Method and apparatus for protecting information and privacy

US 7,991,995 B2
Filed: 06/20/2008
Issued: 08/02/2011
Est. Priority Date: 05/02/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A method used by a protection center of sending protection information for protected software to a class of user devices having common properties comprising the steps of:

signing a message including said protection information to be sent, the common properties, and an expiration time for said protection information;

sending the signed protection information from a protection center to a class of user devices, such that the protection information identifies the protected software without revealing information about a user to whom the protected software was sold;

verifying the signed protection information using a verification key;

receiving said signed message by a supervising program on each user device;

at each user device, using the protection information to detect and prevent infringing use of the protected software by verifying, using the supervising program, that the message has been signed by said protection center using a verification key on said user device, that said common properties correspond to one or more of a set of actual properties of the user device and a set of properties listed in the supervising program, and that the expiration time is greater than a current time, where the protection information facilitates the detection and prevention of infringing use of the protected software without requiring modification of the protected software; and

upon successful verification, accepting the message by the user device.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for protecting software against piracy while protecting a user'"'"'s privacy enables enhancements to the protection software in a user device and extended protections against piracy. The protection system allows the user device to postpone validation of purchased tags stored in a tag table for installed software and to re-establish ownership of a tag table to recover from invalidation of a tag table identifier value resulting from revelation of a tag table identifier value. Continued use of the tag table is provided by the use of credits associated with a tag table. A protection center is protected against denial of service attacks by making calls to the protection center cost time or money to the attackers.

147 Citations

View as Search Results

20 Claims

1. A method used by a protection center of sending protection information for protected software to a class of user devices having common properties comprising the steps of:
- signing a message including said protection information to be sent, the common properties, and an expiration time for said protection information;
  
  sending the signed protection information from a protection center to a class of user devices, such that the protection information identifies the protected software without revealing information about a user to whom the protected software was sold;
  
  verifying the signed protection information using a verification key;
  
  receiving said signed message by a supervising program on each user device;
  
  at each user device, using the protection information to detect and prevent infringing use of the protected software by verifying, using the supervising program, that the message has been signed by said protection center using a verification key on said user device, that said common properties correspond to one or more of a set of actual properties of the user device and a set of properties listed in the supervising program, and that the expiration time is greater than a current time, where the protection information facilitates the detection and prevention of infringing use of the protected software without requiring modification of the protected software; and
  
  upon successful verification, accepting the message by the user device.
- View Dependent Claims (2, 3)
- - 2. The method of claim 1 further comprising the steps of:
    - sending said signed message to user devices; and
      
      downloading said signed message by one of the user devices from one of said other user devices.
  - 3. The method of claim 2 wherein the step of sending sends to at least one storage device and the step of downloading downloads from the at least one storage device.

4. A system used by a protection center of sending protection information to a class of user devices having common properties comprising:
- means for signing a message including said protection information to be sent, the common properties, and an expiration time for said protection information;
  
  means for sending the signed protection information from a protection center to a class of user devices, such that the protection information identifies the protected software without revealing information about a user to whom the protected software was sold;
  
  means for verifying the signed protection information using a verification key;
  
  means for receiving said signed message by a supervising program on each user device;
  
  at each user device, means for using the protection information to detect and prevent infringing use of protected software by verifying, using the supervising program, that the message has been signed by said protection center using a verification key on said user device, that said common properties correspond to one or more of a set of actual properties of the user device and a set of properties listed in the supervising program, and that the expiration time is greater than a current time, the protection information facilitating the detection and prevention of infringing use of the protected software without requiring modification of the protected software; and
  
  upon successful verification, accepting the message by the user device.

5. A system of controlling use of protected software on a user device, the system comprising:
- one or more processors configured to process a call-up message generated by a user device, the call-up message facilitating prevention of piracy of the protected software, the call-up message configured to include;
  
  a tag table identifier value associated with the protected software;
  
  a set of user device descriptive values, where one or more of the user device descriptive values provide information concerning a state associated with the user device;
  
  a nonce; and
  
  a one-way function; and
  
  said one-way function is applied to said set of user device descriptive values and said nonce to provide a one-way function result value that conceals the user device descriptive values from other devices, where the concealing of the user device descriptive values from other devices provides privacy protection for a user of the user device; and
  
  the call-up message configured to prevent the tag table identifier value associated with the protected software from being used simultaneously on more than one user device.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 6. The system of claim 5 wherein the user device sends the call-up message to a guardian center;
    - andthe guardian center responding to the call-up message by invalidating the tag table identifier value if the tag table identifier value has been associated with more than a specified number of call-ups over a period of time.
  - 7. The system of claim 5 wherein the user device sends the call-up message to a guardian center;
    - andthe guardian center responds to the call-up message by securely sending a signed continuation message including said tag table identifier value and said one-way function value in the call-up message.
  - 8. The system of claim 7 wherein the continuation message is used in connection with controlling use of the protected software on the user device.
  - 9. The system of claim 7 further comprising a supervising program executing on the user device;
    - the supervising program verifying the signature on the continuation message;
      
      the supervising program verifying that the continuation message includes said call-up message;
      
      the supervising program invalidating the associated tag table, for each said invalidated tag table identifier value; and
      
      the supervising program storing the continuation message on the user device.
  - 10. The system of claim 9 wherein the supervising program invalidates all tags associated with said invalidated tag tables.
  - 11. The system of claim 9 wherein in response to receiving a new tag table identifier value, the supervising program includes said new tag table identifier value in a future call-up message;
    - the guardian center verifying an association between said new tag table identifier value and said original tag table identifier value; and
      
      the guardian center performing further processing based on said original tag table identifier value.
  - 12. The system of claim 5 wherein the user device descriptive values include one or more of the following:
    - number of files on the user device, size of files on the user device, number of directories on the user device, characteristics of indexes used to access data, a processor identifying number, a BIOS identifier, or a network interface identifier.
  - 13. The system of claim 5 wherein the user device descriptive values include biometric information about a particular individual associated with the user device.
  - 14. The system of claim 5 wherein the user device descriptive values are chosen such that they are slowly changing, if at all, during use of the user device.
  - 15. The system of claim 9 wherein the supervising program determines credits associated with the tag table identifier value, where the credits represent the total time available to postpone a call-up message;
    - andthe supervising program preventing the use of credits if the user device descriptive values have changed since the occurrence of a previous continuation message.
  - 16. The system of claim 9 wherein the supervising program determines credits associated with the tag table identifier value, where the credits represent the total time available to postpone a call-up;
    - andthe guardian center decreasing the credits if the user device indicates in a call-up message that its user device descriptive values have changed.
  - 17. The system of claim 5 wherein the call-up message is processed at the guardian center to facilitate detection of use of an infringing copy of software on the user device;
    - andthe guardian center responding to a tag table identifier value that is being used simultaneously on multiple user devices by sending a continuation message specifying that the tag table identifier value is invalid.
  - 18. The system of claim 9 wherein processing, by an authorized server, call-up messages to detect use of an infringing copy of software on the user device further includes responding to determining that a tag table identifier value is being used simultaneously on multiple user devices by sending a continuation message specifying that the tag table identifier value is invalid.
  - 19. The system of claim 18 wherein the other device is the authorized server.

20. A system of re-establishing ownership of a tag table, the system comprising:
- an authorized server in communication with a user device, the authorized server receiving a message regulated to re-establishing ownership of a tag table;
  
  the message including a new tag table identifier, an original tag table identifier, an original tag table identifier and an ownership certificate pertaining to the original tag table identifier, where the new tag table identifier identifies a tag table having one or more tags, the tags indicating a right to use protected software;
  
  the authorized server verifying that said ownership certificate pertains to the original tag table identifier and securely sending to the user device a digitally signed message allowing the user device to employ the new tag table identifier; and
  
  the authorized server creating an association between said new tag table identifier and said original tag table identifier, said new tag table identifier and said tag table identifier both related to said original tag table identifier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
ShieldIP, Inc.
Inventors
Rabin, Michael O., Shasha, Dennis E., Beinart, Yossi, Caceres, Ramon, Karia, Timir, Molnar, David, Rolinson, Sean
Primary Examiner(s)
Flynn, Nathan
Assistant Examiner(s)
Avery, Jeremiah

Application Number

US12/143,485
Publication Number

US 20080282086A1
Time in Patent Office

1,138 Days
Field of Search

None
US Class Current

713/155
CPC Class Codes

G06F 21/1077   Recurrent authorisation

G06F 21/6254   by anonymising data, e.g. d...

G06F 21/725   operating on a secure refer...

G06Q 20/367   involving electronic purses...

Method and apparatus for protecting information and privacy

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

147 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for protecting information and privacy

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

147 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links