Computer-implemented method and system for embedding and authenticating ancillary information in digitally signed content

US 8,484,476 B2
Filed: 01/29/2010
Issued: 07/09/2013
Est. Priority Date: 05/20/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

loading digital content containing a digitally signed executable into memory for execution, while checking for the integrity of a digital signature and the contents of the executable;

identifying, by use of a processor, an existing digital signature block and an existing digital signature size block in a digitally signed file header of the executable;

obtaining a digital signature size value from the digital signature size block, the digital signature size value corresponding to the size of the digital signature block plus the length of an ancillary data block plus a pre-determined pad;

authenticating the integrity of the executable using the digital signature prior to execution of the executable;

virtualizing access to the digital content of the digitally signed executable; and

erasing, by use of the processor, the ancillary data block and the pre-determined pad by zeroing out or value-filling memory locations corresponding to the ancillary data block and the pre-determined pad, the erasing being performed without invalidating the digital signature.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented system and method for embedding and authenticating ancillary information in digitally signed content are disclosed. The method and system include loading digital content containing a digitally signed executable into memory for execution, while checking for the integrity of a digital signature and the contents of the executable; and erasing any non-authenticated regions of the digital content by zeroing out or value-filling memory locations corresponding to the non-authenticated regions.

26 Citations

28 Claims

1. A method comprising:
- loading digital content containing a digitally signed executable into memory for execution, while checking for the integrity of a digital signature and the contents of the executable;
  
  identifying, by use of a processor, an existing digital signature block and an existing digital signature size block in a digitally signed file header of the executable;
  
  obtaining a digital signature size value from the digital signature size block, the digital signature size value corresponding to the size of the digital signature block plus the length of an ancillary data block plus a pre-determined pad;
  
  authenticating the integrity of the executable using the digital signature prior to execution of the executable;
  
  virtualizing access to the digital content of the digitally signed executable; and
  
  erasing, by use of the processor, the ancillary data block and the pre-determined pad by zeroing out or value-filling memory locations corresponding to the ancillary data block and the pre-determined pad, the erasing being performed without invalidating the digital signature.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as claimed in claim 1 wherein the ancillary data block and the pre-determined pad regions of the digital content include regions past the end of the last section of the digital content.
  - 3. The method as claimed in claim 1 including verifying that as checksum field in a header of the digital content matches an image file checksum.
  - 4. The method as claimed in claim 1 including verifying that the attribute certificate table contains one single entry and does not contain padding.
  - 5. The method as claimed in claim 1 including verifying that the digital signature actually tills the whole space allocated to the digital signature in an attribute certificate table.
  - 6. The method as claimed in claim 1 wherein the digital content is a file.
  - 7. The method as claimed in claim 1 wherein the digital content is a digital transmission.
  - 8. The method as claimed in claim 1 wherein the erasing is performed by a loader.
  - 9. The method as claimed in claim 1 wherein the erasing is performed by the executable.

10. An article of manufacture embodied in a non-transitory machine storage medium including data that, when accessed by a machine, causes the machine to:
- load digital content containing a digitally signed executable into memory for execution, while checking for the integrity of a digital signature and the contents of the executable;
  
  identify an existing digital signature block and an existing digital signature size block in a digitally signed file header of the executable;
  
  obtain a digital signature size value from the digital signature size block, the digital signature size value corresponding to the size of the digital signature block plus the length of an ancillary data block plus a pre-determined pad;
  
  authenticate the integrity of the executable using the digital signature prior to execution of the executable;
  
  virtualize access to the digital content of the digitally signed executable; and
  
  erase the ancillary data block and the pre-determined pad by zeroing out or value-filling memory locations corresponding to the ancillary data block and the pre-determined pad, the erasing being performed without invalidating the digital signature.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The article of manufacture as claimed in claim 10 wherein the ancillary data block and the pre-determined pad regions of the digital content include regions past the end of the last section of the digital content.
  - 12. The article of manufacture as claimed in claim 10 being further operable to verify that a checksum field in a header of the digital content matches an image file checksum.
  - 13. The article of manufacture as claimed in claim 10 being further operable to verify that the attribute certificate table contains one single entry and does not contain padding.
  - 14. The article of manufacture as claimed in claim 10 being further operable to verify that the digital signature actually fills the whole space allocated to the digital signature in an attribute certificate table.
  - 15. The article of manufacture as claimed in claim 10 wherein the digital content is a file.
  - 16. The article of manufacture as claimed in claim 10 wherein the digital content is a digital transmission.
  - 17. The article of manufacture as claimed in claim 10 wherein the erasing is performed by a loader.
  - 18. The article of manufacture as claimed in claim 10 wherein the erasing is performed by the executable.

19. A method comprising:
- loading digital content containing a digitally signed executable into memory for execution, while checking for the integrity of a digital signature and the contents of the executable; and
  
  performing, by use of a processor, verification operations on the executable to verify integrity of the executable, the verification operations being performed on the executable prior to execution of the executable, the verification operations including identifying an existing digital signature block and an existing digital signature size block in a digitally signed file header of the executable, obtaining a digital signature size value from the digital signature size block, the digital signature size value coir to the size of the digital signature block plus the length of an ancillary data block plus a pre-determined pad, and authenticating the integrity of the executable using the digital signature prior to execution of the executable, the verification operations further including virtualizing access to the digital content of the digitally signed executable, the verification operations further including erasing the ancillary data block and the pre-determined pad by zeroing out or value-filling memory locations corresponding to the ancillary data block and the pre-determined pad, the erasing being performed without invalidating the digital signature.
- View Dependent Claims (20, 21, 22, 23)
- - 20. The method as claimed in claim 19 wherein the verification operations include a checksum verification.
  - 21. The method as claimed in claim 19 wherein the verification operations include verifying that there is no information past the end of the last section of the executable.
  - 22. The method as claimed in claim 19 wherein the verification operations include verifying that an attribute certificate table contains one single entry and does not contain padding or padding with fixed data.
  - 23. The method as claimed in claim 19 wherein the verification operations include verifying that a certificate actually fills the whole allocated space in an attribute certificate table.

24. An article of manufacture embodied in a non-transitory machine storage medium including data that, when accessed by a machine, causes the machine to:
- load digital content containing a digitally signed executable into memory for execution, while checking for the integrity of a digital signature and the contents of the executable; and
  
  perform verification operations on the executable to verify integrity of the executable, the verification operations being performed on the executable prior to execution of the executable, the verification operations including identifying an existing digital signature block and an existing digital signature size block in a digitally signed file header of the executable, obtaining a digital signature size value from the digital signature size block, the digital signature size value corresponding to the size of the digital signature block plus the length of an ancillary data block plus a pre-determined pad, and authenticating the integrity of the executable using the digital signature prior to execution of the executable, the verification operations further including virtualizing access to the digital content of the digitally signed executable, the verification operations further including erasing the ancillary data block and the pre-determined pad by zeroing out or value-filling memory locations corresponding to the ancillary data block and the pre-determined pad, the erasing being performed without invalidating the digital signature.
- View Dependent Claims (25, 26, 27, 28)
- - 25. The article of manufacture as claimed in claim 24 wherein the verification operations include a checksum verification.
  - 26. The article of manufacture as claimed in claim 24 wherein the verification operations include verifying that there is no information past the end of the last section of the executable.
  - 27. The article of manufacture as claimed in claim 24 wherein the verification operations include verifying that an attribute certificate table contains one single entry and does not contain padding or padding, with fixed data.
  - 28. The article of manufacture as claimed in claim 24 wherein the verification operations include verifying that a certificate actually fills the whole allocated space in an attribute certificate table.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Rovi Solutions Corporation (Adeia Inc.)
Original Assignee
Rovi Technologies Corporation (Adeia Inc.)
Inventors
Torrubia, Andres M., Salvat, Jordi
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Tran, Tongoc

Application Number

US12/696,725
Publication Number

US 20100131770A1
Time in Patent Office

1,257 Days
Field of Search

713/156, 713/160, 713/176
US Class Current

713/176
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/16   Program or content traceabi...

G06F 21/51   at application loading time...

G06F 21/64   Protecting data integrity, ...

G06Q 30/0185   Product, service or busines...

Computer-implemented method and system for embedding and authenticating ancillary information in digitally signed content

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

28 Claims

Specification

Use Cases

Quick Links

Others

Computer-implemented method and system for embedding and authenticating ancillary information in digitally signed content

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

28 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others