Post-signing modification of software

US 8,356,295 B2
Filed: 02/16/2006
Issued: 01/15/2013
Est. Priority Date: 02/17/2005
Status: Expired due to Fees

First Claim

Patent Images

1. A computer program product having a non-transitory computer-readable storage medium having computer program instructions recorded thereon for making a post-signing modification to a digitally-signed software application to be downloaded by a user onto a computer, the computer program instructions comprising instructions for:

digitally signing an executable file having a header describing sections of the executable file and an executable section where executable code is stored, the digital signing forming a signature section with certification data appended to an end of the executable section;

following the digital signing of the executable file, extending a length of the signature section appended to the end of the executable section of the digitally-signed software application to form a storage section after an end of the signature section;

adjusting the header to indicate a size of the storage section appended at the end of the executable file;

providing the digitally-signed software application with the storage section to the user requesting the software application for installation on the computer; and

during the providing of the software application to the user, inserting post-signing data specific to the user and the computer into the storage section without invalidating the digital signature and without requiring the file to be re-signed after insertion of the post-signing data.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique for making post-signing modifications to a digitally-signed software application without invalidating the signature can be used to enhance a user experience when downloading the software application. An extension module extends the length of a signature section at the end of an executable file for the digitally-signed software application to form a storage section. A header adjustment module adjusts the header to indicate size of the storage section appended at the end of the executable file. A data insertion module inserts post-signing data into the storage section, and the validity of the digital signature is maintained without requiring the file to be re-signed after insertion of the post-signing data. Thus, a software vendor can add into the software user-specific data after the file has been signed, while still maintaining the signature'"'"'s validity, so the software can be downloaded with minimal interruption to the user.

13 Citations

View as Search Results

20 Claims

1. A computer program product having a non-transitory computer-readable storage medium having computer program instructions recorded thereon for making a post-signing modification to a digitally-signed software application to be downloaded by a user onto a computer, the computer program instructions comprising instructions for:
- digitally signing an executable file having a header describing sections of the executable file and an executable section where executable code is stored, the digital signing forming a signature section with certification data appended to an end of the executable section;
  
  following the digital signing of the executable file, extending a length of the signature section appended to the end of the executable section of the digitally-signed software application to form a storage section after an end of the signature section;
  
  adjusting the header to indicate a size of the storage section appended at the end of the executable file;
  
  providing the digitally-signed software application with the storage section to the user requesting the software application for installation on the computer; and
  
  during the providing of the software application to the user, inserting post-signing data specific to the user and the computer into the storage section without invalidating the digital signature and without requiring the file to be re-signed after insertion of the post-signing data.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer program product of claim 1, wherein adjusting the header further comprises adjusting size of a security directory entry within the header to accommodate the size of the storage section.
  - 3. The computer program product of claim 1, wherein the digital signature is used by the computer for validating authenticity of the digitally-signed software application downloaded by the user from a website and wherein the post-signing data assists the user in installing the digitally-signed software application.
  - 4. The computer program product of claim 1, further comprising creating the executable file, wherein the executable file is digitally signed to form the signature section of the executable file.
  - 5. The computer program product of claim 1, wherein the extending length of a signature section to form the storage section further comprises extending size of the signature section in a header directory of a signature section header to reflect the formed storage section at the end of the signature section that is located at the end of the executable file to prevent a need for an update to offsets of any other sections to account for the extended size.

6. A method of making a post-signing modification to a digitally-signed software application to be downloaded by a user onto a computer, the method comprising:
- digitally signing, by a computer system, an executable file having a header describing sections of the executable file and an executable section where executable code is stored, the digital signing forming a signature section with certification data appended to an end of the executable section;
  
  following the digital signing of the executable file, extending, by the computer system, a length of the signature section appended to the end of the executable section of the digitally-signed software application to form a storage section after an end of the signature section;
  
  adjusting, by the computer system, the header to indicate a size of the storage section appended at the end of the executable file;
  
  providing, by the computer system, the digitally-signed software application with the storage section to the user requesting the software application for installation on the computer; and
  
  during the providing of the software application to the user, inserting, by the computer system, post-signing data specific to the user and the computer into the storage section without invalidating the digital signature and without requiring the file to be re-signed after insertion of the post-signing data.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
- - 7. The method of claim 6, wherein adjusting the header further comprises adjusting, by the computer system, size of a security directory entry within the header to accommodate the size of the storage section.
  - 8. The method of claim 6, wherein the step of inserting the post-signing data into the storage section further comprises inserting post-signing data into the storage section of the digitally-signed software application during the downloading of the digitally-signed software application by the user.
  - 9. The method of claim 6, wherein the post-signing data specific to the particular user and the computer comprises information specified by a vendor of the software application for incorporation into the storage section at installation time, the information specified including a unique identifier for the computer that ensures that the software application can only be executed on the computer and not on other computers.
  - 10. The method of claim 6, further comprising collecting from the computer the post-signing data to be included in the storage section during download of the software application onto the computer, the post-signing data including information that uniquely identifies the computer on which the software application will be installed and that uniquely identifies the user of the computer.
  - 11. The method of claim 6, further comprising collecting from the user and the computer the post-signing data to be included in the storage section during download of the software application onto the computer, the post-signing data including a name of the user and purchase information for the user.
  - 12. The method of claim 6, further comprising collecting from the user the post-signing data to be included in the storage section during download of the software application onto the computer, the post-signing data including user preferences for configuration of the application and a preferred language of the user to be used in the software application.
  - 13. The method of claim 6, wherein extending length of a signature section to form the storage section further comprises extending, by the computer system, size of the signature section in a header directory of a signature section header.
  - 14. The method of claim 6, wherein inserting post-signing data further comprises storing, by the computer system, a unique fingerprint for the user'"'"'s computer in the storage section.

15. A computer system for making a post-signing modification to a digitally-signed software application to be downloaded by a user onto a computer, the system comprising:
- a non-transitory computer-readable storage medium storing executable software modules comprising;
  
  a file creation module for digitally signing an executable file having a header describing sections of the executable file and an executable section where executable code is stored, the digital signing forming a signature section with certification data appended to an end of the executable section;
  
  an extension module for, following the digital signing of the executable file, extending a length of the signature section appended to the end of the executable section of the digitally-signed software application to form a storage section after an end of the signature section;
  
  a header adjustment module for adjusting the header to indicate a size of the storage section appended at the end of the executable file;
  
  a data insertion module for;
  
  providing the digitally-signed software application with the storage section to the user requesting the software application for installation on the computer; and
  
  during the providing of the software application to the user, inserting post-signing data specific to the user and the computer into the storage section without invalidating the digital signature and without requiring the file to be re-signed after insertion of the post-signing data; and
  
  a processor configured to execute the software modules stored by the non-transitory computer-readable storage medium.
- View Dependent Claims (16, 17, 18, 19)
- - 16. The system of claim 15, wherein the header adjustment module is further adapted for modifying size of a security directory entry of the header to accommodate the size of the storage section.
  - 17. The system of claim 15, wherein the extension module is further adapted for extending size of the signature section in a header directory of a signature section header.
  - 18. The system of claim 15, wherein the post-signing data is user-specific data collected by a software vendor that allows the user to install the digitally-signed software application on the computer.
  - 19. The system of claim 15, wherein the post-signing data is selected from a group consisting of:
    - activation information and language text strings.

20. A computer system for making a post-signing modification to a digitally-signed software application to be downloaded by a user onto a computer, the system comprising:
- a non-transitory computer-readable storage medium storing executable software means comprising;
  
  means for digitally signing an executable file having a header describing sections of the executable file and an executable section where executable code is stored, the digital signing forming a signature section with certification data appended to an end of the executable section;
  
  following the digital signing of the executable file, means for extending a length of the signature section appended to the end of the executable section of the digitally-signed software application to form a storage section after an end of the signature section;
  
  means for adjusting the header to indicate a size of the storage section appended at the end of the executable file;
  
  means for providing the digitally-signed software application with the storage section to the user requesting the software application for installation on the computer;
  
  during the providing of the software application to the user, means for inserting post-signing data specific to the user and the computer into the storage section without invalidating the digital signature and without requiring the file to be re-signed after insertion of the post-signing data; and
  
  a processor configured to execute the software means stored by the non-transitory computer-readable storage medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Yaldwyn, Ben Francis, Witmann, Jrme
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
Woldemariam, Nega

Application Number

US11/357,778
Publication Number

US 20060184798A1
Time in Patent Office

2,525 Days
Field of Search

713/176, 713/180, 713/187, 713/189, 717/173, 717/175
US Class Current

717/175
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/16   Program or content traceabi...

G06F 21/64   Protecting data integrity, ...

Post-signing modification of software

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

13 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Post-signing modification of software

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

13 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links