aac
`
`US
`
`0057244254
`
`United States Patent
`Changet al.
`
`ts
`
`(11) Patent Number:
`
`[45] Date of Patent:
`
`5,724,425
`Mar. 3, 1998
`
`[54] METHOD AND APPARATUS FOR
`ENHANCING SOFTWARE SECURITY AND
`DISTRIBUTING SOFTWARE
`
`[75]
`
`Inventors: Sheve-Ling Chang, Cupertino; James
`Gosling. Woodside, both of Calif.
`
`[73] Assignee: Sun Microsystems, Inc.
`
`[21] Appl. No.: 258,244
`
`(22] Filed:
`
`Jun. 10, 1994
`
`[S51]
`
`Int. Cho occccecccceeceene HO4L 9/00; HO4L 9/30;
`HO4L 9/32
`
`[52] U.S. Ch.
`
`ceeescsssssssssscsssecersvecorseee 380/25; 380/4; 380/23;
`380/30; 380/49; 380/50
`[58] Field of Search ......ccccccccssssssssssscsses 380/4, 23, 25,
`380/30. 49, 50
`
`[56]
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`4,558,176 12/1985 Amold et ab.
`.....cerecesscresrsereseens 3830/4
`
`4,634,807
`1/1987 Chorley et al.
`.
`ave SBOE
`
`4,670,857
`6/1987 Rackman ........
`wee 38/4
`8/1994 Mr ceeresseserserssacerseercansaeseeareceree 380/4
`5,343,527
`
`OTHER PUBLICATIONS
`
`Davida et al., “Defending Systems Against Viruses through
`Cryptographic Authentication”, IEEE Symposium, 1989,
`pp. 312-318.
`RSAData Security. Inc., “RSA Certificate Services”, Jul. 15,
`1993, pp. 1-41.
`
`Primary Examiner—Bernarr E. Gregory
`Attorney, Agent, or Firm—McCutchen, Doyle, Brown &
`Enersen LLP; Ronald S. Laurie, Esq.; Joseph Yang
`
`[57]
`
`ABSTRACT
`
`Source code to be protected, a software application writer’s
`private key. along with an application writer’s license pro-
`vided to the first computer. The application writer’s license
`includes identifying information such as the application
`writer’s name as well as the application writer’s public key.
`A compiler program executed bythe first computer compiles
`the source code into binary code. and computes a message
`digest for the binary code. The first computer then encrypts
`the message digest using the application writer’s private key.
`such that the encrypted message digest is defined as a digital
`“signature” of the application writer. A software passport is
`then generated which includes the application writer’s digi-
`tal signature. the application writer’s license and the binary
`code. The software passport is then distributed to a user
`using any number of software distribution models known in
`the industry. A user, upon receipt of the software passport,
`loads the passport
`into a computer which determines
`whether the software passport includes the application writ-
`er’s license and digital signature.
`In the event that the
`software passport does not include the application writer's
`license, or the application writer’s digital signature, then the
`user’s computer system discards the software passport and
`does not execute the binary code. As an additional security
`step, the user’s computer computes a second message digest
`for the software passport and comparesit to the first message
`digest, such thatif the first and second message digests are
`not equal, the software passport is also rejected by the user’s
`computer and the code is not executed.If the first and second
`message digests are equal, the user’s computer extracts the
`application writer’s public key from the application writer’s
`license for verification. The application writer’s digital sig-
`nature is decrypted using the application writer’s public key.
`The user’s computer then compares a message digest of the
`binary code to be executed, with the decrypted application
`writer’s digital signature, such that if they are equal, the
`user’s computer executes the binary code.
`
`OoOoOonooOoooo0o0
`OOOooOoooOooooo0
`OOOD000bo0ooo
`
`72 Claims, 5 Drawing Sheets
`
`Nintendo - Ancora Exh. 1042
`
`Nintendo - Ancora Exh. 1042
`
`

`

`DOOnoOooooooo
`OOOOOoOo00oo000
`
`U.S. Patent
`
`FIG.
`
`7
`
`Mar. 3, 1998
`
`Sheet 1 of 5
`
`5,724,425
`
`QOOOOO000o0o000
`
`APPLICATION
`WRITER
`
`
`
`APP WRITER'S LICENSE 24
`
`
`APP. WRITER'S
`
`
`
`SOURCE CODE
`PRIVATE KEY 22
`
`20
`
`APP WRITER'S NAME 30
`
`
`
`
`APP WRITER'S PUBLIC KEY 32
`
`VALIDITY DATE 34
`
`
`
`COMPILER
`26
`
`FIG. 4
`
`| ANY DISTRIBUTION CHANNEL
`
`PLATFORM
`
`Nintendo - Ancora Exh. 1042
`
`Nintendo - Ancora Exh. 1042
`
`

`

`U.S. Patent
`
`Mar. 3, 1998
`
`Sheet 2 of 5
`
`5,724,425
`
`FIG. 2
`
`PRODUCT INFO...
`COMPANY INFO...
`VALIDITY DATE...
`RESTRICTED RIGHTS LEGEND....
`
`APP WRITER'S NAME
`APP WRITER’S PUBLIC KEY-6pf
`
`
`
`(DENTIFICATION AUTHORITY: THE PLATFORM BUILDER
`PLATFORM BUILDER'S SIGNATURE:fff
`APP WRITER'S SIGNATURE-FAFE
`
`CODE BODY
`
`PRODUCT INFO....
`COMPANYINFO...
`VALIDITY DATE...
`RESTRICTED RIGHTS LEGEND...
`
`APP WRITER'S NAME
`APP WRITER'S PUBLIC KEV:A¢##
`
`CODE BODY
`
`IDENTIFICATION AUTHORITY: THE PLATFORM BUILDER
`PLATFORM BUILDER'S: SIGNATURE$$$4
`
`APP WRITER'S. SIGNATURE:EEF
`
`FIG. 3
`
`Nintendo - Ancora Exh. 1042
`
`Nintendo - Ancora Exh. 1042
`
`

`

`U.S. Patent
`
`Mar.3, 1998
`
`Sheet 3 of 5
`
`5,724,425
`
`FIG. 5
`
`
`
`PLATFORM
`BUILDER
`
`
`
`APPLICATION
`WRITER 60
`
`APP. WRITER’.
`PRIVAe KEY
`
`SOURCE CODE
`
`APP WRITER'S NAME
`
`APP WRITER'S LICENSE 52
`
`
`
`
`APP WRITER'S PUBLIC KEY 62
`
`PLATFORM BUILDER'S SIGNATURE
`
`
`
`
`
` COMPILER
`68
`
`VALIDITY DATE
`
`i
`
`PLATFORM BUILDER'S
`
`PLATFORM
`
`Nintendo - Ancora Exh. 1042
`
`Nintendo - Ancora Exh. 1042
`
`

`

`USS. Patent
`
`Mar. 3, 1998
`
`Sheet 4 of 5
`
`5,724,425
`
`FIG. 6(a)
`
`REJECT SOFTWARE
`
`HARDWARE PLATFORM
`
`WITH PUBLIC KEY IN REGISTER
`
`ATTEMPT TO LOAD
`SOFTWARE
`
`?
`
`
`SOFTWARE
` No
`
`HAS PASSPORT
`
`
`
`
`YES
`
`
`
`
`
`PASSPORT
`REJECT SOFTWARE
`HAS LICENSE
`
`
`PASSPORT
`?
`
`
`EXTRACT LICENSE FROM
`SOFTWARE PASSPORT
`
`LICENSE HAS
`ISSUERS SIGNATURE,
`?
`
`
`
`
`DECRYPT ISSUER'S SIGNATURE
`
`USING PUBLIC KEY IN REGISTER
`
`RECOMPUTE MESSAGE
`DIGEST OF LICENSE
`
`
`
`
`
`
`SW LICENSE NOT GENUINE
`
`ARE MESSAGE
`DIGESTS EQ
`2
`
`YES
`
`Nintendo - Ancora Exh. 1042
`
`Nintendo - Ancora Exh. 1042
`
`

`

`U.S. Patent
`
`Mar. 3, 1998
`
`Sheet 5 of 5
`
`5,724,425
`
` EXTRACT SW’S PUBLIC
`
`KEY FROM APPLICATION WRITER'S
`LICENSE
`
`EXTRACT CODE BODY
`FROM THE PASSPORT
`
`EXTRACT SW’S
`SIGNATURE
`
`RECOMPUTE MESSAGE
`DIGEST OF THE CODE
`BODY
`
`MD = MESSAGE DIGEST
`SW = SOFTWARE
`(APPLICATION)
`
`WRITER
`SWS DECRYPTED SIG
`
`DECRYPT SW'S
`SIGNATURE USING
`SW'S PUBLIC KEY
`
`COMPARE RECOMPUTED
`MESSAGE DIGEST WITH
`
`NO
`
`REJECT SOFTWARE
`PASSPORT
`
`YES
`
`EXECUTE CODE
`
`Nintendo - Ancora Exh. 1042
`
`Nintendo - Ancora Exh. 1042
`
`

`

`5,724,425
`
`1
`METHOD AND APPARATUS FOR
`ENHANCING SOFTWARE SECURITY AND
`DISTRIBUTING SOFTWARE
`
`BACKGROUND OF THE INVENTION
`
`1. Field of the Invention
`The present invention relates to the use of public key
`encryption, and more particularly,
`the present
`invention
`relates to the use of public key encryption to achieve
`enhanced security and product authentication in the distri-
`bution of software.
`
`2
`Moreover, security breaches are more easily accomplished
`when a corporate network is connected to a public network,
`such as the Internet. Companies take a variety of measures
`to guard against breaches of network security, either through
`frontal assaults or infections, without cutting themselves off
`from the benefits of being connected to a world-wide
`network.
`The solution adopted by most companiesthat wish to reap
`the benefits of connecting to the Internet, while maintaining
`security, is the installation of a firewall. Firewalls generally
`restrict Internetfile transfers and telnet connections. Such
`transfers and connections can only be initiated from within
`the corporate network, such that externally initiated file
`2. Art Background
`transfers and telnet connections are refused by the firewall.
`Public key encryption is based on encryption algorithms
`Firewalls allow electronic mail and network newsto freely
`flow inside the firewall’s private network. The use of cor-
`that have two keys. One key used for encryption, and the
`porate firewalls allows employees to readily exchange infor-
`other key is used for decryption. There is a known algorithm
`mation within the corporate environment. without having to
`that computes the second key given the first. However.
`adopt extreme security measures. A good firewall imple-
`without full knowledge of all the parameters, one cannot
`mentation can defend against most of the typical frontal
`compute the first key given the second key. Thefirst key is
`assaults on system security.
`referred to as the “private key”. and the second key is
`One methodof preventing viruses and worms from infect-
`referred to as the “public key”. In practice, either the private
`ing a corporate network is to never execute a program that
`key or the public key may be used to encrypt a message, with
`may contain viruses.
`In general, programs legitimately
`the opposite key used to decrypt it. In general. the private
`deployed throughout the corporate network should be con-
`key must be kept private, but the public key may be provided
`sidered virus free. All binary executables, all unreviewed
`to anyone. A variety of public key cryptographic schemes
`shell scripts, and all source code fetched from outside the
`have been developed for the protection of messages and data
`firewall are software that may contain a worm or virus.
`(See, Whitfield Diffie. “The First Ten Years of Public Key
`However, outside binary executables, shell scripts, and
`Cryptography” (IEEE Proceedings. Vol. 76, No. 5, 1988)
`source code may enter a corporate firewall
`through an
`and Fahn, “Answers to Frequently Asked Questions about
`E-mail attachment. For example. the shell scripts that are
`Today’s Cryptography (RSA Laboratories 1992).
`used to make and send multiple files using E-mail and the
`Public key cryptography is used to send secure messages
`surveytools that start up by activating the E-mail attachment
`across public communication links on which an intruder
`may allow virus entry. Executables can also be directly
`may eavesdrop, and solves the problem of sending the
`fetched through the iftp program, through a world-wide web
`encryption password to the other side securely.
`browser such as Mosaic, or from an outside contractor
`whose network has already been compromised.
`Public key systems may also be used to encrypt messages,
`and also to effectively sign messages, allowing the received
`In addition, the commercial software release and distri-
`party to authenticate the sender of the message. Onecanalso
`bution process presents security and authentication prob-
`use public key cryptography to seal or render tamper-proof
`lems. For example, someof the information associated with
`a piece of data. In such event, the sender computes a
`software, such as the originating company or author.
`message digest from the data using specially designed
`restricted rights legends, and the like are not attached to the
`cryptographically strong digests designed for this purpose.
`code itself. Instead, such information is provided as printed
`The sender then uses the private key to encrypt the message
`matter, and is separated from the code once the packageis
`digest. wherein this encrypted message digest is called a
`opened and the code installed. Even applications that
`digital “signature”. The sender then packages the data, the
`attempt to identify themselves on start-up are susceptible to
`message digest and the public key together. The receiver
`havingthe identification forged or otherwise counterfeited.
`may check for tampering by computing the message digest
`Auser has no mechanism to authenticate that the software
`again, then decrypting the received message digest with the
`sold is actually from the manufacturer shown on thelabel.
`public key.If the recomputed and decrypted message digests
`Unauthorized copying and the sale of software is a signifi-
`are identical, there was no tampering of the data.
`cant problem. and users who believe that they are buying
`software with a manufacturer’s warranty instead purchase
`“Viruses” and “worms” are computer code cleverly
`pirated software, with neither a warranty nor software sup-
`inserted into legitimate programs which are subsequently
`port. The problem of authenticating the original source of
`executed on computers. Each time the program is executed
`the software is accentuated when software is intended to be
`the virus or worm can cause damage to the system by
`distributed through networks, and a user’s source for the
`destroying valuable information, and/or further infect and
`software may be far removed from the original writer of the
`spread to other machines on the network. While there are
`subtle differences between a virus and a worm,acritical
`software. In addition, a user does not have that ability to
`verify that the software purchased contains only the original
`componentfor both is that they typically require help from
`manufacturer’s code. A user also does not have a method for
`an unsuspecting computer user to successfully infect a
`detecting any tampering, such as the existence of a virus,
`computer or a corporate network.
`that may cause undesirable effects.
`Infection of computers by viruses and worms is a general
`All of the above problems are related to the transport of
`problem in the computer industry today. In addition, corpo-
`software both from manufacturers to users and from user to
`rate networks are vulnerable to frontal assaults, where an
`user. Furthermore, the transport problem is independent of
`intruder breaks into the network and steals or destroys
`the transport medium. The problem applies to all transport
`information. Security breaches of any kind on large corpo-
`media, including floppy disk, magnetic tape, CD-ROM and
`rate networks are a particularly worrisome problem, because
`networks.
`of the potential for large-scale damage and economicloss.
`
`la
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`Nintendo - Ancora Exh. 1042
`
`Nintendo - Ancora Exh. 1042
`
`

`

`5,724,425
`
`3
`As will be described. the present invention provides a
`method and apparatus for authenticating that software dis-
`tributed by a manufacturer is a legitimate copy of an
`authorized software release, and that the software contains
`only the original manufacturers code without tampering.
`The present invention solves the above identified problems
`through the use of a “software passport” which includes the
`digital signature of the application writer and manufacturer.
`Aswill be described, the present invention may also be used
`to protect intellectual property, in the form of copyrighted
`computer code, by utilizing cryptographic techniques
`referred to herein as public key encryption.
`SUMMARY OF THE INVENTION
`
`10
`
`15
`
`20
`
`25
`
`35
`
`45
`
`30
`
`55
`
`65
`
`4
`execute only authorized software. A platform builder pro-
`vides an application writer with a platform builder’s digital
`signature which is included in the application writer’s
`license. Thefirst computer compiles the software into binary
`code and computes a first message digest for the binary
`code. The first computer further encrypts the first message
`digest using the application writer’s private key. such that
`the encrypted first message digest is defined as the applica-
`tion writer’s digital signature. A software passport is gen-
`erated which includes the application writer’s digital
`signature, the application writer’s license and the binary
`code. The software passport is then distributed to a user
`through existing software distribution channels. The user’s
`computing platform. which may be a computer. a video
`This invention provides a method and apparatusutilizing
`game box or a set top box, is provided with the platform
`public key encryption techniques for enhancing software
`builder’s public key. Upon receipt of the software passport,
`security and for distributing software. The present invention
`the computing platform determines if the software passport
`includes a first computer which is provided with source code
`includes an application writer’s license. If it does not. the
`to be protected using the teachings of the present invention.
`hardware platform rejects the execution of the code. If a
`In addition, a software application writer’s private key,
`software passport is present, the hardware platform extracts
`along with an application writer’s license provided to the
`the application writer’s license from the passport and deter-
`first computer. An application writer generally means a
`mines whether or not the passport includes the platform
`software company such as Microsoft Corporation. Adobe or
`builder’s signature. The platform builder’s signature is then
`Apple Computer.
`Inc. The application writer’s license
`decrypted using the public key provided in the platform. The
`includes identifying information such as the application
`computing platform recomputes the message digest of the
`writer’s name as well as the application writer’s public key.
`application writer’s license, and compares the received
`Acompiler program executed by the first computer compiles
`message digest with the recomputed message digest, such
`the source code into binary code, and computes a message
`that if the digests are not equal. the software passport is not
`digest for the binary code. The first computer then encrypts
`considered genuine andis rejected. If the message digests
`30
`the message digest using the application writer’sprivate key,
`are equal, the hardware platform extracts the application
`such that the encrypted message digest is defined as a digital
`writer’s public key from the application writer’s license, and
`“signature”of the application writer. A software passport is
`extracts the application writer’s digital signature. The hard-
`then generated which includes the application writer’s digi-
`ware platform then recomputes the message digest of the
`tal signature, the application writer’s license and the binary
`binary code comprising the application software to be
`code. The software passport is then distributed to a user
`executed, and decrypts the application writer’s digital sig-
`using any numberof software distribution models knownin
`nature using the application writer’s public key. The hard-
`the industry.
`ware platform then compares the recomputed message
`digest for the binary code with the application writer’s
`A user, upon receipt of the software passport, loads the
`passport into a computer which determines whether the
`decrypted signature, such that if they are equal, the binary
`software passport includes the application writer’s license
`code is executed by the hardware platform. If the recom-
`puted message digest and the application writer’s decrypted
`and digital signature. In the event that the software passport
`signature are not equal, the software passport is rejected and
`does not include the application writer’s license. or the
`the code is not executed.
`application writer’s digital signature. then the user’s com-
`puter system discards the software passport and does not
`execute the binary code. As an additional security step, the
`user’s computer computes a second message digest for the
`software passport and comparesit to the first message digest,
`such that if the first and second message digests are not
`equal, the software passport is also rejected by the user’s
`computer and the code is not executed.If the first and second
`message digests are equal, the user’s computer extracts the
`application writer’s public key from the application writer’s
`license for verification. The application writer’s digital sig-
`nature is decrypted using the application writer’s public key.
`The user’s computer then compares a message digest of the
`binary code to be executed, with the decrypted application
`writer’s digital signature, such that if they are equal. the
`user’s computer executes the binary code. Accordingly.
`software products distributed with the present invention's
`software passport permits the user’s computer to authenti-
`cate the software as created by an authorized application
`writer who has been issued a valid application writer’s
`license. Any unauthorized changesto the binary code com-
`prising the distributed software is evident through the com-
`parison ofthe calculated and encrypted message digests.
`The present invention is also described with reference to
`an embodiment used by computing platforms designed to
`
`FIG.1 illustrates a data processing system incorporating
`the teachings of the present invention.
`FIG. 2 conceptually illustrates use of the present inven-
`tion’s software passport where the application code and the
`software passport are provided in separate files.
`FIG. 3 conceptually illustrates use of the present inven-
`tion’s use of the software passport where the application
`code and the software passport are distributed in the same
`file.
`FIG. 4 diagrammatically illustrates the present inven-
`tion’s process for generating a software passport.
`FIG. 5 diagrammatically illustrates the use of the present
`invention for platform producer licensing.
`FIGS. 6a and 6b are flowcharts illustrating the steps
`executed by the present invention for verifying that a valid
`software license exists, and that
`the software writer’s
`(“SW’s”) signature is valid, prior to permitting the execution
`of a computer program.
`NOTATION AND NOMENCLATURE
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`The detailed descriptions which follow are presented
`largely in terms of symbolic representations of operations of
`
`Nintendo - Ancora Exh. 1042
`
`Nintendo - Ancora Exh. 1042
`
`

`

`5,724,425
`
`5
`data processing devices. These process descriptions and
`representations are the means used by those skilled in the
`data processing arts to mosteffectively convey the substance
`of their work to others skilled in the art.
`
`An algorithm is here, and generally, conceived to be a
`self-consistent sequence of steps leading to a desired result.
`These steps are those requiring physical manipulations of
`physical quantities. Usually, though not necessarily, these
`quantities may take the form of electrical or magnetic
`signals capable of being stored.
`transferred, combined.
`compared, displayed and otherwise manipulated. It proves
`convenient at
`times, principally for reasons of common
`usage, to refer to these signals as bits, values, messages,
`names, elements, symbols, operations, messages,
`terms,
`numbers, or the like. It should be borne in mind, however,
`that all of these similar terms are to be associated with the
`appropriate physical quantities and are merely convenient
`labels applied to these quantities.
`In the present invention, the operations referred to are
`machine operations. Useful machines for performing the
`operations of the present invention include general purpose
`digital computers or other similar devices. In all cases, the
`reader is advised to keep in mindthe distinction between the
`method operations of operating a computer and the method
`of computation itself. The present
`invention relates to
`method steps for operating a computer, coupled to a series
`of networks, and processing electrical or other physical
`signals to generate other desired physical signals.
`The present invention also relates to apparatus for per-
`forming these operations. This apparatus may be specially
`constructed for the required purposes or it may comprise a
`general purpose computer selectively activated or reconfig-
`ured by a computer program stored in the computer. The
`method/process steps presented herein are not inherently
`related to any particular computer or other apparatus. Vari-
`ous general purpose machines may be used with programs in
`accordance with the teachings herein, or it may prove more
`convenient to construct specialized apparatus to perform the
`required method steps. The required structure for a variety of
`these machines will be apparent from the description given
`below.
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`
`In the following description, numerousspecific details are
`set forth such as system configurations, representative data,
`computer code organization, encryption methods, and
`devices, etc., to provide a thorough understanding of the
`present invention. However,it will be apparent to one skilled
`in theart that the present invention may be practiced without
`these specific details. In other instances. well knowncircuits
`and structures are not described in detail in order to not
`obscure the present invention. Moreover, certain terms such
`as “knows”, “verifies”, “compares”, “examines”, “utilizes”.
`“finds”, “determines”, “challenges”, “authenticates”, etc.,
`are used in this Specification and are considered to be terms
`of art. The use of these terms, which to a casual reader may
`be considered personifications of computer or electronic
`systems, refers to the functions of the system as having
`human-like attributes, for simplicity. For example, a refer-
`ence herein to an electronic system as “determining” some-
`thing is simply a shorthand method of describing that the
`electronic system has been programmed or otherwise modi-
`fied in accordance with the teachings herein. The reader is
`cautioned not to confuse the functions described with every-
`day human attributes. These functions are machine functions
`in every sense.
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`45
`
`50
`
`55
`
`65
`
`6
`Exemplary Hardware
`FIG.1 illustrates a data processing system in accordance
`with the teachings of the present invention. Shown is a
`computer 10, which comprises three major components. The
`first of these is an input/output (I/O)circuit 12 which is used
`to communicate information in appropriately structured
`form to and from other portions of the computer 10. In
`addition, computer 10 includes a central processing (CPU)
`13 coupled to the I/O circuit 12 and a memory 14. These
`elements are those typically found in most general purpose
`computers and,
`in fact, computer 10 is intended to be
`representative of a broad category of data processing
`devices. Also, the computer 10 may be coupled to a network,
`in accordance with the teachings herein. The computer 10
`may further include encrypting and decrypting circuitry
`incorporating the present
`invention. or as will be
`appreciated, the present invention may be implemented in
`software executed by computer 10. A raster display monitor
`16 is shown coupled to the VO circuit 12 and issued to
`display images generated by CPU 13 in accordance with the
`present invention. Any well known variety of cathode ray
`tube (CRT) or other type of display may be utilized as
`display 16.
`invention’s software passport identifies a
`The present
`portion of software, or some machine code (hereinafter
`“code”), in a manner similar to how a physical passport
`identifies a person. The concept is similar to the real-life
`passport system which forms the basis of a trust model
`among different nations. Physical passports enable border
`entry officers to identify each individual and make certain
`decisions based on his/her passport. As will be described
`below, a software passport is a modern release process for
`distributing software products. A software passport gives a
`software product an identity and a brand name. The software
`passport provides the basis of a trust model and allows
`computer users to identify and determine the genuinenessof
`a software product based on the information containedin its
`passport.
`Referring now to FIG. 2, the present invention is illus-
`trated in conceptual form for the case where the computer
`code (comprising a piece of software) and the software
`passport are in separate files. FIG. 3 illustrates the use of the
`present invention where the computer code comprising a
`piece of software and the software passport are in the same
`file.
`Asillustrated in FIGS. 2 and 3, the information included
`in the present invention’s software passport may include:
`product information, such as the software product's name
`and any other relevant information to the specific
`product;
`company information including the name of the company
`or the software application writer who has produced the
`product;
`a validity date which includes the issue date of the
`software passport and the expiration date of the pass-
`port;
`a restricted rights legend including copyright notices and
`other similar legends;
`the software code body including executable application
`code distributed to the user;
`an application writer’s license; and,
`a software application writer’s digital signature.
`It will be appreciated that the components of a software
`passport are generally self-explanatory. with the application
`writer’s license and digital signature explained in more
`detail below.
`
`Nintendo - Ancora Exh. 1042
`
`Nintendo - Ancora Exh. 1042
`
`

`

`5,724,425
`
`7
`SOFTWARE PRODUCER’S DIGITAL SIGNATURE
`A digital “signature” is produced by using certain cryp-
`tographic techniques of computing a message digest of a
`piece of software code (hereinafter “code”), and encrypting
`the message digest using the signer’s private key. There are
`many known message digest algorithms, such as the MD2,
`MD4,and MD5algorithms published by RSA.Inc. The use
`of private cryptographic techniques makes this signature
`very difficult to forge since the signer keeps the private key
`secret. The reader is referred to the papers by Whitfield
`Diffie. “The First Ten Years of Public Key Cryptography”,
`Vol. 76. No. 5 (IEEE Proceedings, May 1988), which is
`attached hereto as Appendix A; and Whitfield Diffie, et al..
`“Authentication and Authenticated Key Exchanges” (1992
`Kluwer Academic Publishers) attached hereto as Appendix
`B. for a detailed description of the operation of Diffie-
`Helman certificates and public key cryptography.
`One may conceptualize the computing of the message
`digest for a piece of code as a mechanism of taking a photo
`snapshot of the software. When the code changes, its mes-
`sage digest reflects any differences. In the system of the
`present invention,this “digital signature” is stamped on the
`product prior to its release. The digital signature associates
`a product with the entity that has produced it. and enables
`consumers to evaluate the quality of a product based on the
`reputation of the producer. The signature also permits a
`consumer to distinguish the genuineness of a product.
`SOFTWARE PRODUCER’S LICENSE
`The present invention’s software producer's license (at
`time referred to herein as the “application writer’s license”)
`is an identification similar to the home repair contractor’s
`license issued by a state. A software producer’s license
`identifies and certifies that the producer is authorized to
`perform certain software production activities. It is contem-
`plated that the software producer’s license will be issued by
`some commonly-trusted authority established by the com-
`puter software industry. Before issuing an license to a
`software producer, this authority performs a defined process
`to authenticate the person or company, andto verify their job
`skill; as a state does before issuing a contractor’s license. For
`convenience, in this Specification, this commonly-trusted
`entity is referred to as the Software Publishing Authority
`(“SPA”).
`A software producer’s license contains the following
`information:
`the producer’s name;
`the license’s issue date;
`the license’s expiration date;
`the producer’s public key;
`the name of the issuing authority, SPA; and
`the SPA’s digital signature.
`A software producer’s license associates an application
`writer with a name and a public key. It enables a software
`producer to produce multiple products. and to sign every
`product produced. The public key embedded in a license
`belongsto the person who ownsthelicense. This public key
`can later be used by any third party to verify the producer's
`digital signature. A user who has purchased a product can
`determine the genuineness of a product by using the public
`key embedded in the producer's identification to authenti-
`cate the digital signature.
`The SPA’s digital signature is generated by computing the
`message digest of the producer’s identification and encrypt-
`ing the message digest using the SPA’sprivate key. Since the
`SPA’s private key is kept private to the SPA.third parties are
`not able to easily forge the SPA’s signature to produce a fake
`identification.
`
`8
`In accordance with the teachings of the present invention,
`a software application writer (“SW”) supplies three major
`pieces of information to a compiler prior to compilation of
`the code:
`the source code written by the application writer;
`the application writer’s private key; and
`the application writer’s license.
`The code included in a passport may comprise source
`code in various computer languages, assembly code,
`machine binary code, or data. The code may be stored in
`various formats. For example, a piece of source code may be
`stored in a clear text form in the passport. A portion of binary
`executable machine code mayalso be stored in a compacted
`formatin the passport, using certain well known compaction
`algorithms such as Huffman encoding. The format used in a
`particular implementation is indicated by a flag in the
`passport.
`Binary executable code may further be stored in a
`printable-character set format to allow the passport to be
`printed. A user would then reverse the printable-format to
`recover the software. Moreover, code protected by intellec-
`tual property, such as copyright or patent. may be stored in
`an encrypted format in the passport. In such case, it is
`contemplated that a use