METHOD AND DEVICE FOR DETECTING SOFTWARE-TAMPERING

US 20140380469A1
Filed: 03/26/2014
Published: 12/25/2014
Est. Priority Date: 06/20/2013
Status: Active Grant

First Claim

Patent Images

1. A method of detecting software tampering, comprising:

at a device having one or more processors and memory;

receiving a software verification instruction from a server, the software verification instruction comprising a verification parameter dynamically selected by the server for verifying whether particular software stored at the device contains unauthorized modifications;

executing a respective verification procedure corresponding to the verification parameter to obtain a first verification data value; and

returning the first verification data value to the server, wherein the server compares the first verification data value to a second verification data value to determine whether the particular software stored at the device contains unauthorized modifications.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for detecting software tampering includes: at a device having one or more processors and memory: receiving a software verification instruction from a server, the software verification instruction comprising a verification parameter dynamically selected by the server for verifying whether particular software stored at the device contains unauthorized modifications; executing a respective verification procedure corresponding to the verification parameter to obtain a first verification data value; and returning the first verification data value to the server, wherein the server compares the first verification data value to a second verification data value to determine whether the particular software stored at the device contains unauthorized modifications.

16 Citations

View as Search Results

20 Claims

1. A method of detecting software tampering, comprising:
- at a device having one or more processors and memory;
  
  receiving a software verification instruction from a server, the software verification instruction comprising a verification parameter dynamically selected by the server for verifying whether particular software stored at the device contains unauthorized modifications;
  
  executing a respective verification procedure corresponding to the verification parameter to obtain a first verification data value; and
  
  returning the first verification data value to the server, wherein the server compares the first verification data value to a second verification data value to determine whether the particular software stored at the device contains unauthorized modifications.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the verification parameter specifies a respective verification function, and wherein the respective verification function is dynamically selected at random by the server from a plurality of available verification procedures.
  - 3. The method of claim 1, wherein the verification parameter specifies one or more data sampling locations.
  - 4. The method of claim 3, wherein the one or more data sampling locations are dynamically selected at random by the server from a plurality of known sampling locations.
  - 5. The method of claim 3, wherein executing the respective verification procedure corresponding to the verification parameter to obtain the first verification data value further comprises:
    - obtaining respective data values present at the one or more data sampling locations in the particular software residing at the device; and
      
      applying a verification function on the respective data values obtained at the one or more data sampling locations to calculate the first verification data value.
  - 6. The method of claim 5, wherein a respective data sampling location specified by the verification parameter includes a file path under an installation index of the particular software, and wherein obtaining the respective data values present at the one or more data sampling locations in the particular software residing at the device further comprises:
    - selecting a document in the particular software according the file path; and
      
      taking data contained in the document as the respective data value for the respective data sampling location.
  - 7. The method of claim 5, wherein a respective data sampling location specified by the verification parameter includes a memory mapping range of the particular software during execution, and wherein obtaining the respective data values present at the one or more data sampling locations in the particular software residing at the device further comprises:
    - during execution of the particular software at the device, reading data present within the memory mapping range of the particular software; and
      
      taking the data present within the memory mapping range as the respective data value for the respective data sampling location.
  - 8. The method of claim 1, wherein the verification parameter includes executable code, and wherein executing the respective verification procedure corresponding to the verification parameter to obtain the first verification data value further comprises:
    - executing the executable code at the device, where the executable code generates the first verification data value based on data currently present at the device.
  - 9. The method of claim 1, further comprising:
    - before receiving the software verification instruction from a server;
      
      receiving an software installation request or a software execution request for installing or executing the particular software at the device; and
      
      in response to the software execution request or the software execution request, sending a software verification request for verifying the particular software to the server.
  - 10. The method of claim 9, further comprising:
    - after returning the first verification data value to the server;
      
      receiving a negative verification result from the server indicating that the particular software contains unauthorized modifications; and
      
      upon receiving the negative verification result, declining to install or execute the particular software at the device.

11. A system for detecting software tampering, comprising:
- one or more processors; and
  
  memory having instructions stored thereon, the instructions, when executed by the one or more processors, cause the processors to perform operations comprising;
  
  receiving a software verification instruction from a server, the software verification instruction comprising a verification parameter dynamically selected by the server for verifying whether particular software stored at the device contains unauthorized modifications;
  
  executing a respective verification procedure corresponding to the verification parameter to obtain a first verification data value; and
  
  returning the first verification data value to the server, wherein the server compares the first verification data value to a second verification data value to determine whether the particular software stored at the device contains unauthorized modifications.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The system of claim 11, wherein the verification parameter specifies one or more data sampling locations, and wherein executing the respective verification procedure corresponding to the verification parameter to obtain the first verification data value further comprises:
    - obtaining respective data values present at the one or more data sampling locations in the particular software residing at the device; and
      
      applying a verification function on the respective data values obtained at the one or more data sampling locations to calculate the first verification data value.
  - 13. The system of claim 12, wherein a respective data sampling location specified by the verification parameter includes a file path under an installation index of the particular software, and wherein obtaining the respective data values present at the one or more data sampling locations in the particular software residing at the device further comprises:
    - selecting a document in the particular software according the file path; and
      
      taking data contained in the document as the respective data value for the respective data sampling location.
  - 14. The system of claim 12, wherein a respective data sampling location specified by the verification parameter includes a memory mapping range of the particular software during execution, and wherein obtaining the respective data values present at the one or more data sampling locations in the particular software residing at the device further comprises:
    - during execution of the particular software at the device, reading data present within the memory mapping range of the particular software; and
      
      taking the data present within the memory mapping range as the respective data value for the respective data sampling location.
  - 15. The system of claim 11, wherein the verification parameter includes executable code, and wherein executing the respective verification procedure corresponding to the verification parameter to obtain the first verification data value further comprises:
    - executing the executable code at the device, where the executable code generates the first verification data value based on data currently present at the device.
  - 16. The system of claim 11, wherein the operations further comprise:
    - before receiving the software verification instruction from a server;
      
      receiving an software installation request or a software execution request for installing or executing the particular software at the device; and
      
      in response to the software execution request or the software execution request, sending a software verification request for verifying the particular software to the server; and
      
      after returning the first verification data value to the server;
      
      receiving a negative verification result from the server indicating that the particular software contains unauthorized modifications; and
      
      upon receiving the negative verification result, declining to install or execute the particular software at the device.

17. A non-transitory computer-readable medium having instructions stored thereon, the instructions, when executed by one or more processors, cause the processors to perform operations comprising:
- receiving a software verification instruction from a server, the software verification instruction comprising a verification parameter dynamically selected by the server for verifying whether particular software stored at the device contains unauthorized modifications;
  
  executing a respective verification procedure corresponding to the verification parameter to obtain a first verification data value; and
  
  returning the first verification data value to the server, wherein the server compares the first verification data value to a second verification data value to determine whether the particular software stored at the device contains unauthorized modifications.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-readable medium of claim 17, wherein the verification parameter specifies one or more data sampling locations, and wherein executing the respective verification procedure corresponding to the verification parameter to obtain the first verification data value further comprises:
    - obtaining respective data values present at the one or more data sampling locations in the particular software residing at the device; and
      
      applying a verification function on the respective data values obtained at the one or more data sampling locations to calculate the first verification data value.
  - 19. The computer-readable medium of claim 18, wherein a respective data sampling location specified by the verification parameter includes a file path under an installation index of the particular software, and wherein obtaining the respective data values present at the one or more data sampling locations in the particular software residing at the device further comprises:
    - selecting a document in the particular software according the file path; and
      
      taking data contained in the document as the respective data value for the respective data sampling location.
  - 20. The computer-readable medium of claim 18, wherein a respective data sampling location specified by the verification parameter includes a memory mapping range of the particular software during execution, and wherein obtaining the respective data values present at the one or more data sampling locations in the particular software residing at the device further comprises:
    - during execution of the particular software at the device, reading data present within the memory mapping range of the particular software; and
      
      taking the data present within the memory mapping range as the respective data value for the respective data sampling location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tencent Technology Company Limited (Tencent Holdings Limited)
Original Assignee
Tencent Technology Company Limited (Tencent Holdings Limited)
Inventors
Chen, Shuhua, Xiao, Tianming

Granted Patent

US 9,607,147 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/22
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/52   during program execution, e...

G06F 21/554   involving event detection a...

G06F 2221/033   Test or assess software

METHOD AND DEVICE FOR DETECTING SOFTWARE-TAMPERING

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND DEVICE FOR DETECTING SOFTWARE-TAMPERING

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links