WO2004057448A1 - Procede d'authentification d'un code de programme - Google Patents

Procede d'authentification d'un code de programme Download PDF

Info

Publication number
WO2004057448A1
WO2004057448A1 PCT/IT2002/000805 IT0200805W WO2004057448A1 WO 2004057448 A1 WO2004057448 A1 WO 2004057448A1 IT 0200805 W IT0200805 W IT 0200805W WO 2004057448 A1 WO2004057448 A1 WO 2004057448A1
Authority
WO
WIPO (PCT)
Prior art keywords
identification number
product
machine
program code
code
Prior art date
Application number
PCT/IT2002/000805
Other languages
English (en)
Inventor
Marco Laurita
Original Assignee
Allegroassai S.P.A.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Allegroassai S.P.A. filed Critical Allegroassai S.P.A.
Priority to PCT/IT2002/000805 priority Critical patent/WO2004057448A1/fr
Priority to AU2002361121A priority patent/AU2002361121A1/en
Priority to IT002299A priority patent/ITMI20032299A1/it
Publication of WO2004057448A1 publication Critical patent/WO2004057448A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Definitions

  • the present invention relates to a method for validating a locally stored program code according to the preamble of claim 1.
  • One of the methods for controlling non authorised digital data distribution is to ensure that the computer support is unique, that is, that no other support identical to the original support exists, and to also ensure that the digital data contained in said original support can be processed exclusively by the authentic purchaser of the original computer support, in that, for example, it is able to cancel any temporary copy made using the system after the original support has been used.
  • one of the most common and simplest methods is to conceive a computer support validation system using a static password, that is, to provide a situation in which the client or host computer requests a pre-determined password from the end user or purchaser, this password being supplied for _ example by the producer and/or the distributor of the product, and designed to enable and therefore to validate the product in question.
  • Figure 1 shows the diagram of a common data exchange between an application 1 able to supply digital content, such as for example, music, videotapes, books, computer software and/or other types of data that can be downloaded for example through the internet upon a valid request.
  • digital content such as for example, music, videotapes, books, computer software and/or other types of data that can be downloaded for example through the internet upon a valid request.
  • This application 1 communicates with a removable mass storage support 2.
  • the diagram in this figure illustrates the characteristic showing how application 1 can communicate with the removable mass storage support 2 by means of an operating system 3 designed to manage and pilot the communication with the IDE type storage device 5, (Integrated Device Electronics) by means of an IDE type driver device 4 (also called device driver) .
  • the mass storage support 2 can be a floppy disk.
  • a validation communication intervenes, wherein a serial number 6, or password of the mass storage support 2 is communicated to the application 1 itself.
  • the data transmitted can be ciphered according to password 6 or according to a variation of the password itself.
  • This technique has certain advantages such as simplicity and low cost, but it is strongly limiting in that password validation transactions are potentially vulnerable to the point of compromising the valid recognition of the storage support and/or the contents of said storage support .
  • attack emulator is a software program and/or firmware component, usually in the form of a device driver, designed to replicate one or more of the hardware devices.
  • an attack emulator 7 simulates within its complex (shown with dotted lines) the operation of IDE device driver 4, of the IDE type hard drive controller 8, and the IDE driver 5.
  • the attack emulator is successful because it manages to deceive application 1, making it believe that the computer support with the correct serial number is present in the disk driver 5 even if no driver is physically connected to the computer.
  • the operating system 3 believes it is communicating with the IDE driver device 4, it sends all the Input/Output controls requested to the emulated driver 7, or attack emulator, as if it were the current IDE driver 4. There is no way that application 1 can verify the validity of password 6, and therefore the attack is completed successfully.
  • attack emulator 7 emulates the password reading process from an emulated removable mass storage support 2, but in reality, it reads password 6 from a storage cell, or from a file or another storage position.
  • the attack emulator 7 sends the password to application 1 to complete the password call operation, so that application 1 itself believes that it has received the original password following an exchange of valid information.
  • the shim attack is a variant of the emulator attack.
  • the shim attack 8 is interposed between the operating system 3 and the IDE driver 4.
  • the shim attack 8 operates to alter a key element of the information, this being the current password 6a in the illustrated example, but that is not the original from computer support 2 , thus sending all the Input/Output requests from application 1 directly to device driver 4.
  • the shim attack 8 acts as an intermediary in a normal communication exchange, in which shim attack 8 has the sole aim of converting the current password 6a (not valid) to a valid password 6b, to provide correct communication with application 1.
  • the aim of the present invention is to provide a method to eliminate or at least drastically reduce the existing disadvantages and inadequacies in well-known systems.
  • Another aim of the present invention is to supply a method to control the authenticity and validity of software stored on a mass storage support. According to the present invention, this aim is achieved through a method for validating a program code stored in a mass storage support device according to independent claim 1.
  • figure 1 shows a block diagram illustrating data exchange between a mass storage support and application through the use of a password validated according to known techniques
  • figures 2 and 3 show further block diagrams where the mass storage support contents can be considered valid by the application in the case where the original password has been emulated according to known techniques
  • figure 4 shows a computer with a mass storage device on which the present invention can be implemented
  • figure 5 shows a block diagram illustrating validation process according to the present invention.
  • Figure 4 shows a schematic diagram of a computer system in which the present invention can be applied, said computer system having a mass storage device 9, such as a disk drive for example, for storing and recovering digital data from a host device 10.
  • the host device 10 can be one of the numerous types of computer normally present on the market, for example a personal computer, notebook, etc.
  • the host device 10 communicates with the mass storage device 9 through a data bus 11, thanks to the transmission of digital data reading or writing commands for or from mass storage support 2.
  • the data bus 11 can be one of the various buses available in current technology such as for example parallel bus, USB, fire wire, SCSI etc.
  • the host device 10 can communicate with applications 1 designed and managed by third parties whether they are stored in local or remote mode . This communication takes place through a communication network 12 connected to a server computer 13 also called application server, or connected to the memory of the host device 10.
  • a server computer 13 also called application server
  • Server 13 can be connected to additional storage elements such as for example a database 14.
  • additional storage elements such as for example a database 14.
  • the invention can be applied to a computer network in which the remote application 1 requests the validation of a component of the system associated with the host device 10, such as for example software stored in stack 15.
  • the mass storage device 9 is for example, a removable storage device, comprising a controller 16 that acts as an interface with the host device 10 and controls the total operativeness of the mass storage device 9.
  • controller 16 is a controller based on a microprocessor.
  • the mass storage device 9 also comprises a reading channel 17 for conditioning signals read from the computer support 2; an actuation controller 18 for supplying servo-controls and the trace position on which the computer support 2 data is stored; a motor control 19 to control the computer support 2 rotation speed through a motor shaft 20 and a computer support 2 data reading apparatus .
  • the reading apparatus comprises read/write means 21, these means 21 being positioned on a slide (not illustrated in said figure 4) .
  • an arm 22 and an actuator 23 are also envisaged for said means 21, cooperating to move the slide, i.e. the read/write means 21, on the computer support 2 surface.
  • the read/write means 21 are electrically coupled to the reading channel 17 through the electric conductor 24.
  • computer support 2 can form one of the know computer supports that technology has made available, such as magnetic, optical or magnetic-optical supports .
  • the flow diagram envisages an initial block 25, which, at the moment in which the user or purchaser needs to interact with the computer server 13 of the software producer or the software distributor, envisages entering a unique identification code called "Product ID" through some well known means such as a keyboard for example.
  • This unique identification code is composed of a plurality of alphanumerical characters, the number of figures being varied mainly according to the protection level required.
  • such identification code can be composed of ten alphanumerical characters .
  • the program code stored in the stack 15 recovers, block 26, at least one identification code called "Machine ID" from a hardware element constituting host device 10, through an operating system function call command.
  • This identification code represents the serial number of a hardware component assigned by every hardware producer. Therefore, through this operating system call, the program code stored in stack 15 acquires a serial number of at least one of the hardware components comprising host device 10. With reference to the operating system Microsoft Windows for example, there is a command called "GetVolumelnformation () " , through which it is possible to obtain a unique volume identification of the host device 10 hard disk partition, as return information.
  • program code procures as identifier, the serial number of either the hard disk or a mother board, or the processor.
  • the program code combines, step 27, the Machine ID extracted from the host device 10 with the pre-deter ined Product ID to generate a third alphanumerical code composed of a plurality of characters called "Activation Code" .
  • the program code concatenates the Product ID and Machine ID together to combine the two said identification codes to create a new unique and non- replicable identification code.
  • the invetive method envisages, for example that the combination of the Product ID and Machine ID occurs through parallel concatenation called PCCC, or Parallel Concatenated Convolutional Codes.
  • PCCC Parallel Concatenation
  • interleaver this combination makes it possible to change the binary data order at the interleaver entry point, according to a pre- established rule.
  • the method according to this invention also envisages combining the two identification codes, i.e. Product ID and Machine ID, using serial concatenation SCCC, or Serial Concatenated
  • control stage 28 is envisaged, block 28, to control the authenticity and/or validity of the Activation Code.
  • the program code grants the user access to particular previously inhibited functions, such as for example, saving changes, printing, etc.
  • the program code inhibits the use of certain and/or all the program code functions, block 29.
  • control block 27 is activated through the communication network 12 that can be the Internet network, for example.
  • the user is requested to enter the Product ID only, while the producer carries out the control operation, comparing the Activation Code with the Product ID present in the database 14.
  • Control operation ensures that the third identification code, or Activation Code, is actually the combination of the first and second identification codes, being respectively the Product
  • control operation comprises a database 14 control check to verify whether the Activation Code actually contains the Product ID.
  • the control operation consists of a database 14 control to verify during the decoding of said SCC whether the Activation Code actually contains the Product ID.
  • the software producer or distributor can therefore protect the products by inhibiting the use of certain or all program code functions in the case where customers do not possess a valid Activation Code.
  • the Activation code will no longer correspond with the Machine ID of the new host device 10 and thus all or some of the functions of the program code will not be accessible.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé de validation d'un code de programme mémorisé dans une mémoire de grande capacité (2), comprenant un premier (produit ID) et un deuxième (machine ID) numéro d'identification, le premier numéro d'identification (produit ID) pouvant être introduit par un utilisateur, le deuxième numéro d'identification (machine ID) étant préalablement mémorisé dans une cellule de mémoire (15), procédé caractérisé en ce qu'il comprend les étapes suivantes entrer ledit premier numéro d'identification (produit ID) chaque fois que ledit code de programme doit être validé ; obtenir ledit deuxième numéro d'identification (machine ID) à partir de ladite cellule de mémoire ; combiner ledit premier numéro d'identification (produit ID) et ledit deuxième numéro d'identification (machine ID) de manière à former un troisième numéro d'identification (code d'activation) ; contrôler ledit troisième code d'identification afin de valider ledit code de programme.
PCT/IT2002/000805 2002-12-19 2002-12-19 Procede d'authentification d'un code de programme WO2004057448A1 (fr)

Priority Applications (3)

Application Number Priority Date Filing Date Title
PCT/IT2002/000805 WO2004057448A1 (fr) 2002-12-19 2002-12-19 Procede d'authentification d'un code de programme
AU2002361121A AU2002361121A1 (en) 2002-12-19 2002-12-19 Method for program code authentication
IT002299A ITMI20032299A1 (it) 2002-12-19 2003-11-25 Metodo per autenticare un codice programma immaganizzato localmente

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IT2002/000805 WO2004057448A1 (fr) 2002-12-19 2002-12-19 Procede d'authentification d'un code de programme

Publications (1)

Publication Number Publication Date
WO2004057448A1 true WO2004057448A1 (fr) 2004-07-08

Family

ID=32676765

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IT2002/000805 WO2004057448A1 (fr) 2002-12-19 2002-12-19 Procede d'authentification d'un code de programme

Country Status (3)

Country Link
AU (1) AU2002361121A1 (fr)
IT (1) ITMI20032299A1 (fr)
WO (1) WO2004057448A1 (fr)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999026123A1 (fr) * 1997-11-18 1999-05-27 Christopher Benjamin Wakely Perfectionnements apportes a des systemes de protection de logiciel
WO2002003176A2 (fr) * 2000-06-30 2002-01-10 The Virtual Orchestra Company Limited Utilisation de donnees de licence
US20020152404A1 (en) * 1998-06-04 2002-10-17 Z4 Technologies, Inc. Method for securing software to decrease software piracy

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999026123A1 (fr) * 1997-11-18 1999-05-27 Christopher Benjamin Wakely Perfectionnements apportes a des systemes de protection de logiciel
US20020152404A1 (en) * 1998-06-04 2002-10-17 Z4 Technologies, Inc. Method for securing software to decrease software piracy
WO2002003176A2 (fr) * 2000-06-30 2002-01-10 The Virtual Orchestra Company Limited Utilisation de donnees de licence

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
BENEDETTO S ET AL: "Serial concatenation of interleaved codes: performance analysis, design and iterative decoding", INFORMATION THEORY. 1997. PROCEEDINGS., 1997 IEEE INTERNATIONAL SYMPOSIUM ON ULM, GERMANY 29 JUNE-4 JULY 1997, NEW YORK, NY, USA,IEEE, US, 29 June 1997 (1997-06-29), pages 106, XP010240159, ISBN: 0-7803-3956-8 *

Also Published As

Publication number Publication date
AU2002361121A1 (en) 2004-07-14
ITMI20032299A1 (it) 2004-06-20

Similar Documents

Publication Publication Date Title
US6263431B1 (en) Operating system bootstrap security mechanism
US6446209B2 (en) Storage controller conditioning host access to stored data according to security key stored in host-inaccessible metadata
US7415571B1 (en) Disk drive and method for using a mailbox file associated with a disk storage medium for performing a function characterized by contents of the mailbox file
US7543117B1 (en) Method for installing a mailbox file associated with a disk storage medium
US6069953A (en) Personal computer having a security function, a method of implementing the security function, and methods of installing and detaching a security device to/from a computer
US7844832B2 (en) System and method for data source authentication and protection system using biometrics for openly exchanged computer files
US6681212B1 (en) Internet-based automated system and a method for software copyright protection and sales
CN101689237B (zh) 激活系统体系结构
JP4610557B2 (ja) データ管理方法、そのプログラム及びプログラムの記録媒体
US9311470B2 (en) Method and system for authenticating a user
US20060130154A1 (en) Method and system for protecting and verifying stored data
US20070276991A1 (en) Method and system for controlling access to data of a tape data storage medium
WO2006120365A1 (fr) Transactions securisees a l'aide d'un ordinateur personnel
WO1996025700A1 (fr) Systeme de gestion d'acces personnel
US20060143473A1 (en) Software key implementation using system management firmware
US20080059742A1 (en) Authenticating hardware for manually enabling and disabling read and write protection to parts of a storage disk or disks for users
US20080086645A1 (en) Authentication system and method thereof
WO2007010333A1 (fr) Module de securite hote utilisant une serie de cartes intelligentes
US20030005294A1 (en) System and method for restoring a secured terminal to default status
WO2001033317A1 (fr) Integrite des donnees assuree via un compteur securise
US6173057B1 (en) Method of making secure and controlling access to information from a computer platform having a microcomputer
DE102005014352A1 (de) Verfahren und Steuervorrichtung zur Steuerung eines Zugriffs eines Computers auf Nutzdaten
US20060129828A1 (en) Method which is able to centralize the administration of the user registered information across networks
CN102822835A (zh) 个人便携式安全网络访问系统
WO2004057448A1 (fr) Procede d'authentification d'un code de programme

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP