Program authentication on environment

US 20060200859A1
Filed: 03/04/2005
Published: 09/07/2006
Est. Priority Date: 03/04/2005
Status: Active Grant

First Claim

Patent Images

1. A method in combination with a program operating on a computer device, the method for authenticating the program to a resource local to or remote from the computing device and comprising:

retrieving a stored program security identifier (PSID) corresponding to the program, the stored PSID including information taking into account the program itself, the execution setting of the program, and any inputs and initializations that are provided to the program, whereby the PSID represents an approved set of conditions for operating the program in a trusted manner;

re-constructing the PSID based on the same information as obtained from local sources;

comparing the stored and reconstructed PSIDs to determine whether a match exists;

if it is determined that a match exists, concluding that the program operates in the trusted manner according to the approved set of conditions; and

if it is determined that a match does not exist, concluding that the program does not operate in the trusted manner according to the approved set of conditions.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

To authenticate a program on a computing device to a resource local to or remote from the computing device, a stored program security identifier (PSID) corresponding to the program is retrieved, where the stored PSID includes information taking into account the program itself, the execution setting of the program, and any inputs and initializations that are provided to the program. The PSID is re-constructed based on the same information as obtained from local sources, and the stored and reconstructed PSIDs are compared to determine whether a match exists. If so, it may be concluded that the program operates in a trusted manner according to an approved set of conditions.

53 Citations

View as Search Results

20 Claims

1. A method in combination with a program operating on a computer device, the method for authenticating the program to a resource local to or remote from the computing device and comprising:
- retrieving a stored program security identifier (PSID) corresponding to the program, the stored PSID including information taking into account the program itself, the execution setting of the program, and any inputs and initializations that are provided to the program, whereby the PSID represents an approved set of conditions for operating the program in a trusted manner;
  
  re-constructing the PSID based on the same information as obtained from local sources;
  
  comparing the stored and reconstructed PSIDs to determine whether a match exists;
  
  if it is determined that a match exists, concluding that the program operates in the trusted manner according to the approved set of conditions; and
  
  if it is determined that a match does not exist, concluding that the program does not operate in the trusted manner according to the approved set of conditions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 wherein the program to be authenticated is hosted by a number of layers of other programs that ultimately rest upon hardware representative of the computing device.
  - 3. The method of claim 1 wherein the program to be authenticated is hosted by a number of layers of other programs that ultimately rest upon hardware representative of the computing device, the method being performed by a program hosting the program to be authenticated and at a next layer toward the hardware.
  - 4. The method of claim 1 comprising retrieving the stored PSID including information taking into account the program itself, such information including at least one of a digital certificate corresponding to the program and a manifold corresponding to the program.
  - 5. The method of claim 1 comprising retrieving the stored PSID including information taking into account the execution setting of the program, such information including at least one of an identification of other programs directly or indirectly hosting the program to be authenticated, other programs that should be operating on the computing device, and other programs that should not be operating on the computing device.
  - 6. The method of claim 1 comprising retrieving the stored PSID including information taking into account the inputs to the program, such information including at least one of an approved set of inputs for the program.
  - 7. The method of claim 1 comprising retrieving the stored PSID including the information set forth as one of a list and a hash.
  - 8. The method of claim 1 comprising re-constructing the PSID based on the same information as obtained from local sources and a set of re-constructing instructions including at least one of a series of steps to be performed and an executable that performs such series of steps.

9. A method in combination with a program operating on a computer device, the method for authenticating the program to a resource local to or remote from the computing device, the program to be authenticated being hosted by a number of layers of hosting programs that ultimately rest upon hardware representative of the computing device, the method comprising:
- for each of the program to be authenticated and the hosting program at each of at least some layers, establishing a program security identifier (PSID) corresponding to the program, the established PSID including information taking into account the program itself, the execution setting of the program, and any inputs and initializations that are provided to the program, whereby the PSID represents an approved set of conditions for operating the program in a trusted manner;
  
  combining all of the established PSIDs to produce a composite PSID (CPSID) representing an overall security environment of the program to be authenticated; and
  
  delivering the produced CPSID to the resource, whereby such resource reviews such delivered CPSID and determines based at least partially on such review whether to trust the program to be authenticated.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 10. The method of claim 9 comprising establishing the PSID for a particular program by a hosting program at a next layer from the particular program toward the hardware.
  - 11. The method of claim 9 wherein establishing the PSID for a particular program includes retrieving a stored PSID corresponding to the program, re-constructing the retrieved PSID based on the same information as obtained from local sources, and comparing the stored and reconstructed PSIDs to determine that a match exists.
  - 12. The method of claim 9 comprising:
    - for each of the program to be authenticated and the hosting program at each layer, establishing a program security identifier (PSID) corresponding to the program, the stored PSID including information taking into account the program itself, the execution setting of the program, and any inputs and initializations that are provided to the program, whereby the PSID represents an approved set of conditions for operating the program in a trusted manner; and
      
      combining all of the established PSIDs to produce the CPSID representing an overall security environment of the program to be authenticated.
  - 13. The method of claim 9 comprising combining all of the established PSIDs to produce a CPSID as one of an ordered list of the established PSIDs, a hash of the established PSIDs, and the result of a mathematical progression based on the established PSIDs.
  - 14. The method of claim 9 comprising establishing the PSID for each program to include information taking into account the program itself, such information including at least one of a digital certificate corresponding to the program and a manifold corresponding to the program.
  - 15. The method of claim 9 comprising establishing the PSID for each program to include information taking into account the execution setting of the program, such information including at least one of an identification of other programs directly or indirectly hosting the program to be authenticated, other programs that should be operating on the computing device, and other programs that should not be operating on the computing device.
  - 16. The method of claim 9 comprising establishing the PSID for each program to include information taking into account the inputs to the program, such information including at least one of an approved set of inputs for the program.
  - 17. The method of claim 9 wherein the hardware includes a trust module combining all of the established PSIDs to produce the CPSID and delivering the produced CPSID to the resource.
  - 18. The method of claim 9 wherein combining all of the established PSIDs to produce the CPSID comprises:
    - clearing a memory location designated to hold the CPSID;
      
      receiving each established PSID for the CPSID in an ordered manner and, for each received PSID and in an iterative manner;
      
      applying the received PSID to a function f that retrieves a current contents of the memory location;
      
      combining the received PSID with the retrieved current contents of the memory location in a predetermined manner;
      
      performing a mathematical operation on the combination to produce a result; and
      
      placing the result of the operation into the memory location, such that upon processing all PSIDs the memory location contains the CPSID.
  - 19. The method of claim 18 comprising combining the received PSID with the retrieved current contents of the memory location by concatenation.
  - 20. The method of claim 18 comprising performing a hash function on the combination to produce the result.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
England, Paul, Kurien, Thekkthalackal Varugis

Granted Patent

US 7,591,014 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/17
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

Program authentication on environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Program authentication on environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links