Secure software registration and integrity assessment in a computer system

US 5,944,821 A
Filed: 07/11/1996
Issued: 08/31/1999
Est. Priority Date: 07/11/1996
Status: Expired due to Term

First Claim

Patent Images

1. A method for providing secure registration and integrity assessment of software in a computer system having a processor incorporating system management capabilities, the computer system also having a stored table containing a modification detection value for each program or logical file to be validated, wherein the stored table is maintained in system management memory or other protected memory that is accessible only when the computer system is in a non-typical operating mode such as system management mode, the method comprising the steps of:

storing a program or logical file on a disk drive;

generating a system management interrupt in response to a request to execute the program or access the logical file stored on the disk drive;

placing the computer system in system management mode as a result of said step of generating a system management mode interrupt; and

executing a system management interrupt handler upon entry into system management mode, wherein said execution of the system management interrupt handler comprises the steps of;

generating a current modification detection value for the requested program or logical file;

determining if the stored table contains a secure modification detection value for the requested program or logical file;

retrieving the secure modification detection value if it exists in the stored table;

comparing the current modification detection value to the secure modification detection value if it exists in the stored table; and

permitting execution of the requested program or access to the requested logical file if the secure modification detection value exists in the stored table and the current modification detection value matches the secure modification detection value.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for providing secure registration and integrity assessment of software in a computer system is disclosed. A secure hash table is created containing a list of secure programs that the user wants to validate prior to execution. The table contains a secure hash value (i.e., a value generated by modification detection code) for each of these programs as originally installed on the computer system. This hash table is stored in protected memory that can only be accessed when the computer system is in system management mode. Following an attempt to execute a secured program, a system management interrupt is generated. An SMI handler then generates a current hash value for the program to be executed. In the event that the current hash value matches the stored hash value, the integrity of the program is guaranteed and it is loaded into memory and executed. If the two values do not match, the user is alerted to the discrepancy and may be given the option to update or override the stored hash value by entering an administrative password.

505 Citations

24 Claims

1. A method for providing secure registration and integrity assessment of software in a computer system having a processor incorporating system management capabilities, the computer system also having a stored table containing a modification detection value for each program or logical file to be validated, wherein the stored table is maintained in system management memory or other protected memory that is accessible only when the computer system is in a non-typical operating mode such as system management mode, the method comprising the steps of:
- storing a program or logical file on a disk drive;
  
  generating a system management interrupt in response to a request to execute the program or access the logical file stored on the disk drive;
  
  placing the computer system in system management mode as a result of said step of generating a system management mode interrupt; and
  
  executing a system management interrupt handler upon entry into system management mode, wherein said execution of the system management interrupt handler comprises the steps of;
  
  generating a current modification detection value for the requested program or logical file;
  
  determining if the stored table contains a secure modification detection value for the requested program or logical file;
  
  retrieving the secure modification detection value if it exists in the stored table;
  
  comparing the current modification detection value to the secure modification detection value if it exists in the stored table; and
  
  permitting execution of the requested program or access to the requested logical file if the secure modification detection value exists in the stored table and the current modification detection value matches the secure modification detection value.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the secure modification detection value and the current modification detection value are hash values generated by a hash algorithm.
  - 3. The method of claim 1, further comprising the steps of:
    - following said step of determining if the stored table contains a secure modification detection value for the requested program or logical file, alerting the user if the stored table does not contain a secure modification detection value for the requested program or logical file;
      
      determining if the user desires to update the stored table to include a secure modification detection value for the requested program or logical file;
      
      determining if an administrative password is required to update the stored table;
      
      requesting an administrative password that allows access to the stored table if the user desires to update the stored table and an administrative password is required; and
      
      updating the stored table to include a secure modification detection value for the requested program or logical file if the user desires to update the stored table and no administrative password is required or following entry of the administrative password if an administrative password is required.
  - 4. The method of claim 3, further comprising the steps of:
    - following said step of comparing the current modification detection value to the secure modification detection value, alerting the user if the current modification detection value is not equal to the secure modification detection value;
      
      determining if the user desires to update the stored table to include the current modification detection value;
      
      determining if an administrative password is required to update the stored table;
      
      requesting an administrative password that allows access to the stored table if the user desires to update the stored table and an administrative password is required; and
      
      updating the stored table to include the current modification detection value if the user desires to update the stored table and no administrative password is required or following entry of the administrative password if an administrative password is required.

5. A method for providing secure registration and integrity assessment of software in a computer system incorporating a processor having system management, the computer system also having a stored table containing a modification detection value for each program or logical file to be validated, wherein the stored table is maintained in normal memory and a secure table modification detection value for the stored table itself is maintained in system management memory or other protected memory that is accessible only when the computer system is in a non-typical operating mode such as system management mode, the method comprising the steps of:
- storing a program or logical file on a disk drive;
  
  generating a system management interrupt in response to a request to execute the program or access the logical file stored on the disk drive;
  
  placing the computer system in system management mode as a result of said step of generating a system management mode interrupt; and
  
  executing a system management interrupt handler upon entry into system management mode, wherein said execution of the system management interrupt handler comprises the steps of;
  
  generating a current table modification detection value for the stored table;
  
  comparing the current table modification detection value to the secure table modification detection value;
  
  generating a current modification detection value for the requested program or logical file if the current table modification detection value is equal to the secure table modification detection value;
  
  determining if the stored table contains a secure modification detection value for the requested program or logical file;
  
  retrieving the secure modification detection value if it exists in the stored table;
  
  comparing the current modification detection value to the secure modification detection value if it exists in the stored table; and
  
  permitting execution of the requested program or access to the requested logical file if the secure modification detection value exists in the stored table and the current modification detection value matches the secure modification detection value.
- View Dependent Claims (6, 7, 8)
- - 6. The method of claim 5, wherein the secure table modification detection value, the current table modification detection value, the secure modification detection value and the current modification detection value are hash values generated by a hash algorithm.
  - 7. The method of claim 5, further comprising the steps of:
    - following said step of determining if the stored table contains a secure modification detection value for the requested program or logical file, alerting the user if the stored table does not contain a secure modification detection value for the requested program or logical file;
      
      determining if the user desires to update the stored table to include a secure modification detection value for the requested program or logical file;
      
      requesting an administrative password that allows access to the secure table modification detection value if the user desires to update the stored table;
      
      updating the stored table to include a secure modification detection value for the requested program or logical file following entry of the administrative password; and
      
      updating the secure table modification detection value to correspond to the updated stored table.
  - 8. The method of claim 5, further comprising the steps of:
    - following said step of comparing the current modification detection value to the secure modification detection value, alerting the user if the current modification detection value is not equal to the secure modification detection value;
      
      determining if the user desires to update the stored table to include the current modification detection value;
      
      requesting an administrative password that allows access to the secure table modification value if the user desires to update the stored table;
      
      updating the stored table to include the current modification detection value following entry of the administrative password; and
      
      updating the secure table modification detection value to correspond to the updated stored table.

9. A method for limiting execution of a software program to a specified computer system, the computer system incorporating system management capabilities, the computer system further having a unique identification number, the method comprising the steps of:
- modifying the program to contain the unique identification number;
  
  storing the modified program on a peripheral storage device;
  
  generating a modification detection value for the modified program;
  
  storing the modification detection value in a system management memory of the computer system;
  
  generating a system management interrupt in response to a request to execute the modified program;
  
  placing the computer system in system management mode as a result of said step of generating a system management mode interrupt; and
  
  executing a system management interrupt handler upon entry into system management mode, wherein said execution of the system management interrupt handler comprises the steps of;
  
  generating a current modification detection value for the modified program;
  
  determining if system management memory contains a secure modification detection value for the modified program;
  
  retrieving the secure modification detection value if it is present in system management memory;
  
  comparing the current modification detection value to the secure modification detection value; and
  
  permitting execution of the modified program stored on a peripheral storage device if the current modification detection value matches the secure modification detection value.
- View Dependent Claims (10)
- - 10. The method of claim 9, wherein the secure modification detection value and the current modification detection value are hash values generated by a hash algorithm.

11. A computer system comprising:
- a processor incorporating system management mode or similar capabilities;
  
  a disk drive containing a program or logical file;
  
  a system management memory that is accessible only when the computer system is in a non-typical operating mode such as system management mode, the system management memory containing;
  
  a modification detection code for generating a modification detection value;
  
  a secure modification detection value for the program or logical file contained on the disk drive, wherein the secure modification detection value represents an authorized or unaltered condition for the program or logical file; and
  
  a system management mode interrupt handler routine for directing the processor to;
  
  generate a current modification detection value for the program or logical file via said modification detection code;
  
  determine if the current modification detection value is equal to the secure modification detection value; and
  
  permit execution of the program or access to the logical file if the current modification detection value is equal to the secure modification detection value; and
  
  means for generating a system management interrupt in response to a request to execute the program or access the logical file, wherein the system management interrupt causes the system management interrupt handler routine to be executed.
- View Dependent Claims (12)
- - 12. The computer system of claim 11, wherein the modification detection code is a hash algorithm and the modification detection values are hash values.

13. A method for providing secure registration and integrity assessment of software in a computer system having a processor incorporating system management capabilities, the computer system also having a stored table containing a modification detection value for each program or logical file to be validated, wherein the stored table is maintained in system management memory or other protected memory that is accessible only when the computer system is in a non-typical operating mode such as system management mode, the method comprising the steps of:
- generating a system management interrupt in response to a request to execute the program or access the logical file;
  
  placing the computer system in system management mode as a result of said step of generating a system management mode interrupt; and
  
  executing a system management interrupt handler upon entry into system management mode, wherein said execution of the system management interrupt handler comprises the steps of;
  
  generating a current modification detection value for the requested program or logical file;
  
  determining if the stored table contains a secure modification detection value for the requested program or logical file;
  
  retrieving the secure modification detection value if it exists in the stored table;
  
  comparing the current modification detection value to the secure modification detection value if it exists in the stored table; and
  
  permitting execution of the requested program or access to the requested logical file if the secure modification detection value exists in the stored table and the current modification detection value matches the secure modification detection value.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, wherein the secure modification detection value and the current modification detection value are hash values generated by a hash algorithm.
  - 15. The method of claim 13, further comprising the steps of:
    - following said step of determining if the stored table contains a secure modification detection value for the requested program or logical file, alerting the user if the stored table does not contain a secure modification detection value for the requested program or logical file;
      
      determining if the user desires to update the stored table to include a secure modification detection value for the requested program or logical file;
      
      determining if an administrative password is required to update the stored table;
      
      requesting an administrative password that allows access to the stored table if the user desires to update the stored table and an administrative password is required; and
      
      updating the stored table to include a secure modification detection value for the requested program or logical file if the user desires to update the stored table and no administrative password is required or following entry of the administrative password if an administrative password is required.
  - 16. The method of claim 15, further comprising the steps of:
    - following said step of comparing the current modification detection value to the secure modification detection value, alerting the user if the current modification detection value is not equal to the secure modification detection value;
      
      determining if the user desires to update the stored table to include the current modification detection value;
      
      determining if an administrative password is required to update the stored table;
      
      requesting an administrative password that allows access to the stored table if the user desires to update the stored table and an administrative password is required; and
      
      updating the stored table to include the current modification detection value if the user desires to update the stored table and no administrative password is required or following entry of the administrative password if an administrative password is required.

17. A method for providing secure registration and integrity assessment of software in a computer system incorporating a processor having system management, the computer system also having a stored table containing a modification detection value for each program or logical file to be validated, wherein the stored table is maintained in normal memory and a secure table modification detection value for the stored table itself is maintained in system management memory or other protected memory that is accessible only when the computer system is in a non-typical operating mode such as system management mode, the method comprising the steps of:
- generating a system management interrupt in response to a request to execute the program or access the logical file;
  
  placing the computer system in system management mode as a result of said step of generating a system management mode interrupt; and
  
  executing a system management interrupt handler upon entry into system management mode, wherein said execution of the system management interrupt handler comprises the steps of;
  
  generating a current table modification detection value for the stored table;
  
  comparing the current table modification detection value to the secure table modification detection value;
  
  generating a current modification detection value for the requested program or logical file if the current table modification detection value is equal to the secure table modification detection value;
  
  determining if the stored table contains a secure modification detection value for the requested program or logical file;
  
  retrieving the secure modification detection value if it exists in the stored table;
  
  comparing the current modification detection value to the secure modification detection value if it exists in the stored table; and
  
  permitting execution of the requested program or access to the requested logical file if the secure modification detection value exists in the stored table and the current modification detection value matches the secure modification detection value.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein the secure table modification detection value, the current table modification detection value, the secure modification detection value and the current modification detection value are hash values generated by a hash algorithm.
  - 19. The method of claim 17, further comprising the steps of:
    - following said step of determining if the stored table contains a secure modification detection value for the requested program or logical file, alerting the user if the stored table does not contain a secure modification detection value for the requested program or logical file;
      
      determining if the user desires to update the stored table to include a secure modification detection value for the requested program or logical file;
      
      requesting an administrative password that allows access to the secure table modification detection value if the user desires to update the stored table;
      
      updating the stored table to include a secure modification detection value for the requested program or logical file following entry of the administrative password; and
      
      updating the secure table modification detection value to correspond to the updated stored table.
  - 20. The method of claim 17, further comprising the steps of:
    - following said step of comparing the current modification detection value to the secure modification detection value, alerting the user if the current modification detection value is not equal to the secure modification detection value;
      
      determining if the user desires to update the stored table to include the current modification detection value;
      
      requesting an administrative password that allows access to the secure table modification value if the user desires to update the stored table;
      
      updating the stored table to include the current modification detection value following entry of the administrative password; and
      
      updating the secure table modification detection value to correspond to the updated stored table.

21. A method for limiting execution of a software program to a specified computer system, the computer system incorporating system management capabilities, the computer system further having a unique identification number, the method comprising the steps of:
- modifying the program to contain the unique identification number;
  
  generating a modification detection value for the modified program;
  
  storing the modification detection value in a system management memory of the computer system;
  
  generating a system management interrupt in response to a request to execute the modified program;
  
  placing the computer system in system management mode as a result of said step of generating a system management mode interrupt; and
  
  executing a system management interrupt handler upon entry into system management mode, wherein said execution of the system management interrupt handler comprises the steps of;
  
  generating a current modification detection value for the modified program;
  
  determining if system management memory contains a secure modification detection value for the modified program;
  
  retrieving the secure modification detection value if it is present in system management memory;
  
  comparing the current modification detection value to the secure modification detection value; and
  
  permitting execution of the modified program if the current modification detection value matches the secure modification detection value.
- View Dependent Claims (22)
- - 22. The method of claim 21, wherein the secure modification detection value and the current modification detection value are hash values generated by a hash algorithm.

23. A computer system comprising:
- a processor incorporating system management mode or similar capabilities;
  
  a system management memory that is accessible only when the computer system is in a non-typical operating mode such as system management mode, the system management memory containing;
  
  a modification detection code for generating a modification detection value;
  
  a secure modification detection value for a program or logical file, wherein the secure modification detection value represents an authorized or unaltered condition for the program or logical file; and
  
  a system management mode interrupt handler routine for directing the processor to;
  
  generate a current modification detection value for the program or logical file via said modification detection code;
  
  determine if the current modification detection value is equal to the secure modification detection value; and
  
  permit execution of the program or access to the logical file if the current modification detection value is equal to the secure modification detection value; and
  
  means for generating a system management interrupt in response to a request to execute the program or access the logical file, wherein the system management interrupt causes the system management interrupt handler routine to be executed.
- View Dependent Claims (24)
- - 24. The computer system of claim 23, wherein the modification detection code is a hash algorithm and the modification detection values are hash values.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Douglas G. Brown, Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Compaq Computer Corporation (HP Inc.)
Inventors
Angelo, Michael F.
Primary Examiner(s)
Palys, Joseph E.

Application Number

US08/678,722
Time in Patent Office

1,146 Days
Field of Search

395/183.14, 395/183.12, 395/183.01, 395/183.13, 395/185.01, 395/185.1, 395/704, 395/186, 395/187.01, 395/188.01, 707/9, 380/3, 380/4, 380/23, 380/25, 713/200, 713/201, 713/202, 714/36, 714/38, 710/260
US Class Current

726/22
CPC Class Codes

G06F 11/1004 to protect a block of data ...

G06F 21/51 at application loading time...

Secure software registration and integrity assessment in a computer system

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

505 Citations

24 Claims

Specification

Use Cases

Quick Links

Others

Secure software registration and integrity assessment in a computer system

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

505 Citations

24 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others