METHOD AND SYSTEM FOR PREVENTING EXECUTION OF MALWARE

US 20120331303A1
Filed: 06/23/2011
Published: 12/27/2012
Est. Priority Date: 06/23/2011
Status: Abandoned Application

First Claim

Patent Images

1. A method for preventing execution of malware, the method comprising:

loading code into a non-executable memory;

validating an authentication signature associated with the code;

decrypting the code; and

executing the decrypted code within the executable memory upon a determination that the authentication signature is valid.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for preventing execution of malware in a computing device. The method includes loading code into a non-executable memory of the computing device and validating an authentication signature associated with the code. Subsequently, the code is decrypted and finally, the decrypted code is executed in an executable memory upon a determination that the authentication signature is valid.

Citations

20 Claims

1. A method for preventing execution of malware, the method comprising:
- loading code into a non-executable memory;
  
  validating an authentication signature associated with the code;
  
  decrypting the code; and
  
  executing the decrypted code within the executable memory upon a determination that the authentication signature is valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein the code is divided into a set of blocks before the loading step.
  - 3. The method of claim 2, wherein the loading step includes loading each block into the non-executable memory.
  - 4. The method of claim 2, wherein the validating step includes accumulating the authentication signature associated with each block from the set of blocks and validating the accumulated authentication signature.
  - 5. The method of claim 2, wherein the validating step includes flagging the block of code as secure in case the authentication signature is valid.
  - 6. The method of claim 2, wherein the validating step includes flagging the block of code as suspicious in case the authentication signature is invalid.
  - 7. The method of claim 4, wherein the decrypting step includes decrypting each block from the set of blocks.
  - 8. The method of claim 7, wherein the executing step includes executing the decrypted code for the set of blocks upon a determination that the accumulated authentication signature is valid.
  - 9. The method of claim 1, wherein the decrypting step results in executable data when the code is encrypted using an appropriate key.
  - 10. The method of claim 1, wherein the decrypting step results in non-executable data when the code is encrypted using an inappropriate key.
  - 11. The method of claim 1, wherein the executing step includes transferring the decrypted code from the non-executable memory to the executable memory prior to the execution.
  - 12. The method of claim 1, wherein the executing step includes converting the non-executable memory into the executable memory upon a determination that the authentication signature is valid.

13. A system for preventing execution of malware, the system comprising:
- a non-executable memory configured for receiving code to be executed;
  
  an executable memory; and
  
  a processor configured for;
  
  verifying an authentication signature associated with the code loaded into the non-executable memory;
  
  decrypting the code;
  
  executing the decrypted code within the executable memory upon a determination that the authentication signature is valid.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system of claim 13, wherein the memory is Read Access Memory (RAM).
  - 15. The system of claim 13, wherein the processor decrypts the code to provide executable data when the code is encrypted using an appropriate key.
  - 16. The system of claim 13, wherein the processor decrypts the code to provide non-executable data in case the code is encrypted using an inappropriate key.
  - 17. The system of claim 16, wherein the code resulting in non-executable data having an invalid authentication signature is malware.
  - 18. The system of claim 13, wherein the processor is further configured for transferring the decrypted code from the non-executable memory to the executable memory.
  - 19. The system of claim 13, wherein the processor is further configured for switching the non-executable memory to the executable memory upon a determination that the authentication signature is valid.
  - 20. The system of claim 13, wherein the code includes at least one of:
    - encryption;
      
      orauthentication signature.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microchip Technology Incorporated
Original Assignee
Microchip Technology Incorporated
Inventors
ANDERSSON, Jonathan E., Cash, Shannon, Stewart, Guy A.

Application Number

US13/166,849
Publication Number

US 20120331303A1
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/51 at application loading time...

G06F 21/56 Computer malware detection ...

METHOD AND SYSTEM FOR PREVENTING EXECUTION OF MALWARE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR PREVENTING EXECUTION OF MALWARE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links