Authentication and verification for use of software
First Claim
Patent Images
1. A method of verifying the authenticity of software, comprising:
- (a) after a computer has initialized, selecting software to run on the computer;
(b) computing a hash of an object code associated with the software;
(c) retrieving a previously encrypted hash of another copy of object code associated with the software;
(d) decrypting the encrypted hash retrieved in (c);
(e) comparing the computed hash from (b) to the decrypted hash from (d); and
(f) determining the software is authentic if the hashes match;
or (g) determining the software is not authentic if the hashes do not match.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer system comprises a security computer having a security database and at least one workstation computer on which software is accessible for execution. The database includes security values that the workstation computers use to verify whether their copy of software is authentic (i.e., unmodified such as might occur from action of a virus). The database can also be used verify whether the software can be run on a particular workstation computer.
61 Citations
58 Claims
-
1. A method of verifying the authenticity of software, comprising:
-
(a) after a computer has initialized, selecting software to run on the computer;
(b) computing a hash of an object code associated with the software;
(c) retrieving a previously encrypted hash of another copy of object code associated with the software;
(d) decrypting the encrypted hash retrieved in (c);
(e) comparing the computed hash from (b) to the decrypted hash from (d); and
(f) determining the software is authentic if the hashes match;
or(g) determining the software is not authentic if the hashes do not match. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer system, comprising:
-
a network administrator computer on which a security database is stored;
at least one workstation computer coupled to said network administrator computer via a communication link, software accessible to said workstation computer for execution thereon; and
wherein said security database includes an entry for software that can be executed on the workstation computer, said entry including an encrypted hash of object code associated with the software that is used by said workstation computer after said workstation computer has initialized to verify the authenticity of the software when the software is selected to be executed. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method of authenticating software, comprising:
-
(a) selecting software to run on a computer;
(b) computing a first hash of a copy of object code associated with the software;
(c) retrieving a first encrypted security value, said first encrypted security value being a hash of another copy of object code associated with the software;
(d) decrypting the first encrypted security value to produce a first security value;
(e) comparing the first hash from (b) to the first security value from (d);
(f) computing a second hash of the first hash from (b);
(g) retrieving a second encrypted security value, said second encrypted security value being a hash of the first security value;
(h) decrypting the second encrypted security value to produce a second security value; and
(i) comparing the second hash to the second security value. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
-
34. A computer system, comprising:
-
a security computer on which a security database is stored;
at least one workstation computer coupled to said network administrator computer via a communication link;
software accessible to said workstation computer for execution thereon; and
wherein said security database includes an entry for software that can be executed on the workstation computer, said entry including;
an encrypted first hash of object code associated with the software that is used by said workstation computer to verify the authenticity of the software when the software is selected to be executed; and
an encrypted second hash of the first hash that the workstation computer uses to determine whether the software is authorized to run on the workstation computer. - View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
-
45. A method of verifying the authenticity of software, comprising:
-
(a) after a computer has initialized, selecting software to run on the computer;
(b) computing a hash of a value uniquely associated with the software;
(c) retrieving a previously encrypted hash of a value uniquely associated with another copy of the software;
(d) decrypting the encrypted hash retrieved in (c);
(e) comparing the computed hash from (b) to the decrypted hash from (d); and
(f) determining the software is authentic if the hashes match;
or(g) determining the software is not authentic if the hashes do not match. - View Dependent Claims (46, 47)
-
-
48. A computer system, comprising:
-
a network administrator computer on which a security database is stored;
at least one workstation computer coupled to said network administrator computer via a communication link, software accessible to said workstation computer for execution thereon; and
wherein said security database includes an entry for software that can be executed on the workstation computer, said entry including an encrypted hash of a value uniquely associated with the software, said hash being used by said workstation computer after said workstation computer has initialized to verify the authenticity of the software when the software is selected to be executed. - View Dependent Claims (49, 50)
-
-
51. A method of authenticating software, comprising:
-
(a) selecting software to run on a computer;
(b) computing a first hash of a value uniquely associated with the software;
(c) retrieving a first encrypted security value, said first encrypted security value being a hash of a value uniquely associated with another copy of the software;
(d) decrypting the first encrypted security value to produce a first security value;
(e) comparing the first hash from (b) to the first security value from (d);
(f) computing a second hash of the first hash from (b);
(g) retrieving a second encrypted security value, said second encrypted security value being a hash of the first security value;
(h) decrypting the second encrypted security value to produce a second security value; and
(i) comparing the second hash to the second security value. - View Dependent Claims (52, 53)
-
-
54. A computer system, comprising:
-
a security computer on which a security database is stored;
at least one workstation computer coupled to said network administrator computer via a communication link;
software accessible to said workstation computer for execution thereon; and
wherein said security database includes an entry for software that can be executed on the workstation computer, said entry including;
an encrypted first hash of a value uniquely associated with the software that is used by said workstation computer to verify the authenticity of the software when the software is selected to be executed; and
an encrypted second hash of the first hash that the workstation computer uses to determine whether the software is authorized to run on the workstation computer. - View Dependent Claims (55, 56)
-
-
57. A method of authenticating software, comprising:
-
(a) computing a first hash of a copy of object code associated with the software;
(b) retrieving a first encrypted security value, said first encrypted security value being an encrypted hash using a private key associated with the software manufacturer of another copy of object code associated with the software;
(c) decrypting the first encrypted security value to produce a first security value, said decrypting including using a public key associated with the manufacturer of the software;
(d) comparing the first hash from (a) to the first security value from (c);
(e) computing a second hash of the first hash from (a);
(f) retrieving a second encrypted security value, said second encrypted security value being a hash of the first security value using a private key associated with a network administrator;
(g) decrypting the second encrypted security value to produce a second security value using a public key associated with the network administrator; and
comparing the second hash to the second security value.
-
-
58. A method of authenticating software, comprising:
-
(a) computing a first hash of a copy of object code associated with the software;
(b) retrieving a first encrypted security value, said first encrypted security value being an encrypted hash using a private key associated with the software manufacturer of another copy of object code associated with the software;
(c) decrypting the first encrypted security value to produce a first security value, said decrypting including using a public key associated with the manufacturer of the software;
(d) comparing the first hash from (a) to the first security value from (c);
(e) computing a second hash of the combination of the first hash from (a) and the object code associated with the software;
(f) retrieving a second encrypted security value, said second encrypted security value being a hash of the combination of the first security value and the object code using a private key associated with a network administrator;
(g) decrypting the second encrypted security value to produce a second security value using a public key associated with the network administrator; and
comparing the second hash to the second security value.
-
Specification