Software protection using an installation product having an entitlement file
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-021/10
G06F-021/12
H04L-009/32
출원번호
US-0393242
(2009-02-26)
등록번호
US-9946848
(2018-04-17)
발명자
/ 주소
Hahn, Timothy J.
Palmer, Jr., Bernard P.
Waidner, Michael P.
Whitmore, James J.
출원인 / 주소
International Business Machines Corporation
대리인 / 주소
Morris, Daniel P.
인용정보
피인용 횟수 :
0인용 특허 :
44
초록▼
Techniques for establishing entitlement to a computer program product are provided, and include providing a client identity in a registration process to produce an entitlement file, obtaining an encoded version of a computer program product, and transforming the computer program product into an inst
Techniques for establishing entitlement to a computer program product are provided, and include providing a client identity in a registration process to produce an entitlement file, obtaining an encoded version of a computer program product, and transforming the computer program product into an installation product in a computer storage medium, wherein the installation product comprises the entitlement file to establish entitled use of the computer program product. Also, techniques for facilitating security compliance of a computer program product include providing an encoded version of a computer program product, and providing an installation product builder for the computer program product, wherein the installation product builder creates an installation product in a computer storage medium using a client identity and the encoded version of the computer program product during a registration process, and wherein the created installation product comprises an entitlement file to facilitate security compliance of the computer program product.
대표청구항▼
1. A method for establishing entitlement to a computer program product, comprising the steps of: obtaining from a licensor of a computer program product, a certified client identity of a licensee of the computer program product, wherein said certified client identity comprises licensee identificatio
1. A method for establishing entitlement to a computer program product, comprising the steps of: obtaining from a licensor of a computer program product, a certified client identity of a licensee of the computer program product, wherein said certified client identity comprises licensee identification information, and cryptographic keys comprising a private key of the licensee and a signature verification public key of the licensor, wherein the certified client identity is generated and utilized by the licensor in a pre-deployment registration process to produce an entitlement file that is unique to said certified client identity, wherein the pre-deployment process is performed by the licensor prior to making the computer program product available to the licensee;obtaining the entitlement file from the licensor which is digitally signed with a private key of the licensor of the computer program product, wherein the entitlement file specifies terms of the licensee's entitled use of the computer program product;obtaining from the licensor an encoded version of the computer program product which is encoded with a public key of the licensee;transforming the encoded version of the computer program product into an installation product in a computer storage medium using the certified client identify and the private key of the licensee; andduring the transforming, automatically performing a registration process using the entitlement file to establish entitled use of the computer program product by the licensee and to include registration information within the installation product,wherein the transforming and registration process comprises: decoding the encoded version of the computer program product using the private key of the licensee;decoding a digital signature associated with the entitlement file using the signature verification public key of the licensor to verify that the terms of the licensee's entitled use of the computer program product as provided by the entitlement file are valid; andautomatically verifying the licensee's entitled use of the computer program product using the validated terms of the licensee's entitled use as specified by the entitlement file; andenabling installation of the computer program product if the licensee's entitled use of the computer program product is verified by the registration process;wherein said method comprises an automated process that is performed by a computer executing program instructions. 2. The method of claim 1, further comprising: generating a digital signature of the licensee by digitally signing at least the licensee identification information using the private key of the licensee;generating the installation product by embedding the digital signature of the licensee and the entitlement file and the associated digital signature into the decoded computer program product;storing the installation product in a computer storage device. 3. The method of claim 1, wherein the encoded version of the computer program product comprises a licensed program and a program identification, wherein the licensed program and the program identification are embedded together and encoded with the public key of the licensee. 4. The method of claim 3, wherein the encoded version of the computer program product is decoded with the private key of the licensee to receive clear versions of the licensed program and the program identification. 5. The method of claim 4, further comprising comparing a decoded version of the program identification obtained from the licensor to the clear version of the program identification to verify that the correct software is received. 6. The method of claim 1, wherein the installation product comprises an embedded copy of the client identity. 7. The method of claim 1, further comprising the steps of: enabling the licensee to create another installation product with an identity of a subsequent licensee embedded therein, wherein said subsequent licensee is a licensee that is issued subsequent to an initial licensing of an original licensee; andenabling the subsequent licensee to change an original licensee identity in an original installation product. 8. The method of claim 1, wherein transforming the computer program product into an installation product in a computer storage medium comprises changing a content of a downloadable binary object by inserting the entitlement file. 9. The method of claim 1, further comprising receiving the entitlement file separately during a download session for the installation product. 10. An apparatus, comprising: a memory configured to store program instructions; anda processor coupled to the memory and configured to execute the program instructions to implement a process for establishing entitlement to a computer program product, wherein the process comprises:obtaining from a licensor of a computer program product, a certified client identity of a licensee of the computer program product, wherein said certified client identity comprises licensee identification information, and cryptographic keys comprising a private key of the licensee and a signature verification public key of the licensor, wherein the certified client identity is generated and utilized by the licensor in a pre-deployment registration process to produce an entitlement file that is unique to said certified client identity, wherein the pre-deployment process is performed by the licensor prior to making the computer program product available to the licensee;obtaining the entitlement file from the licensor which is digitally signed with a private key of the licensor of the computer program product, wherein the entitlement file specifies terms of the licensee's entitled use of the computer program product;obtaining from the licensor an encoded version of the computer program product which is encoded with a public key of the licensee;transforming the encoded version of the computer program product into an installation product in a computer storage medium using the certified client identify and the private key of the licensee; andduring the transforming, automatically performing a registration process using the entitlement file to establish entitled use of the computer program product by the licensee and to include registration information within the installation product,wherein the transforming and the registration process comprises: decoding the encoded version of the computer program product using the private key of the licensee;decoding a digital signature associated with the entitlement file using the signature verification public key of the licensor to verify that the terms of the licensee's entitled use of the computer program product as provided by the entitlement file are valid; andautomatically verifying the licensee's entitled use of the computer program product using the validated terms of the licensee's entitled use as specified by the entitlement file; andenabling installation of the computer program product if the licensee's entitled use of the computer program product is verified by the registration process. 11. The apparatus of claim 10, wherein the process further comprises: generating a digital signature of the licensee by digitally signing at least the licensee identification information using the private key of the licensee;generating the installation product by embedding the digital signature of the licensee and the entitlement file and the associated digital signature into the decoded computer program product;storing the installation product in a computer storage device. 12. The apparatus of claim 10, wherein the encoded version of the computer program product comprises a licensed program and a program identification, wherein the licensed program and the program identification are embedded together and encoded with the public key of the licensee. 13. The apparatus of claim 12, wherein the encoded version of the computer program product is decoded with the private key of the licensee to receive clear versions of the licensed program and the program identification. 14. The apparatus of claim 13, wherein the process further comprises comparing a decoded version of the program identification obtained from the licensor to the clear version of the program identification to verify that the correct software is received. 15. The apparatus of claim 10, wherein the installation product comprises an embedded copy of the client identity. 16. The apparatus of claim 10, wherein the process further comprises: enabling the licensee to create another installation product with an identity of a subsequent licensee embedded therein, wherein said subsequent licensee is a licensee that is issued subsequent to an initial licensing of an original licensee; andenabling the subsequent licensee to change an original licensee identity in an original installation product. 17. The apparatus of claim 10, wherein transforming the computer program product into an installation product in a computer storage medium comprises changing a content of a downloadable binary object by inserting the entitlement file. 18. The apparatus of claim 10, wherein the process further comprises receiving the entitlement file separately during a download session for the installation product.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (44)
Kitaj,Paul Thomas; Paskett,Sherman W.; Hardy,Douglas Allan; Seeker,Frank Edward; Tugenberg,Steve Robert, Access-control method for software modules and programmable electronic device therefor.
Peinado,Marcus; Abburi,Rajasekhar; England,Paul; Ganesan,Krishnamurthy; Bell,Jeffrey R. C.; Blinn,Arnold N.; Jones,Thomas C., Digital license and method for obtaining/providing a digital license.
Wang,Xin; Nahidipour,Aram; Raley,Michael C; Lao,Guillermo; Ta,Thanh T.; Tadayon,Bijan, Method and apparatus for hierarchical assignment of rights to documents and documents having such rights.
Tadayon,Bijan; Nahidipour,Aram; Wang,Xin; Raley,Michael C; Lao,Guillermo; Ta,Thanh T; Gilliam,Charles P, Method and apparatus for transferring usage rights and digital work having transferrable usage rights.
Bialick, William P.; Housley, Russell D.; Moore, Charles R. J.; Linsenbardt, Duane J., Method and system for enforcing access to a computing resource using a licensing attribute certificate.
Larose Gordon Edward,CAX ; Allan David Ian,CAX, Method and system for networked installation of uniquely customized, authenticable, and traceable software application.
Nobuya Okayama JP; Hiroshi Koike JP; Taminori Tomita JP; Shigeru Arai JP, Method and system for preventing illegal use of digital contents, processing program thereof, and recording medium for the program.
Choudhury Abhijit K. (Scotch Plains NJ) Maxemchuk Nicholas F. (Mountainside NJ) Paul Sanjoy (Scotch Plains NJ) Schulzrinne Henning G. (Sterling NJ), Method of protecting electronically published materials using cryptographic protocols.
Takahashi Toshinari,JPX ; Nogami Hiroyasu,JPX, Software distribution system and software utilization scheme for improving security and user convenience.
DeMello,Marco A.; Narin,Attila; Setty,Venkateshaiah; Zeman,Pavel; Krishnaswamy,Vinay; Manferdelli,John L.; Byrum,Frank D.; Keely,Leroy B.; Yaacovi,Yoram; Alger,Jeffrey H., System and method for activating a rendering device in a multi-level rights-management architecture.
Stefik Mark J. ; Petrie Glen W. ; Okamoto Steve A. ; Briggs Nicholas H., System for controlling the distribution and use of rendered digital works through watermaking.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter,Karl L.; Shear,Victor H.; Spahn,Francis J.; Van Wie,David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter,Karl L.; Shear,Victor H.; Spahn,Francis J.; Van Wie,David M.; Weber,Robert P., Trusted infrastructure support systems, methods and techniques for secure electronic commerce transaction and rights management.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.