Pre-emptive anti-virus protection of computing systems

US 7,712,135 B2
Filed: 08/05/2004
Issued: 05/04/2010
Est. Priority Date: 08/05/2004
Status: Active Grant

First Claim

Patent Images

1. A method for inhibiting execution of malicious executable files and other unauthorized executable files by a computing system, the method comprising:

(a) creating a unique execution key for each executable file authorized by a user to be run on a specific computing system wherein each said key is unique to its respective file and to the specific computing system upon which it is authorized to run;

associating each said executable file with its respective execution key;

storing execution key information for each said execution key in a key store separate from the executable file but accessible by the computing system;

(b) when any executable file is queued to run on the computing system, examining the said executable file for an associated said execution key; and

(c) if an associated said execution key is found, comparing the found execution key with the respective said stored execution key information to verify the validity of the found execution key, if the stored execution key information matches the found execution key, allowing the queued executable file to run at least once on the computing system, and if the stored execution key information does not match the found execution key, preventing the executable file from running.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is provided that strongly inhibits infection and spread of computer viruses. Valid executable software files and supporting files, even files provided by mass-released commercial software, are associated with a numeric key that is unique to each individual computer running the software. For a file to be processed by the central processing unit (CPU) of the computer, the presence of a valid key must first be verified. Every valid executable file, including files relating to the operating system and application layer code, is provided with a unique key. Thus, viruses that attempt to gain access to the CPU to perform unauthorized actions, including replication, are prevented due to lack of a valid execution key. Execution keys are generated locally on each individual computer using a variety of methods. Execution keys can be regenerated if the security of a computer system has been compromised, or appears to have been compromised.

44 Citations

View as Search Results

30 Claims

1. A method for inhibiting execution of malicious executable files and other unauthorized executable files by a computing system, the method comprising:
- (a) creating a unique execution key for each executable file authorized by a user to be run on a specific computing system wherein each said key is unique to its respective file and to the specific computing system upon which it is authorized to run;
  
  associating each said executable file with its respective execution key;
  
  storing execution key information for each said execution key in a key store separate from the executable file but accessible by the computing system;
  
  (b) when any executable file is queued to run on the computing system, examining the said executable file for an associated said execution key; and
  
  (c) if an associated said execution key is found, comparing the found execution key with the respective said stored execution key information to verify the validity of the found execution key, if the stored execution key information matches the found execution key, allowing the queued executable file to run at least once on the computing system, and if the stored execution key information does not match the found execution key, preventing the executable file from running.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1, wherein said associating the executable file comprises embedding the execution key within the executable file, and said examining the executable file comprises searching the executable file contents for the execution key.
  - 3. The method of claim 1, wherein said associating the executable file comprises deriving the execution key based on the file contents, and said examining the executable file comprises deriving the execution key based on the file contents.
  - 4. The method of claim 1, wherein the associating each said executable file with its respective execution key comprises encrypting the executable file with the execution key.
  - 5. The method of claim 1, wherein the execution key information comprises a key that matches the found execution key.
  - 6. The method of claim 1, wherein the execution key information is an equation for generating the execution key associated with the executable file.
  - 7. The method of claim 1, wherein the execution key information is an equation for validating the execution key associated with the executable file.
  - 8. The method of claim 1, wherein the associating each said executable file with its respective execution key comprises:
    - including the execution key in the header of the executable file.
  - 9. The method of claim 1, wherein the associating each said executable file with its respective execution key comprises:
    - including the execution key in the footer of the executable file.
  - 10. The method of claim 1, wherein the associating each said executable file with its respective execution key comprises:
    - including the execution key in the body of the executable file.
  - 11. The method of claim 1, wherein each executable file authorized to be run on a computing system comprises all executable files relating to the operating system and application layer code of the computing system.
  - 12. The method of claim 1, further comprising:
    - examining and authorizing by the user of the executable files.
  - 13. The method of claim 1, wherein said allowing the executable file to run at least once comprises allowing the executable file to run only once.
  - 14. The method of claim 1, wherein said examining the executable file for an associated said execution key further comprises:
    - if a said associated execution key is not found, performing an automated missing key response.
  - 15. The method of claim 1, wherein said examining the executable file for an associated said execution key further comprises:
    - if the stored key information does not match the found execution key, performing an automated invalid key response.
  - 16. The method of claim 14, wherein said automated missing key response comprising:
    - preventing the executable file from running while determining whether the executable file is authorized by the user to be run on the computing system, and if so then repeating steps (a) and (b) for at least that executable file.
  - 17. The method of claim 15, wherein said automated invalid key response comprises:
    - preventing the executable file from running while determining whether the executable file is authorized by the user to be run on the computing system, and if so then deleting the found execution key and execution key information for that said executable file; and
      
      then repeating steps (a) and (b) for at least that executable file.

18. A method for inhibiting execution of malicious executable files and other unauthorized executable files by a computing system, the method comprising:
- (a) creating a unique execution key for each executable file authorized by a user to be run on a specific computing system wherein each said key is unique to its respective file and to the specific computing system upon which it is authorized to run;
  
  associating each said executable file with its respective execution key;
  
  storing execution key information for each said execution key in a key store separate from the executable file but accessible by the computing system; and
  
  (b) each time any executable file is queued to run on the computing system, examining the said executable file for an associated said execution key; and
  
  if an associated said execution key is not found, then performing an automated missing key response that will prevent the executable file from running without authorization; and
  
  if an associated said execution key is found, then comparing the stored execution key information for a match with the found execution key;
  
  whereasif the stored key information does not match the found execution key, then performing an automated invalid key response that will prevent the executable file from running without authorization; and
  
  if the stored execution key information matches the found execution key, then allowing the queued executable file to run once on the computing system.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The method of claim 18, wherein said automated missing key response comprises:
    - preventing the executable file from running while determining whether the executable file is authorized by the user to be run on the computing system, and if so then repeating steps (a) and (b) for at least that executable file.
  - 20. The method of claim 18, wherein said automated invalid key response comprises:
    - preventing the executable file from running while determining whether the executable file is authorized by the user to be run on the computing system, and if so then deleting the found execution key and execution key information for that said executable file and repeating steps (a) and (b) for at least that executable file.
  - 21. The method of claim 18, further comprising:
    - before step (a), examining by the user of executable files associated with the specific computing system, and for each examined executable file one of authorizing by the user of the executable file to be run on the specific computing system and not authorizing by the user of the executable file to be run on the specific computing system.
  - 22. The method of claim 21, wherein said examining and authorizing by the user comprises:
    - examining and authorizing by the user of the executable files associated with the specific computing system in advance of loading the executable files authorized by the user onto the computing system.
  - 23. The method of claim 18, wherein said (a) further comprises:
    - loading the executable files and the key store on the computing system whereby the executable files and the key store are accessible by the computing system.

24. A method for inhibiting execution of malicious executable files and other unauthorized executable files by a computing system, the method comprising:
- (a) creating a unique execution key for each executable file authorized to be run on a specific computing system wherein each said key is unique to its respective file and to the specific computing system upon which it is authorized to run;
  
  associating each said executable file with its respective execution key;
  
  storing execution key information for each said execution key in a key store separate from the executable file but accessible by the computing system; and
  
  (b) when an executable file is queued to run on the computing system, examining the said executable file for an associated said execution key;
  
  if an associated said execution key is found, comparing the found execution key with the respective said stored execution key information to verify the validity of the found execution key; and
  
  if the stored execution key information matches the found execution key, allowing the queued executable file to run at least once on the computing system;
  
  else perform a configurable automatable action.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The method of claim 24, wherein said configurable automatable action comprises:
    - preventing the executable file from running.
  - 26. The method of claim 24, wherein said configurable automatable action comprises:
    - preventing the executable file from running and quarantining the executable file.
  - 27. The method of claim 24, wherein said configurable automatable action comprises:
    - allowing the executable file to run once but not creating a new said unique key.
  - 28. The method of claim 24, wherein said configurable automatable action comprises:
    - allowing the executable file to run; and
      
      creating a new said unique key, associating it with the executable file, and storing it in the key store.
  - 29. The method of claim 24, wherein said configurable automatable action comprises:
    - allowing the executable file to run;
      
      creating a new said unique key, associating it with the executable file, and storing it in the key store; and
      
      designating that all new executable files created by the executable file will have a respective new said unique key created for them, associated with them, and stored in the key store.
  - 30. The method of claim 24, wherein said configurable automatable action comprises:
    - presenting a user interface to a privileged user and allowing the user to choose from a group of actions comprising;
      
      allowing the executable file to run once;
      
      preventing the executable file from running; and
      
      allowing the executable file to run, creating a new said unique key for the executable file, associating it with the file, and storing it in the key store.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Digital Guardian LLC
Original Assignee
Savant Protection, Inc. (Digital Guardian LLC)
Inventors
Steinberg, Kenneth D
Primary Examiner(s)
Moazzami; Nasser
Assistant Examiner(s)
YALEW, FIKREMARIAM A

Application Number

US10/912,611
Publication Number

US 20060031937A1
Time in Patent Office

2,098 Days
Field of Search

713/188, 713/165, 726/22, 726/24, 726/26
US Class Current

726/24
CPC Class Codes

G06F 21/565 by checking file integrity

Pre-emptive anti-virus protection of computing systems

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Pre-emptive anti-virus protection of computing systems

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links