Detection of suspect software objects and signatures after failed authentication
First Claim
1. A method for analyzing a failed software object authentication to determine whether a downloaded software object or a signature for the software object is suspect, comprising the steps of:
- extracting a transmitted software object signature value s from a message m(s) carrying the signature value;
calculating an object signature value s′
from the software object, said software object being transmitted separately from said message m(s);
extracting from the software object a value v of a signature transformation function f(s);
generating a signature value s″
by applying the inverse f(s)−
1 of said signature transformation function f(s) to the extracted value v;
comparing said signature value s″
to at least one of said transmitted software object signature value s and said calculated object signature value s′
;
designating said signature value in message m(s) as suspect if s″
=s′
;
designating said software object as suspect if s″
=s; and
reporting back to a network access controller whether (1) the signature is suspect;
(2) the software object is suspect;
or (3) the signature and software object are suspect.
2 Assignments
0 Petitions
Accused Products
Abstract
In a system for authenticating a downloaded software object, a technique is provided to determine whether a failed authentication resulted from a suspect downloaded object or a suspect signature for the downloaded object which was communicated separately. A secret compact transformation function that operates on the signature is used to generate a value indicative of the signature at the software object transmission facility. The inverse function is used at the user terminal, such as a television set-top box, which receives the downloaded software object. Multiple transmission of the value can be provided for redundancy. The system is particularly useful in analyzing actual or attempted attacks on the security of the software object download scheme.
62 Citations
15 Claims
-
1. A method for analyzing a failed software object authentication to determine whether a downloaded software object or a signature for the software object is suspect, comprising the steps of:
-
extracting a transmitted software object signature value s from a message m(s) carrying the signature value;
calculating an object signature value s′
from the software object, said software object being transmitted separately from said message m(s);
extracting from the software object a value v of a signature transformation function f(s);
generating a signature value s″
by applying the inverse f(s)−
1 of said signature transformation function f(s) to the extracted value v;
comparing said signature value s″
to at least one of said transmitted software object signature value s and said calculated object signature value s′
;
designating said signature value in message m(s) as suspect if s″
=s′
;
designating said software object as suspect if s″
=s; and
reporting back to a network access controller whether (1) the signature is suspect;
(2) the software object is suspect;
or (3) the signature and software object are suspect.- View Dependent Claims (2, 3, 4, 5)
first and second copies of said value v are carried at different locations of said software object for redundancy;
each of said copies is extracted from said software object;
said signature value s″
corresponds to the first copy of said value v;
a second signature value s2″
is generated for the second copy of said value v;
said method comprising the further steps of;
comparing said signature value s2″
to at least one of said transmitted object signature value s and said calculated object signature value s′
;
designating said signature value in message m(s) as suspect if s2″
=s′
;
designating said software object as suspect if s2″
=s; and
designating both said software object and said message m(s) as suspect if s2″
does not equal either s′
or s.
-
-
4. A method in accordance with claim 3 wherein said value v is appended at the beginning of said software object and at the end of said software object.
-
5. A method in accordance with claim 1 wherein both said software object and said message m(s) are designated as suspect if s″
- does not equal either s′
or s.
- does not equal either s′
-
6. A method for authenticating a downloaded software object, comprising the steps of:
-
extracting a transmitted software object signature value s from a message m(s) carrying the signature value;
calculating an object signature value s′
from the software object, said software object being transmitted separately from said message m(s);
comparing said transmitted software object signature value s to the calculated object signature value s′
;
if the values s and s′
are equal, designating said authentication as successful; and
if the values s and s′
are not equal;
comparing said calculated object signature value s′
to a signature value s″
, said signature value s″
being obtained by;
(i) extracting from the software object a value v of a signature transformation function f(s), and (ii) generating s″
by applying the inverse f(s)−
1 of said signature transformation function f(s) to the extracted value v;
designating said signature value in message m(s) as suspect if s″
=s′
;
designating said software object as suspect if s″
=s; and
reporting back to a network access controller whether (1) the signature is suspect;
(2) the software object is suspect;
or (3) the signature and software object are suspect.- View Dependent Claims (7, 8, 9, 10)
first and second copies of said value v are carried at different locations of said software object for redundancy;
each of said copies is extracted from said software object;
said signature value s″
corresponds to the first copy of said value v;
a second signature value s2″
is generated for the second copy of said value v;
said method comprising the further steps of;
comparing said signature value s2″
to at least one of said transmitted object signature value s and said calculated object signature value s′
;
designating said signature value in message m(s) as suspect if s2=s′
;
designating said software object as suspect if s2″
=s; and
designating both said software object and said message m(s) as suspect if s2″
does not equal either s′
or s.
-
-
9. A method in accordance with claim 8 wherein said value v is appended at the beginning of said software object and at the end of said software object.
-
10. A method in accordance with claim 6 wherein signatures of both said software object and said message m(s) are designated as suspect if s″
- does not equal either s′
or s.
- does not equal either s′
-
11. A user terminal for receiving and authenticating software objects from a communications network, comprising:
-
at least one computer processor;
a memory coupled to said computer processor(s) for storing software utilized by said processor(s) for authentication of the a received software object;
said software including a routine for (i) extracting a transmitted software object signature value s from a message m(s) carrying the signature value and (ii) calculating an object signature value s′
from the received software object said software object being transmitted separately from said message m(s); and
a comparison operation adapted to compare said transmitted software object signature value s to the calculated object signature value s′
;
wherein;
if the values s and s′
are equal, said authentication is designated as being successful; and
if the values s and s′
are not equal, said calculated object signature value s′
is compared to a signature value s″
, said signature value s″
being obtained by;
(i) extracting from the software object a value v of a signature transformation function f(s), and (ii) generating s″
by applying the inverse f(s)−
1 of said signature transformation function f(s) to the extracted value v;
said signature value in message m(s) is designated as being suspect if s″
=s′
;
said software object is designated as being suspect if s″
=s; and
reporting back to a network access controller whether (1) the signature is suspect;
(2) the software object is suspect;
or (3) the signature and software object are suspect.- View Dependent Claims (12, 13, 14, 15)
first and second copies of said value v are carried at different locations of said software object for redundancy;
each of said copies is extracted from said software object;
said signature value s″
corresponds to the first copy of said value v;
a second signature value s2″
is generated for the second copy of said value v;
said signature value s2″
is compared to at least one of said transmitted object signature value s and said calculated object signature value s′
;
said signature value in message m(s) is designated as suspect if s2″
=s′
;
said software object is designated as suspect if s2″
=s; and
both said software object and said message m(s) are designated as suspect if s2″
does not equal either s′
or s.
-
-
14. Apparatus in accordance with claim 13 wherein said user terminal comprises a television set-top box.
-
15. Apparatus in accordance with claim 11 wherein said user terminal comprises a television set-top box.
Specification