEM ,  Hongrui DONG ,  Sam MARTIN ,  Yuan Xiang GU ,  Michael WIENER

发明人： Clifford LIEM ,  Hongrui DONG ,  Sam MARTIN ,  Yuan Xiang GU ,  Michael WIENER

IPC分类号： G06F9/445 ,  G06F21/57

CPC分类号： G06F8/656 ,  G06F9/44521 ,  G06F21/572

摘要： A method and system for renewing software at the component-level is provided. A client program includes a base component for loading a software component into at least one loadable region of the program to update the program. Code in the software component is for writing state data associating the state of the update in storage, upon execution of the software component, and testing the state data to verify condition of the updated program and disallowing rollback and roll-forward attacks, the state data comprising hash chain values. The state data for verifying the correctness of the updated program is entangled with application data used for the program functionality. A server includes: an update pool having a plurality of software updates deployed in each client, and a policy control for monitoring and controlling at least one of: the length of time the client runs until the software update is invoked, a chain of the updates; and the granularity of the update.