Digital rights management for applications

US 8,719,586 B1
Filed: 03/09/2011
Issued: 05/06/2014
Est. Priority Date: 03/09/2011
Status: Active Grant

First Claim

Patent Images

1. A method of managing access to an application, the method comprising:

by a security module implemented in a computing system comprising one or more processors, the security module being an embedded component of an application;

identifying an attempt to execute the application by a user;

in response to identifying the attempt to execute the application, processing a security token associated with the application to confirm whether execution of the application is authorized;

determining whether an unauthorized modification has been made to the application by at least comparing a value in the security token with a value derived from the application, wherein the value derived from the application is calculated based at least in part on performing a mathematical operation with respect to the application, said performing the mathematical operation comprising;

performing the mathematical operation based on at least an executable portion of the application if the application exceeds a predetermined size; and

performing the mathematical operation based on at least the executable portion of the application and a data portion of the application if the application is less than the predetermined size; and

modifying execution of the application in response to determining that either the execution of the application is not authorized or that an unauthorized modification has been made to the application.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure describes systems and associated processes that provide digital rights management for applications. In some embodiments, these system and processes couple DRM protection with individual applications, rather than with a centralized service. For instance, these systems and processes can be implemented in the context of an application store or distribution service that distributes applications for purchase or for free to user devices. Developers can submit applications to the application distribution service for distribution to end users. In response to receiving an application from a developer, the application distribution service can modify the application to include DRM features. The application distribution service can accomplish this modification without input from or the knowledge of the developer. The DRM features included in the modified application can prevent or otherwise reduce copying or modifying of the application.

82 Citations

View as Search Results

20 Claims

1. A method of managing access to an application, the method comprising:
- by a security module implemented in a computing system comprising one or more processors, the security module being an embedded component of an application;
  
  identifying an attempt to execute the application by a user;
  
  in response to identifying the attempt to execute the application, processing a security token associated with the application to confirm whether execution of the application is authorized;
  
  determining whether an unauthorized modification has been made to the application by at least comparing a value in the security token with a value derived from the application, wherein the value derived from the application is calculated based at least in part on performing a mathematical operation with respect to the application, said performing the mathematical operation comprising;
  
  performing the mathematical operation based on at least an executable portion of the application if the application exceeds a predetermined size; and
  
  performing the mathematical operation based on at least the executable portion of the application and a data portion of the application if the application is less than the predetermined size; and
  
  modifying execution of the application in response to determining that either the execution of the application is not authorized or that an unauthorized modification has been made to the application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein said modifying execution of the application comprises halting execution of the application.
  - 3. The method of claim 1, wherein said modifying execution of the application comprises disabling one or more features of the application.
  - 4. The method of claim 1, wherein said modifying execution of the application comprises reminding the user to register the application.
  - 5. The method of claim 1, wherein said confirming comprises verifying whether the user is associated with the security token.
  - 6. The method of claim 1, wherein said confirming comprises verifying whether the computing device is associated with the security token.
  - 7. The method of claim 1, wherein said confirming comprises authenticating the security token to confirm a validity of the security token.
  - 8. The method of claim 1, wherein said confirming comprises determining whether an expiration date identified by the security token has been reached.
  - 9. The method of claim 1, wherein authenticating the security token comprises verifying a signature associated with the security token without access to a network connection.
  - 10. The method of claim 9, wherein verifying the signature comprises using a public key associated with a certificate stored on the computing device.

11. Non-transitory physical computer storage having stored thereon a security module embedded in an application, the security module comprising computer-executable instructions configured to cause a computer system to at least:
- identify an attempt to access a feature of the application;
  
  in response to identifying the attempt to access the feature of the application, analyze a security token associated with the application to confirm whether execution of the application is limited in scope;
  
  alter execution of the application in response to determining that the execution of the application is limited in scope; and
  
  determine whether an unauthorized modification has been made to the application by at least performing a mathematical operation on the application, wherein performing the mathematical operation comprises;
  
  computing the mathematical operation on at least an executable portion of the application in response to determining that the application exceeds a predetermined size; and
  
  computing the mathematical operation on at least the executable portion of the application and a data portion of the application in response to determining that the application is less than the predetermined size.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The non-transitory physical computer storage of claim 11, wherein the feature comprises running the application.
  - 13. The non-transitory physical computer storage of claim 11, wherein the feature comprises executing a premium version of the application.
  - 14. The non-transitory physical computer storage of claim 11, wherein the security module is further configured to halt execution of the application in response to determining that an unauthorized modification to the application has been made.
  - 15. The non-transitory physical computer storage of claim 11, wherein the mathematical operation comprises one or more of the following:
    - a checksum operation and a hashing operation.
  - 16. The non-transitory physical computer storage of claim 11, in combination with one or more computing devices comprising computer hardware.

17. A system for managing access to an application, the system comprising:
- a computer system comprising physical computer hardware configured to;
  
  detect an attempt to execute the application;
  
  in response to detecting the attempt to execute the application, confirm whether execution of the application is authorized based on a security token associated with the application;
  
  determine whether an unauthorized modification has been made to the application by at least comparing a value in the security token with a value derived from the application, wherein the value derived from the application is calculated based at least in part on performing a mathematical operation with respect to the application, said performing the mathematical operation comprising;
  
  performing the mathematical operation based on at least an executable portion of the application if the application exceeds a predetermined size; and
  
  performing the mathematical operation based on at least the executable portion of the application and a data portion of the application if the application is less than the predetermined size; and
  
  modify execution of the application in response to determining that either the execution of the application is not authorized or that an unauthorized modification has been made to the application.
- View Dependent Claims (18, 19, 20)
- - 18. The system of claim 17, wherein the computer system is further configured to modify execution of the application by halting execution of the program or disabling one or more features of the application.
  - 19. The system of claim 17, wherein performing the mathematical operation comprising calculating a checksum for the application.
  - 20. The system of claim 17, wherein performing the mathematical operation comprises performing a hash function operation with respect to the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Original Assignee
Amazon Technologies, Inc. (Amazon.com, Inc.)
Inventors
Paleja, Ameesh, Peled, Yael, Okereke, Mekka C., Finer, Timothy E.
Primary Examiner(s)
KOSOWSKI, CAROLYN M

Application Number

US13/044,478
Time in Patent Office

1,154 Days
Field of Search

726/26, 726/6, 713/187
US Class Current

713/187
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/12   Protecting executable software

G06F 21/121   Restricting unauthorised ex...

G06F 21/16   Program or content traceabi...

G06F 21/33   using certificates

G06F 21/64   Protecting data integrity, ...

Digital rights management for applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

82 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Digital rights management for applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

82 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links