Virus immune computer system and method
First Claim
1. A method for preventing hacker code from infecting an application program, the method comprising the steps of:
- accessing a computer comprising a second-non-transitory computer storage medium;
a random access memory;
an address bus;
a central processing unit; and
an operating system, the operating system stored in the second-non-transitory computer storage medium of the computer;
providing a security device comprising a first-non-transitory computer storage medium, said security device being a separate unit from components necessary to operate the computer;
storing a symmetric private key on the security device, the symmetric private key being symmetric in that it is usable for encryption and decryption of the application program stored in the random access memory of the computer;
using the symmetric private key to produce an encrypted application program upon first installation of the application program on the computer, the encrypted application program comprising encrypted operational instructions needed to run the application program, such that after such first installation, the encrypted application program is the only installed version of the application program on the computer;
upon receiving a command on the computer to run the application program;
loading the encrypted application program into the random access memory of the computer;
requiring the central processing unit to decrypt, using the symmetric private key, that part of the encrypted application program needed implement the command to run the application program; and
requiring the central processing unit to decrypt, on the fly, only those follow-on parts of the encrypted application program needed to perform functions called for during operation of the application program.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus prevents hacker code from infecting an application program by requiring decryption of the application program prior to running the application program on a computer. The method includes steps of: providing a security device that is a separate unit from components necessary to operate the computer; storing a symmetric private key on the security device; using the device symmetric private key to produce an encrypted application program upon first installation; thereafter decrypting that part of the encrypted application program needed implement a command to run the application program; and, decrypting, on the fly, only those follow-on parts of the encrypted application program needed to perform functions called for during operation of the application program.
2 Citations
19 Claims
-
1. A method for preventing hacker code from infecting an application program, the method comprising the steps of:
-
accessing a computer comprising a second-non-transitory computer storage medium;
a random access memory;
an address bus;
a central processing unit; and
an operating system, the operating system stored in the second-non-transitory computer storage medium of the computer;providing a security device comprising a first-non-transitory computer storage medium, said security device being a separate unit from components necessary to operate the computer; storing a symmetric private key on the security device, the symmetric private key being symmetric in that it is usable for encryption and decryption of the application program stored in the random access memory of the computer; using the symmetric private key to produce an encrypted application program upon first installation of the application program on the computer, the encrypted application program comprising encrypted operational instructions needed to run the application program, such that after such first installation, the encrypted application program is the only installed version of the application program on the computer; upon receiving a command on the computer to run the application program; loading the encrypted application program into the random access memory of the computer; requiring the central processing unit to decrypt, using the symmetric private key, that part of the encrypted application program needed implement the command to run the application program; and requiring the central processing unit to decrypt, on the fly, only those follow-on parts of the encrypted application program needed to perform functions called for during operation of the application program. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A security device for improving operation of a computer to provide it immunity from infection of a software program by a software virus or in memory software code injection, the security device comprising:
-
a first-non-transitory computer storage medium installed within a unit that is separate from components necessary for the operation of the computer; a symmetric private key usable for encryption and decryption of a software program, the symmetric private key stored on the first-non-transitory computer storage medium within the unit; a second-non-transitory computer storage medium that is necessary for operation of the computer, the second-non-transitory computer storage medium storing computer code operable to; enable the computer to which the unit is connected to use the symmetric private key to encrypt a software program upon first installation of the software program and thereby create a first-encrypted software program; require the computer to use the symmetric private key upon each startup of the first-encrypted software program to decrypt the first-encrypted software program to produce a first-decrypted software program; execute the first-decrypted software program on the computer; and prevent access to the symmetric private key after the symmetric private key is first accessed to produce the first-decrypted software program, unless express authorization is first obtained. - View Dependent Claims (13, 14, 15)
-
-
16. A method for improving operation of a computer to provide the computer with immunity from infection of a software program by a software virus or by memory software code injection, the method comprising the steps of:
-
hosting an operating system in a non-transitory computer storage medium accessible by a computer; receiving at the computer an encrypted device symmetric private key through a network connection; decrypting the encrypted device symmetric private key on the computer to derive a decrypted device symmetric private key; encrypting a software program using the decrypted device symmetric private key upon first installation of the software program and thereby create an encrypted software program that is the only installed version of the software program on the computer; when executing a command to start the software program, requiring the operating system to use the decrypted device symmetric private key to decrypt a first part of the encrypted software program necessary to start the software program; requiring the computer to use the decrypted device symmetric private key to subsequently decrypt any second part of the encrypted software program that is needed during operation of the first part; and precluding the operating system from running any executable code that has not been previously encrypted with the decrypted device symmetric private key. - View Dependent Claims (17)
-
-
18. A method for improving operation of a computer to provide the computer with immunity from infection of a software program by a software virus or by memory software code injection, the method comprising the steps of:
-
hosting an operating system in a non-transitory computer storage medium accessible by a computer; receiving at the computer an encrypted device symmetric private key through a network connection; decrypting the encrypted device symmetric private key on the computer to derive a decrypted device symmetric private key; encrypting a software program using the decrypted device symmetric private key upon first installation of the software program and thereby create an encrypted software program that is the only installed version of the software program on the computer; when executing a command to start the software program, requiring the operating system to use the decrypted device symmetric private key to decrypt a first part of the encrypted software program necessary to start the software program; requiring the computer to use the decrypted device symmetric private key to subsequently decrypt any second part of the encrypted software program that is needed during operation of the first part; and storing the first part and any second part that is decrypted in a random access memory accessible by the computer. - View Dependent Claims (19)
-
Specification