throbber
(12) United States Patent
`(10) Patent No.:
`US 6,857,067 B2
`
`Edelman
`(45) Date of Patent:
`Feb. 15, 2005
`
`U5006857067B2
`
`(54) SYSTEM AND METHOD FOR PREVENTING
`UNAUTHORIZED ACCESS TO ELECTRONIC
`DATA
`
`.
`Inventor'
`
`(76)
`
`( 4 ) Notice:
`
`-
`-
`£43131“ 8' E4311“??? %SLa§;7gftar10
`a"
`organ“ 6’
`(
`)
`Subjectto any disclaimer, the term of this
`Patent IS extended or a0011518411 under 35
`U~S~C~ 154(b) by 641 day5~
`
`(21) Appl. No; 09/792 045
`’
`Feb. 26, 2001
`
`Filed:
`
`(22)
`
`12/1999 Horstmann .................... 705/1
`6,009,401 A
`12/1999 Horstmann .......
`713/200
`6,009,525 A
`
`.
`2/2000 Duvvoori et al.
`709/224
`6,021,438 A
`
`2/2000 Yamamura .....
`713/201
`6,023,766 A
`..... 705/34
`..
`2/2000 Barritz et al.
`6,029,145 A
`
`3/2000 Vaeth et al.
`713/201
`6,035,402 A
`4/2000 Benson ..........
`702/35
`6,047,242 A
`
`
`33888 5:12;); (it :11"
`73:65}:
`2822:;23 2
`
`6/2000 Staley ...........
`705/58
`6,073,123 A
`
`........ 705/59
`6/2000 Knutson .
`6,078,909 A
`7/2000 Gray .............
`.. 340/825.34
`6,087,955 A
`
`............. 713/201
`8/2000 Diersch et al.
`6,101,606 A
`10/2000 Goetz et al.
`................ 713/200
`6,128,741 A
`OTHER PUBLICATIONS
`
`(65)
`
`Prior Publication Data
`
`US 2002/0029347 A1 Man 7, 2002
`
`.
`.
`Charles Cagliostro, “Rosy Outlook Predicted for US Smart
`Card Market”, Card Forum International, pp. 45—47, Nov./
`Dec. 1999.
`
`Related U'S' Application Data
`Provisional application No. 60/229,934, filed on Sep. 1,
`2000.
`
`(60)
`
`Carol H. Fancher, “Smart Cards”, Scientific American, pp.
`1_10 Aug. 1996.
`
`Int. Cl.7 .................................................. G06F 1/26
`(51)
`(52) US. Cl.
`...................... 713/1.55; 713/182; 713/200;
`713/201
`
`Primary Examiner—Thomas R. Peeso
`(74) Attorney) Agenh 0r Firm—Fithatrick, Cella, Harper &
`SClntO
`
`(58) Field Of Search ................................. 713/155, 182,
`713/200, 201
`
`(57)
`
`ABSTRACT
`
`(56)
`
`References Cited
`
`U'S' PATENT DOCUMENTS
`5,502,764 A
`3/1996 Naccache .................... 380/23
`5,826,011 A
`10/1998 Chou et al.
`................. 395/186
`
`5,844,497 A
`12/1998 Gray ..............
`340/82534
`
`~~~~~~~~ 380/4
`59337498 A
`8/1999 SChneCk 6t a1~
`
`" 713/200
`5,935,246 A
`8/1999 B6950“ """"""
`5,940,504 A
`8/1999 Grlswold ....................... 380/4
`5,956,404 A
`.............. 380/25
`9/1999 Schneier et al.
`
`11/1999 Shin et al. ................ 380/25
`5,987,134 A
`6,008,737 A
`12/1999 Deluca et al.
`......... 340/825.34
`
`A system and method are provided for preventing unautho-
`rized access to electronic data stored on an electronic device.
`A portable licensing medium is configured to communicate
`With the electronic device for storing license data. The
`license data is used to determine Whether to allow access to
`the electronic data. A registration authority communicates
`With the electronic device. The registration authority has a
`database of verification data for verifying the license data
`stored on the licensing medium and provides updated license
`data to the licensing medium.
`
`113 Claims, 9 Drawing Sheets
`
`100
`
`140
`120 Smart Card
`
`Smart Card
`Reader
`
`PETITIONERS EX. 1001 Page 1
`
`PETITIONERS Ex. 1001 Page 1
`
`

`

`US. Patent
`
`Feb. 15, 2005
`
`Sheet 1 0f 9
`
`US 6,857,067 B2
`
`100
`
`140
`120 Smart Card
`
`Smart Card
`Reader
`
`Fig. 1
`
`PETITIONERS EX. 1001 Page 2
`
`PETITIONERS Ex. 1001 Page 2
`
`

`

`US. Patent
`
`Feb. 15, 2005
`
`Sheet 2 0f 9
`
`US 6,857,067 B2
`
`
`
`Fig. 2
`
`320
`
`I
`
`310
`
`315
`
`
`...
`4, {Teafm .
`
`
`:u» "L“
`g..
`e-
`»m
`,
`_
`OptionalApplicationcoa!-
`
`
`
`EEPROM
`325 Application
`
`.. Dumfiifis
`
`
`.
`
`_.
`
`., y...
`
`300
`
`C05 control are:
`
`( Internal parameters
`
`Passwords and
`confidentlal informati-
`
`01'
`
`
`Fig. 3
`
`PETITIONERS EX. 1001 Page 3
`
`PETITIONERS Ex. 1001 Page 3
`
`

`

`US. Patent
`
`Feb. 15, 2005
`
`Sheet 3 0f 9
`
`US 6,857,067 B2
`
`/16O
`
`140
`
`Smart Card
`
`Reader
`
`120
`
`100
`
`
`
`Client
`
`Registration Authority
`
`130
`
`
`
`
`
`/
`Illll
`
`
`
`
`
`
`Smart Card
`
`Vendor
`
`Fig. 4
`
`PETITIONERS EX. 1001 Page 4
`
`PETITIONERS Ex. 1001 Page 4
`
`

`

`US. Patent
`
`Feb. 15, 2005
`
`Sheet 4 0f 9
`
`US 6,857,067 B2
`
`
`
`LAN Server/
`License
`
`Manager
`
`Smart Card
`
`
`Reader
`
`110
`
`
`120
`
`Smart Card
`
`Redundant License Manager
`
`Vendor
`
`Fig. 5
`
`PETITIONERS EX. 1001 Page 5
`
`PETITIONERS Ex. 1001 Page 5
`
`

`

`US. Patent
`
`Feb. 15, 2005
`
`Sheet 5 0f 9
`
`US 6,857,067 B2
`
`gillgn}
`
`Smart1‘
`
`ma:n
`
`MI
`
`I I I1
`
`I
`
`| I
`
`InstaN software on mmpulm
`FEW,
`
`M'VICFU-MMM .n—u. _._.._.._...
`Obtain current Smartflard coatents
`,‘<___——:
`Send current contents, new product info
`
`I
`I
`
`.
`
`I
`I
`Send newI contents
`
`Cmaten
`
`I’EQIS1IB‘IIOn entry
`f 31w”
`""I
`
`LI
`I
`I
`
`I I
`
`I W'nte new content‘i
`I
`,
`L
`I
`
`1
`
`I
`
`I
`
`I
`I
`
`PETITIONERS EX. 1001 Page 6
`
`PETITIONERS Ex. 1001 Page 6
`
`

`

`US. Patent
`
`Feb. 15, 2005
`
`Sheet 6 0f 9
`
`US 6,857,067 B2
`
`I
`
`I
`
`
`
`SmWQECaId
`I
`r Chang
`Reader
`II
`
`‘veflf smartWard ts ms 11951
`
`i T
`
`Prompt user I smart card that "1495126
`
`
`
`alldate smafl can} not Iampemd by!“
`GE conlentg ofsmaxI ca'd forthis ptgdvIlci
`U
`:I]
`é__;L_———;'
`Use conlemsto vera'ythrg use: rs anthems? I'm II‘IS product
`37'" -.J
`
`I I | I I I I
`
`I
`
`PETITIONERS EX. 1001 Page 7
`
`I
`
`I
`Alia-w s (flwam 10 u»? usedl
`.
`,
`"m”;
`
`III”
`
`H
`
`I
`
`I
`
`I I I
`
`Fig. 7
`
`PETITIONERS Ex. 1001 Page 7
`
`

`

`US. Patent
`
`Feb. 15, 2005
`
`Sheet 7 0f 9
`
`US 6,857,067 B2
`
`Administ____1__ator}_eader ___a__:g_naer
`
`
`Network _anar
`Insert newer existing 3mg card
`de new employeelor look up 9:03th
`
`newcatdmahdat
`
`I
`
`card
`
`I
`
`IfnoI
`
`
`I
`Verify Inserted sIman catd IS for 3a ecIed employee
`I
`II “
`I
`1
`[
`‘v’erIfy sman CJU contents agamel! RA database
`E
`m.....-..m.. I
`I
`I
`I
`I
`
`8421»ch n9 .I pmducts
`
`
`I
`I
`Utah EMU I0 Ilard‘
`|
`
`I I I
`
`I I
`
`.
`
`i
`
`I
`
`l I I
`
`I
`
`I
`
`AgIhofiIg
`nggsjraflgn
`I
`I
`
`:
`
`I I I
`
`I
`1
`l
`
`..
`
`' 1'
`E‘end ‘ eex Info, new prgdtlct IMO
`
`
`
`PETITIONERS EX. 1001 Page 8
`
`:
`
`I
`
`—.~
`
`Nun? corsIenI$ to c
`_
`
`I I
`
`Fig. 8
`
`PETITIONERS Ex. 1001 Page 8
`
`

`

`US. Patent
`
`Feb. 15, 2005
`
`Sheet 8 0f 9
`
`US 6,857,067 B2
`
`a9!
`_ana
`“Rmmm:r _artar —en
`—€‘_I__Iem
`-I
`‘WIN»?smart cardI‘S Inserted
`
`I
`
`I I I I I
`
`I
`
`i I I I I
`
`U
`I
`I
`I
`I
`
`I I
`
`Prompt usm I smart card not miened
`
` I
`
`ahdate {man can} no! Iampered MI
`I
`I I
`canents nf smarl cardfm thus prodLet
`
`
`Use wntents to venfy thq user Is 320103029? for mu. produti
`I
`I
`Verifi‘ that lIcense IS stIll nalid
`l
`l
`I
`I
`I
`I
`I
`I
`I
`I
`
`AIIow suftv cur: to be mad
`
`
`
`Fig. 9
`
`PETITIONERS EX. 1001 Page 9
`
`PETITIONERS Ex. 1001 Page 9
`
`

`

`US. Patent
`
`Feb. 15, 2005
`
`Sheet 9 0f 9
`
`US 6,857,067 B2
`
`
`W I
`
`I
`
`I
`i
`
`I Smart Car
`I
`hem
`
`, gm Reade;
`V9”? smart card 15 Insider!
`. 3..me
`l
`a
`I
`I
`Pmmpt user ilsmart card no! Marked
`'
`
`~ M
`
`. Smart Lard
`L
`
`grqgngg
`I
`I Manager
`
`I
`1
`
`I
`I
`I
`I
`
`I
`I
`I
`I
`
`I I I l |
`
`l I
`
`‘ L
`7 I
`T
`I
`
`Vanda? smart card not zampered wmI
`
`”Tm"
`‘ 'T‘""“
`”513
`Glen! conteni 3 of smarI card for “us pmdtIact
`
`l—
`—
`‘
`I
`f‘:<_:l__.__——’L]I
`Use contents :0 mam-g 01.31: use: I? aUIthIZBfI f0l tins product
`I
`I
`521:”:
`l
`,i
`I
`I
`
`-
`lcense
`V 3- th
`t' e e ‘ an wall-
`I
`-_...- {”1}
`Ii.
`.._._ Ejl-xn- a‘ 'n-r '1:- . Inf—bl? 2
`I
`I
`r
`I Resewe license I
`I
`T
`”F“ ijmm;.1
`I
`wI
`I
`I
`I
`mm
`Aflow s. fiware to be used!
`i
`HIM—«-
`l
`I
`Releaseflc nsewhensoflwar
`. 3
`__
`______..___
`'
`i
`I
`‘IE
`I
`
`terminates
`
`I
`I
`
`Fig. 10
`
`PETITIONERS EX. 1001 Page 10
`
`PETITIONERS Ex. 1001 Page 10
`
`

`

`US 6,857,067 B2
`
`1
`SYSTEM AND METHOD FOR PREVENTING
`UNAUTHORIZED ACCESS TO ELECTRONIC
`DATA
`
`This application claims the benefit of US. Provisional
`Application No. 60/229,934, filed Sep. 1, 2000.
`
`BACKGROUND OF THE INVENTION
`
`1. Field of the Invention
`
`invention relates generally to preventing
`The present
`unauthorized access to electronic data, such as for example
`computer software, music, movies, e-books, and the like.
`More specifically, the present invention relates to an access
`authorization system and method in which a client electronic
`device communicates with a licensing medium that stores
`license data identifying the electronic data to which the user
`is authorized to have access. The client electronic device
`
`also communicates with a central registration authority that
`contains a database used to verify the license data.
`2. Related Art
`
`Electronic devices, both wired and wireless, such as
`personal computers, handheld computing devices, personal
`data assistants, cellular telephones and CD and DVD
`players, are ubiquitous. These devices perform an increasing
`array of functions, including business, entertainment and
`educational type functions, just to name a few.
`The common link between these electronic devices is
`
`their use of electronic data to perform their respective
`functions. The electronic data may be used to control the
`device itself, such as, for example, when the data comprise
`a computer software program. Alternatively, the electronic
`data may be intellectual content that is manipulated by these
`devices, such as, for example, when the data comprise
`music, movies, e-books, database information, or other
`forms of data that are privileged, copyrighted, proprietary or
`otherwise protected from unauthorized access.
`In either case, the electronic data are valuable because of
`the time and effort that was expended in their creation. For
`example, a computer software program typically is the
`product of a labor-intensive development that involves soft-
`ware engineers, programmers, artists and marketers, just to
`name a few. Similarly, music, movies and e-books typically
`are the product of creative endeavors of artists and authors.
`In addition, the creation of all of these forms of electronic
`data may involve extremely costly production and marketing
`efforts.
`
`By contrast, copying such electronic data typically
`requires very little time, effort and money. Consequently,
`unauthorized copying and distribution of electronic data is
`rampant. With regard to personal computer software, for
`example, it is estimated that 30% of software used in the
`United States is unlicensed and therefore unauthorized.
`
`in excess of 95% of the
`In certain foreign nations,
`software programs in use are unauthorized copies, which
`were created in the United States or elsewhere and sold at a
`
`small fraction of their US. retail price. In some of these
`foreign nations, software piracy has become a large industry.
`This widespread unauthorized use of software and other
`electronic data has a potential chilling effect on the artists,
`entrepreneurs, and others who would create it.
`The law, of course, provides some mechanisms for pre-
`venting or discouraging such piracy. Copyright protection,
`for example, is one of the most common legal means of
`protecting electronic data. Patent protection, also, is increas-
`ingly being used to protect some electronic data, particularly
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`various aspects of computer software. Contractual
`provisions, such as licenses, are widely used as an adjunct to
`other forms of protection.
`The right to use software under a license agreement may
`be restricted to a single user or a single computer. Where use
`on more than one computer is contemplated, such as in a
`local area network (LAN), the license may allow use on a
`number of computers. This sort of multiple computer license
`is often referred to as a site license, since it typically is
`implemented to allow several computers at a particular site
`to run the licensed software.
`
`However, the effectiveness of these legal and contractual
`measures has been inadequate. Accordingly, vendors of
`electronic data have turned to technological means of pro-
`tecting their intellectual content.
`For example, licensed electronic data, such as computer
`software, may be protected from unauthorized use and/or
`copying by using a protection scheme that requires the user
`to register the licensed software with the vendor. Generally,
`such protection schemes use a registration program that is
`included with the software and executes upon installation of
`the software.
`
`The registration program requires the user to enter a code
`sequence that was provided by the vendor with the software,
`e.g., printed on a CD-ROM case. The code sequence is
`checked by the registration program to determine whether it
`is valid. If it is valid, the registration program enables the
`user to use the software.
`
`Conventional registration programs determine the validity
`of the code sequence using mathematical algorithms.
`Typically, such algorithms are simply the inverse of the
`algorithm initially used by the vendor to generate the set of
`valid code sequences that are distributed with the software.
`While such conventional schemes do provide a rudimen-
`tary measure of security, they are far from unbeatable. In
`fact, such security systems are often thwarted by pirates who
`ascertain the algorithms for determining validity by analyz-
`ing the code sequences that they generate. Once an algo-
`rithm has been ascertained, it may be used by unauthorized
`users to generate valid code sequences for the licensed
`software. These valid code sequences or the algorithm itself,
`which is known as a keygen, then may be distributed widely
`to large numbers of unauthorized users. Indeed, keygens for
`many commercially successful licensed software products
`are freely available on the Internet.
`Some vendors have attempted to improve upon the code
`sequence protection scheme by requiring users to enter
`certain personal information, such as the user’s name and
`telephone number. This information is transmitted to the
`vendor where it is encoded and used in the code sequence
`generation process. The code sequence is sent back to the
`user, who uses it
`to unlock the software. However,
`this
`approach, like the code sequence approach discussed above,
`is also based on an ascertainable mathematical algorithm
`and therefore also may be circumvented for the same reason.
`Another approach to preventing unauthorized access to
`licensed software is to require the user to have hardware
`keys, which are referred to as dongles, connected to the
`user’s computer in order to use the licensed software.
`Typically, dongles are connected to the input/output (I/O)
`port of a computer.
`There are numerous disadvantages in the use of dongles.
`For example, each piece of licensed software requires a
`separate dongle, but computers typically have a limited
`number of I/O ports. Consequently, a number of dongles
`may have to be connected to a single I/O port if several
`
`PETITIONERS EX. 1001 Page 11
`
`PETITIONERS Ex. 1001 Page 11
`
`

`

`US 6,857,067 B2
`
`3
`pieces of license software are to be used. This may result in
`interference between the attached dongles, which may cause
`the dongles or the associated software to fail. Another
`disadvantage is that dongles may be easily lost or stolen.
`Software licensors typically replace lost or stolen dongles
`for a nominal fee, which may allow unauthorized users to
`easily obtain dongles.
`Another approach to preventing unauthorized use and/or
`copying of licensed software is to require the user to have a
`licensing module connected to the user’s network in order to
`use the licensed software. This approach is discussed in US.
`Pat. No. 6,101,606 (Diersch et al.). The module may contain
`an identification code and other licensing information. The
`licensed software periodically communicates with license
`management software on a network server. The license
`management software,
`in turn, communicates with the
`licensing module to determine whether a valid module is
`connected to the network.
`
`There are several disadvantages to the licensing module
`approach. The licensing module contains a fixed identifica-
`tion code that may be ascertained through analysis of the
`module. Ascertaining the identification code would allow an
`unauthorized user to duplicate the module. Another disad-
`vantage of the licensing module approach is that the licens-
`ing module is vulnerable to tampering. For example, a user
`may seek to increase the number of authorized users for a
`site licensing by changing licensing data stored in the
`module.
`
`Yet another disadvantage of the licensing module
`approach is that authorized users are unable to use the
`licensed software on computers that are not connected to the
`single,
`fixed network. For example, an authorized user
`would not be able to use the licensed software on a laptop
`computer, personal digital assistant or other type of mobile
`computing device.
`Another approach to preventing unauthorized use and/or
`copying of licensed software is to provide license manage-
`ment software that
`is installed on the user’s server, as
`discussed in US. Pat. No. 6,049,789 (Frison et al.). The
`management software transmits pay-per-use license requests
`for the licensed software to a central license management
`system. The central license management system grants pay-
`per-use licenses to the user upon receiving these requests
`and maintains billing records.
`This approach, however, suffers from the disadvantage
`that
`the user must be connected to the central
`license
`
`management system in order for a pay-per-use license to be
`granted. Consequently, as in the case of the licensing
`module,
`the software cannot be easily used on mobile
`electronic devices such as a laptop or personal data assistant.
`There is a need, therefore, for a system and method for
`preventing unauthorized access to electronic data that takes
`an entirely fresh approach and overcomes the drawbacks of
`the conventional techniques.
`SUMMARY OF THE INVENTION
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`The present invention generally provides a novel system
`and method for preventing unauthorized access to electronic
`data.
`
`60
`
`One aspect of the present invention provides a system and
`method for preventing unauthorized access to electronic data
`stored on an electronic device. Aportable licensing medium
`is configured to communicate with the electronic device for
`storing license data. The license data is used by the elec-
`tronic device to determine whether to allow access to the
`
`4
`communicate with the electronic device. The registration
`authority has verification data for verifying the license data
`stored on the licensing medium. The registration authority
`provides updated license data to the licensing medium.
`Embodiments of the present invention may include one or
`more of the following features. The electronic device may
`verify the validity of the licensing medium by comparing the
`license data to the verification data of the registration
`authority.
`The licensing medium may store a license data message
`digest produced by performing a hash of the license data.
`The verification data may include a copy of the license data
`message digest. The electronic device may verify the valid-
`ity of the licensing medium by comparing the license data
`message digest to the copy of the license data message digest
`in the verification data of the registration authority.
`The license data message digest may be encrypted with a
`private key associated with the registration authority. The
`private key may be one of a number of private keys
`associated with the registration authority. The verification
`data may include a copy of the encrypted license data
`message digest. The electronic device may verify the valid-
`ity of the licensing medium by comparing the encrypted
`license data message digest to the copy of the encrypted
`license data message digest in the verification data of the
`registration authority.
`The electronic device may verify the validity of the
`licensing medium by decrypting the license data message
`digest read from the licensing medium using a public key
`associated with the registration authority, generating a mes-
`sage digest by performing a hash on the license data read
`from the licensing medium, and comparing the decrypted
`message digest to the generated message digest.
`The electronic device may send registration information
`to the registration authority. The registration information
`may include a random identifier associated with the elec-
`tronic data. The verification data stored in the registration
`authority database may include a list of authorized identi-
`fiers that allow access to the electronic data. The registration
`authority may provide updated license data to the licensing
`medium when the identifier sent with the registration infor-
`mation corresponds to one of the authorized identifiers.
`The licensing medium may be a smart card having a
`memory. The smart card also may have a microprocessor.
`The smart card may decrypt a first message digest received
`from the registration authority using a public key associated
`with the registration authority, generate a second message
`digest by performing a hash on updated license data received
`from the registration authority, and compare the first mes-
`sage digest to the second message digest. The licensing
`medium may also be a memory stick,
`random access
`memory, or a computer disk (e.g., optical, magnetic, or
`electronic). The licensing medium may be a memory
`installed in a cellular telephone that may or may not be
`removable.
`
`The license data may include a licensing medium expi-
`ration date determined by a configurable time period during
`which the licensing medium is valid. The licensing medium
`expiration period may be, e.g., thirty days.
`The license data may include a software license expiration
`date determined by a configurable time period during which
`access to the electronic data is allowed. The software license
`
`expiration period may be, e.g., one day or thirty days.
`The license data may include a software security expira-
`tion date determined by a configurable time period during
`which access to the electronic data is allowed. The software
`
`65
`
`electronic data. A registration authority is configured to
`
`security expiration period may be, e.g., thirty days.
`
`PETITIONERS EX. 1001 Page 12
`
`PETITIONERS Ex. 1001 Page 12
`
`

`

`US 6,857,067 B2
`
`5
`Another aspect of the present invention provides a system
`and method for preventing unauthorized access to electronic
`data stored on an electronic device. A portable licensing
`medium is configured to communicate with the electronic
`device for storing license data. The license data is used to
`determine whether to allow access to the electronic data. A
`registration authority is configured to communicate with the
`electronic device. The registration authority has a first
`database of verification data for verifying license data stored
`in a second verification database. A license manager is
`configured to communicate with the electronic device and
`the registration authority. The license manager has a second
`database of verification data for verifying the license data
`stored on the licensing medium. The license manager pro-
`vides updated license data to the licensing medium.
`Embodiments of the present invention may include one or
`more of the following features. The electronic device may
`verify the validity of the licensing medium by comparing the
`license data to the second database of verification data of the
`
`license manager. The license manager may verify the valid-
`ity of the second database of verification data by comparing
`it to the first database of verification data of the registration
`authority.
`The licensing medium may store a license data message
`digest produced by performing a hash of the license data.
`The second database of verification data may include a copy
`of the license data message digest. The electronic device
`may verify the validity of the licensing medium by com-
`paring the license data message digest to the copy of the
`license data message digest
`in the second database of
`verification data of the license manager.
`The license data message digest may be encrypted with a
`private key associated with the registration authority or the
`license manager. The private key may be one of a number of
`private keys associated with the registration authority or the
`license manager. The second database of verification data
`may include a copy of the encrypted license data message
`digest.
`The electronic device may verify the validity of the
`licensing medium by comparing the encrypted license data
`message digest to the copy of the encrypted license data
`message digest in the second database of verification data of
`the license manager.
`The electronic device may verify the validity of the
`licensing medium by decrypting the license data message
`digest read from the licensing medium using a public key
`associated with the registration authority, generating a mes-
`sage digest by performing a hash on the license data read
`from the licensing medium, and comparing the decrypted
`message digest to the generated message digest.
`The license manager may send site license registration
`information to the registration authority. The site license
`registration information may include a random identifier
`associated with the electronic data. The verification data
`
`stored in the registration authority database may include a
`list of authorized identifiers that allow access to the elec-
`
`tronic data. The registration authority may provide updated
`verification data to the license manager when the identifier
`sent with the registration information corresponds to one of
`the authorized identifiers.
`
`The license manager may communicate with the regis-
`tration authority to verify that the verification data stored by
`the license manager corresponds to the verification data
`stored by the registration authority.
`These and other objects, features and advantages will be
`apparent from the following description of the preferred
`embodiments of the present invention.
`
`6
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`5
`
`The present invention will be more readily understood
`from a detailed description of the preferred embodiments
`taken in conjunction with the following figures.
`FIG. 1 is a block diagram of a system for protecting
`licensed electronic data used by a client computer.
`FIG. 2 shows a smart card with surface contacts.
`
`10
`
`FIG. 3 is a block diagram of the internal microchip of the
`smart card.
`
`FIG. 4 is a block diagram of a system for protecting
`licensed electronic data used by a remote client computer.
`FIG. 5 is a block diagram of a system for protecting
`licensed electronic data used by a client computer network.
`FIG. 6 is a diagram of software registration for a single-
`user system.
`FIG. 7 is a diagram of software startup for a single-user
`system.
`FIG. 8 is a diagram of adding a software license to an
`employee smart card in a multiple-user system.
`FIG. 9 is a diagram of software startup for a fixed-node
`license in a multiple-user system.
`FIG. 10 is a diagram of software startup for a floating
`license in a multiple-user system.
`DETAILED DESCRIPTION OF THE
`PREFERRED EMBODIMENTS
`
`FIG. 1 depicts a block diagram which illustrates in general
`terms an embodiment of the present invention. In FIG. 1, a
`personal computer 100, referred to as the client device, may
`be configured to use licensed computer software provided by
`a third-party vendor.
`Of course, the present invention is not limited to prevent-
`ing unauthorized access to computer software on personal
`computers. Other examples of electronic devices that use
`licensed electronic data include DVD players, handheld
`computing devices, personal data assistants (PDAs), cellular
`or personal communication system (PCS) telephones, intel-
`ligent appliances (e.g., refrigerators and heating and cooling
`systems),
`internet appliances, etc. Other examples of
`licensed electronic data include computer software, music,
`movies, e-books, artwork, privileged data (such as
`databases, privileged publications and communications),
`etc. Still other examples of both exist as well.
`In general terms,
`the protection system of the present
`invention uses a registration authority 110 that determines
`whether a given user is authorized to have access to a given
`piece of electronic data. As used herein, the phrase “access
`to electronic data” and its derivatives (e.g., “accessing
`electronic data”) refers broadly to any type of manipulation
`of electronic data, including (but not limited to) installing,
`using, copying,
`inputting, outputting, reading, writing,
`deleting, viewing, playing, storing, moving, processing, etc.
`The registration authority 110 may be implemented as a
`server on a network, operated under the control of a software
`protection administrator. The software protection adminis-
`trator maintains the registration authority 110 in cooperation
`the vendors of the electronic data.
`
`the vendor may
`As part of such a protection system,
`require the user to install a client program provided by the
`software protection administrator. The client program
`installed on the client computer 100 communicates with a
`licensing information storage medium 120, referred to as the
`licensing medium, and the registration authority 110.
`Alternatively, the client program may be embedded in the
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`PETITIONERS EX. 1001 Page 13
`
`PETITIONERS Ex. 1001 Page 13
`
`

`

`US 6,857,067 B2
`
`7
`electronic data and may be executed in the course of
`accessing the electronic data, rather than being installed
`separately by the user. The registration authority 110, in turn,
`communicates with the vendor 130, which maintains a
`database of valid licenses issued for the electronic data.
`
`The licensing medium 120 is a portable component that
`contains information concerning the software or other
`licensed electronic data that the user is authorized to access.
`
`When a user seeks to access a vended piece of electronic
`data, the client program communicates with the licensing
`medium 120 to verify that the user is authorized to access the
`electronic data.
`
`10
`
`In general, the licensing medium 120 may be any type of
`portable electronic data storage medium that has a unique,
`unalterable serial number or other form of identification that
`
`15
`
`can be transmitted electronically. Examples include smart
`cards, memory sticks, magnetic strip cards, floppy disks and
`other removable computer storage media. The licensing
`medium 120 and the electronic device that uses the licensed
`electronic data need not have a wired connection. Awireless
`
`connection, e.g., an infrared or radio frequency (RF) link,
`may be used.
`the licensing
`In certain types of electronic devices,
`medium 120 may be configured so that it is not removable,
`e.g., certain types of cellular phones, hand-held computing
`devices, or cable television control boxes. For example, the
`licensing medium may be an internal
`random access
`memory (RAM) installed in a cellular phone. It is also
`contemplated that
`the invention can include stationary
`devices, e.g., refrigerators or other household appliances,
`that have a licensing medium that is not removable.
`In the example of FIG. 1, a smart card is employed as the
`licensing medium. As shown in FIG. 2, a smart card 120 is
`a plastic card containing a microchip 300. Contacts 305 for
`the microchip 300 are formed on the surface of the card 120
`to provide data input and output and power supply input.
`As shown in FIG. 3, the microchip 300 includes a central
`processing unit (CPU) 310 that has an associated random
`access memory (RAM) 315, although a smart card without
`a CPU also may be used. The RAM 315 is used to tempo-
`rarily store information during processing while power is
`being supplied to the card. Aread only memory (ROM) 320
`permanently stores the microchip operating system. An
`erasable programmable read only memory (EPROM) 325
`stores application code and data, such as the licensing
`information discussed above.
`
`Referring again to FIG. 1, the client program accesses the
`smart card 120 using a smart card reader 140 connected to
`the client computer 100. The smart card 120 contains
`licensing information that indicates to the client program
`which software the user is authorized to access. The licens-
`
`ing information may include other information as well, such
`as for example time-stamps that indicate when the license
`for each authorized software expires.
`The smart card may be a dedicated smart card that is
`specifically provided for use as a licensing medium.
`Alternatively, a generic smart card having other functions,
`e.g., a credit card, may be adapted for use as the licensing
`medium. In such a case, the smart card would function both
`for the original purpose and as the licensing medium.
`The registration authority 110 is a remote server that
`maintains a licensing database containing information for all
`of the licensing media 120 authorized by the software
`protection administrator and all of the software licenses
`authorized by the software vendors 130. The client program
`communicates with the registration authority 110 to perform
`
`8
`a number of functions associated with the operation of the
`protection system. The client program may communicate
`with the registration authority 110, for example, using the
`Internet 150.
`
`For example, the client program may verify the validity of
`the smart card 120 by communicating with the registration
`authority 110. As a further example,
`the client program
`communicates with the registration authority 110 to change
`the contents of th

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket