Profile protection

US 20050278535A1
Filed: 02/17/2005
Published: 12/15/2005
Est. Priority Date: 06/12/2004
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium having computer-executable instructions and one or more data structures stored thereon for use by a computing system to verify the originality of pieces of information, comprising:

a profile encrypted with a private library key of a protection dynamic-link library, the profile including profile data whose size and format is dependent on a profile type, the profile further including a signature digitally signed with a public library key of the protection dynamic-link library, and the profile even further including a verifier blob that contains a checksum of an identifier identifying the profile and the profile data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Tampering with pieces of software is inhibited. Profiles are stored in a central hierarchical database and such profiles are protected from tampering. The obfuscation of a software image so as to becloud the comprehension of hackers in reverse engineering pieces of software comprising the software image is provided. A process of verifying whether the pieces of software together constitute a software package that requires protection from tampering is also provided.

Citations

19 Claims

1. A computer-readable medium having computer-executable instructions and one or more data structures stored thereon for use by a computing system to verify the originality of pieces of information, comprising:
- a profile encrypted with a private library key of a protection dynamic-link library, the profile including profile data whose size and format is dependent on a profile type, the profile further including a signature digitally signed with a public library key of the protection dynamic-link library, and the profile even further including a verifier blob that contains a checksum of an identifier identifying the profile and the profile data.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer-readable medium of claim 1, wherein the computer-readable medium has a central hierarchical database in which the profile is stored.
  - 3. The computer-readable medium of claim 2, further comprising a log-on module including a private calling key and a public calling key, the verifier blob of the profile being encrypted with the private calling key and signed with the public calling key.
  - 4. The computer-readable medium of claim 2, wherein the protection dynamic-link library including a public library key and a private library key, the signature of the profile being signed with the public library key, the profile being encrypted with the private library key.
  - 5. The computer-readable medium of claim 2, wherein the organization of the profile data, the signature, and the verifier blob of the profile is different from another profile.

6. A computer-implemented method for protecting interoperation between pieces of software, the computer-implemented method comprising:
- initiating access to a profile stored in a central hierarchical database by a first piece of software having a public calling key and a private calling key, the first piece of software sending a random salt value; and
  
  after receiving the random salt value by a second piece of software having a private library key, the second piece of software finding the profile in the central hierarchical database and decrypting the profile using the private library key.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The computer-implemented method of claim 6, wherein the second piece of software computes a first checksum of a collection of information that includes an identifier of the profile, the profile data, the result of finding the profile, and the random salt value.
  - 8. The computer-implemented method of claim 7, wherein the second piece of software sends the result of finding the profile, a verifier blob of the profile signed by the public calling key and encrypted with the private calling key, and the first checksum computed by the second piece of software.
  - 9. A computer-implemented method of claim 8, further comprising after receiving the result of the profile, the verifier blob, and the first checksum, the first piece of software decrypts the verifier blob using the private calling key and verifying the signature by using the public calling key, the first piece of software computing a second checksum of a collection of information that includes an identifier of the profile, the profile data, the result of finding the profile, and the random salt value.
  - 10. A computer-implemented method of claim 9, further comprising comparing the first checksum with the second checksum and concluding that tampering has occurred when the first checksum does not match the second checksum.

11. A computer-readable medium having executable instructions stored thereon for implementing a computer-implemented method for protection interoperation between pieces of software, the computer-implemented method comprising:
- initiating access to a profile stored in a central hierarchical database by a first piece of software having a public calling key and a private calling key, the first piece of software sending a random salt value; and
  
  after receiving the random salt value by a second piece of software having a private library key, the second piece of software finding the profile in the central hierarchical database and decrypting the profile using the private library key.

12. The computer-readable medium of Claim I1, wherein the second piece of software computes a first checksum of a collection of information that includes an identifier of the profile, the profile data, the result of finding the profile, and the random salt value.
- View Dependent Claims (13, 14, 15)
- - 13. The computer-readable medium of claim 12, wherein the second piece of software sends the result of finding the profile, a verifier blob of the profile signed by the public calling key and encrypted with the private calling key, and the first checksum computed by the second piece of software.
  - 14. A computer-readable medium of claim 13, further comprising after receiving the result of the profile, the verifier blob, and the first checksum, the first piece of software decrypts the verifier blob using the private calling key and verifying the signature by using the public calling key, the first piece of software computing a second checksum of a collection of information that includes an identifier of the profile, the profile data, the result of finding the profile, and the random salt value.
  - 15. A computer-readable medium of claim 14, further comprising comparing the first checksum with the second checksum and concluding that tampering has occurred when the first checksum does not match the second checksum.

16. A system for protecting interoperation between pieces of software, comprising:
- means for initiating access to a profile stored in a central hierarchical database by a first piece of software having a public calling key and a private calling key, the first piece of software sending a random salt value; and
  
  after receiving the random salt value by a second piece of software having a private library key, the second piece of software executing a means for finding the profile in the central hierarchical database and decrypting the profile using the private library key.
- View Dependent Claims (17, 18, 19)
- - 17. The system of claim 16, wherein the second piece of software uses a means for computing a first checksum of a collection of information that includes an identifier of the profile, the profile data, the result of finding the profile, and the random salt value.
  - 18. The system of claim 17, wherein the second piece of software uses a means for sending the result of finding the profile, a verifier blob of the profile signed by the public calling key and encrypted with the private calling key, and the first checksum computed by the second piece of software.
  - 19. A system of claim 18, further comprising after receiving the result of the profile, the verifier blob, and the first checksum, the first piece of software decrypts the verifier blob using the private calling key and executing means for verifying the signature by using the public calling key, the first piece of software computing a second checksum of a collection of information that includes an identifier of the profile, the profile data, the result of finding the profile, and the random salt value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Wu, Wei, Fortune, Erik, El-Gammal, Mohammed, Bennett, Julie D.

Granted Patent

US 7,891,008 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/121   Restricting unauthorised ex...

G06F 21/14   against software analysis o...

G06F 21/50   Monitoring users, programs ...

G06F 21/55   Detecting local intrusion o...

G06F 21/57   Certifying or maintaining t...

G06F 21/64   Protecting data integrity, ...

G06F 8/60   Software deployment

G06F 8/61   Installation

H04L 2209/16   Obfuscation or hiding, e.g....

H04L 9/0836   using tree structure or hie...

H04L 9/3236   using cryptographic hash fu...

H04L 9/3247   involving digital signatures

Profile protection

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Profile protection

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links