Authentication and verification for use of software

US 7,003,672 B2
Filed: 09/25/2001
Issued: 02/21/2006
Est. Priority Date: 09/25/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A method of authenticating software, comprising:

(a) selecting software to run on a computer;

(b) computing a first hash of a copy of object code associated with the software;

(c) retrieving a first encrypted security value, said first encrypted security value being an encrypted hash of another copy of object code associated with the software;

(d) decrypting the first encrypted security value to produce a first security value;

(e) comparing the first hash from (b) to the first security value from (d);

(f) computing a second hash of a combination of the first hash and the copy of the object code from (b);

(g) retrieving a second encrypted security value, said second encrypted security value being an encrypted hash of a combination of the first security value and said another copy of the object code;

(h) decrypting the second encrypted security value to produce a second security value; and

(i) comparing the second hash to the second security value.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer system comprises a security computer having a security database and at least one workstation computer on which software is accessible for execution. The database includes security values that the workstation computers use to verify whether their copy of software is authentic (i.e., unmodified such as might occur from action of a virus). The database can also be used verify whether the software can be run on a particular workstation computer.

51 Citations

View as Search Results

31 Claims

1. A method of authenticating software, comprising:
- (a) selecting software to run on a computer;
  
  (b) computing a first hash of a copy of object code associated with the software;
  
  (c) retrieving a first encrypted security value, said first encrypted security value being an encrypted hash of another copy of object code associated with the software;
  
  (d) decrypting the first encrypted security value to produce a first security value;
  
  (e) comparing the first hash from (b) to the first security value from (d);
  
  (f) computing a second hash of a combination of the first hash and the copy of the object code from (b);
  
  (g) retrieving a second encrypted security value, said second encrypted security value being an encrypted hash of a combination of the first security value and said another copy of the object code;
  
  (h) decrypting the second encrypted security value to produce a second security value; and
  
  (i) comparing the second hash to the second security value.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 wherein in (e) if the first hash matches the first security value, determining that the copy of the object code selected to run on the computer is authentic.
  - 3. The method of claim 1 wherein in (e) if the first hash does not match the first security value, determining that the copy of the object code selected to run on the computer is not authentic.
  - 4. The method of claim 3 wherein, if the object code is not authentic, not executing the object code.
  - 5. The method of claim 3 wherein, if the object code is not authentic, alerting a network administrator that the object code is not authentic.
  - 6. The method of claim 1 wherein (h) includes decrypting the second encrypted security value using a value unique to the computer on which the software is to run.
  - 7. The method of claim 5 wherein said unique value comprises the computer'"'"'s serial number.
  - 8. The method of claim 5 wherein said unique value comprises the computer'"'"'s IP address.
  - 9. The method of claim 1 wherein if the second hash and the second security value match, then the computer determines that object code is authorized to run on the computer.
  - 10. The method of claim 1 wherein if the second hash and the second security value do not match, then the computer determines that object code is not authorized to run on the computer.
  - 11. The method of claim 10 wherein if the object code is determined not to be authorized to run on the computer, precluding the software from being run on the computer.
  - 12. The method of claim 10 wherein if the object code is determined not to be authorized to run on the computer, transmitting a message to a network administrator informing the network administrator that the object code is not authorized to run on the computer.
  - 13. The method claim 1 wherein if the first hash matches the first security value and the second hash matches the second security value, then the computer determines that the copy of the object code selected to run on the computer is authentic and the copy of the object is authorized to run on the computer.
  - 14. The method of claim 1 wherein if the first hash matches the first security value and the second hash does not match the second security value, then the computer determines that the copy of the object code selected to run on the computer is authentic, but the copy of the object is not authorized to run on the computer.
  - 15. The method of claim 14 further including precluding the software from being run on the computer.

16. A computer system, comprising:
- a security computer on which a security database is stored;
  
  at least one workstation computer coupled to a network administrator computer via a communication link;
  
  software accessible to said workstation computer for execution thereon; and
  
  wherein said security database includes an entry for software that can be executed on the workstation computer, said entry including;
  
  an encrypted first hash of object code associated with the software that is used by said workstation computer to verify the authenticity of the software when the software is selected to be executed; and
  
  an encrypted second hash of a combination of the first hash and the object code, the workstation computer uses the encrypted second hash to determine whether the software is authorized to run on the workstation computer.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 17. The computer system of claim 16 wherein said encrypted first hash was encrypted using a private key associated with the security computer.
  - 18. The computer system of claim 16 wherein said workstation computer computes a hash of object associated with the software accessible to said workstation computer and compares the computed hash to the encrypted first hash from the security database.
  - 19. The computer system of claim 18 wherein said workstation computer retrieves the encrypted first hash of the object code from the security database and decrypts the encrypted first hash before comparing it to the hash computed by the workstation computer.
  - 20. The computer system of claim 19 wherein the workstation computer determines the software to be authentic if the computed hash matches the hash decrypted from the encrypted first hash.
  - 21. The computer system of claim 19 wherein the workstation computer determines the software to be unauthentic if the computed hash does not match the hash decrypted from the encrypted first hash.
  - 22. The computer system of claim 21, wherein, for unauthentic software, the workstation computer precludes execution of the software.
  - 23. The computer system of claim 21, wherein, for unauthentic software, the workstation computer sends an alert message to the security computer indicating that software has been determined to be unauthentic.
  - 24. The computer system of claim 21, wherein, for unauthentic software, the workstation computer alerts the operator of the workstation computer that the software is not authentic.
  - 25. The computer system of claim 16 wherein the second hash is encrypted using a value unique to a computer on which the associated software is authorized to run.
  - 26. The computer system of claim 16 wherein the second hash is encrypted multiple times, each time using a value unique to a computer on which the associated software is authorized to run.

27. A method of authenticating software, comprising:
- (a) selecting software to run on a computer;
  
  (b) computing a first hash of a value uniquely associated with the software;
  
  (c) retrieving a first encrypted security value, said first encrypted security value being an encrypted hash of a value uniquely associated with another copy of the software;
  
  (d) decrypting the first encrypted security value to produce a first security value;
  
  (e) comparing the first hash from (b) to the first security value from (d);
  
  (f) computing a second hash of a combination of the first hash and the value uniquely associated with the software from (b);
  
  (g) retrieving a second encrypted security value, said second encrypted security value being an encrypted hash of a combination of the first security value and the value uniquely associated with said another copy of the software;
  
  (h) decrypting the second encrypted security value to produce a second security value; and
  
  (i) comparing the second hash to the second security value.
- View Dependent Claims (28)
- - 28. The method of claim 27 wherein said value unique to the software includes a manufacturer'"'"'s code.

29. A computer system, comprising:
- a security computer on which a security database is stored;
  
  at least one workstation computer coupled to a network administrator computer via a communication link;
  
  software accessible to said workstation computer for execution thereon; and
  
  wherein said security database includes an entry for software that can be executed on the workstation computer, said entry including;
  
  an encrypted first hash of a value uniquely associated with the software that is used by said workstation computer to verify the authenticity of the software when the software is selected to be executed; and
  
  an encrypted second hash of a combination of the first hash and the value uniquely associated with the software, the workstation computer uses the encrypted second hash to determine whether the software is authorized to run on the workstation computer.
- View Dependent Claims (30)
- - 30. The computer system of claim 29 wherein said value unique to the software includes a manufacturer'"'"'s code.

31. A method of authenticating software, comprising:
- (a) computing a first hash of a copy of object code associated with the software;
  
  (b) retrieving a first encrypted security value, said first encrypted security value being an encrypted hash using a private key associated with the software manufacturer of another copy of object code associated with the software;
  
  (c) decrypting the first encrypted security value to produce a first security value, said decrypting including using a public key associated with the manufacturer of the software;
  
  (d) comparing the first hash from (a) to the first security value from (c);
  
  (e) computing a second hash of the combination of the first hash from (a) and the object code associated with the software;
  
  (f) retrieving a second encrypted security value, said second encrypted security value being an encrypted hash of the combination of the first security value and the object code using a private key associated with a network administrator;
  
  (g) decrypting the second encrypted security value to produce a second security value using a public key associated with the network administrator; and
  
  (h) comparing the second hash to the second security value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Novoa, Manuel, Angelo, Michael F.
Primary Examiner(s)
Barrón, Jr., Gilberto
Assistant Examiner(s)
Dinh, Minh

Application Number

US09/962,631
Publication Number

US 20030061487A1
Time in Patent Office

1,610 Days
Field of Search

713/153, 713164-167, 713/176, 713/189, 713/193, 713/201, 709/223
US Class Current

713/189
CPC Class Codes

G06F 21/565   by checking file integrity

G06F 21/6209   to a single file or object,...

G06F 21/64   Protecting data integrity, ...

Authentication and verification for use of software

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

51 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Authentication and verification for use of software

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links