Software modification for partial secure memory processing

US 9,158,902 B2
Filed: 12/29/2011
Issued: 10/13/2015
Est. Priority Date: 12/29/2011
Status: Active Grant

First Claim

Patent Images

1. A hardware processor comprising:

a first logic to process code stored in memory for an application that includes an extracted portion of code to be stored separately in secure memory; and

a second logic to process in a secure execution hardware environment at least a portion of the extracted portion of code stored in the secure memory when the first logic reaches a location of the extracted portion of code, the secure memory restricted to access by the secure execution hardware environment, the secure execution hardware environment concealing content of the extracted portion of binary code while passing resultant data back to the first logic, wherein the extracted portion of code is to be decrypted by the second logic and executed in the secure execution environment and wherein the first logic to pass at least one parameter to the second logic to initiate a request to process the at least a portion of the extracted code.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure is directed to software modification that may be used to prevent software piracy and prevent unauthorized modification of applications. In some embodiments, a software vendor may modify software prior to distribution to a user. The software vendor may extract cutouts from an application to create a modified application. The modified application and the cutouts may be downloaded by a user device. The user device may run the application using the modified application and by executing the cutouts in a secure execution environment that conceals the underlying code in the cutouts.

Citations

17 Claims

1. A hardware processor comprising:
- a first logic to process code stored in memory for an application that includes an extracted portion of code to be stored separately in secure memory; and
  
  a second logic to process in a secure execution hardware environment at least a portion of the extracted portion of code stored in the secure memory when the first logic reaches a location of the extracted portion of code, the secure memory restricted to access by the secure execution hardware environment, the secure execution hardware environment concealing content of the extracted portion of binary code while passing resultant data back to the first logic, wherein the extracted portion of code is to be decrypted by the second logic and executed in the secure execution environment and wherein the first logic to pass at least one parameter to the second logic to initiate a request to process the at least a portion of the extracted code.
- View Dependent Claims (2)
- - 2. The processor as recited in claim 1, wherein the first logic to redirect to the second logic upon detection of redirect code that is a placeholder in the application for the extracted portion of the code.

3. A method of securely distributing software, the method comprising:
- extracting portions of code as cutouts from an application to create a modified application that does not include the cutouts, wherein the modified application includes redirection code to a secure execution environment;
  
  encrypting the cutouts using an encryption key that is maintained by a user; and
  
  transmitting the encrypted cutouts and the modified application to the user, wherein the encrypted cutouts are to be decrypted by a second logic of the user and executed in the secure execution environment of the user and a first logic of the user to execute the modified application and pass a parameter to the second logic to initiate a request to process the encrypted cutouts.

4. A method of securely distributing software, the method comprising:
- extracting portions of code as cutouts from an application to create a modified application that does not include the cutouts, wherein the modified application includes redirection code to a secure execution environment;
  
  encrypting the cutouts using an encryption key that is maintained by a user; and
  
  transmitting the encrypted cutouts and the modified application to the user.
- View Dependent Claims (5, 6, 7, 8, 9)
- - 5. The method as recited in claim 4, wherein the cutouts are functions of code from the application.
  - 6. The method as recited in claim 4, wherein the cutouts are limited in size to a threshold size.
  - 7. The method as recited in claim 4, further comprising identifying the cutouts based at least in part using indicators from a developer.
  - 8. The method as recited in claim 4, further comprising receiving the application in an unmodified state from a developer.
  - 9. The method as recited in claim 4, further comprising transmitting the encryption key to the user prior to the encrypting.

10. One or more non-transitory computer-readable media maintaining computer-executable instructions to be executed on one or more processors to perform acts comprising:
- removing portions of code as cutouts from an application to create a modified application, wherein the modified application includes redirection code to a secure execution environment;
  
  encrypting the cutouts using an encryption key; and
  
  transmitting the modified application and the encrypted cutouts to the user, wherein the encrypted cutouts are to be decrypted by a second logic of the user and executed in the secure execution environment of the user and a first logic of the user to execute the modified application and pass a parameter to the second logic to initiate a request to process the encrypted cutouts.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method as recited in claim 10, further comprising identifying the portions of code as the cutouts by an automated selection process.
  - 12. The method as recited in claim 10, further comprising transmitting a user license to the user.
  - 13. The method as recited in claim 10, wherein the modified application and the encrypted cutouts are included in an encrypted package for the transmitting.
  - 14. The method as recited in claim 10, further comprising transmitting the encryption key to the user prior to the encrypting.

15. A system to securely store and execute an application, the system comprising:
- one or more processors;
  
  exposed memory to store an application executable by the one or more processors;
  
  secure memory to store code as one or more cutouts that are extracted from the application prior to receipt of the application by the exposed memory, the secure memory limited to access by a secure execution environment using the one or more processors, wherein the secure memory further includes an encryption key to decrypt the application and the one or more cutouts after a download of the application and the one or more cutouts;
  
  wherein the one or more processors to execute the application from the exposed memory and to pass at least one parameter to the secure execution environment prior to the executing the corresponding code; and
  
  when executing the application from the exposed memory reaches a cutout in the application, to execute corresponding code in the cutout in the secure execution environment without revealing contents of the cutout to the exposed memory.
- View Dependent Claims (16, 17)
- - 16. The system as recited in claim 15, wherein the application includes redirect code in place of the cutouts to redirect the processing to the corresponding code in the cutout.
  - 17. The system as recited in claim 15, wherein the cutout is a function of the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Intel Corporation
Inventors
Maor, Moshe, Gueron, Shay
Primary Examiner(s)
Yalew, Fikremariam A

Application Number

US13/994,411
Publication Number

US 20140208435A1
Time in Patent Office

1,384 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/12   Protecting executable software

G06F 21/53   by executing in a restricte...

G06F 2221/2107   File encryption

H04W 12/35   Protecting application or s...

H04W 4/50   Service provisioning or rec...

H04W 4/60   Subscription-based services...

Software modification for partial secure memory processing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Software modification for partial secure memory processing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links