System and Method for Detecting a Security Compromise on a Device

US 20150033031A1
Filed: 10/10/2014
Published: 01/29/2015
Est. Priority Date: 07/31/2012
Status: Active Grant

First Claim

Patent Images

1-20. -20. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of a system and method for detecting a security compromise on a device are described. Embodiments may be implemented by a content consumption application configured to protect content decryption keys on a device, such as a computer system (e.g., a desktop or notebook computer) or a mobile device (e.g., a smartphone or tablet). For instance, the content consumption application may be configured to provide decryption keys for respective content to a media component (or another component of the operating system) if multiple conditions have been met. For instance, in various embodiments, the content consumption application may pass the key to the media component after ensuring that i) one or more security mechanisms of the device operating system have not been compromised and ii) one or more executable instructions of the content consumption application have not been tampered (e.g., instructions corresponding to a function that handles the decryption key(s)).

39 Citations

View as Search Results

40 Claims

1-20. -20. (canceled)

21. A computer-implemented method comprising:
- receiving, via an application executing on a computer, one or more decryption keys configured to enable a media component on the computer to decrypt encrypted content;
  
  determining whether a replacement operating system or an altered operating system is present on the computer;
  
  determining that one or more security mechanisms of an operating system of the computer are not compromised in response to a replacement operating system or an altered operating system not being present on the computer; and
  
  providing, via the application, the one or more decryption keys to the media component on the computer in response to determining that the one or more security mechanisms of the operating system of the computer are not compromised.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
- - 22. The computer-implemented method of claim 21, wherein determining whether a replacement operating system or an altered operating system is present on the computer determines whether a file indicative of a replacement operating system or an altered operating system is present on the computer.
  - 23. The computer-implemented method of claim 21, wherein determining whether the file is present on the computer further comprises determining that a file having a specific file name or content associated with a replacement operating system or an altered operating system is present on the computer.
  - 24. The computer-implemented method of claim 21, further comprising:
    - attempting to initiate execution of an insecure application through the operating system; and
      
      determining that the one or more security mechanisms of the operating system are not compromised in response to the operating system preventing execution of the insecure application.
  - 25. The computer-implemented method of claim 24, wherein the insecure application does not have a valid digital signature associated with approval by an approval authority.
  - 26. The computer-implemented method of claim 21, further comprising:
    - generating a hash based on one or more executable instructions of a function of the application that handles the one or more decryption keys;
      
      determining that the one or more instructions of the application are not compromised in response to the generated hash matching a hash generated from an unaltered version of the function; and
      
      providing, via the application, the one or more decryption keys to the media component on the computer in response to determining that the one or more instructions of the application are not compromised.
  - 27. The computer-implemented method of claim 26, wherein generating the hash comprises generating a cyclic redundancy check (CRC) code based on the one or more executable instructions of the function that handles the one or more decryption keys.
  - 28. The computer-implemented method of claim 21, further comprising:
    - attempting, via the application, to access a memory space assigned by the operating system of the computer to another application to test whether one or more security mechanisms of the operating system are compromised; and
      
      determining that the one or more security mechanisms of the operating system are not compromised in response to the operating system not permitting the application to access the memory space assigned to the other application.
  - 29. The computer-implemented method of claim 28, further comprising causing the other application to access a memory space assigned by the operating system to the application;
    - anddetermining that the one or more security mechanisms of the operating system are not compromised in response to the operating system not permitting the other application to access the memory space assigned to the application.

30. A system, comprising:
- one or more processors;
  
  one or more computer-readable media comprising processor-executable instructions that, responsive to execution by the one or more processors, implement an application to perform operations comprising;
  
  receiving one or more decryption keys configured to enable a media component on the system to decrypt encrypted content;
  
  determining whether a file indicative of a replacement operating system or an altered operating system is present on the system;
  
  determining that one or more security mechanisms of an operating system of the system are not compromised in response to the file indicative of a replacement operating system or an altered operating system not being present on the system; and
  
  providing the one or more decryption keys to the media component on the system in response to determining that the one or more security mechanisms of the operating system of the system are not compromised.
- View Dependent Claims (31, 32, 33, 34, 35)
- - 31. The system of claim 30, wherein determining whether the file is present on the system further comprises determining that a file having a specific file name or content associated with a replacement operating system or an altered operating system is present on the system.
  - 32. The system of claim 30, wherein the operations further comprise:
    - attempting to initiate execution of an insecure application through the operating system; and
      
      determining that the one or more security mechanisms of the operating system are not compromised in response to the operating system preventing execution of the insecure application.
  - 33. The system of claim 30, wherein the operations further comprise:
    - attempting, via the application, to access a memory space assigned by the operating system of the computer to another application to test whether one or more security mechanisms of the operating system are compromised; and
      
      determining that the one or more security mechanisms of the operating system are not compromised in response to the operating system not permitting the application to access the memory space assigned to the other application.
  - 34. The system of claim 33, wherein the operations further comprise:
    - causing the other application to attempt to access a memory space of the application; and
      
      determining that the one or more that the one or more security mechanisms of the operating system are not compromised in response to the operating system not permitting the other application to access the memory space assigned to the application.
  - 35. The system of claim 31, wherein the one or more decryption keys are received with, or as part of, a license associated with the encrypted content.

36. A computer-readable storage device comprising processor-executable instructions that, responsive to execution by one or more processors, implement an application to perform operations comprising:
- receiving one or more decryption keys configured to enable a media component of a computing device to decrypt encrypted content;
  
  determining whether a replacement operating system or an altered operating system is present on the computing device;
  
  determining that one or more security mechanisms of an operating system of the computing device are not compromised in response to a replacement operating system or an altered operating system not being present on the computing device; and
  
  providing the one or more decryption keys to the media component of the computing device in response to determining that the one or more security mechanisms of the operating system of the computing device are not compromised.
- View Dependent Claims (37, 38, 39, 40)
- - 37. The computer-readable storage device system of claim 36, wherein the operations further comprise:
    - generating a hash based on one or more processor-executable instructions of a function of the application that handles the one or more decryption keys;
      
      determining that the processor-executable instructions of the application are not compromised in response to the generated hash matching a hash generated from an unaltered version of the function; and
      
      providing the one or more decryption keys to the media component of the computing device in response to determining that the processor-executable instructions of the application are not compromised.
  - 38. The computer-readable storage device system of claim 36, wherein the operations further comprise:
    - initiating execution of an anti-debugging function of the operating system, the anti-debugging function configured to prevent debugging applications from intercepting the decryption keys;
      
      determining that the processor-executable instructions of the application are not altered in response to the anti-debugging function executing and preventing the debugging applications from intercepting the decryption keys; and
      
      providing the one or more decryption keys to the media component of the computing device in response to determining that the processor-executable instructions of the application are not altered.
  - 39. The computer-readable storage device system of claim 38, wherein execution of the anti-debugging function is effective to prevent the debugging applications from attaching to the application.
  - 40. The computer-readable storage device system of claim 36, wherein the one or more decryption keys are received as part of an encrypted content license and the operations further comprise:
    - receiving the encrypted content license from a license server; and
      
      decrypting the encrypted content license with a public key associated with the computing device effective to enable the application to access the one or more decryption keys.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Adobe Inc.
Original Assignee
Adobe Systems Incorporated (Adobe Inc.)
Inventors
Swaminathan, Viswanathan, Wei, Sheng

Granted Patent

US 9,619,653 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/187
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/554   involving event detection a...

G06F 21/577   Assessing vulnerabilities a...

System and Method for Detecting a Security Compromise on a Device

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

39 Citations

40 Claims

Specification

Solutions

Use Cases

Quick Links

System and Method for Detecting a Security Compromise on a Device

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

39 Citations

40 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links