Secure software distribution and installation
First Claim
1. A system for controlling installation of software, the system comprising:
- an installation server, the installation server having access to first and second secret values associated with a copy of the software for installation;
an unencrypted installation client, the installation client incorporating the first secret value; and
an encrypted portion of the software, wherein the encrypted portion of the software is encrypted with a first key value derived from the first and second secret values;
wherein the unencrypted installation client is configured to receive the second secret value from the installation server, to generate the first key value, to decrypt the encrypted portion of the software and to install the software; and
wherein the installation client is further configured to generate a second key value from the first key value and the first secret value, encrypt the decrypted portion of the software with the second key value and store the portion of the software encrypted with the second key value.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems and computer program products are provide for controlling access to software is provided by the software to be controlled being divided into a first encrypted portion and a second unencrypted portion. The second unencrypted portion has access to, and may even incorporate, a first secret value and a software identification associated with a copy of the software. The first encrypted portion is encrypted with a first key value which is based on the first secret value and a second secret value. The second secret value is obtained and the first key value generated from the obtained second secret value and the first secret value. The first encrypted portion of the software may then be decrypted with the first key value. The software may be installed on a data processing system utilizing the decrypted first encrypted portion of the software.
111 Citations
39 Claims
-
1. A system for controlling installation of software, the system comprising:
-
an installation server, the installation server having access to first and second secret values associated with a copy of the software for installation; an unencrypted installation client, the installation client incorporating the first secret value; and an encrypted portion of the software, wherein the encrypted portion of the software is encrypted with a first key value derived from the first and second secret values; wherein the unencrypted installation client is configured to receive the second secret value from the installation server, to generate the first key value, to decrypt the encrypted portion of the software and to install the software; and wherein the installation client is further configured to generate a second key value from the first key value and the first secret value, encrypt the decrypted portion of the software with the second key value and store the portion of the software encrypted with the second key value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of controlling access to software by a data processing system, comprising:
-
providing a copy of the software, the software being divided into a first encrypted portion and a second unencrypted portion, the second unencrypted portion having access to a first secret value and a software identification associated with the copy of the software and wherein the first encrypted portion is encrypted with a first key value which is based on the first secret value and a second secret value associated with the software identification of the copy of the software; obtaining the second secret value; generating the first key value from the obtained second secret value and the first secret value; decrypting the first encrypted portion of the software utilizing the first key value; generating a second key value from the first key value and the first secret value; encrypting the decrypted first encrypted portion of the software with the second key value; and storing the first encrypted portion of the software encrypted with the second key value. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method of controlling access to software by a data processing system, comprising:
-
providing a copy of the software, the software being divided into a first encrypted portion and a second unencrypted portion, the second unencrypted portion having access to a first secret value and a software identification associated with the copy of the software and wherein the first encrypted portion is encrypted with a first key value which is based on the first secret value and a second secret value associated with the software identification of the copy of the software; obtaining the second secret value; generating the first key value from the obtained second secret value and the first secret value; decrypting the first encrypted portion of the software utilizing the first key value; generating the first key value based on the first and second secret values at the network server; and associating the first key value with the identification of the copy of the software as an updated second secret value to be provided in response to a subsequent request for the second secret value. - View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
-
-
32. A method of controlling access to software by a data processing system, comprising:
-
providing a copy of the software, the software being divided into a first encrypted portion and a second unencrypted portion, the second unencrypted portion having access to a first secret value and a software identification associated with the copy of the software and wherein the first encrypted portion is encrypted with a first key value which is based on the first secret value and a second secret value associated with the software identification of the copy of the software; obtaining the second secret value; generating the first key value from the obtained second secret value and the first secret value; decrypting the first encrypted portion of the software utilizing the first key value; encrypting the first encrypted portion of the software as a plurality of encrypted blocks; wherein the step of decrypting the first encrypted portion of the software comprises decrypting an encrypted block of the plurality of encrypted blocks with the first key value; wherein the step of encrypting the decrypted first encrypted portion of the software comprises encrypting the decrypted block with the second key value; wherein the step of storing the first encrypted portion of the software encrypted with the second key value comprises storing the block encrypted with the second key value; and wherein the block of the plurality of encrypted blocks is decrypted, encrypted and stored before a next block of the plurality of blocks is decrypted, encrypted and stored.
-
-
33. A method of controlling software installation by a data processing system, comprising:
-
associating a software identification and first and second secret values with a copy of the software; receiving a request for installation of the software on a data processing system, wherein the request identifies the software identification of the copy of the software; determining the second secret value associated with the software identification; determining if the installation of the copy of the software to be installed is authorized; sending the second secret value to the data processing system if the installation of the copy of the software to be installed is authorized; generating a first key value from the first and second secret values associated with the copy of the software; and associating the first key value with the software identification of the copy of the software as an updated second secret value. - View Dependent Claims (34, 35)
-
-
36. A system for controlling access to software by a data processing system, comprising:
-
means for providing a copy of the software, the software being divided into a first encrypted portion and a second unencrypted portion, the second unencrypted portion having access to a first secret value and a software identification associated with the copy of the software and wherein the first encrypted portion is encrypted with a first key value which is based on the first secret value and a second secret value associated with the software identification of the copy of the software; means for obtaining the second secret value; means for generating the first key value from the obtained second secret value and the first secret value; means for decrypting the first encrypted portion of the software utilizing the first key value; means for generating a second key value from the first key value and the first secret value; means for encrypting the decrypted first encrypted portion of the software with the second key value; and means for storing the first encrypted portion of the software encrypted with the second key value.
-
-
37. A system for controlling software installation by a data processing system, comprising:
-
means for associating a software identification and first and second secret values with a copy of the software; means for receiving a request for installation of the software on a data processing system, wherein the request identifies the software identification of the copy of the software; means for determining the second secret value associated with the software identification; means for determining if the installation of the copy of the software to be installed is authorized; and means for sending the second secret value to the data processing system if the installation of the copy of the software to be installed is authorized; means for generating a first key value from the first and second secret values associated with the copy of the software; and means for associating the first key value with the software identification of the copy of the software as an updated second secret value.
-
-
38. A computer program product for controlling access to software comprising:
-
a computer readable storage media having computer readable program code embodied therein, the computer readable program code comprising; computer readable program code which provides a copy of the software, the software being divided into a first encrypted portion and a second unencrypted portion, the second unencrypted portion having access to a first secret value and a software identification associated with the copy of the software and wherein the first encrypted portion is encrypted with a first key value which is based on the first secret value and a second secret value associated with the software identification of the copy of the software; computer readable program code which obtains the second secret value; computer readable program code which generates the first key value from the obtained second secret value and the first secret value; computer readable program code which decrypts the first encrypted portion of the software utilizing the first key value; computer readable program code which generates a second key value from the first key value and the first secret value; computer readable program code which encrypts the decrypted first encrypted portion of the software with the second key value; and computer readable program code which stores the first encrypted portion of the software encrypted with the second key value.
-
-
39. A computer program product for controlling software installations, comprising:
-
a computer readable storage media having computer readable program code embodied therein, the computer readable program code comprising; computer readable program code which associates a software identification and first and second secret values with a copy of the software; computer readable program code which receives a request for installation of the software on a data processing system, wherein the request identifies the software identification of the copy of the software; computer readable program code which determines the second secret value associated with the software identification; computer readable program code which determines if the installation of the copy of the software to be installed is authorized; and computer readable program code which sends the second secret value to the data processing system if the installation of the copy of the software to be installed is authorized; computer readable program code which generates a first key value from the first and second secret values associated with the copy of the software; and computer readable program code which associates the first key value with the software identification of the copy of the software as an updated second secret value.
-
Specification