United States Patent [19]
`Chang et a].
`
`US
`1
`00572445A
`[11] Patent Number:
`[45] Date of Patent:
`
`‘
`5,724,425
`Mar. 3, 1998
`
`[54] METHOD AND APPARATUS FOR
`ENHANCING SOFTWARE SECURITY AND
`DISTRIBUTING SOFTWARE
`
`[75]
`
`Inventors :
`
`Sheue-Ling Chang. Cupertino; James
`Gosling. Woodside. both of Calif.
`
`[73] Assignee:
`
`Sun Microsystems, Inc.
`
`[21]
`[22]
`[51]
`
`Appl. No.: 258,244
`
`Filed:
`
`Jun. 10, 1994
`
`9/30;
`Int. Cl.6 .............................. .. n04]. 9/00; H04L
`
`[52] US. Cl. ................................. .. 380/25; 380/4; 380/23;
`380/30; 380/49; 380/50
`[53] Field of Search .................................. .. 380/4. 23. 25.
`380/30. 49. 50
`
`[56]
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`12/1985 Arnold et alv ............................ ..
`V1987 Chorley et al.
`..
`6/1987 Rackman .... ..
`
`380/4
`
`4,558,176
`4,634,807
`4,670,857
`5,343,527
`
`UT HER PUBLICATIONS
`
`Davida et al.. “Defending Systems Against Viruses through
`Cryptographic Authentication", IEEE Symposium. 1989.
`pp. 312-313.
`RSA Data Security. Inc.. “RSA Certi?cate Services”. Jul. 15.
`1993. pp. 1-41.
`
`Primary Examiner-Bernarr E. Gregory
`Attorney Agent, or Firm--McCutchen. Doyle. Brown &
`Enersen LLP; Ronald S. Lain‘ie. Esq.; Joseph Yang
`
`[57]
`
`ABSTRACT
`
`Source code to be protected. a software application writer’s
`private key. along with an application writer’s license pro
`vided to the ?rst computer. The application writer’s license
`includes identifying information such as the application
`writer’s name as well as the application writer’s public key.
`A compiler program executed by the ?rst computer compiles
`the source code into binary code. and computes a message
`digest for the binary code. The ?rst computer then encrypts
`the message digest using the application writer’s private key.
`such that the encrypted message digest is de?ned as a digital
`“signature" of the application writer. A software passport is
`then generated which includes the application writer’s digi
`tal signature. the application writer’s license and the binary
`code. The software passport is then distributed to a user
`using any number of software distribution models known in
`the industry. A user. upon receipt of the software passport.
`loads the passport into a computer which determines
`whether the software passport includes the application writ
`er’s license and digital signature. In the event that the
`software passport does not include the application writer’s
`license. or the application writer’s digital signature. then the
`user’s computer system discards the software passport and
`does not execute the binary code. As an additional security
`step. the user’s computer computes a second message digest
`for the software passport and compares it to the ?rst message
`digest. such that if the ?rst and second message digests are
`not equal. the software passport is also rejected by the user’s
`computer and the code is not executed. If the ?rst and second
`message digests are equal. the user’s computer extracts the
`application writm"s public key ?'om the application writer’s
`license for veri?cation. The application writer’s digital sig
`nature is decrypted using the applican'on writer’s public key.
`The user’s computer then compares a message digest of the
`binary code to be executed. with the decrypted application
`writer’s digital signature. such that if they are equal. the
`user’s computer executes the binary code.
`72 Claims, 5 Drawing Sheets
`
`15
`\
`UUUUUEIUUUEIUU DUE]
`UEIEIUUUEIDEIDEIU BED
`UUUUUUUEIUUUU [:lElEl
`UUEHZUDD Ell-JD
`
`12
`F
`5
`i
`l
`I
`
`10
`
`i
`//0
`CPU Elf“
`MEMORY f H
`i
`
`Page 1 of 37
`
`GOOGLE EXHIBIT 1014
`
`

`

`US. Patent
`
`Mar. 3, 1998
`
`Sheet 1 of 5
`
`5,724,425
`
`FIG. 7
`
`15
`\
`UEIDDEIEJEIUDUEIU DUE!
`UEIEIUEIEIUEJUEIUEI DUE]
`DUEIUEIEIUDUEIUU EIDEI
`UEJUIIIIEJEIE! EIEH'J
`
`APPUCA 7' ION
`WRITE/P
`
`APP. WR/TER'S
`PRfl/ATE KEY 22
`
`‘ SOURCéEO CODE ’
`
`APP WRITER'S LICENSE 24
`APP WRITERS NAME .30
`APP WR/TER'S PUBLIC KEY .32
`
`VALID/TY DATE 34
`
`COMP/LEI?
`26
`
`FIG. 4
`
`PASSPORT
`
`P 38
`
`[El
`i ANY DISTRIBUTION CMNNEL
`
`(-5? p PM TFORM
`
`Page 2 of 37
`
`

`

`US. Patent
`
`Mar. 3, 1998
`
`Sheet 2 0f 5
`
`5,724,425
`
`FIG. 2
`
`PRODUCT INFO...
`COMPANY INF 0....
`MUD/TY D/UE...
`RESTRICTED RIGHTS LEGEND...
`APP WRITERS‘ NAME
`APP WR/TER'S PUBLIC KEY-#1”
`
`IDENUHCA 270w AUTHOR/7)’: THE PIATFORM BUILDER
`PUHFORM BUILDER'S S/GNA J’l/R??’ff
`APP WR/TER’S SIGNA ruRE-f?'f
`
`CODE BODY
`
`PRODUCT INFO...
`COMPANY INFO...
`VALID/7}’ DADS...
`RESTRICTED R/CHTS LEGEND...
`APP n/PnEP's NAME
`APP WP/IEP'S PUBLIC Kmfff‘f
`
`IDENT/F/CA new AUTHOR/TY: THE PLA zroPM BUILDER
`PEAIEOPM BUILDER'S s/aNAn/PEfm/
`
`APP WR/TER’S s/cNAn/mf/W
`CODE BODY
`
`FIG. 3
`
`Page 3 of 37
`
`

`

`US. Patent
`
`Mar. 3, 1998
`
`Sheet 3 of 5
`
`5,724,425
`
`FIG. 5
`
`PLA TFDRM
`BUILDER
`
`APPL/CA TIDN
`WRITER 60
`
`APP.
`'
`PRlmu?ilaitg)’
`58
`
`SOURCE CODE
`
`APP WR/TER'S LICENSE 52
`APP WR/TER'S NAME
`APP WRUER'S PUBLIC KEY 62
`
`VALID/7')’ DATE
`PLA TEDRM BUILDER '5 S/CNA LURE
`
`COMP/LE R
`68
`
`PASSPORT M50
`
`1
`
`PM TEDRM
`
`PIA TFORM BUILDER ‘S
`
`Page 4 of 37
`
`

`

`US. Patent
`
`Mar. 3, 1998
`
`Sheet 4 of 5
`
`5,724,425
`
`I-MRDWARE PLATFORM
`WITH PUBLIC KEY IN
`REGISTER
`
`ATTEMPT TO LOAD
`SOHWARE
`
`H?’l?gom
`?
`
`PASSPORT
`HAS LICENSE
`?
`YES
`
`EX IRAC T LICENSE FROM
`SOH'WARE PASSPORT
`
`F/G. 6(a)
`
`REJECT SOFTWARE
`
`REJECT SOHWARE
`PASSPORT
`
`OECRYPT ISSUER'S SIGNATURE
`USING PUBLIC KEY IN REGISTER
`
`RECOMPUTE MESSAGE
`DIGEST OF LICENSE
`
`ARE MESS‘IOE
`OICESIS E0
`'2
`YES
`
`SW LICENSE NOT GENUINE
`
`Page 5 of 37
`
`

`

`US. Patent
`
`Mar. 3, 1998
`
`Sheet 5 of 5
`
`5,724,425
`
`EXTRACT sw's PUBLIC
`KEY FROM APPLICATION WR/TER'S
`LICENSE
`
`F/G. 6(b)
`
`EXTRACT CODE BODY
`FROM THE PASSPORT
`
`EXTRACT SW'S
`S/CNA TURE
`
`I
`RECOMPUTE MESSAGE
`0/ 5r 0;
`0 5
`GE 8007315 c D
`
`DECRYPT SW'S
`SIGNATURE USING
`SW'S PUBLIC KEY
`
`1
`COMPARE RECOMPUTED
`MESSACE DIGEST WITH
`SW’S OECRYPTED SIC
`
`YES
`
`EXECUTE CODE
`
`M0 = MESSAGE DIGEST
`SW = SOHWARE
`(APPL/O! no/v)
`WRITER
`
`NO
`
`REJECT SOFTWARE
`PASSPORT
`
`Page 6 of 37
`
`

`

`5.724.425
`
`1
`METHOD AND APPARATUS FOR
`ENHANCING SOFTWARE SECURITY AND
`DISTRIBUTING SOFTWARE
`
`BACKGROUND OF THE INVENTION
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`1. Field of the Invention
`The present invention relates to the use of public key
`encryption. and more particularly. the present invention
`relates to the use of public key encryption to achieve
`enhanced security and product authentication in the distri
`bution of software.
`2. Art Background
`Public key encryption is based on encryption algorithms
`that have two keys. One key used for encryption. and the
`other key is used for decryption. There is a known algorithm
`that computes the second key given the ?rst. However.
`without full knowledge of all the parameters. one cannot
`compute the ?rst key given the second key. The ?rst key is
`referred to as the “private key”. and the second key is
`referred to as the “public key”. In practice. either the private
`key or the public key may be used to encrypt a mes sage. with
`the opposite key used to decrypt it. In general. the private
`key must be kept private. but the public key may be provided
`to anyone. A variety of public key cryptographic schemes
`have been developed for the protection of messages and data
`(See. Whit?eld Di?ie. "The First Ten Years of Public Key
`Cryptography” (IEEE Proceedings. Vol. 76. No. 5. 1988)
`and Fahn. “Answers to Frequently Asked Questions about
`Today’s Cryptography (RSA Laboratories 1992).
`Public key cryptography is used to send secure messages
`across public communication links on which an intruder
`may eavesdrop. and solves the problem of sending the
`encryption password to the other side securely.
`Public key systems may also be used to encrypt messages.
`and also to effectively sign messages. allowing the received
`party to authenticate the sender of the message. One can also
`use public key cryptography to seal or render tamper-proof
`a piece of data. In such event. the sender computes a
`message digest from the data using specially designed
`cryptographically strong digests designed for this purpose.
`The sender then uses the private key to encrypt the message
`digest. wherein this encrypted message digest is called a
`digital “signature”. The sender then packages the data. the
`message digest and the public key together. The receiver
`may check for tampering by computing the message digest
`again. then decrypting the received message digest with the
`public key. If the recomputed and decrypted message digests
`are identical. there was no tampering of the data.
`“Viruses” and “worms” are computer code cleverly
`inserted into legitimate programs which are subsequently
`executed on computers. Each time the program is executed
`the virus or worm can cause damage to the system by
`destroying valuable information. and/or further infect and
`spread to other machines on the network. While there are
`subtle dilferences between a virus and a worm. a critical
`component for both is that they typically require help from
`an unsuspecting computer user to successfully infect a
`computer or a corporate network.
`Infection of computers by viruses and worms is a general
`problem in the computer industry today. In addition. corpo
`rate networks are vulnerable to frontal assaults. where an
`intruder breaks into the network and steals or destroys
`information. Security breaches of any kind on large corpo
`rate networks are a particularly worrisome problem. because
`of the potential for large-scale damage and economic loss.
`
`2
`Moreover. security breaches are more easily accomplished
`when a corporate network is connected to a public network.
`such as the Internet. Companies take a variety of measures
`to guard against breaches of network security. either through
`frontal assaults or infections. without cutting themselves off
`from the bene?ts of being connected to a world-wide
`network.
`The solution adopted by most companies that wish to reap
`the bene?ts of connecting to the Internet. while maintaining
`security. is the installation of a ?rewall. Firewalls generally
`restrict Internet ?le transfers and telnet connections. Such
`transfers and connections can only be initiated from within
`the corporate network. such that externally initiated file
`transfers and telnet connections are refused by the ?rewall.
`Firewalls allow electronic mail and network news to freely
`?ow inside the ?rewall’s private network. The use of cor
`porate ?rewalls allows employees to readily exchange infor
`mation within the corporate environment. without having to
`adopt extreme security measures. A good ?rewall imple
`mentation can defend against most of the typical frontal
`assaults on system security.
`One method of preventing viruses and worms from infect
`ing a corporate network is to never execute a program that
`may contain viruses. In general. programs legitimately
`deployed throughout the corporate network should be con
`sidered virus free. All binary executables. all unreviewed
`shell scripts. and all source code fetched from outside the
`?rewall are software that may contain a worm or virus.
`However. outside binary executables. shell scripts. and
`source code may enter a corporate ?rewall through an
`E-mail attachment. For example. the shell scripts that are
`used to make and send multiple ?les using Email and the
`surveytools that start up by activating the E-mail attachment
`may allow virus entry. Executables can also be directly
`fetched through the iftp program. through a world-wide web
`browser such as Mosaic. or from an outside contractor
`whose network has already been compromised.
`In addition. the commercial software release and distri
`bution process presents security and authentication prob
`lems. For example. some of the information associated with
`software. such as the originating company or author.
`restricted rights legends. and the like are not attached to the
`code itself. Instead. such information is provided as printed
`matter. and is separated from the code once the package is
`opened and the code installed. Even applications that
`attempt to identify themselves on start-up are susceptible to
`having the identi?cation forged or otherwise counterfeited
`A user has no mechanism to authenticate that the software
`sold is actually from the manufacturer shown on the label.
`Unauthorized copying and the sale of software is a signi?
`cant problem. and users who believe that they are buying
`software with a manufacturer‘s warranty instead purchase
`pirated software. with neither a warranty nor software sup~
`port. The problem of authenticating the original source of
`the software is accentuated when software is intended to be
`distributed through networks. and a user‘s source for the
`software may be far removed from the original writer of the
`software. In addition. a user does not have that ability to
`verify that the software purchased contains only the original
`manufacturer’s code. A user also does not have a method for
`detecting any tampering. such as the existence of a virus.
`that may cause undesirable effects.
`All of the above problems are related to the transport of
`software both from manufacturers to users and from user to
`user. Furthermore. the transport problem is independent of
`the transport medium The problem applies to all transport
`media. including ?oppy disk. magnetic tape. CD-ROM and
`networks.
`
`45
`
`50
`
`SS
`
`65
`
`Page 7 of 37
`
`

`

`5.724.425
`
`3
`As will be described. the present invention provides a
`method and apparatus for authenticating that software dis
`tributed by a manufacturer is a legitimate copy of an
`authorized software release. and that the software contains
`only the original manufacturers code without tampering.
`The present invention solves the above identi?ed problems
`through the use of a “software passport” which includes the
`digital signature of the application writer and manufacturer.
`As will be described. the present invention may also be used
`to protect intellectual property. in the form of copyrighted
`computer code. by utilizing cryptographic techniques
`referred to herein as public key encryption.
`SUMMARY OF THE INVENTION
`This invention provides a method and apparatus utilizing
`public key encryption techniques for enhancing software
`security and for distributing software. The present invention
`includes a ?rst computer which is provided with source code
`to be protected using the teachings of the present invention.
`In addition. a software application writer’s private key.
`along with an application writer’s license provided to the
`?rst computer. An application writer generally means a
`software company such as Microsoft Corporation. Adobe or
`Apple Computer. Inc. The application writer’s license
`includes identifying information such as the application
`writer’s name as well as the application writer’s public key.
`A compiler program executed by the ?rst computer compiles
`the source code into binary code. and computes a message
`digest for the binary code. The ?rst computer then encrypts
`the message digest using the application writer’ s private key.
`such that the encrypted message digest is de?ned as a digital
`“signature” of the application writer. A software passport is
`then generated which includes the application writer’s digi
`tal signature. the application writer’s license and the binary
`code. The software passport is then distributed to a user
`using any number of software distribution models known in
`the industry.
`A user. upon receipt of the software passport. loads the
`passport into a computer which determines whether the
`software passport includes the application writer’s license
`and digital signature. In the event that the software passport
`does not include the application writer’s license. or the
`application writer’s digital signature. then the user‘s com
`puter system discards the software passport and does not
`execute the binary code. As an additional security step. the
`user’s computer computes a second message digest for the
`software pas sport and compares it to the ?rst message digest.
`such that if the ?rst and second message digests are not
`equal. the software passport is also rejected by the user’s
`computer and the code is not executed. If the ?rst and second
`message digests are equal. the user’s computer extracts the
`application writer’s public key from the application writer’s
`license for veri?cation. The application writer’s digital sig
`nature is decrypted using the application writer’s public key.
`The user‘s computer then compares a message digest of the
`binary code to be executed. with the decrypted application
`writer’s digital signature. such that if they are equal. the
`user’s computer executes the binary code. Accordingly.
`software products distributed with the present invention's
`software passport permits the user’s computer to authenti
`cate the software as created by an authorized application
`writer who has been issued a valid application writer’s
`license. Any unauthorized changes to the binary code com
`prising the distributed software is evident through the com
`parison of the calculated and encrypted message digests.
`The present invention is also described with reference to
`an embodiment used by computing platforms designed to
`
`20
`
`25
`
`35
`
`45
`
`65
`
`4
`execute only authorized software. A platform builder pro
`vides an application writer with a platform builder’s digital
`signature which is included in the application writer’s
`license. The ?rst computer compiles the software into binary
`code and computes a ?rst message digest for the binary
`code. The ?rst computer further encrypts the ?rst message
`digest using the application writer's private key. such that
`the encrypted ?rst message digest is de?ned as the applica
`tion writer’s digital signature. A software passport is gen
`erated which includes the application writer’s digital
`signature. the application writer’s license and the binary
`code. The software passport is then distributed to a user
`through existing software distribution channels. The user’s
`computing platform. which may be a computer. a video
`game box or a set top box. is provided with the platform
`builder’s public key. Upon receipt of the software passport.
`the computing platform determines if the software passport
`includes an application writer’s license. If it does not. the
`hardware platform rejects the execution of the code. If a
`software passport is present. the hardware platform extracts
`the application writer’s license from the passport and deter
`mines whether or not the passport includes the platform
`builder’s signature. The platform builder’s signature is then
`decrypted using the public key provided in the platform The
`computing platform recomputes the message digest of the
`application writer’s license. and compares the received
`message digest with the recomputed message digest. such
`that if the digests are not equal. the software passport is not
`considered genuine and is rejected. If the message digests
`are equal. the hardware platform extracts the application
`writer’s public key from the application writer’s license. and
`extracts the application writer's digital signature. The hard
`ware platform then recomputes the message digest of the
`binary code comprising the application software to be
`executed. and decrypts the application writer’s digital sig
`nature using the application writer’s public key. The hard
`ware platform then compares the recomputed message
`digest for the binary code with the application writer’s
`decrypted signature. such that if they are equal. the binary
`code is executed by the hardware platform. If the recom
`puted message digest and the application writer’s decrypted
`signature are not equal. the software passport is rejected and
`the code is not executed
`BRIEF DESCRIPTION OF THE DRAWINGS
`FIG. 1 illustrates a data processing system incorporating
`the teachings of the present invention.
`FIG. 2 conceptually illustrates use of the present inven
`tion’s software passport where the application code and the
`software passport are provided in separate ?les.
`FIG. 3 conceptually illustrates use of the present inven
`tion’s use of the software passport where the application
`code and the software passport are distributed in the same
`?le.
`FIG. 4 diagrammatically illustrates the present inven
`tion’s process for generating a software passport.
`FIG. 5 diagrammatically illustrates the use of the present
`invention for platform producer licensing.
`FIGS. 6a and 6b are ?owcharts illustrating the steps
`executed by the present invention for verifying that a valid
`software license exists. and that the software writer’s
`(“SW’s”) signature is valid. prior to permitting the execution
`of a computer program.
`NUI‘ATION AND NOMENCLATURE
`The detailed descriptions which follow are presented
`largely in terms of symbolic representations of operations of
`
`Page 8 of 37
`
`

`

`5 .724.425
`
`5
`data processing devices. These process descriptions and
`representations are the means used by those skilled in the
`data processing arts to most effectively convey the substance
`of their work to others skilled in the art.
`An algorithm is here. and generally. conceived to be a
`self-consistent sequence of steps leading to a desired result.
`These steps are those requiring physical manipulations of
`physical quantities. Usually. though not necessarily. these
`quantities may take the form of electrical or magnetic
`signals capable of being stored. transferred. combined.
`compared. displayed and otherwise manipulated. It proves
`convenient at times. principally for reasons of common
`usage. to refer to these signals as bits. values. messages.
`names. elements. symbols. operations. messages. terms.
`numbers. or the like. It should be borne in mind. however.
`that all of these similar terms are to be associated with the
`appropriate physical quantities and are merely convenient
`labels applied to these quantities.
`In the present invention. the operations referred to are
`machine operations. Useful machines for performing the
`operations of the present invention include general purpose
`digital computers or other similar devices. In all cases. the
`reader is advised to keep in mind the distinction between the
`method operations of operating a computer and the method
`of computation itself. The present invention relates to
`method steps for operating a computer. coupled to a series
`of networks. and processing electrical or other physical
`signals to generate other desired physical signals.
`The present invention also relates to apparatus for per
`forming these operations. This apparatus may be specially
`constructed for the required purposes or it may comprise a
`general purpose computer selectively activated or recon?g
`ured by a computer program stored in the computer. The
`method/process steps presented herein are not inherently
`related to any particular computer or other apparatus. Vari
`ous general purpose machines may be used with programs in
`accordance with the teachings herein. or it may prove more
`convenient to construct specialized apparatus to perform the
`required method steps. The required structure for a variety of
`these machines will be apparent from the description given
`below.
`
`15
`
`20
`
`25
`
`35
`
`45
`
`50
`
`55
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`In the following description. numerous speci?c details are
`set forth such as system con?gurations. representative data.
`computer code organization. encryption methods. and
`devices. etc.. to provide a thorough understanding of the
`present invention. However. it will be apparent to one skilled
`in the art that the present invention may be practiced without
`these speci?c details. In other instances. well known circuits
`and structures are not described in detail in order to not
`obscure the present invention. Moreover. certain terms such
`as “knows”. “veri?es”. “compares”. “examines”. “utilizes".
`“?nds”. “determines”. “challenges”. “authenticates”. etc..
`are used in this Speci?cation and are considered to be terms
`of art. The use of these terms. which to a casual reader may
`be considered personi?cations of computer or electronic
`systems. refers to the functions of the system as having
`human-like attributes. for simplicity. For example. a refer
`ence herein to an electronic system as “determining” some
`thing is simply a shorthand method of describing that the
`electronic system has been programmed or otherwise modi
`?ed in accordance with the teachings herein. The reader is
`cautioned not to confuse the functions described with every
`day human attributes. These functions are machine functions
`in every sense.
`
`6
`Exemplary Hardware
`FIG. 1 illustrates a data processing system in accordance
`with the teachings of the present invention. Shown is a
`computer 10. which comprises three major components. The
`?rst of these is an input/output (IIO) circuit 12 which is used
`to communicate information in appropriately structured
`form to and from other portions of the computer 10. In
`addition. computer 10 includes a central processing (CPU)
`13 coupled to the I/O circuit 12 and a memory 14. These
`elements are those typically found in most general purpose
`computers and. in fact. computer 10 is intended to be
`representative of a broad category of data processing
`devices. Also. the computer 10 may be coupled to a network.
`in accordance with the teachings herein. The computer 10
`may further include encrypting and decrypting circuitry
`incorporating the present invention. or as will be
`appreciated. the present invention may be implemented in
`software executed by computer 10. Araster display monitor
`16 is shown coupled to the I/O circuit 12 and issued to
`display images generated by CPU 13 in accordance with the
`present invention. Any well known variety of cathode ray
`tube (CRT) or other type of display may be utilized as
`display 16.
`The present invention’s software passport identi?es a
`portion of software. or some machine code (hereinafter
`“code”). in a manner similar to how a physical passport
`identi?es a person. The concept is similar to the real-life
`passport system which forms the basis of a trust model
`among different nations. Physical passports enable border
`entry o?icers to identify each individual and make certain
`decisions based on his/her passport. As will be described
`below. a software passport is a modern release process for
`distributing software products. A software passport gives a
`software product an identity and a brand name. The software
`passport provides the basis of a trust model and allows
`computer users to identify and determine the genuineness of
`a software product based on the information contained in its
`passport.
`Referring now to FIG. 2. the present invention is illus
`trated in conceptual form for the case where the computer
`code (comprising a piece of software) and the software
`passport are in separate ?les. FIG. 3 illustrates the use of the
`present invention where the computer code comprising a
`piece of software and the software passport are in the same
`?le.
`As illustrated in FIGS. 2 and 3. the information included
`in the present invention’s software passport may include:
`product information. such as the software product’s name
`and any other relevant information to the speci?c
`product;
`company information including the name of the company
`or the software application writer who has produced the
`product;
`a validity date which includes the issue date of the
`software passport and the expiration date of the pass
`port;
`a restricted rights legend including copyright notices and
`other similar legends;
`the software code body including executable application
`code distributed to the user;
`an application writer’s license; and.
`a software application writer‘s digital signature.
`It will be appreciated that the components of a software
`passport are genm'ally self-explanatory. with the application
`writer’s license and digital signature explained in more
`detail below.
`
`Page 9 of 37
`
`

`

`1O
`
`20
`
`25
`
`30
`
`7
`SOFTWARE PRODUCER’S DIGITAL SIGNATURE
`A digital “signature” is produced by using certain cryp
`tographic techniques of computing a message digest of a
`piece of software code (hereinafter “code”). and encrypting
`the message digest using the signer‘s private key. There are
`many known message digest algorithms. such as the MD2.
`MD4. and MDS algorithms published by RSA. Inc. The use
`of private cryptographic techniques makes this signature
`very difficult to forge since the signer keeps the private key
`secret. The reader is referred to the papers by Whit?eld
`Dif?e. “The First Ten Years of Public Key Cryptography”.
`Vol. 76. No. 5 (IEEE Proceedings. May 1988). which is
`attached hereto as Appendix A; and Whit?eld Di?ie. et al..
`“Authentication and Authenticated Key Exchanges” (1992
`Kluwer Academic Publishers) attached hereto as Appendix
`B. for a detailed description of the operation of Di?ie
`Helman certi?cates and public key cryptography.
`One may conceptualize the computing of the message
`digest for a piece of code as a mechanism of taking a photo
`snapshot of the software. When the code changes. its mes
`sage digest re?ects any differences. In the system of the
`present invention. this “digital signature” is stamped on the
`product prior to its release. The digital signature associates
`a product with the entity that has produced it. and enables
`consumers to evaluate the quality of a product based on the
`reputation of the producer. The signature also permits a
`consumer to distinguish the genuineness of a product.
`SOFTWARE PRODUCER’S LICENSE
`The present invention’s software producer's license (at
`time referred to herein as the “application writer’s license”)
`is an identi?cation similar to the home repair contractor’s
`license issued by a state. A software producer’s license
`identi?es and certi?es that the producer is authorized to
`perform certain software production activities. It is contem
`plated that the software producer’s license will be issued by
`some commonly-trusted authority established by the com
`puter software industry. Before issuing an license to a
`software producer. this authority performs a de?ned process
`to authenticate the person or company. and to verify their job
`skill; as a state does before issuing a contractor's license. For
`convenience. in this Speci?cation. this commonly-trusted
`entity is referred to as the Software Publishing Authority
`(“SP ").
`A software producer’s license contains the following
`information:
`the producer’s name;
`the license‘s issue date;
`the license’s expiration date;
`the producer‘s public key;
`the name of the issuing authority. SPA; and
`the SPA‘s digital signature.
`A software producer’s license associates an application
`writer with a name and a public key. It enables a software
`producer to produce multiple products. and to sign every
`product produced. The public key embedded in a license
`belongs to the person who owns the license. This public key
`can later be used by any third party to verify the producer's
`digital signature. A user who has purchased a product can
`determine the genuineness of a product by using the public
`key embedded in the producer's identi?cation to authenti
`cate the digital signature.
`The SPA’ s digital signature is generated by computing the
`message digest of the producer’s identi?cation and encrypt
`ing the message digest using the SPA’s private key. Since the
`SPA’s private key is kept private to the SPA. third parties are
`not able to easily forge the SPA’s signature to produce afake
`identi?cation.
`
`5 v724,425
`
`8
`In accordance with the teachings of the present invention.
`a software application writer (“SW") supplies three major
`pieces of information to a compiler prior to compilation of
`the code:
`the source code written by the application writer;
`the application writer’s private key; and
`the application writer’s license.
`The code included in a passport may comprise source
`code in various computer languages. assembly code.
`machine binary code. or data. The code may be stored in
`various formats. For example. a piece of source code may be
`stored in a clear text form in the passport. Aportion of binary
`executable machine code may also be stored in a compacted
`format in the passport. using certain well known compaction
`algorithms such as Huffman encoding. The format used in a
`particular implementation is indicated by a ?ag in the
`passport.
`Binary executable code may further be stored in a
`printable-character set format to allow