Digital product execution control and security
First Claim
1. In an executable digital product having incorporated therein execution control programming limiting use of the digital product to a given controlled use, a method of providing security against use outside said given controlled use, said method comprising:
- identifying an executable portion of said digital product to be loaded for execution in memory regions of a computing device;
identifying a plurality of sub-portions of said executable portion and encrypting into a non-executable form each sub-portion as loaded for execution in an associated memory region during said given controlled use, said sub-portions being thereby loaded for execution in an encrypted and non-executable state;
marking as protected memory regions holding each sub-portion; and
establishing with an operating system an exception handler executed by said operating system during execution of said digital product and upon access to memory regions marked as protected, said exception handler thereby decrypting into an executable form each sub-portion when accessed and thereby controllably allowing use thereof.
9 Assignments
0 Petitions
Accused Products
Abstract
Digital product execution control as disclosed contemplates production of a final version of a digital product and subsequently imposing execution control on that digital product. The manufacturer of the original digital product need not incorporate execution control features into the final version of the product. Execution control programming attaches to an executable file of the digital product to create a controlled executable file. The resulting operating environment when loaded is insufficient for the original executable file, and control programming determines whether or not execution will be allowed. If allowed, control programming creates the necessary operating environment for the digital product, i.e., as would be provided by the operating system if loaded normally, and allows execution of the digital product only under controlled conditions. Further security measures identify an executable portion of the digital product and a plurality of sub-portions of the executable portion are encrypted. An exception handler is established with the operating system and upon access to memory regions marked as protected the exception handler decrypts each sub-portion when accessed. A further security measure stores at a remote clearing house a key needed to decrypt the digital product for use. Upon execution, the controlled digital product interacts with the remote clearing house to obtain permission to execute and to obtain the key needed for execution.
216 Citations
17 Claims
-
1. In an executable digital product having incorporated therein execution control programming limiting use of the digital product to a given controlled use, a method of providing security against use outside said given controlled use, said method comprising:
-
identifying an executable portion of said digital product to be loaded for execution in memory regions of a computing device;
identifying a plurality of sub-portions of said executable portion and encrypting into a non-executable form each sub-portion as loaded for execution in an associated memory region during said given controlled use, said sub-portions being thereby loaded for execution in an encrypted and non-executable state;
marking as protected memory regions holding each sub-portion; and
establishing with an operating system an exception handler executed by said operating system during execution of said digital product and upon access to memory regions marked as protected, said exception handler thereby decrypting into an executable form each sub-portion when accessed and thereby controllably allowing use thereof. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. In an executable digital product having incorporated therein execution control programming limiting use of the digital product to a given controlled use, a method of providing security against use outside said given use, said method comprising:
-
encrypting at least one portion of said digital product prior to distribution, a key being necessary to decrypt and make executable said at least one portion, and storing said key in association with an identifier of said digital product at a clearinghouse, said clearinghouse being adapted for telecommunication interaction, said at least one portion in its encrypted form being thereby loaded for execution upon an attempt to load said executable digital product for execution; and
incorporating into said control programming telecommunication programming adapted for interaction with said clearinghouse upon said attempt to load said executable digital product for execution, said control programming providing to said clearinghouse by telecommunication interaction upon execution thereof a product identifier and request to execute said digital product, said clearinghouse selectively providing said key to said control programming in response to said request to execute said digital product whereby said control programming thereafter decrypts and makes executable said at least one portion and passes execution control thereto. - View Dependent Claims (8, 9)
-
-
10. In an executable digital product having incorporated therein execution control programming limiting use of the digital product to a given controlled use, a method of providing security against use outside said given use, said method comprising:
-
encrypting at least one portion of said digital product prior to distribution of said digital product, a key being necessary to decrypt and make executable said at least one portion, and storing said key in association with an identifier of said digital product at a clearinghouse, said clearinghouse being adapted for telecommunication interaction, said at least one portion as encrypted being thereby non-executable and loaded for execution upon loading for execution said executable digital product;
incorporating into said control programming telecommunication programming adapted for interaction with said clearinghouse upon execution of said digital product, said control programming providing to said clearinghouse by telecommunication interaction upon execution thereof a product identifier and request to execute said digital product, said clearinghouse selectively providing said key to said control programming in response to said request to execute;
marking as protected memory regions holding said at least one portion as loaded for execution in its non-executable encrypted form; and
establishing with said operating system an exception handler executed by said operating system during execution of said digital product and upon access to said memory regions marked as protected, said exception handler decrypting into executable form said at least one portion during execution of said digital product and when accessed for execution. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
Specification
-
- Resources
-
Current AssigneeSafeNet Data Security (Israel) Ltd.
-
Original AssigneePreview Systems, Inc.
-
InventorsSesma, Jimmy L., Neville, Eugene A.
-
Primary Examiner(s)Barron, Jr., Gilberto
-
Assistant Examiner(s)Song, Ho S.
-
Application NumberUS08/837,019Time in Patent Office1,579 DaysField of Search380/4, 707/9, 705/51, 705/57, 705/59, 705/58, 713/189-190, 713/193US Class Current713/189CPC Class CodesG06F 21/10 Protecting distributed prog...G06F 21/126 Interacting with the operat...G06F 2211/007 Encryption, En-/decode, En-...G06F 2221/2135 Metering
