`
`[19]
`
`{11] Patent Number:
`
`5,724,425
`
`
`Chang et a].
`[45] Date of Patent:
`Mar. 3, 1998
`
`USOOS724425A
`
`[54] METHOD AND APPARATUS FOR
`ENHANCING SOFTWARE SECURITY AND
`DISTRIBUTING SOFTWARE
`
`[75]
`
`Inventors: Sheue-Ling Chang. Cupertino; James
`Gosling. Woodside. both of Calif.
`
`[73] Assignee: Sun Mierosystems, Inc.
`
`[21]
`
`Appl. No.: 258,244
`
`[22]
`
`Filed:
`
`Jun. 10, 1994
`
`[51]
`
`[52]
`
`[5 8]
`
`[56]
`
`Int. Cl.‘5 .............................. .. HML 9/00; H04L 9/30;
`H04L 9/32
`
`US. Cl.
`
`................................... 380/25; 380/4; 380/23;
`380/30; 380/49; 380/50
`Field of Search .................................... 380/4. 23. 25.
`380/30. 49. 50
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`4,558,176
`4,634,807
`4,670,857
`5,343,527
`
`............................ .. 380/4
`12/1985 Arnold et al,
`..... .. 380/4
`1/1987 Chodey et al.
`
`380/4
`6/1987 Rackman
`8/1994 Moore ......................................... 380/4
`
`OTHER PUBLICATIONS
`
`Davida et 3.1.. “Defending Systems Against Viruses through
`Cryptographic Authentication”. IEEE Symposium. 1989.
`pp. 312—318.
`RSA Data Security. Inc.. “RSA Cenificate Services”. Jul. 15.
`1993. pp. 1—41.
`
`Primary Examiner—Bernarr E. Gregory
`Attorney Agent, or FimI—McCutchen. Doyle. Brown &
`Enersen LLP', Ronald S. Laurie. Esq.; Joseph Yang
`
`[57]
`
`ABSTRACT
`
`Source code to be protected. a software application writer’s
`private key. along with an application writer’s license pro-
`vided to the first computer. The application writir’s license
`includes identifying information such as the application
`writer’s name as well as the application writer’s public key.
`A compiler program executed by the first computer compiles
`the source code into binary code. and computes a message
`digest for the binary code. The first computer then encrypts
`the message digest using the application writer’s private key.
`such that the encrypted message digest is defined as a digital
`“signature” of the application writer. A software pas sport is
`then generated which includes the application writer’s digi—
`tal signature. the application writer‘s license and the binary
`code. The software passport is then distributed to a user
`using any number of software distribution models known in
`the industry. A user. upon receipt of the software passport.
`loads the passport
`into a computer which determines
`whether the software passport includes the application writ-
`er’s license and digital signature.
`In the event that
`the
`software passport does not include the application writer’s
`license. or the application writer’s digital signature. then the
`user’s computer system discards the software passport and
`does not execute the binary code. As an additional security
`step. the user’s computer computes a second message digest
`for the software passport and compares it to the first message
`digest. such that if the first and second message digests are
`not equal. the software passport is also rejected by the user’s
`computer and the code is not executed. Ifthe first and second
`message digests are equal. the user’s computer extracts the
`application writer’s public key from the application writer’s
`license for verification. The application writer’s digital sig-
`nature is decrypted using the application writer's public key.
`The user‘s computer then compares a message digest of the
`binary code to be executed. with the decrypted application
`writer’s digital signature. such that if they are equal. the
`user’s computer executes the binary code.
`
`72 Claims, 5 Drawing Sheets
`
`DEIEIUDEIEIDEIDEID
`UCIEIEIDEJEJEIDDEIE]
`DEIDUDUDUEJDEIE]
`
`BOUZOUKI
`
`US Patent No. 6,411,941
`
`HTC EX. 1014
`HTC v. Ancora
`
`Page 1
`
`Page 1
`
`HTC EX. 1014
`HTC v. Ancora
`US Patent No. 6,411,941
`
`
`
`US. Patent
`
`Mar. 3, 1998
`
`Sheet 1 of 5
`
`5,724,425
`
`DDUDDDDDDEJEID DUE!
`DDDEJUDDDDDDD EJDEI
`CIDDEIDDDEJDDDD DEM]
`
`FIG.
`
`7
`
`DUDE::JDEID DUE]
`
`APPLICA T/ON
`WRITER
`
`APP WR/IER'S LICENSE 24
`
`APP. WRITER'S
`PRMTE KEY 22
`
`
`
`SOURCE CODE
`20
`
`
`
`
`
`
`
`
`
`APP WR/IER’S MIME .30
`
`APP WRITER'S PUBLIC KEY .32
`
`
`
`VALID/TY DATE 34
`
`FIG. 4
`
`38
`
`
`
`26'
`
` COMP/LER
`
`I ANY DISTRIBUUON GHANA/EL
`
`Page 2
`
`Page 2
`
`
`
`US. Patent
`
`Mar. 3, 1998
`
`Sheet 2 of 5
`
`5,724,425
`
`FIG. 2
`
`PRODUCT INFO...
`
`COMPANY INFO...
`MUD/TY DATE...
`
`RESTRICTED RIGHTS LEGEND...
`
`APP WRITER’S NAME
`APP WRITERS PUBLIC KEIW/I’
`
`APP WRIrER's SID/VA mafifl’
`
`IDENUHCA 770N AUTHORITY: THE PLA TFORM BUILDER
`PLAIEDRII BUILDER'S SIGNA WREffff
`
`CODE BODY
`
`PRODUCT INF0....
`COMPANY INFO...
`
`VALID/TY DATE...
`
`RESTRICTED RIGHTS LEGEND...
`
`APP MIR/IER'S NAME
`APP WR/rER's PUBLIC KEMWP
`
`CODE BODY
`
`IDENIIBCA RON AUTHORITY: THE PLA IEDRII BUILDER
`PLAIEDRII BUILDER'S SIGNAIUREf/fi
`
`APP WRIEER'S SIGNAIUREI’II’I’
`
`FIG. 3
`
`Page 3
`
`Page 3
`
`
`
`US. Patent
`
`Mar. 3, 1998
`
`Sheet 3 of 5
`
`5,724,425
`
`FIG. 5
`
`
`
` APP. WRITER'
`
`
`PRM KEY
`
`
`
`
`
`APP WRITER'S LICENSE 52
`
`
`
`
`
`
`PM TFORM
`
`BUILDER
`
`
`
`APPLICA TION
`
`WRITER 60
`
`SOURCE CODE
`
`.50
`
`PM TEORM BUILDER ’S
`
`COMP/LEI?
`68
`
`
`
`PASSPORT
`
`
`
`1
`I
`
`PM TFORM
`
`Page 4
`
`Page 4
`
`
`
`US. Patent
`
`Mar. 3, 1998
`
`Sheet 4 of 5
`
`5,724,425
`
`I-MRDWARE PLATFORM
`WITH PUBLIC KEY IN
`
`REGISTER
`
`SOFTWARE
`
`ATTEMPT TO LOAD
`
`[.70. 6(0)
`
`
`SOFTWARE
`HAS PASSPORT
`?
`
`
`YES
`
`PASSPORT
`HAS LICENSE
`?
`
`
`
`N0
`
`REJECT SOFTWARE
`
`REJECT SOFTWARE
`PASSPORT
`
`
`
`
`EXTRACT LICENSE IRON
`SOHWARE PASSPORT
`
`LICENSE HAS
`ISSUERS SIGMTURE
`?
`
`
`
`
`
`
`DECRYPT ISSUER’S SIGNATURE
`USING PUBLIC KEY IN REGISTER
`
`RECOMPUTE MESSAGE
`DIGEST OF LICENSE
`
`ARE MESSAGE
`DIGESTS E0
`9
`
`SW LICENSE NOT GENUINE
`
`
`
`YES
`
`Page 5
`
`Page 5
`
`
`
`US. Patent
`
`Mar. 3, 1998
`
`Sheet 5 of 5
`
`5,724,425
`
`EXTRACT Sw'S PUBLIC
`KEY FROM APPL/CA T/ON WRIIER'S
`LICENSE
`
`Emma OOOE OOOY
`FROM fl-IE PASSPORT
`
`EXTRACT SW’S
`S/GNA TURE
`
`RECOMPUTE MESSAGE
`D/GEST OF THE CODE
`BODY
`
`OECRYPT SW'S
`SIGNATURE USING
`SW'S PUBLIC KEY
`
`COMPARE RECOMPUTED
`MESSAGE DIGEST WITH
`SW’S DECRYPTED SIG
`
`
`PASSPORT
`
`M0 = MESSAGE DIGEST
`SW = SOFTWARE
`{APPle TION)
`WRITER
`
`REJECT SOFTWARE
`
`YES
`
`EXECUTE CODE
`
`Page 6
`
`Page 6
`
`
`
`1
`METHOD AND APPARATUS FOR
`ENHANCING SOFTWARE SECURITY AND
`DISTRIBUTING SOFTWARE
`
`BACKGROUND OF THE INVENTION
`
`1. Field of the Invention
`
`The present invention relates to the use of public key
`encryption. and more particularly.
`the present invention
`relates to the use of public key encryption to achieve
`enhanced security and product authentication in the distri-
`bution of software.
`
`2. Art Background
`Public key encryption is based on encryption algorithms
`that have two keys. One key used for encryption. and the
`other key is used for decryption. There is a known algorithm
`that computes the second key given the first However.
`without full knowledge of all the parameters. one cannot
`compute the first key given the second key. The first key is
`referred to as the “private key”. and the Second key is
`referred to as the “public key”. In practice. either the private
`key or the public key may be used to encrypt a message. with
`the opposite key used to decrypt it. In general. the private
`key must be kept private. but the public key may be provided
`to anyone. A variety of public key cryptographic schemes
`have been developed for the protection of messages and data
`(See. Whitfield Diflie. "The First Ten Years of Public Key
`Cryptography" ([EEE Proceedings. Vol. 76. No. 5. 1988)
`and Fahn. “AnSWers to Frequently Asked Questions about
`Today’s Cryptography (RSA Laboratories 1992).
`Public key cryptography is used to send secure messages
`across public communication links on which an intruder
`may eavesdrop. and solves the problem of sending the
`encryption password to the other side securely.
`Public key systems may also be used to encrypt messages.
`and also to effectively sign messages. allowing the received
`party to authenticate the sender of the message. One can also
`use public key cryptography to seal or render tamper-proof
`a piece of data. In such event. the sender computes a
`message digest from the data using specially designed
`cryptographically strong digests designed for this purpose.
`The sender then uses the private key to encrypt the message
`digest. wherein this encrypted message digest is called a
`digital “signature”. The sender then packages the data. the
`message digest and the public key together. The receiver
`may check for tampering by computing the message digest
`again. then decrypting the received message digest with the
`public key. If the recomputed and decrypted message digests
`are identical. there was no tampering of the data.
`“Viruses” and “worms” are computer code cleverly
`inserted into legitimate programs which are subsequently
`executed on computers. Each time the program is executed
`the virus or worm can cause damage to the system by
`destroying valuable information. and/or further infect and
`spread to other machines on the network. While there are
`subtle differences between a virus and a worm. a critical
`component for both is that they typically require help from
`an unsuspecting computer user to successftu infect a
`computer or a corporate network.
`Infection of computers by viruses and worms is a general
`problem in the computer industry today. In addition. corpo-
`rate networks are vulnerable to frontal assaults. where an
`intruder breaks into the network and steals or destroys
`information. Security breaches of any kind on large corpo—
`rate networks are a particularly worrisome problem. because
`of the potential for large—scale damage and economic loss.
`
`5 ,724.425
`
`2
`
`Moreover. security breaches are more easily accomplished
`when a corporate network is connected to a public network.
`such as the Internet. Companies take a variety of measures
`to guard against breaches of network security. either through
`frontal assaults or infections. without cutting themselves off
`from the benefits of being connected to a world-wide
`network.
`
`The solution adopted by most companies that wish to reap
`the benefits of connecting to the Internet. while maintaining
`security. is the installation of a firewall. Firewalls generally
`restrict Internet file transfers and telnet connections. Such
`transfers and connections can only be initiated from within
`the corporate network such that externally initiated file
`transfers and telnet connections are refused by the firewall.
`Firewalls allow electronic mail and network news to freely
`flow inside the firewall’s private network. The use of cor-
`porate firewalls allows employees to readily exchange infor-
`mation within the corporate environment. without having to
`adopt extreme security measures. A good firewall irnple—
`mentation can defend against m0st of the typical frontal
`assaults on system security.
`One method of preventing viruses and worms from infect-
`ing a corporate network is to never execute a program that
`may contain viruses.
`In general. programs legitimately
`deployed throughout the corporate network should be con—
`sidered virus free. All binary executables. all unreviewed
`shell scripts. and all source code fetched from outside the
`firewall are software that may contain a worm or virus.
`However. outside binary executables. shell scripts. and
`source code may enter a corporate firewall
`through an
`E—mail attachment. For example. the shell scripts that are
`used to make and send multiple files using E-mail and the
`surveytools that start up by activating the E—mail attachment
`may allow virus entry. Executables can also be directly
`fetched through the iftp program. through a world-wide web
`browser such as Mosaic. or from an outside contractor
`whose network has already been compromised.
`In addition. the commercial software release and distri-
`bution process presents security and authentication prob-
`lems. For example. some of the information associated with
`software. such as the originating company or author.
`restricted rights legends. and the like are not attached to the
`code itself. Instead. such information is provided as printed
`matter. and is separated from the code once the package is
`opened and the code installed. Even applications that
`attempt to identify themselves on start-up are susceptible to
`having the identification forged or otherwise counterfeitecL
`A user has no mechanism to authenticate that the software
`sold is actually from the manufacturer shown on the label.
`Unauthorized copying and the sale of software is a signifi-
`cant problem. and users who believe that they are buying
`software with a manufactm'er’s warranty instead purchase
`pirated software. with neither a warranty nor software sup-
`port. The problem of authenticating the original source of
`the software is accentuated when software is intended to be
`distributed through networks. and a user‘s source for the
`software may be far removed from the original writer of the
`software. In addition. a user does not have that ability to
`verify that the software purchased contains only the original
`manufacturer’s code. A user also does not have a method for
`detecting any tampering. such as the existence of a virus.
`that may cause undesirable effects.
`All of the above problems are related to the transport of
`software both from manufacturers to users and from user to
`user. Furthermore. the transport problem is independent of
`the transport medium The problem applies to all transport
`media. including floppy disk. magnetic tape. CD—ROM and
`networks.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`Page 7
`
`Page 7
`
`
`
`3
`
`4
`
`5.724.425
`
`As will be described. the present invention provides a
`method and apparatus for authenticating that software dis—
`tributed by a manufacturer is a legitimate copy of an
`authorized software release. and that the software contains
`
`only the original manufacturers code without tampering.
`The present invention solves the above identified problems
`through the use of a “software passport" which includes the
`digital signature of the application writer and manufacturer.
`As will be described. the present invention may also be used
`to protect intellectual property. in the form of copyrighted
`computer code. by utilizing cryptographic techniques
`referred to herein as public key encryption.
`SUMMARY OF THE INVENTION
`
`This invention provides a method and apparatus utilizing
`public key encryption techniques for enhancing software
`security and for distributing software. The present invention
`includes a first computa' which is provided with source code
`to be protected using the teachings of the present invention.
`In addition. a software application writer’s private key.
`along with an application writer’s license provided to the
`first computer. An application writer generally means a
`software company such as Microsoft Corporation.Adobe or
`Apple Computer.
`Inc. The application writer’s license
`includes identifying information such as the application
`writer’s name as well as the application writer’s public key.
`A compiler program executed by the first computer compiles
`the source code into binary code. and computes a message
`digest for the binary code. The first computer then encrypts
`the message digest using the application writer’ 5 private key.
`such that the encrypted message digest is defined as a digital
`“signature” of the application writer. A software passport is
`then generated which includes the application writer’s digi-
`tal signature. the application writer’s license and the binary
`code. The software passport is then distributed to a usa-
`using any number of software distribution models known in
`the industry.
`A user. upon receipt of the software passport. loads the
`passport into a computer which determines whether the
`software passport includes the application writer’s license
`and digital signature. In the event that the software passport
`does not include the application writer’s license. or the
`application writer’s digital signature. then the user’s com-
`puter system discards the software passport and does not
`execute the binary code. As an additional secmity step. the
`usa’s computer computes a second message digest for the
`software passport and compares it to the first message digest.
`such that if the first and second message digests are not
`equal. the software passport is also rejected by the usa’s
`computer and the code is not executed. If the first and second
`message digests are equal. the user’s computer extracts the
`application writer’s public key from the application writer’s
`license for verification. The application writer’s digital sig—
`nature is decrypted using the application writer’s public key.
`The user’s computm' then compares a message digest of the
`binary code to be executed. with the decrypted application
`writer’s digital signature. such that if they are equal. the
`user’s computer executes the binary code. Accordingly.
`software products distributed with the present invention‘s
`software passport permits the user’s computm' to authenti-
`cate the software as created by an authorized application
`writm' who has been issued a valid application writer’s
`license. Any unauthorized changes to the binary code com-
`prising the distributed software is evident through the com-
`parison of the calculated and encrypted message digests.
`The present invention is also described with reference to
`an embodiment used by computing platforms designed to
`
`execute only authorized software. A platform builder pro—
`vides an application writer with a platform builder’s digital
`signature which is included in the application writer’s
`license. The first computer compiles the software into binary
`code and computes a first message digest for the binary
`code. The first computer further encrypts the first message
`digest using the application writer‘s private key. such that
`the encrypted first message digest is defined as the applica—
`tion writer’s digital signature. A software passport is gen-
`erated which includes the application writer’s digital
`signature. the application writer’s license and the binary
`code. The software passport is then distributed to a user
`through existing software distribution channels. The user’s
`computing platform. which may be a computer. a video
`game box or a set top box. is provided with the platform
`builder’s public key. Upon receipt of the software passport.
`the computing platform determines if the software passport
`includes an application writer’s license. If it does not. the
`hardware platform rejects the execution of the code. If a
`software passport is present. the hardware platform extracts
`the application writer’s license from the passport and deter-
`mines whether or not the passport includes the platform
`builder’s signature. The platform builder’s signature is then
`decrypted using the public key provided in the platform. The
`computing platform recomputes the message digest of the
`application writer’s license. and compares the received
`message digest with the recomputed message digest. such
`that if the digests are not equal. the software passport is not
`considered genuine and is rejected. If the message digests
`are equal. the hardware platform extracts the application
`writer’s public key from the application writer’s license. and
`extracts the application writer’s digital signature. The hard-
`ware platform then recomputes the message digest of the
`binary code comprising the application software to be
`executed. and decrypts the application writa’s digital sig-
`nature using the application writer’s public key. The hard-
`ware platform then compares the recomputed message
`digest for the binary code with the application writer’s
`decrypted signature. such that if they are equal. the binary
`code is executed by the hardware platform. If the recom—
`puted message digest and the application writer’s decrypted
`signature are not equal. the software passport is rejected and
`the code is not executed
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 illustrates a data processing system incorporating
`the teachings of the present invention.
`FIG. 2 conceptually illustrates use of the present inven—
`tion’s software passport where the application code and the
`software passport are provided in separate files.
`FIG. 3 conceptually illustrates use of the present inven-
`tion’s use of the software passport where the application
`code and the software passport are distributed in the same
`file.
`
`FIG. 4 diagrammatically illustrates the present inven-
`tion’s process for genm'ating a software passport.
`FIG. 5 diagrammatically illustrates the use of the present
`invention for platform producer licensing.
`FIGS. 6:: and 6b are flowcharts illustrating the steps
`executed by the present invention for verifying that a valid
`software license exists. and that
`the software writer’s
`(“SW’s”) signature is valid. prior to permitting the execution
`of a computer program.
`NOTATION AND NOMENCLATURE
`
`The detailed descriptions which follow are presented
`largely in terms of symbolic representations of operations of
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`Page 8
`
`Page 8
`
`
`
`5 .724,425
`
`5
`
`data processing devices. These process descriptions and
`representations are the means used by those skilled in the
`data processing arts to most effectively convey the substance
`of their work to others skilled in the art.
`
`An algorithm is here. and generally. conceived to be a
`self-consistent sequence of steps leading to a desired result.
`These steps are those requiring physical manipulations of
`physical quantities. Usually. though not necessarily. these
`quantities may take the form of electrical or magnetic
`signals capable of being stored.
`transferred. combined.
`compared. displayed and otherwise manipulated. It proves
`convenient at
`times. principally for reasons of common
`usage. to refer to these signals as bits. values. messages.
`names. elements. symbols. operations. messages.
`terms.
`numbers. or the like. It should be borne in mind. however.
`that all of these similar terms are to be associated with the
`appropriate physical quantities and are merely convenient
`labels applied to these quantities.
`In the present invention. the operations referred to are
`machine Operations. Useful machines for performing the
`operations of the present invention include general purpose
`digital computers or other similar devices. In all cases. the
`reader is advised to keep in mind the distinction between the
`method operations of operating a computer and the method
`of computation itself. The present
`invention relates to
`method steps for operating a computer. coupled to a series
`of networks. and processing electrical or otha physical
`signals to generate other desired physical signals.
`The present invention also relates to apparatus for per-
`forming these operations. This apparatus may be specially
`constructed for the required purposes or it may comprise a
`general purpose computer selectively activated or reconfig—
`ured by a computer program stored in the computer. The
`method/process steps presented herein are not inherently
`related to any particular computer or other apparatus. Vari-
`ous general purpose machines may be used with programs in
`accordance with the teachings herein. or it may prove more
`convenient to construct specialized apparatus to perform the
`required method steps. The required structure for a variety of
`these machines will be apparent from the description given
`below.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`In the following description. numerous specific details are
`set forth such as system configurations. representative data.
`computer code organization. encryption methods. and
`devices. etc.. to provide a thorough understanding of the
`present invention. However. it will be apparent to one skilled
`in the art that the present invention may be practiced without
`these specific details. In other instances. well known circuits
`and structures are not described in detail in order to not
`
`obscure the present invention. Moreover. certain terms such
`as “knows”. “verifies”. “compares”. “examines”. “utilizes”.
`“finds”. “determines”. “challenges”. “authenticates”. etc..
`are used in this Specification and are considered to he terms
`of art. The use of these terms. which to a casual reader may
`be considered personifications of computer or electronic
`systems. refers to the functions of the system as having
`human-like attributes. for simplicity. For example. a refer-
`ence herein to an electronic system as “determining” some-
`thing is simply a shorthand method of describing that the
`electronic system has been programmed or otherwise modi-
`fied in accordance with the teachings herein. The reader is
`cautioned not to confuse the functions described with eVCry—
`day human attributes. These functions are machine functions
`in every sense.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`6
`Exemplary Hardware
`FIG. 1 illustrates a data processing system in accordance
`with the teachings of the present invention. Shown is a
`computer 10. which comprises three major components. The
`first of these is an input/output (I/O) circuit 12 which is used
`to communicate information in appropriately sn'uctured
`form to and from other portions of the computer 10. In
`addition. computer 10 includes a central processing (CPU)
`13 coupled to the I/O circuit 12 and a memory 14. These
`elements are those typically found in most general purpose
`computers and.
`in fact. computer 10 is intended to be
`representative of a broad category of data processing
`devices.Also. the computer 10 may be coupled to a network.
`in accordance with the teachings herein. The computer 10
`may further include encrypting and decrypting circuitry
`incorporating the present
`invention. or as will be
`appreciated. the present invention may be implemented in
`software executed by computer 10. Araster display monitor
`16 is shown coupled to the I/O circuit 12 and issued to
`display images generated by CPU 13 in accordance with the
`present invention. Any well known variety of cathode ray
`tube (CRT) or other type of display may be utilized as
`display 16.
`The present invention’s software passport identifies a
`portion of software. or some machine code (hereinafter
`“code”). in a manner similar to how a physical passport
`identifies a person. The concept is similar to the real—life
`passport system which forms the basis of a trust model
`among different nations. Physical passports enable border
`entry officers to identify each individual and make certain
`decisions based on his/her passport. As will be described
`below. a software passport is a modern release process for
`distributing software products. A software passpcrt gives a
`software product an identity and a brand name. The software
`passport provides the basis of a trust model and allows
`computer users to identify and determine the genuineness of
`a software product based on the information contained in its
`passport.
`Referring now to FIG. 2. the present invention is illus—
`trated in conceptual form for the case where the computer
`code (comprising a piece of software) and the software
`passport are in separate files. FIG. 3 illustrates the use of the
`present invention where the computer code comprising a
`piece of software and the software passport are in the same
`file.
`As illustrated in FIGS. 2 and 3. the information included
`in the present invention’s software passport may include:
`product information. such as the software product’s name
`and any other relevant
`information to the specific
`product;
`company information including the name of the company
`or the software application writer who has produced the
`product;
`a validity date which includes the issue date of the
`software passport and the expiration date of the pass-
`port;
`a restricted rights legend including copyright notices and
`other similar legends;
`the software code body including executable application
`code distributed to the user;
`an application writer’s license; and.
`a software application writer’s digital signature.
`It will be appreciated that the components of a softWare
`passport are generally self-explanatory. with the application
`writer’s license and digital signature explained in more
`detail below.
`
`Page 9
`
`Page 9
`
`
`
`5.724.425
`
`7
`SOFTWARE PRODUCER’S DIGITAL SIGNATURE
`A digital “signature” is produced by using certain cryp-
`tographic techniques of computing a message digest of a
`piece of software code (hereinafter “code”). and encrypting
`the message digest using the signer’s private key. There are
`many known message digest algorithms. such as the MD2.
`MD4. and MDS algorithms published by RSA. Inc. The use
`of private cryptographic techniques makes this signature
`very difficult to forge since the signer keeps the private key
`secret. The reader is referred to the papers by Whitfield
`Diflie. “The First Ten Years of Public Key Cryptography".
`Vol. 76. No. 5 (IEEE Proceedings. May 1988). which is
`attached hereto as Appendix A; and Whitfield Billie. et al..
`“Authentication and Authenticated Key Exchanges" (1992
`[fluwer Academic Publishers) attached hereto as Appendix
`B. for a detailed description of the operation of Diflie—
`Helman certificates and public key cryptography.
`One may conceptualize the computing of the message
`digest for a piece of code as a mechanism of taking a photo
`snapshot of the software. When the code changes. its mes-
`sage digest reflects any differences. In the system of the
`present invention. this “digital signature” is stamped on the
`product prior to its release. The digital signature associates
`a product with the entity that has produced it. and enables
`consumers to evaluate the quality of a product based on the
`reputation of the producer. The signature also permits a
`consumer to distinguish the genuineness of a product.
`SOFTWARE PRODUCER’S LICENSE
`The present invention’s software producer's license (at
`time referred to herein as the “application writer’s license”)
`is an identification similar to the home repair contractor’s
`license issued by a state. A software producer’s license
`identifies and certifies that the producer is authorized to
`perform certain software production activities. It is contem-
`plated that the software producer’s license will be issued by
`some commonly—trusted authority established by the com-
`puter software industry. Before issuing an license to a
`software producer. this authority performs a defined process
`to authenticate the person or company. and to verify their job
`skill; as a state does before issuing a contractor’s license. For
`convenience. in this Specification. this commonly-trusted
`entity is referred to as the Software Publishing Authority
`(“SPA”).
`A software producer’s license contains the following
`information:
`
`the producer’s name;
`the license‘s issue date;
`
`the license’s expiration date;
`the producer’s public key;
`the name of the issuing authority. SPA; and
`the SPA’s digital signature.
`A software producer’s license associates an application
`writer with a name and a public key. It enables a software
`producer to produce multiple products. and to sign every
`product produced. The public key embedded in a license
`belongs to the person who owns the license. This public key
`can later be used by any third party to verify the producer's
`digital signature. A user who has purchased a product can
`determine the genuineness of a product by using the public
`key embedded in the producer's identification to authenti-
`cate the digital signature.
`The SPA’s digital signature is generated by computing the
`message digest of the producer’s identification and encrypt-
`ing the message digest using the SPA’s private key. Since the
`SPA’s private key is kept private to the SPA. third parties are
`not able to easily forge the SPA’s signature to produce a fake
`identification.
`
`8
`
`In accordance with the teachings of the present invention.
`a software application writer (“SW”) supplies three major
`pieces of information to a compiler prior to compilation of
`the code:
`the source code written by the application writer;
`the application writer’s private key; and
`the application writer’s license.
`The code included in a passport may comprise source
`code in various computer languages. assembly code.
`machine binary code. or data. The code may be stored in
`various formats. For example. a piece of source code may be
`stored in a clear text form in the passport. Aportion of binary
`executable machine code may also be stored in a compacted
`format in the passport. using certain well known compaction
`algorithms such as Hufiman encoding. The format used in a
`particular implementation is indicated by a flag in the
`passport.
`Binary executable code may further be stored in a
`printable-character set format to allow the passport to be
`printed. A user would then reverse the printable—format to
`recover the software. Moreover. code protected by intellec-
`tual property. such as copyright or patent. may be stored in
`an enqypted format in the passport. In such case. it is
`contemplated that a user may be required to pay a license fee
`prior to gaining access to the software.
`Referring now to FIG. 4. to generate the software pas sport
`of the present invention. the original source code 20. the