Method and System for Intrusion Detection
First Claim
1. Method for protecting computer software by detecting an attack of an intruding program interfering with the execution of said protected software on a computer system with a processor and at least a processor memory, the processor executing the protected software,wherein the computer software to be protected communicates with a license container containing a license for using and executing the protected computer software and containing at least one cryptographic key,wherein the license container provides licenses and cryptographic keys for the protected software to protect its usage and its integrity, andwherein the protected computer software is at least partly encrypted and uses the associated cryptographic keys to decrypt said protected software for executingcomprising:
- during execution of the protected software, searching for patterns of an intrusion into the protected softwaredetecting an intrusion into the protected software during the execution of the protected software wherein the intruding program uses a monitoring component for gaining unauthorized access; and
creating a signal on detection of an attack.
1 Assignment
0 Petitions
Accused Products
Abstract
Method for protecting computer software by detecting an attack of an intruding program interfering with the execution of said protected software on a computer system with a processor and at least a processor memory, wherein the computer software to be protected communicates with a license container containing a license for using and executing the protected computer software and containing at least one cryptographic key, wherein the license container provides licenses and cryptographic keys for the protected software to protect its usage and its integrity, and wherein the protected computer software is at least partly encrypted and uses the associated cryptographic keys to decrypt said protected software for executing comprises the following steps: during execution of the protected software, analyzing the behavior of the protected software and/or the execution environment of the protected software on the computer system, and searching for patterns of an intrusion or an intruding program, detecting an intrusion into the protected software during the execution of the protected software, wherein the intruding program uses a monitoring component for gaining unauthorized access, and creating a signal on detection of an attack.
128 Citations
44 Claims
-
1. Method for protecting computer software by detecting an attack of an intruding program interfering with the execution of said protected software on a computer system with a processor and at least a processor memory, the processor executing the protected software,
wherein the computer software to be protected communicates with a license container containing a license for using and executing the protected computer software and containing at least one cryptographic key, wherein the license container provides licenses and cryptographic keys for the protected software to protect its usage and its integrity, and wherein the protected computer software is at least partly encrypted and uses the associated cryptographic keys to decrypt said protected software for executing comprising: -
during execution of the protected software, searching for patterns of an intrusion into the protected software detecting an intrusion into the protected software during the execution of the protected software wherein the intruding program uses a monitoring component for gaining unauthorized access; and creating a signal on detection of an attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 31, 32, 33, 34)
-
-
30. Apparatus for providing intrusion detection for protected computer software on a computer system by using system components comprising
means for a monitor program executing on the computer system communicating with a control program executing on the computer system through messages containing audit information from the protected application program for program said control program in communication with a protection device attached to said computer system the protection device receiving an intrusion prevention specification from a remote intrusion protection service provider wherein the intrusion prevention specification specifies at least one target attribute to be recorded from a set of possible target attributes generated during a monitoring process by the monitor program; - and
the intrusion prevention specification also specifies at least one monitoring criterion that triggers recording of at least one target attribute during the monitoring process; the monitor program record the at least one target attribute in response to detecting the at least one monitoring criterion produce an intrusion log by recording the at least one target attribute in response to detecting the at least one monitoring criterion.
- and
-
35. A computer readable medium storing instructions for causing a computer to perform a process for protecting computer software by detecting an attack of an intruding program interfering with the execution of said protected software on a computer system with a processor and at least a processor memory, the computer software to be protected being at least partly encrypted and communicating with a license container containing at least one cryptographic key and using the at least one cryptographic key for decrypting the protected software for execution;
- the process comprising;
during execution of the protected software, searching for patterns of an intrusion into the protected software; detecting an intrusion into the protected software during the execution of the protected software, wherein the intruding program uses a monitoring component for gaining unauthorized access; and creating a signal on detection of an attack. - View Dependent Claims (36, 37, 38, 39, 40, 41, 42, 43, 44)
- the process comprising;
Specification