US2012078863A1PendingUtilityA1

Application control constraint enforcement

Assignee: FANTON ANDREW FPriority: Dec 3, 2004Filed: Dec 6, 2011Published: Mar 29, 2012
Est. expiryDec 3, 2024(expired)· nominal 20-yr term from priority
Y10S707/99934H04L 9/32H04L 9/3239G06F 21/52H04L 63/0884G06F 21/44H04L 63/10H04L 63/08G06F 2221/2141G06F 21/51Y10S707/99944G06F 21/53G06F 21/602H04L 9/0643Y10S707/99943G06F 9/445G06F 2221/033H04L 63/145G06F 21/10
49
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

Systems and methods for performing application control constraint enforcement are provided. According to one embodiment, file system or operating system activity of a computer system is intercepted relating to a code module. A cryptographic hash value of the code module is checked against a local whitelist database containing cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code. The local whitelist database also contains execution constraint information. When the cryptographic hash value matches one of the cryptographic hash values of approved code modules, authority of the computer system or an end user of the computer system to execute the code module is further validated if the execution constraint information so indicates by performing a constraint check regarding the code module. If the authority is affirmed by the constraint check, then allowing the code module to be executed.

Claims

exact text as granted — not AI-modified
1 . A computer-implemented application control method comprising:
 intercepting file system or operating system activity of a computer system relating to a code module;   causing a cryptographic hash value of the code module to be checked against a local whitelist database containing cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code, the local whitelist database also containing execution constraint information;   when the cryptographic hash value matches one of the cryptographic hash values of approved code modules:
 further validating authority of the computer system or an end user of the computer system to execute the code module if the execution constraint information so indicates by performing a constraint check regarding the code module; and 
 allowing the code module to be executed if the authority is affirmed by the constraint check. 
   
     
     
         2 . The method of  claim 1 , wherein said performing a constraint check regarding the code module comprises determining whether the end user is among a set of end users authorized to execute the code module. 
     
     
         3 . The method of  claim 1 , wherein said performing a constraint check regarding the code module comprises determining whether timing constraints associated with the code module are satisfied. 
     
     
         4 . The method of  claim 1 , wherein the code module comprises an executable object. 
     
     
         5 . The method of  claim 1 , wherein the cryptographic hash value is computed using Message Digest #5 (MD-5). 
     
     
         6 . The method of  claim 1 , wherein the cryptographic hash value is computed using a Secure Hash Algorithm (SHA). 
     
     
         7 . The method of  claim 6 , wherein the cryptographic hash value is computed using SHA-1. 
     
     
         8 . The method of  claim 6 , wherein the cryptographic hash value is computed using SHA-256. 
     
     
         9 . The method of  claim 1 , further comprising calculating, by a kernel mode driver running on the computer system, the cryptographic hash value of the code module. 
     
     
         10 . The method of  claim 9 , wherein the kernel mode driver is configured for operation within a Microsoft Windows operating system. 
     
     
         11 . The method of  claim 1 , wherein the local whitelist database is maintained by an information technology (IT) administrator, whereby the IT administrator has the ability to tailor the local whitelist to allow or disallow particular code modules from running on a plurality of computer systems within a local area network (LAN), including the computer system. 
     
     
         12 . The method of  claim 1 , wherein said intercepting file system or operating system activity of a computer system relating to a code module comprises a kernel mode driver monitoring operating system process creation or module load activity. 
     
     
         13 . The method of  claim 1 , wherein said intercepting file system or operating system activity of a computer system relating to a code module comprises a kernel mode driver hooking low-level operating system application programming interfaces (APIs) to intercept one or more operating system operations of interest including one or more of process creation, module loading, and file system read/write activity. 
     
     
         14 . A code execution authorization system comprising:
 a kernel mode driver of a computer system implemented in one or more computer processors of the computer system and one or more computer-readable storage media associated with the computer system, the one or more computer-readable storage media having instructions tangibly embodied therein representing the kernel mode driver that are executable by the one or more computer processors, the kernel mode driver operable to perform a method of license enforcement comprising:
 intercepting, by a kernel mode driver of a computer system, file system or operating system activity relating to a code module; 
 causing, by the kernel mode driver, a cryptographic hash value of the code module to be verified with reference to a local whitelist database containing cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code, the local whitelist database also containing execution constraint information; and 
 when the cryptographic hash value matches one of the cryptographic hash values of approved code modules:
 further validating authority of the computer system or an end user of the computer system to execute the code module if the execution constraint information so indicates by performing a constraint check regarding the code module; and 
 allowing the code module to be loaded and executed within the computer system if the authority is affirmed by the constraint check. 
 
   
     
     
         15 . The code execution authorization system of  claim 14 , wherein said performing a constraint check regarding the code module comprises determining whether the end user is among a set of end users authorized to execute the code module. 
     
     
         16 . The code execution authorization system of  claim 14 , wherein said performing a constraint check regarding the code module comprises determining whether timing constraints associated with the code module are satisfied. 
     
     
         17 . The code execution authorization system of  claim 14 , wherein the code module comprises an executable object. 
     
     
         18 . The code execution authorization system of  claim 14 , wherein the cryptographic hash value is computed using Message Digest #5 (MD-5). 
     
     
         19 . The code execution authorization system of  claim 14 , wherein the cryptographic hash value is computed using a Secure Hash Algorithm (SHA). 
     
     
         20 . The code execution authorization system of  claim 19 , wherein the cryptographic hash value is computed using SHA-1. 
     
     
         21 . The code execution authorization system of  claim 19 , wherein the cryptographic hash value is computed using SHA-256. 
     
     
         22 . The code execution authorization system of  claim 1 , further comprising calculating, by the kernel mode driver, the cryptographic hash value of the code module. 
     
     
         23 . The code execution authorization system of  claim 22 , wherein the kernel mode driver is configured for operation within a Microsoft Windows operating system. 
     
     
         24 . The code execution authorization system of  claim 14 , wherein the local whitelist database is maintained by an information technology (IT) administrator, whereby the IT administrator has the ability to tailor the local whitelist to allow or disallow particular code modules from running on a plurality of computer systems within a local area network (LAN), including the computer system. 
     
     
         25 . The code execution authorization system of  claim 14 , wherein said intercepting, by a kernel mode driver of a computer system, file system or operating system activity relating to a code module comprises the kernel mode driver monitoring operating system process creation or module load activity. 
     
     
         26 . The code execution authorization system of  claim 14 , wherein said intercepting, by a kernel mode driver of a computer system, file system or operating system activity relating to a code module comprises the kernel mode driver hooking low-level operating system application programming interfaces (APIs) to intercept one or more operating system operations of interest including one or more of process creation, module loading, and file system read/write activity. 
     
     
         27 . A non-transitory program storage device readable by a computer system, tangibly embodying a program of instructions executable by one or more computer processors of the computer system to perform method steps for application control comprising:
 intercepting file system or operating system activity of a computer system relating to a code module;   causing a cryptographic hash value of the code module to be checked against a local whitelist database containing cryptographic hash values of approved code modules, which are known not to contain viruses or malicious code, the local whitelist database also containing execution constraint information;   when the cryptographic hash value matches one of the cryptographic hash values of approved code modules:
 further validating authority of the computer system or an end user of the computer system to execute the code module if the execution constraint information so indicates by performing a constraint check regarding the code module; and 
 allowing the code module to be executed if the authority is affirmed by the constraint check. 
   
     
     
         28 . The program storage device of  claim 27 , wherein said performing a constraint check regarding the code module comprises determining whether the end user is among a set of end users authorized to execute the code module. 
     
     
         29 . The program storage device of  claim 27 , wherein said performing a constraint check regarding the code module comprises determining whether timing constraints associated with the code module are satisfied. 
     
     
         30 . The program storage device of  claim 27 , wherein the code module comprises an executable object. 
     
     
         31 . The program storage device of  claim 27 , wherein the cryptographic hash value is computed using Message Digest #5 (MD-5). 
     
     
         32 . The program storage device of  claim 27 , wherein the cryptographic hash value is computed using a Secure Hash Algorithm (SHA). 
     
     
         33 . The program storage device of  claim 32 , wherein the cryptographic hash value is computed using SHA-1. 
     
     
         34 . The program storage device of  claim 32 , wherein the cryptographic hash value is computed using SHA-256. 
     
     
         35 . The program storage device of  claim 27 , wherein the method further comprises calculating, by a kernel mode driver running on the computer system, the cryptographic hash value of the code module. 
     
     
         36 . The program storage device of  claim 35 , wherein the kernel mode driver is configured for operation within a Microsoft Windows operating system. 
     
     
         37 . The program storage device of  claim 27 , wherein the local whitelist database is maintained by an information technology (IT) administrator, whereby the IT administrator has the ability to tailor the local whitelist to allow or disallow particular code modules from running on a plurality of computer systems within a local area network (LAN), including the computer system. 
     
     
         38 . The program storage device of  claim 27 , wherein said intercepting file system or operating system activity of a computer system relating to a code module comprises a kernel mode driver monitoring operating system process creation or module load activity. 
     
     
         39 . The program storage device of  claim 27 , wherein said intercepting file system or operating system activity of a computer system relating to a code module comprises a kernel mode driver hooking low-level operating system application programming interfaces (APIs) to intercept one or more operating system operations of interest including one or more of process creation, module loading, and file system read/write activity.

Join the waitlist — get patent alerts

Track US2012078863A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.