Computer system for protecting software and a method for protecting software

US 6,047,242 A
Filed: 09/24/1997
Issued: 04/04/2000
Est. Priority Date: 05/28/1997
Status: Expired due to Term

First Claim

Patent Images

1. A computer system, comprising:

a protection mechanism for protecting software, the protection mechanism includinga challenge means associated with a protected item of software,a first response means having access to private keying material of an asymmetric key pair and being able to communicate with said challenge means, anda second response means being able to communicate with said challenge means, whereina) said challenge means has no access to the private keying material accessed by said first response means,b) said challenge means has means for validating an asymmetric proof of said first response means and a proof of said second response means without requiring that said first response means disclose its private keying material, respectively,c) said challenge means has means for prohibiting a protected program from executing unless at least one validation is successful.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for protecting an item of software, wherein at least one first challenge means is associated with said protected item of software, and at least one first response means accesses one private keying material. At least a third means (either challenge or response also exists). The first challenge means has no access to the said private keying material. The first response means proves to the first challenge means that the first response means has access to the private keying material. The first challenge means validates this proof using the public keying material that corresponds to the first response means'"'"' private keying material.

176 Citations

153 Claims

1. A computer system, comprising:
- a protection mechanism for protecting software, the protection mechanism includinga challenge means associated with a protected item of software,a first response means having access to private keying material of an asymmetric key pair and being able to communicate with said challenge means, anda second response means being able to communicate with said challenge means, whereina) said challenge means has no access to the private keying material accessed by said first response means,b) said challenge means has means for validating an asymmetric proof of said first response means and a proof of said second response means without requiring that said first response means disclose its private keying material, respectively,c) said challenge means has means for prohibiting a protected program from executing unless at least one validation is successful.
- View Dependent Claims (2, 8, 9, 10, 11, 12, 13, 14, 15, 16, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
- - 2. A computer system according to claim 1, wherein said first response means and said second response means access private keying material held on a same storage device.
  - 8. A computer system according to claim 1, further comprising:
    - a storage system that holds at least some of the private keying material and that interacts via a protocol that resists chosen-plaintext attacks.
  - 9. A computer system according to claim 1, further comprising:
    - a storage system that holds at least some of the private keying material and that interacts via a protocol that resists adaptive chosen-plaintext attacks.
  - 10. A computer system according to claim 1, whereinsaid first response means accesses a first private keying material, andsaid second response means access a second private keying material.
  - 11. A computer system according to claim 1, wherein a same private keying material is accessed by both said first and second response means.
  - 12. A computer system according to claim 1, wherein a license server'"'"'s private key, respectively, is accessed in the first and second response means.
  - 13. A computer system according to claim 1, wherein said means for validating uses at least one proof selected form the following types of proofs:
    - digital signature,asymmetric confidentiality, andprobabilistic proof.
  - 14. A computer system according to claim 13, wherein said proof is said asymmetric confidentiality scheme which is the Blum-Goldwasserscheme.
  - 15. A computer system according to claim 13, wherein said proof is said probabilistic proof scheme which is a zero knowledge proof scheme.
  - 16. A computer system according to claim 13, wherein said proof is said probabilistic proof scheme which is a witness hiding proof scheme.
  - 21. A computer system according to claim 1, wherein said challenge means is embedded in said protected item of software.
  - 22. A computer system according to claim 1, wherein said challenge means uses public keying material for validating a proof.
  - 23. A computer system according to claim 22, wherein the system includes a keyfile for holding the public keying material.
  - 24. A computer system according to claim 23, wherein the public keying material held in said keyfile is cryptographically secured, whereby it is computationally infeasible to alter any portion of the keyfile, including the public keying material, without altering the challenge means.
  - 25. A computer system according to claim 24, wherein said keyfile includes information identifying a customer to which the software has been supplied.
  - 26. A computer system according to claim 24, wherein said keyfile includes decoy bits for disguising the public keying material held therein.
  - 27. A computer system according to claim 24, wherein at least one of said keyfile and the challenge means and the software includes information concerning selective activation of services of the software.
  - 28. A computer system according to claim 27, wherein the challenge means validates the response means to at least partially determine whether a particular facility of the software.
  - 29. A computer system according to claim 1, wherein said software includes a plurality of protected items of software, each having its own challenge means, and a single response means shared between all of said protected items.
  - 30. A computer system according to claim 1, further comprising:
    - at least one root certificate used for validating descendant certificates, the descendant certificates including at least a public keying material for said response means.
  - 31. A computer system according to claim 30, wherein said at least one root certificate is two root certificates, one of said root certificates for each of said first and second response means.
  - 32. A computer system according to claim 1, wherein said protection mechanism provides one of copy protection for the software and for licensing software.

3. A computer system, comprising:
- a protection mechanism for protecting software, the protection mechanism includinga first challenge means associated with a protected item of software,a second challenge means,a first response means having access to private keying material of an asymmetric key pair and being able to communicate with the first challenge means, anda second response means having access to secret keying material being able to communicate with the second challenge means, whereina) said first challenge means has no access to the private keying material accessed by said first response means,b) said first challenge means validates an asymmetric proof of said first response means that said first response means has access to said private keying material without requiring that said first response means disclose said private keying material,c) said second challenge means validates a proof of said second response means that said second response means has access to said secret keying material,d) one of said first challenge means and said second challenge means prohibit using the software at least in an unlimited mode unless at least one of the said validations is successful.
- View Dependent Claims (6, 7, 17, 18, 19, 20, 63, 66, 69, 72, 75, 78, 79, 80, 81, 94, 97, 100, 101, 102, 103, 104, 105, 118, 121, 122, 127)
- - 6. A computer system according to claim 3, wherein the secret keying material is private keying material of a second asymmetric key pair.
  - 7. A computer system according to claim 3, wherein the secret keying material of said second response means is keying material of a symmetric key pair.
  - 17. A computer system according to claim 3, wherein one of said first challenge means and said second challenge means includes means for issuing a random challenge as information.
  - 18. A computer system according to claim 17, wherein said means for issuing a random challenge includes means for generating a random challenge by repeatedly timing responses to device accesses.
  - 19. A computer system according to claim 18, wherein said means for generating a random challenge includes means for forking new threads in such a manner as to introduce an additional degree of randomness into said random challenge by exploiting unpredictabilities in an operating system'"'"'s scheduler.
  - 20. A computer system according to claim 18, wherein said means for generating a random challenge includes:
    - means for performing a statistical test to determine a number of random bits obtained by each of said device accesses, andmeans for causing device accesses to be repeated until a predetermined number of random bits has been obtained.
  - 63. A computer system according to claim 3, further comprising:
    - a storage system that holds at least some of the private keying material and that interacts via a protocol that resists chosen-plaintext attacks.
  - 66. A computer system according to claim 3, further comprising:
    - a storage system that holds at least some of the private keying material and that interacts via a protocol that resists adaptive chosen-plaintext attacks.
  - 69. A computer system according to claim 3, whereinthe first response means accesses a first private keying material, andthe second response means accesses a second private keying material.
  - 72. A computer system according to claim 3, wherein a same private keying material is accessed by both said first and second response means.
  - 75. A computer system according to claim 3, wherein a license server'"'"'s private key is accessed in the first and second response means.
  - 78. A computer system according to claim 3, wherein said means for validating uses at least one proof selected form the following types of proofs:
    - digital signature,asymmetric confidentiality, andprobabilistic proof.
  - 79. A computer system according to claim 78, wherein said proof is said asymmetric confidentiality scheme which is the Blum-Goldwasser scheme.
  - 80. A computer system according to claim 78, wherein said proof is said probabilistic proof scheme which is a zero knowledge proof scheme.
  - 81. A computer system according to claim 78, wherein said proof is said probabilistic proof scheme which is a witness hiding proof scheme.
  - 94. A computer system according to claim 3, wherein said challenge means is embedded in said protected item of software.
  - 97. A computer system according to claim 3, wherein said challenge means uses first public keying material for validating a proof.
  - 100. A computer system according to claim 3, wherein the system includes a keyfile for holding first public keying material.
  - 101. A computer system according to claim 100, wherein the public keying material held in said keyfile is cryptographically secured, whereby it is computationally infeasible to alter any portion of the keyfile, including the public keying material, without altering the challenge means.
  - 102. A computer system according to claim 101, wherein said keyfile includes information identifying a customer to which the software has been supplied.
  - 103. A computer system according to claim 101, wherein said keyfile includes decoy bits for disguising the public keying material held therein.
  - 104. A computer system according to claim 101, wherein at least one of said keyfile and the challenge means and the software includes information concerning selective activation of services of the software.
  - 105. A computer system according to claim 104, wherein the challenge means validates the response means to at least partially determine whether a particular facility of the software.
  - 118. A computer system according to claim 3, further comprising:
    - a plurality of protected items of software each having its own challenge means, and a single response means shared between all of said protected items.
  - 121. A computer system according to claim 3, further comprising:
    - at least one root certificate used for validating descendant certificates, the certificates comprising at least a public keying material for response means.
  - 122. A computer system according to claim 121, wherein said at least one root certificate is at least two root certificates, one of said root certificates for each of said first and second response means.
  - 127. A computer system according to claim 3, wherein said protection mechanism is used for one of copy protecting software and for licensing software.

4. A computer system, comprising:
- means for inputting a program to be protected and for embedding includingat least a challenge means associated with a protected item of software,a first response means having access to private keying material of an asymmetric key pair and being able to communicate with the challenge means, anda second response means being able to communicate with the challenge means, whereina) said challenge means has no access to the private keying material accessed by said first response means,b) said challenge means has means for validating an asymmetric proof of said first response means and a proof of said second response means without requiring that said first response means disclose its private keying material, respectively,c) said challenge means has means for prohibiting a protected program from executing unless at least one validation is successful.
- View Dependent Claims (64, 67, 70, 73, 76, 82, 83, 84, 85, 95, 98, 106, 107, 108, 109, 110, 111, 119, 123, 124, 128)
- - 64. A computer system according to claim 4, further comprising:
    - a storage system that holds at least some of the private keying material and that interacts via a protocol that resists chosen-plaintext attacks.
  - 67. A computer system according to claim 4, further comprising:
    - a storage system that holds at least some of the private keying material and that interacts via a protocol that resists adaptive chosen-plaintext attacks.
  - 70. A computer system according to claim 4, whereinthe first response means accesses a first private keying material, andthe second response means accesses a second private keying material.
  - 73. A computer system according to claim 4, wherein a same private keying material is accessed by both said first and second response means.
  - 76. A computer system according to claim 4, wherein a license server'"'"'s private key is accessed in the first and second response means.
  - 82. A computer system according to claim 4, wherein said means for validating uses at least one proof selected form the following types of proofs:
    - digital signature,asymmetric confidentiality, andprobabilistic proof.
  - 83. A computer system according to claim 82, wherein said proof is said asymmetric confidentiality scheme which is the Blum-Goldwasser scheme.
  - 84. A computer system according to claim 82, wherein said proof is said probabilistic proof scheme which is a zero knowledge proof scheme.
  - 85. A computer system according to claim 82, wherein said proof is said probabilistic proof scheme which is a witness hiding proof scheme.
  - 95. A computer system according to claim 4, wherein said challenge means is embedded in said protected item of software.
  - 98. A computer system according to claim 4, wherein said challenge means uses first public keying material for validating a proof.
  - 106. A computer system according to claim 4, wherein the system includes a keyfile for holding first public keying material.
  - 107. A computer system according to claim 106, wherein the public keying material held in said keyfile is cryptographically secured, whereby it is computationally infeasible to alter any portion of the keyfile, including the public keying material, without altering the challenge means.
  - 108. A computer system according to claim 107, wherein said keyfile includes information identifying a customer to which the software has been supplied.
  - 109. A computer system according to claim 107, wherein said keyfile includes decoy bits for disguising the public keying material held therein.
  - 110. A computer system according to claim 107, wherein at least one of said keyfile and the challenge means and the software includes information concerning selective activation of services of the software.
  - 111. A computer system according to claim 110, wherein the challenge means validates the response means to at least partially determine whether a particular facility of the software.
  - 119. A computer system according to claim 4, further comprising:
    - a plurality of protected items of software each having its own challenge means, and a single response means shared between all of said protected items.
  - 123. A computer system according to claim 4, further comprising:
    - at least one root certificate used for validating descendant certificates, the certificates comprising at least a public keying material for response means.
  - 124. A computer system according to claim 123, wherein said at least one root certificate is at least two root certificates, one of said root certificates for each of said first and second response means.
  - 128. A computer system according to claim 4, wherein said protection mechanism is used for one of copy protecting software and for licensing software.

5. A computer system, comprising:
- means for inputting a program to be protected and for embedding includinga first challenge means associated with a protected item of software,a second challenge means,a first response means having access to private keying material of an asymmetric key pair and being able to communicate with the first challenge means, anda second response means having access to secret keying material being able to communicate with the second challenge means, whereina) said first challenge means has no access to the private keying material accessed by said first response means,b) said first challenge means validates an asymmetric proof of said first response means that said first response means has access to said private keying material without requiring that said first response means disclose said private keying material,c) said second challenge means validates a proof of said second response means that said second response means has access to said secret keying material,d) at least one of said first challenge means and said second challenge means prohibit using the software at least in an unlimited mode unless at least one of the said validations is successful.
- View Dependent Claims (61, 62, 65, 68, 71, 74, 77, 86, 87, 88, 89, 90, 91, 92, 93, 96, 99, 112, 113, 114, 115, 116, 117, 120, 125, 126, 129)
- - 61. A computer system according to claim 5, wherein the secret keying material is private keying material of a second asymmetric key pair.
  - 62. A computer system according to claim 5, wherein the secret keying material of said second response means is keying material of a symmetric key pair.
  - 65. A computer system according to claim 5, further comprising:
    - a storage system that holds at least some of the private keying material and that interacts via a protocol that resists chosen-plaintext attacks.
  - 68. A computer system according to claim 5, further comprising:
    - a storage system that holds at least some of the private keying material and that interacts via a protocol that resists adaptive chosen-plaintext attacks.
  - 71. A computer system according to claim 5, whereinthe first response means accesses a first private keying material, andthe second response means accesses a second private keying material.
  - 74. A computer system according to claim 5, wherein a same private keying material is accessed by both said first and second response means.
  - 77. A computer system according to claim 5, wherein a license server'"'"'s private key is accessed in the first and second response means.
  - 86. A computer system according to claim 5, wherein said means for validating uses at least one proof selected form the following types of proofs:
    - digital signature,asymmetric confidentiality, andprobabilistic proof.
  - 87. A computer system according to claim 86, wherein said proof is said asymmetric confidentiality scheme which is the Blum-Goldwasser scheme.
  - 88. A computer system according to claim 86, wherein said proof is said probabilistic proof scheme which is a zero knowledge proof scheme.
  - 89. A computer system according to claim 86, wherein said proof is said probabilistic proof scheme which is a witness hiding proof scheme.
  - 90. A computer system according to claim 5, wherein one of said first challenge means and said second challenge means includes means for issuing a random challenge as information.
  - 91. A computer system according to claim 90, wherein said means for issuing a random challenge includes means for generating a random challenge by repeatedly timing responses to device accesses.
  - 92. A computer system according to claim 90, wherein said means for generating a random challenge includes means for forking new threads in such a manner as to introduce an additional degree of randomness into said random challenge by exploiting unpredictabilities in an operating system'"'"'s scheduler.
  - 93. A computer system according to claim 90, wherein said means for generating a random challenge includesmeans for performing a statistical test to determine the number of random bits obtained by each of said device accesses, andmeans for causing device accesses to be repeated until a predetermined number of random bits has been obtained.
  - 96. A computer system according to claim 5, wherein said challenge means is embedded in said protected item of software.
  - 99. A computer system according to claim 5, wherein said challenge means uses first public keying material for validating a proof.
  - 112. A computer system according to claim 5, wherein the system includes a keyfile for holding first public keying material.
  - 113. A computer system according to claim 112, wherein the public keying material held in said keyfile is cryptographically secured, whereby it is computationally infeasible to alter any portion of the keyfile, including the public keying material, without altering the challenge means.
  - 114. A computer system according to claim 113, wherein said keyfile includes information identifying a customer to which the software has been supplied.
  - 115. A computer system according to claim 113, wherein said keyfile includes decoy bits for disguising the public keying material held therein.
  - 116. A computer system according to claim 113, wherein at least one of said keyfile and the challenge means and the software includes information concerning selective activation of services of the software.
  - 117. A computer system according to claim 116, wherein the challenge means validates the response means to at least partially determine whether a particular facility of the software.
  - 120. A computer system according to claim 5, further comprising:
    - a plurality of protected items of software each having its own challenge means, and a single response means shared between all of said protected items.
  - 125. A computer system according to claim 5, further comprising:
    - at least one root certificate used for validating descendant certificates, the certificates comprising at least a public keying material for response means.
  - 126. A computer system according to claim 125, wherein said at least one root certificate is at least two root certificates, one of said root certificates for each of said first and second response means.
  - 129. A computer system according to claim 5, wherein said protection mechanism is used for one of copy protecting software and for licensing software.

33. A method of distributing software to a plurality of customers, comprising the steps of:
- providing each customer with a computer system with a protection mechanism for protecting software, the protection mechanism includinga challenge means associated with a protected item of software,a first response means having access to private keying material of an asymmetric key pair and being able to communicate with said challenge means, anda second response means being able to communicate with said challenge means, whereina) said challenge means has no access to the private keying material accessed by said first response means,b) said challenge means has means for validating an asymmetric proof of said first response means and a proof of said second response means without requiring that said first response means disclose its private keying material, respectively,c) said challenge means has means for prohibiting a protected program from executing unless at least one validation is successful, andproviding every customer with an identical copy of said software and of said challenge means.

34. A method for protecting an item of software, comprising the steps of:
- providing a protection mechanism for protecting the software,associating a challenge means with a protected item of the software,accessing by a first response means to private keying material of an asymmetric key pair and being able to communicate with the challenge means, andcommunicating by a second response means with the challenge means, whereina) said challenge means having no access to the private keying material accessed by said first response means and said second response means, respectively,b) validating by said challenge means an asymmetric proof of the said first response means and a proof of the said second response means without requiring that said first response means disclose its private keying material, respectively,c) prohibiting a protected program from executing by said challenge means unless at least one of the validations is successful.
- View Dependent Claims (35, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60)
- - 35. A method according to claim 34, further comprising the step of:
    - accessing private keying material held on a same storage device by said first response means and the said second response means.
  - 37. A method according to claim 34, wherein the secret keying material is private keying material of a second asymmetric key pair.
  - 38. A method according to claim 34, wherein the secret keying material is keying material of a symmetric key pair.
  - 39. A method according to claim 34, further comprising the step of:
    - interacting via a protocol that resists chosen-plaintext attacks by a storage system that holds at least some of the private keying material.
  - 40. A method according to claim 34, further comprising the step of:
    - interacting via a protocol that resists adaptive chosen-plaintext attacks by a storage system that holds at least some of the private keying material.
  - 41. A method according to claim 34, further comprising the steps of:
    - accessing a first private keying material by the first response means, andaccessing a second private keying material by the second response means.
  - 42. A method according to claim 34, wherein at least said second challenge means has no access to and no knowledge about the private keying material stored in any of the at least two response means.
  - 43. A method according to claim 34, further comprising the steps of:
    - securely storing in the at least two response means a license server'"'"'s private key, respectively.
  - 44. A method according to claim 34, further comprising the steps of:
    - marking the information using at least one of;
      
      digital signature,asymmetric confidentiality, andprobabilistic proof.
  - 45. A method according to claim 44, wherein said information is marked using the asymmetric confidentiality scheme which is the Blum-Goldwasser scheme.
  - 46. A method according to claim 44, wherein said information is marked using said probabilistic proof scheme which is a zero knowledge proof scheme.
  - 47. A method according to claim 44, wherein said information is marked using said probabilistic proof scheme which is a witness hiding proof scheme.
  - 48. A method according to claims 34, wherein said challenge means includes means for issuing a random challenge, and further comprising the step of:
    - issuing said random challenge.
  - 49. A method according to claim 48, wherein said means for issuing a random challenge generates a random challenge by repeatedly timing responses to disk accesses.
  - 50. A method according to claim 49, wherein said means for generating a random challenge forks new threads in such a manner as to introduce an additional degree of randomness into said random challenge by exploiting unpredictabilities in the operating system'"'"'s scheduler.
  - 51. A method according to claim 49, wherein said means for generating a random challenge performs a statistical test to determine a number of random bits obtained by each of said disk accesses, and causes disk accesses to be repeated until a predetermined number of random bits has been obtained.
  - 52. A method according to claim 34, further comprising the step of:
    - embedding said challenge means in said protected item of software.
  - 53. A method according to claim 34, further comprising the step of:
    - using first public keying material for encrypting the information by said challenge means.
  - 54. A method according to claim 34, further comprising the step of:
    - holding first public keying material in a keyfile.
  - 55. A method according to claim 54, further comprising the step of:
    - cryptographically securing the first public keying material held in said keyfile, whereby it is computationally infeasible to alter any portion of the keyfile, including the first public keying material, without altering the challenge means.
  - 56. A method according to claim 55, wherein said keyfile includes information identifying a customer to which the protected item of software has been supplied.
  - 57. A method according to claim 55, further comprising the step of:
    - including decoy bits for disguising the first public keying material in said keyfile.
  - 58. A method according to claim 55, further comprising the step of:
    - including information concerning selective activation of services of the protected item of software in said keyfile.
  - 59. A method according to claim 34, further comprising the step of:
    - using at least two root certificates, one for each response means, respectively, for validating descendant certificates, the at least two root certificates including at least a public keying material for each response means, respectively.
  - 60. A method according to claim 34, further comprising the step of:
    - using said system for at least one of copy protecting software and for licensing software.

36. A method for protecting an item of software, comprising the steps of:
- providing a protection mechanism for protecting software, including;
  
  providing a first challenge means associated with a protected item of software andproviding a second challenge means,accessing private keying material of an asymmetric key pair with a first response means and being able to communicate with the first challenge means, andaccessing a second response means having access to secret keying material and being able to communicate with the second challenge means, whereina) the said first challenge means has no access to the private keying material accessed by said first response means,b) validating an asymmetric proof of the said first response means that the said first response means has access to said private keying material by said first challenge means validates without requiring that said first response means disclose said private keying material,c) validating a proof of said second response means that said second response means has access to said secret keying material by said second challenge means,d) prohibiting using the software at least in an unlimited mode by one of said first challenge means and said second challenge means unless at least one of said validations is successful.
- View Dependent Claims (130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 150, 151, 152, 153)
- - 130. A method according to claim 36, wherein the secret keying material is private keying material of a second asymmetric key pair.
  - 131. A method according to claim 36, wherein the secret keying material is keying material of a symmetric key pair.
  - 132. A method according to claim 36, further comprising the step of:
    - interacting via a protocol that resists chosen-plaintext attacks by a storage system that holds at least some of the private keying material.
  - 133. A method according to claim 36, further comprising the step of:
    - interacting via a protocol that resists adaptive chosen-plaintext attacks by a storage system that holds at least some of the private keying material.
  - 134. A method according to claim 36, further comprising the steps of:
    - accessing a first private keying material by the first response means, andaccessing a second private keying material by the second response means.
  - 135. A method according to claim 36, wherein in at least second challenge means has no access to and no knowledge about the private keying material stored in any of the at least two response means.
  - 136. A method according to claim 36, further comprising the steps of:
    - securely storing in the at least two response means a license server'"'"'s private key, respectively.
  - 137. A method according to claim 36, further comprising the steps of:
    - marking the information using at least one of;
      
      digital signature,asymmetric confidentiality, andprobabilistic proof.
  - 138. A method according to claim 135, wherein said asymmetric confidentiality is used which is the Blum-Goldwasser scheme.
  - 139. A method according to claim 135, wherein said probabilistic proof is used which is a zero knowledge proof scheme.
  - 140. A method according to claim 135, wherein said probabilistic proof is used which is a witness hiding proof scheme.
  - 141. A method according to claim 36, wherein said challenge means includes means for issuing a random challenge, and further comprising the step of:
    - issuing said random challenge.
  - 142. A method according to claim 139, wherein said means for issuing a random challenge generates a random challenge by repeatedly timing responses to disk accesses.
  - 143. A method according to claim 139, wherein said means for generating a random challenge forks new threads in such a manner as to introduce an additional degree of randomness into said random challenge by exploiting unpredictabilities in the operating system'"'"'s scheduler.
  - 144. A method according to claim 139, wherein said means for generating a random challenge performs a statistical test to determine the number of random bits obtained by each of said disk accesses, and means for causing disk accesses to be repeated until a predetermined number of random bits has been obtained.
  - 145. A method according to claim 36, further comprising the step of:
    - embedding said challenge means in said protected item of software.
  - 146. A method according to claim 36, further comprising the step of:
    - using the first public keying material for encrypting the information by said challenge means.
  - 147. A method according to claim 36, further comprising the step of:
    - providing a keyfile for holding the first public keying material.
  - 148. A method according to claim 145, further comprising the step of:
    - cryptographically securing the first public keying material held in said keyfile, whereby it is computationally infeasible to alter any portion of the keyfile, including the first public keying material, without altering the challenge means.
  - 149. A method according to claim 146, wherein said keyfile includes information identifying the customer to which the protected item of software has been supplied.
  - 150. A method according to claim 146, wherein said keyfile includes decoy bits for disguising the first public keying material held therein.
  - 151. A method according to claim 146, wherein said keyfile includes information concerning selective activation of services of the protected item of software.
  - 152. A method according to claim 36, further comprising the step of:
    - using at least two root certificates, one for each response means, respectively, for validating descendant certificates, the at least two root certificates including at least a public keying material for each response means, respectively.
  - 153. A method according to claim 36, further comprising the step of:
    - using said system for at least one of copy protecting software and for licensing software.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fujitsu-Siemens Computers LLC (Fujitsu Limited)
Original Assignee
Siemens AG
Inventors
Benson, Glenn
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US08/936,455
Time in Patent Office

923 Days
Field of Search

380/277, 380/283, 380/284, 713/168, 713/169, 713/170, 713/171
US Class Current

702/35
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 2221/2103   Challenge-response

G06Q 20/3821   Electronic credentials

G06Q 40/00   Finance; Insurance; Tax str...

H04L 2209/56   Financial cryptography, e.g...

H04L 2209/605   Copy protection

H04L 9/3218   using proof of knowledge, e...

H04L 9/3271   using challenge-response

Computer system for protecting software and a method for protecting software

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

176 Citations

153 Claims

Specification

Solutions

Use Cases

Quick Links

Computer system for protecting software and a method for protecting software

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

176 Citations

153 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links