Computer software authentication, protection, and security system

US 6,006,328 A
Filed: 07/12/1996
Issued: 12/21/1999
Est. Priority Date: 07/14/1995
Status: Expired due to Term

First Claim

Patent Images

1. A computer system having software having input routines with enhanced security features for entry of ID-Data comprising:

a processor; and

a memory, wherein said software stored in said memory when executed by said processor comprises;

anti-spy techniques within said input routines which prevent or hamper eavesdropping;

detect tampering of said software which, upon detection of tampering, either disallow the subsequent entry of ID-Data into said input routines, or which invalidate said ID-Data in order to disallow current and subsequent access to that which said ID-Data would have otherwise allowed; and

further comprising at least one of the following code contained in said software;

code to automatically scan memory of said software one or more times before or during execution of said software to detect tampering;

code to store or communicate details of detected tampering for later examination, said details including all or part of said tampered software, or other information available to said tampered software from said computer system; and

code to prevent, or detect and subsequently prevent tracing, or misleading code debuggers and the execution of tracing by utilizing debugger trap facilities for the normal operation of said security-enhanced software, or monitoring system timers or timing-sensitive instructions or monitoring CPU stack contents or monitoring system buffers to detect the activity of code debuggers, or disabling facilities such as, the keyboard, serial ports, printer ports, mouse, screen or system interrupts in order to hamper code debuggers, or testing that the disabled status is still true of said facilities to detect code debuggers, or utilizing system interrupts which would ordinarily be used by code debuggers for the custom purposes of said security-enhanced software, or utilizing CPU instruction caches together with self-modifying code to mislead code debuggers, or scanning or interrogating the operating system or executable-load-process to detect code debugger instructions or environments, characterized in that the program optionally includes a process or multiple processes which are resident or child processes of said security-enhanced software which execute during system interrupts of after the parent process has terminated in order to hamper tracing.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A software-based computer security enhancing process and graphical software-authenticity method, and a method to apply aspects of the two are disclosed. The process provides protection against certain attacks on executable software by persons or other software used on the computer. Software using this process is protected against eavesdropping (the monitoring of software, applications, the operating system, disks, keyboard, or other devices to record (steal) identification, authentication or sensitive data such as passwords, User-ID'"'"'s, credit-card numbers and expiry dates, bank account and PIN numbers, smart-card data, biometric information (for example: the data comprising a retina or fingerprint scan), or encryption keys), local and remote tampering (altering software to remove, disable, or compromise security features of the altered software) examination (viewing the executable program, usually with the intent of devising security attacks upon it), tracing (observing the operating of an executable program step-by-step), and spoofing (substituting counterfeit software to emulate the interface of authentic software in order to subvert security) by rogues (eg: Trojan Horses, Hackers, Viruses, Terminate-and-stay-resident programs, co-resident software, multi-threaded operating system processes, Worms, Spoof programs, key-press password capturers, macro recorders, sniffers, and other software or subversions). Aspects include executable encryption, obfuscation, anti-tracing, anti-tamper & self-verification, runtime self-monitoring, and audiovisual authentication (math, encryption, and graphics based method permitting users to immediately recognise the authenticity and integrity of software). FIG. 5 in the specification depicts the many components and their interaction.

Citations

21 Claims

1. A computer system having software having input routines with enhanced security features for entry of ID-Data comprising:
- a processor; and
  
  a memory, wherein said software stored in said memory when executed by said processor comprises;
  
  anti-spy techniques within said input routines which prevent or hamper eavesdropping;
  
  detect tampering of said software which, upon detection of tampering, either disallow the subsequent entry of ID-Data into said input routines, or which invalidate said ID-Data in order to disallow current and subsequent access to that which said ID-Data would have otherwise allowed; and
  
  further comprising at least one of the following code contained in said software;
  
  code to automatically scan memory of said software one or more times before or during execution of said software to detect tampering;
  
  code to store or communicate details of detected tampering for later examination, said details including all or part of said tampered software, or other information available to said tampered software from said computer system; and
  
  code to prevent, or detect and subsequently prevent tracing, or misleading code debuggers and the execution of tracing by utilizing debugger trap facilities for the normal operation of said security-enhanced software, or monitoring system timers or timing-sensitive instructions or monitoring CPU stack contents or monitoring system buffers to detect the activity of code debuggers, or disabling facilities such as, the keyboard, serial ports, printer ports, mouse, screen or system interrupts in order to hamper code debuggers, or testing that the disabled status is still true of said facilities to detect code debuggers, or utilizing system interrupts which would ordinarily be used by code debuggers for the custom purposes of said security-enhanced software, or utilizing CPU instruction caches together with self-modifying code to mislead code debuggers, or scanning or interrogating the operating system or executable-load-process to detect code debugger instructions or environments, characterized in that the program optionally includes a process or multiple processes which are resident or child processes of said security-enhanced software which execute during system interrupts of after the parent process has terminated in order to hamper tracing.

2. A method of altering an original executable program to form an altered executable program having increased security, said method comprising the steps of:
- (a) inserting obfuscating code into a first number of predetermined areas of said executable program; and
  
  ,(b) encrypting portions of said executable program for later decryption upon execution;
  
  such that, upon execution of said altered executable program, said execution includes the steps of;
  
  (c) decrypting the altered executable program; and
  
  (d) restoring said altered executable program to said original executable program.
- View Dependent Claims (3)
- - 3. A method as claimed in claim 2 further comprising one or more of the following:
    - said obfuscating code include replacement codes for insecure system routines and said method further includes the step of (e) replacing the execution of said insecure system routines with said replacement codes;
      
      said steps (c) and (d) occur while simultaneously substantially disabling eavesdropping on the operation of said steps (c) and (d) by any rogue program;
      
      said step (a) includes inserting a portion of said obfuscating code into the code area of said original executable program; and
      
      ,said step (e) includes altering portions of an interrupt vector table to point to said replacement codes;
      
      said step (b) includes the storing of a decryption key in a plurality of predetermined areas of said altered executable program, said predetermined areas include the condition codes of predetermined instructions of said altered executable program.

4. A method of providing for a secure entry of ID data or input information in a computer system comprising:
- a. activating a visual display or animation or audio feedback (hereinafter called an audiovisual component) as part of said secure entry of said ID data or said input information so as to substantially hamper cumulation of a secure entry process; and
  
  b. audio/visual component feedback comprising at least two of;
  
  i) at least part of said input information;
  
  ii) at least part of information based upon some transformation of at least part of the software comprising said audio or visual component or the computer operating system upon which said audio or visual component operates.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 5. A method as claimed in claim 4 whereinsaid audiovisual component has repeatable characteristics during subsequent invocations of said entry process, such that said audiovisual component on each invocation of said entry process has a predetermined resemblance to the audiovisual component of all other invocations of said entry process, or,said audiovisual component is varied in accordance with the information entered.
  - 6. A method as claimed in claim 4 wherein said audiovisual component comprises moving parts and/or includes 2,5-dimensional animation or 3-dimensional animation, and/or, said audiovisual component includes a representation of said input information, preferably comprising (a) display of a single graphical object, and/or (b) production of a single audio-feedback sequence, after the entry of all or part of said input information.
  - 7. A method as claimed in claim 6 wherein said input information representation includes animation of input characters and/or audible or other feedback determined by input characters, wherein the representation of said input characters may optionally vary for each character based on the result of a predetermined transformation of the preceding inputted characters, wherein said transformation utilises cryptographic or hashing methods.
  - 8. A method as claimed in claim 6 wherein:
    - the ease by which faithful replication of said audiovisual component is substantially reduced by inclusion in said audiovisual component the techniques of on screen shadow rendering and/or spot or flood scene fighting effects and/or scene or object shading and/or transparent or translucent objects and/or shiny, reflective, or mirrored objects and/or real-time animation roughly obeying real world gravitational effects and/or single-image-random-dot stereogram bitmaps or backdrops and/or partial scene masking effects and/or full or partial scene distortion or diffraction effects and/or animated objects designed to resist simple hidden-surface removal techniques and/or animated bitmaps and/or audible echo effects and/or differing audio voice effects and/or differing audio volume and/or differing audio tones or pitches;
      
      wherein, said audiovisual component is optionally immediately recognisable to human beings and includes information which identifies to the user the application to which said audiovisual component belongs;
      
      wherein, the ease by which faithful replication of said audiovisual component may optionally be further reduced by inclusion in said audiovisual components animation object movement timing such that at near regular and frequent intervals regularities occur which are obviously recognisable to users of said entry process; and
      
      preferably, wherein, said entry process including said audiovisual component utilises a substantial portion of the computational resources of said computer system; and
      
      , wherein, said entry process code responsible for said audiovisual component is coded in the assembly language of the computer system preferably wherein recording said audiovisual component by said computer system is disabled.
  - 9. A method as claimed in claim 4 wherein (a) the facility to suspend or swap-out said entry process is either disabled, or, (b) immediately upon suspension request, said entry process is protected against subsequent examination by encryption or by termination and removal from memory or said entry process, or, (c) where the facility to allow the central processor or processors of said computer system to execute code other than the code of, or the code necessary for said entry process is either disabled or else said entry process is protected against examination.
  - 10. A method as claimed in claim 4 wherein:
    - said entry process hampers simple recording by utilising the maximum practicable use of audiovisual framerate, and/or audiovisual resolution, and/or screen colours; and
      
      /or, audiovisual design in said audiovisual component on said computer system, and/or said entry process hampers the compression of recorded output from said audiovisual component by utilising high audiovisual entropy and/or by the inclusion of random or other noise in said audiovisual component;
      
      wherein, said audiovisual component preferably includes continuous output such that the looping of only a subset of said output shall not reproduce a copy largely indistinguishable to said audiovisual component.
  - 11. A method as claimed in claim 4 wherein said ID-Data or said input information is encrypted by a cryptographic process or hashed immediately upon entry and a plain text equivalent is not stored by said computer system;
    - and/or, wherein disablement of one or more interrupt instructions (or equivalent CPU devices) is utilised to protect said cryptographic or said hash process of said ID-Data to hamper the recovery of said ID-Data by processes other than said entry process.
  - 12. A method as claimed in claim 4 wherein said input routines or said secure entry process prevents the re-vectoring of system interrupts in order to protect said ID-Data or said input information form being stolen, by means of re-applying interrupt vector pointers one or more times and/or by means of examining interrupt assignments in order to perform a predetermine d function should the expected assignments be altered.
  - 13. A method as claimed in claim 4 wherein in order to further authenticate and/or identify said user, additional aspects of said ID-Data or said input information are used including the duration of individual key presses and/or mouse button presses and/or the delay between subsequent individual key presses or mouse button presses and/or the user'"'"'s selection of particular keys when more than one equivalent exists and/or the acceleration or velocity characteristics of mouse usage and/or where said input information includes information from other sources including biometric and/or smartcard information.
  - 14. A method as claimed in claim 4 wherein said input routines or said secure entry process authenticates itself using (a) executable code checksums of RAM or other images of its own executable code and/or data, (b) and/or comparison of memory with other stored copies of said executable code, (c) and/or decryption of said entry process (d) and/or detection of executable tampering by examination of the executable'"'"'s environment (e) and/or comparison of executable size with expected values (f) and/or by attempting to read past the end of the executable file to determine that the size is correct;
    - parts (a) through (f) occurring either upon initial load or during or after execution one or more times or continually during execution.
  - 15. A method as claimed in claim 4 wherein said input routines or said secure entry process:
    - makes use of system interrupts to monitor itself in order to detect alternation of itself;
      
      incorporates means by which to notify and/or transmit authentication failure details to a third person or process should said self authentication fail, records a log of the usage and/or details of the user of said input routines or said secure entry process;
      
      incorporates warning s within the executable image indicating that examination and/or tampering is prohibited;
      
      stores loading and/or decryption routines are stored within the executable image in such a way as they initially replace other entry process routines and upon successful decryption and/or authentication, said other entry process routines are replaced;
      
      hampers executable-code tracing through control-flow changes in debug environments or through disabling one or more system interrupts and/or disabling the keyboard and/or disabling the mouse or other input devices and/or making use of the program stack pointer to discern existence of a debug environment and/or utilising debug interrupts for program code operation and/or self-modification of executable code and/or examination of CPU flag registers and/or verification of disabled interrupts still-disabled state and/or verification of disabled keyboards still-disabled state and/or loading additional executable code into memory during execution;
      
      includes obfuscating assembly language dummy operation codes or instruction prefixes inserted after one or more unconditional branches to hamper executable disassembly and/or decompilation and/or reverse engineering;
      
      becomes securely activated by its activation process and/or a host or server computer using a challenge/response activation protocol or using public or private key cryptographic methods; and
      
      /orbecomes stored outside of said computer system memory in encrypted form and/or where said entry process employs techniques to hinder executable-code tracing and/or executable-code disassembly or disclosure or decompilation and/or executable-code tampering and/or executable-code hot-patching and/or reverse-engineering and/or pre, in, or post-execution executable-code recording, copying, eavesdropping or retrieval and/or theft of said input information from keyboard hardware or software or drivers.
  - 16. A method as claimed in claim 4 wherein said audiovisual component contains watermark information incorporated into the scene to allow close inspection of said audiovisual component to distinguish between the genuine process and a close replica.

17. A computer program product for requiring the entry of ID-data for access thereto, said program characterized by having an enhanced security structure or features to prevent ID-data eavesdropping or theft or to ensure authenticity, having:
- a computer readable storage medium for holding codes; and
  
  further comprising one or more of the following;
  
  code for preventing ID-data eavesdropping, by communicating directly with input hardware of a computer;
  
  code for preventing disassembly thereof, said code for preventing disassembly comprising obfuscating inserts, dummy instructions or executable encryption;
  
  code for preventing tampering therewith, said code to prevent tampering comprising;
  
  code for reading its own image including external or internal memory images or calculating check data associated therewith; and
  
  code for comparing said read image or calculated check-data with an authentic image or check-data to prevent execution-tracing, and code for disabling interrupts or for performing timing-sensitive instructions between interrupts;
  
  or,code for ensuring authenticity, by providing an audio or video feedback to an output device to be viewed or heard by an operator.

18. A method for enhancing the security of access to user identification data by software on a computer system comprising:
- using an obfuscating process to hamper or prevent eavesdropping;
  
  detecting tampering; and
  
  if tampering is detected, selecting an action of either disallowing subsequent entry of the user identification data into input routines or invalidating the user identification data in order to disallow current and subsequent access to the user identification data.
- View Dependent Claims (19, 20, 21)
- - 19. The method of claim 18, wherein program code that is vulnerable to eavesdropping is replaced with equivalent program code wherein said vulnerability is removed, and wherein said equivalent program code communicates directly with the hardware of the computer while disabling functions that would permit rogue software to eavesdrop.
  - 20. The method of claim 18, further comprising using encrypting or inserting dummy instructions in said user identification data to hamper or prevent eavesdropping.
  - 21. The method of claim 18, wherein detecting tampering includes code that re-reads the code'"'"'s own external-image or the code'"'"'s internal memory image and compares a calculated checksum of said image with a pre-calculated checksum.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Christopher N. Drake
Original Assignee
Christopher N. Drake
Inventors
Drake, Christopher Nathan
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Elmore, Stephen C.

Application Number

US08/679,077
Time in Patent Office

1,257 Days
Field of Search

395/186, 395/188.01, 364/222.5, 364/286.4, 364/286.5, 380/3, 380/4, 380/23, 380/59, 713/200, 713/202
US Class Current

726/23
CPC Class Codes

G06F 21/14   against software analysis o...

G06F 21/36   by graphic or iconic repres...

G06F 21/54   by adding security routines...

G06F 21/554   involving event detection a...

G06F 2207/7219   Countermeasures against sid...

G06F 2221/2149   Restricted operating enviro...

H04L 63/0428   wherein the data content is...

H04L 63/1441   Countermeasures against mal...

Computer software authentication, protection, and security system

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Computer software authentication, protection, and security system

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links