Computer-implemented method and system for embedding and authenticating ancillary information in digitally signed content
First Claim
Patent Images
1. A method comprising:
- loading digital content containing a digitally signed executable into memory for execution, while checking for the integrity of a digital signature and the contents of the executable;
identifying, by use of a processor, an existing digital signature block and an existing digital signature size block in a digitally signed file header of the executable;
obtaining a digital signature size value from the digital signature size block, the digital signature size value corresponding to the size of the digital signature block plus the length of an ancillary data block plus a pre-determined pad;
authenticating the integrity of the executable using the digital signature prior to execution of the executable;
virtualizing access to the digital content of the digitally signed executable; and
erasing, by use of the processor, the ancillary data block and the pre-determined pad by zeroing out or value-filling memory locations corresponding to the ancillary data block and the pre-determined pad, the erasing being performed without invalidating the digital signature.
11 Assignments
0 Petitions
Accused Products
Abstract
A computer-implemented system and method for embedding and authenticating ancillary information in digitally signed content are disclosed. The method and system include loading digital content containing a digitally signed executable into memory for execution, while checking for the integrity of a digital signature and the contents of the executable; and erasing any non-authenticated regions of the digital content by zeroing out or value-filling memory locations corresponding to the non-authenticated regions.
26 Citations
28 Claims
-
1. A method comprising:
-
loading digital content containing a digitally signed executable into memory for execution, while checking for the integrity of a digital signature and the contents of the executable; identifying, by use of a processor, an existing digital signature block and an existing digital signature size block in a digitally signed file header of the executable; obtaining a digital signature size value from the digital signature size block, the digital signature size value corresponding to the size of the digital signature block plus the length of an ancillary data block plus a pre-determined pad; authenticating the integrity of the executable using the digital signature prior to execution of the executable; virtualizing access to the digital content of the digitally signed executable; and erasing, by use of the processor, the ancillary data block and the pre-determined pad by zeroing out or value-filling memory locations corresponding to the ancillary data block and the pre-determined pad, the erasing being performed without invalidating the digital signature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An article of manufacture embodied in a non-transitory machine storage medium including data that, when accessed by a machine, causes the machine to:
-
load digital content containing a digitally signed executable into memory for execution, while checking for the integrity of a digital signature and the contents of the executable; identify an existing digital signature block and an existing digital signature size block in a digitally signed file header of the executable; obtain a digital signature size value from the digital signature size block, the digital signature size value corresponding to the size of the digital signature block plus the length of an ancillary data block plus a pre-determined pad; authenticate the integrity of the executable using the digital signature prior to execution of the executable; virtualize access to the digital content of the digitally signed executable; and erase the ancillary data block and the pre-determined pad by zeroing out or value-filling memory locations corresponding to the ancillary data block and the pre-determined pad, the erasing being performed without invalidating the digital signature. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method comprising:
-
loading digital content containing a digitally signed executable into memory for execution, while checking for the integrity of a digital signature and the contents of the executable; and performing, by use of a processor, verification operations on the executable to verify integrity of the executable, the verification operations being performed on the executable prior to execution of the executable, the verification operations including identifying an existing digital signature block and an existing digital signature size block in a digitally signed file header of the executable, obtaining a digital signature size value from the digital signature size block, the digital signature size value coir to the size of the digital signature block plus the length of an ancillary data block plus a pre-determined pad, and authenticating the integrity of the executable using the digital signature prior to execution of the executable, the verification operations further including virtualizing access to the digital content of the digitally signed executable, the verification operations further including erasing the ancillary data block and the pre-determined pad by zeroing out or value-filling memory locations corresponding to the ancillary data block and the pre-determined pad, the erasing being performed without invalidating the digital signature. - View Dependent Claims (20, 21, 22, 23)
-
-
24. An article of manufacture embodied in a non-transitory machine storage medium including data that, when accessed by a machine, causes the machine to:
-
load digital content containing a digitally signed executable into memory for execution, while checking for the integrity of a digital signature and the contents of the executable; and perform verification operations on the executable to verify integrity of the executable, the verification operations being performed on the executable prior to execution of the executable, the verification operations including identifying an existing digital signature block and an existing digital signature size block in a digitally signed file header of the executable, obtaining a digital signature size value from the digital signature size block, the digital signature size value corresponding to the size of the digital signature block plus the length of an ancillary data block plus a pre-determined pad, and authenticating the integrity of the executable using the digital signature prior to execution of the executable, the verification operations further including virtualizing access to the digital content of the digitally signed executable, the verification operations further including erasing the ancillary data block and the pre-determined pad by zeroing out or value-filling memory locations corresponding to the ancillary data block and the pre-determined pad, the erasing being performed without invalidating the digital signature. - View Dependent Claims (25, 26, 27, 28)
-
Specification