Software catalog encoding method and system

US 5,416,840 A
Filed: 07/06/1993
Issued: 05/16/1995
Est. Priority Date: 07/06/1993
Status: Expired due to Term

First Claim

Patent Images

1. A method for protecting computer program distribution within a broadcast medium that is operable on a computer using a decryption device having a unique hardware identifier j, comprising the steps of:

A. encrypting at least a portion of the computer program S_i, the program having an associated computer program identifier i, in accordance with the formula;
space="preserve" listing-type="equation">S.sub.i.sup.E =E(S.sub.i, SK.sub.i)wherein E is an encryption algorithm and Sk_i is a software encryption key;

B. securing the software encryption key SK_i against unauthorized access;

C. generating a first table representative of correspondences between the software encryption key SK_i and the computer program identifier i;

D. generating a second table representative of correspondences between the hardware identifier j and a password key PK_j ;

E. selecting from the first and second tables the password key PK_j and software encryption key SK_i responsive to receipt of the hardware identifier j and computer program identifier i;

F. generating a password P_ij in accordance with the formula;
space="preserve" listing-type="equation">P.sub.ij =F(SK.sub.i, PK.sub.j)wherein F is a reversible function; and

G. issuing the password P_ij to enable operation of the encrypted portion of the computer program.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for protecting computer program distribution within a broadcast medium involves encrypting at least a portion of the computer program S_i using an encryption scheme keyed to both an encryption key SK_i and a program identifier i. Each decryption device (PCDD) also has an associated identifier j. Two tables are generated and stored in a memory device: a first table, including correlations between the encryption key SK_i and the program identifier i; and a second table, including correlations between the password key PK_j and the hardware identifier j. A password P_ij is generated based on both the encryption key SK_i and a password key PK_i is retrieved from these tables. The password P_ij is transmitted to the user for subsequent use in decrypting the subject software program contained on the medium.

Citations

19 Claims

1. A method for protecting computer program distribution within a broadcast medium that is operable on a computer using a decryption device having a unique hardware identifier j, comprising the steps of:
- A. encrypting at least a portion of the computer program S_i, the program having an associated computer program identifier i, in accordance with the formula;
  space="preserve" listing-type="equation">S.sub.i.sup.E =E(S.sub.i, SK.sub.i)
  wherein E is an encryption algorithm and Sk_i is a software encryption key;
  B. securing the software encryption key SK_i against unauthorized access;
  
  C. generating a first table representative of correspondences between the software encryption key SK_i and the computer program identifier i;
  
  D. generating a second table representative of correspondences between the hardware identifier j and a password key PK_j ;
  
  E. selecting from the first and second tables the password key PK_j and software encryption key SK_i responsive to receipt of the hardware identifier j and computer program identifier i;
  F. generating a password P_ij in accordance with the formula;
  space="preserve" listing-type="equation">P.sub.ij =F(SK.sub.i, PK.sub.j)
  wherein F is a reversible function; and
  G. issuing the password P_ij to enable operation of the encrypted portion of the computer program.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein Step D comprises the steps of:
    - using the program identifier i as an index to the first table to determine the corresponding encryption key SK_i ; and
      
      using the hardware identifier j as an index to the second table to determine the corresponding password key PK_j.
  - 3. The method of claim 1, further comprising randomly generating the password key PK_j.
  - 4. The method of claim 1, further comprising the step of, after Step A, storing the computer program S_i^E on the broadcast medium.
  - 5. The method of claim 4, further comprising the step of storing a catalog file, including a list of stored programs, on the broadcast medium.
  - 6. The method of claim 1, further comprising:
    - (i) generating an encrypted authorization code A_i^E using an algorithm related to the hardware identifier j, and storing the authorization code A_i^E in a storage medium;
      
      (ii) generating a unique identifier RN associated with the software S_i, the computer program S_i including an associated authorization code A_i '"'"';
      
      (iii) decrypting the stored authorization code using the password key PK_j to generate a decrypted authorization code A_i ;
      
      (iv) generating a first message digest MD using the unique identifier RN and the decrypted authorization code A_i ;
      
      (v) generating a second message digest MD'"'"', associated with the computer program S_i, using the unique identifier RN and the authorization code A_i '"'"';
      
      (vi) comparing MD and MD'"'"' to identify a positive correlation between MD and MD'"'"'; and
      
      (vii) enabling operation of the computer program S_i in response to a positive correlation between MD and MD'"'"'.

7. A computer-implemented method for providing authorization to a user at a first location from a second location for access to an application program S_i, having an associated program identifier i, stored on a broadcast medium, wherein the first location includes a decryption device, having an associated hardware identifier j, for decrypting the application program S_i from the broadcast medium, the method comprising:
- A. transmitting the hardware identifier j, the program identifier i, and a payment authorization from the first location to the second location;
  
  B. generating a program identifier-program encryption key table for storage at the second location;
  
  C. generating a hardware identifier-password key table for storage at the second location;
  
  D. responsive to receipt of a program identifier at the second location, retrieving a program encryption key SK_i associated with the identifier and secured against unauthorized access, from the program identifier-program encryption key table;
  
  E. responsive to receipt at the second location of a hardware identifier, retrieving a password key PK_j associated with the hardware identifier from the hardware identifier-password key table;
  
  F. generating a password P_ij by encrypting the software encryption key SK_i with an encryption algorithm E;
  
  G. transmitting the password P_ij to the first location; and
  
  H. decrypting the application program S_i using the password P_ij to activate the decryption device.
- View Dependent Claims (8, 9)
- - 8. The method of claim 7, wherein Step C further comprises, using the program identifier i as an index to the program identifier-program encryption key table.
  - 9. The method of claim 7, wherein Step E further comprises, using the hardware identifier j as an index to the hardware identifier-password key table.

10. Apparatus for controllably decrypting software distributed within a broadcast medium, including:
- software encrypted using a software encryption algorithm related to a software encryption key SK_i and a program identifier i, the apparatus comprising;
  
  A. a first storage means for storing a password key PK_j ;
  
  B. a first decryption block for generating the software encryption key SK_i using the password key PK_j retrieved from the first storage means;
  
  C. a second decryption block for decrypting the software retrieved from the broadcast medium using the software encryption key SK_i retrieved from the first decryption block; and
  
  D. means, in communication with the first decryption block, for securing the software encryption key SK_i against unauthorized access.
- View Dependent Claims (11)
- - 11. The apparatus of claim 10, wherein the password key PK_j includes a hardware identifier j component, the system further comprising means for preventing arithmetic computation of the password key PK_j based on the hardware identifier j.

12. A system for controllably authorizing access to distributed software, including:
- a decryption device having an associated unique hardware identifier j, the system comprising;
  
  A. first storage means for storing an encrypted authorization code A_i^E encrypted using an encryption algorithm related to the hardware identifier j;
  
  B. a number generator, in communication with the software, for generating a unique identifier RN associated with the software;
  
  C. second storage means in communication with the software, for storing an authorization code A_i '"'"';
  
  D. third storage means for storing a password key PK_j ;
  
  E. a first decryption block for decrypting the authorization code A_i^E using the password key PK_j retrieved from the third storage means;
  
  F. a challenge block for generating a first message digest MD using the unique identifier RN retrieved from the number generator and the decrypted authorization code retrieved from the first decryption block;
  
  G. means for generating a second message digest MD'"'"' using the unique identifier RN retrieved from the number generator and the authorization code A_i '"'"' retrieved from the first storage means; and
  
  H. means for authorizing access to the software based on a positive correlation between the first message digest MD and the second message digest MD'"'"'.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The system of claim 12, wherein the number generator generates a random number.
  - 14. The system of claim 12, wherein the means for generating a second message digest MD'"'"' is in communication with the software.
  - 15. The system of claim 12, wherein the challenge block comprises means for generating the first message digest MD using a non-reversible function applied to the unique identifier and the decrypted authorization code A_i.
  - 16. The system of claim 12, wherein the software is encrypted using a software encryption algorithm related to a software encryption key SK_i and a program identifier i, the system further comprising:
    - (i) a first storage means for storing a password key PK_j ;
      
      (ii) a first decryption block for generating the software encryption key SK_i using the password key PK_j retrieved from the first storage means;
      
      (iii) a second decryption block for decrypting the software retrieved from the broadcast medium using the software encryption key SK_i retrieved from the first decryption block; and
      
      (iv) means, in communication with the first decryption block, for securing the software encryption key SK_i against unauthorized access.
  - 17. The system of claim 16, wherein the password key PK_j includes a hardware identifier j component, the system further comprising means for preventing arithmetic computation of the password key PK_j based on the hardware identifier j.

18. A system for controllably decrypting software distributed within a broadcast medium, including:
- (i) a first storage means for storing a password key PK_j ;
  
  (ii) a first decryption block for generating a software encryption key SK_i using the password key PK_j retrieved from the first storage means;
  
  (iii) a second decryption block for decrypting the software retrieved from the broadcast medium using the software encryption key SK_i retrieved from the first decryption block; and
  
  (iv) means, in communication with the first decryption block, for securing the software encryption key SK_i against unauthorized access.
- View Dependent Claims (19)
- - 19. The system of claim 18, including a decryption device having an associated unique hardware identifier j, wherein the means for securing the software encryption key SK_i further comprises:
    - A. first storage means for storing an encrypted authorization code A_ij^E encrypted using an encryption algorithm related to the hardware identifier j;
      
      B. a number generator, in communication with the software, for generating a unique identifier RN associated with the software;
      
      C. second storage means in communication with the software, for storing an authorization code A_i '"'"';
      
      D. third storage means for storing a password key PK_j ;
      
      E. a first decryption block for decrypting the authorization code A_i^E using the password key PK_j retrieved from the third storage means;
      
      F. a challenge block for generating a first message digest MD using the unique identifier RN retrieved from the number generator and the decrypted authorization code retrieved from the first decryption block;
      
      G. means for generating a second message digest MD'"'"' using the unique identifier RN retrieved from the number generator and the authorization code A_i '"'"' retrieved from the first storage means; and
      
      H. means for authorizing access to the software based on a positive correlation between the first message digest MD and the second message digest MD'"'"'.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kinglite Holdings Inc.
Original Assignee
Phoenix Technologies Limited (Pharaoh Acquisition LLC)
Inventors
Cane, David A., Hirschman, David S.
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/087,924
Time in Patent Office

679 Days
Field of Search

380/4, 380/25
US Class Current

705/52
CPC Class Codes

G06F 21/123   by using dedicated hardware...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2221/2107   File encryption

Software catalog encoding method and system

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Software catalog encoding method and system

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links