WO2006101765A2 - Procede de prevention d'une installation non autorisee d'un logiciel - Google Patents

Procede de prevention d'une installation non autorisee d'un logiciel Download PDF

Info

Publication number
WO2006101765A2
WO2006101765A2 PCT/US2006/008517 US2006008517W WO2006101765A2 WO 2006101765 A2 WO2006101765 A2 WO 2006101765A2 US 2006008517 W US2006008517 W US 2006008517W WO 2006101765 A2 WO2006101765 A2 WO 2006101765A2
Authority
WO
WIPO (PCT)
Prior art keywords
installation
software product
certificate
server
preventing unauthorized
Prior art date
Application number
PCT/US2006/008517
Other languages
English (en)
Other versions
WO2006101765A3 (fr
Inventor
Jeremy N. Snyder
Zachary E. Fransen
Original Assignee
Snyder Jeremy N
Fransen Zachary E
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Snyder Jeremy N, Fransen Zachary E filed Critical Snyder Jeremy N
Publication of WO2006101765A2 publication Critical patent/WO2006101765A2/fr
Publication of WO2006101765A3 publication Critical patent/WO2006101765A3/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/106Enforcing content protection by specific content processing
    • G06F21/1066Hiding content

Definitions

  • the present invention relates to the prevention of fraudulent use of computer software products and, more particularly, to a method for preventing unauthorized installation of a software product.
  • a variety of methods have been devised to attempt to thwart software piracy.
  • One such method involves embedding one or more license keys within a software product, and requiring the entry of a matching or recognized key to proceed with installation of use of the software product.
  • an approach is vulnerable to sharing or dissemination of a known valid key.
  • such a key may be discovered by simple trial and error, or by reverse engineering of the software product. Reverse engineering, or "hacking" of the software product may lead to a functional version of the software product that has such a feature disabled entirely.
  • An enhancement to a simple license key approach involves tracking the use of each valid license key. If it can be recognized that a license key has already been used, the software product may be disabled from further use or additional installations. However, for software that is distributed on a read-only medium, license key usage must be tracked externally. Thus, some approaches require electronic online registration of a software product for use or installation. While such a system may be effective in identifying attempted multiple uses of a single license key, and therefore thwart some piracy attempts, electronic online registration may not be effective against efforts to disable the protection entirely through reverse engineering or hacking of the software product.
  • an online authorization or license server is used to validate a licensing key to activate a software product, it may be possible to bypass the server and transfer a forged or "hacked" authorization code to the software product, thereby circumventing the license server.
  • This disclosure is directed to a method for preventing unauthorized installation of a software product.
  • a master certificate is created that defines a plurality of licensed installations of a software product.
  • the master certificate is then stored on an installation server.
  • Distribution copies of the software product corresponding to the licensed installations are created.
  • Each of the distribution copies comprises a computer readable medium with a copy of the software product and at least one hidden authentication file stored thereon.
  • a user executable computer installation shell program is stored on each of the distribution copies.
  • the installation shell program includes a unique installation certificate and a means for establishing an Internet connection with the installation server.
  • the shell program also includes a means for sending the installation certificate to the installation server for validation, a means for allowing the installation server remote file access to the hidden authentication file, and a means for receiving a message from the installation server indicating the validity of the installation certificate and the hidden authentication file.
  • the shell program further includes a means for installing the software product onto the user computer and a means for permitting installation of the software product only if the message from the installation server indicates proper validity of the installation certificate and the hidden authentication file.
  • the current disclosure is also directed to a method that is implemented on an installation server computer for preventing the unauthorized installation of a distribution copy of a software product on a user computer.
  • the method includes accepting for storage and processing, a master certificate that defines a plurality of licensed installations of a software product. Communication is established with the user computer. The user computer installation certificate is received and verified using the master certificate to establish the authenticity of the installation certificate. Remote file access is established to read at least one hidden authentication file on the user computer in order to verify the file integrity of the distribution copy. A message is sent indicating the validity of the installation certificate and the hidden authentication file.
  • the validity indication directs termination of installation of the software product on the user computer if a combination of the installation certificate and the hidden authentication file cannot be properly authenticated. Alternatively, the validity indication authorizes the completion of the installation of the software product on the user computer if the combination of the installation certificate and the hidden authentication file can be properly authenticated.
  • Fig. 1 is a schematic block diagram of a computer system implementing a method for preventing unauthorized installation of a software product according to the present invention.
  • Fig. 2 is a flowchart of a process for generating master and installation certificates in a method for preventing unauthorized installation of a software product according to the present invention.
  • Fig. 3 is a block diagram illustrating software and data components stored on a delivery medium according to a method for preventing unauthorized installation of a software product according to the present invention.
  • Fig. 4 is a block diagram of a computer system.
  • Fig. 5 is a flow chart of a method for preventing unauthorized installation of a software product according to the present invention.
  • the method for preventing unauthorized installation of a software product provides protection against piracy for software products distributed on a computer-readable medium such as a CD-ROM, DVD, and the like.
  • a software developer generates certificates that will restrict and govern the installation of a software product, including a master certificate and a plurality of installation certificates, there being a unique installation certificate generated for each distribution copy of the software product generated.
  • the software product For each distribution copy of a software product to be created, the software product is stored along with a unique installation certificate onto a computer readable medium such as a CD-ROM, DVD, and the like, the installation certificate being encapsulated within an installation shell program.
  • the master certificate is stored on an installation server.
  • the installation shell program communicates with the installation server to validate the installation certificate against the master certificate.
  • the installation server further communicates with the user computer installation shell program on the user computer to verify the integrity and validity of the distribution copy itself, by reading hidden authentication files stored on the distribution copy that are only readable by the installation server.
  • the software product is only installed if the installation server can determine that 1) the installation certificate is valid; 2) the distribution copy is not an unauthorized copy; and 3) a maximum number of authorized installations have not been exceeded for the installation certificate.
  • the method for preventing unauthorized installation of a software product is directed to preventing piracy of a software product 102 where distribution copies 300 of the software product 102 are distributed to users on a computer readable medium such as a CD-ROM, DVD, and the like, from which the software product will be installed to a user computer 400.
  • a software developer 108 generates certificates that will restrict and govern the installation of a software product 102, including a master certificate 106 that is stored by an installation validation server 110, and installation certificates 104, there being a unique installation certificate 104 generated for each distribution copy 300 of the software generated.
  • the software product 102 is stored along with a unique installation certificate 104 onto a computer readable medium such as a CD-ROM, DVD, and the like.
  • the installation certificate 104 on the distribution copy 300 is validated against the master certificate 106 by communication between the user computer 400 and the installation server 110.
  • the installation server 110 further communicates with the user computer 400 to verify the integrity and validity of the distribution copy 300.
  • a process for generation of the certificates is described. Note that various steps may be performed in sequences other than described and illustrated. Initially, a master certificate 106 is generated (step 202). Next, a plurality of installation certificates 104 are generated (step 204). Note that each of the installation certificates 104 is generated in relation to the master certificate 106 such that the master certificate 106 may be used for validation of each of the installation certificates 104. A unique installation certificate 104 is generated for each distribution copy 300 that will be created. The generation of the installation certificates 104 is further described with reference to steps 206-216 of Fig. 2, along with Fig. 3.
  • a unique binary code is generated (step 208) and encrypted (step 210) in reference to the master certificate 106, the encrypted binary code becoming the installation certificate 104.
  • the certificate 104 may also include a server identifier 303, so that an appropriate installation server 110 may be identified during installation.
  • the installation certificate 104 is then encapsulated within an installation shell program 302 (step 212).
  • the installation shell program 302 is a rudimentary installation program that will establish communication with an installation server 110 for validation of the installation certificate 104 and subsequent installation functions.
  • the computer program shell 302, encapsulating the installation certificate 104, is stored along with a copy of the software product 102 onto a computer readable medium such as a CD-ROM, DVD, and the like to create a distribution copy 300 (step 214).
  • the software product 102 may be stored in one or more pieces, or program segment files 304.
  • the software product 102 is stored along with at least one hidden authentication file 306.
  • Plural hidden authentication files 306 may be interleaved with the program segment files 304, or otherwise organized in a physical or logical file or data storage structure.
  • the hidden authentication files 306 are stored in a format such that they are not readable by, or are hidden from, the operating system of the user computer 400.
  • the popular and widely used Microsoft Windows operating system cannot read certain UNIX file formats or filenames.
  • a UNIX filename employing prefix and suffix name structures (".helix.example.unx", for example) is not duplicated if the file is copied into a Windows environment.
  • the hidden authentication files 306 are UNIX files that are identifiable and readable only by a UNIX processor. Therefore, if the user computer 400 is a Windows processor, the authentication files 306 are hidden from the user computer 400.
  • the master certificate 106 is stored on an installation server 110. Prior to storage, the master certificate 106 may be modified to reflect the installation certificates 104 generated, such as by setting a number of active and valid installation certificates 104 or the like.
  • the software product 102 will be installed from a distribution copy 300 onto a user computer 400, such as a personal computer or the like generally as illustrated in Fig. 4.
  • a user computer 400 such as a personal computer or the like generally as illustrated in Fig. 4.
  • Such a computer system generally comprises a microprocessor 410 connected by a bus 411 to an area of main memory 402, comprising both read only memory (ROM) 406, and random access memory (RAM) 404.
  • ROM 406 contains a ROM BIOS (Basic Input Output System) 408 that contains, in addition to low-level device drivers and other computer code for interacting with the computer hardware and peripherals, an identification code for the user computer 400 such as a unique serial number.
  • BIOS Basic Input Output System
  • the microprocessor 410 is in communication, via bus 411, with a storage device 412 such as a disk storage device having means for reading a coded set of program instructions on a computer readable medium which may be loaded into the main memory 402 and executed by the microprocessor 410. Additionally, a media reader 414 is provided for reading computer program code or data from a removable storage medium 416, such as a removable disk drive, CD-ROM drive, DVD drive, or the like.
  • the computer system typically includes means for providing a user interface, such as a keyboard 420 and a display device 422. Additional input/output devices 418 are often included in a general purpose or personal computer system.
  • a software product installation process is described according to the method for preventing unauthorized installation of a software product.
  • a distribution copy 300 of the software product 102 is inserted into the user computer's media reader 414.
  • the installation shell program 302 is loaded by the user computer 400, and begins execution.
  • the installation shell program 302 begins by locating or establishing a communication connection, via the Internet, to an installation server 110 (step 502). If no Internet connection is found, an attempt to establish Internet connectivity may be attempted, such as prompting the user to connect a modem to a telephone line, dial for dial-up Internet service, etc. If attempts to establish Internet connectivity, and communication with an installation server 110, fail, the installation shell program 302 terminates to prevent installation of the software product 102 (step 522).
  • the installation shell program 302 sends the installation certificate 104 to the installation server 110 for validation (step 504).
  • the installation shell program 302 may send, along with the installation certificate 104, an identifier for the user computer 400 such as the BIOS serial number or another unique "thumbprint" identifying the user computer 400.
  • the installation server 110 attempts to verify the installation certificate 104 (step 508).
  • the installation certificate 104 is verified using the master certificate 106 to establish the authenticity of the installation certificate 104.
  • the installation server 110 may refer to other information contained within the master certificate 106 or to historic information recorded during previous installations to determine if an installation is authorized for the installation certificate 104.
  • the installation certificate 104 may have been created to authorize only a single, or a fixed predefined number of installations. An attempt to exceed the predefined number of authorized installations is rejected.
  • the installation server 106 establishes remote file access through the installation shell program 302 whereby the installation server 110 may read the hidden authentication files 306 from the distribution copy 300 (steps 510, 512). The installation server 110 may then read the hidden authentication files 306 to verify the file integrity of the distribution copy 300 (step 514). Recalling that the hidden authentication files 306 are UNIX files (for installation onto a Windows computer), it can be recognized that an installation server 110 using the UNIX operating system will be able to detect attempted copying of the distribution copy 300 since such copying on a Windows machine would corrupt the UNIX files. Thus, unauthorized copies of the distribution copy 300 may be detected.
  • the installation server 110 sends an encrypted authorization code to the user computer 400 (step 514). Alternatively, if any of the checks have failed and an installation is not authorized, a message is sent accordingly to the user computer 400.
  • the installation server may then update the master certificate 106, or a database associated with the master certificate 106, to record the installation, such as by associating the user computer's identifier with the installation certificate 104 and incrementing a count of installations (step 520). Note that, if all authorized installations for all installation certificates 104 associated with a master certificate 106 have been depleted, the installation server 110 may refuse to accept any installation certificate 104 requesting authorization or may shut down entirely.
  • the installation shell program 302 continues and performs an installation of the software product 102 (step 518), or terminates to prevent installation of the software product 102 (step 522), accordingly.
  • separate installation servers 110 may be employed to separately handle software installation for each instance.
  • a master certificate 106 for corporate licenses of a software product 102 may be implemented on one installation server 110, while a separate master certificate 106 for public or individual licenses may be deployed on a separate installation server 110.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé de prévention d'une installation non autorisée d'un logiciel (102) afin de protéger les utilisateurs contre le piratage de logiciels (102) distribués sur un moyen lisible par ordinateur tel qu'un CD-ROM (300). Pour chaque copie (300) de distribution d'un logiciel (102), le logiciel (102) est stocké avec un certificat (104) d'installation unique sur un moyen lisible par ordinateur tel qu'un CD-ROM, ledit certificat (104) d'installation étant encapsulé dans un programme générique de développement d'installation. Le programme générique de développement d'installation communique avec le serveur (110) d'installation pour valider le certificat (104) d'installation par rapport au certificat (106) de référence. Le serveur (110) d'installation lit les informations d'authentification cachées stockées sur la copie (300) de distribution pour vérifier l'intégrité et la validité de la copie (300). Le logiciel (102) est installé seulement si le serveur (110) d'installation peut déterminer 1) que le certificat (104) d'installation est valide; 2) que la copie (300) de distribution n'est pas une copie non autorisée; et 3) qu'un nombre maximal d'installations autorisées n'a pas été dépassé pour le certificat (104) d'installation.
PCT/US2006/008517 2005-03-16 2006-03-09 Procede de prevention d'une installation non autorisee d'un logiciel WO2006101765A2 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US66207905P 2005-03-16 2005-03-16
US60/662,079 2005-03-16

Publications (2)

Publication Number Publication Date
WO2006101765A2 true WO2006101765A2 (fr) 2006-09-28
WO2006101765A3 WO2006101765A3 (fr) 2007-03-15

Family

ID=37024315

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/008517 WO2006101765A2 (fr) 2005-03-16 2006-03-09 Procede de prevention d'une installation non autorisee d'un logiciel

Country Status (1)

Country Link
WO (1) WO2006101765A2 (fr)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120216294A1 (en) * 2009-02-26 2012-08-23 International Business Machines Corporation Software Protection Using an Installation Product Having an Entitlement File
US8667604B2 (en) 2007-09-13 2014-03-04 Microsoft Corporation Protection of software on portable medium
US9245097B2 (en) 2013-09-19 2016-01-26 Infosys Limited Systems and methods for locking an application to device without storing device information on server
CN115357870A (zh) * 2022-10-20 2022-11-18 杭州比智科技有限公司 一种基于软件完成的授权管控的方法及系统

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020088855A1 (en) * 2001-01-05 2002-07-11 Hodes Mark B. Point of sale activation for software and metered accounts
US20040039913A1 (en) * 2002-04-16 2004-02-26 Sky Kruse Method and system for watermarking digital content and for introducing failure points into digital content

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020088855A1 (en) * 2001-01-05 2002-07-11 Hodes Mark B. Point of sale activation for software and metered accounts
US20040039913A1 (en) * 2002-04-16 2004-02-26 Sky Kruse Method and system for watermarking digital content and for introducing failure points into digital content

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8667604B2 (en) 2007-09-13 2014-03-04 Microsoft Corporation Protection of software on portable medium
CN101802835B (zh) * 2007-09-13 2017-03-08 微软技术许可有限责任公司 便携介质上的软件的保护
US20120216294A1 (en) * 2009-02-26 2012-08-23 International Business Machines Corporation Software Protection Using an Installation Product Having an Entitlement File
US9898587B2 (en) * 2009-02-26 2018-02-20 International Business Machines Corporation Software protection using an installation product having an entitlement file
US9946848B2 (en) 2009-02-26 2018-04-17 International Business Machines Corporation Software protection using an installation product having an entitlement file
US10068064B2 (en) 2009-02-26 2018-09-04 International Business Machines Corporation Software protection using an installation product having an entitlement file
US9245097B2 (en) 2013-09-19 2016-01-26 Infosys Limited Systems and methods for locking an application to device without storing device information on server
CN115357870A (zh) * 2022-10-20 2022-11-18 杭州比智科技有限公司 一种基于软件完成的授权管控的方法及系统

Also Published As

Publication number Publication date
WO2006101765A3 (fr) 2007-03-15

Similar Documents

Publication Publication Date Title
AU767286B2 (en) Methods and apparatus for protecting information
EP1591865B1 (fr) Méthode et système pour limiter les mises à jour d'un logiciel
EP1443381B1 (fr) Système et procédé d'activation sécurisée d'un logiciel avec licences en volume
JP4278327B2 (ja) コンピュータ・プラットフォームおよびその運用方法
US7747873B2 (en) Method and apparatus for protecting information and privacy
US7742992B2 (en) Delivery of a secure software license for a software product and a toolset for creating the software product
US5490216A (en) System for software registration
US20040117664A1 (en) Apparatus for establishing a connectivity platform for digital rights management
US20030149670A1 (en) Method and system for delivery of secure software license information
US20040117663A1 (en) Method for authentication of digital content used or accessed with secondary devices to reduce unauthorized use or distribution
US20040117628A1 (en) Computer readable storage medium for enhancing license compliance of software/digital content including self-activating/self-authenticating software/digital content
CA2285392A1 (fr) Procede et systeme destines a une installation par le biais d'un reseau d'applications logicielles personnalisees, authentifiables et identifiables de maniere unique
WO2004015515A2 (fr) Systeme et procede d'authentification
KR20080058173A (ko) 보안 소프트웨어를 인스톨하는 방법 및 디바이스
WO2006101765A2 (fr) Procede de prevention d'une installation non autorisee d'un logiciel
EP1886205A1 (fr) Procede de commande d activation de logiciel
JP2004086588A (ja) ソフトウェア不正使用防止システム
US7197144B1 (en) Method and apparatus to authenticate a user's system to prevent unauthorized use of software products distributed to users
JP2004171500A (ja) ソフトウェアプログラムの不正使用防止法

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 06737674

Country of ref document: EP

Kind code of ref document: A2