Software protection using an installation product having an entitlement file
First Claim
1. A method, comprising:
- obtaining from a licensor, an encoded version of a computer program product, an entitlement file, and a certified client identity of a licensee of the computer program product, wherein the certified client identity comprises licensee identification information and cryptographic keys comprising a private key of the licensee and a signature verification public key of the licensor, wherein the certified client identity is generated and utilized by the licensor in a pre-deployment registration process for the licensee to produce an entitlement file that is unique to said certified client identity, wherein the pre-deployment process is performed by the licensor prior to making the computer program product available to the licensee;
obtaining the entitlement file from the licensor which is digitally signed with a private key of the licensor of the computer program product, wherein the entitlement file specifies terms of the licensee'"'"'s entitled use of the computer program product;
generating an installation product in a computer storage medium of a system using the private key of the licensee, the certified client identity and the encoded version of the computer program product which is encoded with a public key of the licensee, wherein generating the installation product comprises;
decoding the encoded version of the computer program product using the private key of the licensee, and decoding a digital signature associated with the entitlement file using the signature verification public key of the licensor to verify that the terms of the licensee'"'"'s entitled use of the computer program product as provided by the entitlement file are valid;
automatically verifying the licensee'"'"'s entitled use of the computer program product using the validated terms of the licensee'"'"'s entitled use as specified by the entitlement file;
generating a digital signature of the licensee by digitally signing at least the licensee identification information of the certified client identity using the private key of the licensee; and
generating the installation product by embedding the digital signature of the licensee and the digitally signed entitlement file into the decoded computer program product;
installing the computer program product in a computer storage medium of a system using the installation product, wherein installing comprises identifying the licensee and veritfying compliance for use of the computer program product using the embedded digitally signed entitlement file and the embedded digital signature of the licensee, and based on the verifying, installing the computer program product; and
using the digitally signed entitlement file to establish compliance for use of the computer program product for a subsequent installation of the computer program product using the installation product,wherein the method is performed by a processor device executing program instructions.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for establishing entitlement to a computer program product are provided, and include providing a client identity in a registration process to produce an entitlement file, obtaining an encoded version of a computer program product, and transforming the computer program product into an installation product in a computer storage medium, wherein the installation product comprises the entitlement file to establish entitled use of the computer program product. Also, techniques for facilitating security compliance of a computer program product include providing an encoded version of a computer program product, and providing an installation product builder for the computer program product, wherein the installation product builder creates an installation product in a computer storage medium using a client identity and the encoded version of the computer program product during a registration process, and wherein the created installation product comprises an entitlement file to facilitate security compliance of the computer program product.
65 Citations
18 Claims
-
1. A method, comprising:
-
obtaining from a licensor, an encoded version of a computer program product, an entitlement file, and a certified client identity of a licensee of the computer program product, wherein the certified client identity comprises licensee identification information and cryptographic keys comprising a private key of the licensee and a signature verification public key of the licensor, wherein the certified client identity is generated and utilized by the licensor in a pre-deployment registration process for the licensee to produce an entitlement file that is unique to said certified client identity, wherein the pre-deployment process is performed by the licensor prior to making the computer program product available to the licensee; obtaining the entitlement file from the licensor which is digitally signed with a private key of the licensor of the computer program product, wherein the entitlement file specifies terms of the licensee'"'"'s entitled use of the computer program product; generating an installation product in a computer storage medium of a system using the private key of the licensee, the certified client identity and the encoded version of the computer program product which is encoded with a public key of the licensee, wherein generating the installation product comprises; decoding the encoded version of the computer program product using the private key of the licensee, and decoding a digital signature associated with the entitlement file using the signature verification public key of the licensor to verify that the terms of the licensee'"'"'s entitled use of the computer program product as provided by the entitlement file are valid; automatically verifying the licensee'"'"'s entitled use of the computer program product using the validated terms of the licensee'"'"'s entitled use as specified by the entitlement file; generating a digital signature of the licensee by digitally signing at least the licensee identification information of the certified client identity using the private key of the licensee; and generating the installation product by embedding the digital signature of the licensee and the digitally signed entitlement file into the decoded computer program product; installing the computer program product in a computer storage medium of a system using the installation product, wherein installing comprises identifying the licensee and veritfying compliance for use of the computer program product using the embedded digitally signed entitlement file and the embedded digital signature of the licensee, and based on the verifying, installing the computer program product; and using the digitally signed entitlement file to establish compliance for use of the computer program product for a subsequent installation of the computer program product using the installation product, wherein the method is performed by a processor device executing program instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An apparatus for establishing compliance for use of a computer program product, comprising:
-
a memory configured to store program instructions; and at least one hardware device coupled to the memory and configured to execute the program instructions to implement a process comprising; obtaining from a licensor, an encoded version of a computer program product, an entitlement file, and a certified client identity of a licensee of the computer program product, wherein the certified client identity comprises licensee identification information and cryptographic keys comprising a private key of the licensee and a signature verification public key of the licensor, wherein the certified client identity is generated and utilized by the licensor in a pre-deployment registration process for the licensee to produce an entitlement file that is unique to said certified client identity, wherein the pre-deployment process is performed by the licensor prior to making the computer program product available to the licensee; obtaining the entitlement file from the licensor which is digitally signed with a private key of the licensor of the computer program product, wherein the entitlement file specifies terms of the licensee'"'"'s entitled use of the computer program product; generating an installation product in a computer storage medium of a system using the private key of the licensee, the certified client identity and the encoded version of the computer program product which is encoded with a public key of the licensee, wherein generating the installation product comprises; decoding the encoded version of the computer program product using the private key of the licensee, and decoding a digital signature associated with the entitlement file using the signature verification public key of the licensor to verify that the terms of the licensee'"'"'s entitled use of the computer program product as provided by the entitlement file are valid; automatically verifying the licensee'"'"'s entitled use of the computer program product using the validated terms of the licensee'"'"'s entitled use as specified by the entitlement file; generating a digital signature of the licensee by digitally signing at least the licensee identification information of the certified client identity using the private key of the licensee; and generating the installation product by embedding the digital signature of the licensee and the digitally signed entitlement file into the decoded computer program product; installing the computer program product in a computer storage medium of a system using the installation product, wherein installing comprises identifying the licensee and verifying compliance for use of the computer program product using the embedded digitally signed entitlement file and the embedded digital signature of the licensee, and based on the verifying, installing the computer program product; and using the digitally signed entitlement file to establish compliance for use of the computer program product for a subsequent installation of the computer program product using the installation product. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer program product comprising a non-transitory computer readable recordable storage medium comprising computer useable program code stored therein, wherein the computer useable program code is executable by a computer to implement a method comprising:
-
obtaining from a licensor, an encoded version of a computer program product, an entitlement file, and a certified client identity of a licensee of the computer program product, wherein the certified client identity comprises licensee identification information and cryptographic keys comprising a private key of the licensee and a signature verification public key of the licensor, wherein the certified client identity is generated and utilized by the licensor in a pre-deployment registration process for the licensee to produce an entitlement file that is unique to said certified client identity, wherein the pre-deployment process is performed by the licensor prior to making the computer program product available to the licensee; obtaining the entitlement file from the licensor which is digitally signed with a private key of the licensor of the computer program product, wherein the entitlement file specifies terms of the licensee'"'"'s entitled use of the computer program product; generating an installation product in a computer storage medium of a system using the private key of the licensee, the certified client identity and the encoded version of the computer program product which is encoded with a public key of the licensee, wherein generating the installation product comprises; decoding the encoded version of the computer program product using the private key of the licensee, and decoding a digital signature associated with the entitlement file using the signature verification public key of the licensor to verify that the terms of the licensee'"'"'s entitled use of the computer program product as provided by the entitlement file are valid; automatically verifying the licensee'"'"'s entitled use of the computer program product using the validated terms of the licensee'"'"'s entitled use as specified by the entitlement file; generating a digital signature of the licensee by digitally signing at least the licensee identification information of the certified client identity using the private key of the licensee; and generating the installation product by embedding the digital signature of the licensee and the digitally signed entitlement file into the decoded computer program product; installing the computer program product in a computer storage medium of a system using the installation product, wherein installing comprises identifying the licensee and verifying compliance for use of the computer program product using the embedded digitally signed entitlement file and the embedded digital signature of the licensee, and based on the veritfying, installing the computer program product; and using the digitally signed entitlement file to establish compliance for use of the computer program product for a subsequent installation of the computer program product using the installation product. - View Dependent Claims (18)
-
Specification