Method and apparatus for protecting information and privacy
First Claim
1. A method of protecting software comprising the steps of:
- a. signing protection information at a protection center using a signature key;
b. sending said protection information from a protection center to a supervising program of a user device; and
c. said supervising program of the user device verifying said signature using a verification key for said protection center signature key, the protection information including at least one of;
superfingerprints, a software validator, a software patch, a device-validator, digital signature verification keys and associated digital signature verification keys, a parameter package, a list of one-way function values, and a software update set.
5 Assignments
0 Petitions
Accused Products
Abstract
A system for protecting software against piracy while protecting a user'"'"'s privacy enables enhancements to the protection software in a user device and extended protections against piracy. The protection system allows the user device to postpone validation of purchased tags stored in a tag table for installed software and to re-establish ownership of a tag table to recover from invalidation of a tag table identifier value resulting from revelation of a tag table identifier value. Continued use of the tag table is provided by the use of credits associated with a tag table. A protection center is protected against denial of service attacks by making calls to the protection center cost time or money to the attackers.
-
Citations
42 Claims
-
1. A method of protecting software comprising the steps of:
-
a. signing protection information at a protection center using a signature key;
b. sending said protection information from a protection center to a supervising program of a user device; and
c. said supervising program of the user device verifying said signature using a verification key for said protection center signature key, the protection information including at least one of;
superfingerprints, a software validator, a software patch, a device-validator, digital signature verification keys and associated digital signature verification keys, a parameter package, a list of one-way function values, and a software update set. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method of checking whether software may be used comprising the step of:
determining whether any combination of at least two tags together convey permission to use the software.
-
10. A method used by a protection center of sending protection information to a class of user devices having common properties comprising the step of:
signing a message including said protection information to be sent, the common properties, and an expiration time for said protection information. - View Dependent Claims (11, 12, 13)
-
14. A method of permitting a user device to perform an action comprising the steps of:
-
a. sending, by a secure authoritative server, to the user device, a value from a domain of a one-way function;
b. applying, by a supervising program on the user device, said one-way function to said value to obtain a range value from a range of the one-way function; and
c. if said range value equals a stored range value from the range already held on the user device, performing the stored action associated with that one-way function during a time period associated with said value and said stored range value. - View Dependent Claims (15)
-
-
16. A method of permitting a user device to perform an action comprising the steps of:
-
a. sending, by a secure authoritative server, a signed message stating that said action can be performed in a given time period;
b. verifying, by a supervising program on the user device, a signature on said signed message as coming from said secure authoritative server; and
c. if verified, performing said action by the supervising program during said time period. - View Dependent Claims (17)
-
-
18. A method of postponing validation of a tag table in user device, comprising the steps of:
-
a. determining, by a supervising program of said user device, credits associated with the tag table identifier; and
b. upon determining sufficient credits, allowing the tag table to remain valid at a first time, said first time is after a time to next call-up contained in a latest continuation message associated with that tag table.
-
-
19. A method of protecting software comprising the steps of:
-
upon receiving a call-up for a tag table at a first time, by a guardian center, said first time past a time to next call-up held in a last continuation message sent to a user device for said tag table; and
updating in the next continuation message, credits remaining for said tag table based on one or more of the credits in the last continuation message, the first time, and the time to next call-up held in the last continuation message. - View Dependent Claims (20, 21)
-
-
22. A method of requesting a continuation message comprising the steps of:
-
storing a call-up message in a user device, the call-up message including;
a. a tag table identifier value;
b. a set of user device descriptive values;
c. a large randomly generated number; and
d. a hash function; and
applying said hash function to the combination of said set of user device descriptive values and said large randomly generated number to provide a hash result value; and
securely sending from the user device to a guardian center said tag table identifier value and said hash result value in a call-up message. - View Dependent Claims (23, 24, 25)
-
-
26. A method of re-establishing ownership of a tag table, comprising the steps of:
-
a. securely sending, by a user device, a message to an authorized server, the message including a new tag table identifier, a tag table identifier, an original tag table identifier and an ownership certificate pertaining to the original tag table identifier;
b. verifying, by the authorized server, that said ownership certificate pertains to the original tag table identifier and securely sending to the user device a digitally signed message allowing the user device to employ the new tag table identifier;
c. creating, by the authorized server, an association between said second tag table identifier and said original tag table identifier, said new tag table identifier and said tag table identifier both related to said original tag table identifier; and
d. ensuring by the authorized server that call-ups including said tag table identifier without said new tag table identifier are rejected. - View Dependent Claims (27)
-
-
28. A method of re-establishing ownership of a tag table employing a one-way function, comprising the steps of:
-
a. securely sending, by a user device, a message to an authorized server, the message including a new tag table identifier;
b. verifying, by the authorized server, that applying said one-way function to the new tag table identifier yields a tag table identifier, the tag table identifier stored on the authorized server and associated with an original tag table identifier, said new tag table identifier and said tag table identifier both related to said original tag table identifier;
c. creating, by the authorized server, an association between said new tag table identifier and said original tag table identifier; and
d. ensuring, by the authorized server, that call-ups including said tag table identifier without said new tag table identifier are rejected. - View Dependent Claims (29)
-
-
30. A method of creating a proof of purchase of software comprising the steps of:
-
a. selecting a large random integer which is unlikely to be guessed;
b. creating a message including said large random integer; and
c. adding said large random integer to a list of integers maintained by a vendor - View Dependent Claims (31, 32, 33, 34, 35, 36)
-
-
37. A method of protecting a protection center, comprising the steps of:
-
a. forming, at the protection center, a puzzle comprising a function and a value in the range of said function, execution of the function causing at least one of a registration or a call-up to the protection center to consume resources of a calling user device;
b. sending, by said protection center, said function and said value to the requester of a service in the user device;
c. receiving, at the protection center, the second value from the requester;
d. testing whether said function applied to the second value equals said value in the range of said function; and
e. offering the service, if the test is successful.
-
-
38. A method of protecting a protection center, comprising the steps of:
-
a. forming, at a user device, a request, the request including a token of monetary value, the request requiring resources of the user device; and
b. sending said request to the protection center, the request being granted only if the protection center verifies payment of said monetary value.
-
-
39. A method of authorizing an organization'"'"'s security center to generate and use a signature key and verification key pair based on a master authorization signature key comprising the steps of:
-
a. allowing said security center to generate said signature and verification keys; and
b. signing with the master authorization signature key said organization verification key. - View Dependent Claims (40)
-
-
41. A method of preventing repudiation of a call-up message comprising:
requiring each user device to sign each call-up message with a key whose owner can be established by a third party.
-
42. A method of setting time on a user device comprising:
-
a. sending a time request containing a first large randomly generated number to a certified time server;
b. waiting for less than a specified number of seconds until the certified time server sends a signed message including a second large randomly generated number and a time value;
c. setting by a supervising program, a trusted clock in the user device to said time value included in the signed message provided that said signed message from the certified time server has arrived within said specified number of seconds after the request and the second randomly generated number in said signed message is the same as the first randomly generated number in said request; and
d. thereafter advancing the trusted clock value in accordance with elapsed time read
-
Specification