Prevention of software tampering

US 20030226007A1
Filed: 05/30/2002
Published: 12/04/2003
Est. Priority Date: 05/30/2002
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a node in a distributed computing system, comprising:

(a) altering a message using a predetermined algorithm at a first node, wherein the message is altered so that the message can be subsequently authenticated, and wherein the altering uses a protection key based at least in part on node-specific information of the first node;

(b) sending the altered message to a second node; and

(c) receiving the altered message at the second node;

(d) attempting to authenticate the altered message using the predetermined algorithm, wherein an authentication key is based at least in part on node specific information of the second node.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a distributed computing architecture, a method and system for authenticating a message as originating from an unaltered or unmodified node is provided. Prior to sending a messages a black box software module in a node validates the node to determine whether the node has been altered or modified without authorization. Once validated, the black box alters a message, using a black box protection scheme, in such a manner that the message can be subsequently authenticated. The black box module sends the altered message to a peer node, whose own black box authenticates the message using an authentication scheme corresponding to the protection scheme. Because validation is performed, each node may assume that the message originated from an unaltered node. The protection and/or validation scheme can be changed in regular intervals so that attackers do not have time to reverse engineer the black box. Alternatively, validation may be skipped and the key used to alter/protect each message may be based on the environment of the node performing the alteration/protection, so that nodes that have been altered will generate different keys than unaltered nodes, and will not be able to communicate.

83 Citations

View as Search Results

26 Claims

1. A method for authenticating a node in a distributed computing system, comprising:
- (a) altering a message using a predetermined algorithm at a first node, wherein the message is altered so that the message can be subsequently authenticated, and wherein the altering uses a protection key based at least in part on node-specific information of the first node;
  
  (b) sending the altered message to a second node; and
  
  (c) receiving the altered message at the second node;
  
  (d) attempting to authenticate the altered message using the predetermined algorithm, wherein an authentication key is based at least in part on node specific information of the second node.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, further comprising changing the predetermined algorithm when a predetermined event occurs.
  - 3. The method of claim 2, wherein the predetermined event comprises a predetermined amount of time having elapsed.
  - 4. The method of claim 1, further comprising changing the predetermined algorithm when the predetermined algorithm has been compromised.
  - 5. The method of claim 1, wherein the predetermined algorithm comprises encryption.
  - 6. The method of claim 5, wherein the predetermined algorithm comprises encrypting an asymmetric key using a symmetric key.
  - 7. The method of claim 5, wherein the predetermined algorithm comprises a symmetric encryption algorithm.
  - 8. The method of claim 1, wherein the predetermined algorithm comprises hashing.
  - 9. The method of claim 1, wherein the predetermined algorithm comprises watermarking.
  - 10. The method of claim 1, further comprising:
    - (e) determining whether a new predetermined algorithm is available when step (d) fails to decrypt the received encrypted message; and
      
      (f) when a new predetermined algorithm is available, the second node retrieving the new predetermined algorithm and attempting to decrypt the received message using the new predetermined algorithm.
  - 11. The method of claim 10, further comprising ignoring the received message when either a new predetermined algorithm is not available in step (e), or the decryption of step (f) fails.

12. A method for authenticating a node in a distributed computing system, comprising:
- (a) validating a host node using a predetermined validation scheme;
  
  (b) encrypting a message using a predetermined key and a predetermined encryption algorithm when the host node is successfully validated in step (a);
  
  (c) sending the encrypted message to a peer node;
  
  (d) receiving the encrypted message at the peer node;
  
  (e) attempting to decrypt the encrypted message using the predetermined key and the predetermined encryption algorithm; and
  
  (f) changing at least one of the predetermined validation scheme, the predetermined encryption key and the predetermined encryption algorithm when a predetermined event occurs.
- View Dependent Claims (13, 14)
- - 13. The method of claim 12, wherein the predetermined event comprises a predetermined amount of time having elapsed.
  - 14. The method of claim 12, further comprising:
    - (g) determining whether a new predetermined algorithm is available when step (e) fails to decrypt the received encrypted message; and
      
      (h) when a new predetermined algorithm is available, the peer node retrieving the new predetermined algorithm and attempting to decrypt the received message using the new predetermined algorithm.

15. In a distributed computer system, a node that authenticates a peer node based on a received message, comprising:
- a protection module for altering messages using a predetermined algorithm that allows each message to be subsequently authenticated, and a protection key based at least in part on node specific information that changes when node software is altered;
  
  an authentication module for authenticating altered messages received from other nodes using the predetermined algorithm and an authentication key based at least in part on the node specific information; and
  
  control logic that permits the node to process a message when the message is successfully authenticated by the authentication module.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 16. The node of claim 15, wherein the node further comprises control logic that, when the authentication module unsuccessfully authenticates the message, determines whether a new predetermined algorithm is available and, if so, retrieves the new predetermined algorithm for use by the protection and authentication modules.
  - 17. The node of claim 15, wherein the predetermined algorithm comprises encryption.
  - 18. The node of claim 17, wherein the predetermined algorithm comprises encrypting an asymmetric key using a symmetric key.
  - 19. The node of claim 17, wherein the predetermined algorithm comprises a symmetric encryption algorithm.
  - 20. The node of claim 15, wherein the predetermined algorithm comprises hashing.
  - 21. The node of claim 15, wherein the predetermined algorithm comprises watermarking.
  - 22. The node of claim 15, wherein the node further comprises control logic that checks for a new predetermined algorithm when a predetermined event occurs.
  - 23. The node of claim 15, wherein the predetermined event comprises a predetermined amount of time having elapsed.
  - 24. The node of claim 15, wherein the node further comprises control logic that that polls a server to determine whether a new predetermined algorithm is available and, if so, obtains the new predetermined algorithm from the server.
  - 25. The node of claim 16, further comprising control logic that causes the node to ignore the message when either no new predetermined algorithm is available, or the decryption module fails to decrypt the message using the new predetermined algorithm.

26. A computer readable medium storing computer readable instructions that, when executed, cause a computer system to perform a method for authenticating a node, comprising:
- comparing elements of a program environment to expected values;
  
  when the comparing step is successful, altering a message to send to a peer node based on a predetermined algorithm; and
  
  changing any of the elements, a protection algorithm, and a protection key in intervals of time shorter than is required to recover the protection algorithm and the protection key and bypass the comparing step.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Zinda, Eric K., Olson, Erik B.

Granted Patent

US 7,478,233 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

Prevention of software tampering

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

83 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Prevention of software tampering

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links