Virus immune computer system and method
First Claim
1. A method for preventing hacker code from infecting an application program, the method comprising the steps of:
- accessing a computer comprising a second-non-transitory computer storage medium;
a random access memory;
an address bus;
a central processing unit; and
an operating system, the operating system stored in the second-non-transitory computer storage medium of the computer;
providing a security device comprising a first-non-transitory computer storage medium, said security device being a separate unit from components necessary to operate the computer;
storing a symmetric private key on the security device, the symmetric private key being symmetric in that it is usable for encryption and decryption of the application program stored in the random access memory of the computer;
using the symmetric private key to produce an encrypted application program upon first installation of the application program on the computer, the encrypted application program comprising encrypted operational instructions needed to run the application program, such that after such first installation, the encrypted application program is the only installed version of the application program on the computer;
upon receiving a command on the computer to run the application program;
loading the encrypted application program into the random access memory of the computer;
requiring the central processing unit to decrypt, using the symmetric private key, that part of the encrypted application program needed implement the command to run the application program; and
requiring the central processing unit to decrypt, on the fly, only those follow-on parts of the encrypted application program needed to perform functions called for during operation of the application program.
2 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus prevents hacker code from infecting an application program by requiring decryption of the application program prior to running the application program on a computer. The method includes steps of: providing a security device that is a separate unit from components necessary to operate the computer; storing a symmetric private key on the security device; using the device symmetric private key to produce an encrypted application program upon first installation; thereafter decrypting that part of the encrypted application program needed implement a command to run the application program; and, decrypting, on the fly, only those follow-on parts of the encrypted application program needed to perform functions called for during operation of the application program.
18 Citations
21 Claims
-
1. A method for preventing hacker code from infecting an application program, the method comprising the steps of:
-
accessing a computer comprising a second-non-transitory computer storage medium;
a random access memory;
an address bus;
a central processing unit; and
an operating system, the operating system stored in the second-non-transitory computer storage medium of the computer;providing a security device comprising a first-non-transitory computer storage medium, said security device being a separate unit from components necessary to operate the computer; storing a symmetric private key on the security device, the symmetric private key being symmetric in that it is usable for encryption and decryption of the application program stored in the random access memory of the computer; using the symmetric private key to produce an encrypted application program upon first installation of the application program on the computer, the encrypted application program comprising encrypted operational instructions needed to run the application program, such that after such first installation, the encrypted application program is the only installed version of the application program on the computer; upon receiving a command on the computer to run the application program; loading the encrypted application program into the random access memory of the computer; requiring the central processing unit to decrypt, using the symmetric private key, that part of the encrypted application program needed implement the command to run the application program; and requiring the central processing unit to decrypt, on the fly, only those follow-on parts of the encrypted application program needed to perform functions called for during operation of the application program. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A security device for improving operation of a computer to provide it immunity from infection of a software program by a software virus or in memory software code injection, the security device comprising:
-
a first-non-transitory computer storage medium installed within a unit that is separate from components necessary for the operation of the computer; a symmetric private key usable for encryption and decryption of a software program, the symmetric private key stored on the first-non-transitory computer storage medium within the unit; a second-non-transitory computer storage medium that is necessary for operation of the computer, the second-non-transitory computer storage medium storing computer code operable to; enable the computer to which the unit is connected to use the symmetric private key to encrypt a software program upon first installation of the software program and thereby create a first-encrypted software program; require the computer to use the symmetric private key upon each startup of the first-encrypted software program to decrypt the first-encrypted software program to produce a first-decrypted software program; execute the first-decrypted software program on the computer; and prevent access to the symmetric private key after the symmetric private key is first accessed to produce the first-decrypted software program, unless express authorization is first obtained. - View Dependent Claims (13, 14, 15)
-
-
16. A method for improving operation of a computer to provide the computer with immunity from infection of a software program by a software virus or by memory software code injection, the method comprising the steps of:
-
hosting an operating system in a non-transitory computer storage medium accessible by a computer; receiving at the computer an encrypted device symmetric private key through a network connection; decrypting the encrypted device symmetric private key on the computer to derive a decrypted device symmetric private key; encrypting a software program using the decrypted device symmetric private key upon first installation of the software program and thereby create an encrypted software program that is the only installed version of the software program on the computer; when executing a command to start the software program, requiring the operating system to use the decrypted device symmetric private key to decrypt a first part of the encrypted software program necessary to start the software program; requiring the computer to use the decrypted device symmetric private key to subsequently decrypt any second part of the encrypted software program that is needed during operation of the first part; and precluding the operating system from running any executable code that has not been previously encrypted with the decrypted device symmetric private key. - View Dependent Claims (17)
-
-
18. A method for improving operation of a computer to provide the computer with immunity from infection of a software program by a software virus or by memory software code injection, the method comprising the steps of:
-
hosting an operating system in a non-transitory computer storage medium accessible by a computer; receiving at the computer an encrypted device symmetric private key through a network connection; decrypting the encrypted device symmetric private key on the computer to derive a decrypted device symmetric private key; encrypting a software program using the decrypted device symmetric private key upon first installation of the software program and thereby create an encrypted software program that is the only installed version of the software program on the computer; when executing a command to start the software program, requiring the operating system to use the decrypted device symmetric private key to decrypt a first part of the encrypted software program necessary to start the software program; requiring the computer to use the decrypted device symmetric private key to subsequently decrypt any second part of the encrypted software program that is needed during operation of the first part; and storing the first part and any second part that is decrypted in a random access memory accessible by the computer. - View Dependent Claims (19)
-
-
20. A method for controlling loading of multiple operating systems into a random access memory of a computer, the computer comprising a first non-transitory computer storage medium, a second-non-transitory computer storage medium, a third non-transitory computer storage medium, a random access memory, a central processing unit, a basic input/output system, and a switch, the method comprising the steps of:
-
storing a key on the first non-transitory computer storage medium, the key usable for encryption and decryption of a software program; storing an encrypted operating system on the computer in the second-non-transitory computer storage medium; storing a non-encrypted operating system on the computer in the third non-transitory computer storage medium; setting the switch to enable the basic input/output system to load either the encrypted operating system or the non-encrypted operating system into the random access memory; and configuring the computer at power up to implement steps comprising; making the key available from the first non-transitory computer storage medium to the basic input/output system; when the switch is set to enable the basic input/output system to load the encrypted operating system, the basic input/output system reading the encrypted operating system from the second-non-transitory computer storage medium and using the key to decrypt the encrypted operating system as requested by the central processing unit; and
,when the switch is set to enable the basic input/output system to load the non-encrypted operating system from the third non-transitory computer storage medium, the basic input/output system disabling access to the key then reading the non-encrypted operating system from the third non-transitory computer storage medium, then storing the non-encrypted operating system in the random access memory of the computer. - View Dependent Claims (21)
-
Specification