Method and system for providing tamper-resistant software
First Claim
1. A method of providing tamper-proofing to software of interest, the method comprising:
- providing a security-providing section as part of a tamper-resistant device;
providing a centralized service module for managing one or more security-providing sections in response to a request from a parent portion of the software to be protected;
in response to the request from the parent portion, executing, independent of the parent portion, the security-providing section from the tamper-resistant physical device in a dynamic analysis resistant computing environment under the control of the centralized service module; and
exchanging input and output data with the parent via a shared interface provided by the centralized service module.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for protecting only a portion of the software to be protected against tampering is described. Such a portion may be stored in a tamper-resistant physical device, with optional encryption, for downloading when needed for execution. Several layers of tamper resistance are provided without excessively impacting performance of the protected software. For instance, obfuscation is applied to the code for the service module to minimize the large expense associated with obfuscation. The invention includes embodiments that deliver critical logic, policy information and other similar information with the help of mobile agents, which may be hosted by a server in a smart card.
-
Citations
32 Claims
-
1. A method of providing tamper-proofing to software of interest, the method comprising:
-
providing a security-providing section as part of a tamper-resistant device;
providing a centralized service module for managing one or more security-providing sections in response to a request from a parent portion of the software to be protected;
in response to the request from the parent portion, executing, independent of the parent portion, the security-providing section from the tamper-resistant physical device in a dynamic analysis resistant computing environment under the control of the centralized service module; and
exchanging input and output data with the parent via a shared interface provided by the centralized service module. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system for providing tamper resistant software, the system comprising:
-
a tamper-resistant device for storing critical logic;
a service module having an interface for exchanging input and output data with a plurality of parents; and
a dynamic analysis resistant computing environment for executing a critical logic under control of the service module. - View Dependent Claims (13, 14)
-
-
15. A method for executing tamper proof software, the method comprising:
-
implementing a centralized service module with code that has been made hard to decipher;
authenticating a tamper-resistant device;
establishing a secure link between the tamper-resistant device and the centralized service module;
receiving a critical logic from the tamper-resistant device with the aid of the secure link;
executing the critical logic under the control of the centralized service module; and
providing data to a parent via an interface provided by the centralized service module. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A method of providing tamper-resistance to a software package, the method comprising:
-
storing at least one critical logic code in a tamper resistant device;
configuring the software package to request the at least one critical logic code for execution under the management of a centralized service module, wherein code for the centralized service module executes in a computing environment resistant to one or more of static and dynamic analysis, wherein the code for the centralized service module has been made hard to decipher; and
configuring the software package to use at least one interface for sending data for or receiving data generated from the execution of the at least one critical logic code. - View Dependent Claims (23, 24, 25, 26, 27, 28)
-
- 29. A centralized service module for managing the execution of code, the centralized service module executing in a computing environment resistant to one or more of static and dynamic analysis and implemented by code that is hard to decipher for static analysis.
-
32. A smart card designed to operate with an external dynamic analysis resistant computing environment with authentication such that obfuscated code for a centralized service module executes in the external dynamic analysis resistant computing environment and the smart card provides at least one critical logic to achieve one or more of a generation of a desired result, operation of a software application, and operation of a software module.
Specification