Software protection using an installation product having an entitlement file
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-021/10
G06F-021/12
H04L-009/32
출원번호
US-0454502
(2012-04-24)
등록번호
US-10068064
(2018-09-04)
발명자
/ 주소
Hahn, Timothy J.
Palmer, Jr., Bernard P.
Waidner, Michael P.
Whitmore, James J.
출원인 / 주소
International Business Machines Corporation
대리인 / 주소
Morris, Daniel P
인용정보
피인용 횟수 :
0인용 특허 :
44
초록▼
Techniques for establishing entitlement to a computer program product are provided, and include providing a client identity in a registration process to produce an entitlement file, obtaining an encoded version of a computer program product, and transforming the computer program product into an inst
Techniques for establishing entitlement to a computer program product are provided, and include providing a client identity in a registration process to produce an entitlement file, obtaining an encoded version of a computer program product, and transforming the computer program product into an installation product in a computer storage medium, wherein the installation product comprises the entitlement file to establish entitled use of the computer program product. Also, techniques for facilitating security compliance of a computer program product include providing an encoded version of a computer program product, and providing an installation product builder for the computer program product, wherein the installation product builder creates an installation product in a computer storage medium using a client identity and the encoded version of the computer program product during a registration process, and wherein the created installation product comprises an entitlement file to facilitate security compliance of the computer program product.
대표청구항▼
1. A method, comprising: obtaining from a licensor, an encoded version of a computer program product, an entitlement file, and a certified client identity of a licensee of the computer program product, wherein the certified client identity comprises licensee identification information and cryptograp
1. A method, comprising: obtaining from a licensor, an encoded version of a computer program product, an entitlement file, and a certified client identity of a licensee of the computer program product, wherein the certified client identity comprises licensee identification information and cryptographic keys comprising a private key of the licensee and a signature verification public key of the licensor, wherein the certified client identity is generated and utilized by the licensor in a pre-deployment registration process for the licensee to produce an entitlement file that is unique to said certified client identity, wherein the pre-deployment process is performed by the licensor prior to making the computer program product available to the licensee;obtaining the entitlement file from the licensor which is digitally signed with a private key of the licensor of the computer program product, wherein the entitlement file specifies terms of the licensee's entitled use of the computer program product;generating an installation product in a computer storage medium of a system using the private key of the licensee, the certified client identity and the encoded version of the computer program product which is encoded with a public key of the licensee, wherein generating the installation product comprises: decoding the encoded version of the computer program product using the private key of the licensee, and decoding a digital signature associated with the entitlement file using the signature verification public key of the licensor to verify that the terms of the licensee's entitled use of the computer program product as provided by the entitlement file are valid;automatically verifying the licensee's entitled use of the computer program product using the validated terms of the licensee's entitled use as specified by the entitlement file;generating a digital signature of the licensee by digitally signing at least the licensee identification information of the certified client identity using the private key of the licensee; andgenerating the installation product by embedding the digital signature of the licensee and the digitally signed entitlement file into the decoded computer program product;installing the computer program product in a computer storage medium of a system using the installation product, wherein installing comprises identifying the licensee and veritfying compliance for use of the computer program product using the embedded digitally signed entitlement file and the embedded digital signature of the licensee, and based on the verifying, installing the computer program product; andusing the digitally signed entitlement file to establish compliance for use of the computer program product for a subsequent installation of the computer program product using the installation product,wherein the method is performed by a processor device executing program instructions. 2. The method of claim 1, further comprising auditing the computer program product for compliance, wherein the audit is based on integrity and content of the entitlement file. 3. The method of claim 2, wherein auditing the computer program product for compliance comprises the steps of: scanning a target system for the computer program product and associated entitlement file; andtaking one or more actions based one or more pre-defined requirements. 4. The method of claim 1, wherein the entitlement file comprises at least one of a vendor identifier, a user identifier, one or more transaction identifiers, an asset identifier and one or more terms of entitlement. 5. The method of claim 1, wherein the entitlement file is used to create one or more instances of an entitlement document with one or more embedded integrity metrics. 6. The method of claim 1, wherein using the digitally signed entitlement file to establish compliance for use of the computer program product comprises applying each term of an entitlement agreement throughout the lifecycle of the computer program product based on integrity and content of the entitlement file. 7. The method of claim 1, wherein using the digitally signed entitlement file to establish compliance for use of the computer program product comprises examining the entitlement file, wherein examining the entitlement file comprises at least one of checking for integrity using a public cryptographic operation, checking for integrity using a private cryptographic operation, checking each party, and checking each term of entitlement. 8. The method of claim 1, further comprising performing a subsequent installation of the computer program product using the installation product, wherein performing the subsequent installation process comprises: accessing the digitally signed entitlement file in the computer program product;checking integrity of the entitlement file;presenting content of the entitlement file to a user for review;continuing the computer program product installation process if the user acknowledges acceptance of the entitlement file and intent to continue;presenting end user license agreement (EULA) information to the user for review; andcompleting the computer program product installation if the user acknowledges acceptance of the EULA and intent to continue. 9. An apparatus for establishing compliance for use of a computer program product, comprising: a memory configured to store program instructions; andat least one hardware device coupled to the memory and configured to execute the program instructions to implement a process comprising:obtaining from a licensor, an encoded version of a computer program product, an entitlement file, and a certified client identity of a licensee of the computer program product, wherein the certified client identity comprises licensee identification information and cryptographic keys comprising a private key of the licensee and a signature verification public key of the licensor, wherein the certified client identity is generated and utilized by the licensor in a pre-deployment registration process for the licensee to produce an entitlement file that is unique to said certified client identity, wherein the pre-deployment process is performed by the licensor prior to making the computer program product available to the licensee:obtaining the entitlement file from the licensor which is digitally signed with a private key of the licensor of the computer program product, wherein the entitlement file specifies terms of the licensee's entitled use of the computer program product;generating an installation product in a computer storage medium of a system using the private key of the licensee, the certified client identity and the encoded version of the computer program product which is encoded with a public key of the licensee, wherein generating the installation product comprises: decoding the encoded version of the computer program product using the private key of the licensee, and decoding a digital signature associated with the entitlement file using the signature verification public key of the licensor to verify that the terms of the licensee's entitled use of the computer program product as provided by the entitlement file are valid;automatically verifying the licensee's entitled use of the computer program product using the validated terms of the licensee's entitled use as specified by the entitlement file;generating a digital signature of the licensee by digitally signing at least the licensee identification information of the certified client identity using the private key of the licensee; andgenerating the installation product by embedding the digital signature of the licensee and the digitally signed entitlement file into the decoded computer program product;installing the computer program product in a computer storage medium of a system using the installation product, wherein installing comprises identifying the licensee and verifying compliance for use of the computer program product using the embedded digitally signed entitlement file and the embedded digital signature of the licensee, and based on the verifying, installing the computer program product; andusing the digitally signed entitlement file to establish compliance for use of the computer program product for a subsequent installation of the computer program product using the installation product. 10. The apparatus of claim 9, wherein said at least one hardware device is further configured to execute the program instructions to audit the computer program product for compliance, wherein the audit is based on integrity and content of the entitlement file. 11. The apparatus of claim 10, wherein said auditing of the computer program product for compliance comprises: scanning a target system for the computer program product and associated entitlement file; andtaking one or more actions based one or more pre-defined requirements. 12. The apparatus of claim 9, wherein the entitlement file comprises at least one of a vendor identifier, a user identifier, one or more transaction identifiers, an asset identifier and one or more terms of entitlement. 13. The apparatus of claim 9, wherein the entitlement file is used to create one or more instances of an entitlement document with one or more embedded integrity metrics. 14. The apparatus of claim 9, wherein using the digitally signed entitlement file to establish compliance for use of the computer program product comprises applying each term of an entitlement agreement throughout the lifecycle of the computer program product based on integrity and content of the entitlement file. 15. The apparatus of claim 9, wherein using the digitally signed entitlement file to establish compliance for use of the computer program product comprises examining the entitlement file, wherein examining the entitlement file comprises at least one of checking for integrity using a public cryptographic operation, checking for integrity using a private cryptographic operation, checking each party, and checking each term of entitlement. 16. The apparatus of claim 9, wherein said at least one hardware device is further configured to execute the program instructions to perform a subsequent installation of the computer program product using the installation product, wherein performing the subsequent installation process comprises: accessing the digitally signed entitlement file in the computer program product;checking integrity of the entitlement file;presenting content of the entitlement file to a user for review;continuing the computer program product installation process if the user acknowledges acceptance of the entitlement file and intent to continue;presenting end user license agreement (EULA) information to the user for review; andcompleting the computer program product installation if the user acknowledges acceptance of the EULA and intent to continue. 17. A computer program product comprising a non-transitory computer readable recordable storage medium comprising computer useable program code stored therein, wherein the computer useable program code is executable by a computer to implement a method comprising: obtaining from a licensor, an encoded version of a computer program product, an entitlement file, and a certified client identity of a licensee of the computer program product, wherein the certified client identity comprises licensee identification information and cryptographic keys comprising a private key of the licensee and a signature verification public key of the licensor, wherein the certified client identity is generated and utilized by the licensor in a pre-deployment registration process for the licensee to produce an entitlement file that is unique to said certified client identity, wherein the pre-deployment process is performed by the licensor prior to making the computer program product available to the licensee;obtaining the entitlement file from the licensor which is digitally signed with a private key of the licensor of the computer program product, wherein the entitlement file specifies terms of the licensee's entitled use of the computer program product;generating an installation product in a computer storage medium of a system using the private key of the licensee, the certified client identity and the encoded version of the computer program product which is encoded with a public key of the licensee, wherein generating the installation product comprises: decoding the encoded version of the computer program product using the private key of the licensee, and decoding a digital signature associated with the entitlement file using the signature verification public key of the licensor to verify that the terms of the licensee's entitled use of the computer program product as provided by the entitlement file are valid;automatically verifying the licensee's entitled use of the computer program product using the validated terms of the licensee's entitled use as specified by the entitlement file;generating a digital signature of the licensee by digitally signing at least the licensee identification information of the certified client identity using the private key of the licensee; andgenerating the installation product by embedding the digital signature of the licensee and the digitally signed entitlement file into the decoded computer program product;installing the computer program product in a computer storage medium of a system using the installation product, wherein installing comprises identifying the licensee and verifying compliance for use of the computer program product using the embedded digitally signed entitlement file and the embedded digital signature of the licensee, and based on the veritfying, installing the computer program product; andusing the digitally signed entitlement file to establish compliance for use of the computer program product for a subsequent installation of the computer program product using the installation product. 18. The computer program product of claim 17, wherein using the digitally signed entitlement file to establish compliance for use of the computer program product comprises applying each term of an entitlement agreement throughout the lifecycle of the computer program product based on integrity and content of the entitlement file.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (44)
Kitaj,Paul Thomas; Paskett,Sherman W.; Hardy,Douglas Allan; Seeker,Frank Edward; Tugenberg,Steve Robert, Access-control method for software modules and programmable electronic device therefor.
Peinado,Marcus; Abburi,Rajasekhar; England,Paul; Ganesan,Krishnamurthy; Bell,Jeffrey R. C.; Blinn,Arnold N.; Jones,Thomas C., Digital license and method for obtaining/providing a digital license.
Wang,Xin; Nahidipour,Aram; Raley,Michael C; Lao,Guillermo; Ta,Thanh T.; Tadayon,Bijan, Method and apparatus for hierarchical assignment of rights to documents and documents having such rights.
Tadayon,Bijan; Nahidipour,Aram; Wang,Xin; Raley,Michael C; Lao,Guillermo; Ta,Thanh T; Gilliam,Charles P, Method and apparatus for transferring usage rights and digital work having transferrable usage rights.
Bialick, William P.; Housley, Russell D.; Moore, Charles R. J.; Linsenbardt, Duane J., Method and system for enforcing access to a computing resource using a licensing attribute certificate.
Larose Gordon Edward,CAX ; Allan David Ian,CAX, Method and system for networked installation of uniquely customized, authenticable, and traceable software application.
Nobuya Okayama JP; Hiroshi Koike JP; Taminori Tomita JP; Shigeru Arai JP, Method and system for preventing illegal use of digital contents, processing program thereof, and recording medium for the program.
Choudhury Abhijit K. (Scotch Plains NJ) Maxemchuk Nicholas F. (Mountainside NJ) Paul Sanjoy (Scotch Plains NJ) Schulzrinne Henning G. (Sterling NJ), Method of protecting electronically published materials using cryptographic protocols.
Takahashi Toshinari,JPX ; Nogami Hiroyasu,JPX, Software distribution system and software utilization scheme for improving security and user convenience.
DeMello,Marco A.; Narin,Attila; Setty,Venkateshaiah; Zeman,Pavel; Krishnaswamy,Vinay; Manferdelli,John L.; Byrum,Frank D.; Keely,Leroy B.; Yaacovi,Yoram; Alger,Jeffrey H., System and method for activating a rendering device in a multi-level rights-management architecture.
Stefik Mark J. ; Petrie Glen W. ; Okamoto Steve A. ; Briggs Nicholas H., System for controlling the distribution and use of rendered digital works through watermaking.
Ginter Karl L. ; Shear Victor H. ; Sibert W. Olin ; Spahn Francis J. ; Van Wie David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter,Karl L.; Shear,Victor H.; Spahn,Francis J.; Van Wie,David M., Systems and methods for secure transaction management and electronic rights protection.
Ginter,Karl L.; Shear,Victor H.; Spahn,Francis J.; Van Wie,David M.; Weber,Robert P., Trusted infrastructure support systems, methods and techniques for secure electronic commerce transaction and rights management.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.