Computer system for protecting a file and a method for protecting a file
First Claim
Patent Images
1. A computer system, comprising:
- a protection mechanism for protecting contents of a file wherein the protection mechanism has at least one viewer program, at least one challenge means associate with said viewer program and said file, and a response means with private keying material that the response means can access, wherein the at least one challenge means has no access to the private keying material, and further wherein the response means has means for proving that the response means has access to the private keying material by interacting with the at least one challenge means using an asymmetric cryptographic scheme as a proof, still further wherein the at least one challenge means has means for prohibiting use of some or all of said file'"'"'s content unless said proof is successful, a distribution system having access to said private keying material of a vendor in said distribution system, said distribution system being authorized to distribute said file wherein said distribution system prohibits said further distribution system from making other distribution systems having access to said private keying material of said vendor, wherein said further distribution system signs said keyfile using a private keying material of said further distribution system, said at least one challenge means validates a certificate of said further distribution system signed using said private keying material of said vendor, said certificate including a public keying material of said further distribution system and using a public keying material of said vendor, and said at least one challenge means validates said keyfile using said public keying material of said further distribution system.
5 Assignments
0 Petitions
Accused Products
Abstract
A computer system is provided having a protection mechanism for protecting the contents of a file. The protection mechanism has at least one Viewer program, at least one challenge associated with the Viewer program and the file, and at least one response with private keying material that it can access. The challenge has no access to the private keying material. The response can prove that it has access to the private keying material by interacting with the challenge using an asymmetric cryptographic scheme. The challenge can instruct the Viewer program to avoid using some or all of the file'"'"'s content unless the proof is successful.
-
Citations
25 Claims
-
1. A computer system, comprising:
-
a protection mechanism for protecting contents of a file wherein the protection mechanism has at least one viewer program, at least one challenge means associate with said viewer program and said file, and a response means with private keying material that the response means can access, wherein the at least one challenge means has no access to the private keying material, and further wherein the response means has means for proving that the response means has access to the private keying material by interacting with the at least one challenge means using an asymmetric cryptographic scheme as a proof, still further wherein the at least one challenge means has means for prohibiting use of some or all of said file'"'"'s content unless said proof is successful, a distribution system having access to said private keying material of a vendor in said distribution system, said distribution system being authorized to distribute said file wherein said distribution system prohibits said further distribution system from making other distribution systems having access to said private keying material of said vendor, wherein said further distribution system signs said keyfile using a private keying material of said further distribution system, said at least one challenge means validates a certificate of said further distribution system signed using said private keying material of said vendor, said certificate including a public keying material of said further distribution system and using a public keying material of said vendor, and said at least one challenge means validates said keyfile using said public keying material of said further distribution system. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
means for prohibiting a customer from printing some or all of said file unless said proof by said means for validating succeeds.
-
-
6. The computer system according to one of claim 1, 2, 3 or 4, further comprising:
a certificate authority for making available a public key pair.
-
7. The computer system according to claim 6, wherein said certificate authority signs at least one of a public keying material and said file with a certificate authority'"'"'s private keying material, said certificate authority sends said at least one of said public keying material and said file to a vendor'"'"'s computer,
wherein said vendor'"'"'s computer validates said at least one of said public keying material and said file. -
8. The computer system according to one of claim 1, 2, 3 or 4, wherein said asymmetric cryptographic scheme is one of a probabilistic proof scheme and an asymmetric confidentiality scheme and a digital signature scheme.
-
9. The compute system according to one of claim 1, 2, 3 or 4, wherein said probabilistic proof scheme is one of a zero knowledge proof scheme and a witness hiding proof scheme.
-
10. The computer system according to one of claim 1, 2, 3 or 4, further comprising:
means for issuing a random challenge associated with said at least one challenge means.
-
11. The computer system according to claim 10, wherein said means for issuing a random challenge includes means for generating a random challenge by repeatedly timing response to device accesses.
-
12. The computer system according to claim 11, wherein said means for generating a random challenge includes means for forking new threads in such a manner as to introduce an additional degree of randomness into said random challenge by exploiting unpredictabilities in an operating system'"'"'s scheduler.
-
13. The computer system according to claim 11, wherein said means for generating a random challenge includes
means for performing a statistical test to determine a number of random bits obtained by each of disk accesses, and means for causing disk accesses to be repeated until a predetermined number of random bits has been obtained. -
14. The computer system according to one of claim 1,2, 3 or 4, wherein said at least one challenge means is embedded in said viewer program.
-
15. The computer system according to one of claim 1, 2, 3 or 4, further comprising:
a keyfile for holding at least one of public keying material and document handling rules.
-
16. The computer system according to claim 15, wherein contents of the keyfile are physically stored in at least one file.
-
17. The computer system according to claim 16, wherein the public keying material held in said keyfile is cryptographically secure,
wherein the public keying material is computationally infeasible to alter any portion of the keyfile including the public keying material without altering the at least one challenge means. -
18. The computer system according to claim 15, wherein said keyfile includes information identifying a customer to which the file which has been protected has been supplied.
-
19. The computer system according to claim 15, wherein said keyfile includes decoy bits for disguising the public keying material held in said keyfile.
-
20. The computer system according to claim 15, wherein said keyfile includes information concerning selective activation of services of the file.
-
21. The computer system according to one of claim 1, 2, 3 or 4, wherein said file is accessible one of a communication network and CD-ROM.
-
22. The computer system according to one of claim 1, 2, 3 or 4, wherein said file is marked using digital watermarking.
-
23. The computer system according to one of claim 1, 2, 3 or 4, wherein said file is encrypted.
-
24. The computer system according to claim 1, 2, 3 or 4, wherein said distribution system makes at least one further distribution system having access to said private keying material of said vendor, wherein said further distribution system is authorized to distribute said file.
-
2. A computer system, comprising:
-
a protection mechanism for protecting the contents of a file, the protection mechanism including at least one viewer program, at least one challenge means associated with said viewer program and said file, and a response means with private keying material that the response means can access, wherein the at least one challenge means has no access to the private keying material, and further wherein the response means has means for proving that the response means has access to the private keying material by interacting with the at least one challenge means using an asymmetric cryptographic scheme as a proof, still further wherein the at least one challenge means has means for instructing the viewer program to avoid displaying some or all of said file'"'"'s content unless said proof is successful, a distribution system having access to said private keying material of a vendor in said distribution system, wherein said distribution system is authorized to distribute said file wherein said distribution system prohibits said further distribution system from making other distribution systems having access to said private keying material of said vendor, wherein said further distribution system signs said keyfile using a private keying material of said further distribution system, said at least one challenge means validates a certificate of said further distribution system signed using said private keying material of said vendor, said certificate including a public keying material of said further distribution system and using a public keying material of said vendor, and said at least one challenge means validates said keyfile using said public keying material of said further distribution system.
-
-
3. A computer system, comprising:
-
means for inputting a viewer program which uses a file to be protected and for embedding at least one challenge means in the viewer program which uses said file, wherein said at least one challenge means includes means for participating in an asymmetric cryptographic scheme, wherein the at least one challenge means has no access to a private keying material, and means for validating that the response means possesses said private keying material as a proof, and further wherein the at least one challenge means has means for prohibiting use of some or all of said file'"'"'s content unless said proof is successful, a distribution system having access to said private keying material of a vendor in said distribution system, wherein said distribution system is authorized to distribute said file wherein said distribution system prohibits said further distribution system from making other distribution systems having access to said private keying material of said vendor, wherein said further distribution system signs said keyfile using a private keying material of said further distribution system, said at least one challenge means validates a certificate of said further distribution system signed using said private keying material of said vendor, said certificate including a public keying material of said further distribution system and using a public keying material of said vendor, and said at least one challenge means validates said keyfile using said public keying material of said further distribution system.
-
-
4. A computer system, comprising:
-
means for inputting a viewer program which uses a file to be protected and for embedding at least one challenge means in the viewer program which uses said file, wherein said at least one challenge means has means for participating in an asymmetric cryptographic scheme, wherein the at least one challenge means has no access to a private keying material, means for validating that the response means possesses said private keying material as a proof, means for instructing the viewer program to avoid displaying some or all of said file'"'"'s content unless said proof is successful, a distribution system having access to said private keying material of a vendor in said distribution system, wherein said distribution system is authorized to distribute said file wherein said distribution system prohibits said further distribution system from making other distribution systems having access to said private keying material of said vendor, wherein said further distribution system signs said keyfile using a private keying material of said further distribution system, said at least one challenge means validates a certificate of said further distribution system signed using said private keying material of said vendor, said certificate including a public keying material of said further distribution system and using a public keying material of said vendor, and said at least one challenge means validates said keyfile using said public keying material of said further distribution system.
-
-
25. A method for protecting contents of a file, wherein at least one challenge means is associated with a viewer program which uses said file, the at least one challenge means is associated with said file, and at least one response means accesses private keying material, the method comprising the steps of:
-
preventing access of the at least one challenge means to the private keying material;
proving to the at least one challenge means by the at least one response means that the at least one response means has access to the private keying material by interacting with the at least one challenge means using an asymmetric cryptographic scheme as a proof;
instructing the viewer program by the at least one challenge means to avoid displaying some or all of said file'"'"'s content unless said proof is successfull;
providing a distribution system having access to a private keying material of a vendor, and said distribution system being authorized to distribute said file, wherein said distribution system makes at least one further distribution system having access to said vendor'"'"'s private keying material and further wherein said further distribution system is authorized to distribute said file, wherein said distribution system prohibits said further distribution system from making other distribution systems having access to said vendor'"'"'s private keying material, wherein said further distribution system signs said keyfile using a further distribution system'"'"'s private keying material, said at least one challenge means validates a further distribution system'"'"'s certificate signed using said vendor'"'"'s private keying material and using said certificate including a further distribution system'"'"'s public keying material and using a vendor'"'"'s public keying material, and said at least one challenge means validates said keyfile using said further distribution system'"'"'s public keying material.
-
Specification