Trusted secure desktop

US 8,225,404 B2
Filed: 01/21/2009
Issued: 07/17/2012
Est. Priority Date: 01/22/2008
Status: Active Grant

First Claim

Patent Images

1. A method for simultaneously protecting a plurality of software components installed on a computer system against malware, comprising:

executing a trusted secure desktop simultaneously with an unsecure desktop of the computer system;

executing at least one first end user application installed on the computer system which executes in user mode on the trusted secure desktop; and

performing at least one security service operation that is initiated by said trusted secure desktop in kernel-mode at the computer system to protect the first end user application at least against a kernel-mode keylogger and a kernel-mode rootkit.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for simultaneously protecting software components (150) installed on a computer system (102) against malware. The methods involve executing a first end user application (318₁, 318₂, . . . , 318_p) to the computer system (102) which execute in user mode on a trusted secure desktop (904). The trusted secure desktop is configured to run simultaneously with an unsecure desktop (902). The methods also involve performing a security service operation to protect the first end user application against malware. The security service operations include a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, or a Domain Name System service operation.

Citations

26 Claims

1. A method for simultaneously protecting a plurality of software components installed on a computer system against malware, comprising:
- executing a trusted secure desktop simultaneously with an unsecure desktop of the computer system;
  
  executing at least one first end user application installed on the computer system which executes in user mode on the trusted secure desktop; and
  
  performing at least one security service operation that is initiated by said trusted secure desktop in kernel-mode at the computer system to protect the first end user application at least against a kernel-mode keylogger and a kernel-mode rootkit.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method according to claim 1, wherein the at least one security service operation is performed by the trusted secure desktop and an underlying security software including a user mode software configured to communicate with the trusted secure desktop and a kernel mode software configured to communicate with the user mode software and an operating system of the computer system.
  - 3. The method according to claim 1, wherein the first end user application is a web browser application.
  - 4. The method according to claim 3, further comprising storing the web browser application on the computer system in an encrypted form and decrypting the web browser application prior to being executed on the trusted secure desktop.
  - 5. The method according to claim 3, further comprising defining a landing page of the web browser application to be a predefined site.

6. A method for simultaneously protecting a plurality of software components installed on a computer system against malware, comprising:
- executing a trusted secure desktop simultaneously with an unsecure desktop of the computer system;
  
  executing at least one first end user application installed on the computer system which executes in user mode on the trusted secure desktop; and
  
  performing at least one security service operation at the computer system to protect the first end user application against malware;
  
  wherein the security service operation includes at least one operation selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System service operation.

7. A method for simultaneously protecting a plurality of software components installed on a computer system against malware, comprising:
- executing a trusted secure desktop simultaneously with an unsecure desktop of the computer system;
  
  executing at least one first end user application installed on the computer system which executes in user mode on the trusted secure desktop; and
  
  performing at least one security service operation at the computer system to protect the first end user application against malware;
  
  wherein the security service operation includes at least one operation selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System service operation; and
  
  wherein the keylogger prevention service operation comprises;
  
  temporarily breaking all connections between an operating system of the computer system and a plurality of first keyboard device drivers of the computer system; and
  
  establishing a connection between the operating system and a second keyboard device driver that has been verified to be an unpatched or untampered device driver.
- View Dependent Claims (8)
- - 8. The method according to claim 7, wherein the keylogger prevention service operation further comprises:
    - intercepting at least one function used to patch memory images of the second keyboard device driver; and
      
      preventing the function from succeeding if the function is determined to be used by malware.

9. A method for simultaneously protecting a plurality of software components installed on a computer system against malware, comprising:
- executing a trusted secure desktop simultaneously with an unsecure desktop of the computer system;
  
  executing at least one first end user application installed on the computer system which executes in user mode on the trusted secure desktop; and
  
  performing at least one security service operation at the computer system to protect the first end user application against malware;
  
  wherein the security service operation includes at least one operation selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System service operation; and
  
  wherein the code injection prevention service operation comprises;
  
  monitoring a plurality of code injection functions being performed by the computer system; and
  
  preventing at least one code injection function of the plurality of code injection functions from succeeding if the code injection function is determined to be used by malware.

10. A method for simultaneously protecting a plurality of software components installed on a computer system against malware, comprising:
- executing a trusted secure desktop simultaneously with an unsecure desktop of the computer system;
  
  executing at least one first end user application installed on the computer system which executes in user mode on the trusted secure desktop; and
  
  performing at least one security service operation at the computer system to protect the first end user application against malware;
  
  wherein the security service operation includes at least one operation selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System service operation; and
  
  wherein the screen scraper protection service operation comprises;
  
  monitoring a plurality of functions performed by the computer system used to intercept or redirect information communicated to and from a keyboard, a mouse, and a display screen;
  
  intercepting the plurality of functions; and
  
  preventing at least one function of the plurality of functions from succeeding if the function is a non-display screen function and is determined to be used by malware or at least one second end-user application running on the unsecure desktop.

11. A method for simultaneously protecting a plurality of software components installed on a computer system against malware, comprising:
- executing a trusted secure desktop simultaneously with an unsecure desktop of the computer system;
  
  executing at least one first end user application installed on the computer system which executes in user mode on the trusted secure desktop; and
  
  performing at least one security service operation at the computer system to protect the first end user application against malware;
  
  wherein the security service operation includes at least one operation selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System service operation; and
  
  wherein the screen scarper protection service operation comprises;
  
  monitoring a plurality of functions performed by the computer system used to intercept or redirect information communicated to and from a keyboard, a mouse, and a display screen;
  
  intercepting the plurality of functions; and
  
  performing the function against a screen size of a height of zero pixels and a width of zero pixels if the function is a display screen function and is determined to be used by malware or at least one second end-user application running on the unsecure desktop.

12. A method for simultaneously protecting a plurality of software components installed on a computer system against malware, comprising:
- executing a trusted secure desktop simultaneously with an unsecure desktop of the computer system;
  
  executing at least one first end user application installed on the computer system which executes in user mode on the trusted secure desktop;
  
  performing at least one security service operation that is initiated by said trusted secure desktop in kernel-mode at the computer system to protect the first end user application at least against kernel-mode malware;
  
  scanning program data stored in a memory device of the computer system associated with a plurality of user mode and kernel mode applications running on the unsecure desktop for malware prior to launching the trusted secure desktop and the first end user application; and
  
  preventing at least one of the trusted secure desktop and the first end user application from launching if the program data includes the malware.
- View Dependent Claims (13)
- - 13. The method according to claim 12, further comprisingrunning an anti-virus/spyware software installed on the computer system to identify and remove the malware from the computer system;
    - andallowing the trusted secure desktop and the first end user application to be launched subsequent to the removal of the malware from the computer system.

14. A method for simultaneously protecting a plurality of software components installed on a computer system against malware, comprising:
- executing a trusted secure desktop simultaneously with an unsecure desktop of the computer system;
  
  executing at least one first end user application installed on the computer system which executes in user mode on the trusted secure desktop; and
  
  performing at least one security service operation at the computer system to protect the first end user application against malware;
  
  wherein the security service operation includes at least one operation selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System service operation; and
  
  wherein the Domain Name System service operation comprises;
  
  generating a DNS resolution request at the computer system;
  
  communicating the DNS resolution request from the computer system to a DNS server computer system for translation of a domain name for a network site to a numerical identifier; and
  
  receiving the numerical identifier at the computer system.

15. A computer system, comprising:
- a computer readable medium having a plurality of instructions stored thereon; and
  
  at least one processing device communicatively coupled to the computer readable medium and configured for executing the plurality of instructions that cause the computer system to (a) execute a trusted secure desktop simultaneously with an unsecure desktop, (b) execute a first end user application on the trusted secure desktop, and (c) perform at least one security service operation that is initiated by said trusted secure desktop in kernel-mode to protect the first end user application at least against a kernel-mode keylogger and a kernel-mode rootkit.
- View Dependent Claims (16, 17, 18)
- - 16. The computer system according to claim 15, wherein the security service operation is performed by the trusted secure desktop and an underlying security software including a user mode software configured to communicate with the trusted secure desktop and a kernel mode software configured to communicate with the user mode software and an operating system of the computer system.
  - 17. The computer system according to claim 15, wherein the first end user application is a web browser application.
  - 18. The computer system according to claim 17, wherein the web browser application is stored on the computer readable medium in an encrypted format, and the processing device is further configured for decrypting the web browser application prior to being executed on the first desktop.

19. A computer system, comprising:
- a computer readable medium having a plurality of instructions stored thereon; and
  
  at least one processing device communicatively coupled to the computer readable medium and configured for executing the plurality of instructions that cause the computer system to (a) execute a trusted secure desktop simultaneously with an unsecure desktop, (b) execute a first end user application on the trusted secure desktop, and (c) perform at least one security service operation to protect the first end user application against malware;
  
  wherein the security service operation is selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System (DNS) service operation.

20. A computer system, comprising:
- a computer readable medium having a plurality of instructions stored thereon; and
  
  at least one processing device communicatively coupled to the computer readable medium and configured for executing the plurality of instructions that cause the computer system to (a) execute a trusted secure desktop simultaneously with an unsecure desktop, (b) execute a first end user application on the trusted secure desktop, and (c) perform at least one security service operation to protect the first end user application against malware;
  
  wherein the security service operation is selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System (DNS) service operation; and
  
  wherein the keylogger prevention service operation comprisestemporarily breaking all connections between an operating system of the computer system and a plurality of first keyboard device drivers of the computer system, andestablishing a connection between the operating system and a second keyboard device driver that has been verified to be an unpatched or untampered device driver.
- View Dependent Claims (21)
- - 21. The computer system according to claim 20, wherein the keylogger prevention service operation further comprisesintercepting at least one function used to patch memory images of the second keyboard device driver, andpreventing the function from succeeding if the function is being used by malware.

22. A computer system, comprising:
- a computer readable medium having a plurality of instructions stored thereon; and
  
  at least one processing device communicatively coupled to the computer readable medium and configured for executing the plurality of instructions that cause the computer system to (a) execute a trusted secure desktop simultaneously with an unsecure desktop, (b) execute a first end user application on the trusted secure desktop, and (c) perform at least one security service operation to protect the first end user application against malware;
  
  wherein the security service operation is selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System (DNS) service operation; and
  
  wherein the code injection prevention operation comprisesmonitoring a plurality of code injection functions being performed by the computer system, andpreventing at least one code injection function of the plurality of code injection functions from succeeding if the code injection function is being used by malware.

23. A computer system, comprising:
- a computer readable medium having a plurality of instructions stored thereon; and
  
  at least one processing device communicatively coupled to the computer readable medium and configured for executing the plurality of instructions that cause the computer system to (a) execute a trusted secure desktop simultaneously with an unsecure desktop, (b) execute a first end user application on the trusted secure desktop, and (c) perform at least one security service operation to protect the first end user application against malware;
  
  wherein the security service operation is selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System (DNS) service operation; and
  
  wherein the screen scraper protection operation comprisesmonitoring a plurality of functions performed by the computer system used to intercept or redirect information communicated to and from a keyboard, a mouse, and a display screen,intercepting the plurality of functions, andpreventing at least one function of the plurality of functions from succeeding if the function is a non-display screen function and is being used by malware or at least one second end-user application running on the unsecure desktop.

24. A computer system, comprising:
- a computer readable medium having a plurality of instructions stored thereon; and
  
  at least one processing device communicatively coupled to the computer readable medium and configured for executing the plurality of instructions that cause the computer system to (a) execute a trusted secure desktop simultaneously with an unsecure desktop, (b) execute a first end user application on the trusted secure desktop, and (c) perform at least one security service operation to protect the first end user application against malware;
  
  wherein the security service operation is selected from the group consisting of a keylogger prevention service operation, a code injection prevention service operation, a screen scraper protection service operation, a process termination prevention service operation, and a Domain Name System (DNS) service operation; and
  
  wherein the screen scraper protection operation comprisesmonitoring a plurality of functions performed by the computer system used to intercept or redirect information communicated to and from a keyboard, a mouse, and a display screen,intercepting the plurality of functions, andperforming the function against a screen size of a height of zero pixels and a width of zero pixels if the function is a display screen function and is being used by malware or at least one second end-user application running on the unsecure desktop.

25. A computer system, comprising:
- a computer readable medium having a plurality of instructions stored thereon; and
  
  at least one processing device communicatively coupled to the computer readable medium and configured for executing the plurality of instructions that cause the computer system to (a) execute a trusted secure desktop simultaneously with an unsecure desktop, (b) execute a first end user application on the trusted secure desktop, and (c) perform at least one security service operation that is initiated by said trusted secure desktop in kernel-mode to protect the first end user application at least against kernel-mode malware;
  
  wherein the processing device is further configured forscanning program data stored in the computer system associated with a plurality of user mode and kernel mode applications running on the unsecure desktop for malware prior to launching the trusted secure desktop and the first end user application; and
  
  preventing at least one of the trusted secure desktop and the first end user application from launching if the program data includes the malware.
- View Dependent Claims (26)
- - 26. The computer system according to claim 25, wherein the processing device is further configured forrunning an anti-virus/spyware software to identify and remove the malware from the computer system, andallowing the trusted secure desktop and the first end user application to be launched subsequent to the removal of the malware from the computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wontok, Inc. (Wontok Enterprises Pty Ltd.)
Original Assignee
Wontok, Inc. (Wontok Enterprises Pty Ltd.)
Inventors
Freericks, Helmuth, Kouznetsov, Oleg, Sharp, John C.
Primary Examiner(s)
Gergiso, Techane

Application Number

US12/356,724
Publication Number

US 20090187991A1
Time in Patent Office

1,273 Days
Field of Search

726/24, 713/164
US Class Current

726/24
CPC Class Codes

G06F 21/57 Certifying or maintaining t...

Trusted secure desktop

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted secure desktop

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links