Software modification for partial secure memory processing
First Claim
Patent Images
1. A hardware processor comprising:
- a first logic to process code stored in memory for an application that includes an extracted portion of code to be stored separately in secure memory; and
a second logic to process in a secure execution hardware environment at least a portion of the extracted portion of code stored in the secure memory when the first logic reaches a location of the extracted portion of code, the secure memory restricted to access by the secure execution hardware environment, the secure execution hardware environment concealing content of the extracted portion of binary code while passing resultant data back to the first logic, wherein the extracted portion of code is to be decrypted by the second logic and executed in the secure execution environment and wherein the first logic to pass at least one parameter to the second logic to initiate a request to process the at least a portion of the extracted code.
1 Assignment
0 Petitions
Accused Products
Abstract
This disclosure is directed to software modification that may be used to prevent software piracy and prevent unauthorized modification of applications. In some embodiments, a software vendor may modify software prior to distribution to a user. The software vendor may extract cutouts from an application to create a modified application. The modified application and the cutouts may be downloaded by a user device. The user device may run the application using the modified application and by executing the cutouts in a secure execution environment that conceals the underlying code in the cutouts.
-
Citations
17 Claims
-
1. A hardware processor comprising:
-
a first logic to process code stored in memory for an application that includes an extracted portion of code to be stored separately in secure memory; and a second logic to process in a secure execution hardware environment at least a portion of the extracted portion of code stored in the secure memory when the first logic reaches a location of the extracted portion of code, the secure memory restricted to access by the secure execution hardware environment, the secure execution hardware environment concealing content of the extracted portion of binary code while passing resultant data back to the first logic, wherein the extracted portion of code is to be decrypted by the second logic and executed in the secure execution environment and wherein the first logic to pass at least one parameter to the second logic to initiate a request to process the at least a portion of the extracted code. - View Dependent Claims (2)
-
-
3. A method of securely distributing software, the method comprising:
-
extracting portions of code as cutouts from an application to create a modified application that does not include the cutouts, wherein the modified application includes redirection code to a secure execution environment; encrypting the cutouts using an encryption key that is maintained by a user; and transmitting the encrypted cutouts and the modified application to the user, wherein the encrypted cutouts are to be decrypted by a second logic of the user and executed in the secure execution environment of the user and a first logic of the user to execute the modified application and pass a parameter to the second logic to initiate a request to process the encrypted cutouts.
-
-
4. A method of securely distributing software, the method comprising:
-
extracting portions of code as cutouts from an application to create a modified application that does not include the cutouts, wherein the modified application includes redirection code to a secure execution environment; encrypting the cutouts using an encryption key that is maintained by a user; and transmitting the encrypted cutouts and the modified application to the user. - View Dependent Claims (5, 6, 7, 8, 9)
-
-
10. One or more non-transitory computer-readable media maintaining computer-executable instructions to be executed on one or more processors to perform acts comprising:
-
removing portions of code as cutouts from an application to create a modified application, wherein the modified application includes redirection code to a secure execution environment; encrypting the cutouts using an encryption key; and transmitting the modified application and the encrypted cutouts to the user, wherein the encrypted cutouts are to be decrypted by a second logic of the user and executed in the secure execution environment of the user and a first logic of the user to execute the modified application and pass a parameter to the second logic to initiate a request to process the encrypted cutouts. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A system to securely store and execute an application, the system comprising:
-
one or more processors; exposed memory to store an application executable by the one or more processors; secure memory to store code as one or more cutouts that are extracted from the application prior to receipt of the application by the exposed memory, the secure memory limited to access by a secure execution environment using the one or more processors, wherein the secure memory further includes an encryption key to decrypt the application and the one or more cutouts after a download of the application and the one or more cutouts; wherein the one or more processors to execute the application from the exposed memory and to pass at least one parameter to the secure execution environment prior to the executing the corresponding code; and when executing the application from the exposed memory reaches a cutout in the application, to execute corresponding code in the cutout in the secure execution environment without revealing contents of the cutout to the exposed memory. - View Dependent Claims (16, 17)
-
Specification