Secure digital data format and code enforced policy
First Claim
1. A method for securing digital data that are to be distributed for use on a computing device, comprising the steps of:
- (a) processing the digital data to create a data digest that uniquely corresponds to the digital data;
(b) including the data digest in a header of the digital data;
(c) processing the header to create a header digest that uniquely corresponds to the header;
(d) encrypting the header digest with a private key, said private key having a corresponding public key that is provided when the digital data are to be used on the computing device; and
(e) distributing the digital data with the encrypted header to an end user, for use on the computing device.
3 Assignments
0 Petitions
Accused Products
Abstract
Authenticity of digital data, security policies, and usage of game software are enforced on a game console. When the software is secured prior to distribution on media, a private key is used to encrypt a header digest that includes a digest of each section of the software and information specifying a region, a rating, and media type of the software. A hashing algorithm is applied to produce the digests. On the game console, a public key is used to decrypt the header digest for comparison to a hash of the header. A digest of each section of digital data is computed and compared to the corresponding digest in the header to authenticate the data. The console will not execute the software unless the parameters in the header information match those stored in the console and the computed digests for each section match those in the header on the medium.
115 Citations
54 Claims
-
1. A method for securing digital data that are to be distributed for use on a computing device, comprising the steps of:
-
(a) processing the digital data to create a data digest that uniquely corresponds to the digital data;
(b) including the data digest in a header of the digital data;
(c) processing the header to create a header digest that uniquely corresponds to the header;
(d) encrypting the header digest with a private key, said private key having a corresponding public key that is provided when the digital data are to be used on the computing device; and
(e) distributing the digital data with the encrypted header to an end user, for use on the computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for enabling use of digital data on a computing device, so as to ensure that the digital data have not been altered and so as to enforce policies regarding use of the digital data, said digital data being distributed along with a header and with an encrypted header digest for the digital data that was produced by encrypting the header digest with a private key, comprising the steps of:
-
(a) using the computing device, decrypting the encrypted header digest with a public key that corresponds to the private key, to recover the header digest;
(b) creating a confirming header digest of the header that was distributed with the digital data, said confirming header digest being produced using a method identical to that employed in producing the header digest that was encrypted;
(c) comparing the confirming header digest with the header digest that was recovered by decrypting; and
(d) only enabling the digital data to be used on the computing device if the confirming header digest is identical to the header digest that was recovered. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for enforcing a secure policy on distributed digital data which are intended to be used on a computing device, comprising the steps of:
-
(a) securing the digital data prior to distribution by;
(i) determining a data digest for the digital data in accord with a predefined procedure that produces the data digest in a form uniquely related to the digital data;
(ii) including the data digest in a header for the digital data;
(iii) determining a header digest for the header using the predefined procedure, said header digest being uniquely related to the header;
(iv) encrypting the header digest using a private key that is secret;
(b) distributing the encrypted header digest, the header, and the digital data;
(c) prior to use of the digital data on the computing device, confirming an authenticity of the digital data by;
(i) decrypting the encrypted header digest using a public key that corresponds to the private key, to recover the header digest;
(ii) determining a confirmation digest of the header using the predefined procedure;
(iii) comparing the confirmation header digest of the header to the header digest that was recovered by the step of decrypting, to confirm whether the header that was distributed with the digital data was altered; and
if not altered,(iv) determining a confirmation data digest of the digital data, corresponding to the data digest included in the header, using the predefined procedure; and
(v) comparing the confirmation data digest to the data digest included in the header, to confirm whether the digital data that were distributed have been altered after the step of securing; and
(d) preventing the computing device from further using the digital data if either of the following occurs;
(i) the confirmation header digest does not match the header digest that was recovered by the step of decrypting; and
(ii) the confirmation data digest does not match the data digest that was included in the header. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A method for enforcing a secure policy regarding use of digital data distributed for use on a computing device, comprising the steps of:
-
(a) including with the digital data that are distributed, information indicating any limitation on the use of the digital data, and an encrypted digest, said digest being uniquely derived from a portion of the digital data that includes the information;
(b) causing the computing device to decrypt the encrypted digest to recover the digest;
(c) creating a confirmation digest with the computing device, using an identical technique that was previously used to create the digest that was previously encrypted;
(d) comparing the confirmation digest with the digest that was decrypted; and
(e) if the confirmation digest matches the digest that was decrypted, using the information to enforce the secure policy regarding use of the digital data on the computing device, and if not, precluding use of the digital data on the computing device. - View Dependent Claims (31, 32, 33, 34, 35)
-
-
36. A system for securing digital data so that a secure policy is enforced on the digital data to control its use on a computing device, comprising:
-
(a) a memory in which are stored machine instructions; and
(b) a processor that is coupled to the memory, said processor executing the machine instructions, which cause the processor to carry out a plurality of functions, including;
(i) processing the digital data to create a data digest that uniquely corresponds to the digital data;
(ii) including the data digest in a header of the digital data;
(iii) processing the header to create a header digest that uniquely corresponds to the header; and
(iv) encrypting the header digest with a private key to produce an encrypted header digest, said private key having a corresponding public key that is provided when the digital data are to be used on the computing device, producing secured digital data that include the header, and the encrypted header digest for distribution and use on the computing device. - View Dependent Claims (37, 38, 39, 40, 41, 42)
-
-
43. A system for authenticating digital data, so as to ensure that the digital data have not been altered and so as to enforce policies regarding use of the digital data, said digital data being distributed along with a header and with an encrypted header digest for the digital data that was produced by encrypting the header digest with a private key, comprising:
-
(a) a memory in which are stored machine instructions; and
(b) a processor that is coupled to the memory, said processor executing the machine instructions, which cause the processor to carry out a plurality of functions, including;
(i) decrypting the encrypted header digest with a public key that corresponds to the private key, to recover the header digest;
(ii) creating a confirming header digest of the header that was distributed with the digital data, said confirming header digest being produced in accord with the machine instructions that carry out a method identical to that employed in producing the header digest that was encrypted;
(iii) comparing the confirming header digest with the header digest that was recovered by decrypting; and
(iv) only enabling the digital data to be used on the system if the confirming header digest is identical to the header digest that was recovered. - View Dependent Claims (44, 45, 46, 47, 48, 49)
-
-
50. A system for enforcing a secure policy regarding use of digital data distributed for use on the system, said digital data including information on any limitation on the use of the digital data on the system and an encrypted digest, a digest that was encrypted to provide the encrypted digest being uniquely derived from a portion of the digital data that includes the information, comprising:
-
(a) a memory in which a plurality of machine instructions are stored; and
(b) a processor that is coupled to the memory and which executes the machine instructions, causing the processor to carry out the following functions;
(i) decrypting the encrypted digest to recover the digest;
(ii) creating a confirmation digest, using an identical technique that was previously used to create the digest that was previously encrypted;
(iii) comparing the confirmation digest with the digest that was decrypted; and
(iv) if the confirmation digest matches the digest that was decrypted, using the information to enforce use of the digital data on the system in accord with the secure policy, and if not, precluding use of the digital data on the system. - View Dependent Claims (51, 52, 53, 54)
-
Specification