Software catalog encoding method and system
First Claim
1. A method for protecting computer program distribution within a broadcast medium that is operable on a computer using a decryption device having a unique hardware identifier j, comprising the steps of:
- A. encrypting at least a portion of the computer program Si, the program having an associated computer program identifier i, in accordance with the formula;
space="preserve" listing-type="equation">S.sub.i.sup.E =E(S.sub.i, SK.sub.i)wherein E is an encryption algorithm and Ski is a software encryption key;
B. securing the software encryption key SKi against unauthorized access;
C. generating a first table representative of correspondences between the software encryption key SKi and the computer program identifier i;
D. generating a second table representative of correspondences between the hardware identifier j and a password key PKj ;
E. selecting from the first and second tables the password key PKj and software encryption key SKi responsive to receipt of the hardware identifier j and computer program identifier i;
F. generating a password Pij in accordance with the formula;
space="preserve" listing-type="equation">P.sub.ij =F(SK.sub.i, PK.sub.j)wherein F is a reversible function; and
G. issuing the password Pij to enable operation of the encrypted portion of the computer program.
6 Assignments
0 Petitions
Accused Products
Abstract
A method and system for protecting computer program distribution within a broadcast medium involves encrypting at least a portion of the computer program Si using an encryption scheme keyed to both an encryption key SKi and a program identifier i. Each decryption device (PCDD) also has an associated identifier j. Two tables are generated and stored in a memory device: a first table, including correlations between the encryption key SKi and the program identifier i; and a second table, including correlations between the password key PKj and the hardware identifier j. A password Pij is generated based on both the encryption key SKi and a password key PKi is retrieved from these tables. The password Pij is transmitted to the user for subsequent use in decrypting the subject software program contained on the medium.
-
Citations
19 Claims
-
1. A method for protecting computer program distribution within a broadcast medium that is operable on a computer using a decryption device having a unique hardware identifier j, comprising the steps of:
-
A. encrypting at least a portion of the computer program Si, the program having an associated computer program identifier i, in accordance with the formula;
space="preserve" listing-type="equation">S.sub.i.sup.E =E(S.sub.i, SK.sub.i)wherein E is an encryption algorithm and Ski is a software encryption key; B. securing the software encryption key SKi against unauthorized access; C. generating a first table representative of correspondences between the software encryption key SKi and the computer program identifier i; D. generating a second table representative of correspondences between the hardware identifier j and a password key PKj ; E. selecting from the first and second tables the password key PKj and software encryption key SKi responsive to receipt of the hardware identifier j and computer program identifier i; F. generating a password Pij in accordance with the formula;
space="preserve" listing-type="equation">P.sub.ij =F(SK.sub.i, PK.sub.j)wherein F is a reversible function; and G. issuing the password Pij to enable operation of the encrypted portion of the computer program. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-implemented method for providing authorization to a user at a first location from a second location for access to an application program Si, having an associated program identifier i, stored on a broadcast medium, wherein the first location includes a decryption device, having an associated hardware identifier j, for decrypting the application program Si from the broadcast medium, the method comprising:
-
A. transmitting the hardware identifier j, the program identifier i, and a payment authorization from the first location to the second location; B. generating a program identifier-program encryption key table for storage at the second location; C. generating a hardware identifier-password key table for storage at the second location; D. responsive to receipt of a program identifier at the second location, retrieving a program encryption key SKi associated with the identifier and secured against unauthorized access, from the program identifier-program encryption key table; E. responsive to receipt at the second location of a hardware identifier, retrieving a password key PKj associated with the hardware identifier from the hardware identifier-password key table; F. generating a password Pij by encrypting the software encryption key SKi with an encryption algorithm E; G. transmitting the password Pij to the first location; and H. decrypting the application program Si using the password Pij to activate the decryption device. - View Dependent Claims (8, 9)
-
-
10. Apparatus for controllably decrypting software distributed within a broadcast medium, including:
-
software encrypted using a software encryption algorithm related to a software encryption key SKi and a program identifier i, the apparatus comprising; A. a first storage means for storing a password key PKj ; B. a first decryption block for generating the software encryption key SKi using the password key PKj retrieved from the first storage means; C. a second decryption block for decrypting the software retrieved from the broadcast medium using the software encryption key SKi retrieved from the first decryption block; and D. means, in communication with the first decryption block, for securing the software encryption key SKi against unauthorized access. - View Dependent Claims (11)
-
-
12. A system for controllably authorizing access to distributed software, including:
-
a decryption device having an associated unique hardware identifier j, the system comprising; A. first storage means for storing an encrypted authorization code AiE encrypted using an encryption algorithm related to the hardware identifier j; B. a number generator, in communication with the software, for generating a unique identifier RN associated with the software; C. second storage means in communication with the software, for storing an authorization code Ai '"'"'; D. third storage means for storing a password key PKj ; E. a first decryption block for decrypting the authorization code AiE using the password key PKj retrieved from the third storage means; F. a challenge block for generating a first message digest MD using the unique identifier RN retrieved from the number generator and the decrypted authorization code retrieved from the first decryption block; G. means for generating a second message digest MD'"'"' using the unique identifier RN retrieved from the number generator and the authorization code Ai '"'"' retrieved from the first storage means; and H. means for authorizing access to the software based on a positive correlation between the first message digest MD and the second message digest MD'"'"'. - View Dependent Claims (13, 14, 15, 16, 17)
-
-
18. A system for controllably decrypting software distributed within a broadcast medium, including:
-
(i) a first storage means for storing a password key PKj ; (ii) a first decryption block for generating a software encryption key SKi using the password key PKj retrieved from the first storage means; (iii) a second decryption block for decrypting the software retrieved from the broadcast medium using the software encryption key SKi retrieved from the first decryption block; and (iv) means, in communication with the first decryption block, for securing the software encryption key SKi against unauthorized access. - View Dependent Claims (19)
-
Specification