`US005724425A
`|
`5,724,425
`[11] Patent Number:
`United States Patent 1»
`Mar. 3, 1998
`[45] Date of Patent:
`Changetal.
`
`
`[54] METHOD AND APPARATUS FOR
`ENHANCING SOFTWARE SECURITY AND
`DISTRIBUTING SOFTWARE
`
`[75]
`
`Inventors: Sheue-Ling Chang, Cupertino; James
`Gosling. Woodside, both of Calif.
`
`[73] Assignee: Sun Microsystems, Inc.
`
`[21]
`
`Appl. No.: 258,244
`
`[22]
`
`Filed:
`
`Jun. 10, 1994
`
`[51]
`
`[52]
`
`[58]
`
`[56]
`
`Tint, CLS cecesssssssssescossscasenesesss HO4L 9/00; HO4L 9/30;
`HO4L 9/32
`
`US. Ch.
`
`ceccccsscssescserscecnseeecerseee 380/25; 380/4; 380/23;
`380/30; 380/49; 380/50
`Field of Seared o...cccescscscsssssscsssesssees 380/4, 23, 25,
`380/30, 49, 50
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`4,558,176
`4,634,807
`4,670,857
`5,343,527
`
`12/1985 Amolet ab...cecsserseeseeeseens 380/4
`1/1987 Chorley et al. 0...
`csscsssseseeeres 380/4
`
`6/1987 Rackman .....
`vw 380/4
`8/1994 MOOD) cesssssccesserssecerssereansressaaneserse 380/4
`
`OTHER PUBLICATIONS
`
`Davida et al., “Defending Systems Against Viruses through
`Cryptographic Authentication”, IEEE Symposium. 1989,
`pp. 312-318.
`RSAData Security. Inc., “RSA Certificate Services”. Jul. 15,
`1993, pp. 1-41.
`
`Primary Examiner—Bernarr E. Gregory
`Attorney, Agent, or Firm—McCutchen, Doyle, Brown &
`Enersen LLP; Ronald S. Laurie, Esq.; Joseph Yang
`
`[57]
`
`ABSTRACT
`
`Source code to be protected, a software application writer’s
`private key, along with an application writer’s license pro-
`vided to the first computer. The application writer’s license
`includes identifying information such as the application
`writer’s name as well as the application writer’s public key.
`Acompiler program executed bythefirst computer compiles
`the source code into binary code. and computes a message
`digest for the binary code. Thefirst computer then encrypts
`the message digest using the application writer’s private key,
`such that the encrypted message digest is defined as a digital
`“signature” of the application writer. A software passport is
`then generated which includes the application writer’s digi-
`tal signature, the application writer’s license and the binary
`code. The software passport is then distributed to a user
`using apy number of software distribution models knownin
`the industry. A user, upon receipt of the software passport,
`loads the passport
`into a computer which determines
`whether the software passport includes the application writ-
`er’s license and digital signature.
`In the event that
`the
`software passport does not include the application writer's
`license, or the application writer’s digital signature, then the
`user’s computer system discards the software passport and
`does not execute the binary code. As an additional security
`step, the user’s computer computes a second message digest
`for the software passport and comparesit to the first message
`digest, such that if the first and second message digests are
`not equal, the software passport is also rejected by the user’s
`computer and the codeis not executed.If the first and second
`message digests are equal, the user’s computer extracts the
`application writer’s public key from the application writer’s
`license for verification. The application writer’s digital sig-
`nature is decrypted using the application writer’s public key.
`The user’s computer then compares a message digest of the
`binary code to be executed, with the decrypted application
`writer’s digital signature, such that if they are equal. the
`user’s computer executes the binary code.
`
`72 Claims, 5 Drawing Sheets
`
`US Patent No. 6,411,941
`
`OOOOooo0o0o0o00
`OoOoOoooo0o0ooo0o0
`QNoOoooooooeoo
`
`HTC EX. 1014
`HTC v. Ancora
`
`Page 1
`
`Page 1
`
`HTC EX. 1014
`HTC v. Ancora
`US Patent No. 6,411,941
`
`
`
`U.S. Patent
`
`FIG.
`
`Mar. 3, 1998
`
`Sheet 1 of 5
`
`5,724,425
`
`OOoOooo0oo00o0o0
`OOOOO0Oo0o0000
`
`
`APP. WRITER'S
`
`PRIVATE KEY 22
`
`
`
`APP WRITER'S LICENSE 24
`
`APP WRITER'S NAME 30
`
`APP WRITER'S PUBLIC KEY 32
`
`OOO0O000o0o0000
`
`
`
`
`
`VALIDITY DATE 34
`
`FIG. 4
`
`ANY DISTRIBUTION CHANNEL
`
`Page 2
`
`Page 2
`
`
`
`U.S. Patent
`
`Mar. 3, 1998
`
`Sheet 2 of 5
`
`5,724,425
`
`FIG. 2
`
`PRODUCT INFO...
`COMPANY INFO...
`VALIDITY DATE...
`RESTRICTED RIGHTS LEGEND...
`
`APP WRITER'S NAME
`APP WRITER’S PUBLIC KEY-f¢pf
`
`
`
`(DENTIFICATION AUTHORITY: THE PLATFORM BUILDER
`PLATFORM BUILDER'S SIGNATURE:FFE¢
`APP WRITER'S SIGNATURE:PPFP
`
`CODE BODY
`
`PRODUCTINFO...
`COMPANYINFO...
`VALIDITY DATE...
`RESTRICTED RIGHTS LEGEND...
`
`APP WRITER'S NAME
`APP WRITER'S PUBLIC KEY:pf4F
`
`
`
`IDENTIFICATION AUTHORITY: THE PLATFORM BUILDER
`PLATFORM BUILDER'S SIGNATURE:F#EF4
`
`APP WRITER'S SIGNATURE:feoP
`CODE BODY
`
`FIG. 3
`
`Page 3
`
`Page 3
`
`
`
`U.S. Patent
`
`Mar. 3, 1998
`
`Sheet 3 of 5
`
`5,724,425
`
`FIG. 5
`
`PLATFORM
`BUILDER
`
`
`
`APPLICATION
`WRITER 60
`
`
`
`
`
`
` APP. WRITER’
`
`
`
`
`PRIVAee KEY
`
`
`
`APP WRITER'S LICENSE 52
`
`SOURCE CODE
`
`APP WRITER'S NAME
`
`APP WRITER'S PUBLIC KEY 62
`
`VALIDITY DATE
`
`PLATFORM BUILDER'S SIGNATURE
`
`COMPILER
`68
`
`
`
`PASSPORT
`
`
`]
`
`PLATFORM BUILDER'S
`
`PLATFORM
`
`Page 4
`
`Page 4
`
`
`
`U.S. Patent
`
`Mar. 3, 1998
`
`Sheet 4 of 5
`
`5,724,425
`
`HARDWARE PLATFORM
`WITH PUBLIC KEY IN
`
`REGISTER
`
`SOFTWARE
`
`ATTEMPT TO LOAD
`
`FIG. 6(a)
`
`
` SOFTWARE
`
`
`
`HAS PASSPORT
`?
`
`
`NO
`
`YES
`
`REJECT SOFTWARE
`
`
`
`
`PASSPORT
`REJECT SOFTWARE
`HAS LICENSE
`
`
`PASSPORT
`?
`
`EXTRACT LICENSE FROM
`SOFTWARE PASSPORT
`
`
`
`
`
`LICENSE HAS
`ISSUERS SIGNATURE,
`?
`
`
`
`
`DIGEST OF LICENSE
`
`
`
`
`DECRYPT ISSUER'S SIGNATURE
`USING PUBLIC KEY IN REGISTER
`
`
`RECOMPUTE MESSAGE
`
`
`ARE MESSAGE
`DIGESTS EQ
`?
`
`
`SW LICENSE NOT GENUINE
`
`YES
`
`Page 5
`
`Page 5
`
`
`
`U.S. Patent
`
`Mar. 3, 1998
`
`Sheet 5 of 5
`
`5,724,425
`
`EXTRACT SW’S PUBLIC
`KEY FROM APPLICATION WRITER'S
`LICENSE
`
`EXTRACT CODE BODY
`FROM THE PASSPORT
`
`EXTRACT SW’S
`SIGNATURE
`
`WRITER
`PASSPORT
`
`RECOMPUTE MESSAGE
`DIGEST OF THE CODE
`BODY
`
`MD = MESSAGE DIGEST
`SW = SOFTWARE
`(APPLICATION)
`
`DECRYPT SW’S
`SIGNATURE USING
`SWS PUBLIC KEY
`
`COMPARE RECOMPUTED
`MESSAGE DIGEST WITH
`SWS DECRYPTED SiG
`
`REJECT SOFTWARE
`
`YES
`
`EXECUTE CODE
`
`Page 6
`
`Page 6
`
`
`
`5,724,425
`
`1
`METHOD AND APPARATUS FOR
`ENHANCING SOFTWARE SECURITY AND
`DISTRIBUTING SOFTWARE
`
`BACKGROUNDOF THE INVENTION
`
`1. Field of the Invention
`The present invention relates to the use of public key
`encryption, and more particularly,
`the present invention
`relates to the use of public key encryption to achieve
`enhanced security and product authentication in the distri-
`bution of software.
`
`2. Art Background
`Public key encryption is based on encryption algorithms
`that have two keys. One key used for encryption, and the
`other key is used for decryption. There is a known algorithm
`that computes the second key given the first. However.
`without full knowledge of all the parameters, one cannot
`compute the first key given the second key. The first key is
`referred to as the “private key”, and the second key is
`referred to as the “public key”. In practice, either the private
`key or the public key may be used to encrypt a message, with
`the opposite key used to decrypt it. In general. the private
`key must be keptprivate, but the public key may be provided
`to anyone, A variety of public key cryptographic schemes
`have been developed for the protection of messages anddata
`(See, Whitfield Diffie. “The First Ten Years of Public Key
`Cryptography” (IEEE Proceedings, Vol. 76. No. 5. 1988)
`and Fahn, “Answers to Frequently Asked Questions about
`Today’s Cryptography (RSA Laboratories 1992).
`Public key cryptography is used to send secure messages
`across public communication links on which an intruder
`may eavesdrop, and solves the problem of sending the
`encryption password to the other side securely.
`Public key systems may also be used to encrypt messages,
`and also to effectively sign messages, allowing the received
`party to authenticate the sender of the message. One can also
`use public key cryptography to seal or render tamper-proof
`a piece of data. In such event, the sender computes a
`message digest from the data using specially designed
`cryptographically strong digests designed for this purpose.
`The sender then usesthe private key to encrypt the message
`digest. wherein this encrypted message digest is called a
`digital “signature”. The sender then packages the data, the
`message digest and the public key together. The receiver
`may check for tampering by computing the message digest
`again, then decrypting the received message digest with the
`public key.If the recomputed and decrypted message digests
`are identical, there was no tampering of the data.
`“Viruses” and “worms” are computer code cleverly
`inserted into legitimate programs which are subsequently
`executed on computers. Each time the program is executed
`the virus or worm can cause damage to the system by
`destroying valuable information, and/or further infect and
`spread to other machines on the network. While there are
`subtle differences between a virus and a worm,a critical
`componentfor both is that they typically require help from
`an unsuspecting computer user to successfully infect a
`computer or a corporate network.
`Infection of computers by viruses and worms is a general
`problem in the computer industry today. In addition, corpo-
`rate networks are vulnerable to frontal assaults, where an
`intruder breaks into the network and steals or destroys
`information. Security breaches of any kind on large corpo-
`rate networks are a particularly worrisome problem. because
`of the potential for large-scale damage and economicloss.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`2
`Moreover, security breaches are more easily accomplished
`when a corporate network is connected to a public network,
`such as the Internet. Companies take a variety of measures
`to guard against breaches of network security, either through
`frontal assaults or infections, without cutting themselves off
`from the benefits of being connected to a world-wide
`network.
`The solution adopted by most companiesthat wish to reap
`the benefits of connecting to the Internet. while maintaining
`security, is the installation of a firewall. Firewalls generally
`restrict Internet file transfers and telnet connections. Such
`transfers and connections can only be initiated from within
`the corporate network, such that externally initiated file
`transfers and telnet connections are refused by the firewall.
`Firewalls allow electronic mail and network newsto freely
`flow inside the firewall’s private network. The use of cor-
`porate firewalls allows employeesto readily exchange infor-
`mation within the corporate environment. without having to
`adopt extreme security measures. A good firewall imple-
`mentation can defend against most of the typical frontal
`assaults on system security.
`One methodofpreventing viruses and worms from infect-
`ing a corporate network is to never execute a program that
`may contain viruses.
`In general, programs legitimately
`deployed throughout the corporate network should be con-
`sidered virus free. All binary executables, all unreviewed
`shell scripts, and alli source code fetched from outside the
`firewall are software that may contain a worm or virus.
`However. outside binary executables, shell scripts, and
`source code may enter a corporate firewall
`through an
`E-mail attachment. For example. the shell scripts that are
`used to make and send multiple files using E-mail and the
`surveytools that start up by activating the E-mail attachment
`may allow virus entry. Executables can also be directly
`fetched through the iftp program, through a world-wide web
`browser such as Mosaic, or from an outside contractor
`whose network has already been compromised.
`In addition, the commercial software release and distri-
`bution process presents security and authentication prob-
`lems. For example, some of the information associated with
`software, such as the originating company or author.
`restricted rights legends, and the like are not attachedto the
`code itself. Instead. such information is provided as printed
`matter, and is separated from the code once the package is
`opened and the code installed. Even applications that
`attempt to identify themselves on start-up are susceptible to
`havingthe identification forged or otherwise counterfeited.
`Auser has no mechanism to authenticate that the software
`sold is actually from the manufacturer shown onthe label.
`Unauthorized copying and the sale of software is a signifi-
`cant problem. and users who believe that they are buying
`software with a manufacturer’s warranty instead purchase
`pirated software. with neither a warranty nor software sup-
`port. The problem of authenticating the original source of
`the software is accentuated when software is intended to be
`distributed through networks. and a user’s source for the
`software may be far removed from the original writer of the
`software. In addition, a user does not have that ability to
`verify that the software purchased contains only the original
`manufacturer’s code. A user also does not have a method for
`detecting any tampering, such as the existence of a virus.
`that may cause undesirable effects.
`All of the above problems are related to the transport of
`software both from manufacturers to users and from user to
`user. Furthermore, the transport problem is independent of
`the transport medium. The problem applies to all transport
`media. including floppy disk, magnetic tape. CD-ROM and
`networks.
`
`Page 7
`
`Page 7
`
`
`
`5,724,425
`
`3
`As will be described. the present invention provides a
`method and apparatus for authenticating that software dis-
`tributed by a manufacturer is a legitimate copy of an
`authorized software release, and that the software contains
`only the original manufacturers code without tampering.
`The present invention solves the above identified problems
`through the useof a “software passport” which inciudes the
`digital signature of the application writer and manufacturer.
`Aswill be described. the present invention may also be used
`to protect intellectual property, in the form of copyrighted
`computer code, by utilizing cryptographic techniques
`referred to herein as public key encryption.
`SUMMARYOF THE INVENTION
`This invention provides a method and apparatus utilizing
`public key encryption techniques for enhancing software
`security and for distributing software. The present invention
`includesa first computer which is provided with source code
`to be protected using the teachings of the present invention.
`In addition, a software application writer's private key.
`along with an application writer’s license provided to the
`first computer. An application writer generally means a
`software company such as Microsoft Corporation, Adobe or
`Apple Computer,
`Inc. The application writer’s license
`includes identifying information such as the application
`writer’s name as well as the application writer’s public Key.
`Acompiler program executed by the first computer compiles
`the source code into binary code, and computes a message
`digest for the binary code. The first computer then encrypts
`the message digest using the application writer’s private key,
`such that the encrypted message digest is definedas a digital
`“signature” of the application writer. A software passport is
`then generated which includes the application writer’s digi-
`tal signature. the application writer’s license and the binary
`code. The software passport is then distributed to a user
`using any numberof software distribution models known in
`the industry.
`A user, upon receipt of the software passport, loads the
`passport into a computer which determines whether the
`software passport includes the application writer’s license
`and digital signature. In the event that the software passport
`does not include the application writer’s license. or the
`application writer’s digital signature, then the user’s com-
`puter system discards the software passport and does not
`execute the binary code. As an additional security step. the
`user’s computer computes a second message digest for the
`software passport and comparesit to the first message digest,
`such that if the first and second message digests are not
`equal, the software passport is also rejected by the user’s
`computer andthe code is not executed.If the first and second
`message digests are equal, the user’s computer extracts the
`application writer’s public key from the application writer’s
`license for verification. The application writer’s digital sig-
`nature is decrypted using the application writer’s public key.
`The user’s computer then compares a message digest of the
`binary code to be executed, with the decrypted application
`writer’s digital signature, such that if they are equal. the
`user’s computer executes the binary code. Accordingly.
`software products distributed with the present invention’s
`software passport permits the user’s computer to authenti-
`cate the software as created by an authorized application
`writer who has been issued a valid application writer’s
`license. Any unauthorized changes to the binary code com-
`prising the distributed software is evident through the com-
`parison of the calculated and encrypted message digests.
`Thepresent invention is also described with reference to
`an embodiment used by computing platforms designed to
`
`4
`execute only authorized software. A platform builder pro-
`vides an application writer with a platform builder’s digital
`signature which is included in the application writer’s
`license. The first computer compiles the software into binary
`code and computes a first message digest for the binary
`code. The first computer further encrypts the first message
`digest using the application writer’s private key, such that
`the encrypted first message digest is defined as the applica-
`tion writer’s digital signature. A software passport is gen-
`erated which includes the application writer’s digital
`signature, the application writer’s license and the binary
`code. The software passport is then distributed to a user
`through existing software distribution channels. The user’s
`computing platform, which may be a computer. a video
`game box or a set top box, is provided with the platform
`builder’s public key. Upon receipt of the software passport,
`the computing platform determinesif the software passport
`includes an application writer’s license. If it does not, the
`hardware platform rejects the execution of the code. If a
`software passport is present, the hardware platform extracts
`the application writer’s license from the passport and deter-
`mines whether or not the passport includes the platform
`builder’s signature. The platform builder’s signature is then
`decrypted using the public key provided in the platform. The
`computing platform recomputes the message digest of the
`application writer’s license, and compares the received
`message digest with the recomputed message digest, such
`that if the digests are not equal. the software passport is not
`considered genuine and is rejected. If the message digests
`are equal, the hardware platform extracts the application
`writer’s public key from the application writer’s license, and
`extracts the application writer’s digital signature. The hard-
`ware platform then recomputes the message digest of the
`binary code comprising the application software to be
`executed, and decrypts the application writer’s digital sig-
`nature using the application writer’s public key. The hard-
`ware platform then compares the recomputed message
`digest for the binary code with the application writer’s
`decrypted signature, such that if they are equal, the binary
`code is executed by the hardware platform. If the recom-
`puted message digest and the application writer’s decrypted
`signature are not equal, the software passport is rejected and
`the code is not executed.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG.1 illustrates a data processing system incorporating
`the teachings of the present invention.
`FIG. 2 conceptually illustrates use of the present inven-
`tion’s software passport where the application code and the
`software passport are provided in separate files.
`FIG. 3 conceptually illustrates use of the present inven-
`tion’s use of the software passport where the application
`code and the software passport are distributed in the same
`file.
`FIG. 4 diagrammatically illustrates the present inven-
`tion’s process for generating a software passport.
`FIG. § diagrammatically illustrates the use of the present
`invention for platform producer licensing.
`FIGS. 6a and 66 are flowcharts illustrating the steps
`executed by the present invention for verifying that a valid
`software license exists, and that
`the software writer’s
`(“SW’s”) signature is valid, prior to permitting the execution
`of a computer program.
`NOTATION AND NOMENCLATURE
`
`The detailed descriptions which follow are presented
`largely in terms of symbolic representations of operations of
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`Page 8
`
`Page 8
`
`
`
`5,724,425
`
`5
`data processing devices. These process descriptions and
`representations are the means used by those skilled in the
`data processing arts to mosteffectively convey the substance
`of their work to others skilled in the art.
`
`An algorithm is here, and generally. conceived to be a
`self-consistent sequence of steps leading to a desired result.
`These steps are those requiring physical manipulations of
`physical quantities. Usually, though not necessarily, these
`quantities may take the form of electrical or magnetic
`signals capable of being stored,
`transferred, combined.
`compared, displayed and otherwise manipulated. It proves
`convenient at
`times, principally for reasons of common
`usage, to refer to these signals as bits, values, messages,
`names, elements, symbols, operations, messages,
`terms,
`numbers, or the like. It should be borne in mind, however.
`that all of these similar terms are to be associated with the
`appropriate physical quantities and are merely convenient
`labels applied to these quantities.
`In the present invention, the operations referred to are
`machine operations. Useful machines for performing the
`operations of the present invention include general purpose
`digital computers or other similar devices. In all cases, the
`reader is advised to keep in mind the distinction between the
`method operations of operating a computer and the method
`of computation itself. The present
`invention relates to
`method steps for operating a computer, coupled to a series
`of networks, and processing electrical or other physical
`signals to generate other desired physical signals.
`The present invention also relates to apparatus for per-
`forming these operations. This apparatus may be specially
`constructed for the required purposes or it may comprise a
`general purpose computer selectively activated or reconfig-
`ured by a computer program stored in the computer. The
`method/process steps presented herein are not inherently
`related to any particular computer or other apparatus. Vari-
`ous general purpose machines may be used with programs in
`accordance with the teachings herein, or it may prove more
`convenientto construct specialized apparatus to perform the
`required method steps. The required structure for a variety of
`these machines will be apparent from the description given
`below.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`In the following description, numerous specific details are
`set forth such as system configurations, representative data,
`computer code organization, encryption methods, and
`devices, etc., to provide a thorough understanding of the
`present invention. However,it will be apparentto one skilled
`in the art that the present invention may be practiced without
`these specific details. In other instances. well knowncircuits
`and structures are not described in detail in order to not
`obscure the present invention. Moreover, certain terms such
`as “knows”. “verifies”, “compares”, “examines”, “utilizes”,
`“finds”, ‘‘determines”, “challenges”, “authenticates”, etc..
`are used in this Specification and are considered to be terms
`of art. The use of these terms, which to a casual reader may
`be considered personifications of computer or electronic
`systems, refers to the functions of the system as having
`human-like attributes, for simplicity. For example, a refer-
`ence herein to an electronic system as “determining” some-
`thing is simply a shorthand method of describing that the
`electronic system has been programmed or otherwise modi-
`fied in accordance with the teachings herein. The reader is
`cautioned not to confuse the functions described with every-
`day human attributes. These functions are machine functions
`in every sense.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`6
`Exemplary Hardware
`FIG.1 illustrates a data processing system in accordance
`with the teachings of the present invention. Shown is a
`computer 10, which comprises three major components. The
`first of these is an input/output (I/O)circuit 12 which is used
`to communicate information in appropriately structured
`form to and from other portions of the computer 10. In
`addition, computer 10 includes a central processing (CPU)
`13 coupled to the YO circuit 12 and a memory 14. These
`elements are those typically found in most general purpose
`computers and.
`in fact. computer 10 is intended to be
`representative of a broad category of data processing
`devices. Also, the computer 10 may be coupled to a network.
`in accordance with the teachings herein. The computer 10
`may further include encrypting and decrypting circuitry
`incorporating the present
`invention, or as will be
`appreciated, the present invention may be implemented in
`software executed by computer 10. A raster display monitor
`16 is shown coupled to the VO circuit 12 and issued to
`display images generated by CPU 13 in accordance with the
`present invention. Any well known variety of cathode ray
`tube (CRI) or other type of display may be utilized as
`display 16.
`The present invention’s software passport identifies a
`portion of software, or some machine code (hereinafter
`“code”), in a manner similar to how a physical passport
`identifies a person. The concept is similar to the real-life
`passport system which forms the basis of a trust model
`among different nations. Physical passports enable border
`entry officers to identify each individual and make certain
`decisions based on his/her passport. As will be described
`below, a software passport is a modern release process for
`distributing software products. A software passport gives a
`software product an identity and a brand name. The software
`passport provides the basis of a trust model and allows
`computer users to identify and determine the genuineness of
`a software product based on the information contained in its
`passport.
`Referring now to FIG. 2, the present invention is illus-
`trated in conceptual form for the case where the computer
`code (comprising a piece of software) and the software
`passport are in separate files. FIG. 3 illustrates the use of the
`present invention where the computer code comprising a
`piece of software and the software passport are in the same
`file.
`As illustrated in FIGS. 2 and 3. the information included
`in the present invention’s software passport may include:
`productinformation, such as the software product’s name
`and any other relevant
`information to the specific
`product;
`company information including the name of the company
`or the software application writer who has produced the
`product;
`a validity date which includes the issue date of the
`software passport and the expiration date of the pass-
`port;
`a restricted rights legend including copyright notices and
`other similar legends;
`the software code body including executable application
`code distributed to the user;
`an application writer’s license; and,
`a software application writer’s digital signature.
`It will be appreciated that the components of a software
`passport are generally self-explanatory. with the application
`writer’s license and digital signature explained in more
`detail below.
`
`Page 9
`
`Page 9
`
`
`
`5,724,425
`
`7
`SOFTWARE PRODUCER’S DIGITAL SIGNATURE
`A digital “signature” is produced by using certain cryp-
`tographic techniques of computing a message digest of a
`piece of software code (hereinafter “code”), and encrypting
`the message digest using the signer’s private key. There are
`many known message digest algorithms. such as the MD2,
`MD4, and MDSalgorithms published by RSA.Inc. The use
`of private cryptographic techniques makes this signature
`very difficult to forge since the signer keeps the private key
`secret. The reader is referred to the papers by Whitfield
`Diffie, “The First Ten Years of Public Key Cryptography”.
`Vol. 76. No. 5 (IEEE Proceedings, May 1988), which is
`attached hereto as Appendix A; and Whitfield Diffie, et al.
`“Authentication and Authenticated Key Exchanges” (1992
`Kluwer Academic Publishers) attached hereto as Appendix
`B. for a detailed description of the operation of Diffie-
`Helman certificates and public key cryptography.
`One may conceptualize the computing of the message
`digest for a piece of code as a mechanism of taking a photo
`snapshot of the software. When the code changes, its mes-
`sage digest reflects any differences. In the system of the
`present invention, this “digital signature” is stamped on the
`product prior to its release. The digital signature associates
`a product with the entity that has produced it, and enables
`consumersto evaluate the quality of a product based on the
`reputation of the producer. The signature also permits a
`consumerto distinguish the genuineness of a product.
`SOFTWARE PRODUCER’S LICENSE
`The present invention’s software producer's license (at
`time referred to herein as the “application writer’s license”)
`is an identification similar to the home repair contractor’s
`license issued by a state. A software producer’s license
`identifies and certifies that the producer is authorized to
`perform certain software production activities. It is contem-
`plated that the software producer’s license will be issued by
`some commonly-trusted. authority established by the com-
`puter software industry. Before issuing an license to a
`software producer, this authority performs a defined process
`to authenticate the person or company, and to verify their job
`skill; as a state does before issuing a contractor’s license. For
`convenience, in this Specification, this commonly-trusted
`entity is referred to as the Software Publishing Authority
`(“SPA”).
`A software producer’s license contains the following
`information:
`the producer’s name;
`the license’s issue date;
`the license’s expiration date;
`the producer’s public key;
`the name of the issuing authority, SPA; and
`the SPA’s digital signature.
`A software producer’s license associates an application
`writer with a name and a public key. It enables a software
`producer to produce multiple products, and to sign every
`product produced. The public key embedded in a license
`belongs to the person who ownsthe license. This public key
`can later be used by any third party to verify the producer’s
`digital signature. A user who has purchased a product can
`determine the genuineness of a product by using the public
`key embedded in the producer's identification to authenti-
`cate the digital signature.
`The SPA’s digital signature is generated by computing the
`message digest of the producer’s identification and encrypt-
`ing the messagedigest using the SPA’s private key. Since the
`SPA’sprivate key is kept private to the SPA.third parties are
`not able to easily forge the SPA’s signature to produce a fake
`identification.
`
`8
`In accordance with the teachings of the present invention,
`a software application writer (“SW”) supplies three major
`pieces of information to a compiler prior to compilation of
`the code:
`the source code written by the application writer;
`the application writer’s private key; and
`the application writer’s license.
`The code included in a passport may comprise source
`code in various computer languages. assembly code,
`machine binary code, or data. The code may be stored in
`various formats. For example. a piece of source code may be
`stored in a clear text form in the passport. Aportionof binary
`executable machine code may also be stored in a compacted
`format in the passport, using certain well known compaction
`algorithms such as Huffman encoding. The format used in a
`particular implementation is indicated by a flag in the
`passport.
`Binary executable code may further be stored in a
`printable-character set format to allow the passport to be
`printed. A user would them reverse the printable-format to
`recover the software. Moreover, code protected by intellec-
`tual property. such as copyright or patent. may be stored in
`an encrypted format in the passport. In such case, it is
`contemplated that a user may be required to pay a license fee
`prior to gaining access to the software.
`Referring now to FIG.4,to generate the software passport
`of the present invention, the original source code 20, the
`application writer’s private key 22, and the application
`writer’s license 24 is provided to a compiler 26.