Mehod and system for detecting a secure state of a computer system
First Claim
1. A method of detecting unauthorized executable programs resident in a computer system memory comprising the steps of:
- a) receiving a trusted hash value representative of a hash value for generation by a predetermined hashing process of predetermined data stored in memory within the computer system if an unauthorized executable program is other than resident in the computer system;
b) hashing the data stored in memory within the computer system using the predetermined hashing process to determine a computed hash value; and
c) comparing the computed hash value and the trusted hash value to determine differences between the data and the predetermined data.
5 Assignments
0 Petitions
Accused Products
Abstract
Disclosed is a method for detecting unauthorized applications in execution within a computer system, such as for instance one of a Trojan horse application and a virus, prior to providing security data from a trusted source. According to the instant invention, a security application computes a hash value in dependence upon predetermined data in system memory and compares said computed hash value to a trusted hash value that was obtained when the system was in a verified secure state. The data is provided from the trusted source to an application in execution on the computer system only if the computed hash value and the trusted hash value are indicative of a same trusted state.
-
Citations
24 Claims
-
1. A method of detecting unauthorized executable programs resident in a computer system memory comprising the steps of:
-
a) receiving a trusted hash value representative of a hash value for generation by a predetermined hashing process of predetermined data stored in memory within the computer system if an unauthorized executable program is other than resident in the computer system;
b) hashing the data stored in memory within the computer system using the predetermined hashing process to determine a computed hash value; and
c) comparing the computed hash value and the trusted hash value to determine differences between the data and the predetermined data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 22, 23, 24)
-
-
17. A method of detecting unauthorized executable programs resident in a computer system comprising the steps of:
-
a) providing a trusted security application executable on a processor of the computer system for determining a hash value using a predetermined hashing process of predetermined data existing in memory within the computer system;
b) hashing the data existing in memory within the computer system using the predetermined process to determine a hash value;
c) digitally signing the hash value to provide a trusted hash value; and
d) retrievably storing the trusted hash value, wherein the hash value is determined absent an unauthorized executable program being present within the computer system; and
wherein the predetermined data relates to programs in execution on the processor of the computer system. - View Dependent Claims (18, 19, 20, 21)
-
Specification