Information security method and system

Abstract

The present invention discloses an improved information security system and method. A polymorphic engine is used to enhance the security features of a software application and the data generated by or made available to the application and / or the operating system. The polymorphic engine operates to randomly alter the standard executable code of the original application while preserving its functional characteristics. Each polymorphed instance of the application differs from any other instance of the same application in form only. Various other security features operate to protect the polymorphic engine itself and / or the polymorphed code generated therefrom. These other security features include: just-in-time instruction code decryption; virtual CPU instruction code pre-processing; call mutation; stack manipulation; secure hook-capture of device input; secure display device output; application level decryption of encrypted hardware data streams; and a dynamic, randomly configured graphical keypad interface.

Description

CROSS REFERENCES TO RELATED APPLICATIONS [0001] This application is a divisional of U.S. application Ser. No. 09 / 855,073, filed on May 14, 2001, which claims priority to U.S. Provisional Patent Application Ser. No. 60 / 203,877 entitled “INFORMATION SECURITY SYSTEM” filed on May 12, 2000, which is incorporated herein by reference.FIELD OF THE INVENTION [0002] This invention generally relates to information security systems. More specifically, the invention relates to a system and method for improving the security features of executable computer program code and / or data which is generated, stored or manipulated by program code in order to more effectively prevent theft, decompilation, unauthorized reproduction and / or unauthorized use. BACKGROUND OF THE INVENTION [0003] As computers have become more widely used and more pervasively networked, information, privacy, and financial losses, etc., due to information security breaches have dramatically increased as well. According to a Mar. 12...

AI Technical Summary

Benefits of technology

[0012] In general, the present invention suitably protects standard and / or custom compiled code using a polymorphic engine which randomly alters the executable code of a compiled application while conserving the application's original operational and functional characteristics. Once the code has been randomly polymorphed, it becomes statistically impossible to retrieve the original application source code. Additionally, each polymorphed copy of the application randomly differs from any other copy and, therefore, precludes the possibility of generating a patch or crack for any one polymorphed copy that will work generically with any other polymorphed copy of the application. Moreover, the code polymorphing process can be iteratively applied to generate multiple layers of protection.

[0013] In order to protect the polymorphic engine from debugging, decompilation and / or reverse engineering by analysis of memory snap-shots, a running line encryption method, is also disclosed, which protects the polymorphic engine while the engine's code resides in memory. This is generally accomplished by having only one line of the engine's encrypted instruction code decrypted for any given CPU instruction cycle. As the polymorphic engine's code moves through the stack to be processed by the CPU, these instructions are decrypted “just-in-time” and provided to the CPU for execution, and then immediately re-encrypted before decryption and subsequent execution of the next line of instruction code. The present invention also discloses a virtual CPU instruction set pre-processor employing a matchable data structure that is randomly created when the polymorphed application initializes. The matchable data structure correlates instructions specific to the CPU's instruction set with virtual CPU opcodes generated by the polymorphic engine.

[0015] A secure output display interface for concealing data, protects users from applications that may use operating system calls to capture data by placing a hook into OS routines that preprocess input, (i.e., from a keyboard, mouse, light pen, etc.) and by interpreting the input before it is made available to other OS processes. The hook-captured input is then enciphered and hidden from the OS. For example, a user password entered in a textbox could be hook-captured from the keyboard device driver, enciphered and stored, and then the hook routine passes literal asterisk characters to the appropriate textbox. In such a system, queries from other OS routines to the textbox object would return the series of asterisks characters placed there by the hook routine and not the literal text of, for example, a password entered by the user. In one of the various aspects of the present invention, the hook-capture routine helps to secure user input to the polymorphed application by modifying display device output as well as corresponding literal data object content.

Problems solved by technology

Once the code has been randomly polymorphed, it becomes statistically impossible to retrieve the original application source code.

The software application still includes similar or identical functionality, but the header of the original call is different and not readily traceable.

Images