Data processing: financial – business practice – management – or co – Business processing using cryptography – Usage protection of distributed data files
Reexamination Certificate
1997-10-02
2004-01-13
Rosen, Nicholas David (Department: 3625)
Data processing: financial, business practice, management, or co
Business processing using cryptography
Usage protection of distributed data files
C705S057000
Reexamination Certificate
active
06678665
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates to mechanisms for protecting software against unauthorized use, in particular against unauthorized copying.
2. Description of the Related Art
The Business Software Alliance estimates the 1995 financial losses attributed to software piracy as US$ 8.1 Billion for business application software and US$ 15.2 Billion for all software.
Solutions have been proposed in two areas:
improved Intellectual Property Rights (IPR) legislation, and
enhanced electronic copy protection (ECP) mechanisms.
IPR legislation and enforcement are improving in many countries, but there are still significant difficulties in other parts of the world. As a result, some vendors are currently reassessing ECP.
Some example requirements that an ECP mechanism may potentially satisfy are listed below:
Unauthorized users or customers should be prohibited from executing protected software.
The customer should not be prohibited from making backups.
The ECP mechanism should have minimal impact upon the user interface. The visible impact should be limited to the first initial login to the operating system and/or smart card.
Only standard hardware and software assumptions should be made. For example, although hardware dongles provide copy protection services, many vendors do not wish to limit the sale of the software to the collection of customers who own or are willing to install a dongle.
The ECP mechanism should not limit execution of the protected software to a limited collection of machines. When a customer legitimately purchases software, the customer should be able to execute the software on any machine regardless of ownership. The customer should optionally be able to authorize simultaneous execution of the software in multiple machines.
The ECP mechanism should have no required network dependencies in order to execute an already purchased protected program.
The vendor should be permitted to distribute an identical version of the protected software to all customers. This requirement permits the protected software to be distributed through normal channels such as, for example, CD-ROMS, floppy disks, or network bulletin boards.
It should be excessively difficult and/or computationally infeasible for a potential software pirate to circumvent the ECP mechanism without modifying the protected program. This requirement serves as a virus-protection measure because a digital signature supplied by the vendor would not validate if a pirate distributes a modified version of the original program.
The ECP mechanism should not disclose the private keying material to the vendor, to any program produced by the vendor, or to any potential Trojan horse program. Though the primary functionality is to protect the software vendor, one must not do so at the expense of the customer.
The ECP mechanism should be available in a software-only version as well as in a hardware-assisted version, using a smart card, for example, to assure widespread market acceptance.
In the publication by Choudhury, et al., “Copyright Protection for Electronic Publishing over Computer Networks”, a mechanism is proposed in which a protected document can be viewed only via a specially configured viewer program, which allows a customer to view the document only if the customer supplies to the viewer the customer's private keying material. This deters the customer from distributing unauthorized copies of the viewer program, since that would require the customer to divulge his or her private keying material to others. However, because this mechanism requires that the viewer program obtain access to the private keying material, it breaks one of the requirements described above. Furthermore, this mechanism may not be used in conjunction with a smart card that is configured to avoid releasing private keying material.
An overview on asymmetric cryptography, for example on the RSA (Rivest-Shamir-Adleman) scheme, and probabilistic encryption, for example the Blum-Goldwasser probabilistic public-key encryption scheme, can be found in the Menezes et al., book “Handbook of Applied Cryptography.”
The Chi-Square Test, the Kolmogorov-Smimov Test, and the Serial Correlation Test are described in the publication by Knuth, “The Art of Computer Programming.”
An overview over different probabilistic proof schemes, for example zero knowledge proof schemes (e.g. Feige-Fiat-Shamir scheme, Guillou-Quisquater scheme, Blum-Feldmann-Micali scheme, Brassard scheme, Crepau scheme, etc.) or witness hiding proof schemes (e.g. Feige-Shamir scheme, etc.) can be found in the Menezes book.
An overview of digital signature schemes (e.g. Rivest-Shamir-Adleman, etc.,) and a formal mathematical definition of digital signatures can be found in the Menezes book.
An example of a message digest function (otherwise known as a one-way hash function) is MD5 as disclosed by Rivest in “The MD5 Message-Digest Algorithm”. It is computationally infeasible or very difficult to compute the inverse of a message digest.
In the publiction by Fenstermacher et al., cryptographic randomness from air turbulence in disk drives is described.
SUMMARY OF THE PRESENT INVENTION
An object of the present invention is to provide an improved ECP (electronic copy protection) mechanism that is able to satisfy most, if not all of the example requirements described above.
Some important algorithms that are used in the present invention are listed below.
Given n (of an RSA (Rivest-Shamir-Addleman) key pair) and &PHgr;, determine the prime factors (p,q) of nEMBEDDED such that n=p·q and &PHgr;=(p−1)(q−1):
p
=
(
n
-
Φ
+
1
)
+
(
n
-
Φ
+
1
)
2
-
4
·
n
2
q
=
n
p
Given an RSA public key, n,e, and private key, d, compute &PHgr;.
* Z
n
is the set of integers modulo n
* Z*
n
={X &egr;Z
n
|gcd(x,n)=I}
* Let e·d−1=2
s
t where t is an odd integer
1. Select a random integer, a such that a &egr;Z*
n
2. Compute w=a
2
s−1
t
3. If w≠±1(mod n) go to 1
4. Result: gcd(w−1,n) where gcd denotes Greatest Common Divisor
Not every well-known algorithm used by this invention is described herein. Other well-known algorithms, e.g., computing an inverse, and computing the gcd, can be found in the Menezes book.
A chosen-plaintext attack is one where the adversary chooses plaintext and is then given corresponding ciphertext. Subsequently, the adversary uses any information deduced in order to recover plaintext corresponding to previously unseen ciphertext, see Menezes.
An adaptive chosen-plaintext attack is a chosen-plaintext attack wherein the choice of plaintext may depend on the ciphertext received from previous results, again, see Menezes.
A zero knowledge proof protocol resists both chosen-plaintext attacks and adaptive chosen-plaintext attacks.
The present invention makes use of probabilistic proof. A probabilistic proof involves at least two parties, A and B. A possesses private keying material and B has no access to A's private keying material without disclosing the private keying material itself. A's proof is probabilistic rather than absolute because B forces A to demonstrate that A probably has access to the private keying material by supplying evidence.
There are two variants of probabilistic proofs:
a) zero-knowledge-proofs, where it is provable that B or any observer of the proof learns nothing from the proof, except the fact that A possesses the private keying material.
b) witness-challenge-response-proofs, which comprise the following four elements in a sequence:
1. A sends information which is not constant for all invocations of the proof to B. This information is called the witness. For many protocols, the witness is generated randomly, and should never be repeated.
2. B sends information to A, called the challenge. For many protocols, the challenge is generated randomly.
3. A sends a response to B.
4. B verifies whether A indeed knows the private keying material by executing computations involving the witness, the challenge, and the re
Benson Glenn
Dichtl Markus
Fujitsu Siemens Computer
Rosen Nicholas David
Schiff & Hardin & Waite
LandOfFree
Computer system for protecting software and a method for... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Computer system for protecting software and a method for..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Computer system for protecting software and a method for... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3200639