Profile protection
First Claim
1. A computer-implemented method for protecting interoperation between pieces of software running on a computing device having a plurality of blobs of data stored in a central hierarchical database, each blob comprising profile data associated with a software component, a signature and a verifier, the computer-implemented method comprising:
- by a log-on module running on the computing device, initiating access to profile data stored in a blob of the plurality of blobs in the central hierarchical database of the computing device, the log-on module having a public calling key and a private calling key, the log-on module sending a random salt value to second piece of software running on the computing device and having a private library key of a public library key/private library key pair, the profile data being encrypted with the private calling key, the signature of the blob being a checksum of at least the profile data signed with the public library key and the verifier of the blob being a checksum of at least the profile data signed with the public calling key;
with the second piece of software;
finding the blob in the central hierarchical database of the computing device, the finding comprising decrypting the blob using the private library key,computing a first computed checksum based at least in part on the profile data and the random salt value, andsending the first computed checksum and at least a portion of the blob to the log-on module; and
with the log-on module;
computing a second computed checksum based at least in part on the random salt value and information provided by the second software component,comparing the first computed checksum with the second computed checksum andtaking security error measures when the first and second computed checksums do not match,wherein;
the second piece of software is an obfuscated piece of software, andthe private library key is private to the second piece of software and is inaccessible to the log-on module.
2 Assignments
0 Petitions
Accused Products
Abstract
Tampering with pieces of software is inhibited. Profiles are stored in a central hierarchical database and such profiles are protected from tampering. The obfuscation of a software image so as to becloud the comprehension of hackers in reverse engineering pieces of software comprising the software image is provided. A process of verifying whether the pieces of software together constitute a software package that requires protection from tampering is also provided.
46 Citations
18 Claims
-
1. A computer-implemented method for protecting interoperation between pieces of software running on a computing device having a plurality of blobs of data stored in a central hierarchical database, each blob comprising profile data associated with a software component, a signature and a verifier, the computer-implemented method comprising:
-
by a log-on module running on the computing device, initiating access to profile data stored in a blob of the plurality of blobs in the central hierarchical database of the computing device, the log-on module having a public calling key and a private calling key, the log-on module sending a random salt value to second piece of software running on the computing device and having a private library key of a public library key/private library key pair, the profile data being encrypted with the private calling key, the signature of the blob being a checksum of at least the profile data signed with the public library key and the verifier of the blob being a checksum of at least the profile data signed with the public calling key; with the second piece of software; finding the blob in the central hierarchical database of the computing device, the finding comprising decrypting the blob using the private library key, computing a first computed checksum based at least in part on the profile data and the random salt value, and sending the first computed checksum and at least a portion of the blob to the log-on module; and with the log-on module; computing a second computed checksum based at least in part on the random salt value and information provided by the second software component, comparing the first computed checksum with the second computed checksum and taking security error measures when the first and second computed checksums do not match, wherein; the second piece of software is an obfuscated piece of software, and the private library key is private to the second piece of software and is inaccessible to the log-on module. - View Dependent Claims (2, 3, 4, 13, 14, 15, 16, 17, 18)
-
-
5. A computer-readable medium having executable instructions stored thereon for implementing a computer-implemented method for protection interoperation between pieces of software, the computer-implemented method comprising:
-
initiating access to a profile stored in a central hierarchical database by a first piece of software, the initiating comprising the first piece of software sending a random salt value to a second piece of software; after receiving the random salt value by the second piece of software, the second piece of software having a private library key of a public library key/private library key pair, and the second piece of software; finding the profile in the central hierarchical database, the finding comprising decrypting the profile using the private library key, verifying, based on the profile, that software executing on the computing device has not been tampered with, computing a first checksum based at least in part on the profile, the random salt value and a result of operation of the second piece of software, and sending the first checksum and at least a portion of the profile to the first piece of software; after receiving the first checksum and the at least a portion of the profile by the first piece of software, computing a second checksum; comparing the first checksum with the second checksum; and concluding that tampering has occurred and taking security error measures when the first checksum does not match the second checksum. - View Dependent Claims (6, 7, 8)
-
-
9. A system for protecting interoperation between pieces of software running on a computing device, the system comprising:
-
a central hierarchical database for storing a plurality of profiles, the plurality of profiles each comprising a plurality of components and placement information indicating location of each of the components within the profile such that the profiles have differing arrangements of their respective contents to inhibit tampering; means for initiating access to a profile of hardware and/or language information stored in the central hierarchical database by a log-on module running on the computing device having a public calling key and a private calling key, the log-on module receiving and validating a user name and password and sending information including a random salt value; after receiving the information by a second piece of software running on the computing device and having a private library key of a public library key/private library key pair, the second piece of software executing a means for; finding the profile in the central hierarchical database, decrypting the profile using the private library key, determining whether software associated with the profile has been tampered with, computing a first checksum of a collection of information that includes at least a first portion of the profile, a result of operation of the second piece of software and the random salt value, and sending the first checksum and at least a second portion of the profile to the log-on module, wherein the means for finding the profile accesses the placement information to determine the location within the profile of the collection of information. - View Dependent Claims (10, 11, 12)
-
Specification