`
`United States Patent [19]
`Cooper et al.
`
`Liu Patent Number:
`[45] Date of Patent:
`
`5,757,907
`May 26, 1998
`
`[54] METHOD AND APPARATUS FOR ENABLING
`TRIAL PERIOD USE OF SOFTWARE
`PRODUCTS: METHOD AND APPARATUS
`FOR GENERATING A MACHINE-
`DEPENDENT IDENTIFICATION
`
`[75]
`
`Inventors: Thomas Edward Cooper, Louisville;
`Robert Franklin Pryor. Longmont.
`both of Colo.
`
`[73]
`
`Assignee: International Business Machines
`Corporation. Armonk, N.Y.
`
`[21]
`
`Appl. No.: 235,032
`
`[22]
`
`Filed:
`
`Apr. 25, 1994
`
`[51]
`[52]
`
`Int. C1.6
`U.S. Cl.
`
`[58]
`
`Field of Search
`
` H04L 9/00: HO4L 9/32
` 380/4; 380/21; 380/23;
`380/25: 380/49
` 380/4. 9. 21. 23.
`380/25, 49. 50
`
`[56]
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
` 380/4
`4,888,798 12/1989 Earnest
`........... ............. 395/575
`6/1991 Archie et al.
`5,021,997
` 380/4
`4/1992 Comerford et al.
`5,109,413
` 395/600
`5,155,847 10/1992 Kirouac et al.
` 364/479
`5,166,886 11/1992 Molnar et al.
` 380/4
`3/1994 Loiacono
`5,293,422
` 380/4
`8/1994 Chou et al.
`5,337,357
`
`FOREIGN PATENT DOCUMENTS
`
`0 268 139 A3
`0 561 685 Al
`0 598 587 Al
`0 601 500 Al
`2 136 175
`WO 94/07204
`
`5/1988 European Pat. Off.
`9/1993 European Pat. Off.
`5/1994 European Pat. Off.
`6/1994 European Pat. Off.
`9/1984 United Kingdom
`3/1994 WII30
`
`GO6F 1/00
`GO6F 12/14
`GO6F 1/00
`GO6F 1/00
`HO3K 13/24
`GO6F 15/21
`
`OTHER PUBLICATIONS
`"Information Distribution via Rom Disks" (IBM Technical
`Disclosure Bulletin. vol. 33. No. 12. May 1991).
`"Data Masking Algorithm" (IBM Technical Disclosure Bul-
`letin, vol. 32, No. 6B. Nov. 1989).
`
`Primary Examiner—Bernarr E. Gregory
`Attorney; Agent, or Finn—Edward H. Duffield; Melvin A.
`Hunn; Andrew J. Dillon
`
`[57]
`
`ABSTRACT
`
`A method and apparatus is provided for distributing a
`software object from a source to a user. A software object is
`encrypted with an encryption operation utilizing a long-lived
`encryption key. It is directed from the source to the user. It
`is loaded onto a user-controlled data processing system
`having a particular configuration. A numerical machine
`identification is derived based at least in part upon the
`particular data processing system configuration of the user-
`controlled data processing system. A temporary key is .
`derived which is based at least in part upon the numerical
`machine identification and the long-lived encryption key.
`The long-lived key generator is provided for receiving the
`temporary key and producing the long-lived encryption key.
`The user is allowed to utilize the temporary key for a
`prescribed interval to generate the long-lived encryption key
`to access the software object.
`
`0 268 139 A2
`
`5/1988 European Pat. Off.
`
` G06F 1/00
`
`8 Claims, 28 Drawing Sheets
`
`100
`
`0-
`
`rir '
`
`-1
`')
`
`1
`
`',--XPANS1ON
`
`70
`
`68
`
`72
`
`88
`
`86
`
`5 102
`
`74
`
`7 MEMORY
`CONTROLLER
`
`BUS
`CONTROLLER L
`
`INTERRUPT
`CONTROLLER
`
`80386
`
`62
`
`80387
`
`) 64
`
`76
`
`RAM
`
`ROM
`
`CMOS
`RAM
`
`DISKET TE
`CONTROLLER
`_J
`L
`
`SERI Al
`CONTROLLER
`
`CONTROLLER
`
`SYSTEM BUS WICROCHANNED
`
`78
`
`BO
`1_
`KEYBOARD
`MOUSE
`CONTROLLER
`
`)( 82
`
`DMA
`CONTROLLER ]
`
`1
`
`VGA
`VIDEO
`CONTROLLER
`
`
`
`" 66
`
`<I>
`
`589
`
`I
`PARALLEL
`CONTROLLER
`
`Lem
`
`asisl
`
`90
`
`- 92
`
`90
`
`EMPTY
`SLOT 6
`
`-L
`
`60
`
` (06
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0001
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 1 of 28
`
`5,757,907
`
`Oo
`
`rTh
`
`7COMPUTER-
`ACCESSIBLE
`MEMORY
`MEDIA
`
`10
`
`A
`16
`
`18
`
`—
`
`TELE-PHCNE
`14
`
`PROCESSOR
`
`Ird awe,
`
`4.101411741
`
`REMOVABLE KEY
`
`FIG,
`
`26
`
`20
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0002
`
`
`
`MCI
`
`04
`*-C
`
`"`
`
`‘,0
`OC
`
`8Z Jo z }nags
`
`108
`
`112
`
`118_
`
`122 '
`
`112
`
`S
`114 115
`
`\
`
`115
`
`- 120
`
`114
`
`114
`
`112 7
`
`LOCAL AREA
`NETWORK
`
`112 -
`
`1
`
`- 12NZ
`
`114
`
`116
`
`FIG. 2
`
`126
`
`•
`
`I
`"If
`
`134
`
`124
`
`128
`
`1307 7
`
`gani
`
`114
`17ATEWAY
`SERVER
`
`130
`
`130
`
`S
`
`LOCAL
`AREA
`NETWORK
`
`132
`
`130
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0003
`
`
`
`Waled *S..11
`
`8661 `9Z SulAT
`
`8Z Jo £ loaqS
`
`ur
`tri
`
`98
`
`100
`A
`
`70
`
`5 68
`
`72
`
`F-XPANr;ION
`CARHS
`
`6c
`
`88
`
`>
`
`86
`
`,s 102
`
`76
`
`RAM
`
`ROM
`
`CMOS
`RAM
`
`
`
`DISKETTE
`CONTROLLER
`
`SERIAL
`CONTROLLER
`
`DISK
`CON TROLLER
`
`SYS TEM BUS (MICROOKIANNED
`
`78
`
`80
`
`82
`
`5 84
`
`50
`
`KEYBOARD
`MOUSE
`CONTROLLER
`
`DMA
`CONTROLLER
`
`VGA
`VIDEO
`CONTROLLER
`
`PARALLEL
`CONTROLLER
`
`rEMPTY
`SLOTS
`
`74
`
`MEMORY
`CONTROLLER
`
`rCONTROLLER
`
`BUS
`
`INTERRUPT
`CONTROLLER
`
`80386
`
`62
`
`80387
`
`64
`
`r
`
` 4.3 Beg
`
`90
`
`66
`
`92
`
`94 -----.
`
`96
`
`106
`
`(r IC
`
`-3
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0004
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 4 of 28
`
`5,757,907
`
`201
`(
`
`203
`
`205
`
`2 -
`
`REAL
`<EY
`
`1
`
`SOFT'vVARE
`OBJECT
`
`ENCRYPTION
`ENGINE
`
`—
`
`ENCRYPTED
`SOFTWARE
`CBjECT
`
`FIG,
`
`MEMORY MEDIA
`
`
`
`213
`
`ap,
`
`215
`
`USER-SPECIFIC :NFORMATION
`
`MACHINE ID
`
`r
`
`217
`
`PRODUCT KEY
`
`CUSTOMER NUMBER
`
`F G, 5
`
`
`
`J
`
`CUSTOMER
`USER
`
`211
`
`VENDOR
`SOURCE
`
`209
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0005
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 5 of 28
`
`5,757,907
`
`C BEG:N-2---y--_, 219
`
`MAKE LANGUAGE/
`LOCALE SELECTION
`
`221
`
`IDENTIFY TRY AND BUY
`OPTIONS BY COMPLETING
`APPROPRIATE FIELDS
`
`2
`
`223
`
`FUNCTIONALLY LIMIT
`OR ENCRYPT
`TRY AND BUY PROGRAMS
`
`LOAD SHELL AND
`TRY AND BUY PROGRAMS ON
`COMPUTER-ACCESSIBLE
`MEMORY MEDIA
`
`225
`
`227
`
`END
`
`229
`
`FIG, 6
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0006
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 6 of 28
`
`5,757,907
`
`BEGIN
`
`231
`
`DISTRIBUTE COMPUTER-
`ACCESSIELE MEDIA FOR
`TRY-AND-BUY
`TRIAL INTERVAL
`
`LOAD 'FILE MANAGEMENT
`PROGRAM FOR EXECUTION
`
`ALLOW BROWSING
`DISPLAY APPROPRIATE
`USER INTERFACE
`
`INTERACT WITH CUSTOMER
`TO GATHER INFO AND
`DISTRIBUTE TEMPORARY KEY
`
`ALLOW TRIAL FOR
`TRIAL INTERVAL
`
`$
`
`MONITOR AND OVERSEE ALL
`I/O CALLS TO PREVENT
`UNAUTHORIZED USE
`
`INTERACT WITH CUSTOMER
`TO DELIVER
`PERMANENT KEY
`
`233
`
`235
`
`237
`
`239
`
`24I
`
`243
`
`245
`
`END
`
`C
`
`247
`
`FIG, 7
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0007
`
`
`
`luaind 'S'il
`
`866T `9Z AM
`
`8Z Jo L PaqS
`
`tto
`
`U'
`
`251
`
`273
`
`253
`
`263
`
`FIG, 8
`
`Order Form
`
`249
`
`WordPerfect
`CORPORATION
`
`Order toll free X 24 hours a day X 7 days a week
`
`1 — 800
`
`/24
`
`999c:
`
`j
`
`269
`
`- Media ID 12345ABC
`
`Machine pi X565-853-9000
`
`255 ---"`
`
`257
`
`259
`
`--
`
`ITEM
`
`
`
`DESCRIPTION
`
`260
`
`123456789012345
`
`Lotus 1-2-3 for Windows
`
`PRICE
`
`$49.95
`
`Customer IDS C123-456 789
`
`271
`
`Delete
`
`Payment methods ecceptedi
`
`-
`
`fee LA
`
`Purchase order
`
`Check/money order
`
`Gift certificate
`
`$19.95
`SUBTOTAL'
`Does not Include applicable tax end
`snipping and handling charges. Prices
`subject to change.
`
`261
`
`265
`
`267
`
`Close
`
`Fax
`
`
`
`Unlock
`
`Help
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0008
`
`
`
`lualud 'Fa
`
`8661 `9Z iCuW
`
`8Z JO 8 PaqS
`
`277
`
`279
`
`281
`
`- 283
`
`28/
`
`291
`
`293
`
`IG.
`
`.7
`
`•
`
`Order information
`
`—Address information
`C) Customer address
`
`C) Ship to address (if different)
`
`Name
`
`Address
`
`[Hillary Clinton
`
`The White House
`1600 Pennsylvania Ave.
`Washington, D.C., 11112-5993
`U.S.A.
`
`Phone
`
`Fax
`
`(410) 555-4392 ext.4990
`
`(410) 555-41300
`
`Payment method
`Visa
`
`Payment information
`Account number
`14438-3902-9392-3333
`
`Ship method
`Federal Express-- Tt
`
`Expiration date
`6/95
`
`-------
`VAT ID
`1234557890
`
`275
`
`285
`
`289
`
`295
`
`
`Cancel
`
`297
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0009
`
`
`
`jualed 'Fa
`
`8661 `9Z Xel411
`
`RZ JO 6 WIN
`
`11
`
`The following products need to be unlocked:
`Select a product, enter a keg, and press Save.
`301 ,_ly e
`
`Item
`
`WP 10002
`WP 10003
`WP 30001
`
`,------ 309
`Description
`
`WordPerfect 6.0 f or OS/2
`DrawPerfect 2,0 for OS/2
`Norton Utilities version 7.0
`
`307 ------
`
`305 \_,/^-
`
`311
`
`Keg:
`1234-1234- 1231-1234-1234
`
`Save
`
`317
`
`313
`
`315 \ Y
`
`Customer ID:
`
`0123-456-7890
`
`.-Machine ID:
`X123-455-7890
`
`319
`
`I_ Close
`
`321
`
`FIG. 10A
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0010
`
`
`
`ivalud 'Sill
`
`8661 `9Z /CRIAI
`
`Rz JO UT Paqs
`
`313
`
`315
`
`Unlock
`
`r Audio
`
`isual Connection 1.05
`
`Machine ID:
`
`X123-456-8421
`
`Customer ID:
`
`[C987-653-2100
`
`303
`
`311
`
`Key:
`
`4832
`
`4949
`
`6333 1
`
`5427
`
`8487 1
`
`317
`
`Save
`
`I
`
`Cancel
`
`319
`
`321
`
`?
`
`FIG. 10B
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0011
`
`
`
`luny(' 'S11
`
`II laallS
`
`8Z
`
`Unlock
`
`Time and Place/2
`
`Verify correct starting date.
`
`310 --
`
`12/25/93
`
`312 .
`
`Continue
`
`I
`
`Cancel
`
`314
`
`Help
`
`316
`
`F-IG 11
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0012
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 12 of 28
`
`5,757,907
`
`, 353
`
`-7
`
`COMPLJ- Er'
`
`USER-
`SPECIFIC
`A 77RT-3UTES
`
`MACHINE ID
`--11. GENERATOR
`(RANDOM)
`
`3
`
`MACHINE
`
`FIa 12
`
`357
`
`359
`
`f
`
`MACHINE
`
`
`
`
`
`ENCRYPTION
`ENGINE
`
`361
`
` owl
`
`ENCRYPTED
`MACHINE
`ID
`
`I
`I
`I
`---J
`
`KEY
`
`363
`
`SYSTEM
`ATTRIBUTES
`SELECTION ,
`
`365
`
`367
`
`HARD DISK SERIAL NO,
`2, SIZE OF HARD DISK
`3. FORMAT OF HARD DISK
`4. SYSTEM MODEL NO,
`5. HARDWARE INTERFACE CARD
`6, HARDWARE SERIAL NO,
`7. CONFIGURATION PARAMETERS
`
`F-IG, 13
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0013
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 13 of 28
`
`5,757,907
`
`375
`
`SECRET
`KEY
`
`357,,
`
`359
`
`371
`
`MACH:NE ID
`
`CUSTOMER NO,
`
`REAL KEY
`
`373
`
`CONTROL BLOCK
`
`374
`
`1
`
`TRIAL
`INTERVAL DATA
`
`PRODUCT
`KEY
`ENCRYPTION
`ENGINE
`
`PRODUCT
`KEY
`
`FIG. 14
`
`379
`
`PRODUCT KEY
`
`
`
`381
`
`369
`
`CUSTOMER NO.
`
`373
`
`CONTROL BLOCK
`
`357
`
`374
`
`MACHINE ID
`
`TRIAL
`INTERVAL DATA
`
`REAL
`KEY
`GENERATOR
`
`REAL
`KEY
`(DERIVED)
`
`FIG. 15
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0014
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 14 of 28
`
`5,757,907
`
`383
`
`ENCRYPTED
`VALIDATION
`DATA
`SEGMENT
`
`Ire 381
`;DERIVED;
`
`REAL
`KEY
`
`385
`
`CLEAR
`VALIDATION
`TEXT
`(DERIVED)
`
`ENCRYPTION
`ENGINE
`
`FIG, 16
`
`387
`
`CLEAR
`VALIDATION
`TEXT
`(DERIVED)
`
`389
` awl COMPARATOR
`
`MATCH ENO NO MATCH
`
`391
`
`CLEAR
`VALIDATION
`TEXT
`(KNOWN)
`
`393
`
`CREATE
`KEY
`FILE
`
`POST
`WARNING
`
`395
`
`FIG, 17
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0015
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 15 of 28
`
`5,757,907
`
`397
`
`399
`
`425
`
`5
`
`KEY FILE
`
`PRODUCT KEY
`CUSTOMER KEY
`CLEAR MACHINE
`fl
`
`TRIAL INTERVAL
`DATA
`
`ENCRYPTION
`ENGINE
`
`ENCRYPTED
`KEY FILE
`
`4e1
`
`421
`
`KEY
`
`4
`
`UNIQUE
`SYSTEM
`ATTRIBUTES
`
`FIG. 18
`
`405
`
`ENCRYPTED
`FILE
`
`407
`
`READ
`HEADER
`
`FETCH
`KEY FILE
`
`409
`
`READ
`
`ENCRYPTED ENCRYPTED
`VALIDATION
`TEXT
`
`411
`
`FIG 19
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0016
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 16 of 28
`
`5,757,907
`
`DECRYPTION
`ENGINE
`
`REAL
`KEY
`
`421
`
`MACHINE ID
`
`415
`
`CUSTOMER KEY
`
`417
`
`PRODUCT
`KEY
`
`419
`
`FIG. 20
`
`423
`
`425
`
`427
`
`ENCRYPTED
`VALIDATION
`TEXT
`
` ON- DECRYPTION
`ENGINE
`
`CLEAR
` ill VALIDATION
`TEXT
`(DERIVED)
`
`REAL
`KEY
`
`421
`
`FIG, 21
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0017
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 17 of 28
`
`5,757,907
`
`4 -17
`
`429
`
`431
`
`CLEAR
`VALIDATION
`TEXT
`(DERIVED)
`
`
`
`sPs-i COMPARATOR
`
`H
`
`MATCH
`
`NO MATCH
`
`CLEAR
`VALIDAT:ON
`TEXT
`(KNOWN)
`
`433
`
`\-"i
`
`DECRYPT
`POST
`SOFTWARE'; WARNING
`OBJECT
`
`435
`
`FIG, 22
`
`437
`
`439
`
`443
`
`ENCRYPTED
`SOFTWARE
`OBJECT
`
`DECRYPTION
`ENGINE
`
`SOFTWARE
`OBJECT
`
`VALIDATED
`REAL KEY
`
`441
`
`FIG, 23
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0018
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 18 of 28
`
`5,757,907
`
`451
`
`ENCRYP7ICN
`HEADER
`A
`
`457
`
`)(
`
`
`
`5:3
`
`455
`
`MOLE
`IDENTIFIER
`
`NAME OF
`KEY FILE
`
`459
`
`ENCRYPTION
`TYPE SEGMENT
`
`OFFSET - 0
`SIDE FILE
`
`ENCRYPTED
`ALIDAT:ON
`SEGMENT
`
`ENCRYPTED
`FILE DATA
`
`FILE DATA
`
`461
`
`FIG, 24
`
`DIRECTORY OF
`ENCRYPTED FILES
`
`SIDE FILE
`
`4E5
`
`467
`
`469
`
`471 r ~ J
`
`473
`
`4'5
`
`aaa
`bbb
`
`C C C
`
`oda
`
`nnn
`
`AAA
`
`BBB
`
`C C C
`
`DDD
`
`NNN
`
`✓477
`
`479
`
`481
`
`483
`
`485
`
`FIG, 25
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0019
`
`
`
`wajed 'S'il
`
`8Z Jo 61 WIN
`
`499
`
`HEADER
`
`501
`
`503
`
`505
`
`507
`
`509
`
`511
`
`513
`
`SIGNATURE
`
`HEADER
`LEN
`
`SIDE FILE SIDE FILE
`INDEX
`LEN
`
`ENCRYPT
`TYPE
`
`VERIFY
`DA1A
`
`KEY FILE
`NAME
`
`TYPE 1 - DATA FILES (NON-EXECUTING)
`
`END OF
`FILE
`
`CLEAR FILE
`
`ENCRYPTED
`FILE
`
`MODIFIED
`ENCRYPTED
`FILE
`
`521
`
`FILE STARTING LOCATION
`
`HEADER
`i_____
`
`523
`
`499
`
`525
`
`FTC, 26
`
`527
`
`SIDE FILE
`
`SIDE FIl F
`LEN
`
`2nd
`COPY
`OF
`VERIFY
`DATA
`
`TIC, 27
`
`N
`
`MOVE
`OVERLAYED
`DATA TO
`SIDE FILE
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0020
`
`
`
`waled 'STI
`
`8661 `9Z XRIAI
`
`8Z Jo OZ WI'S
`
`TYPE 2 - EXECUTING FILE
`
`535
`
`539
`
`SIDE FE F
`
`OVER LAYED
`DATA
`2nd COPY OF
`
`VERIFY DATA
`
`CLEAR FILE
`
`ENCRYPTED
`FILE
`
`ENCRYPTED
`FILE
`
`_J
`
`HEADER
`
`EXE STUB
`
`499
`
`531
`
`533
`
`537
`
`FIG, 28
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0021
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 21 of 28
`
`5,757,907
`
`BEGIN
`
`601
`
`MONITOR I/O CALLS
`
`603
`
`FOR EACH I/O CALL,
`INTERCEPT CALLED FILE
`
`
`
` 605
`
`DENY ACCESS TO
`OPERATING SYSTEM
`
`READ PORTION OF FILE
`WHERE DECRYPTION
`BLOCK LOCATED
`
`DERIVE KEY
`FILE ADDRESS
`
`FETCH KEY FILE
`
`607
`
`509
`
`611
`
`613
`
`615
`
`11,
`
`KEY
`FILE
`LOCATOR,
`
`NO
`
`617
`
`END
`
`YES
`
`A
`
`HiG. 29A
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0022
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 22 of 28
`
`5,757,907
`
`DERIVE KEY
`
`DECRYPT
`VALUATION SEGMENT
`
`619
`
`621
`
`625
`(
`
`NO
`
`END
`
`627
`
`629
`
`631
`
`633
`
`623
`
`DOES
`DECRYPTION
`VALUATION
`SEGMENT -
`CLEAR TEXT „----'
`
`YES
`
`ALLOW ACCESS TO
`CALLED FILE
`
`READ DECRYPTION TYPE
`
`
`yI
`
`DECRYPT
`
`PASS TO
`OPERATING SYSTEM
`
`635
`
`END
`
`FIG, 29B
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0023
`
`
`
`Waled *S11
`
`8661 `9Z gulAI
`
`8Z JO CZ PaqS
`
`665
`
`MEMORY MEDIA
`ATIRIBUIE
`
`66/
`
`679
`
`55/7
`
`MODIFIER
`
`ENCRYPTION
`OPERATION
`
`669
`
`MEMORY MEDIA
`ATTRIBUTE
`
`MODIFIER
`
`ENCRYPTION
`OPERATION
`
`COPY TO
`MEMORY
`MEDIA
`
`MEMORY
`MEDIA
`
`671
`
`673
`
`681
`
`5
`
`677
`
`COPY TO
`MEMORY
`MEDIA
`
`MEMORY
`MEDIA
`
`MODIFY EXPORT
`COUNTER
`
`661
`
`[KEY
`
`662
`
`655
`
`L
`DECRYPTION
`OPERATION
`
`663
`
`675
`
`FIG. 30
`
`SOURCE
`COMPUTER
`
`651
`
`653
`
`T59
`
`
`
`KEY
`657
`
`7-,
`
`DECRYPTION
`OPERATION
`
`KEY FILE
`
`- PRODUCT KEY
`- CUSTOMER KEY
`CLEAR MACHINE
`ID
`- TRIAL INTERVAL.
`DATA
`- EXPORT COUNTER
`
`MACHINE
`IDENTIFICATION
`FILE
`
`- MACHINE ID
`- TRIAL INTERVAL
`DATA
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0024
`
`
`
`juaiud 'S'fl
`
`8661 `9Z ggIAT
`
`ro,
`
`00
`
`683
`COPY TARGET
`
`MACHINE ID TO
`MEMORY MEDIA
`COPY FROM
`MEMORY MEDIA
`685
`
`691
`
`697
`
`693
`
`COPY FROM
`MEMORY
`MEDIA
`
`FIG, 31
`
`698
`
`687
`
`KEY 1
`689
`DECRYPTION
`OPERATION
`RETRIEVE AND
`RECORD
`
`MACHINE ID
`OF SOURCE
`COMPUTER
`I KEY 695
`DECRYPTION
`OPERATION
`UPDATE
`
`MACHINE ID
`WITH TARGET
`COMPUTER
`
`MACHINE ID
`
`/07
`
`699
`5
`ENCRYPTION
`OPERATION
`TARGET
`COMPUTER
`ATTRIBUTE
`701
`703
`ENCRYPTION
`OPERATION
`TARGET
`COMPUTER
`ATTRIBUTE
`705
`
`1 ARGET
`COMPUT PC
`
`/09
`
`KEY FILE
`PRODUCT KEY
`- CUSTOMER KEY
`CLEAR MACHINE
`ID TRIAL INTERVAL
`DATA
`- EXPORT COUNTER
`SOURCE MACHINE
`ID
`MACHINE
`IDENTIFICATION
`F=ILE
`
`- MACHINE ID
`- TRIAL INTERVAL
`DATA
`711
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0025
`
`
`
`PIaJud "S'il
`
`SZ Jo SZ laaqS
`
`to
`=.1
`
`807
`
`809
`
`811
`
`IC, 32
`
`801
`
`SOURCE PC
`
`MACHINE ID FILE:
`ENCRYPTED WITH
`SYSTEM ATTRIBUTE
`KEY
`
`803 ---,-
`
`INCLUDES MACHINE
`TOTAL
`
`INCLUDES COUNT OF
`NUMBER OF ALLOWED
`EXPORTS
`
`CUSTOMER
`INFORMATION
`
`EXPORT KEY DISKETTE
`
`MACHINE ID FILL:
`ENCRYPTED WITH
`DISKETTE ATTRIBUTE
`KEY
`
`INCLUDES NUMBER
`OF IMPORTS USED
`
`CUSTOMER
`INFORMA I ION
`
`MACHINE
`IDENTIFICATION
`
`KEY FILE:
`
`KEY FILE:
`
`805
`
`ENCRYPTED WITH
`SYSTEM ATTRIBUTE
`KEY
`
`ENCRYPTED WITH
`DISKETTE ATTRIBUTE
`KEY
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0026
`
`
`
`Juaiud *S71
`
`866T `9Z ARAI
`
`gz Jo 9Z Paqs
`
`815
`
`817
`
`FAG, 33
`
`807 -
`
`809
`
`MACHINE 1D FILE
`ENCRYPTED WITH
`DISKETTE ATTRIBUTE
`KEY
`
`UPDATE WITH
`TARGET PC
`MACHINE ID,
`AND COUNT OF
`IMPORTS USED
`
`MACHINE ID FILE
`
`810
`
`ENCRYPTED WITH
`SYSTEM ATTRIBUTE
`KEY
`
`INCLUDES LIST OF
`IMPORT MACHINE
`IDs
`
`CUSTOMER
`INFORMATION
`
`EXPORT KEY DISKETTE
`
`TARGET PC
`
`KEY FILE:
`
`811
`
`ENCRYPTED WITH
`DISKETTE ATTRIBUTE
`KEY
`
`IMPORT KEY FILE:
`ENCRYPTED WITH
`SYSTEM ATTRIBUTE
`KEY
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0027
`
`
`
`lualzd eS*11
`
`8z JO Lt PaqS
`
`1651
`
`SOURCE
`COMPUTER
`
`1653
`
`
`
`16591659
`
`KEY
`
`1657
`
`16/P,
`
`1665
`
`5
`IR ANSFER
`KEY
`
`KEY FILE
`
`- PRODUCT KEY
`- CUSTOMER KEY
`- CLEAR MACHINE
`ID
`TRIAL INTERVAL
`DATA
`- EXPORT COUNTER
`
`MACHINE
`IDENTIFICATION
`FILE
`
`- MACHINE ID
`- TRIAL INTERVAL-
`DATA
`
`-
`
`DECRYPTION
`OPERATION
`
`ENCRYPTION
`OPERATION
`
`MODIFY EXPORT
`COUNTER
`
`1669
`
`1661
`
`1655
`
`1662
`
`1671
`
`S
`
`TRANSFER
`KEY
`
`DECRYPTION
`OPERATION
`
`ENCRYPTION
`OPERATION
`
`1663
`
`1675
`
`COPY TO
`MEMORY
`MEDIA
`
`-
`
`MEMORY
`
`MEDIA MEDIA
`
`1681
`
`5
`
`COPY TO
`MEMORY
`MEDIA
`
`16577
`
`MEMORY
`MEDIA
`
`'J3 4
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0028
`
`
`
`jUalUd *S'il
`
`866I `9Z RANI
`
`8Z Jo 8Z WIN
`
`1683
`
`I
`
`1687
`
`+of
`
`COPY TARGET
`MACHINE ID TO
`MEMORY MEDIA
`
`[ -KEY
`
`1689
`7-/
`
`1
`
`COPY FROM
`MEMORY MEDIA
`
`DECRYPTION
`OPERATION
`
`1685
`
`1691
`
`RETRIEVE AND
`RECORD
`MACHINE ID
`OF SOURCE
`COMPUTER
`
`1693
`
`1697
`
`I KEY
`1
`
`1695
`
`1707
`
`TAPE
`COMPUTER
`
`1709
`
`1699
`
`ENCRYPTION
`OPERATION
`
`Om-
`
`TARGFT
`COMPUTER
`ATTRIBUTE
`
`1701
`
`1703
`
`KEY FILE
`
`PRODUCT KEY
`CUSTOMER KEY
`CLEAR MACHINE
`ID
`TRIAL INTERVAL.
`DATA
`- EXPORT COUNTER
`SOURCE MACHINE
`ID
`
`MACHINE
`IDENTIFICATION
`FILE
`
`COPY FROM
`MEMORY
`MEDIA
`
`DECRYPTION
`OPERATION
`
`ENCRYPTION
`OPERATION
`
`UPDATE
`MACHINE ID
`WITH TARGET
`COMPUTER
`MACHINE ID
`
`1698---"
`
`TARGET
`COMPUTER
`ATTRIBUTE
`
`- MACHINE ID
`- TRIAL INTERVAL
`DMA
`
`L
`
`1705
`
`1 - 1711
`
`FIG, 35
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0029
`
`
`
`5,757,907
`
`1
`METHOD AND APPARATUS FOR ENABLING
`TRIAL PERIOD USE OF SOFTWARE
`PRODUCTS: METHOD AND APPARATUS
`FOR GENERATING A MACHINE-
`DEPENDENT IDENTIFICATION
`
`CROSS-REFERENCE TO RELATED
`APPLICATION
`
`The present application is related to U.S. patent applica-
`tion Ser. No. 08/235,033, entitled "Method and Apparatus
`for Enabling Trial Period Use of Software Products: Method
`and Apparatus for Utilizing a Decryption Stub," further
`identified, by Attorney Docket No. BT9-93-070; now aban-
`doned U.S. patent application Ser. No. 08/235.035. entitled
`"Method and Apparatus for Enabling Trial Period Use of
`Software Products: Method and Apparatus for Allowing a
`Try-and-Buy User Interaction," further identified by Attor-
`ney Docket No. DA9-94-008; now U.S. Pat. No. 5,689,560
`U.S. patent application Ser. No. 08/235,031, entitled
`"Method and Apparatus for Enabling Trial Period Use of
`Software Products: Method and Apparatus for Utilizing an
`Encryption Header," further identified by Attorney Docket
`No. DA9-94-010; now U.S. Pat. No. 5,598,470 and U.S.
`patent application Ser. No. 08/238.418. entitled "Method
`and Apparatus for Enabling Trial Period Use of Software
`Products: Method and Apparatus for Allowing the Distribu-
`tion of Software Objects," and further identified by Attorney
`Docket No. DA9-94-011. now U.S. Pat. No. 5.503.946. all
`filed on Apr. 25, 1994 by the inventors hereof and assigned
`to the assignee herein, and incorporated by reference herein.
`
`BACKGROUND OF THE INVENTION
`1. Technical Field
`The present invention relates in general to techniques for
`securing access to software objects. and in particular to
`techniques for temporarily encrypting and restricting access
`to software objects.
`2. Description of the Related Art
`The creation and sale of software products has created
`tremendous wealth for companies having innovative
`products, and this trend will continue particularly since
`consumers are becoming ever-more computer literate as
`time goes on. Computer software is difficult to market since
`the potential user has little opportunity to browse the various
`products that are available. Typically, the products are
`contained in boxes which are shrink-wrapped closed, and
`the potential customer has little or no opportunity to actually
`interact with or experience the software prior to purchasing.
`This causes considerable consumer dissatisfaction with
`products, since the consumer is frequently forced to serially
`purchase a plurality of software products until an acceptable
`product is discovered. This is perhaps one significant cause
`of the great amount of software piracy which occurs in our
`economy. A potential software purchaser will frequently
`"borrow" a set of diskettes from a friend or business
`associate, with the stated intention of using the software for
`a temporary period. Frequently, such temporary use extends
`for long intervals and the potential customer may never
`actually purchase a copy of the software product, and may
`instead rely upon the borrowed copy.
`Since no common communication channel exists for the
`sampling of software products, such as those created in
`movie theaters by movie trailers, and in television by
`commercials, software manufacturers are forced to rely
`upon printed publications and direct mail advertisements in
`order to advertise new products and solicit new customers.
`
`10
`
`25
`
`2
`Unfortunately, printed publications frequently fail to provide
`an accurate description of the product. since the user inter-
`action with the product cannot be simulated in a static
`printed format. The manufacturers of computer software
`5 products and the customers would both be well served if the
`customers could have access to the products prior to making
`decisions on whether or not to purchase the product. if this
`could be accomplished without introducing risk of unlawful
`utilization of the product.
`The distribution of encrypted software products is one
`mechanism a software vendor can utilize to distribute the
`product to potential users prior to purchase; however, a key
`must be distributed which allows the user access to the
`product. The vendor is then forced to rely entirely upon the
`15 honesty and integrity of a potential customer. Unscrupulous
`or dishonest individuals may pass keys to their friends and
`business associates to allow unauthorized access. It is also
`possible that unscrupulous individuals may post keys to
`publicly-accessible bulletin boards to allow great numbers
`20 of individuals to become unauthorized users. Typically.
`these types of breaches in security cannot be easily
`prevented, so vendors have been hesitant to distribute soft-
`ware for preview by potential customers.
`SUMMARY OF THE INVENTION
`' It is one object of the present invention to provide a
`method and apparatus for distributing software objects from
`a producer to potential users which allows the user a
`temporary trial period without subjecting the software prod-
`30 uct to unnecessary risks of piracy or unauthorized utilization
`beyond the trial interval. Preferably this is accomplished by
`providing a software object on a computer-accessible
`memory media along with a file management program.
`Preferably, the software object is reversibly functionally
`as limited, through one or more particular encryption opera-
`tions. The computer-accessible memory media is shipped
`from the producer to the potential user utilizing conventional
`mail and delivery services. Upon receipt, the potential user
`loads the file management program into a user-controlled
`40 data processing system and associates it with the operating
`system for the data processing system. Then, the computer-
`accessible memory media is read utilizing the user-
`controlled data processing system. The file management
`program is executed by the user-controlled data processing
`45 system and serves to restrict access to the software object for
`a predefined and temporary trial period. During the tempo-
`rary trial mode of operation, the software object is tempo-
`rarily enabled by reversing the reversible functional limita-
`tion of the software object. This is preferably accomplished
`so by decryption of the encrypted software object when the
`software object is called by the operating system of the
`user-controlled data processing system. The file manage-
`ment program preferably prevents copying operations, so
`the encrypted software project is temporarily decrypted
`55 when it is called by the operating system. If the potential
`user elects to purchase the software object. a permanent use
`mode of operation is entered, wherein the functional Limi-
`tation of the software object is permanently reversed, allow-
`ing unlimited use to the software object by the potential user.
`so This facilitates browsing operations which allow the poten-
`tial user to review the software and determine whether it
`suits his or her needs.
`The file management program continuously monitors the
`operating system of the user-controlled data processing
`65 system for operating system input calls and output calls. The
`file management program identifies when the operating
`system of the user-controlled data processing system calls
`
`DISH-Blue Spike-842
`Exhibit 1013, Page 0030
`
`
`
`5.757.907
`
`3
`for a software object which is subject to trial-interval
`browsing. Then, the file management system fetches a
`temporary access key associated with the software object,
`and then examines the temporary access key to determine if
`it is valid. Next, the file management program reverses the
`functional limitation of the software object. and passes it to
`the data processing system for processing.
`It is another objective of the present invention to provide
`a method and apparatus for distributing a software object
`from a source to a user, wherein a software object is
`encrypted utilizing a long-lived encryption key. and directed
`from the source to the user. The encrypted software object is
`loaded onto a user-controlled data processing system having
`a particular system configuration. A numerical machine
`identification based at least in part upon the particular
`configuration of the user-controlled data processing system
`is then derived. Next. a temporary key is derived which is
`based at least in part upon the numerical machine identifi-
`cation and the long-lived encryption key. A long-lived key
`generator is provided for receiving the temporary key and
`producing the long-lived encryption key. The temporary key
`allows the user to generate for a prescribed interval the
`long-lived encryption key to access the software object.
`These operations are performed principally by a file man-
`agement program which is operable in a plurality of modes.
`These modes include a set up mode of operation, a machine
`identification mode of operation, and a temporary key deri-
`vation mode of operation. During the set up mode of
`operation. the file management program is loaded onto a
`user-controlled data processing system and associated with
`an operating system for the user-controlled data processing
`system. During the machine identification mode of
`operation, the file management program is utilized to derive
`a numerical machine identification based upon at least on
`attribute of the user-controlled data processing system. Dur-
`ing the temporary key derivation mode of operation. a
`temporary key is derived which is based at least in part upon
`the numerical machine identification. The file management
`program also allows a trial mode of operation. wherein the
`file management program is utilized by executing it with the
`user-controlled data processing system to restrict access to
`the software object for an interval defined by the temporary
`key, during which the long-lived key generator is utilized in
`the user-controlled data processing system to provide the
`long-lived key in response to receipt of at least one input
`including the temporary key.
`It is yet another objective of the present invention to
`provide a method and apparatus in a data processing system
`for securing access to particular files which are stored in a
`computer-accessible memory media. A file management
`program is provided as an operating system component of
`the data processing system. A plurality of files are stored in
`the computer-accessible memory media, including at least
`one encrypted file and at least one unencrypted file. For each
`encrypted file, a preselected portion is recorded in computer
`memory, a decryption block is generated which includes
`information which can be utilized to decrypt the file, and the
`decryption block is incorporated into the file in lieu of the
`preselected portion which has been recorded elsewhere in
`computer memory. The file management program is utilized
`to monitor data processing operation calls for a called file
`stored in the computer-accessible memory media. The file
`management program determines whether the called file has
`an associated decryption block. The file management pro-
`gram processes the called file in a particular manner depen-
`dent upon whether or not the called file has an associated
`decryption block. The incorporation of the decryption block
`
`zo
`
`4
`does not change the size of the encrypted file, thus prevent-
`ing certain types of processing errors. During the trial
`interval, the encrypted file is maintained in an encrypted
`condition, and cannot be copied. If the potential user opts to
`5 purchase the software product. a permanent key is provided
`which results in replacement of the preselected portion to the
`file in lieu of the decryption block. Once the decryption
`block is removed, the encrypted file may be decrypted to
`allow unrestricted use by the purchaser. Preferably. the file
`10 management program is utilized to intercept files as they are
`called by the operating system, and to utilize the decryption
`block to derive a name for a key file and read the called file.
`The decryption block of each encrypted file includes a
`validation segment which is decrypted by the file manage-
`15 ment program and compared to a selected segment for the
`called file to determine whether the key can decrypt the
`particular file. If the decrypted validation segment matches
`a known clear text validation segment, the file is then
`dynamically decrypted as it is passed for further processing.
`It is yet another objective of the present invention to
`provide a method and apparatus in a data processing system
`for securing access to particular files which are stored in a
`computer-accessible memory media. A file management
`program is provided as an operating system component of a
`25 data processing system_ In a computer-accessible memory
`media available to the data processing system, at least one
`encrypted file and one unencrypted file are stored. The
`encrypted file has associated with it an unencrypted security
`stub which is at least partially composed of executable code.
`3c The file management program is utilized to monitor the data
`processing system calls for a called file stored in the com-
`puter accessible memory media, to determine whether the
`called file has an associated unencrypted security stub, and
`to process the called file in a particular manner dependent
`35 upon whether or not the called file has an associated unen-
`crypted security stub. More particularly, if it is determined
`that the called file has no associated unencrypted security
`stub, the called file is allowed to be processed. However, if
`it is determined that the called file has an associated unen-
`an crypted security stub, it must be examined before a decision
`can be made about whether or not to allow it to be processed.
`First, the unencrypted security stub is examined in order to
`obtain information which allows decryption operations to be
`performed. Then, the decryption operations are performed.
`as Finally, the called file is allowed to pass for further process-
`ing. Preferably. the called file is dynamically decrypted as it
`is passed to the operating system for processing. Also, the
`unencrypted security stub is separated from the called file
`prior to execution of the called file. However, if the unen-
`50 crypted security stub accidentally remains attached to the
`called file, processing operations must be stopped. and a
`message must be posted in order to prevent the processor
`from becoming locked-up.
`It is still another objective of the present invention to
`55 provide a method and apparatus for distributing a software
`object from a source to a user. A computer-accessible
`memory media is distributed from the source to a potential
`user. It includes a software object which is encrypted uti-
`lizing a predetermined encryption engine and a long-lived
`60 and secret key. An interface program is provided which
`facilitates interaction between the source and the user. The
`interface program includes machine identification module
`which generates a machine identification utilizing at least on
`predetermined attribute of the user-controlled data process-
`65 ing system. It also further includes a long-lived and secret
`key generator wh