Method and system for identifying open-source software package based on binary files

US 10,642,965 B2
Filed: 12/29/2017
Issued: 05/05/2020
Est. Priority Date: 09/15/2017
Status: Active Grant

First Claim

Patent Images

1. A method for identifying an open-source software package from a binary file for which an open-source license is to be checked, the method comprising:

accessing a database generated to include a plurality of open-source software packages having a plurality of open-source files, a plurality of open-source software package names, a plurality of open-source file names, and open-source software package version information, based on a plurality of first identifiers included in each of the plurality of open-source files;

receiving the binary file;

extracting at least one second identifier included in the binary file by performing a string search on the binary file; and

extracting at least one first identifier that matches the at least one second identifier from the database, and outputting an open-source software package and open-source software package version information corresponding to the at least one first identifier,wherein the extracting of the at least one second identifier included in the binary file includes;

extracting at least one open-source software package name and at least one open-source file name corresponding to the at least one first identifier, from the plurality of open-source software package names and the plurality of open-source file names;

assigning a weight to the at least one open-source software package name, based on the at least one open-source software package name and the at least one open-source file name; and

detecting an open-source software package name having the highest weight from the at least one open-source software package name to which the weight is assigned.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Provided are a method and system for identifying an open-source software package from a binary file for which an open-source license is to be checked. The method includes: accessing a database generated to include a plurality of open-source software packages having a plurality of open-source files and open-source software package version information, based on a plurality of first identifiers included in each of the plurality of open-source files; receiving the binary file; extracting at least one second identifier included in the binary file by performing a string search on the binary file; and extracting at least one first identifier that matches the at least one second identifier from the database, and outputting an open-source software package and open-source software package version information corresponding to the at least one first identifier.

Citations

24 Claims

1. A method for identifying an open-source software package from a binary file for which an open-source license is to be checked, the method comprising:
- accessing a database generated to include a plurality of open-source software packages having a plurality of open-source files, a plurality of open-source software package names, a plurality of open-source file names, and open-source software package version information, based on a plurality of first identifiers included in each of the plurality of open-source files;
  
  receiving the binary file;
  
  extracting at least one second identifier included in the binary file by performing a string search on the binary file; and
  
  extracting at least one first identifier that matches the at least one second identifier from the database, and outputting an open-source software package and open-source software package version information corresponding to the at least one first identifier,wherein the extracting of the at least one second identifier included in the binary file includes;
  
  extracting at least one open-source software package name and at least one open-source file name corresponding to the at least one first identifier, from the plurality of open-source software package names and the plurality of open-source file names;
  
  assigning a weight to the at least one open-source software package name, based on the at least one open-source software package name and the at least one open-source file name; and
  
  detecting an open-source software package name having the highest weight from the at least one open-source software package name to which the weight is assigned.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein each of the first identifier and the second identifier comprises a string that is preserved even after the open-source files are compiled.
  - 3. The method of claim 2, wherein accessing the database comprises:
    - downloading the plurality of open-source software packages from an open-source providing server;
      
      extracting open-source information from the plurality of open-source software packages; and
      
      generating the database based on the open-source information.
  - 4. The method of claim 3, wherein the open-source information comprises the plurality of first identifiers, an open-source software package name, open-source software package version information, and an open-source file name.
  - 5. The method of claim 4, wherein the database comprises:
    - a first database storing a first table, the first table including the first identifiers corresponding to each of the plurality of open-source software packages, the open-source software package names, and the open-source file names in which the first identifiers exist;
      
      a second database storing a second table, the second table including the open-source software package names corresponding to the plurality of open-source files, the open-source software package version information, the open-source file names, and open-source file checksums; and
      
      a third database storing a third table, the third table including the open-source file checksums corresponding to the first identifiers and location information of the first identifiers in the open-source files.
  - 6. The method of claim 5, wherein extracting the at least one second identifier included in the binary file comprises:
    - identifying a file type of the binary file; and
      
      extracting the at least one second identifier from the binary file according to the file type.
  - 7. The method of claim 5, wherein the database further comprises a reference open-source software package name of a reference open-source software package designated by a manager among the plurality of open-source software packages, and a reference first identifier that is identically included in the reference open-source software package of a plurality of pieces of open-source software package version information.
  - 8. The method of claim 7, wherein extracting the at least one open-source software package name and the at least one open-source file name corresponding to the at least one first identifier comprises detecting an open-source software package name that matches the reference open-source software package name among the extracted at least one open-source software package name based on the reference first identifier.
  - 9. The method of claim 8, wherein detecting the open-source software package name that matches the reference open-source software package name comprises:
    - identifying a first identifier that matches the reference first identifier among the at least one first identifier; and
      
      treating an open-source software package name corresponding to the matched first identifier as the reference open-source software package name.
  - 10. The method of claim 1, wherein extracting the at least one open-source software package name and the at least one open-source file name corresponding to the at least one first identifier comprises:
    - extracting two consecutive first identifiers in an order in which the at least one first identifier is identified;
      
      determining whether an open-source software package name corresponding to the initially identified first identifier among the two consecutive first identifiers is a unique open-source software package name;
      
      if the open-source software package name corresponding to the initially identified first identifier is determined to be the unique open-source software package name, determining whether an open-source software package name that matches the unique open-source software package name exists among the open-source software package names corresponding to the finally identified first identifier among the two consecutive first identifiers; and
      
      if the open-source software package name matching the unique open-source software package name is determined to exist, replacing the matched open-source software package name with the unique open-source software package name.
  - 11. The method of claim 5, wherein outputting the open-source software package and the open-source software package version information corresponding to the at least one first identifier comprises:
    - extracting, from the second database, at least one open-source file checksum corresponding to at least one open-source file name included in the detected open-source software package name, and at least one piece of open-source software package version information corresponding to the at least one open-source file checksum; and
      
      detecting open-source software package version information corresponding to the detected open-source software package name based on the at least one first identifier and the at least one open-source file checksum.
  - 12. The method of claim 11, wherein detecting the open-source software package version information corresponding to the detected open-source software package name based on the at least one first identifier and the at least one open-source file checksum comprises:
    - determining whether location information corresponding to the at least one first identifier for the at least one open-source file checksum exists in the third database;
      
      if the location information corresponding to the at least one first identifier is determined to exist, assigning a predetermined weight to open-source software package version information corresponding to the at least one open-source file checksum; and
      
      detecting open-source software package version information having the highest weight among the open-source software package version information as open-source software package version information corresponding to the detected open-source software package name.

13. A system for identifying an open-source software package from a binary file for which an open-source license is to be checked, the system comprising:
- a storage unit storing a database generated to include a plurality of open-source software packages having a plurality of open-source files, a plurality of open-source software package names, a plurality of open-source file names, and open-source software package version information, based on a plurality of first identifiers included in each of the plurality of open-source files;
  
  a receiver configured to receive the binary file;
  
  a processor configured to extract at least one second identifier included in the binary file by performing a string search on the binary file, to extract at least one first identifier that matches the at least one second identifier from the database, and to detect an open-source software package and open-source software package version information corresponding to the at least one first identifier; and
  
  an output device configured to output the detected open-source software package and open-source software package version information,wherein the processor is configured to;
  
  extract at least one open-source software package name and at least one open-source file name corresponding to the at least one first identifier, from the plurality of open-source software package names and the plurality of open-source file names;
  
  assign a weight to the at least one open-source software package name, based on the at least one open-source software package name and the at least one open-source file name; and
  
  detect an open-source software package name having the highest weight from the at least one open-source software package name to which the weight is assigned.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. The system of claim 13, wherein each of the first identifier and the second identifier comprises a string that is preserved even after the open-source file is compiled.
  - 15. The system of claim 13, wherein the processor is configured to:
    - download the plurality of open-source software packages from an open-source providing server through the receiver;
      
      extract open-source information from the plurality of open-source software packages; and
      
      generate the database based on the open-source information.
  - 16. The system of claim 15, wherein the open-source information comprises the plurality of first identifiers, an open-source software package name, open-source software package version information, and an open-source file name.
  - 17. The system of claim 16, wherein the database comprises:
    - a first database storing a first table, the first table including the first identifiers corresponding to each of the plurality of open-source software packages, the open-source software package names, and the open-source file names in which the first identifiers exist;
      
      a second database storing a second table, the second table including the open-source software package names corresponding to the plurality of open-source files, the open-source software package version information, the open-source file names, and open-source file checksums; and
      
      a third database storing a third table, the third table including the open-source file checksums corresponding to the first identifiers and location information of the first identifiers in the open-source files.
  - 18. The system of claim 17, wherein the processor is configured to:
    - identify a file type of the binary file; and
      
      extract the at least one second identifier from the binary file according to the file type.
  - 19. The system of claim 17, wherein the database further comprises a reference open-source software package name of a reference open-source software package designated by a manager among the plurality of open-source software packages, and a reference first identifier that is identically included in the reference open-source software package of the plurality of pieces of open-source software package version information.
  - 20. The system of claim 19, wherein the processor is configured to detect an open-source software package name that matches the reference open-source software package name among the extracted at least one open-source software package name based on the reference first identifier.
  - 21. The system of claim 20, wherein the processor is configured to:
    - identify a first identifier that matches the reference first identifier among the at least one first identifier; and
      
      treat an open-source software package name corresponding to the matched first identifier as the reference open-source software package name.
  - 22. The system of claim 13, wherein the processor is configured to:
    - extract two consecutive first identifiers in an order in which the at least one first identifier is identified;
      
      determine whether an open-source software package name corresponding to the initially identified first identifier among the two consecutive first identifiers is a unique open-source software package name or not;
      
      if the open-source software package name corresponding to the initially identified first identifier is determined to be the unique open-source software package name, determine whether an open-source software package name that matches the unique open-source software package name exists among the open-source software package names corresponding to the finally identified first identifier among the two consecutive first identifiers; and
      
      if the open-source software package name matching the unique open-source software package name is determined to exist, replace the matched open-source software package name with the unique open-source software package name.
  - 23. The system of claim 17, wherein the processor is configured to:
    - extract, from the second database, at least one open-source file checksum corresponding to at least one open-source file name included in the detected open-source software package name, and at least one piece of open-source software package version information corresponding to the at least one open-source file checksum; and
      
      detect open-source software package version information corresponding to the detected open-source software package name based on the at least one first identifier and the at least one open-source file checksum.
  - 24. The system of claim 23, wherein the processor is configured to:
    - determine whether location information corresponding to the at least one first identifier for the at least one open-source file checksum exists in the third database;
      
      if the location information corresponding to the at least one first identifier is determined to exist, assign a predetermined weight to open-source software package version information corresponding to the at least one open-source file checksum; and
      
      detect open-source software package version information having the highest weight among the open-source software package version information as open-source software package version information corresponding to the detected open-source software package name.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Insignary, Inc.
Original Assignee
Insignary, Inc.
Inventors
Kim, Younggon, Kang, Tae-Jin, Cho, Si Haeng
Primary Examiner(s)
Murphy, J. Brant
Assistant Examiner(s)
Gundry, Stephen T

Application Number

US15/858,119
Publication Number

US 20190087550A1
Time in Patent Office

858 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/148   File search processing

G06F 21/105   Arrangements for software l...

G06F 21/1077   Recurrent authorisation

G06F 8/60   Software deployment

G06F 8/71   Version control security ar...

Method and system for identifying open-source software package based on binary files

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for identifying open-source software package based on binary files

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links