Method and system for protecting against the execution of unauthorized software

US 8,239,686 B1
Filed: 04/27/2006
Issued: 08/07/2012
Est. Priority Date: 04/27/2006
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

initializing a central processing unit (CPU) exception vector table of a client with one or more vector table entries, each of the one or more vector table entries referencing a corresponding event handler that is used to process an exception event, wherein at least one vector table entry directs a CPU of the client to execute a code authentication process, the code authentication process being performed every time an exception event occurs on the client;

in response to detecting an exception event associated with the at least one vector table entry, executing the code authentication process to authenticate a segment of executable code stored in memory, wherein the code authentication process identifies non-conforming or unauthorized code before the non-conforming or unauthorized code is executed; and

in response to the code authentication process determining that the segment of executable code is conforming or authorized code, executing an event handler associated with the at least one vector table entry;

wherein the code authentication process authenticates the segment of executable code by calculating a first hash value for a portion of executable code stored in memory, and then, determining whether the first hash value matches a second hash value read from a table of hash values.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In accordance with an embodiment of the present invention, a client device is protected against the execution of unauthorized software. The client includes a code authentication process that verifies the integrity of executable code, by generating and comparing a first hash value of the executable code with a known hash value of the original code. Furthermore, during boot-up, the client initializes a CPU exception vector table with one or more vector table entries. One or more, or all, of the vector table entries direct the CPU to execute the code authentication process prior to executing an event handler when an exception event occurs. Consequently, the code authentication process is virtually guaranteed to execute, thereby protecting against the execution of unauthorized code.

Citations

22 Claims

1. A computer-implemented method comprising:
- initializing a central processing unit (CPU) exception vector table of a client with one or more vector table entries, each of the one or more vector table entries referencing a corresponding event handler that is used to process an exception event, wherein at least one vector table entry directs a CPU of the client to execute a code authentication process, the code authentication process being performed every time an exception event occurs on the client;
  
  in response to detecting an exception event associated with the at least one vector table entry, executing the code authentication process to authenticate a segment of executable code stored in memory, wherein the code authentication process identifies non-conforming or unauthorized code before the non-conforming or unauthorized code is executed; and
  
  in response to the code authentication process determining that the segment of executable code is conforming or authorized code, executing an event handler associated with the at least one vector table entry;
  
  wherein the code authentication process authenticates the segment of executable code by calculating a first hash value for a portion of executable code stored in memory, and then, determining whether the first hash value matches a second hash value read from a table of hash values.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computer-implemented method of claim 1, wherein the table of hash values is generated by a production server and written to the client during production of the client, and the table of hash values includes hash values calculated for a plurality of segments of executable code.
  - 3. The computer-implemented method of claim 1, further comprising:
    - during a power-on procedure, executing a system integrity authenticator to authenticate boot-loader code stored in a non-volatile memory, wherein the boot-loader code, when executed by the CPU, causes the client to i) load an operating system into memory and ii) initialize said CPU exception vector table.
  - 4. The computer-implemented method of claim 1, further comprising:
    - during a power-on procedure, executing a system integrity authenticator to authenticate boot-loader code stored in a non-volatile memory, wherein the boot-loader code, when executed by the CPU, causes the client to load an operating system into memory and said operating system initializes said CPU exception vector table.
  - 5. The computer-implemented method of claim 4, wherein the system integrity authenticator is executed by a security processor so as to prevent the CPU from executing the boot-loader code until the system integrity authenticator has verified the integrity of the boot-loader code.
  - 6. The computer-implemented method of claim 4, wherein the system integrity authenticator verifies the integrity of the boot-loader code by calculating a first hash value for boot-loader code stored in memory, and then, determining whether the first hash value matches a second hash value, wherein the second hash value is programmed into a non-volatile memory with the boot-loader code during production of the client.
  - 7. The computer-implemented method of claim 4, wherein the system integrity authenticator verifies the integrity of the boot-loader code by reading a digital signature for the boot-loader code from memory, and decrypting the digital signature to obtain a first hash value, and then comparing the first hash value with a second hash value generated by analyzing the boot-loader code in memory.
  - 8. The computer-implemented method of claim 7, wherein the digital signature is decrypted with a key that is known only to a security processor executing the integrity authenticator.
  - 9. The computer-implemented method of claim 8, wherein the digital signature is generated by (i) generating the first hash value by analyzing the boot-loader code on a production server during production of the client, (ii) encrypting the first hash value with a copy of the key that is known only to the security processor executing the integrity authenticator, and (iii) programming the digital signature into a non-volatile memory along with the boot-loader code.
  - 10. The computer-implemented method of claim 8, wherein the digital signature is generated by (i) generating the first hash value by analyzing the boot-loader code, and (ii) computing the digital signature as a function of the first hash value and a secret key, such that, the digital signature can be verified only by an entity with access to the secret key.
  - 11. The computer-implemented method of claim 4, wherein the system integrity authenticator periodically authenticates code corresponding to the executable code authentication process so as to ensure that the code corresponding to the code authentication process has not been modified since being loaded onto the client.
  - 12. The computer-implemented method of claim 4, wherein the system integrity authenticator periodically authenticates a table of hash values so as to ensure that the table of hash values has not been modified since being loaded onto the client.

13. A client comprising:
- a central processing unit (CPU);
  
  a security processor; and
  
  a memory device storing boot-loader instructions, which, when executed, causes the client to;
  
  (i) initialize a CPU exception vector table with one or more vector table entries, each of the one or more vector table entries referencing a corresponding event handler that is used to process an exception event, wherein at least one vector table entry directs the CPU to execute a code authentication process, the code authentication Process being performed every time an exception event occurs on the client;
  
  (ii) in response to detecting an exception event associated with the at least one vector table entry, execute the code authentication process to authenticate a segment of executable code stored in memory, wherein the code authentication process identifies non-conforming or unauthorized code before the non-conforming or unauthorized code is executed; and
  
  (iii) in response to the code authentication process determining that the segment of executable code is conforming or authorized code, executing an event handler associated with the at least one vector table entry;
  
  wherein the code authentication process authenticates the segment of executable code by calculating a first hash value for a portion of executable code stored in memory, and then, determining whether the first hash value matches a second hash value read from a table of hash values.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The client of claim 13, wherein, the segment of executable code stored in memory corresponds to boot-loader instructions stored in memory.
  - 15. The client of claim 14, wherein the security processor includes a system integrity authenticator, and during a power-on procedure, the system integrity authenticator is to authenticate the boot-loader instructions stored in the memory, wherein the boot-loader instructions, when executed by the CPU, cause the client to (i) load an operating system into memory, and (ii) initialize said CPU exception vector table.
  - 16. The client of claim 15, wherein the system integrity authenticator verifies the integrity of the boot-loader instructions by reading a digital signature for the boot-loader instructions from memory, and decrypting the digital signature to obtain the first hash value, and then comparing the first hash value with the second hash value generated by analyzing the boot-loader instructions in memory.
  - 17. The client of claim 16, wherein the digital signature is generated by (i) generating the first hash value by analyzing the boot-loader instructions on a production server during production of the client, (ii) encrypting the first hash value with a copy of a key that is known only to the security processor executing the integrity authenticator, and (iii) programming the digital signature into the memory along with the boot-loader instructions.

18. A non-transitory computer-readable medium storing instructions which, when executed by a client, causes the client to:
- initialize a central processing unit (CPU) exception vector table of the client with one or more vector table entries, each of the one or more vector table entries referencing a corresponding event handler that is used to process an exception event, wherein at least one vector table entry directs a CPU of the client to execute a code authentication process, the code authentication process being performed every time an exception event occurs on the client;
  
  in response to detecting an exception event associated with the at least one vector table entry, execute the code authentication process to authenticate a segment of executable code stored in memory, wherein the code authentication process identifies non-conforming or unauthorized code before the non-conforming or unauthorized code is executed; and
  
  in response to the code authentication process determining that the segment of executable code is conforming or authorized code, execute an event handler associated with the at least one vector table entry;
  
  wherein the code authentication process authenticates the segment of executable code by calculating a first hash value for a portion of executable code stored in memory, and then, determining whether the first hash value matches a second hash value read from a table of hash values.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The non-transitory computer-readable medium of claim 18, wherein the segment of executable code stored in memory corresponds to boot-loader instructions stored in memory.
  - 20. The non-transitory computer-readable medium of claim 19, storing further instructions which, when executed by the client, cause the client to:
    - authenticate the boot-loader instructions stored in the memory prior to executing the boot-loader instructions, wherein the boot-loader instructions, when executed by the CPU, cause the client to i) load an operating system into memory and ii) initialize said CPU exception vector table.
  - 21. The non-transitory computer-readable medium of claim 19, storing further instructions which, when executed by the client, cause the client to:
    - verify the integrity of the boot-loader instructions by reading a digital signature for the boot-loader instructions from memory, anddecrypting the digital signature to obtain the first hash value, and then comparing the first hash value with the second hash value generated by analyzing the boot-loader instructions in memory.
  - 22. The non-transitory computer-readable medium of claim 19, storing further instructions which, when executed by the client, cause the client to:
    - prevent the CPU from executing boot-loader instructions until a system integrity authenticator has verified the integrity of the boot-loader instructions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NBC Universal Media LLC (Comcast Corporation)
Original Assignee
Vudu Incorporated (Comcast Corporation)
Inventors
Hodzic, Edin, Goodman, Andrew M., Ganesan, Prasanna
Primary Examiner(s)
Patel, Nirav B

Application Number

US11/413,392
Time in Patent Office

2,294 Days
Field of Search

713187-189, 713/193, 713164-167, 713/176, 713/180, 713/181, 726/22, 726/26, 726/27, 726/30, 717/126, 717/127, 717/129, 717/131, 705/50, 705/51, 705/56, 714/37, 714/38, 714/39, 380200-202
US Class Current

713/187
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/52   during program execution, e...

G06F 21/575   Secure boot

Method and system for protecting against the execution of unauthorized software

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for protecting against the execution of unauthorized software

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links