Data processing: financial – business practice – management – or co – Business processing using cryptography – Usage protection of distributed data files
Reexamination Certificate
1999-10-01
2003-07-01
Trammell, James P. (Department: 3621)
Data processing: financial, business practice, management, or co
Business processing using cryptography
Usage protection of distributed data files
C380S001000, C380S029000, C380S029000, C380S029000, C380S029000, C705S051000
Reexamination Certificate
active
06587842
ABSTRACT:
BACKGROUND OF THE INVENTION
(1) Field of the Invention
Innovations disclosed by the present invention relate to the protection of a computer software product from unfair use on more than one customer system. This invention is based on the use of a protection file that contains internalized attributes that characterize a specific customer system environment. The protection file is encrypted and contains a digest, so that attempts to convert a protection file for use on another system are futile. Programs within the product distributor's software product interrogate the protection file to determine if the internalized attributes correspond with the attributes of the prevailing system environment. The protection file is either prepared on the product distributor's system, or is prepared by special programs that operate on the customer's system. These special programs are contained within an encrypted composite file. At any moment, no more than one of the special programs that participate in protection file preparation is decrypted. Thus, attempts to reverse engineer the process that prepares the protection file are futile.
(2) Description of the Related Art
Various-strategies are used to prevent unfair use of software products today.
The most common technique uses a key, which is a series of characters, that is typed during product installation. Often this key does not contain information regarding the customer's system environment, and the product can be installed on other systems by typing the key during installation there as well.
Another method prepares a special key file (license) that is stored on customer systems, so that the product is only operable if the license is present. However, this method fails if the software is copied to another system, and the license is copied to that system as well; i.e. the license file does not contain information regarding the attributes of a specific system.
Another method uses an electronic device, called a ‘dongle’, that is attached to a customer's printer port to enforce use of the product on systems that have this device. This requires product distributors to acquire and ship an electronic device with every product shipment. This approach is particularly inappropriate for software that is distributed by communication media downloads.
U.S. Pat. No. 5,917,908 describes a method which encodes a key that is unique to a customer's system environment, along with positional information regarding where the key is stored within the customer's storage media, but this solution always requires an interaction between the customer and the product distributor after the product is received. Furthermore, this patent lacks a method for backing up the protection file, in case the original protection file is lost or damaged.
Problems associated with software protection strategies are described on page 179 of the book “A Gift of Fire”, by Sara Baase (1997 by Prentice-Hall, Inc. Upper Saddle River, N.J. 07458; ISBN 0-13-458779-0).
SUMMARY OF THE INVENTION
The present invention is a fail-safe technique for ensuring a software product operates on secured customer systems, without opportunities for reverse engineering the technology that secures these products. A protection file is created that is stored in the storage media associated with a customer's software utilization-system. The protection file contains internalized attributes that characterize a specific customer system environment. The system identifier of IBM mainframe computers, is an example of an attribute that characterizes that system. The protection file is encrypted and contains a digest, so that attempts to convert a protection file for use on another system are futile. Programs within the product distributor's software product interrogate the protection file to determine if the internalized attributes correspond with the attributes of the prevailing system environment.
When the computer software product is distributed on copyable media, the protection file must be created on the product distributor's system environment. The unique attributes of the customer's system environment are encoded within a binary file, that is sent to the product distributor by electronic mail. The binary file that is encoded during this process is not the same as the protection file that.is required for software product usage. Upon receiving the binary file, the product distributor decodes the attributes and prepares the required protection file. The product distributor sends the protection file to the customer by electronic mail, along with instructions describing where the protection file should be placed within the customer's storage medium.
When the computer software product is distributed via a communications media download, the protection file can be created directly on the customer's system environment. However, this requires encryption of the programs that prepare the protection file. These programs create the protection file by a cascade of successive steps. A parameter that is passed to the product distributor's installation program contains the required keys for decoding the programs in all steps. Each program that participates in this process:
eliminates the previous program
extracts the key that is required for decrypting the next program
decrypts the next program
invokes the next program with the remaining parameters after key extraction
At the conclusion of the last program, only the last program remains. If a system outage occurs during the protection file preparation process, no more than two programs associated with this process will remain on the customer's system. Every other program, including the first and last program, do not participate in protection file preparation. The logic that is encoded within a single program that participates in protection file preparation should be minimal, to thwart reverse engineering attempts. The parameter that contains the keys for decoding remaining programs, is lost as a consequence of the system outage. The customer must use the technique associated with acquiring a protection file for ‘copyable media’ that was described above.
Subsequently, the customer can use the technique associated with acquiring a protection file for ‘copyable media’, in case the protection file is lost or damaged. The customer can also store copies of the protection file on various storage media, and use these as subsequent replacements for a protection file that is lost or damaged.
The invention associated with this patent is characterized by the following significant innovations.
Innovation #1:
attributes that uniquely characterize a customer system can be encoded in a key file.
Innovation #2:
the key file, prepared by Innovation #1 can be sent to the product distributor, who responds with a protection file.
Innovation #3:
a protection file can be directly created when software is downloaded using a communication media.
Innovation #4:
the programs that create the protection file are encrypted. The keys to decrypt these programs are passed as a parameter to a program that is invoked on the customer's system during the conclusion of the download process. The parameter is passed in a volatile memory area, and is lost if a system outage occurs during the download process. The parameter is sufficiently intricate, so that a protection file cannot be prepared with prevailing files after the system outage has occurred.
Innovation #5:
accidental loss or damage of a protection file, can be overcome by using backup copies, or using Innovation #1 and #2 again.
REFERENCES:
patent: 5337357 (1994-08-01), Chou et al.
patent: 5917908 (1999-06-01), Takenaka et al.
patent: 6047242 (2000-04-01), Benson
patent: 411109855 (1999-04-01), None
Alfred J. Menezes, et al. “Handbook of Applied Cryptography” 1997, CRC Press, pp. 321-322.
Alfred J. Menezes, et al., Handbook of Applied Cryptography, 1997, CRC Press, pp. 321-322.*
“A Gift of Fire”, by Sara Baase, p. 179, (1997, Prentice-Hall, Inc., I
Reagan James A.
Scanlon Patrick R.
Trammell James P.
LandOfFree
Software-based protection system for software products... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Software-based protection system for software products..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Software-based protection system for software products... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3099167