Method and device for detecting software-tampering

US 9,607,147 B2
Filed: 03/26/2014
Issued: 03/28/2017
Est. Priority Date: 06/20/2013
Status: Active Grant

First Claim

Patent Images

1. A method of detecting software tampering, comprising:

at a device having one or more processors and memory;

sending a software verification request of a first software to a server in connection with executing the first software at the device, wherein the software verification request identifies at least one information item selected from (1) identification information of the first software, (2) an operation to be performed to the first software, and (3) a verification history associated with the first software;

receiving a software verification instruction from the server, the software verification instruction comprising a verification parameter generated by the server based on the at least one information item identified in the software verification request for verifying whether the first software stored at the device contains unauthorized modifications, wherein the verification parameter includes executable code for invoking a function of the first software;

executing a respective verification procedure corresponding to the verification parameter to obtain a first verification data value, further comprising executing the executable code to invoke the function of the first software at the device to generate an output as the first verification data value based on data currently present at the device; and

returning the first verification data value to the server, wherein the server compares the first verification data value to a second verification data value to determine whether the first software stored at the device contains unauthorized modifications.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for detecting software tampering includes: at a device having one or more processors and memory: receiving a software verification instruction from a server, the software verification instruction comprising a verification parameter dynamically selected by the server for verifying whether particular software stored at the device contains unauthorized modifications; executing a respective verification procedure corresponding to the verification parameter to obtain a first verification data value; and returning the first verification data value to the server, wherein the server compares the first verification data value to a second verification data value to determine whether the particular software stored at the device contains unauthorized modifications.

24 Citations

View as Search Results

18 Claims

1. A method of detecting software tampering, comprising:
- at a device having one or more processors and memory;
  
  sending a software verification request of a first software to a server in connection with executing the first software at the device, wherein the software verification request identifies at least one information item selected from (1) identification information of the first software, (2) an operation to be performed to the first software, and (3) a verification history associated with the first software;
  
  receiving a software verification instruction from the server, the software verification instruction comprising a verification parameter generated by the server based on the at least one information item identified in the software verification request for verifying whether the first software stored at the device contains unauthorized modifications, wherein the verification parameter includes executable code for invoking a function of the first software;
  
  executing a respective verification procedure corresponding to the verification parameter to obtain a first verification data value, further comprising executing the executable code to invoke the function of the first software at the device to generate an output as the first verification data value based on data currently present at the device; and
  
  returning the first verification data value to the server, wherein the server compares the first verification data value to a second verification data value to determine whether the first software stored at the device contains unauthorized modifications.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the verification parameter further specifies a respective verification function, and wherein the respective verification function is randomly selected by the server from a plurality of available verification procedures.
  - 3. The method of claim 1, wherein the verification parameter further specifies one or more data sampling locations.
  - 4. The method of claim 3, wherein the one or more data sampling locations are randomly selected by the server from a plurality of known sampling locations.
  - 5. The method of claim 3, wherein executing the respective verification procedure corresponding to the verification parameter to obtain the first verification data value further comprises:
    - obtaining respective data values present at the one or more data sampling locations in the first software residing at the device; and
      
      applying a verification function on the respective data values obtained at the one or more data sampling locations to calculate the first verification data value.
  - 6. The method of claim 5, wherein a respective data sampling location specified by the verification parameter includes a file path under an installation index of the first software, and wherein obtaining the respective data values present at the one or more data sampling locations in the first software residing at the device further comprises:
    - selecting a document in the first software according the file path; and
      
      taking data contained in the document as the respective data value for the respective data sampling location.
  - 7. The method of claim 5, wherein a respective data sampling location specified by the verification parameter includes a memory mapping range of the first software during execution, and wherein obtaining the respective data values present at the one or more data sampling locations in the first software residing at the device further comprises:
    - during execution of the first software at the device, reading data present within the memory mapping range of the first software; and
      
      taking the data present within the memory mapping range as the respective data value for the respective data sampling location.
  - 8. The method of claim 1, further comprising:
    - before sending the software verification request of the first software to the server;
      
      receiving a software execution request for executing the first software at the device; and
      
      in response to the software execution request, sending the software verification request for verifying the first software to the server.
  - 9. The method of claim 8, further comprising:
    - after returning the first verification data value to the server;
      
      receiving a negative verification result from the server indicating that the first software contains unauthorized modifications; and
      
      upon receiving the negative verification result, declining to execute the first software at the device.

10. A system for detecting software tampering, comprising:
- one or more processors; and
  
  memory having instructions stored thereon, the instructions, when executed by the one or more processors, cause the processors to perform operations comprising;
  
  sending a software verification request of a first software to a server in connection with executing the first software at a device, wherein the software verification request identifies at least one information item selected from (1) identification information of the first software, (2) an operation to be performed to the first software, and (3) a verification history associated with the first software;
  
  receiving a software verification instruction from the server, the software verification instruction comprising a verification parameter generated by the server based on the at least one information item identified in the software verification request for verifying whether the first software stored at the device contains unauthorized modifications, wherein the verification parameter includes executable code for invoking a function of the first software;
  
  executing a respective verification procedure corresponding to the verification parameter to obtain a first verification data value, further comprising executing the executable code to invoke the function of the first software at the device to generate an output as the first verification data value based on data currently present at the device; and
  
  returning the first verification data value to the server, wherein the server compares the first verification data value to a second verification data value to determine whether the first software stored at the device contains unauthorized modifications.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The system of claim 10, wherein the verification parameter further specifies one or more data sampling locations, and wherein executing the respective verification procedure corresponding to the verification parameter to obtain the first verification data value further comprises:
    - obtaining respective data values present at the one or more data sampling locations in the first software residing at the device; and
      
      applying a verification function on the respective data values obtained at the one or more data sampling locations to calculate the first verification data value.
  - 12. The system of claim 11, wherein a respective data sampling location specified by the verification parameter includes a file path under an installation index of the first software, and wherein obtaining the respective data values present at the one or more data sampling locations in the first software residing at the device further comprises:
    - selecting a document in the first software according the file path; and
      
      taking data contained in the document as the respective data value for the respective data sampling location.
  - 13. The system of claim 11, wherein a respective data sampling location specified by the verification parameter includes a memory mapping range of the first software during execution, and wherein obtaining the respective data values present at the one or more data sampling locations in the first software residing at the device further comprises:
    - during execution of the first software at the device, reading data present within the memory mapping range of the first software; and
      
      taking the data present within the memory mapping range as the respective data value for the respective data sampling location.
  - 14. The system of claim 10, wherein the operations further comprise:
    - before sending the software verification request of the first software to the server;
      
      receiving a software execution request for executing the first software at the device; and
      
      in response to the software execution request, sending the software verification request for verifying the first software to the server; and
      
      after returning the first verification data value to the server;
      
      receiving a negative verification result from the server indicating that the first software contains unauthorized modifications; and
      
      upon receiving the negative verification result, declining to execute the first software at the device.

15. A non-transitory computer-readable medium having instructions stored thereon, the instructions, when executed by one or more processors, cause the processors to perform operations comprising:
- sending a software verification request of a first software to a server in connection with executing the first software at the device, wherein the software verification request identifies at least one information item selected from (1) identification information of the first software, (2) an operation to be performed to the first software, and (3) a verification history associated with the first software;
  
  receiving a software verification instruction from the server, the software verification instruction comprising a verification parameter generated by the server based on the at least one information item identified in the software verification request for verifying whether the first software stored at the device contains unauthorized modifications, wherein the verification parameter includes executable code for invoking a function of the first software;
  
  executing a respective verification procedure corresponding to the verification parameter to obtain a first verification data value, executing further comprising executing the executable code to invoke the function of the first software at the device to generate an output as the first verification data value based on data currently present at the device; and
  
  returning the first verification data value to the server, wherein the server compares the first verification data value to a second verification data value to determine whether the first software stored at the device contains unauthorized modifications.
- View Dependent Claims (16, 17, 18)
- - 16. The computer-readable medium of claim 15, wherein the verification parameter further specifies one or more data sampling locations, and wherein executing the respective verification procedure corresponding to the verification parameter to obtain the first verification data value further comprises:
    - obtaining respective data values present at the one or more data sampling locations in the first software residing at the device; and
      
      applying a verification function on the respective data values obtained at the one or more data sampling locations to calculate the first verification data value.
  - 17. The computer-readable medium of claim 16, wherein a respective data sampling location specified by the verification parameter includes a file path under an installation index of the first software, and wherein obtaining the respective data values present at the one or more data sampling locations in the first software residing at the device further comprises:
    - selecting a document in the first software according the file path; and
      
      taking data contained in the document as the respective data value for the respective data sampling location.
  - 18. The computer-readable medium of claim 16, wherein a respective data sampling location specified by the verification parameter includes a memory mapping range of the first software during execution, and wherein obtaining the respective data values present at the one or more data sampling locations in the first software residing at the device further comprises:
    - during execution of the first software at the device, reading data present within the memory mapping range of the first software; and
      
      taking the data present within the memory mapping range as the respective data value for the respective data sampling location.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Tencent Technology Company Limited (Tencent Holdings Limited)
Original Assignee
Tencent Technology Company Limited (Tencent Holdings Limited)
Inventors
Chen, Shuhua, Xiao, Tianming
Primary Examiner(s)
Williams, Jeffery

Application Number

US14/226,752
Publication Number

US 20140380469A1
Time in Patent Office

1,098 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/51   at application loading time...

G06F 21/52   during program execution, e...

G06F 21/554   involving event detection a...

G06F 2221/033   Test or assess software

Method and device for detecting software-tampering

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Method and device for detecting software-tampering

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links