Methods, apparatus and articles of manufacture for computer file integrity and baseline maintenance

US 8,266,113 B2
Filed: 04/01/2003
Issued: 09/11/2012
Est. Priority Date: 04/01/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A method of ensuring file integrity on a computer system in a networked environment that includes a plurality of computing components to be secured comprising:

hashing a file and obtaining a first hash code for said file;

storing on said system a second hash code wherein said second hash code corresponds with a baseline integrity condition;

comparing said first hash code for said file to said stored second hash code, wherein said stored second hash code securely preexists on said system, said stored second hash code being stored in a secure area;

maintaining the integrity of the computer system by requesting a copy of said file from a server if said comparison is false by sending with said request a notification that the request seeks a replacement for the file and a hash code identifying the file, wherein the hash code identifying the file corresponds with the second hash code;

receiving said copy of said file from said server;

hashing said copy of said file and obtaining a third hash code for said copy of said file;

comparing said third hash code for said copy of said file to said stored second hash code;

and, installing said copy of said file if said second comparison is true to return said computer system to an integrity condition corresponding to a baseline wherein said second hash code corresponds with said file;

wherein said second hash code is static for said integrity condition;

wherein at least a plurality of computers on said network are secured by an integrity condition corresponding to said baseline; and

wherein the method identifies the integrity condition of a plurality of computers on the network through the comparison with said second hash code to determine whether the files on said plurality of computing components to be secured are secure.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Apparatus, methods and articles of manufacture for file integrity and baseline maintenance on a computer system or systems are shown. A file integrity check is made of files on a system by hashing the files and comparing the hash to a stored hash of the files. If the comparison is false, the system requests a copy of the file from a server, which may be unknown or untrusted. The system then compares the received file to the stored hash. If the comparison is true, the copy of the file will be installed on the system. If false, the system repeats the request.

Citations

36 Claims

1. A method of ensuring file integrity on a computer system in a networked environment that includes a plurality of computing components to be secured comprising:
- hashing a file and obtaining a first hash code for said file;
  
  storing on said system a second hash code wherein said second hash code corresponds with a baseline integrity condition;
  
  comparing said first hash code for said file to said stored second hash code, wherein said stored second hash code securely preexists on said system, said stored second hash code being stored in a secure area;
  
  maintaining the integrity of the computer system by requesting a copy of said file from a server if said comparison is false by sending with said request a notification that the request seeks a replacement for the file and a hash code identifying the file, wherein the hash code identifying the file corresponds with the second hash code;
  
  receiving said copy of said file from said server;
  
  hashing said copy of said file and obtaining a third hash code for said copy of said file;
  
  comparing said third hash code for said copy of said file to said stored second hash code;
  
  and, installing said copy of said file if said second comparison is true to return said computer system to an integrity condition corresponding to a baseline wherein said second hash code corresponds with said file;
  
  wherein said second hash code is static for said integrity condition;
  
  wherein at least a plurality of computers on said network are secured by an integrity condition corresponding to said baseline; and
  
  wherein the method identifies the integrity condition of a plurality of computers on the network through the comparison with said second hash code to determine whether the files on said plurality of computing components to be secured are secure.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. A method as in claim 1 wherein said stored second hash code is stored in a database comprising a plurality of stored hash codes wherein said database of stored hash codes comprises aggregate data comprising hash codes for a set of files to be secured and maintained within the network environment, wherein said set of files to be secured and maintained include files on different computing components that have different files stored thereon but which include at least some files that are to be securely maintained to represent an integrity condition, and wherein said database of stored hash codes corresponds with files on a plurality of computers on the network.
  - 3. A method as in claim 2 wherein said database comprising a plurality of stored hash codes is presupplied to said computer system.
  - 4. A method as in claim 1 wherein hashing a file and obtaining a first hash code for said file further comprises hashing a file and obtaining an MD5 hash code for said file.
  - 5. A method as in claim 1 wherein hashing a file and obtaining a first hash code for said file occurs on a predetermined basis.
  - 6. A method as in claim 1 further comprising comparing said first hash code for said file to a stored second hash code and logging the results.
  - 7. A method as in claim 1 wherein requesting a copy of said file from a server if said comparison is false further comprises requesting a copy of said file from a server over a network if said comparison is false.
  - 8. A method as in claim 1 wherein requesting a copy of said file from a server if said comparison is false further comprises anonymously requesting a copy of said file from a server over a network if said comparison is false.
  - 9. A method as in claim 1 wherein requesting a copy of said file from a server if said comparison is false further comprises requesting a copy of said file from an unknown server over a network if said comparison is false.
  - 10. A method as in claim 1 wherein said requesting a copy of said file from a server if said comparison is false further comprises requesting a copy of said file from a server if said comparison is false, using said stored second hash code and an initial requesting signal.
  - 11. A method as in claim 1, wherein said baseline is dynamically provided, and wherein said second hash code is stored in at least one maintenance index file that comprises a reference index file or a hierarchical index file, and wherein said maintenance index file is cross checked with one or more other maintenance index file that is a reference index file to confirm that it corresponds with an integrity condition.
  - 12. A method as in claim 11, wherein said baseline is generated using cross-checks among computing components on the network and wherein said stored hash representing said baseline integrity condition for said plurality of computing components is constructed from cross-checks among computing components on the network by comparing a first maintenance index file of one computing component to a second maintenance index file of another computing component, andwherein said at least one of said first and second maintenance index files is hierarchical in relation to the other of said at least one of said first and second maintenance index files.
  - 13. A method as in claim 1, wherein said baseline integrity condition corresponds with a hierarchical tree structure and wherein the method includes creating a plurality of maintenance index files, providing a single maintenance index file to define an entire set of files for said baseline integrity condition, and wherein the method further includes carrying out cross checks among one or more maintenance index files, wherein each said hierarchical maintenance index file is referential relative to at least one or more other maintenance index files.

14. A method of ensuring file integrity on a computer system in a networked environment that includes a plurality of computing components to be secured, the method comprising:
- providing a maintenance index file and securely storing said maintenance index file on at least one computing component;
  
  hashing a file and obtaining a first hash code for said file;
  
  comparing said first hash code for said file to a second stored hash code wherein said stored second hash code securely preexists on said system and is stored within said maintenance index file;
  
  anonymously requesting a copy of said file from an unknown server, over a network, if said comparison is false;
  
  receiving said copy of said file from said unknown server;
  
  hashing said copy of said file and obtaining a third hash code for said copy of said file;
  
  comparing said third hash code for said copy of said file to said second hash code for said file; and
  
  , installing said copy of said file if said second comparison is true.
- View Dependent Claims (15, 16, 17)
- - 15. A method as in claim 14 further comprising logging said server that provided said copy of said file when said second comparison resulted in a true value, and refining further anonymous requests for a copy of said file based on the result of said returned true value.
  - 16. A method as in claim 14 further comprising logging said server that provided said copy of said file when said second comparison resulted in a false value, and refining further anonymous requests for a copy of said file based on the result of said returned false value.
  - 17. A method as in claim 14 wherein anonymously requesting a copy of said file from an unknown server, over a network, if said comparison is false further comprises anonymously requesting a copy of said file from an unknown server, over a network, if said comparison is false, using said second stored hash code and an initial requesting signal.

18. An apparatus for ensuring file integrity on a computer system comprising a networked environment of a plurality of computing components to be secured, the apparatus comprising:
- means including computer hardware containing software programmed with instructions for hashing a file and obtaining a first hash code for said file;
  
  means including software programmed with instructions for securely storing a maintenance index file on at least one computing component;
  
  means including software programmed with instructions for comparing said first hash code for said file to a stored second hash cod;
  
  wherein said stored second hash code securely preexists on said system and corresponds with a baseline integrity condition, said stored second hash code being stored in a secure area and being stored as part of a maintenance index file;
  
  means including software programmed with instructions for requesting a copy of said file from a server if said comparison is false;
  
  means including software programmed with instructions for receiving said copy of said file from said server;
  
  means including software programmed with instructions for hashing said copy of said file and obtaining a third hash code for said copy of said file;
  
  means including software programmed with instructions for comparing said third hash code for said copy of said file to said stored second hash code for said file; and
  
  , means including software programmed with instructions for installing said copy of said file if said comparison is true;
  
  wherein said baseline integrity condition corresponds with a plurality of computing components;
  
  wherein said secured stored second hash codes are contained in more than one maintenance index file, and said more than one maintenance index file is provided on at least two of said plurality of computing components of said networked environment;
  
  wherein said software is programmed with instructions for implementing cross checks among said second hash codes stored in said maintenance index files, andwherein at least one of said more than one maintenance index files hierarchical relative to at least another of the at least one of said more than one maintenance index files.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27)
- - 19. An apparatus as in claim 18 wherein said stored second hash code is stored in a database comprising a plurality of hash codes.
  - 20. An apparatus as in claim 19 wherein said database comprising a plurality of hash codes is presupplied to said computer system.
  - 21. An apparatus as in claim 18 wherein said means including software programmed with instructions for hashing a file and obtaining a first hash code for said file further comprises means for hashing a file and obtaining an MD5 hash code for said file.
  - 22. An apparatus as in claim 18 wherein said means including software programmed with instructions for hashing a file and obtaining a hash code for said file hashes said file on a predetermined basis.
  - 23. An apparatus as in claim 18 wherein said means including software programmed with instructions for comparing said first hash code for said file to a stored second hash code further comprises means for logging the results.
  - 24. An apparatus as in claim 18 wherein said means including software programmed with instructions for requesting a copy of said file from a server if said comparison is false further comprises means including software programmed with instructions for requesting a copy of said file from a server over a network if said comparison is false.
  - 25. An apparatus as in claim 18 wherein said means including software programmed with instructions for requesting a copy of said file from a server if said comparison is false further comprises means including software programmed with instructions for anonymously requesting a copy of said file from a server over a network if said comparison is false.
  - 26. An apparatus as in claim 18 wherein said means including software programmed with instructions for requesting a copy of said file from a server if said comparison is false further comprises means including software programmed with instructions for requesting a copy of said file from an unknown server over a network if said comparison is false.
  - 27. An apparatus as in claim 18 wherein said means including software programmed with instructions for requesting a copy of said file from a server if said comparison is false further comprises said stored second hash code and an initial requesting signal.

28. An apparatus for ensuring file integrity on a computer system comprising:
- means including computer hardware containing software programmed with instructions for hashing a file and obtaining a first hash code for said file;
  
  means for comparing said first hash code for said file to a second hash code wherein said second hash code securely preexists on said system, said second hash code being stored in a secure area;
  
  means for anonymously requesting a copy of said file from an unknown server, over a network, if said comparison is false;
  
  means for receiving said copy of said file from said server;
  
  means for hashing said copy of said file and obtaining a third hash code for said copy of said file;
  
  means for comparing said third hash code for said copy of said file to said second hash code for said file; and
  
  , means for installing a copy of said file if said second comparison is true.
- View Dependent Claims (29, 30, 31)
- - 29. An apparatus as in claim 28 further comprising means including software programmed with instructions for logging said server that provided said copy of said file when said second comparison resulted in a true value, and means for refining further anonymous requests for a copy of said file based on the result of said returned true value.
  - 30. An apparatus as in claim 28 further comprising means including software programmed with instructions for logging said server that provided said copy of said file when said second comparison resulted in a false value, and means for refining further anonymous requests for a copy of said file based on the result of said returned true value.
  - 31. An apparatus as in claim 28 further comprising means including software programmed with instructions for anonymously requesting a copy of said file from an unknown server, over a network, if said comparison is false further comprises said second stored hash code and an initial requesting signal.

32. A computer storage media comprising:
- means including computer hardware containing software programmed with instructions for hashing a file and obtaining a first hash code for said file;
  
  means including software programmed with instructions for securely storing a maintenance index file on at least one computing component means for comparing said first hash code for said file to a stored second hash code wherein said second hash code securely preexists on said system and is stored in said maintenance index file;
  
  means for anonymously requesting a copy of said file from an unknown server, over a network, if said comparison is false, wherein the means for anonymously requesting a copy of said file generates a request comprising said stored second hash code and an initial requesting signal;
  
  means for receiving said copy of said file from said server;
  
  means for hashing said copy of said file and obtaining a third hash code for said copy of said file;
  
  means for comparing said third hash code for said copy of said file to said second hash code for said file; and
  
  , means for installing said copy of said file if said second comparison is true.

33. A method of ensuring file integrity on a computer system comprising:
- providing a client maintenance manager for maintaining files on the computer system;
  
  constructing with said client maintenance manager a maintenance index file that contains information identifying products that are desired to be maintained said maintenance index file including a file name corresponding with a file;
  
  securely storing said maintenance index file on a storage component of the computer system;
  
  securely storing on a storage component of the computer system a second hash code for a file wherein said second hash code is stored in said maintenance index file, said maintenance index file containing the second hash codes for the files that are to be securely maintained and wherein said maintenance index file comprises file records, wherein each record contains a file name and the corresponding second hash value;
  
  analyzing the integrity of the files identified by said client maintenance index with said client maintenance manager by;
  
  hashing a file and obtaining a first hash code for said file;
  
  comparing said first hash code for said file to said stored second hash code corresponding with said file name, wherein said stored second hash code securely preexists on a storage component of said system, said maintenance index file containing said stored second hash code being stored in a secure area; and
  
  ,if said comparison is false, initiating a retrieval module of the client maintenance manager and determining with said client maintenance manager whether said file is missing, wherein the retrieval module includes an alarm component;
  
  determining with said client maintenance manager whether a file exists that has the same hash code as the missing file but that has a different file name including sending with said alarm component a notification across a network that the client maintenance manger is seeking a replacement for the missing file;
  
  receiving with a network component a notification from said alarm component and determining from a database of hashed files of said network if the file is present, wherein said database of hashed file of said network comprises said records in said maintenance index file;
  
  responding to said alarm component with said file that corresponds with said missing file;
  
  reporting the name of any file which has the same hash code as said missing file.
- View Dependent Claims (34, 35)
- - 34. The method of claim 33, wherein the network component comprises another computer on said network.
  - 35. The method of claim 33, wherein said network component comprises a file server.

36. A method of ensuring file integrity on a computer system in a networked environment that includes a plurality of computing components to be secured, the method comprising:
- constructing a hash of each file in a group of files that is desired to be maintained;
  
  assigning to said hash one of the files of a plurality of computing components on said network wherein said hash represents hash, wherein said hash serves as an integrity value for said computing components that are to be secured, wherein said group of files to be maintained includes at least one or more files that are present on at least one computing component which are not present on at least one other computing component;
  
  storing on at least one system component a maintenance index file containing said hash representing said baseline integrity condition for said plurality of computing components, wherein said hash representing said baseline integrity condition for said plurality of components contains records comprising file names and corresponding hash values for more than one computing component, and includes records of file names and hash values for files that are not on each computing component, wherein said hash values contained in said maintenance index file represent a baseline integrity condition for more than one computing component;
  
  determining a second hash value for said group of files;
  
  comparing said second hash value to said stored hash representing said baseline integrity condition for the computing component;
  
  alerting of a deviation of the file set of the network component files that are to be secured based on said comparison.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cybersoft, Inc.
Original Assignee
Cybersoft, Inc.
Inventors
Radatti, Peter V.
Primary Examiner(s)
Lee, Wilson
Assistant Examiner(s)
Le, Michael

Application Number

US10/404,378
Publication Number

US 20040199508A1
Time in Patent Office

3,451 Days
Field of Search

707/200, 707/203, 707/690, 707/692, 707/698
US Class Current

707/690
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/57   Certifying or maintaining t...

G06F 21/64   Protecting data integrity, ...

Methods, apparatus and articles of manufacture for computer file integrity and baseline maintenance

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, apparatus and articles of manufacture for computer file integrity and baseline maintenance

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links