Authentication and verification for use of software

US 20030061487A1
Filed: 09/25/2001
Published: 03/27/2003
Est. Priority Date: 09/25/2001
Status: Active Grant

First Claim

Patent Images

1. A method of verifying the authenticity of software, comprising:

(a) after a computer has initialized, selecting software to run on the computer;

(b) computing a hash of an object code associated with the software;

(c) retrieving a previously encrypted hash of another copy of object code associated with the software;

(d) decrypting the encrypted hash retrieved in (c);

(e) comparing the computed hash from (b) to the decrypted hash from (d); and

(f) determining the software is authentic if the hashes match;

or (g) determining the software is not authentic if the hashes do not match.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system comprises a security computer having a security database and at least one workstation computer on which software is accessible for execution. The database includes security values that the workstation computers use to verify whether their copy of software is authentic (i.e., unmodified such as might occur from action of a virus). The database can also be used verify whether the software can be run on a particular workstation computer.

61 Citations

View as Search Results

58 Claims

1. A method of verifying the authenticity of software, comprising:
- (a) after a computer has initialized, selecting software to run on the computer;
  
  (b) computing a hash of an object code associated with the software;
  
  (c) retrieving a previously encrypted hash of another copy of object code associated with the software;
  
  (d) decrypting the encrypted hash retrieved in (c);
  
  (e) comparing the computed hash from (b) to the decrypted hash from (d); and
  
  (f) determining the software is authentic if the hashes match;
  
  or (g) determining the software is not authentic if the hashes do not match.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the previously encrypted hash was encrypted with a private key.
  - 3. The method of claim 2 wherein (d) includes using a public key associated with the private key to decrypt the encrypted hash.
  - 4. The method of claim 1 further including, if the software is determined not to be authentic, preventing the software from being executed.
  - 5. The method of claim 1 further including, if the software is determined not to be authentic, alerting a network administrator that the software is not authentic.
  - 6. The method of claim 1 further including, if the software is determined not to be authentic, alerting the person attempting to run the software that the software is not authentic.
  - 7. The method of claim 1 further including, if the software is determined not to be authentic, executing predetermined code to detect whether a portion of the software includes unauthentic code.
  - 8. The method of claim 7 further including, if the software is determined not to be authentic, executing predetermined code to correct said unauthentic code.
  - 9. The method of claim 1 wherein the previously encrypted hash is stored on a computer that is different from the computer on which the software is selected to run in (a).

10. A computer system, comprising:
- a network administrator computer on which a security database is stored;
  
  at least one workstation computer coupled to said network administrator computer via a communication link, software accessible to said workstation computer for execution thereon; and
  
  wherein said security database includes an entry for software that can be executed on the workstation computer, said entry including an encrypted hash of object code associated with the software that is used by said workstation computer after said workstation computer has initialized to verify the authenticity of the software when the software is selected to be executed.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer system of claim 10 wherein said encrypted hash was encrypted using a private key associated with the network administrator computer.
  - 12. The computer system of claim 10 wherein said workstation computer computes a hash of object associated with the software accessible to said workstation computer and compares the computed hash to the hash from the security database.
  - 13. The computer system of claim 12 wherein said workstation computer retrieves the encrypted hash of the object from the security database and decrypts the encrypted hash before comparing it to the hash computed by the workstation computer.
  - 14. The computer system of claim 13 wherein the workstation computer determines the software to be authentic if the computed hash matches the hash decrypted from the security database.
  - 15. The computer system of claim 13 wherein the workstation computer determines the software to be unauthentic if the computed hash does not match the hash decrypted from the security database.
  - 16. The computer system of claim 15, wherein, for unauthentic software, the workstation computer precludes execution of the software.
  - 17. The computer system of claim 15, wherein, for unauthentic software, the workstation computer sends an alert message to the network administrator computer indicating that software has been determined to be unauthentic.
  - 18. The computer system of claim 15, wherein, for unauthentic software, the workstation computer alerts the operator of the workstation computer that the software is not authentic.

19. A method of authenticating software, comprising:
- (a) selecting software to run on a computer;
  
  (b) computing a first hash of a copy of object code associated with the software;
  
  (c) retrieving a first encrypted security value, said first encrypted security value being a hash of another copy of object code associated with the software;
  
  (d) decrypting the first encrypted security value to produce a first security value;
  
  (e) comparing the first hash from (b) to the first security value from (d);
  
  (f) computing a second hash of the first hash from (b);
  
  (g) retrieving a second encrypted security value, said second encrypted security value being a hash of the first security value;
  
  (h) decrypting the second encrypted security value to produce a second security value; and
  
  (i) comparing the second hash to the second security value.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
- - 20. The method of claim 19 wherein in (e) if the first hash matches the first security value, determining that the copy of the object code selected to run on the computer is authentic.
  - 21. The method of claim 19 wherein in (e) if the first hash does not match the first security value, determining that the copy of the object code selected to run on the computer is not authentic.
  - 22. The method of claim 21 wherein, if the object code is not authentic, not executing the object code.
  - 23. The method of claim 21 wherein, if the object code is not authentic, alerting a network administrator that the object code is not authentic.
  - 24. The method of claim 19 wherein (h) includes decrypting the second encrypted security value using a value unique to the computer on which the software is to run.
  - 25. The method of claim 24 wherein said unique value comprises the computer'"'"'s serial number.
  - 26. The method of claim 24 wherein said unique value comprises the computer'"'"'s IP address.
  - 27. The method of claim 19 wherein if the second hash and the second security value match, then the computer determines that object code is authorized to run on the computer.
  - 28. The method of claim 19 wherein if the second hash and the second security value do not match, then the computer determines that object code is not authorized to run on the computer.
  - 29. The method of claim 28 wherein if the object code is determined not to be authorized to run on the computer, precluding the software from being run on the computer.
  - 30. The method of claim 28 wherein if the object code is determined not to be authorized to run on the computer, transmitting a message to a network administrator informing the network administrator that the object code is not authorized to run on the computer.
  - 31. The method claim 19 wherein if the first hash matches the first security value and the second hash matches the second security value, then the computer determines that the copy of the object code selected to run on the computer is authentic and the copy of the object is authorized to run on the computer.
  - 32. The method of claim 19 wherein if the first hash matches the first security value and the second hash does not match the second security value, then the computer determines that the copy of the object code selected to run on the computer is authentic, but the copy of the object is not authorized to run on the computer.
  - 33. The method of claim 32 further including precluding the software from being run on the computer.

34. A computer system, comprising:
- a security computer on which a security database is stored;
  
  at least one workstation computer coupled to said network administrator computer via a communication link;
  
  software accessible to said workstation computer for execution thereon; and
  
  wherein said security database includes an entry for software that can be executed on the workstation computer, said entry including;
  
  an encrypted first hash of object code associated with the software that is used by said workstation computer to verify the authenticity of the software when the software is selected to be executed; and
  
  an encrypted second hash of the first hash that the workstation computer uses to determine whether the software is authorized to run on the workstation computer.
- View Dependent Claims (35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
- - 35. The computer system of claim 34 wherein said encrypted first hash was encrypted using a private key associated with the security computer.
  - 36. The computer system of claim 34 wherein said workstation computer computes a hash of object associated with the software accessible to said workstation computer and compares the computed hash to the encrypted first hash from the security database.
  - 37. The computer system of claim 36 wherein said workstation computer retrieves the encrypted first hash of the object code from the security database and decrypts the encrypted first hash before comparing it to the hash computed by the workstation computer.
  - 38. The computer system of claim 37 wherein the workstation computer determines the software to be authentic if the computed hash matches the hash decrypted from the encrypted first hash.
  - 39. The computer system of claim 37 wherein the workstation computer determines the software to be unauthentic if the computed hash does not match the hash decrypted from the encrypted first hash.
  - 40. The computer system of claim 39, wherein, for unauthentic software, the workstation computer precludes execution of the software.
  - 41. The computer system of claim 39, wherein, for unauthentic software, the workstation computer sends an alert message to the security computer indicating that software has been determined to be unauthentic.
  - 42. The computer system of claim 39, wherein, for unauthentic software, the workstation computer alerts the operator of the workstation computer that the software is not authentic.
  - 43. The computer system of claim 34 wherein the second hash is encrypted using a value unique to a computer on which the associated software is authorized to run.
  - 44. The computer system of claim 34 wherein the second hash is encrypted multiple times, each time using a value unique to a computer on which the associated software is authorized to run.

45. A method of verifying the authenticity of software, comprising:
- (a) after a computer has initialized, selecting software to run on the computer;
  
  (b) computing a hash of a value uniquely associated with the software;
  
  (c) retrieving a previously encrypted hash of a value uniquely associated with another copy of the software;
  
  (d) decrypting the encrypted hash retrieved in (c);
  
  (e) comparing the computed hash from (b) to the decrypted hash from (d); and
  
  (f) determining the software is authentic if the hashes match;
  
  or (g) determining the software is not authentic if the hashes do not match.
- View Dependent Claims (46, 47)
- - 46. The method of claim 45 wherein said value unique to the software includes executable object code.
  - 47. The method of claim 45 wherein said value unique to the software includes a manufacturer'"'"'s code.

48. A computer system, comprising:
- a network administrator computer on which a security database is stored;
  
  at least one workstation computer coupled to said network administrator computer via a communication link, software accessible to said workstation computer for execution thereon; and
  
  wherein said security database includes an entry for software that can be executed on the workstation computer, said entry including an encrypted hash of a value uniquely associated with the software, said hash being used by said workstation computer after said workstation computer has initialized to verify the authenticity of the software when the software is selected to be executed.
- View Dependent Claims (49, 50)
- - 49. The computer system of claim 48 wherein said value unique to the software includes executable object code.
  - 50. The computer system of claim 48 wherein said value unique to the software includes a manufacturer'"'"'s code.

51. A method of authenticating software, comprising:
- (a) selecting software to run on a computer;
  
  (b) computing a first hash of a value uniquely associated with the software;
  
  (c) retrieving a first encrypted security value, said first encrypted security value being a hash of a value uniquely associated with another copy of the software;
  
  (d) decrypting the first encrypted security value to produce a first security value;
  
  (e) comparing the first hash from (b) to the first security value from (d);
  
  (f) computing a second hash of the first hash from (b);
  
  (g) retrieving a second encrypted security value, said second encrypted security value being a hash of the first security value;
  
  (h) decrypting the second encrypted security value to produce a second security value; and
  
  (i) comparing the second hash to the second security value.
- View Dependent Claims (52, 53)
- - 52. The method of claim 51 wherein said value unique to the software includes executable object code.
  - 53. The method of claim 51 wherein said value unique to the software includes a manufacturer'"'"'s code.

54. A computer system, comprising:
- a security computer on which a security database is stored;
  
  at least one workstation computer coupled to said network administrator computer via a communication link;
  
  software accessible to said workstation computer for execution thereon; and
  
  wherein said security database includes an entry for software that can be executed on the workstation computer, said entry including;
  
  an encrypted first hash of a value uniquely associated with the software that is used by said workstation computer to verify the authenticity of the software when the software is selected to be executed; and
  
  an encrypted second hash of the first hash that the workstation computer uses to determine whether the software is authorized to run on the workstation computer.
- View Dependent Claims (55, 56)
- - 55. The computer system of claim 54 wherein said value unique to the software includes executable object code.
  - 56. The computer system of claim 54 wherein said value unique to the software includes a manufacturer'"'"'s code.

57. A method of authenticating software, comprising:
- (a) computing a first hash of a copy of object code associated with the software;
  
  (b) retrieving a first encrypted security value, said first encrypted security value being an encrypted hash using a private key associated with the software manufacturer of another copy of object code associated with the software;
  
  (c) decrypting the first encrypted security value to produce a first security value, said decrypting including using a public key associated with the manufacturer of the software;
  
  (d) comparing the first hash from (a) to the first security value from (c);
  
  (e) computing a second hash of the first hash from (a);
  
  (f) retrieving a second encrypted security value, said second encrypted security value being a hash of the first security value using a private key associated with a network administrator;
  
  (g) decrypting the second encrypted security value to produce a second security value using a public key associated with the network administrator; and
  
  comparing the second hash to the second security value.

58. A method of authenticating software, comprising:
- (a) computing a first hash of a copy of object code associated with the software;
  
  (b) retrieving a first encrypted security value, said first encrypted security value being an encrypted hash using a private key associated with the software manufacturer of another copy of object code associated with the software;
  
  (c) decrypting the first encrypted security value to produce a first security value, said decrypting including using a public key associated with the manufacturer of the software;
  
  (d) comparing the first hash from (a) to the first security value from (c);
  
  (e) computing a second hash of the combination of the first hash from (a) and the object code associated with the software;
  
  (f) retrieving a second encrypted security value, said second encrypted security value being a hash of the combination of the first security value and the object code using a private key associated with a network administrator;
  
  (g) decrypting the second encrypted security value to produce a second security value using a public key associated with the network administrator; and
  
  comparing the second hash to the second security value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Novoa, Manuel, Angelo, Michael F.

Granted Patent

US 7,003,672 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/176
CPC Class Codes

G06F 21/565   by checking file integrity

G06F 21/6209   to a single file or object,...

G06F 21/64   Protecting data integrity, ...

Authentication and verification for use of software

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

61 Citations

58 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication and verification for use of software

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

58 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links