Method and system of dynamic transformation of encrypted material

US 5,991,402 A
Filed: 09/23/1997
Issued: 11/23/1999
Est. Priority Date: 09/23/1997
Status: Expired due to Term

First Claim

Patent Images

1. A method of operating a virtual device driver or kernel mode driver to control the usage of encrypted material that has been installed on a computer comprising the steps of:

monitoring all requests for access to the encrypted material;

upon receiving a request for access to the encrypted material, obtaining the encrypted material;

determining if a license exists to use the material;

if a license exists, decoding the encrypted material in real-time;

monitoring how much the decoded material is used; and

determining if the usage of the material complies with the license.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides a method and system that enables software-on-demand and software subscription services based on a dynamic transformation filter technology. The invention is also useful in the distribution of other electronic material. The apparatus utilized in this invention does not create any intermediate storage of decrypted material that is under the protection of this technology. Instead, the apparatus is implemented as a virtually integral part of the operating system that monitors and "filters" all read, write, and open/execute access to and from the I/O devices, such as a hard drive. As the protected material is being accessed for read, write or open/execute, the transformation filter positions itself in the critical path which is required for loading the material through the low level file system layer to the high level application layer. The material enters the transformation filter in its encrypted state. The transformation filter decrypts the material in real-time as it goes through, and hands over the material in its original state to the upper level operating system component to fulfill the access requests. Because the need for intermediate storage is eliminated, the decrypted material in its original state is only visible to integral parts of the operating system components and not to other system users. As a result, security is significantly improved over prior art systems.

Citations

20 Claims

1. A method of operating a virtual device driver or kernel mode driver to control the usage of encrypted material that has been installed on a computer comprising the steps of:
- monitoring all requests for access to the encrypted material;
  
  upon receiving a request for access to the encrypted material, obtaining the encrypted material;
  
  determining if a license exists to use the material;
  
  if a license exists, decoding the encrypted material in real-time;
  
  monitoring how much the decoded material is used; and
  
  determining if the usage of the material complies with the license.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1 wherein the encrypted material is encrypted using a first key that is unique to a user and a second key that is unique to the material that is encrypted.
  - 3. The method of claim 2 wherein the first key includes a time stamp.
  - 4. The method of claim 3 wherein the time stamp has a precision measured in milliseconds.
  - 5. The method of claim 2 further comprising the step of generating from the first key and the second key a third key for use in decoding the encrypted material.
  - 6. The method of claim 1 wherein the encrypted material installed on the computer is encrypted by decrypting a first version of the material to produce an unencrypted version and then re-encrypting the material using a first key that is unique to a user and a second key that is unique to the material that is encrypted.
  - 7. The method of claim 1 further comprising the step of obtaining a license to use the material if it is found that a license does not exist.
  - 8. The method of claim 1 further comprising the step of performing a security check of the computer before decrypting the encrypted material.
  - 9. The method of claim 1 wherein the encrypted material is a computer program.
  - 10. The method of claim 1 wherein a software package is installed on the computer, said software package comprising an encrypted portion, a unique code, and decrypting software for decrypting the encrypted portion, said method further comprising the steps of:
    - separating from the software package the encrypted portion, the unique code and the decryption software;
      
      storing said decryption software so that it is invoked whenever an attempt is made to access the encrypted portion;
      
      generating a unique ID from profile data and an encryption algorithm;
      
      decrypting the encrypted portion of the software to produce an unencrypted portion;
      
      encrypting the unencrypted portion using the unique ID and the unique code to produce a second encrypted portion; and
      
      storing said second encrypted portion in said computer.
  - 11. The method of claim 10 wherein the unique ID includes a time stamp.
  - 12. The method of claim 11 wherein the time stamp has a precision measured in milliseconds.

13. A method for installing software on a computer, said software comprising an encrypted portion, a unique code, and decrypting software for decrypting the encrypted portion, said method comprising the steps of:
- separating from the software the encrypted portion, the unique code and the decryption software;
  
  storing said decryption software so that it is invoked whenever an attempt is made to access the encrypted portion;
  
  generating a unique ID from profile data and an encryption algorithm;
  
  decrypting the encrypted portion of the software to produce an unencrypted portion;
  
  encrypting the unencrypted portion using the unique ID and the unique code to produce a second encrypted portion;
  
  storing the second encrypted portion in said computer.
- View Dependent Claims (17, 18)
- - 17. The method of claim 13 wherein the unique ID includes a time stamp.
  - 18. The method of claim 17 wherein the time stamp has a precision measured in milliseconds.

14. Apparatus as implemented in a virtual device driver in a computer operating system for operating a computer on which encrypted material has been stored comprising:
- means for monitoring all requests for access to the encrypted material;
  
  means for obtaining the encrypted material upon receiving a request for access to said material;
  
  means for determining if a license exists to use the material;
  
  means for decoding the encrypted material in real-time if a license exists;
  
  means for monitoring how much the encrypted material is used; and
  
  means for determining if the usage of the material complies with the license.
- View Dependent Claims (15)
- - 15. The apparatus of claim 14 wherein the encrypted material is a computer program.

16. A method of operating a computer comprising the steps of:
- installing on the computer a software package, said software package comprising an encrypted portion, a unique code, and decrypting software for decrypting the encrypted portion, said step comprising the steps of;
  
  separating from the software package the encrypted portion, the unique code and the decryption software;
  
  storing said decryption software so that it is invoked whenever an attempt is made to access the encrypted portion;
  
  generating a unique ID from the profile data and an encryption algorithm;
  
  decrypting the encrypted portion of the software to produce an unencrypted portion;
  
  encrypting the unencrypted portion using the unique ID and the unique code to produce a second encrypted portion; and
  
  storing the second encrypted portion in said computer; and
  
  after the software package has been installed,monitoring all requests for access to the second encrypted portion;
  
  upon receiving a request for access to the second encrypted portion. obtaining said portion;
  
  determining if a license exists to use said portion;
  
  if a license exists, decoding the second encrypted portion in real-time;
  
  monitoring how much the decoded portion is used; and
  
  determining if the usage of the decoded portion complies with the license.

19. Apparatus as implemented in a kernel mode driver in a computer operating system for operating a computer on which encrypted material has been stored comprising:
- means for monitoring all requests for access to the encrypted material;
  
  means for obtaining the encrypted material upon receiving a requests for access to the encrypted material;
  
  means for determining if a license exists to use the material;
  
  means for decoding the encrypted material in real-time if a license exists;
  
  means for monitoring how much the encrypted material is used; and
  
  means for determining if the usage of the material complies with the license.
- View Dependent Claims (20)
- - 20. The apparatus of claim 19 wherein the encrypted material is a computer program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation
Original Assignee
Aegisoft Corp. (RealNetworks, Inc.)
Inventors
Shen, Ji, Jia, Zheng
Primary Examiner(s)
Swann, Tod R.
Assistant Examiner(s)
Callahan, Paul E.

Application Number

US08/935,955
Time in Patent Office

791 Days
Field of Search

380/3, 380/4, 380/23, 380/25
US Class Current

705/59
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/126   Interacting with the operat...

G06F 2221/2107   File encryption

G06F 2221/2135   Metering

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

Method and system of dynamic transformation of encrypted material

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system of dynamic transformation of encrypted material

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links