Add-in card based cheat detection platform for online applications

US 20090143144A1
Filed: 11/30/2007
Published: 06/04/2009
Est. Priority Date: 11/30/2007
Status: Active Grant

First Claim

Patent Images

1. An add-in card comprisinginaccessible memory to store an identity key, wherein the identity key is to enable a secure communication link;

an isolated execution environment; and

a machine-accessible medium comprising content, which, when executed by the isolated execution environment causes the isolated execution environment to;

route secure communications between an on-line application and a remote service provider through the isolated execution environment to provide a secure communication link therebetween;

detect on-line application code modifications;

detect on-line application process flow modifications; and

notify, via the secure communication link, the remote service provider when a modification is detected.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, in one aspect, an add-in card includes inaccessible memory to store an identity key, wherein the identity key is to enable a secure communication link. The add-in card also includes an isolated execution environment and a machine-accessible medium comprising content. The content when executed by the isolated execution environment causes the isolated execution environment to route secure communications between an on-line application and a remote service provider through the isolated execution environment to provide a secure communication link therebetween, detect on-line application code modifications, detect on-line application process flow modifications, and notify, via the secure communication link, the remote service provider when a modification is detected.

33 Citations

View as Search Results

24 Claims

1. An add-in card comprisinginaccessible memory to store an identity key, wherein the identity key is to enable a secure communication link;
- an isolated execution environment; and
  
  a machine-accessible medium comprising content, which, when executed by the isolated execution environment causes the isolated execution environment to;
  
  route secure communications between an on-line application and a remote service provider through the isolated execution environment to provide a secure communication link therebetween;
  
  detect on-line application code modifications;
  
  detect on-line application process flow modifications; and
  
  notify, via the secure communication link, the remote service provider when a modification is detected.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The apparatus of claim 1, wherein the inaccessible memory is a fuse array.
  - 3. The apparatus of claim 1, wherein the content, when executed, causes the isolated execution environment to detect on-line application code modifications byreading a manifest for the on-line application;
    - computing a cryptographic signature for the manifest based on the manifest read by the isolated execution environment and a public key of a private public key pair;
      
      comparing the computed cryptographic signature for the manifest to an expected cryptographic signature for the manifest, wherein the expected cryptographic signature for the manifest was generated by the on-line application developer using a private key of the private public key pair, and wherein the manifest defines parameters related to the on-line application including expected signatures for the code; and
      
      detecting the on-line application code modifications based on non-matching of the computed signature for the manifest and the expected signature for the manifest.
  - 4. The apparatus of claim 3, wherein the content, when executed, causes the isolated execution environment to detect on-line application code modifications further byreading code for the on-line application;
    - backing out fix-ups from on-line application code read by the isolated execution environment;
      
      computing a cryptographic signature for the code after the fix-ups are backed out;
      
      comparing the computed cryptographic signature for the code to an expected cryptographic signature for the code; and
      
      detecting the on-line application code modifications based on non-matching of the computed signature for the code and the expected signature for the code.
  - 5. The apparatus of claim 3, wherein the content, when executed, causes the isolated execution environment to detect on-line application code modifications further byreading a code segment for the on-line application;
    - computing a cryptographic signature for the code segment;
      
      comparing the computed cryptographic signature for the code segment to the expected cryptographic signature for the code segment; and
      
      detecting the on-line application code modifications based on non-matching of the computed signature for the code segment and the expected signature for the code segment.
  - 6. The apparatus of claim 3, wherein the content, when executed, causes the isolated execution environment to detect on-line application process flow modifications byreading external code called out in the on-line application flow control;
    - computing cryptographic signatures for the external code;
      
      comparing the computed cryptographic signatures for the external code to expected cryptographic signatures for the external code; and
      
      detecting the on-line application process flow modifications based on non-matching of the computed signature for the external code and the expected signature for the external code.
  - 7. The apparatus of claim 1, wherein the content, when executed, further causes the isolated execution environment to detect activation of an interrupt handler during use of the on-line application.
  - 8. The apparatus of claim 7, wherein the content, when executed, causes the isolated execution environment to detect activation of an interrupt handler byreceiving interrupt reports;
    - analyzing the interrupt reports to determine if any interrupt handlers have been activated;
      
      gathering data about an activated interrupt handler, including at least some subset of, what interrupt handler is activated and is the on-line application being processed by the interrupt handler; and
      
      reporting the data to the remote service provider.
  - 9. The apparatus of claim 1, further comprisingat least one interface to receive user commands;
    - andfilters to monitor the received user commands and to copy the user commands associated with at least a subset of the input devices to the isolated execution environment.
  - 10. The apparatus of claim 9, wherein the content, when executed, further causes the isolated execution environment to detect user command modifications.
  - 11. The apparatus of claim 10, wherein the content, when executed, causes the isolated execution environment to detect user command modifications byreceiving configuration data from the on-line application;
    - configuring the filters based on the configuration data;
      
      receiving data corresponding to the user commands from the filters;
      
      converting the data to the corresponding user commands, wherein the converting includes utilizing any input translations defined in the configuration data;
      
      receiving application commands from the on-line application, wherein the application commands were processed by the on-line application;
      
      comparing the user commands to the application commands; and
      
      detecting the user command modifications when the user commands and the application commands do not match.
  - 12. The apparatus of claim 1, wherein the isolated execution environment is an embedded processor.
  - 13. The apparatus of claim 1, wherein the isolated execution environment is a graphics processor.
  - 14. The apparatus of claim 1, wherein the add-in card is a PCI Express card.
  - 15. The apparatus of claim 1, wherein the add-in card is a graphics card.

16. A system comprisingmemory to store an on-line application;
- a central processing unit (CPU) to run the on-line application;
  
  at least one input device to enable a user to enter commands; and
  
  an add-in card havingan isolated execution environment processor to detect at least some subset of user command modifications, on-line application code modifications, and on-line application process flow modifications;
  
  at least one interface to receive the user commands from the input devices; and
  
  filters to monitor the received user commands and to copy the user commands associated with at least a subset of the input devices to the isolated execution environment.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
- - 17. The system of claim 16, wherein the add-in card further includes a machine-accessible medium comprising content, which, when executed by the isolated execution environment causes the isolated execution environment to:
    - receive configuration data from the on-line application;
      
      configure the filters based on the configuration data;
      
      receive data corresponding to the user commands from the filters;
      
      convert the data to the corresponding user commands, wherein the converting includes utilizing any input translations defined in the configuration data;
      
      receive application commands from the on-line application, wherein the application commands were processed by the on-line application;
      
      compare the user commands to the application commands; and
      
      detect the user command modifications when the user commands and the application commands do not match.
  - 18. The system of claim 16, wherein the add-in card further includes a machine-accessible medium comprising content, which, when executed by the isolated execution environment causes the isolated execution environment to:
    - read a manifest for the on-line application from the memory;
      
      compute a cryptographic signature for the manifest based on the manifest read by the isolated execution environment and a public key of a private public key pair;
      
      compare the computed cryptographic signature for the manifest to an expected cryptographic signature for the manifest, wherein the expected cryptographic signature for the manifest was generated by the on-line application developer using a private key of the private public key pair, and wherein the manifest defines parameters related to the on-line application including expected signatures for the code; and
      
      detect the on-line application code modifications based on non-matching of the computed signature for the manifest and the expected signature for the manifest.
  - 19. The system of claim 18, wherein the content, when executed, further causes the isolated execution environment to:
    - read code for the on-line application from the memory;
      
      back out fix-ups from on-line application code read by the isolated execution environment;
      
      compute a cryptographic signature for the code after the fix-ups are backed out;
      
      compare the computed cryptographic signature for the code to an expected cryptographic signature for the code; and
      
      detect the on-line application code modifications based on non-matching of the computed signature for the code and the expected signature for the code.
  - 20. The system of claim 18, wherein the content, when executed, further causes the isolated execution environment to:
    - read external code called out in the on-line application flow control from the memory;
      
      compute cryptographic signatures for the external code;
      
      compare the computed cryptographic signatures for the external code to expected cryptographic signatures for the external code; and
      
      detect the on-line application process flow modifications based on non-matching of the computed signature for the external code and the expected signature for the external code.
  - 21. The system of claim 16, wherein the add-in card further includes inaccessible memory to store an identity key, wherein the identity key is to enable secure communication links with the CPU and a remote service provider.
  - 22. The system of claim 21, wherein the add-in card is further to provide a secure communication link between the on-line application and the remote service provider by routing secure communications between the on-line application and the remote service provider through the isolated execution environment.
  - 23. The system of claim 16, wherein the add-in card is a PCI Express card.
  - 24. The system of claim 16, wherein the add-in card is a graphics card.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Johnson, Erik J., Schluessler, Travis T., Goglin, Stephen D.

Granted Patent

US 8,307,439 B2
Time in Patent Office

Days
Field of Search
US Class Current

463/42
CPC Class Codes

A63F 2300/201   Playing authorisation given...

A63F 2300/206   Game information storage, e...

G06F 21/629   to features or functions of...

G06F 21/83   input devices, e.g. keyboar...

Add-in card based cheat detection platform for online applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

33 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Add-in card based cheat detection platform for online applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

33 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links