[go: up one dir, main page]

WO2006101765A2 - Method for preventing unauthorized installation of a software product - Google Patents

Method for preventing unauthorized installation of a software product Download PDF

Info

Publication number
WO2006101765A2
WO2006101765A2 PCT/US2006/008517 US2006008517W WO2006101765A2 WO 2006101765 A2 WO2006101765 A2 WO 2006101765A2 US 2006008517 W US2006008517 W US 2006008517W WO 2006101765 A2 WO2006101765 A2 WO 2006101765A2
Authority
WO
WIPO (PCT)
Prior art keywords
installation
software product
certificate
server
preventing unauthorized
Prior art date
Application number
PCT/US2006/008517
Other languages
French (fr)
Other versions
WO2006101765A3 (en
Inventor
Jeremy N. Snyder
Zachary E. Fransen
Original Assignee
Snyder Jeremy N
Fransen Zachary E
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Snyder Jeremy N, Fransen Zachary E filed Critical Snyder Jeremy N
Publication of WO2006101765A2 publication Critical patent/WO2006101765A2/en
Publication of WO2006101765A3 publication Critical patent/WO2006101765A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/106Enforcing content protection by specific content processing
    • G06F21/1066Hiding content

Definitions

  • the present invention relates to the prevention of fraudulent use of computer software products and, more particularly, to a method for preventing unauthorized installation of a software product.
  • a variety of methods have been devised to attempt to thwart software piracy.
  • One such method involves embedding one or more license keys within a software product, and requiring the entry of a matching or recognized key to proceed with installation of use of the software product.
  • an approach is vulnerable to sharing or dissemination of a known valid key.
  • such a key may be discovered by simple trial and error, or by reverse engineering of the software product. Reverse engineering, or "hacking" of the software product may lead to a functional version of the software product that has such a feature disabled entirely.
  • An enhancement to a simple license key approach involves tracking the use of each valid license key. If it can be recognized that a license key has already been used, the software product may be disabled from further use or additional installations. However, for software that is distributed on a read-only medium, license key usage must be tracked externally. Thus, some approaches require electronic online registration of a software product for use or installation. While such a system may be effective in identifying attempted multiple uses of a single license key, and therefore thwart some piracy attempts, electronic online registration may not be effective against efforts to disable the protection entirely through reverse engineering or hacking of the software product.
  • an online authorization or license server is used to validate a licensing key to activate a software product, it may be possible to bypass the server and transfer a forged or "hacked" authorization code to the software product, thereby circumventing the license server.
  • This disclosure is directed to a method for preventing unauthorized installation of a software product.
  • a master certificate is created that defines a plurality of licensed installations of a software product.
  • the master certificate is then stored on an installation server.
  • Distribution copies of the software product corresponding to the licensed installations are created.
  • Each of the distribution copies comprises a computer readable medium with a copy of the software product and at least one hidden authentication file stored thereon.
  • a user executable computer installation shell program is stored on each of the distribution copies.
  • the installation shell program includes a unique installation certificate and a means for establishing an Internet connection with the installation server.
  • the shell program also includes a means for sending the installation certificate to the installation server for validation, a means for allowing the installation server remote file access to the hidden authentication file, and a means for receiving a message from the installation server indicating the validity of the installation certificate and the hidden authentication file.
  • the shell program further includes a means for installing the software product onto the user computer and a means for permitting installation of the software product only if the message from the installation server indicates proper validity of the installation certificate and the hidden authentication file.
  • the current disclosure is also directed to a method that is implemented on an installation server computer for preventing the unauthorized installation of a distribution copy of a software product on a user computer.
  • the method includes accepting for storage and processing, a master certificate that defines a plurality of licensed installations of a software product. Communication is established with the user computer. The user computer installation certificate is received and verified using the master certificate to establish the authenticity of the installation certificate. Remote file access is established to read at least one hidden authentication file on the user computer in order to verify the file integrity of the distribution copy. A message is sent indicating the validity of the installation certificate and the hidden authentication file.
  • the validity indication directs termination of installation of the software product on the user computer if a combination of the installation certificate and the hidden authentication file cannot be properly authenticated. Alternatively, the validity indication authorizes the completion of the installation of the software product on the user computer if the combination of the installation certificate and the hidden authentication file can be properly authenticated.
  • Fig. 1 is a schematic block diagram of a computer system implementing a method for preventing unauthorized installation of a software product according to the present invention.
  • Fig. 2 is a flowchart of a process for generating master and installation certificates in a method for preventing unauthorized installation of a software product according to the present invention.
  • Fig. 3 is a block diagram illustrating software and data components stored on a delivery medium according to a method for preventing unauthorized installation of a software product according to the present invention.
  • Fig. 4 is a block diagram of a computer system.
  • Fig. 5 is a flow chart of a method for preventing unauthorized installation of a software product according to the present invention.
  • the method for preventing unauthorized installation of a software product provides protection against piracy for software products distributed on a computer-readable medium such as a CD-ROM, DVD, and the like.
  • a software developer generates certificates that will restrict and govern the installation of a software product, including a master certificate and a plurality of installation certificates, there being a unique installation certificate generated for each distribution copy of the software product generated.
  • the software product For each distribution copy of a software product to be created, the software product is stored along with a unique installation certificate onto a computer readable medium such as a CD-ROM, DVD, and the like, the installation certificate being encapsulated within an installation shell program.
  • the master certificate is stored on an installation server.
  • the installation shell program communicates with the installation server to validate the installation certificate against the master certificate.
  • the installation server further communicates with the user computer installation shell program on the user computer to verify the integrity and validity of the distribution copy itself, by reading hidden authentication files stored on the distribution copy that are only readable by the installation server.
  • the software product is only installed if the installation server can determine that 1) the installation certificate is valid; 2) the distribution copy is not an unauthorized copy; and 3) a maximum number of authorized installations have not been exceeded for the installation certificate.
  • the method for preventing unauthorized installation of a software product is directed to preventing piracy of a software product 102 where distribution copies 300 of the software product 102 are distributed to users on a computer readable medium such as a CD-ROM, DVD, and the like, from which the software product will be installed to a user computer 400.
  • a software developer 108 generates certificates that will restrict and govern the installation of a software product 102, including a master certificate 106 that is stored by an installation validation server 110, and installation certificates 104, there being a unique installation certificate 104 generated for each distribution copy 300 of the software generated.
  • the software product 102 is stored along with a unique installation certificate 104 onto a computer readable medium such as a CD-ROM, DVD, and the like.
  • the installation certificate 104 on the distribution copy 300 is validated against the master certificate 106 by communication between the user computer 400 and the installation server 110.
  • the installation server 110 further communicates with the user computer 400 to verify the integrity and validity of the distribution copy 300.
  • a process for generation of the certificates is described. Note that various steps may be performed in sequences other than described and illustrated. Initially, a master certificate 106 is generated (step 202). Next, a plurality of installation certificates 104 are generated (step 204). Note that each of the installation certificates 104 is generated in relation to the master certificate 106 such that the master certificate 106 may be used for validation of each of the installation certificates 104. A unique installation certificate 104 is generated for each distribution copy 300 that will be created. The generation of the installation certificates 104 is further described with reference to steps 206-216 of Fig. 2, along with Fig. 3.
  • a unique binary code is generated (step 208) and encrypted (step 210) in reference to the master certificate 106, the encrypted binary code becoming the installation certificate 104.
  • the certificate 104 may also include a server identifier 303, so that an appropriate installation server 110 may be identified during installation.
  • the installation certificate 104 is then encapsulated within an installation shell program 302 (step 212).
  • the installation shell program 302 is a rudimentary installation program that will establish communication with an installation server 110 for validation of the installation certificate 104 and subsequent installation functions.
  • the computer program shell 302, encapsulating the installation certificate 104, is stored along with a copy of the software product 102 onto a computer readable medium such as a CD-ROM, DVD, and the like to create a distribution copy 300 (step 214).
  • the software product 102 may be stored in one or more pieces, or program segment files 304.
  • the software product 102 is stored along with at least one hidden authentication file 306.
  • Plural hidden authentication files 306 may be interleaved with the program segment files 304, or otherwise organized in a physical or logical file or data storage structure.
  • the hidden authentication files 306 are stored in a format such that they are not readable by, or are hidden from, the operating system of the user computer 400.
  • the popular and widely used Microsoft Windows operating system cannot read certain UNIX file formats or filenames.
  • a UNIX filename employing prefix and suffix name structures (".helix.example.unx", for example) is not duplicated if the file is copied into a Windows environment.
  • the hidden authentication files 306 are UNIX files that are identifiable and readable only by a UNIX processor. Therefore, if the user computer 400 is a Windows processor, the authentication files 306 are hidden from the user computer 400.
  • the master certificate 106 is stored on an installation server 110. Prior to storage, the master certificate 106 may be modified to reflect the installation certificates 104 generated, such as by setting a number of active and valid installation certificates 104 or the like.
  • the software product 102 will be installed from a distribution copy 300 onto a user computer 400, such as a personal computer or the like generally as illustrated in Fig. 4.
  • a user computer 400 such as a personal computer or the like generally as illustrated in Fig. 4.
  • Such a computer system generally comprises a microprocessor 410 connected by a bus 411 to an area of main memory 402, comprising both read only memory (ROM) 406, and random access memory (RAM) 404.
  • ROM 406 contains a ROM BIOS (Basic Input Output System) 408 that contains, in addition to low-level device drivers and other computer code for interacting with the computer hardware and peripherals, an identification code for the user computer 400 such as a unique serial number.
  • BIOS Basic Input Output System
  • the microprocessor 410 is in communication, via bus 411, with a storage device 412 such as a disk storage device having means for reading a coded set of program instructions on a computer readable medium which may be loaded into the main memory 402 and executed by the microprocessor 410. Additionally, a media reader 414 is provided for reading computer program code or data from a removable storage medium 416, such as a removable disk drive, CD-ROM drive, DVD drive, or the like.
  • the computer system typically includes means for providing a user interface, such as a keyboard 420 and a display device 422. Additional input/output devices 418 are often included in a general purpose or personal computer system.
  • a software product installation process is described according to the method for preventing unauthorized installation of a software product.
  • a distribution copy 300 of the software product 102 is inserted into the user computer's media reader 414.
  • the installation shell program 302 is loaded by the user computer 400, and begins execution.
  • the installation shell program 302 begins by locating or establishing a communication connection, via the Internet, to an installation server 110 (step 502). If no Internet connection is found, an attempt to establish Internet connectivity may be attempted, such as prompting the user to connect a modem to a telephone line, dial for dial-up Internet service, etc. If attempts to establish Internet connectivity, and communication with an installation server 110, fail, the installation shell program 302 terminates to prevent installation of the software product 102 (step 522).
  • the installation shell program 302 sends the installation certificate 104 to the installation server 110 for validation (step 504).
  • the installation shell program 302 may send, along with the installation certificate 104, an identifier for the user computer 400 such as the BIOS serial number or another unique "thumbprint" identifying the user computer 400.
  • the installation server 110 attempts to verify the installation certificate 104 (step 508).
  • the installation certificate 104 is verified using the master certificate 106 to establish the authenticity of the installation certificate 104.
  • the installation server 110 may refer to other information contained within the master certificate 106 or to historic information recorded during previous installations to determine if an installation is authorized for the installation certificate 104.
  • the installation certificate 104 may have been created to authorize only a single, or a fixed predefined number of installations. An attempt to exceed the predefined number of authorized installations is rejected.
  • the installation server 106 establishes remote file access through the installation shell program 302 whereby the installation server 110 may read the hidden authentication files 306 from the distribution copy 300 (steps 510, 512). The installation server 110 may then read the hidden authentication files 306 to verify the file integrity of the distribution copy 300 (step 514). Recalling that the hidden authentication files 306 are UNIX files (for installation onto a Windows computer), it can be recognized that an installation server 110 using the UNIX operating system will be able to detect attempted copying of the distribution copy 300 since such copying on a Windows machine would corrupt the UNIX files. Thus, unauthorized copies of the distribution copy 300 may be detected.
  • the installation server 110 sends an encrypted authorization code to the user computer 400 (step 514). Alternatively, if any of the checks have failed and an installation is not authorized, a message is sent accordingly to the user computer 400.
  • the installation server may then update the master certificate 106, or a database associated with the master certificate 106, to record the installation, such as by associating the user computer's identifier with the installation certificate 104 and incrementing a count of installations (step 520). Note that, if all authorized installations for all installation certificates 104 associated with a master certificate 106 have been depleted, the installation server 110 may refuse to accept any installation certificate 104 requesting authorization or may shut down entirely.
  • the installation shell program 302 continues and performs an installation of the software product 102 (step 518), or terminates to prevent installation of the software product 102 (step 522), accordingly.
  • separate installation servers 110 may be employed to separately handle software installation for each instance.
  • a master certificate 106 for corporate licenses of a software product 102 may be implemented on one installation server 110, while a separate master certificate 106 for public or individual licenses may be deployed on a separate installation server 110.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The method for preventing unauthorized installation of a software product (102) provides protection against piracy for software products (102) distributed on a computer-readable medium such as a CD-ROM (300). For each distribution copy (300) of a software product (102), the software product (102) is stored along with a unique installation certificate (104) onto a computer readable medium such as a CD-ROM, the installation certificate (104) being encapsulated within an installation shell program. The installation shell program communicates with the installation server (110) to validate the installation certificate (104) against the master certificate (106). The installation server (110) reads hidden authentication files stored on the distribution copy (300) to verify the integrity and validity of the distribution copy itself (300). The software product (102) is only installed if the installation server (110) can determine that 1) the installation certificate (104) is valid; 2) the distribution copy (300) is not an unauthorized copy; and 3) a maximum number of authorized installations has not been exceeded for the installation certificate (104).

Description

METHOD FOR PREVENTING UNAUTHORIZED INSTALLATION OF A
SOFTWARE PRODUCT
TECHNICAL FIELD
The present invention relates to the prevention of fraudulent use of computer software products and, more particularly, to a method for preventing unauthorized installation of a software product.
BACKGROUND ART
Computer software developers generate revenues when their computer software products are sold or licensed to users. When software products are illegally copied or used without license, the software developers lose revenues. The illegal copying, unlicensed use, or theft of software products, categorically referred to as piracy, imposes a substantial cost to software developers.
Part of the problem stems from the fact that software is relatively simple to copy. Without safeguards in place, an entire disk or CD ROM may be identically duplicated in moments. Even from a single disk or CD ROM, a software product intended for a single licensed user may be installed on multiple computers.
A variety of methods have been devised to attempt to thwart software piracy. One such method involves embedding one or more license keys within a software product, and requiring the entry of a matching or recognized key to proceed with installation of use of the software product. However, such an approach is vulnerable to sharing or dissemination of a known valid key. Also, such a key may be discovered by simple trial and error, or by reverse engineering of the software product. Reverse engineering, or "hacking" of the software product may lead to a functional version of the software product that has such a feature disabled entirely.
An enhancement to a simple license key approach involves tracking the use of each valid license key. If it can be recognized that a license key has already been used, the software product may be disabled from further use or additional installations. However, for software that is distributed on a read-only medium, license key usage must be tracked externally. Thus, some approaches require electronic online registration of a software product for use or installation. While such a system may be effective in identifying attempted multiple uses of a single license key, and therefore thwart some piracy attempts, electronic online registration may not be effective against efforts to disable the protection entirely through reverse engineering or hacking of the software product.
Additionally, where an online authorization or license server is used to validate a licensing key to activate a software product, it may be possible to bypass the server and transfer a forged or "hacked" authorization code to the software product, thereby circumventing the license server.
Thus, a method for preventing unauthorized installation of a software product solving the aforementioned problems is desired.
DISCLOSURE OF INVENTION
This disclosure is directed to a method for preventing unauthorized installation of a software product. A master certificate is created that defines a plurality of licensed installations of a software product. The master certificate is then stored on an installation server. Distribution copies of the software product corresponding to the licensed installations are created. Each of the distribution copies comprises a computer readable medium with a copy of the software product and at least one hidden authentication file stored thereon. A user executable computer installation shell program is stored on each of the distribution copies. The installation shell program includes a unique installation certificate and a means for establishing an Internet connection with the installation server. The shell program also includes a means for sending the installation certificate to the installation server for validation, a means for allowing the installation server remote file access to the hidden authentication file, and a means for receiving a message from the installation server indicating the validity of the installation certificate and the hidden authentication file. The shell program further includes a means for installing the software product onto the user computer and a means for permitting installation of the software product only if the message from the installation server indicates proper validity of the installation certificate and the hidden authentication file.
The current disclosure is also directed to a method that is implemented on an installation server computer for preventing the unauthorized installation of a distribution copy of a software product on a user computer. The method includes accepting for storage and processing, a master certificate that defines a plurality of licensed installations of a software product. Communication is established with the user computer. The user computer installation certificate is received and verified using the master certificate to establish the authenticity of the installation certificate. Remote file access is established to read at least one hidden authentication file on the user computer in order to verify the file integrity of the distribution copy. A message is sent indicating the validity of the installation certificate and the hidden authentication file. The validity indication directs termination of installation of the software product on the user computer if a combination of the installation certificate and the hidden authentication file cannot be properly authenticated. Alternatively, the validity indication authorizes the completion of the installation of the software product on the user computer if the combination of the installation certificate and the hidden authentication file can be properly authenticated.
BRIEF DESCRIPTION OF THE DRAWINGS
Fig. 1 is a schematic block diagram of a computer system implementing a method for preventing unauthorized installation of a software product according to the present invention. Fig. 2 is a flowchart of a process for generating master and installation certificates in a method for preventing unauthorized installation of a software product according to the present invention.
Fig. 3 is a block diagram illustrating software and data components stored on a delivery medium according to a method for preventing unauthorized installation of a software product according to the present invention. Fig. 4 is a block diagram of a computer system.
Fig. 5 is a flow chart of a method for preventing unauthorized installation of a software product according to the present invention.
Similar reference characters denote corresponding features consistently throughout the attached drawings.
BEST MODES FOR CARRYING OUT THE INVENTION
The method for preventing unauthorized installation of a software product provides protection against piracy for software products distributed on a computer-readable medium such as a CD-ROM, DVD, and the like.
A software developer generates certificates that will restrict and govern the installation of a software product, including a master certificate and a plurality of installation certificates, there being a unique installation certificate generated for each distribution copy of the software product generated.
For each distribution copy of a software product to be created, the software product is stored along with a unique installation certificate onto a computer readable medium such as a CD-ROM, DVD, and the like, the installation certificate being encapsulated within an installation shell program. The master certificate is stored on an installation server.
When a user attempts to install the software product onto a user computer from a distribution copy, the installation shell program communicates with the installation server to validate the installation certificate against the master certificate. In addition to validation of the installation certificate, the installation server further communicates with the user computer installation shell program on the user computer to verify the integrity and validity of the distribution copy itself, by reading hidden authentication files stored on the distribution copy that are only readable by the installation server.
The software product is only installed if the installation server can determine that 1) the installation certificate is valid; 2) the distribution copy is not an unauthorized copy; and 3) a maximum number of authorized installations have not been exceeded for the installation certificate.
Referring to Fig. 1, the method for preventing unauthorized installation of a software product is directed to preventing piracy of a software product 102 where distribution copies 300 of the software product 102 are distributed to users on a computer readable medium such as a CD-ROM, DVD, and the like, from which the software product will be installed to a user computer 400.
A software developer 108 generates certificates that will restrict and govern the installation of a software product 102, including a master certificate 106 that is stored by an installation validation server 110, and installation certificates 104, there being a unique installation certificate 104 generated for each distribution copy 300 of the software generated. For each distribution copy 300, the software product 102 is stored along with a unique installation certificate 104 onto a computer readable medium such as a CD-ROM, DVD, and the like. When a user attempts to install the software product 102 onto a user computer 400 from a distribution copy 300, the installation certificate 104 on the distribution copy 300 is validated against the master certificate 106 by communication between the user computer 400 and the installation server 110. Subsequent to validation of the installation certificate 104, the installation server 110 further communicates with the user computer 400 to verify the integrity and validity of the distribution copy 300.
Referring to Fig. 2, a process for generation of the certificates is described. Note that various steps may be performed in sequences other than described and illustrated. Initially, a master certificate 106 is generated (step 202). Next, a plurality of installation certificates 104 are generated (step 204). Note that each of the installation certificates 104 is generated in relation to the master certificate 106 such that the master certificate 106 may be used for validation of each of the installation certificates 104. A unique installation certificate 104 is generated for each distribution copy 300 that will be created. The generation of the installation certificates 104 is further described with reference to steps 206-216 of Fig. 2, along with Fig. 3.
For each of the installation certificates 104 (at 206), a unique binary code is generated (step 208) and encrypted (step 210) in reference to the master certificate 106, the encrypted binary code becoming the installation certificate 104. The certificate 104 may also include a server identifier 303, so that an appropriate installation server 110 may be identified during installation. The installation certificate 104 is then encapsulated within an installation shell program 302 (step 212). The installation shell program 302 is a rudimentary installation program that will establish communication with an installation server 110 for validation of the installation certificate 104 and subsequent installation functions. The computer program shell 302, encapsulating the installation certificate 104, is stored along with a copy of the software product 102 onto a computer readable medium such as a CD-ROM, DVD, and the like to create a distribution copy 300 (step 214). The software product 102 may be stored in one or more pieces, or program segment files 304. The software product 102 is stored along with at least one hidden authentication file 306. Plural hidden authentication files 306 may be interleaved with the program segment files 304, or otherwise organized in a physical or logical file or data storage structure.
The hidden authentication files 306 are stored in a format such that they are not readable by, or are hidden from, the operating system of the user computer 400. For example, the popular and widely used Microsoft Windows operating system cannot read certain UNIX file formats or filenames. A UNIX filename employing prefix and suffix name structures (".helix.example.unx", for example) is not duplicated if the file is copied into a Windows environment. Thus, in the present example, the hidden authentication files 306 are UNIX files that are identifiable and readable only by a UNIX processor. Therefore, if the user computer 400 is a Windows processor, the authentication files 306 are hidden from the user computer 400.
Completing the process of generating certificates, the master certificate 106 is stored on an installation server 110. Prior to storage, the master certificate 106 may be modified to reflect the installation certificates 104 generated, such as by setting a number of active and valid installation certificates 104 or the like.
The software product 102 will be installed from a distribution copy 300 onto a user computer 400, such as a personal computer or the like generally as illustrated in Fig. 4. Such a computer system generally comprises a microprocessor 410 connected by a bus 411 to an area of main memory 402, comprising both read only memory (ROM) 406, and random access memory (RAM) 404. A region of the ROM 406 contains a ROM BIOS (Basic Input Output System) 408 that contains, in addition to low-level device drivers and other computer code for interacting with the computer hardware and peripherals, an identification code for the user computer 400 such as a unique serial number. The microprocessor 410 is in communication, via bus 411, with a storage device 412 such as a disk storage device having means for reading a coded set of program instructions on a computer readable medium which may be loaded into the main memory 402 and executed by the microprocessor 410. Additionally, a media reader 414 is provided for reading computer program code or data from a removable storage medium 416, such as a removable disk drive, CD-ROM drive, DVD drive, or the like. The computer system typically includes means for providing a user interface, such as a keyboard 420 and a display device 422. Additional input/output devices 418 are often included in a general purpose or personal computer system.
Referring now to Fig. 5, a software product installation process is described according to the method for preventing unauthorized installation of a software product. At the outset of the installation process, a distribution copy 300 of the software product 102 is inserted into the user computer's media reader 414. The installation shell program 302 is loaded by the user computer 400, and begins execution.
The installation shell program 302 begins by locating or establishing a communication connection, via the Internet, to an installation server 110 (step 502). If no Internet connection is found, an attempt to establish Internet connectivity may be attempted, such as prompting the user to connect a modem to a telephone line, dial for dial-up Internet service, etc. If attempts to establish Internet connectivity, and communication with an installation server 110, fail, the installation shell program 302 terminates to prevent installation of the software product 102 (step 522).
If communication with the installation server 110 is established, the installation shell program 302 sends the installation certificate 104 to the installation server 110 for validation (step 504). The installation shell program 302 may send, along with the installation certificate 104, an identifier for the user computer 400 such as the BIOS serial number or another unique "thumbprint" identifying the user computer 400. Once the installation certificate 104 is received by the installation server 110 (step 506), the installation server 110 attempts to verify the installation certificate 104 (step 508). The installation certificate 104 is verified using the master certificate 106 to establish the authenticity of the installation certificate 104.
In addition to establishing the authenticity of the installation certificate 104, the installation server 110 may refer to other information contained within the master certificate 106 or to historic information recorded during previous installations to determine if an installation is authorized for the installation certificate 104. For example, the installation certificate 104 may have been created to authorize only a single, or a fixed predefined number of installations. An attempt to exceed the predefined number of authorized installations is rejected.
If the installation certificate 104 is valid, the installation server 106 establishes remote file access through the installation shell program 302 whereby the installation server 110 may read the hidden authentication files 306 from the distribution copy 300 (steps 510, 512). The installation server 110 may then read the hidden authentication files 306 to verify the file integrity of the distribution copy 300 (step 514). Recalling that the hidden authentication files 306 are UNIX files (for installation onto a Windows computer), it can be recognized that an installation server 110 using the UNIX operating system will be able to detect attempted copying of the distribution copy 300 since such copying on a Windows machine would corrupt the UNIX files. Thus, unauthorized copies of the distribution copy 300 may be detected.
Once the installation server 110 has established that 1) the received installation certificate 104 is valid; 2) distribution copy 300 is valid and not an unauthorized copy; and 3) an installation is authorized for the installation certificate 104, the installation server 110 sends an encrypted authorization code to the user computer 400 (step 514). Alternatively, if any of the checks have failed and an installation is not authorized, a message is sent accordingly to the user computer 400. The installation server may then update the master certificate 106, or a database associated with the master certificate 106, to record the installation, such as by associating the user computer's identifier with the installation certificate 104 and incrementing a count of installations (step 520). Note that, if all authorized installations for all installation certificates 104 associated with a master certificate 106 have been depleted, the installation server 110 may refuse to accept any installation certificate 104 requesting authorization or may shut down entirely.
When the user computer 400 receives the installation server's response indicating that the installation is authorized or not authorized (step 516), the installation shell program 302 continues and performs an installation of the software product 102 (step 518), or terminates to prevent installation of the software product 102 (step 522), accordingly.
In light of differing needs among corporate, public, and trial software users, products, and licensing arrangements, separate installation servers 110 may be employed to separately handle software installation for each instance. Thus, a master certificate 106 for corporate licenses of a software product 102 may be implemented on one installation server 110, while a separate master certificate 106 for public or individual licenses may be deployed on a separate installation server 110.
It is to be understood that the present invention is not limited to the embodiment described above, but encompasses any and all embodiments within the scope of the following claims.

Claims

CLAIMSWe claim:
1. A method for preventing unauthorized installation of a software product, comprising the steps of: creating a master certificate defining a plurality of licensed installations of a software product and storing the master certificate on an installation server; creating a plurality of distribution copies of the software product corresponding to the plurality of licensed installations, each of the distribution copies comprising a computer readable medium having a copy of the software product and at least one hidden authentication file stored thereon; storing on each of the distribution copies a user executable computer installation shell program comprising: a unique installation certificate; means for establishing an Internet connection with the installation server; means for sending the installation certificate to the installation server for validation; means for allowing the installation server remote file access to the hidden authentication file; means for receiving a message from the installation server indicating the validity of the installation certificate and the hidden authentication file; means for installing the software product onto the user computer; and means for permitting installation of the software product only if the message from the installation server indicates proper validity of the installation certificate and the hidden authentication file.
2. The method for preventing unauthorized installation of a software product according to claim 1, further comprising modifying the master certificate according to the installation certificates generated.
3. The method for preventing unauthorized installation of a software product according to claim 2, wherein the modifying of the master certificate further comprises setting a number of active and valid installation certificates.
4. The method for preventing unauthorized installation of a software product according to claim 1, wherein the storing of the master certificate on an installation server further comprises: storing the master certificate associated with corporate licenses of a software product on an installation server designated solely for corporate use and licensing arrangements; and, storing the master certificate associated with public and individual licenses of a software product on an installation server designated solely for public and individual use and licensing arrangements.
5. The method for preventing unauthorized installation of a software product according to claim 1, further comprising: each of the installation certificates being generated in relation to the master certificate; and, wherein the master certificate may be used for validation of each of the installation certificates.
6. The method for preventing unauthorized installation of a software product according to claim 5, further comprising: generating a unique binary code for each of the installation certificates; encrypting the unique binary code for each of the installation certificates; and, encapsulating the binary code within the shell program.
7. The method for preventing unauthorized installation of a software product according to claim 4, further comprising: including a server identifier in the installation certificate so that an appropriate installation server may be identified during installation.
8. The method for preventing unauthorized installation of a software product according to claim 1, wherein the creating of the plurality of distribution copies of the software product further comprises storing the software product in at least one program segment file.
9. The method for preventing unauthorized installation of a software product according to claim 1, wherein creating the plurality of distribution copies of the software product includes storing a plurality of hidden authentication files interleaved with the program segment files.
10. The method for preventing unauthorized installation of a software product according to claim 1, wherein the at least one hidden authentication file is stored in a format such that it is not readable by an operating system of a user computer.
11. The method for preventing unauthorized installation of a software product according to claim 10, wherein the at least one hidden authentication file is stored in a UNIX file format.
12. The method for preventing unauthorized installation of a software product according to claim 1, wherein the means for establishing an Internet connection with the installation server further comprises terminating the installation process to prevent installation of the software product if the internet connection cannot be established.
13. The method for preventing unauthorized installation of a software product according to claim 1, wherein the means for sending the installation certificate to the installation server for validation further comprises sending a unique identifier for the user computer, such as a BIOS serial number of the user computer.
14. A method implemented on an installation server computer for preventing unauthorized installation of a distribution copy of a software product on a user computer, the method comprising the steps of: accepting for storage and processing, a master certificate defining a plurality of licensed installations of a software product; allowing communication to be established with the user computer; receiving a user computer installation certificate; verifying the user computer installation certificate using the master certificate to establish the authenticity of the installation certificate; establishing remote file access to read at least one hidden authentication file on the user computer in order to verify a file integrity of the distribution copy; sending a message indicating the validity of the installation certificate and the hidden authentication file; and, wherein the validity indication directs termination of installation of the software product on the user computer if a combination of the installation certificate and the hidden authentication file cannot be properly authenticated, alternatively the validity indication authorizes the completion of the installation of the software product on the user computer if the combination of the installation certificate and the hidden authentication file can be properly authenticated. 2
15. The method implemented on an installation server computer for preventing unauthorized installation of a distribution copy of a software product on a user computer according to claim 14, wherein the step of verifying the user computer installation certificate further comprises using historic information recorded during previous installations to determine if an installation is authorized for the installation certificate.
16. The method implemented on an installation server computer for preventing unauthorized installation of a distribution copy of a software product on a user computer according to claim 14, wherein the hidden authentication file is readable by an operating system of the installation server, but not readable by an operating system of the user computer.
17. The method implemented on an installation server computer for preventing unauthorized installation of a distribution copy of a software product on a user computer according to claim 16, wherein an attempted copying of the distribution copy results in corrupting the hidden authentication file.
18. The method implemented on an installation server computer for preventing unauthorized installation of a distribution copy of a software product on a user computer according to claim 17, wherein the installation server detects whether the hidden file has been corrupted.
19. The method implemented on an installation server computer for preventing unauthorized installation of a distribution copy of a software product on a user computer according to claim 14, wherein the step of sending a message indicating the validity of the installation certificate and the hidden authentication file further comprises sending an encrypted authentication code to the user computer when the combination of the installation certificate and the hidden authentication file have been properly authenticated.
20. The method implemented on an installation server computer for preventing unauthorized installation of a distribution copy of a software product on a user computer according to claim 14, wherein the installation server updates the master certificate to record the installation activity.
PCT/US2006/008517 2005-03-16 2006-03-09 Method for preventing unauthorized installation of a software product WO2006101765A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US66207905P 2005-03-16 2005-03-16
US60/662,079 2005-03-16

Publications (2)

Publication Number Publication Date
WO2006101765A2 true WO2006101765A2 (en) 2006-09-28
WO2006101765A3 WO2006101765A3 (en) 2007-03-15

Family

ID=37024315

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2006/008517 WO2006101765A2 (en) 2005-03-16 2006-03-09 Method for preventing unauthorized installation of a software product

Country Status (1)

Country Link
WO (1) WO2006101765A2 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120216294A1 (en) * 2009-02-26 2012-08-23 International Business Machines Corporation Software Protection Using an Installation Product Having an Entitlement File
US8667604B2 (en) 2007-09-13 2014-03-04 Microsoft Corporation Protection of software on portable medium
US9245097B2 (en) 2013-09-19 2016-01-26 Infosys Limited Systems and methods for locking an application to device without storing device information on server
CN115357870A (en) * 2022-10-20 2022-11-18 杭州比智科技有限公司 Authorization control method and system based on software

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020088855A1 (en) * 2001-01-05 2002-07-11 Hodes Mark B. Point of sale activation for software and metered accounts
AU2003225052A1 (en) * 2002-04-16 2003-11-03 Sky Kruse Method and system for watermarking digital content and for introducing failure points into digital content

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8667604B2 (en) 2007-09-13 2014-03-04 Microsoft Corporation Protection of software on portable medium
CN101802835B (en) * 2007-09-13 2017-03-08 微软技术许可有限责任公司 Protection of software on portable media
US20120216294A1 (en) * 2009-02-26 2012-08-23 International Business Machines Corporation Software Protection Using an Installation Product Having an Entitlement File
US9898587B2 (en) * 2009-02-26 2018-02-20 International Business Machines Corporation Software protection using an installation product having an entitlement file
US9946848B2 (en) 2009-02-26 2018-04-17 International Business Machines Corporation Software protection using an installation product having an entitlement file
US10068064B2 (en) 2009-02-26 2018-09-04 International Business Machines Corporation Software protection using an installation product having an entitlement file
US9245097B2 (en) 2013-09-19 2016-01-26 Infosys Limited Systems and methods for locking an application to device without storing device information on server
CN115357870A (en) * 2022-10-20 2022-11-18 杭州比智科技有限公司 Authorization control method and system based on software

Also Published As

Publication number Publication date
WO2006101765A3 (en) 2007-03-15

Similar Documents

Publication Publication Date Title
AU767286B2 (en) Methods and apparatus for protecting information
EP1591865B1 (en) Method and system for limiting software updates
EP1443381B1 (en) System and method for secure software activation with volume licenses
JP4278327B2 (en) Computer platform and operation method thereof
US7742992B2 (en) Delivery of a secure software license for a software product and a toolset for creating the software product
US7747873B2 (en) Method and apparatus for protecting information and privacy
US5490216A (en) System for software registration
US20040117664A1 (en) Apparatus for establishing a connectivity platform for digital rights management
US20030149670A1 (en) Method and system for delivery of secure software license information
US20040117663A1 (en) Method for authentication of digital content used or accessed with secondary devices to reduce unauthorized use or distribution
US20040117628A1 (en) Computer readable storage medium for enhancing license compliance of software/digital content including self-activating/self-authenticating software/digital content
CA2285392A1 (en) Method and system for networked installation of uniquely customized, authenticable, and traceable software applications
WO2004015515A2 (en) System and method for authentication
WO2006101765A2 (en) Method for preventing unauthorized installation of a software product
JP2004086588A (en) Software malpractice preventing system
US7197144B1 (en) Method and apparatus to authenticate a user's system to prevent unauthorized use of software products distributed to users
JP2004171500A (en) Method for preventing unauthorized use of software program
WO2006121324A1 (en) Software activation control method
HK1084526A (en) Encryption method of application software

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: DE

NENP Non-entry into the national phase

Ref country code: RU

122 Ep: pct application non-entry in european phase

Ref document number: 06737674

Country of ref document: EP

Kind code of ref document: A2