`
`1111111111 11111
`
`United States Patent [19]
`Cooper et al.
`
`[11] Patent Number:
`[45] Date of Patent:
`
`5,757,907
`May 26, 1998
`
`[54] METHOD AND APPARATUS FOR ENABLING
`TRIAL PERIOD USE OF SOFTWARE
`PRODUCTS: METHOD AND APPARATUS
`FOR GENERATING A MACHINE-
`DEPENDENT IDENTIFICATION
`
`[75]
`
`Inventors: Thomas Edward Cooper. Louisville;
`Robert Franklin Pryor. Longmont.
`both of Colo.
`
`[73] Assignee: International Business Machines
`Corporation. Armonk, N.Y.
`
`[21] Appl. No.: 235,032
`
`[22] Filed:
`
`Apr. 25, 1994
`
`[51] Int. CL6
`[52] U.S. Cl.
`
`[58] Field of Search
`
` HO4L 9/00; HO4L 9/32
` 380/4; 380/21; 380/23;
`380/25; 380/49
` 380/4. 9. 21, 23.
`380/25. 49. 50
`
`[56]
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`4,888,798 12/1989 Earnest
`6/1991 Archie et al.
`5,021,997
`4/1992 Comerford et al.
`5,109,413
`5,155,847 10/1992 ICirouac et al.
`5,166,886 11/1992 Molnar et al.
`3/1994 Loiacono
`5,293,422
`8/1994 Chou et al.
`5,337,357
`
` 380/4
` 395/575
` 380/4
` 395/600
` 364/479
` 380/4
` 380/4
`
`FOREIGN PATENT DOCUMENTS
`
`0 268 139 A3
`0 561 685 Al
`0 598 587 Al
`0 601 500 Al
`2 136 175
`WO 94/07204
`
`5/1988 European Pat. Off.
`9/1993 European Pat. Off.
`5/1994 European Pat. Off.
`6/1994 European Pat. Off.
`9/1984 United Kingdom
`3/1994 WIPO
`
`GO6F 1/00
`GO6F 12/14
`GO6F 1/00
`GO6F 1/00
`HO3K 13/24
`GO6F 15/21
`
`OTHER PUBLICATIONS
`"Information Distribution via Rom Disks" (IBM Technical
`Disclosure Bulletin. vol. 33. No. 12. May 1991).
`"Data Masking Algorithm" (IBM Technical Disclosure Bul-
`letin. vol. 32, No. 6B. Nov. 1989).
`Primary Examiner—Bernarr E. Gregory
`Attorney; Agent, or Firm—Edward H. Duffield; Melvin A.
`Hunn; Andrew J. Dillon
`
`[57]
`
`ABSTRACT
`
`A method and apparatus is provided for distributing a
`software object from a source to a user. A software object is
`encrypted with an encryption operation utilizing a long-lived
`encryption key. It is directed from the source to the user. It
`is loaded onto a user-controlled data processing system
`having a particular configuration. A numerical machine
`identification is derived based at least in part upon the
`particular data processing system configuration of the user-
`controlled data processing system. A temporary key is
`derived which is based at least in part upon the numerical
`machine identification and the long-lived encryption key.
`The long-lived key generator is provided for receiving the
`temporary key and producing the long-lived encryption key.
`The user is allowed to utilize the temporary key for a
`prescribed interval to generate the long-lived encryption key
`to access the software object.
`
`0 268 139 A2
`
`5/1988 European Pat. Off.
`
` G06F 1/00
`
`8 Claims, 28 Drawing Sheets
`
`98
`
`5
`
`100
`
`,
`
`s
`
`70
`
`68
`
`72
`
`88
`
`86
`
`RAM
`
`ROM
`
`CMOS
`RAM
`
`DISKETTE
`, CONTROLLER
`
`SERTAI
`CONTROLLER
`
`-XE'ANSION
`CARDS
`
`c 102
`_
`DISK
`CONTROLLER
`
`L__
`
`78
`
`80
`
`1
`
`KEYBOARD
`MOUSE
`CONTROLLER
`
`SYSTEM BUS (MICROCHANNED
`
`1
`
`82
`
`$
`
`VGA
`VIDEO
`CONTROLLER
`
`PARALLEL
`CONTROLf FR
`
`I
`
`EMPTY
`SLOTS
`
`60
`
`106
`
`96
`
`DMA
`CONTROLLER
`
`- 66
`
`92
`
`91
`
`74
`1 —
`MEMORY
`CONTROLLER
`
`7---
`BUS
`CONTROLLER
`
`7----
`75
`1
`L_
`'
`
`INTERRUPT
`CONTROLLER
`
`80386
`
`62
`
`80387
`
`)"64
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0001
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 1 of 28
`
`5,757,907
`
`7
`
`0-i
`
`COMPUTER-
`ACCESSIBLE
`MEMORY
`MEDIA
`v"
`
`10
`
`15
`
`18
`
`TELEPHONE
`
`PROCESSOR
`
`14
`
`aegirjzz,
`
`2/
`
`/Of
`gj el -el
`
`IV art e t
`
`REMOVABLE KEY
`
`24
`
`25
`
`20
`
`FIG, 1
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0002
`
`
`
`O
`
`8Z JO Z laallS
`
`00
`‘,D
`
`ol
`ID
`
`F IC. 2
`
`116
`
`114
`
`114
`
`114
`
`112 -
`
`LOCAL AREA
`
`NETWORK
`
`- 120
`
`116
`
`/17
`
`112
`
`1222:
`
`118
`
`116
`
`114
`
`108 /7
`
`112
`
`112
`
`130
`
`132
`
`NETWORK
`
`AREA
`LOCAL
`
`130
`
`130
`
`SERVER
`GATEWAY
`114
`
`Ina
`
`130
`
`134
`
`128
`
`------ 124
`
`0
`
`-1*
`I
`
`126
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0003
`
`
`
`Waled •S•11
`
`gz jo c paqs
`
`96
`
`94
`
`92
`
`90
`
`PM, 01=.3.00.0
`
`-"fr-
`
`66
`
`SLOTS
`EMPTY
`
`CONTROLLER
`PARALLEL
`
`CONTROLLER
`
`VIDEO
`VGA
`
`CONTROLLER
`
`DMA
`
`CONTROLLER
`
`KEYBOARD
`
`MOUSE
`
`( 84
`
`82
`
`80
`
`78
`
`SYSTEM BUS (MICROCHANNEL)
`
`CON-1-ROLLER
`
`DISK
`
`CONTROLLER
`
`SERIAL
`
`102
`
`CARDS
`
`F-XPANC
`
`5
`86
`
`98
`
`CONTROLLER
`
`DISKETTE
`
`P
`
`88
`
`RAM
`CMOS
`
`_
`72
`
`ROM
`
`RAM
`
`76
`
`58
`
`70
`
`100
`
`164
`
`80387
`
`62
`
`I
`
`80386
`
`CONTROLLER
`r INTERRUPT
`
`CONTROLLER
`
`BUS
`
`CONTROLLER
`
`MEMORY
`
`74
`
` I
`
`
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0004
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 4 of 28
`
`5,757,907
`
`203
`
`REAL
`KEY
`
`231
`
`205
`
`207
`
`SOFTWARE
`OBJECT
`
`ENCRYPTION
`ENGINE
`
`—1.1.1
`
`ENCRYPTED
`SOFTWARE
`OBJECT
`
`F-IG,
`
`MEMORY MEDIA
`
`
`
`213
`
`PID
`
`215
`
`USER- SPECIFIC INFORMATION
`
`MACHINE ID
`
`217
`
`PRODUCT KEY
`
`CUSTOMER NUMBER
`
`F G, 5
`
`r
`
`VENDOR
`SOURCE
`
`209
`
`CUSTOMER
`USER
`
`211
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0005
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 5 of 28
`
`5,757,907
`
`C
`
`BEGIN >"'
`
`219
`
`221
`
`I l
`
`r
`
`MAKE LANGUAGE/
`LOCALE SELECTION
`
`IDENTIFY TRY ANC BUY
`OPTIONS BY COMPLETING
`APPROPRIATE FIELDS
`
`V
`
`FUNCTIONALLY LIMIT
`OR ENCRYPT
`TRY AND BUY PROGRAMS
`
`223
`
`225
`
`LOAD SHELL AND
`TRY AND BUY PROGRAMS ON
`COMPUTER-ACCESSIBLE
`MEMORY MEDIA
`
`227
`
`/---/
`
`END 1.72) ,, 229
`
`FIG, 6
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0006
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 6 of 28
`
`5,757,907
`
`BEGIN
`
`231
`
`I
`DISTRIBUTE COMPUTER-
`ACCESSIBLE MEDIA FOR
`TRY-AND-BUY
`TRIAL INTERVAL
`
`LOAD FILE MANAGEMENT
`PROGRAM FOR EXECUTION
`
`ALLOW BROWSING
`DISPLAY APPROPRIATE
`USER INTERFACE
`
`INTERACT WITH CUSTOMER
`TO GATHER INFO AND
`DISTRIBUTE TEMPORARY KEY
`
`ALLOW TRIAL FOR
`TRIAL INTERVAL
`
`MONITOR AND OVERSEE ALL
`I/O CALLS TO PREVENT
`UNAUTHORIZED USE
`
`INTERACT WITH CUSTOMER
`TO DELIVER
`PERMANENT KEY
`
`233
`
`--4 5
`
`237
`
`239
`
`241
`
`243
`
`245
`
`END
`
`247
`
`FIG. 7
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0007
`
`
`
`tit
`
`'waled 'SIT
`
`8661 `9Z SEW
`
`8Z JO L PalIS
`
`263
`
`253
`
`273
`
`251
`
`Help
`
`rig
`
`Unlock
`
`
`A
`
`
`Fax
`
`Close
`
`Gift certificate
`
`Check/money order
`
`Payment methods accepted'
`
`=tee L _J
`
`-
`
`Purchase order
`
`subject to change.
`shipping and handling charges. Prices
`Does not include applicable tax and
`
`$49.95
`
`SUBTOTAL'
`
`PRICE ---
`
`Customer ID' C123-456-729
`
`\-271
`
`Lotus 1-2-3 for Windows
`DESCRIPTION
`
`260
`
`Machine ID. X565-853-9000
`
`Media ID. 12345ABC
`
`Delete
`
`123456789012345
`ITEM
`
`267
`
`265
`
`261
`
`259
`
`257
`
`255
`
`269 -
`
`1 - 800
`999,E:
`Order toll free X 24 hours a day * 7 days a week
`
`724
`
`CORPORATION
`WordPerfect
`
`249
`
`Order Form
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0008
`
`
`
`wawa •se11
`
`8661 `9Z XulAl
`
`8Z JO 8 PaqS
`
`[
`
`293
`
`291
`
`287
`
`- 283
`
`281
`
`279
`
`277
`
`297
`
`rCancel
`
`
`295
`
`[ 1234567890
`VAT ID
`
`6/95
`Expiration date
`
`LFederal Express
`
`Ship method
`
`4438-3902-9392-3333
`Account number
`
`Payment information
`Visa
`Payment method
`
`(410) 555-4300
`
`(410) 555-4392 ext.4990
`
`Fax
`
`Phone
`
`U.S.A.
`Washington, D.C., 11112-5993
`1600 Pennsylvania Ave,
`The White House
`
`[ Hillary Clinton
`
`Address
`
`Name
`
`® Ship to address (if different)
`
`C) Customer address
`
`
`
`— Address information
`
`Order information
`
`289
`
`285
`
`275
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0009
`
`
`
`luaJed 'Sea
`
`8661 `9Z XulAI
`
`8Z JO 6 PaqS
`
`TIC. 10A
`
`321
`
`317
`
`Save
`
`319
`
`[ Close
`
`X123-456-7890
`
`315 \.71achine ID:
`
`C123-456-7890
`Customer ID;
`
`1234-1234-1234-1234-1234
`Key;
`
`313
`
`311
`
`Norton Utilities version 72
`DrawPerfect 2.0 for OS/2
`WordPerfect 62 for OS/2
`
`309
`
`Description
`
`WP 30001
`WP 10003
`WP 10002
`
`Item
`
`Select a product, enter a key, and press Save.
`The following products need to be unlocked:
`
`305 \y-
`
`307
`
`301
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0010
`
`
`
`.4
`
`:4
`
`4
`
`juajud 'S°11
`
`8661 `9Z £t 11I
`
`8Z JO 01 WIN
`
`FIG. 10B
`
`321
`
`319
`
`Cancel
`
`I
`
`Save
`
`317
`
`1
`
`8487
`
`5427
`
`6333 1
`
`4949
`
`4832
`
`311
`
`Key:
`
`~►-
`
`303
`
`C987-653-2100
`
`Customer ID:
`
`X123-456-8421
`
`Machine ID:
`
`1 sual Connection 1.05
`
`r Audio
`
`Unlock
`
`315
`
`313
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0011
`
`
`
`lualud 'S'il
`
`8Z JO Ii lamIS
`
`1
`
`Help
`
`314
`
`Cancel
`
`Continue
`
`312
`
`316
`
`12/25/93
`
`310
`
`Verify correct starting date,
`
`- Time and Place/2
`
`Unlock
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0012
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 12 of 28
`
`5,757,907
`
`351
`
`--=F3
`
`35.55
`
`357
`
`GOMPLIER
`
`USER—
`lib"- SPECIFIC
`ATTRIBUTES
`
`MACHINE ID
`—11.7 GENERATOR
`(RANDOM)
`
`MACHINE
`
`.6 L.)
`
`12
`
`357
`
`359
`
`361
`
`MACHINE
`
`ENCRYPTION
`ENGINE
`
`H
`
`ENCRYPTED
`MACHINE
`ID
`
`KEY
`
`363
`
`SYSTEM
`ATTRIBUTES
`SELECTION
`
`365
`
`_j 357
`
`1, HARD DISK SERIAL NO,
`2, SIZE OF HARD DISK
`3. FORMAT OF HARD DISK
`SYSTEM MODEL NO
`5. HARDWARE INTERFACE CARD
`6. HARDWARE SERIAL NO,
`7. CONFIGURATION PARAMETERS
`
`FIG. 13
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0013
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 13 of 28
`
`5,757,907
`
`37,
`
`SECRET
`KEY
`
`357
`
`MACHINE ID
`
`3.59 `--- CUSTOMER NO,
`
`371
`
`REAL KEY
`
`373
`
`CONTROL BLOCK
`
`-
`
`- IP"
`
`TRIAL
`INTERVAL DATA
`
`PRODUCT
`KEY
`ENCRYPTION
`ENGINE
`
`I
`
`DUCT
`PRO
`
`KEY KEY
`
`377,
`
`
`
`PRODUCT KEY
`
`369
`
`CUSTOMER NO.
`
`373 ,
`
`CONTROL BLOCK
`
`357
`
`MACHINE ID
`
`374
`
`TRIAL
`INTERVAL DATA
`
`FIG. 14
`
`179
`
`381
`
`REAL
`KEY
`GENERATOR
`
`REAL
`KEY
`(DERIVED)
`
`FIG. 15
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0014
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 14 of 28
`
`5,757,907
`
`REAL
`KEY
`(DERIVED)
`
`381
`
`383
`
`385
`
`387
`
`ENCRYPTED
`VALIDATION
`DATA
`SEGMENT
`
`L
`
`11.H
`
`ENCRYPTION
`ENGINE
`
`FIG, 16
`
`CLEAR
`VALIDATION
`TEXT
`(DERIVED)
`
`387
`
`389
`
`391
`
`CLEAR
`VALIDATION
`TEXT
`(DERIVED)
`
` lim-1 COMPARATOR
`
`MATCH
`
`NO MATCH
`
`393
`
`CREATE
`KEY
`FILE
`
`POST
`WARNING
`
`FIG, 17
`
`CLEAR
`VALIDATION
`TEXT
`(KNOWN)
`
`395
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0015
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 15 of 28
`
`5,757,907
`
`397
`
`399
`
`405
`
`KEY FILE
`
`PRODUCT KEY
`CUSTOMER KEY
`CLEAR MACHINE
`Tfl
`
`TRIAL INTERVAL
`DATA
`
`ENCRYPTION
`ENGINE
`
`ENCRYPTED
`KEY FILE
`
`401
`
`421
`
`KEY
`
`UNIQUE
`SYSTEM
`ATTRIBUTES
`
`FIG, 18
`
`405 --------, ENCRYPTED
`FILE
`
`407 ..
`
`READ
`HEADER
`
`FETCH
`KEY FILE
`
`409
`
`READ
`ENCRYPTED
`VALIDATION
`TEXT
`
`FIG, 19
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0016
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 16 of 28
`
`5,757,907
`
`4 .!
`
`DECRYPTION
`ENGINE
`
`REAL
`KEY
`
`421
`
`MACHINE ID
`
`415
`
`CUSTOMER KEY
`
`417
`
`PRODUCT
`KEY
`
`419
`
`FIG. 20
`
`423
`
`425
`
`427
`
`ENCRYPTED
`VALIDATION
`TEXT
`
`DECRYPTION
`ENGINE
`
`mil
`
`CLEAR
`VALIDATION
`TEXT
`(DERIVED)
`
`REAL
`KEY
`
`421
`
`FIG, 21
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0017
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 17 of 28
`
`5,757,907
`
`427
`
`429
`
`431
`
`CLEAR
`VALIDATION
`TEXT
`(DERIVED)
`
`COMPARATOR
`0.1
`
`MATCH
`
`NO MATCH
`
`CLEAR
`VALIDAT:ON
`TEXT
`(KNOWN)
`
`433
`
`DECRYPT
`SOFTWARE
`OBJECT
`
`POST
`WARNING
`
`435
`
`FIG, 22
`
`437
`
`439
`
`443
`
`ENCRYPTED
`SOFTWARE
`OBJECT
`
`DECRYPTION
`
`ENGINE ENGINE
`
`SOFTWARE
`OBJECT
`
`VALIDATED
`REAL KEY
`
`441
`
`23
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0018
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 18 of 28
`
`5,757,907
`
`470
`
`455 c
`
`NIQUE
`IDENTIFIER
`
`NAME OF
`KEY FILE
`
`459
`
`ENCRYPTION
`TYPE SEGMENT
`
`OFFSET - 0
`SIDE FILE
`
`FILE DATA
`
`461
`
`ENCRYPTION
`HEADER
`
`,451
`
`457
`
`ENCRYPTED
`VALIDATION
`SEGMENT
`
`ENCRYPTED
`FILE DATA
`
`FIG, 24
`
`DIRECTORY OF
`ENCRYPTED FILES
`
`SIDE FILE
`
`465
`
`457
`
`469
`
`471
`
`473
`
`aaa
`
`bib
`
`ccc
`ddd
`
`r ._,
`
`475
`
`nnn
`
`AAA
`
`BBB
`
`CCC
`
`DDD
`
`NNN
`
`477
`
`479
`
`481
`
`483
`
`485
`
`FIG, 25
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0019
`
`
`
`Waled *Sil
`
`8661 `9Z iCRIAT
`
`8Z JO 61 PaqS
`
`27
`
`OVERLAYED
`
`MOVE
`
`DATA TO
`
`SIDE FILE
`
`DATA
`VERIFY
`OF
`COPY
`- 2nd
`
`SIDE FILE
`
`LEN
`
`SIDE FILE
`
`527
`
`FIG. 26
`
`525
`
`499
`
`523
`
`FILE STARTING LOCATION
`
`521
`
`HEADER
`
`ENCRYPTED
`MODIFIED
`
`FILE
`
`FILE
`
`ENCRYPTED
`
`CLEAR FILE
`
`END OF
`
`FILE
`
`- DATA FILES (NON-EXECUTING)
`
`TYPE 1
`
`KEY FILE
`
`NAME
`
`DATA
`VERIFY
`
`ENCRYPT
`
`TYPE
`
`SIDE FILE
`
`LEN
`
`SIDE FILE
`
`INDEX
`
`HEADER
`
`LEN
`
`SIGNATURE
`
`513
`
`511
`
`509
`
`5
`
`507
`
`505
`
`503
`
`501
`
`HEADER
`
`499
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0020
`
`
`
`JuaJud *Sil
`
`8661 '9Z Xu111
`
`8Z Jo oz palls
`
`2nd COPY OF VERIFY DAI A
`
`OVER LAYED
`
`DATA
`
`SIDE FIl F
`
`FIG, 28
`
`537
`
`533
`
`531
`
`499
`
`EXE STUB
`
`HEADER
`
`ENCRYPTED
`
`FILE
`
`FILE
`
`ENCRYPTED
`
`CLEAR FILE
`
`539
`
`535
`
`TYPE 2 - EXECUTING FILE
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0021
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 21 of 28
`
`5,757,907
`
`CBEGIN
`
`501
`
`MONITOR I/O CALLS
`
`FOR EACH I/O CALL,
`INTERCEPT CALLED FILE
`
`DENY ACCESS TO
`OPERATING SYSTEM
`
`603
`
`605
`
`607
`
`READ PORTION OF FILE
`WHERE DECRYPTION
`BLOCK LOCATED
`
`609
`
`DERIVE KEY
`FILE ADDRESS
`
`FETCH KEY FILE
`615
`
`KEYFILE NO
`LOCATOR
`YES
`A
`
`611
`
`613
`
`617
`END
`
`FIG, 29A
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0022
`
`
`
`U.S. Patent
`
`May 26, 1998
`
`Sheet 22 of 28
`
`5,757,907
`
`L
`
`DERIVE KEY
`
`T
`
`DECRYPT
`VALUATION SEGMENT
`
`619
`
`621
`
`623
`
`DOES
`DECRYPTION
`VALUATION
`SEGMENT -
`CLEAR TEXT
`?
`
`YES
`
`ALLOW ACCESS TO
`CALLED FILE
`
`READ DECRYPTION TYPE
`
`625
`
`NO
`
`END
`
`627
`
`629
`
`DECRYPT
`
`
`
` 631
`
`PASS TO
`OPERATING SYSTEM
`
`
`
` / 633
`
`635
`
`END
`
`FIG, 293
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0023
`
`
`
`waled °S11
`
`8661 '9Z XBIAI
`
`sz JO Ez Pa IS
`
`r IC. 30
`
`MEDIA
`MEMORY
`
`I
`
`677
`
`MEDIA
`MEMORY
`COPY TO
`
`$
`
`)73
`
`681
`
`671
`
`-.7 MEDIA
`MEMORY
`
`MEDIA
`MEMORY
`COPY TO
`
`1
`
`5/7
`
`6.
`
`679
`
`66/
`
`659
`
`MEMORY MEDIA
`
`ATTRIBUTE
`
`665
`
`675
`
`663
`
`OPERATION
`ENCRYPTION
`
`OPERATION
`DECRYPTION
`
`MODIFIER
`
`MEMORY MEDIA
`
`ATTRIBUTE
`
`669
`
`OPERATION
`ENCRYPTION
`
`MODIFIER
`
`655
`
`662
`
`[KEY
`
`661
`
`MODIFY EXPORT
`
`COUNTER
`
`657
`
`
`
`OPERATION
`DECRYPTION
`7-7
`
`Y
`KEY
`
`
`
`- TRIAL INTERVAL
`- MACHINE ID
`
`DATA
`
`IDENTIFICATION
`
`MACHINE
`
`FILE
`
`- EXPORT COUNTER
`
`DATA
`TRIAL INTERVAL
`ID
`CLEAR MACHINE
`CUSTOMER KEY
`PRODUCT KEY
`KEY FILE
`
`z -
`
`653
`COMPUTER
`SOURCE z--Y
`
`651
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0024
`
`
`
`711
`
`1- 705
`
`- TRIAL INTERVAL
`- MACHINE ID
`
`DATA
`
`IDENTIFICATION
`
`MACHINE
`
`FILE
`
`rt.
`fD
`fD
`
`8661 `9Z S81%1
`
`jualud °S11
`
`- SOURCE MACHINE
`EXPORT COUNTER
`DATA
`TRIAL INTERVAL
`ID
`CLEAR MACHINE
`CUSTOMFR KEY
`PRODUCT KEY
`
`ID
`
`KEY FILE
`
`/09
`
`COMPUTER
`
`TAHOE I
`
`/07
`
`ATTRIBUTE
`COMPUTER
`
`TARGET
`
`OPERATION
`ENCRYPTION
`
`703
`
`701
`
`ATTRIBUTE
`COMPUTER
`
`TARGET
`
`1(
`
`
`
`OPERATION
`ENCRYPTION
`
`5
`
`699
`
`WITH TARGET
`MACHINE ID
`
`MACHINE ID
`COMPUTER
`
`UPDATE
`
`698
`
`FIG, 31
`
`OPERATION
`DECRYPTION
`
`-AMP-
`
`COPY FROM
`
`MEDIA
`MEMORY
`
`697
`
`693
`
`695
`
`KEY
`
`RETRIEVE AND
`
`COMPUTER
`OF SOURCE
`MACHINE ID
`
`RECORD
`
`691
`
`685
`
`OPERATION
`DECRYPTION
`
`1....[MEMORY MEDIA
`
`COPY FROM
`
`689
`
`[KEY 1
`
`.7"
`
`687
`
`MEMORY MEDIA
`MACHINE ID TO
`COPY TARGET
`
`683
`
`1
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0025
`
`
`
`jualud °S°1-1
`
`gz Jo sz wits
`
`IG.
`
`811
`
`809
`
`807
`
`KEY
`DISKETTE ATTRIBUTE
`ENCRYPTED WITH
`
`KEY FILE:
`
`IDENTIFICATION
`MACHINE
`
`INFORMATION
`CUSTOMER
`
`OF IMPORTS USED
`INCLUDES NUMBER
`
`KEY
`DISKETTE AT TRIBUTE
`ENCRYPTED WITH
`MACHINE ID FILE:
`
`EXPORT KEY DISKETTE
`
`KEY
`SYSTEM ATTRIBUTE
`ENCRYPTED WITH
`
`805
`
`KEY FILE:
`
`INFORMATION
`CUSTOMER
`
`EXPORTS
`NUMBER OF ALLOWED
`INCLUDES COUNT OF
`
`TOTAL
`INCLUDES MACHINE
`
`KEY
`SYSTEM ATTRIBUTE
`ENCRYPTED WITH
`MACHINE ID FILE:
`
`803
`
`SOURCE PC
`
`801 ---------
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0026
`
`
`
`jIlajUd 'S'a
`
`8661 `9Z XulAI
`
`8Z JO 9Z PalIS
`
`F=IG 33
`
`817
`
`815
`
`813
`
`KEY
`SYSTEM ATTRIBUTE
`ENCRYPTED WITH
`IMPORT KEY FILE:
`
`KEY
`DISKETTE ATTRIBUTE
`ENCRYPTED WITH
`
`811
`
`KEY FILE:
`
`INFORMATION
`CUSTOMER
`
`00
`
`IDs
`IMPORT MACHINE
`INCLUDES LIST OF
`
`KEY
`SYSTEM ATTRIBUTE
`ENCRYPTED WITH
`MACHINE ID FILE
`
`IMPORTS USED
`AND COUNT OF
`MACHINE ID,
`TARGET PC
`UPDATE WITH
`
`KEY
`DISKETTE ATTRIBUTE
`ENCRYPTED WITH
`MACHINE ID FILE:
`
`809
`
`807
`
`TARGET PC
`
`EXPORT KEY DISKETTE
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0027
`
`
`
`O
`
`sa•-.1
`Vt
`
`tit
`
`8Z JO LZ PaqS
`
`ao
`
`wawa 'Si!
`
`G, 34
`
`MEDIA
`MEMORY
`
`MEDIA
`MEMORY
`COPY TO
`
`1677
`
`1681
`
`MEDIA
`MEMORY
`
`5
`
`MEDIA
`MEMORY
`COPY TO
`
`16/9
`
`1665
`
`1675
`
`1663
`
`OPERATION
`ENCRYPTION
`
`OPERATION
`DECRYPTION
`
`TRANSFER
`
`KEY
`
`$
`
`1671
`
`I
`
`1669
`
`OPERATION
`ENCRYPTION
`
`TRANSFER
`
`KEY
`
`1655
`
`1662
`
`I KEY
`
`1661
`
`MODIFY EXPORT
`
`COUNTER
`
`OPERATION
`DECRYPTION
`
`1657
`
`— 1-
`KEY
`
`1659
`
`— TRIAL INTERVAL
`— MACHINE ID
`
`DATA
`
`IDENTIFICATION
`
`MACHINE
`
`FILE
`
`— EXPORT COUNTER
`
`DATA
`TRIAL INTERVAL
`ID
`
`— CLEAR MACHINE
`— CUSTOMER KEY
`— PRODUCT KEY
`KEY FILE
`
`1653
`
`COMPUTER
`SOURCE
`
`1651
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0028
`
`
`
`lualuil 'S'11
`
`8Z JO 8Z Pa qS
`
`DATA
`- TRIAL INTERVAL
`- MACHINE
`ID
`FILE
`IDENTIFICATION
`MACHINE
`ID
`SOURCE MACHINE
`- EXPORT COUNTER
`DATA
`ID TRIAL INTERVAL
`- CLEAR MACHINE
`CUSTOMER KEY
`PRODUCT KEY
`KEY FILE
`
`OW'
`
`00-
`
`'\--1705
`
` E
`
`R- 1701
`ATTRIBUTE
`COMPUTER
` TARGET
`OPERATION
`ENCRYPTION
`
`ATTRIBUTE
`COMPUTER
`TARGET
`OPERATION
`NCRYPTION
`1703
`
`1709
`
`COMPUTER
`
`-------, TARGET
`
`17 07
`
`1695
`
`KEY
`
`MACHINE
`ID
`COMPUTER
`WITH TARGET
`MACHINE
`ID
`UPDATE
`OPERATION
`DECRYPTION
`
`1598
`
`FIG, 35
`
`1697
`
`MEDIA
`MEMORY
`COPY FROM
`
`1693
`
`1699
`
`1689
`
`1687
`
`COMPUTER
`OF SOURCE
`MACHINE ID
`RECORD
`RETRIEVE AND
`OPERATION
`DECRYPTION
`TKEY I
`
`1691
`
`1685
`MEMORY MEDIA
`COPY FROM
`MEMORY MEDIA
`MACHINE ID TO
`COPY TARGET
`1683
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0029
`
`
`
`5,757.907
`
`1
`METHOD AND APPARATUS FOR ENABLING
`TRIAL PERIOD USE OF SOFTWARE
`PRODUCTS: METHOD AND APPARATUS
`FOR GENERATING A MACHINE-
`DEPENDENT IDENTIFICATION
`
`CROSS-REFERENCE TO RELATED
`APPLICATION
`The present application is related to U.S. patent applica-
`tion Ser. No. 08/235.033, entitled "Method and Apparatus
`for Enabling Trial Period Use of Software Products: Method
`and Apparatus for Utilizing a Decryption Stub," further
`identified, by Attorney Docket No. BT9-93-070; now aban-
`doned U.S. patent application Ser. No. 08/235,035. entitled
`"Method and Apparatus for Enabling Trial Period Use of
`Software Products: Method and Apparatus for Allowing a
`Try-and-Buy User Interaction," further identified by Attor-
`ney Docket No. DA9-94-008; now U.S. Pat. No. 5,689,560
`U.S. patent application Ser. No. 08/235,031, entitled
`"Method and Apparatus for Enabling Trial Period Use of
`Software Products: Method and Apparatus for Utilizing an
`Encryption Header," further identified by Attorney Docket
`No. DA9-94-010; now U.S. Pat. No. 5,598,470 and U.S.
`patent application Ser. No. 08/238.418. entitled "Method
`and Apparatus for Enabling Trial Period Use of Software
`Products: Method and Apparatus for Allowing the Distribu-
`tion of Software Objects," and further identified by Attorney
`Docket No. DA9-94-011, now U.S. Pat. No. 5,503.946, all
`filed on Apr. 25, 1994 by the inventors hereof and assigned
`to the assignee herein, and incorporated by reference herein.
`
`BACKGROUND OF THE INVENTION
`1. Technical Field
`The present invention relates in general to techniques for
`securing access to software objects. and in particular to
`techniques for temporarily encrypting and restricting access
`to software objects.
`2. Description of the Related Art
`The creation and sale of software products has created
`tremendous wealth for companies having innovative
`products, and this trend will continue particularly since
`consumers are becoming ever-more computer literate as
`time goes on. Computer software is difficult to market since
`the potential user has little opportunity to browse the various
`products that are available. Typically. the products are
`contained in boxes which are shrink-wrapped closed, and
`the potential customer has little or no opportunity to actually
`interact with or experience the software prior to purchasing.
`This causes considerable consumer dissatisfaction with
`products, since the consumer is frequently forced to serially
`purchase a plurality of software products until an acceptable
`product is discovered. This is perhaps one significant cause
`of the great amount of software piracy which occurs in our
`economy. A potential software purchaser will frequently
`"borrow" a set of diskettes from a friend or business
`associate, with the stated intention of using the software for
`a temporary period. Frequently, such temporary use extends
`for long intervals and the potential customer may never
`actually purchase a copy of the software product. and may
`instead rely upon the borrowed copy.
`Since no common communication channel exists for the
`sampling of software products, such as those created in
`movie theaters by movie trailers, and in television by
`commercials, software manufacturers are forced to rely
`upon printed publications and direct mail advertisements in
`order to advertise new products and solicit new customers.
`
`10
`
`25
`
`2
`Unfortunately. printed publications frequently fail to provide
`an accurate description of the product. since the user inter-
`action with the product cannot be simulated in a static
`printed format. The manufacturers of computer software
`5 products and the customers would both be well served if the
`customers could have access to the products prior to making
`decisions on whether or not to purchase the product. if this
`could be accomplished without introducing risk of unlawful
`utilization of the product.
`The distribution of encrypted software products is one
`mechanism a software vendor can utilize to distribute the
`product to potential users prior to purchase; however, a key
`must be distributed which allows the user access to the
`product. The vendor is then forced to rely entirely upon the
`15 honesty and integrity of a potential customer. Unscrupulous
`or dishonest individuals may pass keys to their friends and
`business associates to allow unauthorized access. It is also
`possible that unscrupulous individuals may post keys to
`publicly-accessible bulletin boards to allow great numbers
`20 of individuals to become unauthorized users. Typically.
`these types of breaches in security cannot be easily
`prevented, so vendors have been hesitant to distribute soft-
`ware for preview by potential customers.
`SUMMARY OF THE INVENTION
`' It is one object of the present invention to provide a
`method and apparatus for distributing software objects from
`a producer to potential users which allows the user a
`temporary trial period without subjecting the software prod-
`30 1101 to unnecessary risks of piracy or unauthorized utilization
`beyond the trial interval. Preferably this is accomplished by
`providing a software object on a computer-accessible
`memory media along with a file management program.
`Preferably, the software object is reversibly functionally
`35 limited, through one or more particular encryption opera-
`tions. The computer-accessible memory media is shipped
`from the producer to the potential user utilizing conventional
`mail and delivery services. Upon receipt, the potential user
`loads the file management program into a user-controlled
`40 data processing system and associates it with the operating
`system for the data processing system. Then, the computer-
`accessible memory media is read utilizing the user-
`controlled data processing system. The file management
`program is executed by the user-controlled data processing
`45 system and serves to restrict access to the software object for
`a predefined and temporary trial period. During the tempo-
`rary trial mode of operation. the software object is tempo-
`rarily enabled by reversing the reversible functional limita-
`tion of the software object. This is preferably accomplished
`so by decryption of the encrypted software object when the
`software object is called by the operating system of the
`user-controlled data processing system. The file manage-
`ment program preferably prevents copying operations, so
`the encrypted software project is temporarily decrypted
`55 when it is called by the operating system. If the potential
`user elects to purchase the software object, a permanent use
`mode of operation is entered, wherein the functional limi-
`tation of the software object is permanently reversed, allow-
`ing unlimited use to the software object by the potential user.
`60 This facilitates browsing operations which allow the poten-
`tial user to review the software and determine whether it
`suits his or her needs.
`The file management program continuously monitors the
`operating system of the user-controlled data processing
`65 system for operating system input calls and output calls. The
`file management program identifies when the operating
`system of the user-controlled data processing system calls
`
`DISH-Blue Spike-602
`Exhibit 1008, Page 0030
`
`
`
`5.757,907
`
`4
`3
`does not change the size of the encrypted file, thus prevent-
`for a software object which is subject to trial-interval
`ing certain types of processing errors. During the trial
`browsing. Then, the file management system fetches a
`interval, the encrypted file is maintained in an encrypted
`temporary access key associated with the software object,
`condition, and cannot be copied. If the potential user opts to
`and then examines the temporary access key to determine if
`it is valid. Next, the file management program reverses the 5 purchase the software product. a permanent key is provided
`which results in replacement of the preselected portion to the
`functional limitation of the software object. and passes it to
`file in lieu of the decryption block. Once the decryption
`the data processing system for processing.
`block is removed, the encrypted file may be decrypted to
`It is another objective of the present invention to provide
`allow unrestricted use by the purchaser. Preferably. the file
`a method and apparatus for distributing a software object
`from a source to a user, wherein a software object is 10 management program is utilized to intercept files as they are
`called by the operating system. and to utilize the decryption
`encrypted utilizing a long-lived encryption key, and directed
`block to derive a name for a key file and read the called file.
`from the source to the user. The encrypted software object is
`The decryption block of each encrypted file includes a
`loaded onto a user-controlled data processing system having
`validation segment which is decrypted by the file manage-
`a particular system configuration. A numerical machine
`identification based at least in part upon the particular 15 ment program and compared to a selected segment for the
`called file to determine whether the key can decrypt the
`configuration of the user-controlled data processing system
`particular file. If the decrypted validation segment matches
`is then derived. Next, a temporary key is derived which is
`a known clear text validation segment. the file is then
`based at least in part upon the numerical machine identifi-
`dynamically decrypted as it is passed for further processing.
`cation and the long-lived encryption key. A long-lived key
`It is yet another objective of the present invention to
`generator is provided for receiving the temporary key and 20
`provide a method and apparatus in a data processing system
`producing the long-lived encryption key. The temporary key
`for securing access to particular files which are stored in a
`allows the user to generate for a prescribed interval the
`computer-accessible memory media. A file management
`long-lived encryption key to access the software object.
`program is provided as an operating system component of a
`These operations are performed principally by a file man-
`agement program which is operable in a plurality of modes. 25 data processing system. In a computer-accessible memory
`media available to the data processing system, at least one
`These modes include a set up mode of operation. a machine
`encrypted file and one unencrypted file are stored. The
`identification mode of operation, and a temporary key deri-
`encrypted file has associated with it an unencrypted security
`vation mode of operation. During the set up mode of
`stub which is at least partially composed of executable code.
`operation. the file management program is loaded onto a
`user-controlled data processing system and associated with 30 The file management program is utilized to monitor the data
`processing system calls for a called file stored in the corn-
`an operating system for the user-controlled data processing
`puter accessible memory media, to determine whether the
`system. During the machine identification mode of
`called file has an associated unencrypted security stub, and
`operation, the file management program is utilized to derive
`to process the called file in a particular manner dependent
`a numerical machine identification based upon at least on
`attribute of the user-controlled data processing system. Dur- 35 upon whether or not the called file has an associated unen-
`crypted security stub. More particularly, if it is determined
`ing the temporary key derivation mode of operation. a
`that the called file has no associated unencrypted security
`temporary key is derived which is based at least in part upon
`stub, the called file is allowed to be processed. However, if
`the numerical machine identification. The file management
`it is determined that the called file has an associated unen-
`program also allows a trial mode of operation, wherein the
`file management program is utilized by executing it with the 40 crypted security stub, it must be examined before a decision
`can be made about whether or not to allow it to be processed.
`user-controlled data processing system to restrict access to
`First, the unencrypted security stub is examined in order to
`the software object for an interval defined by the temporary
`obtain information which allows decryption operations to be
`key, during which the long-lived key generator is utilized in
`performed. Then, the decryption operations are performed.
`the user-controlled data processing system to provide the
`long-lived key in response to receipt of at least one input 45 Finally, the called file is allowed to pass for further process-
`ing. Preferably. the called file is dynamically decrypted as it
`including the temporary key.
`is passed to the operating system for processing. Also, the
`It is yet another objective of the present invention to
`unencrypted security stub is separated from the called file
`provide a method and apparatus in a data processing system
`prior to execution of the called file. However, if the unen-
`for securing access to particular files which are stored in a
`computer-accessible memory media. A file management 50 crypted security stub accidentally remains attached to the
`called file, processing operations must be stopped, and a
`program is provided as an operating system component of
`message must be posted in order to prevent the processor
`the data processing system. A plurality of files are stored in
`from becoming locked-up.
`the computer-accessible memory media, including at least
`It is still another objective of the present invention to
`one encrypted file and at least one unencrypted file. For each
`encrypted file, a preselected portion is recorded in computer 55 provide a method and apparatus for distributing a software
`object from a source to a user. A computer-accessible
`memory, a decryption block is generated which includes
`memory media is distributed from the source to a potential
`information which can be utilized to decrypt the file, and the
`user. It includes a software object which is encrypted uti-
`decryption block is incorporated into the file in lieu of the
`lizing a predetermined encryption engine and a long-lived
`preselected portion which has been recorded elsewhere in
`computer memory. The file management program is utilized 60 and secret key. An interface program is provided which
`facilitates interaction between the source and the user. The
`to monitor data processing operation calls for a called file
`interface program includes machine identification module
`stored in the computer-accessible memory media. The file
`which generates a machine identification utilizing at least on
`management program determines whether the called file has
`predetermined attribute of the user-controlled data process-
`an associated decryption block. The file management pro-
`gram processes the called file in a particular manner depen- 65 ing system. It also further includes a long-lived and secret
`key generator which receives as an input at least a temporary
`dent upon whether or not the called file has an associated
`key and produces as an output a long-lived and secret key.
`decryption block. The incorporation