[go: up one dir, main page]

WO2004057448A1 - Method for program code authentication - Google Patents

Method for program code authentication Download PDF

Info

Publication number
WO2004057448A1
WO2004057448A1 PCT/IT2002/000805 IT0200805W WO2004057448A1 WO 2004057448 A1 WO2004057448 A1 WO 2004057448A1 IT 0200805 W IT0200805 W IT 0200805W WO 2004057448 A1 WO2004057448 A1 WO 2004057448A1
Authority
WO
WIPO (PCT)
Prior art keywords
identification number
product
machine
program code
code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/IT2002/000805
Other languages
French (fr)
Inventor
Marco Laurita
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
ALLEGROASSAI SpA
Original Assignee
ALLEGROASSAI SpA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by ALLEGROASSAI SpA filed Critical ALLEGROASSAI SpA
Priority to AU2002361121A priority Critical patent/AU2002361121A1/en
Priority to PCT/IT2002/000805 priority patent/WO2004057448A1/en
Priority to IT002299A priority patent/ITMI20032299A1/en
Publication of WO2004057448A1 publication Critical patent/WO2004057448A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Definitions

  • the present invention relates to a method for validating a locally stored program code according to the preamble of claim 1.
  • One of the methods for controlling non authorised digital data distribution is to ensure that the computer support is unique, that is, that no other support identical to the original support exists, and to also ensure that the digital data contained in said original support can be processed exclusively by the authentic purchaser of the original computer support, in that, for example, it is able to cancel any temporary copy made using the system after the original support has been used.
  • one of the most common and simplest methods is to conceive a computer support validation system using a static password, that is, to provide a situation in which the client or host computer requests a pre-determined password from the end user or purchaser, this password being supplied for _ example by the producer and/or the distributor of the product, and designed to enable and therefore to validate the product in question.
  • Figure 1 shows the diagram of a common data exchange between an application 1 able to supply digital content, such as for example, music, videotapes, books, computer software and/or other types of data that can be downloaded for example through the internet upon a valid request.
  • digital content such as for example, music, videotapes, books, computer software and/or other types of data that can be downloaded for example through the internet upon a valid request.
  • This application 1 communicates with a removable mass storage support 2.
  • the diagram in this figure illustrates the characteristic showing how application 1 can communicate with the removable mass storage support 2 by means of an operating system 3 designed to manage and pilot the communication with the IDE type storage device 5, (Integrated Device Electronics) by means of an IDE type driver device 4 (also called device driver) .
  • the mass storage support 2 can be a floppy disk.
  • a validation communication intervenes, wherein a serial number 6, or password of the mass storage support 2 is communicated to the application 1 itself.
  • the data transmitted can be ciphered according to password 6 or according to a variation of the password itself.
  • This technique has certain advantages such as simplicity and low cost, but it is strongly limiting in that password validation transactions are potentially vulnerable to the point of compromising the valid recognition of the storage support and/or the contents of said storage support .
  • attack emulator is a software program and/or firmware component, usually in the form of a device driver, designed to replicate one or more of the hardware devices.
  • an attack emulator 7 simulates within its complex (shown with dotted lines) the operation of IDE device driver 4, of the IDE type hard drive controller 8, and the IDE driver 5.
  • the attack emulator is successful because it manages to deceive application 1, making it believe that the computer support with the correct serial number is present in the disk driver 5 even if no driver is physically connected to the computer.
  • the operating system 3 believes it is communicating with the IDE driver device 4, it sends all the Input/Output controls requested to the emulated driver 7, or attack emulator, as if it were the current IDE driver 4. There is no way that application 1 can verify the validity of password 6, and therefore the attack is completed successfully.
  • attack emulator 7 emulates the password reading process from an emulated removable mass storage support 2, but in reality, it reads password 6 from a storage cell, or from a file or another storage position.
  • the attack emulator 7 sends the password to application 1 to complete the password call operation, so that application 1 itself believes that it has received the original password following an exchange of valid information.
  • the shim attack is a variant of the emulator attack.
  • the shim attack 8 is interposed between the operating system 3 and the IDE driver 4.
  • the shim attack 8 operates to alter a key element of the information, this being the current password 6a in the illustrated example, but that is not the original from computer support 2 , thus sending all the Input/Output requests from application 1 directly to device driver 4.
  • the shim attack 8 acts as an intermediary in a normal communication exchange, in which shim attack 8 has the sole aim of converting the current password 6a (not valid) to a valid password 6b, to provide correct communication with application 1.
  • the aim of the present invention is to provide a method to eliminate or at least drastically reduce the existing disadvantages and inadequacies in well-known systems.
  • Another aim of the present invention is to supply a method to control the authenticity and validity of software stored on a mass storage support. According to the present invention, this aim is achieved through a method for validating a program code stored in a mass storage support device according to independent claim 1.
  • figure 1 shows a block diagram illustrating data exchange between a mass storage support and application through the use of a password validated according to known techniques
  • figures 2 and 3 show further block diagrams where the mass storage support contents can be considered valid by the application in the case where the original password has been emulated according to known techniques
  • figure 4 shows a computer with a mass storage device on which the present invention can be implemented
  • figure 5 shows a block diagram illustrating validation process according to the present invention.
  • Figure 4 shows a schematic diagram of a computer system in which the present invention can be applied, said computer system having a mass storage device 9, such as a disk drive for example, for storing and recovering digital data from a host device 10.
  • the host device 10 can be one of the numerous types of computer normally present on the market, for example a personal computer, notebook, etc.
  • the host device 10 communicates with the mass storage device 9 through a data bus 11, thanks to the transmission of digital data reading or writing commands for or from mass storage support 2.
  • the data bus 11 can be one of the various buses available in current technology such as for example parallel bus, USB, fire wire, SCSI etc.
  • the host device 10 can communicate with applications 1 designed and managed by third parties whether they are stored in local or remote mode . This communication takes place through a communication network 12 connected to a server computer 13 also called application server, or connected to the memory of the host device 10.
  • a server computer 13 also called application server
  • Server 13 can be connected to additional storage elements such as for example a database 14.
  • additional storage elements such as for example a database 14.
  • the invention can be applied to a computer network in which the remote application 1 requests the validation of a component of the system associated with the host device 10, such as for example software stored in stack 15.
  • the mass storage device 9 is for example, a removable storage device, comprising a controller 16 that acts as an interface with the host device 10 and controls the total operativeness of the mass storage device 9.
  • controller 16 is a controller based on a microprocessor.
  • the mass storage device 9 also comprises a reading channel 17 for conditioning signals read from the computer support 2; an actuation controller 18 for supplying servo-controls and the trace position on which the computer support 2 data is stored; a motor control 19 to control the computer support 2 rotation speed through a motor shaft 20 and a computer support 2 data reading apparatus .
  • the reading apparatus comprises read/write means 21, these means 21 being positioned on a slide (not illustrated in said figure 4) .
  • an arm 22 and an actuator 23 are also envisaged for said means 21, cooperating to move the slide, i.e. the read/write means 21, on the computer support 2 surface.
  • the read/write means 21 are electrically coupled to the reading channel 17 through the electric conductor 24.
  • computer support 2 can form one of the know computer supports that technology has made available, such as magnetic, optical or magnetic-optical supports .
  • the flow diagram envisages an initial block 25, which, at the moment in which the user or purchaser needs to interact with the computer server 13 of the software producer or the software distributor, envisages entering a unique identification code called "Product ID" through some well known means such as a keyboard for example.
  • This unique identification code is composed of a plurality of alphanumerical characters, the number of figures being varied mainly according to the protection level required.
  • such identification code can be composed of ten alphanumerical characters .
  • the program code stored in the stack 15 recovers, block 26, at least one identification code called "Machine ID" from a hardware element constituting host device 10, through an operating system function call command.
  • This identification code represents the serial number of a hardware component assigned by every hardware producer. Therefore, through this operating system call, the program code stored in stack 15 acquires a serial number of at least one of the hardware components comprising host device 10. With reference to the operating system Microsoft Windows for example, there is a command called "GetVolumelnformation () " , through which it is possible to obtain a unique volume identification of the host device 10 hard disk partition, as return information.
  • program code procures as identifier, the serial number of either the hard disk or a mother board, or the processor.
  • the program code combines, step 27, the Machine ID extracted from the host device 10 with the pre-deter ined Product ID to generate a third alphanumerical code composed of a plurality of characters called "Activation Code" .
  • the program code concatenates the Product ID and Machine ID together to combine the two said identification codes to create a new unique and non- replicable identification code.
  • the invetive method envisages, for example that the combination of the Product ID and Machine ID occurs through parallel concatenation called PCCC, or Parallel Concatenated Convolutional Codes.
  • PCCC Parallel Concatenation
  • interleaver this combination makes it possible to change the binary data order at the interleaver entry point, according to a pre- established rule.
  • the method according to this invention also envisages combining the two identification codes, i.e. Product ID and Machine ID, using serial concatenation SCCC, or Serial Concatenated
  • control stage 28 is envisaged, block 28, to control the authenticity and/or validity of the Activation Code.
  • the program code grants the user access to particular previously inhibited functions, such as for example, saving changes, printing, etc.
  • the program code inhibits the use of certain and/or all the program code functions, block 29.
  • control block 27 is activated through the communication network 12 that can be the Internet network, for example.
  • the user is requested to enter the Product ID only, while the producer carries out the control operation, comparing the Activation Code with the Product ID present in the database 14.
  • Control operation ensures that the third identification code, or Activation Code, is actually the combination of the first and second identification codes, being respectively the Product
  • control operation comprises a database 14 control check to verify whether the Activation Code actually contains the Product ID.
  • the control operation consists of a database 14 control to verify during the decoding of said SCC whether the Activation Code actually contains the Product ID.
  • the software producer or distributor can therefore protect the products by inhibiting the use of certain or all program code functions in the case where customers do not possess a valid Activation Code.
  • the Activation code will no longer correspond with the Machine ID of the new host device 10 and thus all or some of the functions of the program code will not be accessible.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a method for validating a program code stored in a mase storage device (2), comprising a first (Product ID) and a second (Machine ID) identification number, the first identification number (Product ID) being introducible by a user, the second identification number (Machine ID) being previously stored in a storage cell (15), characterised in that it comprises the following steps: entering said firs identification nimber (Product ID) each time said program code must be validated; procuring said second identification number (Machine ID) from said storage cell; combining said first identification number (Machine ID) to form a third identification number (Activation Code) ; controlling said third identification code to validate said program code. (Figure 4).

Description

DESCRIPTION
* * * * *
METHOD FOR PROGRAM CODE AUTHENTICATION
The present invention relates to a method for validating a locally stored program code according to the preamble of claim 1.
Thanks to modern technology, music, videotapes, computer software books, and other similar data can be electronically transmitted through digital data bit strings without the need for physical distribution of the supports containing these data.
Digital distribution is simpler, and above all, more flexible than traditional physical media distribution. However, this system is problematic due to the difficulty in controlling subsequential distribution after initial launching on the market.
In fact, the greatest challenge that digital contents copy write owners must face, is to create a method for electronic distribution of the above listed media while preventing non authorised redistributio .
It is well known, especially in the music industry in both recording companies and musical program software- houses, that the economical loss provoked by computer piracy has been and is still so great that this sector is forced to demand urgent methods to combat this illicit dealing, but which at the same time do not modify electronic distribution flexibility and simplicity.
Therefore there exist a particularly urgent need to implement an electronic data distribution method strong enough to mitigate copy write owners' concerns involving piracy and non-authorised distribution, but that is also simple and economical to carry out.
One of the methods for controlling non authorised digital data distribution, is to ensure that the computer support is unique, that is, that no other support identical to the original support exists, and to also ensure that the digital data contained in said original support can be processed exclusively by the authentic purchaser of the original computer support, in that, for example, it is able to cancel any temporary copy made using the system after the original support has been used.
To attain this, one of the most common and simplest methods is to conceive a computer support validation system using a static password, that is, to provide a situation in which the client or host computer requests a pre-determined password from the end user or purchaser, this password being supplied for _ example by the producer and/or the distributor of the product, and designed to enable and therefore to validate the product in question.
Once the end user enters the correct password, access is granted to the functions previously blocked, or to the stored data and information on the customer computer, or on one or more remote computer systems.
Figure 1 shows the diagram of a common data exchange between an application 1 able to supply digital content, such as for example, music, videotapes, books, computer software and/or other types of data that can be downloaded for example through the internet upon a valid request.
This application 1 communicates with a removable mass storage support 2. The diagram in this figure illustrates the characteristic showing how application 1 can communicate with the removable mass storage support 2 by means of an operating system 3 designed to manage and pilot the communication with the IDE type storage device 5, (Integrated Device Electronics) by means of an IDE type driver device 4 (also called device driver) . In the example illustrated, the mass storage support 2 can be a floppy disk.
In this manner, upon a request for use or vision of application 1 contents, a validation communication intervenes, wherein a serial number 6, or password of the mass storage support 2 is communicated to the application 1 itself.
For example, the data transmitted can be ciphered according to password 6 or according to a variation of the password itself.
This technique has certain advantages such as simplicity and low cost, but it is strongly limiting in that password validation transactions are potentially vulnerable to the point of compromising the valid recognition of the storage support and/or the contents of said storage support .
This can occur with non-authorised programs on the customer computer or through other illicit means able to monitor the password validation process. One of these illicit means is known as an emulator program, also called "attack emulator", being able to emulate the valid password.
Therefore the attack emulator is a software program and/or firmware component, usually in the form of a device driver, designed to replicate one or more of the hardware devices.
For example, in reference to figure 2 which illustrates the attack emulator function diagram, it can be seen that an attack emulator 7 simulates within its complex (shown with dotted lines) the operation of IDE device driver 4, of the IDE type hard drive controller 8, and the IDE driver 5.
The attack emulator is successful because it manages to deceive application 1, making it believe that the computer support with the correct serial number is present in the disk driver 5 even if no driver is physically connected to the computer.
In fact, given that the operating system 3 believes it is communicating with the IDE driver device 4, it sends all the Input/Output controls requested to the emulated driver 7, or attack emulator, as if it were the current IDE driver 4. There is no way that application 1 can verify the validity of password 6, and therefore the attack is completed successfully.
This can occur because, in the first place, application 1 requests the password from the emulated disk drive 5, and therefore the attack emulator 7 emulates the password reading process from an emulated removable mass storage support 2, but in reality, it reads password 6 from a storage cell, or from a file or another storage position.
The attack emulator 7 sends the password to application 1 to complete the password call operation, so that application 1 itself believes that it has received the original password following an exchange of valid information.
Another type of attack on the password that can occur during validation exchange is the well-known interposition or "shim attack" .
The shim attack is a variant of the emulator attack.
As shown in Figure 3, the shim attack 8 is interposed between the operating system 3 and the IDE driver 4. The shim attack 8 operates to alter a key element of the information, this being the current password 6a in the illustrated example, but that is not the original from computer support 2 , thus sending all the Input/Output requests from application 1 directly to device driver 4.
In this manner, the shim attack 8 acts as an intermediary in a normal communication exchange, in which shim attack 8 has the sole aim of converting the current password 6a (not valid) to a valid password 6b, to provide correct communication with application 1.
Many solutions have been proposed to counter these problems, but none of said solutions has provided an absolute capacity for validating and certifying a program code stored locally in a client or host computer.
In view of the background art described, the aim of the present invention is to provide a method to eliminate or at least drastically reduce the existing disadvantages and inadequacies in well-known systems.
Another aim of the present invention is to supply a method to control the authenticity and validity of software stored on a mass storage support. According to the present invention, this aim is achieved through a method for validating a program code stored in a mass storage support device according to independent claim 1.
Thanks to the present invention, it is possible to realize a method for controlling validity and authenticity of the software stored on a mass storage support that does not require external functions, such function being directly integrated within the locally stored software. The characteristics and advantages of the present invention will be made clear in the following detailed descriptions of more than one practical embodiment, illustrated as non limiting examples in the appended drawings in which: figure 1 shows a block diagram illustrating data exchange between a mass storage support and application through the use of a password validated according to known techniques; figures 2 and 3 show further block diagrams where the mass storage support contents can be considered valid by the application in the case where the original password has been emulated according to known techniques; figure 4 shows a computer with a mass storage device on which the present invention can be implemented; figure 5 shows a block diagram illustrating validation process according to the present invention. Figure 4 shows a schematic diagram of a computer system in which the present invention can be applied, said computer system having a mass storage device 9, such as a disk drive for example, for storing and recovering digital data from a host device 10. The host device 10 can be one of the numerous types of computer normally present on the market, for example a personal computer, notebook, etc.
The host device 10 communicates with the mass storage device 9 through a data bus 11, thanks to the transmission of digital data reading or writing commands for or from mass storage support 2.
The data bus 11 can be one of the various buses available in current technology such as for example parallel bus, USB, fire wire, SCSI etc.
The host device 10 can communicate with applications 1 designed and managed by third parties whether they are stored in local or remote mode . This communication takes place through a communication network 12 connected to a server computer 13 also called application server, or connected to the memory of the host device 10.
Server 13 can be connected to additional storage elements such as for example a database 14. In this manner the invention can be applied to a computer network in which the remote application 1 requests the validation of a component of the system associated with the host device 10, such as for example software stored in stack 15. The mass storage device 9 is for example, a removable storage device, comprising a controller 16 that acts as an interface with the host device 10 and controls the total operativeness of the mass storage device 9. For example, controller 16 is a controller based on a microprocessor.
The mass storage device 9 also comprises a reading channel 17 for conditioning signals read from the computer support 2; an actuation controller 18 for supplying servo-controls and the trace position on which the computer support 2 data is stored; a motor control 19 to control the computer support 2 rotation speed through a motor shaft 20 and a computer support 2 data reading apparatus . The reading apparatus comprises read/write means 21, these means 21 being positioned on a slide (not illustrated in said figure 4) . Moreover, an arm 22 and an actuator 23 are also envisaged for said means 21, cooperating to move the slide, i.e. the read/write means 21, on the computer support 2 surface. The read/write means 21 are electrically coupled to the reading channel 17 through the electric conductor 24. It should be noted that computer support 2 can form one of the know computer supports that technology has made available, such as magnetic, optical or magnetic-optical supports .
The method according to the present invention will now be described with reference to the flow diagram shown in figure 5 combined with the computer system above illustrated in figure 4.
Thus, with reference to figure 5, once the computer support 2 has been inserted into the special mass storage device 9, and the information stored therein has been read by the reading means 21 and transmitted by the reading channel 17 together with control interface 16 to the host device 10 that will store the data in stack 15, the flow diagram envisages an initial block 25, which, at the moment in which the user or purchaser needs to interact with the computer server 13 of the software producer or the software distributor, envisages entering a unique identification code called "Product ID" through some well known means such as a keyboard for example. This unique identification code is composed of a plurality of alphanumerical characters, the number of figures being varied mainly according to the protection level required.
For example, such identification code can be composed of ten alphanumerical characters . At the same time, the program code stored in the stack 15 recovers, block 26, at least one identification code called "Machine ID" from a hardware element constituting host device 10, through an operating system function call command.
This identification code represents the serial number of a hardware component assigned by every hardware producer. Therefore, through this operating system call, the program code stored in stack 15 acquires a serial number of at least one of the hardware components comprising host device 10. With reference to the operating system Microsoft Windows for example, there is a command called "GetVolumelnformation () " , through which it is possible to obtain a unique volume identification of the host device 10 hard disk partition, as return information.
But it is also envisaged that the program code procures as identifier, the serial number of either the hard disk or a mother board, or the processor.
Continuing the analysis of the flow diagram shown in figure 5, the program code combines, step 27, the Machine ID extracted from the host device 10 with the pre-deter ined Product ID to generate a third alphanumerical code composed of a plurality of characters called "Activation Code" .
The activation Code also comprises a plurality of alphanumerical characters with a total that can be identical to or higher than the plurality of the alphanumerical characters of the Machine ID or the
Product ID.
Thus, the program code concatenates the Product ID and Machine ID together to combine the two said identification codes to create a new unique and non- replicable identification code.
The invetive method envisages, for example that the combination of the Product ID and Machine ID occurs through parallel concatenation called PCCC, or Parallel Concatenated Convolutional Codes. Using a component called interleaver, this combination makes it possible to change the binary data order at the interleaver entry point, according to a pre- established rule.
The method according to this invention also envisages combining the two identification codes, i.e. Product ID and Machine ID, using serial concatenation SCCC, or Serial Concatenated
Convolutional Codes.
Successively, a control stage is envisaged, block 28, to control the authenticity and/or validity of the Activation Code.
In the case where said control operation gives a positive result, branch YES of block 27, the program code authorises the use of certain and/or all the program code functions, block 28.
In this situation, i.e. after the validation of the Activation Code, the program code grants the user access to particular previously inhibited functions, such as for example, saving changes, printing, etc. In the case where said control operation gives a negative result, branch NO of block 27, the program code inhibits the use of certain and/or all the program code functions, block 29.
Advantageously, it should be noted that the control block 27 is activated through the communication network 12 that can be the Internet network, for example.
By activating this Activation Code control mode the whole flow diagram in figure 5 , except for block 25, or the insertion of Product ID, is performed in a transparent manner for the user making the operation very simple and intuitive to use.
In other words, the user is requested to enter the Product ID only, while the producer carries out the control operation, comparing the Activation Code with the Product ID present in the database 14.
Control operation ensures that the third identification code, or Activation Code, is actually the combination of the first and second identification codes, being respectively the Product
ID and Machine ID.
For example, if the Activation Code is the result of the concatenation of Product ID and Machine ID the control operation comprises a database 14 control check to verify whether the Activation Code actually contains the Product ID.
In another "embodiment, if the Activation Code is the result of the SCCC combination of Product ID and Machine ID, or in other words, the serial combination of Product ID and Machine ID according to a predetermined algorithm, the control operation consists of a database 14 control to verify during the decoding of said SCC whether the Activation Code actually contains the Product ID.
This procedure is identical in the case of parallel combination.
In this manner, by requesting the users or purchasers of the products to interact with the server computer 13 , the software producer or distributor can therefore protect the products by inhibiting the use of certain or all program code functions in the case where customers do not possess a valid Activation Code. In fact in the case where the user copies the program code onto another host device 10, the Activation code will no longer correspond with the Machine ID of the new host device 10 and thus all or some of the functions of the program code will not be accessible.

Claims

1. Method for validating a program code stored in a mass storage device (2) , comprising a first (Product ID) and a second (Machine ID) identification number, the first identification number (Product ID) being introducible by the user, the second identification number (Machine ID) being previously stored in a storage cell (15) , characterised in that it comprises the following steps:
• Entering said first identification number (Product ID) each time said program code must be validated;
• Procuring said second identification number (Machine ID) from said storage cell;
• Combining said first identification number (Product ID) and said second identification number (Machine ID) to form a third identification number (Activation Code) ;
• Controlling said third identification number to validate said program code .
2. Method according to claim 1, characterised in that said control step of the third identification number (Activation Code) is carried out by a server (13) comparing said third identification number (Activation Code) with said first identification number (Product ID) , said first identification number (Product ID) having been previously stored in a database ( 14 ) .
3. Method according to claim 1 characterised in that said combination step envisages a concatenation of said first identification number (Product ID) and said second identification number (Machine ID) .
4. Method according to claim 1, characterised in that said combination step envisages a serial type coding for said first identification number (Product ID) and said second identification number (Machine ID) .
5. Method according to claim 1 characterised in that said combination step envisages a parallel type coding for said first identification number (Product ID) and said second identification number (Machine ID) .
6. Method according to claim 1 characterised in that said first identification number (Product ID) is supplied by the producer of said program code.
7. Method according to claim 1 characterised in that said second identification number (Machine ID) identifies uniquely a hardware device constituting part of the host device (10) .
8. Method according to claim 3, characterised in that said hardware device is the volume of a partition of the hard disk of said host device (10).
9 . Method according to claim 3 characterised in that said hardware device is the serial number of a hard disk, or of a mother board, or of a processor, said hardware devices constituting part of said host device (10) .
10. Method according to any one of the preceding claims characterised in that said first (Product ID) and second (Machine
ID) identification numbers are composed of a first plurality of alphanumerical characters .
11. Method according to claim 7, characterised in that said first plurality of alphanumerical characters is composed of ten figures.
12. Method according to any one of the preceding claims, characterised in that said third identification number (Activation Code) is composed of a second plurality of alphanumerical characters of which the total is identical to or higher than said first plurality of alphanumerical characters.
PCT/IT2002/000805 2002-12-19 2002-12-19 Method for program code authentication Ceased WO2004057448A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
AU2002361121A AU2002361121A1 (en) 2002-12-19 2002-12-19 Method for program code authentication
PCT/IT2002/000805 WO2004057448A1 (en) 2002-12-19 2002-12-19 Method for program code authentication
IT002299A ITMI20032299A1 (en) 2002-12-19 2003-11-25 METHOD TO AUTHENTICATE A LOCALLY STORED PROGRAM CODE

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IT2002/000805 WO2004057448A1 (en) 2002-12-19 2002-12-19 Method for program code authentication

Publications (1)

Publication Number Publication Date
WO2004057448A1 true WO2004057448A1 (en) 2004-07-08

Family

ID=32676765

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IT2002/000805 Ceased WO2004057448A1 (en) 2002-12-19 2002-12-19 Method for program code authentication

Country Status (3)

Country Link
AU (1) AU2002361121A1 (en)
IT (1) ITMI20032299A1 (en)
WO (1) WO2004057448A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999026123A1 (en) * 1997-11-18 1999-05-27 Christopher Benjamin Wakely Improvements relating to software protection systems
WO2002003176A2 (en) * 2000-06-30 2002-01-10 The Virtual Orchestra Company Limited Apparatus and method for licensing digital data
US20020152404A1 (en) * 1998-06-04 2002-10-17 Z4 Technologies, Inc. Method for securing software to decrease software piracy

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999026123A1 (en) * 1997-11-18 1999-05-27 Christopher Benjamin Wakely Improvements relating to software protection systems
US20020152404A1 (en) * 1998-06-04 2002-10-17 Z4 Technologies, Inc. Method for securing software to decrease software piracy
WO2002003176A2 (en) * 2000-06-30 2002-01-10 The Virtual Orchestra Company Limited Apparatus and method for licensing digital data

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
BENEDETTO S ET AL: "Serial concatenation of interleaved codes: performance analysis, design and iterative decoding", INFORMATION THEORY. 1997. PROCEEDINGS., 1997 IEEE INTERNATIONAL SYMPOSIUM ON ULM, GERMANY 29 JUNE-4 JULY 1997, NEW YORK, NY, USA,IEEE, US, 29 June 1997 (1997-06-29), pages 106, XP010240159, ISBN: 0-7803-3956-8 *

Also Published As

Publication number Publication date
AU2002361121A1 (en) 2004-07-14
ITMI20032299A1 (en) 2004-06-20

Similar Documents

Publication Publication Date Title
US6263431B1 (en) Operating system bootstrap security mechanism
US6446209B2 (en) Storage controller conditioning host access to stored data according to security key stored in host-inaccessible metadata
US7543117B1 (en) Method for installing a mailbox file associated with a disk storage medium
US6681212B1 (en) Internet-based automated system and a method for software copyright protection and sales
US5884026A (en) Personal computer having a security function, a method of implementing the security function, and methods of installing and detaching a security device to/from a computer
US9311470B2 (en) Method and system for authenticating a user
US7793041B2 (en) Method for controlling access to data of a tape data storage medium
US20060130154A1 (en) Method and system for protecting and verifying stored data
EP1582961B1 (en) Controlling data access to electronic control units in vehicles
JP2000101568A (en) Command authentication method
WO1996025700A1 (en) Personal access management system
RU2348968C2 (en) System for interlinking of secrets with computer system having some tolerance on hardware changes
JP4610557B2 (en) DATA MANAGEMENT METHOD, PROGRAM THEREOF, AND PROGRAM RECORDING MEDIUM
WO2001033317A1 (en) Assuring data integrity via a secure counter
US20030005294A1 (en) System and method for restoring a secured terminal to default status
US6173057B1 (en) Method of making secure and controlling access to information from a computer platform having a microcomputer
EP1542135B1 (en) A method which is able to centralize the administration of the user registered information across networks
US7523281B2 (en) Authenticating hardware for manually enabling and disabling read and write protection to parts of a storage disk or disks for users
WO2007010333A1 (en) Host security module using a collection of smartcards
WO2004057448A1 (en) Method for program code authentication
DE102005014352A1 (en) Method and control device for controlling access of a computer to user data
JP4638158B2 (en) Copyright protection system
CN1692337A (en) Method and system for alternatively activating a replaceable hardware unit
RU2251752C2 (en) Semiconductor memory board and data-reading device
JP4510368B2 (en) Copyright protection system and recording medium recording the program

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SC SD SE SG SK SL TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP