Method and apparatus for protecting information and privacy

US 6,889,209 B1
Filed: 11/03/2000
Issued: 05/03/2005
Est. Priority Date: 11/03/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method for supervising usage of software on a user device comprising the steps of:

computing, by a supervising program within said user device, a first hash function value of a tag table;

sending, by said supervising program, a call-up message to a guardian center, said call up message comprising said first hash function value, an identifier value of said tag table, and a second hash function value of said tag table sent in a previous call-up message;

verifying, by said guardian center, that said hash function value of said tag table sent in said previous call-up message is a most recently stored value in a list of hash function values stored by said guardian center and associated with said identifier value of said tag table;

upon successful verification by said guardian center, appending said received first tag table hash function value to said list of hash function values associated with said identifier value of said tag table; and

sending, by said guardian center, a continuation message to said supervising program, said continuation message comprising a superfingerprint and a portion of said call-up message to detect and halt the duplication of a tag table on several user devices;

said superfingerprint comprising a list of hash functions resulting from hashes performed on software, a weight value W which defines how many times the supervising program should run, program P and conditions that the supervising program must hold in order to run P, and computer programs used by the supervising program to detect invalidly running software.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism for the purchase of tags for copies of software ensures that identity of the purchaser of a tag table identifier value included in a purchased tag is not revealed. A mechanism of Call-Ups from the user device to a guardian center ensures that each tag table identifier value appears in only one user device and that the data included in a tag table and other data stored in the user device for the purpose of protecting vendor'"'"'s and owner'"'"'s rights in software, cannot be modified.

73 Citations

View as Search Results

29 Claims

1. A method for supervising usage of software on a user device comprising the steps of:
- computing, by a supervising program within said user device, a first hash function value of a tag table;
  
  sending, by said supervising program, a call-up message to a guardian center, said call up message comprising said first hash function value, an identifier value of said tag table, and a second hash function value of said tag table sent in a previous call-up message;
  
  verifying, by said guardian center, that said hash function value of said tag table sent in said previous call-up message is a most recently stored value in a list of hash function values stored by said guardian center and associated with said identifier value of said tag table;
  
  upon successful verification by said guardian center, appending said received first tag table hash function value to said list of hash function values associated with said identifier value of said tag table; and
  
  sending, by said guardian center, a continuation message to said supervising program, said continuation message comprising a superfingerprint and a portion of said call-up message to detect and halt the duplication of a tag table on several user devices;
  
  said superfingerprint comprising a list of hash functions resulting from hashes performed on software, a weight value W which defines how many times the supervising program should run, program P and conditions that the supervising program must hold in order to run P, and computer programs used by the supervising program to detect invalidly running software.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 16. The method of claim 1 further comprising the steps of:
    - upon filling to receive said continuation message within a timeout period, said supervising program resending said call up message to said guardian center, and upon receiving said resent call-up message from said supervising program, resending, by said guardian center, said continuation message previously sent in response to the resent call-up message upon verifying that said received resent call up message equals said previously received call-up message.
  - 17. The method of claim 1 further comprising the step of:
    - upon receiving said message from said guardian center, invalidating said tag table by said supervising program.
  - 18. The method of claim 17 further comprising the step of:
    - upon failure of said verification, rejecting, by said guardian center further call-ups including said tag table identifier value.
  - 19. The method of claim 1 wherein said call-up to a guardian center occurs each time an operating system or said supervising program are loaded into memory in said user device.
  - 20. The method of claim 1 wherein said continuation message includes a superfingerprint.
  - 21. The method of claim 20 further comprising the steps of:
    - including a current user device time on said user device in said call-up message;
      
      verifying, by said guardian center whether said current user device time is within a specified tolerance of a clock time on said guardian center, computing, by said guardian center, a hash function value of superfingerprints included in continuation messages sent to said supervising program in response to previous call-up messages and included in said continuation message, said superfingerprints included in said continuation messages sent to said supervising program in previous call-ups being stored on said user device;
      
      storing, by said guardian center, said bash function value in said continuation message forwarded to said supervising program;
      
      verifying, by said supervising program, that a hash function value of said superfingerprints stored on the user device and included in said continuation message is equal to said received hash function value; and
      
      appending, by said supervising program, on said user device said new superfingerprint to said superfingerprints stored on said user device.
  - 22. The method of claim 1 wherein said call-up message includes a current user device time on said user device.
  - 23. The method of claim 22 wherein the step of verifying further comprises the step of:
    - verifying, by said guardian center whether said current user device time is within a specified tolerance of a clock time on said guardian center.
  - 24. The method of claim 1, wherein the step of verifying further comprises the step of:
    - verifying, by said guardian center that a time difference between said arrival of said call-up message and said previous call-up message exceeds a specified minimum.
  - 25. The method of claim 1 wherein the step of verifying further comprises the step of:
    - verifying by said guardian center that a time difference between said arrival of said call-up message and said previous call-up message is below a specified maximum.
  - 26. The method of claim 1 wherein said call-up message and said continuation message are sent over a secure channel.
  - 27. The method of claim 1 wherein upon detecting use of the infringing copy of software in the user device, the supervising program in the user device halts use of the infringing copy.
  - 28. The method of claim 1 wherein the continuation message is digitally signed.
  - 29. The method of claim 1 wherein the tag table identifier value is generated by hardware.

2. The method of clam 1 further comprising the steps of:
- upon receiving said continuation message, verifying, by said supervising program, that a portion of said continuation message is equal to said corresponding portion sent in said call-up message; and
  
  upon successful verification, by said supervising program, allowing by said supervising program continued use of said copy of software associated with said tag in said tag table on said user device.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 3. The method of claim 2, further comprising the step of:
    - upon failure of said verification, by said supervising program, of said portion of said continuation message, resending by said supervising program said call-up message to said guardian center.
  - 4. The method of claim 2 further comprising the step of:
    - replacing, by said supervising program, within said tag table said hash function value of said tag table sent in said previous call-up message by said hash function value of said tag table sent in said current call-up message.
  - 5. The method of claim 2 comprising the further step of:
    - replacing, by said supervising program, within said tag table said hash function value of said tag table sent in said continuation message received in said previous call-up by said hash function value of said tag table sent in said continuation message received in said current call-up.
  - 6. The method of claim 2 further comprising the step of:
    - measuring, by said supervising program, an elapsed time between a first call-up to a guardian center and a second call-up to a guardian center, by use of one or more event counters.
  - 7. The method of claim 6 wherein said event counters are updated periodically as recorded by a clock.
  - 8. The method of claim 6 further comprising the steps of:
    - storing by said guardian center, a current time value in said continuation message; and
      
      setting, by said supervising program, an event counter to said curt time.
  - 9. The method of claim 2 further comprising the steps of:
    - storing by said supervising program, a plurality of tag tables, said tag tables having said tag table identifier value of said tag table whose hash function values were sent to said guardian center in a plurality of most recent call-ups, each of said tag tables storing user device descriptive values;
      
      storing, by said guardian center, in said continuation message, a plurality of hash function values of said tag tables sent in said plurality of said most recent call-ups; and
      
      upon receiving said continuation message, said supervising program, computing hash function values of said stored plurality of tag tables and further verifying that said computed hash function values are equal to said hash function values in said continuation message.
  - 10. The method of claim 9 further comprising the step of:
    - checking, by said supervising program, whether said user device descriptive values in said tag tables whose hash functions were sent in said plurality of most recent call-ups belong to a plurality of user devices.
  - 11. The method of claim 10 wherein the step of checking further comprises the step of:
    - searching said plurality of tag tables for two successive tag tables including user device descriptive values which differ by more than a specified number of corresponding values.
  - 12. The method of claim 11 wherein the step of checking further comprises the step of:
    - searching said plurality of tag tables for a first tag table, a second tag table and a third tag table, the second tag table sent in a call-up that occurred later than a call-up in which said first tag table was sent and said third tag table sent in a call-up that occurred later than said call-up in which said second tag table was sent and wherein said user device descriptive values stored in said first tag table and in said second table differ in more than a specified number of corresponding values and said user device descriptive values stored in said first tag table and in said third tag table differ in fewer than a specified number of corresponding values.
  - 13. The method of claim 10 further comprising the step of:
    - disabling future call-up messages including said tag table identifier value by said guardian center upon determining that said user descriptive values in tag tables sent in said plurality of most recent call-ups belong to a plurality of user devices.
  - 14. The method of claim 2 wherein said call-up message includes a new randomly chosen value occurring only once.
  - 15. The method of claim 2 further comprising the step of:
    - upon receiving said continuation message, verifying by said supervising program, that a total usage measured across all items in said tag table exceeds a total usage measured across all items in said tag table associated with said previous call-up message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
ShieldIP, Inc.
Inventors
Rabin, Michael O., Shasha, Dennis E.
Primary Examiner(s)
Trammell, James P.
Assistant Examiner(s)
HEWITT II, CALVIN L

Application Number

US09/706,074
Time in Patent Office

1,642 Days
Field of Search

705/1, 705/50, 705/51, 705/53, 705/57, 705/58
US Class Current

705/57
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 9/44521   Dynamic linking or loading;...

Method and apparatus for protecting information and privacy

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for protecting information and privacy

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links