Virus immune computer system and method
First Claim
1. A computer system comprising:
- a storage device that is a separate unit from components necessary for startup of a computer, the storage device comprising;
a first-non-transitory computer storage medium, the first-non-transitory computer storage medium storing;
a device symmetric private key, the device symmetric private key operable to decrypt an encrypted operating system symmetric private key so as to produce a decrypted operating system symmetric private key;
a computer comprising a central processing unit, an address bus, and a second-non-transitory computer storage medium on which is stored the encrypted operating system symmetric private key and a security program that is operable to;
retrieve the device symmetric private key from the storage device;
decrypt the encrypted operating system symmetric private key with the device symmetric private key to produce the decrypted operating system symmetric private key;
preclude the computer from storing the device symmetric private key or the decrypted operating system symmetric private key in any non-transitory computer storage medium;
require the computer, upon first installation of an application program on the computer, to use the decrypted operating system symmetric private key to encrypt the application program such that the encrypted application program is the only installed version of the application program on any non-transitory computer readable memory accessible by the computer;
enable the computer, each time a command is given to startup the application program, to use the decrypted operating system symmetric private key to decrypt a first portion of the encrypted application program needed implement the command, and to store what was decrypted in a random access memory accessible by the computer;
require the computer to use the decrypted operating system symmetric private key to subsequently decrypt any second portion of the encrypted application program that is needed during operation of the first portion and to store what was subsequently decrypted in the random access memory accessible by the computer; and
prevent access to the device symmetric private key after the device symmetric private key is first accessed to produce the decrypted operating system symmetric private key, unless express authorization is first obtained.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus prevents hacker code from infecting an application program by requiring decryption of the application program prior to running the application program on a computer. The device is preferably a computer system that includes a dongle, or a separate unit that is connected or connectable to the computer. A security program decrypts a first key with a second key stored on the dongle. When a new application is installed the first time on the computer, the security program uses a decrypted first key to encrypt whatever is installed such that the encrypted application program is the only installed version of the application program on any non-transitory computer readable memory accessible by the computer. When a command is given to startup the application program, whatever code is needed for startup is first decrypted using the decrypted first key.
15 Citations
16 Claims
-
1. A computer system comprising:
-
a storage device that is a separate unit from components necessary for startup of a computer, the storage device comprising; a first-non-transitory computer storage medium, the first-non-transitory computer storage medium storing; a device symmetric private key, the device symmetric private key operable to decrypt an encrypted operating system symmetric private key so as to produce a decrypted operating system symmetric private key; a computer comprising a central processing unit, an address bus, and a second-non-transitory computer storage medium on which is stored the encrypted operating system symmetric private key and a security program that is operable to; retrieve the device symmetric private key from the storage device; decrypt the encrypted operating system symmetric private key with the device symmetric private key to produce the decrypted operating system symmetric private key; preclude the computer from storing the device symmetric private key or the decrypted operating system symmetric private key in any non-transitory computer storage medium; require the computer, upon first installation of an application program on the computer, to use the decrypted operating system symmetric private key to encrypt the application program such that the encrypted application program is the only installed version of the application program on any non-transitory computer readable memory accessible by the computer; enable the computer, each time a command is given to startup the application program, to use the decrypted operating system symmetric private key to decrypt a first portion of the encrypted application program needed implement the command, and to store what was decrypted in a random access memory accessible by the computer; require the computer to use the decrypted operating system symmetric private key to subsequently decrypt any second portion of the encrypted application program that is needed during operation of the first portion and to store what was subsequently decrypted in the random access memory accessible by the computer; and prevent access to the device symmetric private key after the device symmetric private key is first accessed to produce the decrypted operating system symmetric private key, unless express authorization is first obtained. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A storage device usable with a computer, the storage device comprising:
-
a non-transitory computer storage medium, a central processing unit, a data bus, and an address bus; the non-transitory computer storage medium comprising a key usable for decrypting encrypted program code, the encrypted program code stored in a random access memory accessible by the computer, the key comprising a plurality of bytes wherein each byte in the plurality of bytes has a byte value; the central processing unit of the storage device connectable to the random access memory through the data bus and the address bus; the non-transitory computer storage medium storing computer code operable on the central processing unit of the storage device to; identify a designated location in the random access memory accessible by the computer holding an encrypted byte of executable code; perform a modulus operand between an address location of the encrypted byte of executable code and a length of the key to derive a remainder value; add one to the remainder value deriving a summed value; fetch the byte value of the byte in the plurality of bytes of the key, said byte located at the summed value; use the byte value that is fetched to decrypt an encrypted executable code starting at the designated location in the random access memory accessible by the computer, wherein such use producing a decrypted executable code; and execute the decrypted executable code.
-
-
13. A method for improving operation of a computer to provide the computer with immunity from infection of a software program by a software virus or by memory software code injection, the method comprising the steps of:
-
hosting an operating system in a non-transitory computer storage medium accessible by the computer; receiving at the computer an encrypted operating system symmetric private key through a network connection; decrypting the encrypted operating system symmetric private key on the computer to derive a decrypted operating system symmetric private key; encrypting a software program using the decrypted operating system symmetric private key upon first installation of the software program and thereby create an encrypted software program that is the only installed version of the software program on the computer; when executing a command to start the software program, requiring the operating system to use the decrypted operating system symmetric private key to decrypt a first part of the encrypted software program necessary to start the software program; requiring the computer to use the decrypted operating system symmetric private key to subsequently decrypt any second part of the encrypted software program that is needed during operation of the first part; and precluding the operating system from running any executable code that has not been previously encrypted with the decrypted operating system symmetric private key. - View Dependent Claims (14)
-
-
15. A method for improving operation of a computer to provide the computer with immunity from infection of a software program by a software virus or by memory software code injection, the method comprising the steps of:
-
hosting an operating system in a non-transitory computer storage medium accessible by a computer; receiving at the computer an encrypted operating system symmetric private key through a network connection; decrypting the encrypted operating system symmetric private key on the computer to derive a decrypted operating system symmetric private key; encrypting a software program using the decrypted operating system symmetric private key upon first installation of the software program and thereby create an encrypted software program that is the only installed version of the software program on the computer; when executing a command to start the software program, requiring the operating system to use the decrypted operating system symmetric private key to decrypt a first part of the encrypted software program necessary to start the software program; requiring the computer to use the decrypted operating system symmetric private key to subsequently decrypt any second part of the encrypted software program that is needed during operation of the first part; and storing the first part and any second part that is decrypted in a random access memory accessible by the computer. - View Dependent Claims (16)
-
Specification