Software component authentication via encrypted embedded self-signatures
1 Assignment
0 Petitions
Accused Products
Abstract
This invention applies to software components that interconnect, as in a frameworks, such that only components “certified” by some designated authority can participate, partly or wholly, in the intended operation of the application. The main emphasis is to limit the set of such software components to those that have been deemed to operate in some specific manner and/or in the scope of some specified set of constraints. The initial application for this invention is to prevent piracy of copyrighted data in multimedia frameworks such as Microsoft DirectShow, but the general invention has much wider applicability. Most authentication systems perform their actions prior to using the software component in question. This invention differs significantly in that it performs validation at runtime, rather than before the component is run. Thus, the validation is always at the most vulnerable point in a component'"'"'s lifetime so far as counterfeiting is concerned.
66 Citations
57 Claims
-
1. (canceled)
-
2. A method of using a file and an encrypted signature of the filed, said filed having a decryption key of an asymmetric key pair embedded in said file, wherein the encrypted signature includes the decryption key and was produced by encrypting a first signature of the file using a first computer system and using an encryption key of the asymmetric key pair, the method comprising:
-
decrypting the encrypted signature using a second computer system and using the decryption key to produce a decrypted signature;
computing a second signature of the file using the second computer system; and
comparing the second signature with the decrypted signature. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of providing a file for use by a first computer system adapted to decrypt an encrypted signature of the file using a decryption key of an asymmetric key pair to produce a decrypted signature, said first computer system being further adapted to compute a second signature of the file, and to compare the second signature with the decrypted signature, said method comprising:
-
embedding the decryption key in the file;
computing a first signature of the file using a second computer system, wherein the first signature includes the decryption key; and
encrypting the first signature using the second computer system and using an encryption key of the asymmetric key pair to produce the encrypted signature. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method of using a file, comprising:
-
embedding a decryption key of an asymmetric key pair in the file;
computing a first signature of the file using a first computer system, wherein the first signature includes the decryption key;
encrypting the first signature using an encryption key of the asymmetric key pair to produce an encrypted signature;
decrypting the encrypted signature using the decryption key and using a second computer system to produce a decrypted signature;
computing a second signature of the file using the second computer system; and
comparing the second signature with the decrypted signature. - View Dependent Claims (22, 23, 24, 25)
-
-
26. A method of using an executable file comprising:
-
embedding a decryption key of an asymmetric key pair in the executable file;
computing a first signature of the executable file using a first computer system, wherein the first signature includes the decryption key;
encrypting the first signature using an encryption key of the asymmetric key pair to produce an encrypted signature;
determining whether the executable file has a signature block portion;
embedding the encrypted signature in the executable file if the executable file has a signature block portion;
providing a signature file comprised of the encrypted signature if the executable file does not have a signature block portion;
executing the executable file using a second computer system;
decrypting the embedded encrypted signature using the decryption key while the executable file is executing to produce a decrypted signature;
computing a second signature of the executable file using the second computer system; and
comparing the second signature with the decrypted signature.
-
-
27. A method of authentication, comprising:
executing a first module to perform the steps comprising;
computing a first signature of a second module while the second module is executing to produce a first computed signature;
retrieving a first decryption key of a first asymmetric key pair;
retrieving a first encrypted signature, wherein said first encrypted signature was encrypted using a first encryption key of the first asymmetric key pair;
decrypting the first encrypted signature using the first decryption key to produce a first decrypted signature; and
comparing the first computed signature with the first decrypted signature. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
-
28. (canceled)
-
50. A method of authentication, comprising:
-
executing a first module to perform the steps comprising;
computing a first signature of a second module while the second module is executing to produce a first computed signature;
retrieving a first decryption key of a first asymmetric key pair;
retrieving a first encrypted signature that was encrypted using a first encryption key of the first asymmetric key pair;
decrypting the first encrypted signature using the first decryption key while the second module is executing to produce a first decrypted signature; and
comparing the first computed signature with the first decrypted signature; and
executing the second module to perform the steps comprising;
computing a second signature of a third module while the third module is executing to produce a second computed signature;
retrieving a second decryption key of a second asymmetric key pair;
retrieving a second encrypted signature that was encrypted using a second encryption key of the second asymmetric key pair;
decrypting the second encrypted signature using the second decryption key while the third module is executing to produce a second decrypted signature; and
comparing the second computed signature with the second decrypted signature. - View Dependent Claims (51, 52, 53, 54, 55, 56, 57)
-
Specification