Prevention of software tampering

US 7,478,233 B2
Filed: 05/30/2002
Issued: 01/13/2009
Est. Priority Date: 05/30/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method for protecting against software tampering in a node in a distributed computing system, comprising:

(a) encrypting a message using a predetermined encryption algorithm at a first node, wherein the predetermined encryption algorithm uses a protection key based at least in part on node-specific information of the first node and at the first node any new activity resulting from a new software module introduction that would subsequently be copied or transferred to a second node must be first validated at the first node and, the node-specific information changes if node software in the first node is altered by an underlying change in the composition of node-specific information;

(b) sending the encrypted message to a second node along with the underlying change in the composition of the node-specific information of the first node if a change occurs at the first node by the new software module introduction; and

(c) receiving the encrypted message at the second node along with the underlying change in the composition of the node-specific information of the first node if a change occurs at the first node by the new software introduction;

(d) decrypting the encrypted message using the predetermined encryption algorithm and an authentication key, wherein the authentication key is based at least in part on node specific information of the second node, wherein the node-specific information changes if node software in the first node is altered by an underlying change in the composition of the node-specific information; and

(e) periodically changing the predetermined encryption algorithm or the node-specific information upon which the protection and authentication keys are based.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a distributed computing architecture, a method and system for authenticating a message as originating from an unaltered or unmodified node is provided. Prior to sending a messages, a black box software module in a node validates the node to determine whether the node has been altered or modified without authorization. Once validated, the black box alters a message, using a black box protection scheme, in such a manner that the message can be subsequently authenticated. The black box module sends the altered message to a peer node, whose own black box authenticates the message using an authentication scheme corresponding to the protection scheme. Because validation is performed, each node may assume that the message originated from an unaltered node. The protection and/or validation scheme can be changed in regular intervals so that attackers do not have time to reverse engineer the black box. Alternatively, validation may be skipped and the key used to alter/protect each message may be based on the environment of the node performing the alteration/protection, so that nodes that have been altered will generate different keys than unaltered nodes, and will not be able to communicate.

Citations

23 Claims

1. A method for protecting against software tampering in a node in a distributed computing system, comprising:
- (a) encrypting a message using a predetermined encryption algorithm at a first node, wherein the predetermined encryption algorithm uses a protection key based at least in part on node-specific information of the first node and at the first node any new activity resulting from a new software module introduction that would subsequently be copied or transferred to a second node must be first validated at the first node and, the node-specific information changes if node software in the first node is altered by an underlying change in the composition of node-specific information;
  
  (b) sending the encrypted message to a second node along with the underlying change in the composition of the node-specific information of the first node if a change occurs at the first node by the new software module introduction; and
  
  (c) receiving the encrypted message at the second node along with the underlying change in the composition of the node-specific information of the first node if a change occurs at the first node by the new software introduction;
  
  (d) decrypting the encrypted message using the predetermined encryption algorithm and an authentication key, wherein the authentication key is based at least in part on node specific information of the second node, wherein the node-specific information changes if node software in the first node is altered by an underlying change in the composition of the node-specific information; and
  
  (e) periodically changing the predetermined encryption algorithm or the node-specific information upon which the protection and authentication keys are based.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the predetermined encryption algorithm is changed when a predetermined event occurs.
  - 3. The method of claim 2, wherein the predetermined event comprises a predetermined amount of time having elapsed.
  - 4. The method of claim 1, wherein the predetermined encryption algorithm is changed when the predetermined algorithm has been compromised.
  - 5. The method of claim 1, wherein the predetermined encryption algorithm comprises encrypting an asymmetric key using a symmetric key.
  - 6. The method of claim 1, wherein the predetermined encryption algorithm comprises a symmetric encryption algorithm.
  - 7. The method of claim 1, wherein the predetermined encryption algorithm comprises hashing.
  - 8. The method of claim 1, wherein the predetermined encryption algorithm comprises watermarking.
  - 9. The method of claim 1, further comprising:
    - (f) determining whether a new predetermined encryption algorithm is available when step (d) fails to decrypt the received encrypted message; and
      
      (g) when a new predetermined encryption algorithm is available, the second node retrieving the new predetermined algorithm and decrypting the received encrypted message using the new predetermined algorithm.
  - 10. The method of claim 9, further comprising ignoring the received encrypted message when either a new predetermined algorithm is not available in step (f), or the decryption of step (g) fails.

11. A method for validating a node in a distributed computing system, comprising:
- (a) validating a host node using a predetermined validation scheme based on physical characteristics of the host node and any managed agents including any independent nodes that communicate through the host node within the distributed computing system to allow dynamic changes to the host node without having to previously communicate the changes to a centralized server;
  
  (b) encrypting a message using a predetermined key and a predetermined encryption algorithm when the host node is successfully validated in step (a);
  
  (c) sending the encrypted message to a peer node;
  
  (d) receiving the encrypted message at the peer node;
  
  (e) validating the peer node using the predetermined validation scheme based on physical characteristics of the peer node and, when validation is successful, decrypting the encrypted message using the predetermined key and the predetermined encryption algorithm; and
  
  (f) changing the predetermined validation scheme when a predetermined event occurs.
- View Dependent Claims (12, 13)
- - 12. The method of claim 11, wherein the physical characteristics of the host node comprise physical characteristics of an executable image in a memory of the host node.
  - 13. The method of claim 11, further comprising:
    - (g) determining whether a new predetermined algorithm is available when step (e) fails to decrypt the received encrypted message; and
      
      (h) when a new predetermined algorithm is available, the peer node retrieving the new predetermined algorithm and decrypting the received message using the new predetermined algorithm.

14. Distributed computer system comprising:
- a node that authenticates a peer node based on a received messagea protection module for altering messages using a predetermined algorithm that allows each message to be subsequently authenticated, and a protection key based at least in part on node specific information that includes specific parameter information relating to a security control routine and a node that introduces the peer node acting as an independent agent, allows the peer node acting as an independent agent to run on the node that conducts the introduction, and to allows the node that conducts the introduction to evaluate whether the peer node acting as an independent agent alters node software present on the node conducting the introduction;
  
  an authentication module for authenticating altered messages received from other nodes using the predetermined algorithm and an authentication key based at least in part on the node specific information;
  
  control logic that permits the node to process a message when the message is successfully authenticated by the authentication module; and
  
  wherein the control logic, when the authentication module unsuccessfully authenticates the message, polls a server to determine whether a new predetermined algorithm is available and, if so, retrieves the new predetermined algorithm from the server for use by the protection and authentication modules.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22)
- - 15. The node of claim 14, further comprising a validation module that validates the node based on a physical characteristic of the node, and where successful validation is required prior to performing protection or authentication by the protection module and authentication module, respectively.
  - 16. The node of claim 15, wherein the predetermined algorithm comprises encrypting an asymmetric key using a symmetric key.
  - 17. The node of claim 15, wherein the predetermined algorithm comprises a symmetric encryption algorithm.
  - 18. The node of claim 14, wherein the predetermined algorithm comprises hashing.
  - 19. The node of claim 14, wherein the predetermined algorithm comprises watermarking.
  - 20. The node of claim 14, wherein the node further comprises control logic that checks for a new predetermined algorithm when a predetermined event occurs.
  - 21. The node of claim 14, wherein the predetermined event comprises a predetermined amount of time having elapsed.
  - 22. The node of claim 14, further comprising control logic that causes the node to ignore the message when either no new predetermined algorithm is available, or the decryption module fails to decrypt the message using the new predetermined algorithm.

23. A computer storage readable medium storing computer readable instructions that, when executed, cause a computer system to perform a method for validating a sending node, comprising:
- validating the sending node using a predetermined validation scheme based on characteristics of a program environment provided by the sending node, by comparing elements of the program environment to expected values to allow a dynamic change to the characteristics of a program environment of the sending node, without having to communicate the change to a centralized server;
  
  when the comparing step is successful, encrypting a message to be sent to a peer node based on a predetermined encryption algorithm, wherein the predetermined encryption algorithm includes a protection key that is based on node specific information corresponding to the sending node that includes specific parameter information relating to a security routine and an evaluation by the sending node to determine whether the dynamic change to the characteristics of a program environment of the sending node are present; and
  
  periodically changing the predetermined validation scheme and the node-specific information on which the protection key is based.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Zinda, Eric K., Olson, Erik B.
Primary Examiner(s)
Moise; Emmanuel L
Assistant Examiner(s)
GERGISO, TECHANE

Application Number

US10/157,117
Publication Number

US 20030226007A1
Time in Patent Office

2,420 Days
Field of Search

713/150, 713/161, 726/21, 380/280
US Class Current

713/150
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

Prevention of software tampering

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Prevention of software tampering

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links