System and method for protecting use of dynamically linked executable modules

US 5,757,914 A
Filed: 10/26/1995
Issued: 05/26/1998
Est. Priority Date: 10/26/1995
Status: Expired due to Term

First Claim

Patent Images

1. A computer system comprising:

memory for storing programs and data;

a data processing unit for executing programs stored in the memory;

a program module verifier, stored in the memory and executable by the data processing unit, configured to respond to procedure calls to said program module verifier by verifying authenticity of any specified program module and by returning a verification confirmation or denial in response to each such procedure call;

a first program module, stored in the memory; and

a second program module, stored in the memory;

said first program module including procedures executable by the data processing unit, the first program module'"'"'s procedures including;

a procedure call to said second program module;

a procedure call to said program module verifier for verifying the second module'"'"'s authenticity, wherein the procedure call to said program module verifier is logically positioned in said first program module so as to be executed prior to execution of said procedure call to said second program module; and

instructions preventing execution of said procedure call to said second program module when said procedure call to said program module verifier results in a verification denial being returned by said program module verifier;

said second program module including procedures executable by the data processing unit, the second program module'"'"'s procedures including;

an executable procedure to be performed in response to said procedure call to said second program module;

a procedure call to said program module verifier for verifying the first module'"'"'s authenticity, wherein the procedure call to said program module verifier is logically positioned in said second program module so as to be executed prior to execution of said executable procedure; and

instructions preventing execution of said executable procedure when said procedure call to said program module verifier results in a verification denial being returned by said program module verifier.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system has a program module verifier and at least first and second program modules. Each program module includes a digital signature and an executable procedure The first program module furthermore includes a procedure call to the second procedure module, a procedure call to the program module verifier that is logically positioned in the first program module so as to be executed prior to execution of the procedure call to the second program module, and instructions preventing execution of the procedure call to the second program module when the procedure call to the program module verifier results in a verification denial being returned by the program module verifier. The second program module includes an executable procedure to be performed in response to the procedure call by the first program module to the second program module, a procedure call to the program module verifier that is logically positioned in the second program module so as to be executed prior to completion of execution of the second program module'"'"'s executable procedure, and instructions preventing completion of execution of that executable procedure when the program module verifier returns a verification denial with respect to the first program module. The program module verifier responds to procedure calls by verifying the authenticity of any specified program module and by returning a verification confirmation or denial. When the program module verifier fails to verify the authenticity of a program module, the calling program module throws an exception and aborts its execution.

218 Citations

21 Claims

1. A computer system comprising:
- memory for storing programs and data;
  
  a data processing unit for executing programs stored in the memory;
  
  a program module verifier, stored in the memory and executable by the data processing unit, configured to respond to procedure calls to said program module verifier by verifying authenticity of any specified program module and by returning a verification confirmation or denial in response to each such procedure call;
  
  a first program module, stored in the memory; and
  
  a second program module, stored in the memory;
  
  said first program module including procedures executable by the data processing unit, the first program module'"'"'s procedures including;
  
  a procedure call to said second program module;
  
  a procedure call to said program module verifier for verifying the second module'"'"'s authenticity, wherein the procedure call to said program module verifier is logically positioned in said first program module so as to be executed prior to execution of said procedure call to said second program module; and
  
  instructions preventing execution of said procedure call to said second program module when said procedure call to said program module verifier results in a verification denial being returned by said program module verifier;
  
  said second program module including procedures executable by the data processing unit, the second program module'"'"'s procedures including;
  
  an executable procedure to be performed in response to said procedure call to said second program module;
  
  a procedure call to said program module verifier for verifying the first module'"'"'s authenticity, wherein the procedure call to said program module verifier is logically positioned in said second program module so as to be executed prior to execution of said executable procedure; and
  
  instructions preventing execution of said executable procedure when said procedure call to said program module verifier results in a verification denial being returned by said program module verifier.
- View Dependent Claims (2, 3)
- - 2. The computer system of claim 1, whereinsaid program verifier module includes instructions for issuing an authenticity verification for any specified program module only when inspection of the specified program module indicates that the specified program module is identical to a corresponding program module known to be authentic, and for otherwise issuing an authenticity verification denial;
    - andsaid instructions preventing execution of said procedure call include instructions for aborting execution of said first program module when said procedure call to said program module verifier results in a verification denial being returned by said program module verifier.
  - 3. The computer system of claim 1,said first program module including a first digital signature and a first executable procedure;
    - said second program module including a second digital signature and a second executable procedure;
      
      said program verifier module including instructions for responding to a procedure call requesting verification of said second program module by (A1) decoding said second digital signature in said second program module with a corresponding decoding key, (A2) generating a message digest of at least a portion said second program module in accordance with a predefined message digest function, (A3) returning a verification confirmation when said decoded digital signature matches said message digest, and (A4) returning a verification denial when said decoded digital signature does not match said message digest.

4. A computer system comprising:
- memory for storing programs and data;
  
  a data processing unit for executing programs stored in the memory;
  
  (A) a program module verifier, stored in the memory and executable by the data processing unit, the program module verifier configured to respond to procedure calls to said program module verifier by verifying authenticity of any specified program module and by returning a verification confirmation or denial in response to each such procedure call;
  
  (B) a first program module, stored in the memory, having a first procedure executable by the data processing unit; and
  
  (C) a second program module, stored in the memory;
  
  said first program module including a procedure call to said second program module;
  
  said second program module including;
  
  (C1) a second procedure, executable by the data processing unit, to be performed in response to said procedure call to said second program module;
  
  (C2) a procedure call to said program module verifier for verifying the first module'"'"'s authenticity, wherein the procedure call to said program module verifier is logically positioned in said second program module so as to be executed prior to completion of execution of said second executable procedure; and
  
  (C3) instructions preventing completion of execution of said second executable procedure when said procedure call to said program module verifier results in a verification denial being returned by said program module verifier.
- View Dependent Claims (5, 6)
- - 5. The computer system of claim 4, whereinsaid program verifier module includes instructions for issuing an authenticity verification for any specified program module only when inspection of the specified program module indicates that the specified program module is identical to a corresponding program module known to be authentic, and for otherwise issuing an authenticity verification denial;
    - andsaid instructions preventing completion of execution of said second executable procedure include instructions for aborting execution of said second program module when said procedure call to said program module verifier results in a verification denial being returned by said program module verifier.
  - 6. The computer system of claim 4,said first program module including a first digital signature;
    - andsaid program verifier module including instructions for responding to a procedure call requesting verification of said first program module by (A1) decoding said first digital signature in said first program module with a corresponding decoding key, (A2) generating a message digest of at least a portion said first program module in accordance with a predefined message digest function, (A3) returning a verification confirmation when said decoded digital signature matches said message digest, and (A4) returning a verification denial when said decoded digital signature does not match said message digest.

7. A computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism comprising:
- (A) a program module verifier configured to respond to procedure calls to said program module verifier by verifying authenticity of any specified program module and by returning a verification confirmation or denial in response to each such procedure call;
  
  (B) a first program module; and
  
  (C) a second program module;
  
  said first program module including;
  
  (B1) a procedure call to said second program module;
  
  (B2) a procedure call to said program module verifier logically positioned in said first program module so as to be executed prior to execution of said procedure call to said second program module; and
  
  (B3) instructions preventing execution of said procedure call to said second program module when said procedure call to said program module verifier results in a verification denial being returned by said program module verifier;
  
  said second program module including;
  
  (C1) an executable procedure to be performed in response to said procedure call to said second program module;
  
  (C2) a procedure call to said program module verifier for verifying the first module'"'"'s authenticity, wherein the procedure call to said program module verifier is logically positioned in said second program module so as to be executed prior to completion of execution of said executable procedure; and
  
  (C3) instructions preventing completion of execution of said executable procedure when said procedure call to said program module verifier results in a verification denial being returned by said program module verifier.
- View Dependent Claims (8, 9)
- - 8. The computer program product of claim 7, whereinsaid program verifier module includes instructions for issuing an authenticity verification for any specified program module only when inspection of the specified program module indicates that the specified program module is identical to a corresponding program module known to be authentic, and for otherwise issuing an authenticity verification denial;
    - andsaid instructions preventing execution of said procedure call include instructions for aborting execution of said first program module when said procedure call to said program module verifier results in a verification denial being returned by said program module verifier.
  - 9. The computer program product of claim 7,said first program module including a first digital signature and a first executable procedure;
    - said second program module including a second digital signature and a second executable procedure;
      
      said program verifier module including instructions for responding to a procedure call requesting verification of said second program module by (A1) decoding said second digital signature in said second program module with a corresponding decoding key, (A2) generating a message digest of at least a portion said second program module in accordance with a predefined message digest function, (A3) returning a verification confirmation when said decoded digital signature matches said message digest, and (A4) returning a verification denial when said decoded digital signature does not match said message digest.

10. A computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism comprising:
- (A) a program module verifier configured to respond to procedure calls to said program module verifier by verifying authenticity of any specified program module and by returning a verification confirmation or denial in response to each such procedure call;
  
  (B) a first program module having a first executable procedure; and
  
  (C) a second program module;
  
  said first program module including a procedure call to said second program module;
  
  said second program module including;
  
  (C1) a second executable procedure to be performed in response to said procedure call to said second program module;
  
  (C2) a procedure call to said program module verifier for verifying the first module'"'"'s authenticity, wherein the procedure call to said program module verifier is logically positioned in said second program module so as to be executed prior to completion of execution of said second executable procedure; and
  
  (C3) instructions preventing completion of execution of said second executable procedure when said procedure call to said program module verifier results in a verification denial being returned by said program module verifier.
- View Dependent Claims (11, 12)
- - 11. The computer program product of claim 10, whereinsaid program verifier module includes instructions for issuing an authenticity verification for any specified program module only when inspection of the specified program module indicates that the specified program module is identical to a corresponding program module known to be authentic, and for otherwise issuing an authenticity verification denial;
    - andsaid instructions preventing completion of execution of said second executable procedure include instructions for aborting execution of said second program module when said procedure call to said program module verifier results in a verification denial being returned by said program module verifier.
  - 12. The computer program product of claim 10,said first program module including a first digital signature;
    - andsaid program verifier module including instructions for responding to a procedure call requesting verification of said first program module by (A1) decoding said first digital signature in said first program module with a corresponding decoding key, (A2) generating a message digest of at least a portion said first program module in accordance with a predefined message digest function, (A3) returning a verification confirmation when said decoded digital signature matches said message digest, and (A4) returning a verification denial when said decoded digital signature does not match said message digest.

13. A method of linking program modules, comprising the steps of:
- (A) storing a first program module and a second program module in a computer memory;
  
  executing a procedure in the first program module, and while executing the procedure in the first program module, but prior to making a procedure call from the first program module to the second program module, verifying the second program module'"'"'s authenticity;
  
  (B) upon verifying the second program module'"'"'s authenticity, making the procedure call from the first program module to the second program module;
  
  (C) upon failing to verify the second program module'"'"'s authenticity, preventing the procedure call from the first program module to the second program module;
  
  (D) prior to completing execution of a procedure in the second program module, verifying the first program module'"'"'s authenticity;
  
  (E) upon verifying the first program module'"'"'s authenticity, completing executing the procedure in the second program module to generate a result and returning the result to the first program module'"'"'s procedure; and
  
  (F) upon failing to verify the first program module'"'"'s authenticity, preventing completion of execution of the procedure in the second program module.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The method of claim 13, whereinsaid step of verifying the first program module'"'"'s authenticity including determining whether the first program module is identical to a corresponding program module known to be authentic, and issuing an authenticity verification denial if the determination is negative;
    - andstep (C) includes aborting execution of the first program module.
  - 15. The method of claim 13, wherein the first program module includes a first digital signature and the second program module includes a second digital signature;
    - the step (A) including decoding the second digital signature in the second program module with a corresponding decoding key, generating a message digest of at least a portion the second program module in accordance with a predefined message digest function, verifying the authenticity of the second program module when the decoded digital signature matches the message digest, and denying verification of the authenticity of the second program module when the decoded digital signature when the decoded digital signature does not match the message digest.
  - 16. The method of claim 15,the step (D) including decoding the first digital signature in the first program module with a corresponding decoding key, generating a message digest of at least a portion the first program module in accordance with the predefined message digest function, verifying the authenticity of the first program module when the decoded digital signature matches the message digest, and denying verification of the authenticity of the first program module when the decoded digital signature when the decoded digital signature does not match the message digest.
  - 17. The method of claim 13,the step (A) including making a procedure call to a trusted program module verifier, the program module verifier responding to the procedure call by verifying authenticity of the second program module and by returning a verification confirmation or denial in response to the procedure call.

18. A method of linking program modules, comprising the steps of:
- (A) storing a first program module and a second program module in a computer memory;
  
  executing a procedure in the first program module, and while executing the procedure in the first program module making a procedure call from the first program module to the second program module;
  
  (B) executing a procedure in the second program module, and prior to completing execution of the procedure in the second program module, verifying the first program module'"'"'s authenticity;
  
  (C) upon verifying the first program module'"'"'s authenticity, completing execution of the procedure in the second program module to generate a result and returning the result to the first program module procedure; and
  
  (D) upon failing to verify the first program module'"'"'s authenticity, preventing completion of execution of the procedure in the second program module.
- View Dependent Claims (19, 20, 21)
- - 19. The method of claim 18, wherein the first program module includes a first digital signature;
    - step (B) including decoding the first digital signature in the first program module with a corresponding decoding key, generating a message digest of at least a portion the first program module in accordance with the predefined message digest function, verifying the authenticity of the first program module when the decoded digital signature matches the message digest, and denying verification of the authenticity of the first program module when the decoded digital signature does not match the message digest.
  - 20. The method of claim 18,step (A) including, prior to making the procedure call from the first program module to a second program module:
    - (A1) verifying the second program module'"'"'s authenticity by making a procedure call to a trusted program module verifier, the program module verifier responding by verifying authenticity of the second program module and by returning a verification confirmation or denial in response to the procedure call;
      
      (A2) upon verifying the second program module'"'"'s authenticity, making the procedure call from the first program module to the second program module; and
      
      (A3) upon failing to verify the second program module'"'"'s authenticity, preventing the procedure call from the first program module to the second program module.
  - 21. The method of claim 20, wherein the first program module includes a first digital signature and the second program module includes a second digital signature;
    - step (A3) including decoding the second digital signature in the second program module with a corresponding decoding key, generating a message digest of at least a portion the second program module in accordance with a predefined message digest function, verifying the authenticity of the second program module when the decoded digital signature matches the message digest, and denying verification of the authenticity of the second program module when the decoded digital signature when the decoded digital signature does not match the message digest.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
McManis, Charles E.
Primary Examiner(s)
Tarcza, Thomas H.
Assistant Examiner(s)
Laufer, Pinchus M.

Application Number

US08/547,720
Time in Patent Office

943 Days
Field of Search

380/4, 380/23, 380/25, 395/186, 395/187.01, 395/188.01, 364/222.5
US Class Current

713/187
CPC Class Codes

G06F 21/125 by manipulating the program...

G06F 2211/007 Encryption, En-/decode, En-...

System and method for protecting use of dynamically linked executable modules

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

218 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

System and method for protecting use of dynamically linked executable modules

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

218 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others