Secure software registration and integrity assessment in a computer system
First Claim
1. A method for providing secure registration and integrity assessment of software in a computer system having a processor incorporating system management capabilities, the computer system also having a stored table containing a modification detection value for each program or logical file to be validated, wherein the stored table is maintained in system management memory or other protected memory that is accessible only when the computer system is in a non-typical operating mode such as system management mode, the method comprising the steps of:
- storing a program or logical file on a disk drive;
generating a system management interrupt in response to a request to execute the program or access the logical file stored on the disk drive;
placing the computer system in system management mode as a result of said step of generating a system management mode interrupt; and
executing a system management interrupt handler upon entry into system management mode, wherein said execution of the system management interrupt handler comprises the steps of;
generating a current modification detection value for the requested program or logical file;
determining if the stored table contains a secure modification detection value for the requested program or logical file;
retrieving the secure modification detection value if it exists in the stored table;
comparing the current modification detection value to the secure modification detection value if it exists in the stored table; and
permitting execution of the requested program or access to the requested logical file if the secure modification detection value exists in the stored table and the current modification detection value matches the secure modification detection value.
4 Assignments
0 Petitions
Accused Products
Abstract
A method for providing secure registration and integrity assessment of software in a computer system is disclosed. A secure hash table is created containing a list of secure programs that the user wants to validate prior to execution. The table contains a secure hash value (i.e., a value generated by modification detection code) for each of these programs as originally installed on the computer system. This hash table is stored in protected memory that can only be accessed when the computer system is in system management mode. Following an attempt to execute a secured program, a system management interrupt is generated. An SMI handler then generates a current hash value for the program to be executed. In the event that the current hash value matches the stored hash value, the integrity of the program is guaranteed and it is loaded into memory and executed. If the two values do not match, the user is alerted to the discrepancy and may be given the option to update or override the stored hash value by entering an administrative password.
505 Citations
24 Claims
-
1. A method for providing secure registration and integrity assessment of software in a computer system having a processor incorporating system management capabilities, the computer system also having a stored table containing a modification detection value for each program or logical file to be validated, wherein the stored table is maintained in system management memory or other protected memory that is accessible only when the computer system is in a non-typical operating mode such as system management mode, the method comprising the steps of:
-
storing a program or logical file on a disk drive; generating a system management interrupt in response to a request to execute the program or access the logical file stored on the disk drive; placing the computer system in system management mode as a result of said step of generating a system management mode interrupt; and executing a system management interrupt handler upon entry into system management mode, wherein said execution of the system management interrupt handler comprises the steps of; generating a current modification detection value for the requested program or logical file; determining if the stored table contains a secure modification detection value for the requested program or logical file; retrieving the secure modification detection value if it exists in the stored table; comparing the current modification detection value to the secure modification detection value if it exists in the stored table; and permitting execution of the requested program or access to the requested logical file if the secure modification detection value exists in the stored table and the current modification detection value matches the secure modification detection value. - View Dependent Claims (2, 3, 4)
-
-
5. A method for providing secure registration and integrity assessment of software in a computer system incorporating a processor having system management, the computer system also having a stored table containing a modification detection value for each program or logical file to be validated, wherein the stored table is maintained in normal memory and a secure table modification detection value for the stored table itself is maintained in system management memory or other protected memory that is accessible only when the computer system is in a non-typical operating mode such as system management mode, the method comprising the steps of:
-
storing a program or logical file on a disk drive; generating a system management interrupt in response to a request to execute the program or access the logical file stored on the disk drive; placing the computer system in system management mode as a result of said step of generating a system management mode interrupt; and executing a system management interrupt handler upon entry into system management mode, wherein said execution of the system management interrupt handler comprises the steps of; generating a current table modification detection value for the stored table; comparing the current table modification detection value to the secure table modification detection value; generating a current modification detection value for the requested program or logical file if the current table modification detection value is equal to the secure table modification detection value; determining if the stored table contains a secure modification detection value for the requested program or logical file; retrieving the secure modification detection value if it exists in the stored table; comparing the current modification detection value to the secure modification detection value if it exists in the stored table; and permitting execution of the requested program or access to the requested logical file if the secure modification detection value exists in the stored table and the current modification detection value matches the secure modification detection value. - View Dependent Claims (6, 7, 8)
-
-
9. A method for limiting execution of a software program to a specified computer system, the computer system incorporating system management capabilities, the computer system further having a unique identification number, the method comprising the steps of:
-
modifying the program to contain the unique identification number; storing the modified program on a peripheral storage device; generating a modification detection value for the modified program; storing the modification detection value in a system management memory of the computer system; generating a system management interrupt in response to a request to execute the modified program; placing the computer system in system management mode as a result of said step of generating a system management mode interrupt; and executing a system management interrupt handler upon entry into system management mode, wherein said execution of the system management interrupt handler comprises the steps of; generating a current modification detection value for the modified program; determining if system management memory contains a secure modification detection value for the modified program; retrieving the secure modification detection value if it is present in system management memory; comparing the current modification detection value to the secure modification detection value; and permitting execution of the modified program stored on a peripheral storage device if the current modification detection value matches the secure modification detection value. - View Dependent Claims (10)
-
-
11. A computer system comprising:
-
a processor incorporating system management mode or similar capabilities; a disk drive containing a program or logical file; a system management memory that is accessible only when the computer system is in a non-typical operating mode such as system management mode, the system management memory containing; a modification detection code for generating a modification detection value; a secure modification detection value for the program or logical file contained on the disk drive, wherein the secure modification detection value represents an authorized or unaltered condition for the program or logical file; and a system management mode interrupt handler routine for directing the processor to; generate a current modification detection value for the program or logical file via said modification detection code; determine if the current modification detection value is equal to the secure modification detection value; and permit execution of the program or access to the logical file if the current modification detection value is equal to the secure modification detection value; and means for generating a system management interrupt in response to a request to execute the program or access the logical file, wherein the system management interrupt causes the system management interrupt handler routine to be executed. - View Dependent Claims (12)
-
-
13. A method for providing secure registration and integrity assessment of software in a computer system having a processor incorporating system management capabilities, the computer system also having a stored table containing a modification detection value for each program or logical file to be validated, wherein the stored table is maintained in system management memory or other protected memory that is accessible only when the computer system is in a non-typical operating mode such as system management mode, the method comprising the steps of:
-
generating a system management interrupt in response to a request to execute the program or access the logical file; placing the computer system in system management mode as a result of said step of generating a system management mode interrupt; and executing a system management interrupt handler upon entry into system management mode, wherein said execution of the system management interrupt handler comprises the steps of; generating a current modification detection value for the requested program or logical file; determining if the stored table contains a secure modification detection value for the requested program or logical file; retrieving the secure modification detection value if it exists in the stored table; comparing the current modification detection value to the secure modification detection value if it exists in the stored table; and permitting execution of the requested program or access to the requested logical file if the secure modification detection value exists in the stored table and the current modification detection value matches the secure modification detection value. - View Dependent Claims (14, 15, 16)
-
-
17. A method for providing secure registration and integrity assessment of software in a computer system incorporating a processor having system management, the computer system also having a stored table containing a modification detection value for each program or logical file to be validated, wherein the stored table is maintained in normal memory and a secure table modification detection value for the stored table itself is maintained in system management memory or other protected memory that is accessible only when the computer system is in a non-typical operating mode such as system management mode, the method comprising the steps of:
-
generating a system management interrupt in response to a request to execute the program or access the logical file; placing the computer system in system management mode as a result of said step of generating a system management mode interrupt; and executing a system management interrupt handler upon entry into system management mode, wherein said execution of the system management interrupt handler comprises the steps of; generating a current table modification detection value for the stored table; comparing the current table modification detection value to the secure table modification detection value; generating a current modification detection value for the requested program or logical file if the current table modification detection value is equal to the secure table modification detection value; determining if the stored table contains a secure modification detection value for the requested program or logical file; retrieving the secure modification detection value if it exists in the stored table; comparing the current modification detection value to the secure modification detection value if it exists in the stored table; and permitting execution of the requested program or access to the requested logical file if the secure modification detection value exists in the stored table and the current modification detection value matches the secure modification detection value. - View Dependent Claims (18, 19, 20)
-
-
21. A method for limiting execution of a software program to a specified computer system, the computer system incorporating system management capabilities, the computer system further having a unique identification number, the method comprising the steps of:
-
modifying the program to contain the unique identification number; generating a modification detection value for the modified program; storing the modification detection value in a system management memory of the computer system; generating a system management interrupt in response to a request to execute the modified program; placing the computer system in system management mode as a result of said step of generating a system management mode interrupt; and executing a system management interrupt handler upon entry into system management mode, wherein said execution of the system management interrupt handler comprises the steps of; generating a current modification detection value for the modified program; determining if system management memory contains a secure modification detection value for the modified program; retrieving the secure modification detection value if it is present in system management memory; comparing the current modification detection value to the secure modification detection value; and permitting execution of the modified program if the current modification detection value matches the secure modification detection value. - View Dependent Claims (22)
-
-
23. A computer system comprising:
-
a processor incorporating system management mode or similar capabilities; a system management memory that is accessible only when the computer system is in a non-typical operating mode such as system management mode, the system management memory containing; a modification detection code for generating a modification detection value; a secure modification detection value for a program or logical file, wherein the secure modification detection value represents an authorized or unaltered condition for the program or logical file; and a system management mode interrupt handler routine for directing the processor to; generate a current modification detection value for the program or logical file via said modification detection code; determine if the current modification detection value is equal to the secure modification detection value; and permit execution of the program or access to the logical file if the current modification detection value is equal to the secure modification detection value; and means for generating a system management interrupt in response to a request to execute the program or access the logical file, wherein the system management interrupt causes the system management interrupt handler routine to be executed. - View Dependent Claims (24)
-
Specification