Software protection using an installation product having an entitlement file

US 10,068,064 B2
Filed: 04/24/2012
Issued: 09/04/2018
Est. Priority Date: 02/26/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A method, comprising:

obtaining from a licensor, an encoded version of a computer program product, an entitlement file, and a certified client identity of a licensee of the computer program product, wherein the certified client identity comprises licensee identification information and cryptographic keys comprising a private key of the licensee and a signature verification public key of the licensor, wherein the certified client identity is generated and utilized by the licensor in a pre-deployment registration process for the licensee to produce an entitlement file that is unique to said certified client identity, wherein the pre-deployment process is performed by the licensor prior to making the computer program product available to the licensee;

obtaining the entitlement file from the licensor which is digitally signed with a private key of the licensor of the computer program product, wherein the entitlement file specifies terms of the licensee'"'"'s entitled use of the computer program product;

generating an installation product in a computer storage medium of a system using the private key of the licensee, the certified client identity and the encoded version of the computer program product which is encoded with a public key of the licensee, wherein generating the installation product comprises;

decoding the encoded version of the computer program product using the private key of the licensee, and decoding a digital signature associated with the entitlement file using the signature verification public key of the licensor to verify that the terms of the licensee'"'"'s entitled use of the computer program product as provided by the entitlement file are valid;

automatically verifying the licensee'"'"'s entitled use of the computer program product using the validated terms of the licensee'"'"'s entitled use as specified by the entitlement file;

generating a digital signature of the licensee by digitally signing at least the licensee identification information of the certified client identity using the private key of the licensee; and

generating the installation product by embedding the digital signature of the licensee and the digitally signed entitlement file into the decoded computer program product;

installing the computer program product in a computer storage medium of a system using the installation product, wherein installing comprises identifying the licensee and veritfying compliance for use of the computer program product using the embedded digitally signed entitlement file and the embedded digital signature of the licensee, and based on the verifying, installing the computer program product; and

using the digitally signed entitlement file to establish compliance for use of the computer program product for a subsequent installation of the computer program product using the installation product,wherein the method is performed by a processor device executing program instructions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for establishing entitlement to a computer program product are provided, and include providing a client identity in a registration process to produce an entitlement file, obtaining an encoded version of a computer program product, and transforming the computer program product into an installation product in a computer storage medium, wherein the installation product comprises the entitlement file to establish entitled use of the computer program product. Also, techniques for facilitating security compliance of a computer program product include providing an encoded version of a computer program product, and providing an installation product builder for the computer program product, wherein the installation product builder creates an installation product in a computer storage medium using a client identity and the encoded version of the computer program product during a registration process, and wherein the created installation product comprises an entitlement file to facilitate security compliance of the computer program product.

65 Citations

View as Search Results

18 Claims

1. A method, comprising:
- obtaining from a licensor, an encoded version of a computer program product, an entitlement file, and a certified client identity of a licensee of the computer program product, wherein the certified client identity comprises licensee identification information and cryptographic keys comprising a private key of the licensee and a signature verification public key of the licensor, wherein the certified client identity is generated and utilized by the licensor in a pre-deployment registration process for the licensee to produce an entitlement file that is unique to said certified client identity, wherein the pre-deployment process is performed by the licensor prior to making the computer program product available to the licensee;
  
  obtaining the entitlement file from the licensor which is digitally signed with a private key of the licensor of the computer program product, wherein the entitlement file specifies terms of the licensee'"'"'s entitled use of the computer program product;
  
  generating an installation product in a computer storage medium of a system using the private key of the licensee, the certified client identity and the encoded version of the computer program product which is encoded with a public key of the licensee, wherein generating the installation product comprises;
  
  decoding the encoded version of the computer program product using the private key of the licensee, and decoding a digital signature associated with the entitlement file using the signature verification public key of the licensor to verify that the terms of the licensee'"'"'s entitled use of the computer program product as provided by the entitlement file are valid;
  
  automatically verifying the licensee'"'"'s entitled use of the computer program product using the validated terms of the licensee'"'"'s entitled use as specified by the entitlement file;
  
  generating a digital signature of the licensee by digitally signing at least the licensee identification information of the certified client identity using the private key of the licensee; and
  
  generating the installation product by embedding the digital signature of the licensee and the digitally signed entitlement file into the decoded computer program product;
  
  installing the computer program product in a computer storage medium of a system using the installation product, wherein installing comprises identifying the licensee and veritfying compliance for use of the computer program product using the embedded digitally signed entitlement file and the embedded digital signature of the licensee, and based on the verifying, installing the computer program product; and
  
  using the digitally signed entitlement file to establish compliance for use of the computer program product for a subsequent installation of the computer program product using the installation product,wherein the method is performed by a processor device executing program instructions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising auditing the computer program product for compliance, wherein the audit is based on integrity and content of the entitlement file.
  - 3. The method of claim 2, wherein auditing the computer program product for compliance comprises the steps of:
    - scanning a target system for the computer program product and associated entitlement file; and
      
      taking one or more actions based one or more pre-defined requirements.
  - 4. The method of claim 1, wherein the entitlement file comprises at least one of a vendor identifier, a user identifier, one or more transaction identifiers, an asset identifier and one or more terms of entitlement.
  - 5. The method of claim 1, wherein the entitlement file is used to create one or more instances of an entitlement document with one or more embedded integrity metrics.
  - 6. The method of claim 1, wherein using the digitally signed entitlement file to establish compliance for use of the computer program product comprises applying each term of an entitlement agreement throughout the lifecycle of the computer program product based on integrity and content of the entitlement file.
  - 7. The method of claim 1, wherein using the digitally signed entitlement file to establish compliance for use of the computer program product comprises examining the entitlement file, wherein examining the entitlement file comprises at least one of checking for integrity using a public cryptographic operation, checking for integrity using a private cryptographic operation, checking each party, and checking each term of entitlement.
  - 8. The method of claim 1, further comprising performing a subsequent installation of the computer program product using the installation product, wherein performing the subsequent installation process comprises:
    - accessing the digitally signed entitlement file in the computer program product;
      
      checking integrity of the entitlement file;
      
      presenting content of the entitlement file to a user for review;
      
      continuing the computer program product installation process if the user acknowledges acceptance of the entitlement file and intent to continue;
      
      presenting end user license agreement (EULA) information to the user for review; and
      
      completing the computer program product installation if the user acknowledges acceptance of the EULA and intent to continue.

9. An apparatus for establishing compliance for use of a computer program product, comprising:
- a memory configured to store program instructions; and
  
  at least one hardware device coupled to the memory and configured to execute the program instructions to implement a process comprising;
  
  obtaining from a licensor, an encoded version of a computer program product, an entitlement file, and a certified client identity of a licensee of the computer program product, wherein the certified client identity comprises licensee identification information and cryptographic keys comprising a private key of the licensee and a signature verification public key of the licensor, wherein the certified client identity is generated and utilized by the licensor in a pre-deployment registration process for the licensee to produce an entitlement file that is unique to said certified client identity, wherein the pre-deployment process is performed by the licensor prior to making the computer program product available to the licensee;
  
  obtaining the entitlement file from the licensor which is digitally signed with a private key of the licensor of the computer program product, wherein the entitlement file specifies terms of the licensee'"'"'s entitled use of the computer program product;
  
  generating an installation product in a computer storage medium of a system using the private key of the licensee, the certified client identity and the encoded version of the computer program product which is encoded with a public key of the licensee, wherein generating the installation product comprises;
  
  decoding the encoded version of the computer program product using the private key of the licensee, and decoding a digital signature associated with the entitlement file using the signature verification public key of the licensor to verify that the terms of the licensee'"'"'s entitled use of the computer program product as provided by the entitlement file are valid;
  
  automatically verifying the licensee'"'"'s entitled use of the computer program product using the validated terms of the licensee'"'"'s entitled use as specified by the entitlement file;
  
  generating a digital signature of the licensee by digitally signing at least the licensee identification information of the certified client identity using the private key of the licensee; and
  
  generating the installation product by embedding the digital signature of the licensee and the digitally signed entitlement file into the decoded computer program product;
  
  installing the computer program product in a computer storage medium of a system using the installation product, wherein installing comprises identifying the licensee and verifying compliance for use of the computer program product using the embedded digitally signed entitlement file and the embedded digital signature of the licensee, and based on the verifying, installing the computer program product; and
  
  using the digitally signed entitlement file to establish compliance for use of the computer program product for a subsequent installation of the computer program product using the installation product.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The apparatus of claim 9, wherein said at least one hardware device is further configured to execute the program instructions to audit the computer program product for compliance, wherein the audit is based on integrity and content of the entitlement file.
  - 11. The apparatus of claim 10, wherein said auditing of the computer program product for compliance comprises:
    - scanning a target system for the computer program product and associated entitlement file; and
      
      taking one or more actions based one or more pre-defined requirements.
  - 12. The apparatus of claim 9, wherein the entitlement file comprises at least one of a vendor identifier, a user identifier, one or more transaction identifiers, an asset identifier and one or more terms of entitlement.
  - 13. The apparatus of claim 9, wherein the entitlement file is used to create one or more instances of an entitlement document with one or more embedded integrity metrics.
  - 14. The apparatus of claim 9, wherein using the digitally signed entitlement file to establish compliance for use of the computer program product comprises applying each term of an entitlement agreement throughout the lifecycle of the computer program product based on integrity and content of the entitlement file.
  - 15. The apparatus of claim 9, wherein using the digitally signed entitlement file to establish compliance for use of the computer program product comprises examining the entitlement file, wherein examining the entitlement file comprises at least one of checking for integrity using a public cryptographic operation, checking for integrity using a private cryptographic operation, checking each party, and checking each term of entitlement.
  - 16. The apparatus of claim 9, wherein said at least one hardware device is further configured to execute the program instructions to perform a subsequent installation of the computer program product using the installation product, wherein performing the subsequent installation process comprises:
    - accessing the digitally signed entitlement file in the computer program product;
      
      checking integrity of the entitlement file;
      
      presenting content of the entitlement file to a user for review;
      
      continuing the computer program product installation process if the user acknowledges acceptance of the entitlement file and intent to continue;
      
      presenting end user license agreement (EULA) information to the user for review; and
      
      completing the computer program product installation if the user acknowledges acceptance of the EULA and intent to continue.

17. A computer program product comprising a non-transitory computer readable recordable storage medium comprising computer useable program code stored therein, wherein the computer useable program code is executable by a computer to implement a method comprising:
- obtaining from a licensor, an encoded version of a computer program product, an entitlement file, and a certified client identity of a licensee of the computer program product, wherein the certified client identity comprises licensee identification information and cryptographic keys comprising a private key of the licensee and a signature verification public key of the licensor, wherein the certified client identity is generated and utilized by the licensor in a pre-deployment registration process for the licensee to produce an entitlement file that is unique to said certified client identity, wherein the pre-deployment process is performed by the licensor prior to making the computer program product available to the licensee;
  
  obtaining the entitlement file from the licensor which is digitally signed with a private key of the licensor of the computer program product, wherein the entitlement file specifies terms of the licensee'"'"'s entitled use of the computer program product;
  
  generating an installation product in a computer storage medium of a system using the private key of the licensee, the certified client identity and the encoded version of the computer program product which is encoded with a public key of the licensee, wherein generating the installation product comprises;
  
  decoding the encoded version of the computer program product using the private key of the licensee, and decoding a digital signature associated with the entitlement file using the signature verification public key of the licensor to verify that the terms of the licensee'"'"'s entitled use of the computer program product as provided by the entitlement file are valid;
  
  automatically verifying the licensee'"'"'s entitled use of the computer program product using the validated terms of the licensee'"'"'s entitled use as specified by the entitlement file;
  
  generating a digital signature of the licensee by digitally signing at least the licensee identification information of the certified client identity using the private key of the licensee; and
  
  generating the installation product by embedding the digital signature of the licensee and the digitally signed entitlement file into the decoded computer program product;
  
  installing the computer program product in a computer storage medium of a system using the installation product, wherein installing comprises identifying the licensee and verifying compliance for use of the computer program product using the embedded digitally signed entitlement file and the embedded digital signature of the licensee, and based on the veritfying, installing the computer program product; and
  
  using the digitally signed entitlement file to establish compliance for use of the computer program product for a subsequent installation of the computer program product using the installation product.
- View Dependent Claims (18)
- - 18. The computer program product of claim 17, wherein using the digitally signed entitlement file to establish compliance for use of the computer program product comprises applying each term of an entitlement agreement throughout the lifecycle of the computer program product based on integrity and content of the entitlement file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Hahn, Timothy J., Palmer, Jr., Bernard P., Waidner, Michael P., Whitmore, James J.
Primary Examiner(s)
Huang, Tsan-Yu J

Application Number

US13/454,502
Publication Number

US 20120210441A1
Time in Patent Office

2,324 Days
Field of Search

705 59, 726 26- 33
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/105   Arrangements for software l...

G06F 21/12   Protecting executable software

G06F 21/16   Program or content traceabi...

H04L 2209/60   Digital content management,...

H04L 2209/68   Special signature format, e...

H04L 9/3247   involving digital signatures

H04L 9/3263   involving certificates, e.g...

Software protection using an installation product having an entitlement file

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

65 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Software protection using an installation product having an entitlement file

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

65 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links