SG11201803707PA - Method to verify the execution integrity of an application in a target device - Google Patents

Method to verify the execution integrity of an application in a target device

Info

Publication number
SG11201803707PA
SG11201803707PA SG11201803707PA SG11201803707PA SG11201803707PA SG 11201803707P A SG11201803707P A SG 11201803707PA SG 11201803707P A SG11201803707P A SG 11201803707PA SG 11201803707P A SG11201803707P A SG 11201803707PA SG 11201803707P A SG11201803707P A SG 11201803707PA
Authority
SG
Singapore
Prior art keywords
application
international
target device
challenge
function
Prior art date
Application number
SG11201803707PA
Inventor
Brecht Wyseur
Original Assignee
Nagravision Sa
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nagravision Sa filed Critical Nagravision Sa
Publication of SG11201803707PA publication Critical patent/SG11201803707PA/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/54Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by adding security routines or objects to programs

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Debugging And Monitoring (AREA)
  • Storage Device Security (AREA)
  • Stored Programmes (AREA)
  • Measuring Or Testing Involving Enzymes Or Micro-Organisms (AREA)

Abstract

INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) (19) World Intellectual Property - Organization International Bureau ires.. 00) (43) International Publication Date ..... ..sr ,„,„. 26 May 2017(26.05.2017) WIPO I PCT (10) WO International 111111111111311111111111111111111111111111111111111111111111111111111311111111111111111 2017/085159 Publication Number Al (51) International Patent Classification: AO, AT, AU, AZ, BA, BB, GOOF 21/57 (2013.01) BZ, CA, CH, CL, CN, CO, DO, DZ, EC, EE, EG, ES, (21) International Application Number: HN HR HU ID IL, IN, PCT/EP2016/077932 KW, KZ, LA, LC, LK, LR, (22) International Filing Date: MG, MK, MN, MW, MX, MY, MZ, NA, NG, NI, NO, NZ, 17 November 2016 (17.11.2016) OM, PA, PE, PG, PH, PL, SC, SD, SE, SG, SK, SL, SM, ST, SV, SY, TH, TJ, TM, (25) Filing Language: English TN, TR, TT, TZ, UA, UG, (26) Publication Language: English ZW. (30) Priority Data: (84) Designated States (unless 15195379.1 19 November 2015 (19.11.2015) EP kind of regional protection GM, KE, LR, LS, MW, (71) Applicant: NAGRAVISION S.A. [CH/CH]; Route de TZ, UG, ZM, ZW), Eurasian GenOve 22-24, 1033 Cheseaux-sur-Lausanne (CH). TJ, TM), European (AL, (72) Inventor: WYSEUR, Brecht; Chemin des Vignettes 18, DK, EE, ES, FI, FR, GB, GR, HR, HU, IE, IS, IT, LT, LU, LV, MC, MK, MT, NL, 1305 Penthalaz (CH). SM, TR), OAPI (BF, BJ, (74) Agent: LEMAN CONSULTING S.A. 284; Chemin de GW, KM, ML, MR, NE, Precossy 31, 1260 Nyon (CH). Published: (81) Designated States (unless otherwise indicated, for every BG, BH, BN, BR, BW, BY, CR, CU, CZ, DE, DJ, DK, DM, FI, GB, GD, GE, GH, GM, GT, IR, IS JP KE KG KN KP KR, LS, LU, LY, MA, MD, ME, PT, QA, RO, RS, RU, RW, SA, US, UZ, VC, VN, ZA, ZM, otherwise indicated, for every available): ARIPO (BW, GH, MZ, NA, RW, SD, SL, ST, SZ, (AM, AZ, BY, KG, KZ, RU, AT, BE, BG, CH, CY, CZ, DE, NO, PL, PT, RO, RS, SE, SI, SK, CF, CG, CI, CM, GA, GN, GQ, SN, TD, TG). with international search report (Art 21(3)) kind of national protection available): AE, AG, AL, AM, (54) Title: METHOD TO VERIFY THE EXECUTION INTEGRITY OF AN APPLICATION IN A TARGET DEVICE HE TD VE RAF APP A 1 0 CH ii D E 4 II VE RAF APP F ig. 1 Il .4 t (57) : The present invention concerns the field of software verification, in particular to check whether the run-time integrity a \ in of a software application can be demonstrated. It is therefore proposed a method to verify, by a verification server, the execution in - 11 tegrity of an application in a target device wherein the verification server receives an application signature generated from run time l a n e application information on the target device, said signature being used to verify the execution integrity of the application in the target o device, said application comprising an array of blocks, each block producing a digest, thus producing an array of digests related to ---. the an - ay of blocks, comprising the steps of : - sending to the target device a message comprising a challenge and a first function, I N IN said first function defining an aggregation method, said challenge defining an aggregation instruction, - receiving an attestation from c:::, the target device, this attestation being generated by the target device by determining for each block, the corresponding digest for ei said block, aggregating the digests of the blocks according to the aggregation method of the first function and the challenge to pro - 0 duce the attestation related to the application, - applying a second function to the attestation by the verification server, said second function undoing the effect of the challenge thus producing an application signature independent of the challenge, - verifying the ex- ecution integrity of the application by comparing the produced application signature with a reference signature.
SG11201803707PA 2015-11-19 2016-11-17 Method to verify the execution integrity of an application in a target device SG11201803707PA (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP15195379 2015-11-19
PCT/EP2016/077932 WO2017085159A1 (en) 2015-11-19 2016-11-17 Method to verify the execution integrity of an application in a target device

Publications (1)

Publication Number Publication Date
SG11201803707PA true SG11201803707PA (en) 2018-06-28

Family

ID=54843588

Family Applications (1)

Application Number Title Priority Date Filing Date
SG11201803707PA SG11201803707PA (en) 2015-11-19 2016-11-17 Method to verify the execution integrity of an application in a target device

Country Status (9)

Country Link
US (2) US10846409B2 (en)
EP (1) EP3378005B1 (en)
KR (1) KR102603797B1 (en)
CN (1) CN108292341B (en)
BR (1) BR112018010120B1 (en)
ES (1) ES2774487T3 (en)
MX (1) MX2018006204A (en)
SG (1) SG11201803707PA (en)
WO (1) WO2017085159A1 (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11790119B2 (en) * 2018-11-16 2023-10-17 Apple Inc. Application integrity attestation
KR102036618B1 (en) * 2019-01-31 2019-10-28 주식회사그린존시큐리티 Integrity vertfication chain for verifying integrity of device and method for verifying integrity of device using the same
US11271721B2 (en) * 2019-03-25 2022-03-08 Micron Technology, Inc. Distributed secure array using intra-dice communications to perform data attestation
US11740970B2 (en) 2020-03-02 2023-08-29 Micron Technology, Inc. Dynamic adjustment of data integrity operations of a memory system based on error rate classification
US11221800B2 (en) 2020-03-02 2022-01-11 Micron Technology, Inc. Adaptive and/or iterative operations in executing a read command to retrieve data from memory cells
US11086572B1 (en) 2020-03-02 2021-08-10 Micron Technology, Inc. Self adapting iterative read calibration to retrieve data from memory cells
US12009034B2 (en) 2020-03-02 2024-06-11 Micron Technology, Inc. Classification of error rate of data retrieved from memory cells
US11029890B1 (en) 2020-03-02 2021-06-08 Micron Technology, Inc. Compound feature generation in classification of error rate of data retrieved from memory cells
US11081200B1 (en) 2020-05-07 2021-08-03 Micron Technology, Inc. Intelligent proactive responses to operations to read data from memory cells
US11257546B2 (en) 2020-05-07 2022-02-22 Micron Technology, Inc. Reading of soft bits and hard bits from memory cells
CN114760061B (en) * 2020-12-29 2023-09-05 深信服科技股份有限公司 Method, device, equipment and storage medium for uploading data

Family Cites Families (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
NZ509018A (en) * 1998-06-17 2002-06-28 Aristocrat Technologies Au Software verification and authentication
US7581103B2 (en) * 2001-06-13 2009-08-25 Intertrust Technologies Corporation Software self-checking systems and methods
US7103779B2 (en) * 2003-09-18 2006-09-05 Apple Computer, Inc. Method and apparatus for incremental code signing
JP4064914B2 (en) * 2003-12-02 2008-03-19 インターナショナル・ビジネス・マシーンズ・コーポレーション Information processing apparatus, server apparatus, method for information processing apparatus, method for server apparatus, and apparatus executable program
US20050132031A1 (en) 2003-12-12 2005-06-16 Reiner Sailer Method and system for measuring status and state of remotely executing programs
US8688991B1 (en) * 2007-06-01 2014-04-01 Adobe Systems Incorporated Media player embodiments and secure playlist packaging
KR101495535B1 (en) * 2007-06-22 2015-02-25 삼성전자주식회사 Method and system for transmitting data through checking revocation of contents device and data server thereof
KR101426270B1 (en) * 2008-02-13 2014-08-05 삼성전자주식회사 Method and apparatus for generating and verifying electronic signature of software, and computer readable medium thereof
AU2009222007A1 (en) * 2008-03-04 2009-09-11 Apple Inc. System and method of authorizing execution of software code based on accessible entitlements
US20090300348A1 (en) * 2008-06-02 2009-12-03 Samsung Electronics Co., Ltd. Preventing abuse of services in trusted computing environments
CN102246179A (en) 2008-10-10 2011-11-16 松下电器产业株式会社 Using transient PCRs to realise trust in application space of a secure processing system
US8544092B2 (en) * 2009-03-12 2013-09-24 International Business Machines Corporation Integrity verification using a peripheral device
US8213907B2 (en) 2009-07-08 2012-07-03 Uniloc Luxembourg S. A. System and method for secured mobile communication
EP2372592B1 (en) * 2009-12-14 2016-08-24 Nxp B.V. integrated circuit and system for installing computer code thereon
JP5443599B2 (en) * 2009-12-22 2014-03-19 インテル・コーポレーション Method and apparatus for providing secure application execution
EP2438511B1 (en) 2010-03-22 2019-07-03 LRDC Systems, LLC A method of identifying and protecting the integrity of a set of source data
EP2378452B1 (en) * 2010-04-16 2012-12-19 Thomson Licensing Method, device and computer program support for verification of checksums for self-modified computer code
US20120324557A1 (en) * 2011-06-17 2012-12-20 Raytheon Bbn Technologies Corp System and method for remote integrity verification
US9569618B2 (en) * 2013-08-28 2017-02-14 Korea University Research And Business Foundation Server and method for attesting application in smart device using random executable code
CN103810421B (en) * 2014-02-19 2017-01-04 北京视博数字电视科技有限公司 The method of calibration of application program, device and terminal unit
CN103995992A (en) * 2014-05-28 2014-08-20 全联斯泰克科技有限公司 Method and device for protecting software
US10936720B2 (en) * 2015-07-10 2021-03-02 Nec Corporation Method and system for reliable computation of a program
US20170068955A1 (en) * 2015-09-04 2017-03-09 Ca, Inc. Verification and provisioning of mobile payment applications

Also Published As

Publication number Publication date
US11526616B1 (en) 2022-12-13
WO2017085159A1 (en) 2017-05-26
ES2774487T3 (en) 2020-07-21
CN108292341A (en) 2018-07-17
BR112018010120B1 (en) 2023-12-05
KR20180084053A (en) 2018-07-24
EP3378005A1 (en) 2018-09-26
MX2018006204A (en) 2018-08-01
EP3378005B1 (en) 2020-01-08
US20180330098A1 (en) 2018-11-15
BR112018010120A2 (en) 2018-11-21
KR102603797B1 (en) 2023-11-16
US10846409B2 (en) 2020-11-24
CN108292341B (en) 2022-03-29

Similar Documents

Publication Publication Date Title
SG11201803707PA (en) Method to verify the execution integrity of an application in a target device
SG11201804807VA (en) Computer architecture and method for modifying data intake parameters based on a predictive model
SG11201903141QA (en) Business processing method and apparatus
SG11201904942YA (en) Blockchain-based service execution method and apparatus, and electronic device
SG11201908288XA (en) Configurable annotations for privacy-sensitive user content
SG11201906755VA (en) Digital certificate management method, apparatus, and system
SG11201909946UA (en) Logistic regression modeling scheme using secrete sharing
SG11201804696RA (en) Techniques for metadata processing
SG11201906753UA (en) Digital certificate management method and apparatus, and electronic device
SG11201804771WA (en) Systems and methods for providing financial data to financial instruments in a distributed ledger system
SG11201903787YA (en) Exploiting input data sparsity in neural network compute units
SG11201901550WA (en) Method and apparatus for data processing
SG11201908336XA (en) Smart plans
SG11201803742YA (en) Method and system for processing of a blockchain transaction in a transaction processing network
SG11201809963XA (en) Application framework using blockchain-based asset ownership
SG11201809115RA (en) Implementing logic gate functionality using a blockchain
SG11201905461VA (en) Data sealing with a sealing enclave
SG11201900116RA (en) Communication flow for verification and identification check
SG11201905460SA (en) Data unsealing with a sealing enclave
SG11201806653SA (en) Systems and methods for providing identity scores
SG11201805390WA (en) System and methods for auditing a virtual machine
SG11201902981RA (en) Iot provisioning service
SG11201903631XA (en) Neural network instruction set architecture
SG11201906418PA (en) Blockchain-based data processing method and device
SG11201811009VA (en) Blockchain-implemented method and system