Browse Prior Art Database

Method for a registration information repository support utility with a signature key

IP.com Disclosure Number: IPCOM000146797D
Publication Date: 2007-Feb-23
Document File: 5 page(s) / 33K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method for a registration information repository support utility with a signature key. Benefits include improved functionality, improved security, and improved performance.

This text was extracted from a Microsoft Word document.
This is the abbreviated version, containing approximately 38% of the total text.

Method for a registration information repository support utility with a signature key

Disclosed is a method for a registration information repositorysupport utility with a signature key. Benefits include improved functionality, improved security, and improvedperformance.

Background

      Many software applications and device drivers use an operating system (OS) registration information repositoryas important input for their operation and to obtain configuration information. Some software applications write to the repository. Someapplications use it to save their configuration for later use when they restart or set up for other applications.

      Sophisticated users can change the registration information repository using tools that are provided with the OS.However, changing registration values can harm the operation of the OS, applications,anddevice drivers. As a result, a requirement exists to identify and prevent illegal changes to registration information repository entries.

      Software that uses the registration information repository for its configuration should verify that correct combination of parameters values are set. However, the number of combinations and cross-interactions between parameters is extensive and can be prohibitive. As a result, cross-interactions are generally not checked for consistency and legality by the application. This situationenables harmful use or malicious attacks on the application by setting contradicting parameters with unpredictable results. For example, a relatively simple virus that writes illegal information to the registration information repository can disable the application or cause system instability.

      The conventionalmethod to make the program immune to malicious attacks is to create a software fix. If the program is a device driver, it must be recertifiedfor use with the operating system, which can be a lengthy and expensive process.

      Conventionally, software applications and drivers must either fully trust the registration values or add a lot of verification code to check all input combinations. These solutionsrequire extensive testing to ensure coverage for all possible combinations.

General description

      The disclosed method protects the registration information repository from inconsistent and illegal parameter combinations using a support utility with a signature key. The method prevents changes from being made usingregistration and general-purpose tools. Valid changes are enabledusing a support utility that is part of the application installation package or is embedded in the application as a menu item.

Advantages

      The disclosed method provides advantages, including:
     Improved functionality due to providing a registration information repository support utility with a signature key

     Improved functionality due to enabling checking for cross-in...