Work Files Saved Searches
   My Account                                                  Search:   Quick/Number   Boolean   Advanced   Derwent    Help   


 The Delphion Integrated View
  Buy Now:   Buy PDF- 8pp  PDF  |   File History  |   Other choices   
  Tools:  Citation Link  |  Add to Work File:    
  View:  Expand Details   |  INPADOC   |  Jump to: 
  Go to:  Derwent  
 Email this to a friend  Email this to a friend 
       
Title: US5572590: Discrimination of malicious changes to digital information using multiple signatures
[ Derwent Title ]

Country: US United States of America

View Images High
Resolution

 Low
 Resolution

 
8 pages

 
Inventor: Chess, David M.; Mohegan Lake, NY

Assignee: International Business Machines Corporation, Armonk, NY
other patents from INTERNATIONAL BUSINESS MACHINES CORPORATION (280070) (approx. 44,393)
 News, Profiles, Stocks and More about this company

Published / Filed: 1996-11-05 / 1994-04-12

Application Number: US1994000226610
IPC Code: Advanced: G06F 1/00; G06F 21/00; G11B 20/00;
Core: more...
IPC-7: G11B 3/28; H04K 1/00; H04L 9/00;

ECLA Code: G06F21/00N9C; G06F21/00N3V4T;

U.S. Class: Current: 726/022; 713/188;
Original: 380/004; 380/049; 380/023; 380/024; 380/025; 395/186;

Field of Search: 380/004,3,5,23,24,25 395/186 371/40.1,51.1

Priority Number:
1994-04-12  US1994000226610

Abstract:     The present system and method uses information about digital information (objects) to determine whether or not changes to the objects were caused by a normal system operation or by a malicious program. The invention uses a reference separation algorithm to separate, at a reference time, one or more digital objects into a plurality of reference subsets of information that describe the object contents. A plurality of these reference subsets are then selected by a selection algorithm and information associated with each selected reference subset is stored. At some later time, called the test time, a test separation algorithm is used to separate the digital signatures of the object into a plurality of test subsets of information that describe the object contents at test time. A plurality of these test subsets are then selected by the test selection algorithm. A test information algorithm that is associated with each selected test subset then develops test subset information about the respective a test subset. The test subset information and the reference subset information is then compared to develop a set of differences. Rules are applied to the set of differences to determine whether the digital information at test time was changed (maliciously) from the digital information at reference time.

Attorney, Agent or Firm: Percello, Louis J. ; Drumheller, Ronald L. ;

Primary / Asst. Examiners: Tarcza, Thomas H.; Sayadian, Hrayr A.
Maintenance Status: E2 Expired  Check current status

INPADOC Legal Status: Show legal status actions

Family: None
First Claim:
Show all 14 claims		 I claim:     1. A computer implemented method for determining whether changes to a set of digital information are innocent or malicious, comprising the steps of:
  • using a reference separation algorithm, separating the set of digital information into a plurality of reference subsets of digital information, the step of separating the set of digital information into reference subsets being done at a reference time;
  • using a reference selection algorithm, selecting a plurality of the reference subsets;
  • using a reference information algorithm associated with each respective selected reference subset, deriving characteristic reference subset information from the respective selected reference subset;
  • storing the derived characteristic reference subset information;
  • using a test separation algorithm, separating the set of digital information into a plurality of test subsets of digital information, the step of separating the set of digital information into test subsets being done at a test time, the test time being later than the reference time;
  • using a test selection algorithm, selecting a plurality of the test subsets, each selected test subset corresponding to a selected reference subset;
  • using a test information algorithm associated with each respective selected test subset, deriving characteristic test subset information from the respective selected test subset;
  • comparing the derived characteristic test subset information to the derived characteristic reference subset information to produce a set of differences; and
  • analyzing the set of differences in accordance with a set of rules to determine whether the set of digital information at test time is changed from the set of digital information at reference time and if changed to determine whether the change is considered malicious or innocent, each of said rules specifying a particular combination of the selected test subsets, and specifying a state for the characteristic information of each selected test subset of each said particular combination relative to the characteristic information of each corresponding selected reference subset, and specifying for each said particular combination having its selected test subsets in said specified stake either a malicious conclusion or an innocent conclusion.
    •


Background / Summary: Show background / summary

Drawing Descriptions: Show drawing descriptions

Description: Show description

Forward References: Show 69 U.S. patent(s) that reference this one

       
U.S. References: Go to Result Set: All U.S. references   |  Forward references (69)   |   Backward references (36)   |   Citation Link

Buy
PDF		 Patent  Pub.Date  Inventor Assignee   Title
Buy PDF- 11pp US4796181  1989-01 Wiedemer   Billing system for computer software
Buy PDF- 8pp US4796220  1989-01 Wolfe  Pride Software Development Corp. Method of controlling the copying of software
Buy PDF- 14pp US4881264  1989-11 Merkle   Digital signature system and method based on a conventional encryption function
Buy PDF- 13pp US4949380  1990-08 Chaum   Returned-value blind signature systems
Buy PDF- 5pp US4975950  1990-12 Lentz   System and method of protecting integrity of computer data and software
Buy PDF- 8pp US4980782  1990-12 Ginkel   Software protection and identification system
Buy PDF- 31pp US5005200  1991-04 Fischer   Public key/signature cryptosystem with enhanced digital signature certification
Buy PDF- 38pp US5019899  1991-05 Boles et al.  Control Data Corporation Electronic data encoding and recognition system
Buy PDF- 6pp US5050212  1991-09 Dyson  Apple Computer, Inc. Method and apparatus for verifying the integrity of a file stored separately from a computer
Buy PDF- 14pp US5097504  1992-03 Camion et al.  Infoscript Method and device for qualitative saving of digitized data
Buy PDF- 5pp US5121345  1992-06 Lentz   System and method for protecting integrity of computer data and software
Buy PDF- 35pp US5144659  1992-09 Jones  Jones; Richard P. Computer file protection system
Buy PDF- 9pp US5161192  1992-11 Carter et al.  3COM Technologies, Ltd. Repeaters for secure local area networks
Buy PDF- 28pp US5202982  1993-04 Gramlich et al.  Sun Microsystems, Inc. Method and apparatus for the naming of database component files to avoid duplication of files
Buy PDF- 19pp US5237678  1993-08 Kuechler et al.   System for storing and manipulating information in an information base
Buy PDF- 22pp US5274807  1993-12 Hoshen et al.  AT&T Bell Laboratories Method for reducing magnetic storage volume for computer disk image backup
Buy PDF- 25pp US5278901  1994-01 Shieh et al.  International Business Machines Corporation Pattern-oriented intrusion-detection system and method
Buy PDF- 35pp US5289540  1994-02 Jones  Jones; Richard P. Computer file protection system
Buy PDF- 7pp US5297208  1994-03 Schlafly et al.   Secure file transfer system and method
Buy PDF- 18pp US5315655  1994-05 Chaplin  Notable Technologies, Inc. Method and apparatus for encoding data objects on a computer system
Buy PDF- 7pp US5343530  1994-08 Viricel  Gemplus Card International Method for the authentication of data
Buy PDF- 17pp US5349655  1994-09 Mann  Symantec Corporation Method for recovery of a computer program infected by a computer virus
Buy PDF- 8pp US5367573  1994-11 Quimby  Digital Equipment Corporation Signature data object
Buy PDF- 12pp US5379342  1995-01 Arnold et al.  International Business Machines Corp. Method and apparatus for providing enhanced data verification in a computer system
Buy PDF- 8pp US5379343  1995-01 Grube et al.  Motorola, Inc. Detection of unauthorized use of software applications in communication units
Buy PDF- 13pp US5386470  1995-01 Carter et al.  3Com Ireland Repeaters for secure local area networks
Buy PDF- 14pp US5408642  1995-04 Mann  Symantec Corporation Method for recovery of a computer program infected by a computer virus
Buy PDF- 25pp US5421006  1995-05 Jablon et al.  Compaq Computer Corp. Method and apparatus for assessing integrity of computer system software
Buy PDF- 29pp US5440723  1995-08 Arnold et al.  International Business Machines Corporation Automatic immune system for computers and computer networks
Buy PDF- 10pp US5442699  1995-08 Arnold et al.  International Business Machines Corporation Searching for patterns in encrypted data
Buy PDF- 11pp US5448668  1995-09 Perelson et al.   Method of detecting changes to a collection of digital signals
Buy PDF- 19pp US5452442  1995-09 Kephart  International Business Machines Corporation Methods and apparatus for evaluating and extracting signatures of computer viruses and other undesirable software entities
Buy PDF- 58pp US5455941  1995-10 Okuno et al.  Canon Kabushiki Kaisha System for detecting improper rewrites of data system for using separate reader writer passwords
Buy PDF- 10pp US5473769  1995-12 Cozza   Method and apparatus for increasing the speed of the detecting of computer viruses
Buy PDF- 19pp US5485575  1996-01 Chess et al.  International Business Machines Corporation Automatic analysis of a computer virus structure and means of attachment to its hosts
Buy PDF- 10pp US5502815  1996-03 Cozza   Method and apparatus for increasing the speed at which computer viruses are detected
       
Foreign References:
Buy
PDF		 Publication Date IPC Code Assignee   Title
  AT9061263 1991-08       
Buy PDF- 17pp EP0449242A 1991-10  G06F 11/00 NAT SEMICONDUCTOR CORP Method and structure for providing computer security and virus prevention 


Other References:
  • Steves, D. H., "Trojan Horse and Virus Detection Using Real Time Auditing", IBM TDB n7b Dec. 1991 pp. 78-81 (Austin).
  • Arnold, W. C., Chess, D. M. "System for Detecting Undesired Alteration of Software", IBM TDB n11 Apr. 1990 pp. 48-50.


    • Inquire Regarding Licensing

    Powered by Verity
    Plaques from Patent Awards      Gallery of Obscure PatentsNominate this for the Gallery...

    Thomson Reuters Copyright © 1997-2010 Thomson Reuters 
    Subscriptions  |  Web Seminars  |  Privacy  |  Terms & Conditions  |  Site Map  |  Contact Us  |  Help