Method and apparatus for enhancing software security and distributing software
First Claim
1. A computer-readable medium storing a data structure for secure distribution of software from a distributor to a recipient, said data structure comprising:
- (a) a cryptographically secured representation of said software, said cryptographically secured representation having been secured by a first encryption key;
(b) a cryptographic certification, by a certifier, of a first decryption key corresponding to said first encryption key; and
(c) an identifier of said distributor;
said cryptographically secured representation, cryptographic certification and identifier collectively defining a software passport which enables said recipient thereof (i) to cryptographically verify said first decryption key using a second, preexisting decryption key unrelated to said distributor and obtained by said recipient without specific knowledge of said certifier, and (ii) to cryptographically verify said software using said verified first decryption key.
2 Assignments
0 Petitions
Accused Products
Abstract
Source code to be protected, a software application writer'"'"'s private key, along with an application writer'"'"'s license provided to the first computer. The application writer'"'"'s license includes identifying information such as the application writer'"'"'s name as well as the application writer'"'"'s public key. A compiler program executed by the first computer compiles the source code into binary code, and computes a message digest for the binary code. The first computer then encrypts the message digest using the application writer'"'"'s private key, such that the encrypted message digest is defined as a digital "signature" of the application writer. A software passport is then generated which includes the application writer'"'"'s digital signature, the application writer'"'"'s license and the binary code. The software passport is then distributed to a user using any number of software distribution models known in the industry. A user, upon receipt of the software passport, loads the passport into a computer which determines whether the software passport includes the application writer'"'"'s license and digital signature. In the event that the software passport does not include the application writer'"'"'s license, or the application writer'"'"'s digital signature, then the user'"'"'s computer system discards the software passport and does not execute the binary code. As an additional security step, the user'"'"'s computer computes a second message digest for the software passport and compares it to the first message digest, such that if the first and second message digests are not equal, the software passport is also rejected by the user'"'"'s computer and the code is not executed. If the first and second message digests are equal, the user'"'"'s computer extracts the application writer'"'"'s public key from the application writer'"'"'s license for verification. The application writer'"'"'s digital signature is decrypted using the application writer'"'"'s public key. The user'"'"'s computer then compares a message digest of the binary code to be executed, with the decrypted application writer'"'"'s digital signature, such that if they are equal, the user'"'"'s computer executes the binary code.
618 Citations
72 Claims
-
1. A computer-readable medium storing a data structure for secure distribution of software from a distributor to a recipient, said data structure comprising:
-
(a) a cryptographically secured representation of said software, said cryptographically secured representation having been secured by a first encryption key; (b) a cryptographic certification, by a certifier, of a first decryption key corresponding to said first encryption key; and (c) an identifier of said distributor;
said cryptographically secured representation, cryptographic certification and identifier collectively defining a software passport which enables said recipient thereof (i) to cryptographically verify said first decryption key using a second, preexisting decryption key unrelated to said distributor and obtained by said recipient without specific knowledge of said certifier, and (ii) to cryptographically verify said software using said verified first decryption key. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method for secure software distribution from a distributor to a recipient comprising the steps of:
-
(a) receiving, at a recipient'"'"'s location, a plurality of elements including; (i) software; (ii) a cryptographically secured representation of said software, said cryptographically secured representation having been secured by a first encryption key; (iii) an identifier of said distributor; and (iv) a cryptographic certification, by a certifier, of a first decryption key corresponding to said first encryption key; said received elements defining a software passport including at least elements (ii), (iii) and (iv); and (b) cryptographically verifying said first decryption key using a second, preexisting decryption key unrelated to said distributor and obtained by said recipient without specific knowledge of said certifier; and (c) cryptographically verifying said software using said verified first decryption key. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
-
46. A method for licensing of a software distributor by a certifier, comprising the steps of:
-
(a) receiving, at a certifier'"'"'s location, an identifier of said distributor; (b) verifying a qualification of said distributor against a predetermined licensing criterion; and (c) performing a first cryptographic operation on said identifier to produce a cryptographic certification of said distributor; (d) said cryptographic certification enabling cryptographic verification by a recipient thereof using a preexisting decryption unrelated to said distributor, and obtained by said recipient without specific knowledge of said certifier. - View Dependent Claims (47, 48, 49)
-
-
50. A method for secure software distribution from a distributor to a recipient, comprising the steps of:
-
(a) identifying software that is to be distributed to a recipient; (b) using a first encryption key to perform a first cryptographic operation on said software to form a cryptographically secured representation of said software; (c) obtaining, from a certifier, a cryptographic certification of a first decryption key corresponding to said first encryption key; and (d) generating a software passport for said recipient, said software passport including at least said cryptographically secured representation, said cryptographic certification, and an identifier of said distributor;
where said software passport enables said recipient thereof (i) to cryptographically verify said first decryption key using a second, preexisting decryption key unrelated to said distributor and obtained without specific knowledge of said certifier, and (ii) to cryptographically verify said software using said verified first decryption key. - View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72)
-
Specification