Patent application number | Description | Published |
20080209226 | User Authentication Via Biometric Hashing - Techniques for authenticating biometric parameters via biometric hashing are described. In one implementation, a biometric parameter of a user (e.g., fingerprint image, blood-vessel pattern, retina scan, etc.) is captured. One or more biometric hashes are produced from the biometric parameter. To generate hashes that appear random, pseudorandom metrics are applied over the biometric parameter. The hashes are stored in association with user information that can be employed to authenticate the user. Subsequently, during authentication, a new biometric parameter is captured and hashes are computed from the parameter. The new biometric hashes are then compared with the predetermined stored hashes. If any of the new hashes are found to be identical, or sufficiently similar, to one or more of the predetermined biometric hashes, the biometric parameter is deemed valid and the user is authenticated. | 08-28-2008 |
20080209227 | User Authentication Via Biometric Hashing - Techniques for authenticating biometric parameters via biometric hashing are described. In one implementation, a biometric parameter of a user (e.g., fingerprint image, blood-vessel pattern, retina scan, etc.) is captured. One or more biometric hashes are produced from the biometric parameter. To generate hashes that appear random, pseudorandom metrics are applied over the biometric parameter. The hashes are stored in association with user information that can be employed to authenticate the user. Subsequently, during authentication, a new biometric parameter is captured and hashes are computed from the parameter. The new biometric hashes are then compared with the predetermined stored hashes. If any of the new hashes are found to be identical, or sufficiently similar, to one or more of the predetermined biometric hashes, the biometric parameter is deemed valid and the user is authenticated. | 08-28-2008 |
20080215860 | Software Protection Using Code Overlapping - Apparatus and methods for implementing software protection using code overlapping are disclosed. In one implementation, a combination block comprising a first sub-block of instructions with one or more interspersed obfuscation instructions is received. The obfuscation instructions interspersed among sequentially executable instructions of the first sub-block of instructions can include instructions from other sub-blocks as well as control instructions configured to guide a processor to execute all of the instructions in first sub-block of instructions in sequence. The obfuscation instructions are replaced with one or more replacement instructions. The replacement instructions can be of a same bit-length as the replaced obfuscation instructions. Moreover, the replacement instructions can include integrity checks configured to check for tampering with instructions and/or runtime program state in the first sub-block and/or the combination block. | 09-04-2008 |
20080235802 | Software Tamper Resistance Via Integrity-Checking Expressions - Implementation of software tamper resistance via integrity checks is described. In one implementation, a tamper resistance tool receives an input program code and generates a tamper-resistant program code using integrity checks. The integrity checks are generated by processing the input program code, and the integrity checks are inserted in various locations in the input program code. Values of the integrity checks are computed during program execution to determine whether a section of the program has been tampered with. Values of the integrity checks may be stored and accessed at any point during execution of the program. | 09-25-2008 |
20080288921 | Transformations for Software Obfuscation and Individualization - Methods and systems for software obfuscation are disclosed. In one exemplary embodiment, the obfuscation includes integrating the checker code with product code to form integrated code. The product code includes a first portion that provides desired functionalities to a software product, while the checker code includes a second portion that protects the product code from unlicensed use. A generated pseudorandom value is used to select one or more instruction sequences of the integrated code. Following the selection, the instruction sequences may be replaced with equivalent instruction sequences to form a new integrated code. Alternatively, the original integrated code is transformed into new integrated code when the selected instruction sequences are optimized. Additionally, the new integrated code may be compared to the original integrated code by generating output states from each integrated code. The new integrated code is functionally equivalent to the original integrated code if the respective output states match. | 11-20-2008 |
20100106920 | DATA LOCATION OBFUSCATION - Programs running on an open architecture, such as a personal computer, are vulnerable to inspection and modification. This is a concern as the program may include or provide access to valuable information. As a defense, the actual location of data can be hidden throughout execution of the program by way of periodic location reordering and pointer scrambling, among other things. These techniques serve to complicate static data flow analysis and dynamic data tracking thereby at least deterring program tampering. | 04-29-2010 |
20100107245 | TAMPER-TOLERANT PROGRAMS - Tamper-tolerant programs enable correct and continued execution despite attacks. Programs can be transformed into tamper-tolerant versions that correct effects of tampering in response to detection thereof Tamper-tolerant programs can execute alone or in conjunction with tamper resistance/prevention mechanisms such as obfuscation and encryption/decryption, among other things. In fact, the same and/or similar mechanisms can be employed to protect tamper tolerance functionality. | 04-29-2010 |
20110239005 | Secure Repository With Layers Of Tamper Resistance And System And Method For Providing Same - A secure repository individualized for a hardware environment and a method and system for providing the same. The secure repository includes a hidden cryptographic key and code that applies the key without requiring access to a copy of the key. The code that implements the secure repository is generated in a manner that is at least partly based on a hardware ID associated with the hardware environment in which the secure repository is to be installed, and may also be based on a random number. Cryptographic functions implemented by the secure repository include decryption of encrypted information and validation of cryptographically signed information. The secure repository may be coupled to an application program, which uses cryptographic services provided by the secure repository, by way of a decoupling interface that provides a common communication and authentication interface for diverse types of secure repositories. The decoupling interface may take the form of a single application programmer interface (API) usable with multiple dynamically linkable libraries. | 09-29-2011 |
20130067238 | SECURITY MECHANISM FOR DEVELOPMENTAL OPERATING SYSTEMS - A security technique to reduce the risk of unauthorized release of a software object. The technique allows identification of an individual responsible for the unauthorized release by marking each object with information, which acts as a fingerprint from which a person manipulating the object in a development environment can be identified. The development environment may be configured to quickly and automatically mark the object whenever a manipulation that may precede an unauthorized release occurs. To prevent circumventing the security technique, the object may be configured to enforce a requirement for a valid fingerprint such that the object is disabled if the fingerprint is removed or altered. Despite the marking, personally identifiable information is not revealed because the fingerprint is generated through a one-way cryptographic function performed on identifying information. | 03-14-2013 |
20130160133 | Code Base Partitioning System - The subject disclosure is directed towards partitioning a code base of a program into a trusted portion and an untrusted portion. After identifying sensitive data within the code base using annotation information, one or more program elements that correspond to the sensitive data are automatically transformed into secure program elements that can be retained in the untrusted portion of the code base. Cryptographic techniques are used to minimize a potential size of the trusted portion of the code base. Source files for the trusted portion and the untrusted portion are generated. | 06-20-2013 |
20130254829 | Securing A Computing Environment Against Malicious Entities - The subject disclosure is directed towards securing network data traffic through a trusted partition of the computing environment. A proxy service may communicate transaction data from a client to security-critical code within the trusted partition, which compares the transaction data to a security policy from a commercial electronic entity. If the transaction data includes malicious content, a security component framework of the trusted partition may reject the transaction data and terminate communications with the client. If the transaction data does not include malicious content, the security component framework may communicate a secured version of the transaction data and retrieve response data from the commercial electronic entity, which may be further communicated back to the client. | 09-26-2013 |
20140068580 | Visualization for Diversified Tamper Resistance - A computer-implementable method includes providing an instruction set architecture that comprises features to generate diverse copies of a program, using the instruction set architecture to generate diverse copies of a program and providing a virtual machine for execution of one of the diverse copies of the program. Various exemplary methods, devices, systems, etc., use virtualization for diversifying code and/or virtual machines to thereby enhance software security. | 03-06-2014 |
20140169616 | WATERMARKING SCREEN CAPTURE CONTENT - Information is displayed on a device by writing data to a buffer in memory, the content of the buffer describing a screen display of the device at a particular point in time. A watermarked version of the buffer content is generated by watermarking the content of the buffer with data, such as data identifying a user of the device and/or a copy of a program (e.g., an operating system) running on the device. The watermarked version of the buffer content is then made available, such as in response to a screen capture request. The data embedded in the watermarked version of the content is undetectable (or nearly undetectable) to the human eye, but can nonetheless be extracted by other computing devices or data extraction systems. | 06-19-2014 |
20140373087 | Automatic Code and Data Separation of Web Application - Aspects of the subject disclosure are directed towards detecting instances within a web application where code and data are not separated, e.g., inline code in the application. One or more implementations automatically transform the web application into a transformed version where code and data are clearly separated, e.g., inline code is moved into external files. The transformation protects against a large class of cross-site scripting attacks. | 12-18-2014 |