Computer software authentication, protection, and security system
First Claim
1. A computer system having software having input routines with enhanced security features for entry of ID-Data comprising:
- a processor; and
a memory, wherein said software stored in said memory when executed by said processor comprises;
anti-spy techniques within said input routines which prevent or hamper eavesdropping;
detect tampering of said software which, upon detection of tampering, either disallow the subsequent entry of ID-Data into said input routines, or which invalidate said ID-Data in order to disallow current and subsequent access to that which said ID-Data would have otherwise allowed; and
further comprising at least one of the following code contained in said software;
code to automatically scan memory of said software one or more times before or during execution of said software to detect tampering;
code to store or communicate details of detected tampering for later examination, said details including all or part of said tampered software, or other information available to said tampered software from said computer system; and
code to prevent, or detect and subsequently prevent tracing, or misleading code debuggers and the execution of tracing by utilizing debugger trap facilities for the normal operation of said security-enhanced software, or monitoring system timers or timing-sensitive instructions or monitoring CPU stack contents or monitoring system buffers to detect the activity of code debuggers, or disabling facilities such as, the keyboard, serial ports, printer ports, mouse, screen or system interrupts in order to hamper code debuggers, or testing that the disabled status is still true of said facilities to detect code debuggers, or utilizing system interrupts which would ordinarily be used by code debuggers for the custom purposes of said security-enhanced software, or utilizing CPU instruction caches together with self-modifying code to mislead code debuggers, or scanning or interrogating the operating system or executable-load-process to detect code debugger instructions or environments, characterized in that the program optionally includes a process or multiple processes which are resident or child processes of said security-enhanced software which execute during system interrupts of after the parent process has terminated in order to hamper tracing.
0 Assignments
0 Petitions
Accused Products
Abstract
A software-based computer security enhancing process and graphical software-authenticity method, and a method to apply aspects of the two are disclosed. The process provides protection against certain attacks on executable software by persons or other software used on the computer. Software using this process is protected against eavesdropping (the monitoring of software, applications, the operating system, disks, keyboard, or other devices to record (steal) identification, authentication or sensitive data such as passwords, User-ID'"'"'s, credit-card numbers and expiry dates, bank account and PIN numbers, smart-card data, biometric information (for example: the data comprising a retina or fingerprint scan), or encryption keys), local and remote tampering (altering software to remove, disable, or compromise security features of the altered software) examination (viewing the executable program, usually with the intent of devising security attacks upon it), tracing (observing the operating of an executable program step-by-step), and spoofing (substituting counterfeit software to emulate the interface of authentic software in order to subvert security) by rogues (eg: Trojan Horses, Hackers, Viruses, Terminate-and-stay-resident programs, co-resident software, multi-threaded operating system processes, Worms, Spoof programs, key-press password capturers, macro recorders, sniffers, and other software or subversions). Aspects include executable encryption, obfuscation, anti-tracing, anti-tamper & self-verification, runtime self-monitoring, and audiovisual authentication (math, encryption, and graphics based method permitting users to immediately recognise the authenticity and integrity of software). FIG. 5 in the specification depicts the many components and their interaction.
-
Citations
21 Claims
-
1. A computer system having software having input routines with enhanced security features for entry of ID-Data comprising:
-
a processor; and a memory, wherein said software stored in said memory when executed by said processor comprises; anti-spy techniques within said input routines which prevent or hamper eavesdropping; detect tampering of said software which, upon detection of tampering, either disallow the subsequent entry of ID-Data into said input routines, or which invalidate said ID-Data in order to disallow current and subsequent access to that which said ID-Data would have otherwise allowed; and further comprising at least one of the following code contained in said software; code to automatically scan memory of said software one or more times before or during execution of said software to detect tampering; code to store or communicate details of detected tampering for later examination, said details including all or part of said tampered software, or other information available to said tampered software from said computer system; and code to prevent, or detect and subsequently prevent tracing, or misleading code debuggers and the execution of tracing by utilizing debugger trap facilities for the normal operation of said security-enhanced software, or monitoring system timers or timing-sensitive instructions or monitoring CPU stack contents or monitoring system buffers to detect the activity of code debuggers, or disabling facilities such as, the keyboard, serial ports, printer ports, mouse, screen or system interrupts in order to hamper code debuggers, or testing that the disabled status is still true of said facilities to detect code debuggers, or utilizing system interrupts which would ordinarily be used by code debuggers for the custom purposes of said security-enhanced software, or utilizing CPU instruction caches together with self-modifying code to mislead code debuggers, or scanning or interrogating the operating system or executable-load-process to detect code debugger instructions or environments, characterized in that the program optionally includes a process or multiple processes which are resident or child processes of said security-enhanced software which execute during system interrupts of after the parent process has terminated in order to hamper tracing.
-
-
2. A method of altering an original executable program to form an altered executable program having increased security, said method comprising the steps of:
-
(a) inserting obfuscating code into a first number of predetermined areas of said executable program; and
,(b) encrypting portions of said executable program for later decryption upon execution;
such that, upon execution of said altered executable program, said execution includes the steps of;(c) decrypting the altered executable program; and (d) restoring said altered executable program to said original executable program. - View Dependent Claims (3)
-
-
4. A method of providing for a secure entry of ID data or input information in a computer system comprising:
-
a. activating a visual display or animation or audio feedback (hereinafter called an audiovisual component) as part of said secure entry of said ID data or said input information so as to substantially hamper cumulation of a secure entry process; and b. audio/visual component feedback comprising at least two of; i) at least part of said input information; ii) at least part of information based upon some transformation of at least part of the software comprising said audio or visual component or the computer operating system upon which said audio or visual component operates. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product for requiring the entry of ID-data for access thereto, said program characterized by having an enhanced security structure or features to prevent ID-data eavesdropping or theft or to ensure authenticity, having:
-
a computer readable storage medium for holding codes; and further comprising one or more of the following; code for preventing ID-data eavesdropping, by communicating directly with input hardware of a computer; code for preventing disassembly thereof, said code for preventing disassembly comprising obfuscating inserts, dummy instructions or executable encryption; code for preventing tampering therewith, said code to prevent tampering comprising; code for reading its own image including external or internal memory images or calculating check data associated therewith; and code for comparing said read image or calculated check-data with an authentic image or check-data to prevent execution-tracing, and code for disabling interrupts or for performing timing-sensitive instructions between interrupts;
or,code for ensuring authenticity, by providing an audio or video feedback to an output device to be viewed or heard by an operator.
-
-
18. A method for enhancing the security of access to user identification data by software on a computer system comprising:
-
using an obfuscating process to hamper or prevent eavesdropping; detecting tampering; and if tampering is detected, selecting an action of either disallowing subsequent entry of the user identification data into input routines or invalidating the user identification data in order to disallow current and subsequent access to the user identification data. - View Dependent Claims (19, 20, 21)
-
Specification