|
|
|
| United States Patent | 5745678 |
| Link to this page | http://www.wikipatents.com/5745678.html |
| Inventor(s) | Herzberg; Amir (Bronx, NY);
Krawczyk; Hugo Mario (Bronx, NY);
Kutten; Shay (Rockaway, NJ);
Le; An Van (Sunnyvale, CA);
Matyas; Stephen Michael (Poughkeepsie, NY);
Yung; Marcel Mordechay (New York, NY) |
| Abstract | A method and system for detecting authorized programs within a data
processing system. The present invention creates a validation structure
for validating a program. The validation structure is embedded in the
program and in response to an initiation of the program, a determination
is made as to whether the program is an authorized program. The
determination is made using the validation structure. |
|
|
 |
Title Information  |
|
|
|
|
|
Drawing from US Patent 5745678 |
|
|
Method and system for the secured distribution of multimedia titles |
|
|
|
|
|
| Publication Date |
April 28, 1998 |
|
|
|
|
|
| Filing Date |
August 18, 1997 |
|
|
|
|
|
|
|
|
|
|
|
| Parent Case |
This is a continuation of application Ser. No. 08/354,700, filed Dec. 13,
1994, now abandoned. |
|
|
|
|
|
|
|
|
|
|
 |
|
 |
Title Information |
|
|
|
References |
|
|
| *references marked with an asterisk below are user-added references |
 |
U.S. References |
|
|
| Add a new US reference: |
| | Reference | Relevancy | Comments | Reference | Relevancy | Comments | 5553139
Ross
705/59
Sep,1996 |  Your vote accepted
[0 after 0 votes] | | 5553143
Ross
705/59
Sep,1996 | Your vote accepted
[0 after 0 votes] | | 5535188
Dang
369/53.21
Jul,1996 | Your vote accepted
[0 after 0 votes] | | 5530751
Morris
380/202
Jun,1996 | Your vote accepted
[0 after 0 votes] | | 5485577
Eyer
Jan,1996 | Your vote accepted
[0 after 0 votes] | | 5450489
Ostrover
705/51
Sep,1995 | Your vote accepted
[0 after 0 votes] | | 5432939
Blackledge, Jr.
Jul,1995 | Your vote accepted
[0 after 0 votes] | | 5421006
Jablon
714/36
May,1995 | Your vote accepted
[0 after 0 votes] | | 5379343
Grube
455/410
Jan,1995 | Your vote accepted
[0 after 0 votes] | | 5343527
Moore
713/179
Aug,1994 | Your vote accepted
[0 after 0 votes] | | 5319705
Halter
705/54
Jun,1994 | Your vote accepted
[0 after 0 votes] | | 5276738
Hirsch
380/46
Jan,1994 | Your vote accepted
[0 after 0 votes] | | 5247575
Sprague
705/53
Sep,1993 | Your vote accepted
[0 after 0 votes] | | 5241671
Reed
707/104.1
Aug,1993 | Your vote accepted
[0 after 0 votes] | | 5231666
Matyas
705/75
Jul,1993 | Your vote accepted
[0 after 0 votes] | | 5224166
Hartman, Jr.
713/190
Jun,1993 | Your vote accepted
[0 after 0 votes] | | 5191613
Graziano
713/176
Mar,1993 | Your vote accepted
[0 after 0 votes] | | 5065429
Lang
Nov,1991 | Your vote accepted
[0 after 0 votes] | | 4908861
Brachtl
713/187
Mar,1990 | Your vote accepted
[0 after 0 votes] | | 4789863
Bush
340/5.9
Dec,1988 | Your vote accepted
[0 after 0 votes] | | 4658093
Hellman
705/52
Apr,1987 | Your vote accepted
[0 after 0 votes] | | 4309569
Merkle
713/177
Jan,1982 | Your vote accepted
[0 after 0 votes] | | 4295039
Stuckert
235/380
Oct,1981 | Your vote accepted
[0 after 0 votes] | | | | | |
|
 |
|
|
|
U.S. References |
|
|
|
Foreign References |
|
|
|
|
|
|
|
|
Foreign References |
|
|
|
Other References |
|
|
|
|
|
|
|
|
Other References |
|
|
|
|
|
|
|
References |
|
|
|
|
|
|
| Market Size |
|
Estimate the gross annual revenues of the relevant market
sector:
|
| | |
| |
|
|
| Market Share |
|
Estimate the percentage of the relevant market sector this invention will capture:
|
| | |
| |
|
|
| Reasonable Royalty |
|
What percentage of gross sales should the inventor or assignee be paid?
|
| | |
| |
|
|
|
Public's "Guesstimation" of Royalty Value
|
| Market Size | N/A | [No votes] | | x | Market Share | N/A | [No votes] | | x | Reasonable Royalty | N/A | [No votes] |
| | N/A | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Market Review |
|
|
|
Technical Review |
|
|
|
Claims |
|
|
What is claimed is:
1. A method in a data processing system for detecting unauthorized programs
within the data processing system, the method comprising:
creating a validation structure for validating a program including program
data, wherein the structure includes data derived from data selected from
a portion of the program data other than a lead-in section of the program
data, which is used to determine whether the program is an unauthorized
program;
imbedding the validation structure in the program; and
responsive to an initiation of the program, determining whether the program
is an authorized program using the validation structure.
2. The method of claim 1, further comprising preventing execution of the
program in response to a determination that the program is unauthorized.
3. The method of claim 1, further comprising permitting limited execution
of the program in response to a determination that the program is
unauthorized.
4. The method of claim 1, where in the determining step comprises
randomly selecting portions of the validation structure; and
determining whether the program is an unauthorized program using the
randomly selected portions of the validation structure.
5. The method of claim 1, wherein the creating step comprises randomly
selecting data from within the program.
6. The method of claim 5, wherein the creating step comprises:
randomly selecting a plurality of sections from within the program;
creating a cryptographic hash value for each selected section from the
plurality of randomly selected sections within the program; and
storing the cryptographic hash value and a location value for each selected
section as a data record within a validation structure, wherein the
location is a location of the selected section within the program.
7. The method of claim 6, wherein the creating step further comprises:
creating a signature for the validation structure, wherein the signature is
a cryptographic hash value calculated on the validation structure; and
associating the signature with the validation structure.
8. The method of claim 7, wherein the associating step comprises placing
the signature within the validation structure.
9. The method of claim 1, wherein the determining step comprises:
randomly selecting a number of data records from within the validation
structure;
for each randomly data selected record, creating a cryptographic hash value
on the section in located indicated by the location value for the randomly
selected data record; and
comparing the created cryptographic hash value with the hash value within
the randomly selected data record.
10. The method of claim 9, wherein the determining step further comprises:
creating a cryptographic hash value for the validation structure; and
comparing the created cryptographic hash value with the signature.
11. A data processing system for detecting unauthorized programs within the
data processing system, the data processing system comprising:
creation means for creating a validation structure for validating a program
including program data, wherein the structure includes data derived from
data selected from a portion of the program data other than a lead-in
section of the program data, wherein the structure may be used to
determine whether the program is an unauthorized program;
imbedding means for imbedding the validation structure in the program; and
determination means, responsive to an initiation of the program, for
determining whether the program is an unauthorized program.
12. The data processing system of claim 11, further comprising means for
preventing execution of the program in response to a determination that
the program is unauthorized.
13. The data processing system of claim 11, further comprising means for
permitting limited execution of the program in response to a determination
that the program is unauthorized.
14. The data processing system of claim 11, wherein the determination means
comprises
random selection means for randomly selecting portions of the validation
structure; and
determination means for determining whether the program is an unauthorized
program using the randomly selected portions of the validation structure.
15. The data processing system of claim 11, wherein the creation means
comprises:
second random selection means for randomly selecting a plurality of
sections from within the program;
second creation means for creating a cryptographic hash value for each
selected section from the plurality of randomly selected sections within
the program; and
storage means for storing the cryptographic hash value and a location value
for each selected section as a data record within a validation structure,
wherein the location is a location of the selected section within the
program.
16. The data processing system of claim 14, wherein the creation means
further comprises:
third creation means for creating a signature for the validation structure,
system is calculated on the cryptographic hash value; and
association means for associating the signature with the validation
structure.
17. The data processing system of claim 16, wherein the association means
comprises placement means for placing the signature within the validation
structure.
18. The data processing system of claim 16, wherein the determination means
comprises:
random selection means for randomly selecting a number of data records from
within the validation structure;
creation means for creating a cryptographic hash value on the section in
located indicated by the location value for the randomly selected data
record for each randomly data selected record; and
comparison means for comparing the created cryptographic hash value with
the hash value within the randomly selected data record.
19. The data processing system of claim 18, wherein the determination means
further comprises:
creation means for creating a cryptographic hash value for the validation
structure; and
validation means for the created cryptographic hash value with the
signature.
20. A method in a data processing system for creating a validation
structure for use in validating a program, the method comprising:
selecting a plurality of sections other than a lead-in section from within
the program, each section within the plurality of sections containing
program data;
creating a cryptographic hash value for each selected section from the
program data within the plurality of selected sections within the program;
and
storing the cryptographic hash value and a location for each selected
section as a data record within a validation structure, wherein the
location is a location of the selected section within the program.
21. The method of claim 20, wherein the selecting step comprises randomly
selecting a plurality of sections from within the program.
22. The method of claim 20, wherein the creating step further comprises:
creating a signature for the validation structure, and
associating the signature with the validation structure.
23. The method of claim 22, wherein the associating step comprises placing
the signature within the validation structure.
24. A data processing system for creating a validation structure for use in
validating a program, the data processing system comprising:
random selection means for randomly selecting a plurality of sections other
than a lead-in section from within the program, each selected section
within the plurality of randomly selected sections containing program
data;
creations means for creating a cryptographic hash value for program data
within each selected section from within the plurality of randomly
selected sections within the program; and
storage means for storing the cryptographic hash value and a location value
for each selected section as a data record within a validation structure,
wherein the location is a location of the selected section within the
program.
25. The data processing system of claim 24, wherein the creation means
further comprises:
second creation means for creating a signature for the validation
structure, and
association means for associating the signature with the validation
structure.
26. The data processing system of claim 25, wherein the association means
comprises placement means for placing the signature within the validation
structure.
27. A method in a data processing system for validating a program, wherein
the program includes a validation structure having a plurality of data
records, wherein each data record within the plurality of data records
includes a cryptographic hash value for program data within a section
other than a lead-in section of the program and a location value, wherein
the location value indicates a location of the section, the method
comprising:
randomly selecting a number of data records from within the validation
structure;
creating a cryptographic hash value on program data within the section in
the location indicated by the location value for the randomly selected
data record for each randomly selected data record; and
comparing the created cryptographic hash value with the hash value within
the randomly selected data record.
28. The data processing system of claim 27, wherein the determination means
further comprises:
creating a cryptographic hash value for the validation structure; and
validating the created cryptographic hash value with the signature.
29. A data processing system for validating a program, wherein the program
includes a validation structure having a plurality of data records,
wherein each data record within the plurality of data records includes a
cryptographic hash value for program data within a section other than a
lead-in section of the program and a location value, wherein the location
value indicates a location of the section, the data processing system
comprising:
random selection means for randomly selecting a number of data records from
within the validation structure;
creation means for creating a cryptographic hash value on program data
within the section in the location indicated by the location value for the
randomly selected data record for each randomly selected data record; and
comparison means for comparing the created cryptographic hash value with
the hash value within the randomly selected data record.
30. The data processing system of claim 29, wherein the determination means
further comprises:
creation means for creating a cryptographic hash value for the validation
structure; and
signature validation means for validating the created cryptographic hash
value with the signature.
31. A storage device readable by a data processing system and encoding data
processing system executable instructions comprising:
selection means for selecting a plurality of sections other than a lead-in
section from within a program containing program data;
creation means for creating a cryptographic hash value for program data
within each selected section from the plurality of selected sections
within the program; and
storage means for storing the cryptographic hash value and a location value
for each selected section as a data record within a validation structure,
wherein the location is a location of the selected section within the
program, wherein the means are activated when the storage device is
connected to and accessed by a data processing system.
32. The storage device of claim 31, wherein the storage device is a hard
disk drive.
33. The storage device of claim 31, wherein the storage device is a ROM for
use with a data processing system.
34. The storage device of claim 31, wherein the storage device is a floppy
diskette.
35. A storage device readable by a data processing system and encoding data
processing system executable instructions for validating a program,
wherein the program includes a validation structure having a plurality of
data records, wherein each data record within the plurality of data
records includes a cryptographic hash value for program data within a
section other than a lead-in section of the program and a location value,
wherein the location value indicates a location of the section, the
storage device comprising:
creation means for creating a cryptographic hash value on program data
within the section in the location indicated by the location value for the
randomly selected data record for each randomly selected data record; and
comparison means for comparing the created cryptographic hash value with
the hash value within the randomly selected data record, wherein the means
are activated when the storage device is connected to and accessed by a
data processing system.
36. The storage device of claim 35, wherein the storage device is a hard
disk drive.
37. The storage device of claim 35, wherein the storage device is a ROM for
use with a data processing system.
38. The storage device of claim 35, wherein the storage device is a floppy
diskette. |
|
|
|
|
|
|
Claims |
|
|
|
Description |
|
|
BACKGROUND OF THE INVENTION
1. Technical Field
The present invention generally relates to an improved data processing
system, and in particular to a method and system for distributing
multimedia programs. Still more particularly, the present invention
relates to a method and system for checking for authorized multimedia
programs and detecting unauthorized multimedia programs in a data
processing system.
2. Description of the Related Art
Multimedia data processing systems present information in data to a user
utilizing sound, graphics, animation, and text. Programs presenting data
and information to a user in this form are also called multimedia titles.
Typically, a software company develops and markets a software system for
the production and presentation of multimedia titles. Such a software
system is used in composing multimedia scripts for multimedia titles.
Typically, the software system includes a set of authoring tools for
producing multimedia titles by developers and a Run Time Environment (RTE)
for presenting the multimedia titles to end users. Typically, the RTE is
designed to execute on various computing platforms, which makes the
authoring tools for the software system desirable to developers.
Typically, developers pay a royalty to the software company for using the
authoring tools to develop multimedia titles to run on the RTE. But some
unscrupulous developers may produce unauthorized titles and avoid royalty
payments in producing multimedia titles for use on the RTE. Therefore, it
would be advantageous to have a method and system to allow authorized
titles to execute on a data processing system and to detect attempted
execution of unauthorized titles.
SUMMARY OF THE INVENTION
It is one object of the present invention to provide an improved data
processing system.
It is another object of the present invention to provide a method and
system for distributing multimedia programs.
It is yet another object of the present invention to provide a method and
system for checking for authorized multimedia programs and detecting
unauthorized multimedia programs in a data processing system.
The present invention provides a method and system for detecting authorized
multimedia programs within a data processing system. The present invention
creates a validation structure for validating a multimedia program. The
validation structure is embedded in the multimedia program and in response
to an initiation of the multimedia program, a determination is made as to
whether the multimedia program is an authorized multimedia program. The
determination is made using the validation structure.
In creating the validation structure, sections of the program (hereinafter
called data objects) are selected and a cryptographic hash value is
created or calculated on each of the selected data objects. The
cryptographic hash value and the location of the selected data object are
stored as a data record within the validation structure. In addition, a
signature is included or associated with the validation structure. The
signature is calculated on the validation structure using a public key
cryptographic algorithm in accordance with a preferred embodiment of the
present invention.
Determining whether a multimedia program is an authorized multimedia
program is accomplished by selecting a subset of the data objects within
the multimedia program and validating the selected data objects using the
validation structure stored in the multimedia program. This includes the
steps of randomly selecting a portion of the data objects from among a
defined set of data records listed in the validation structure, reading
the selected data objects from the multimedia program using location
information stored in the validation structure, and validating the
selected data objects using validation information stored in the
validation structure. For each selected data object, the location
information stored in the validation structure is accessed and used to
read the selected data object from the multimedia program. A cryptographic
hash value is calculated on the selected data object and then compared for
equality with a corresponding hash-value-of-reference stored in the
validation structure The hash values must be equal for the selected data
objects to be valid. In addition, the validation structure is itself
validated through the use of the signature previously calculated on the
validation structure, using a public key cryptographic algorithm, and
stored within the validation structure. If the signature, validation
structure, and subset of selected data objects are valid, the multimedia
program is considered to be an authorized multimedia program. An
authorized multimedia program is allowed to execute normally, otherwise,
execution of the multimedia program may be prohibited or limited execution
of the multimedia program may be allowed in response to a determination
that the multimedia program is not an authorized program.
The above as well as additional objectives, features, and advantages of the
present invention will become apparent in the following detailed written
description.
BRIEF DESCRIPTION OF THE DRAWINGS
The novel features believed characteristic of the invention are set forth
in the appended claims. The invention itself, however, as well as a
preferred mode of use, further objectives and advantages thereof, will
best be understood by reference to the following detailed description of
an illustrative embodiment when read in conjunction with the accompanying
drawings, wherein:
FIG. 1 depicts a data processing system in the form of a personal computer
in which the present invention can be employed;
FIG. 2 is a block diagram of a personal computer system illustrating the
various components of personal computer system in accordance with the
present invention;
FIG. 3 is a block diagram of a creation and distribution process for
multimedia titles on CD-ROM depicted in accordance with a preferred
embodiment of the present invention;
FIG. 4 is a depiction of entries in a table of contents in accordance with
a preferred embodiment of the present invention;
FIG. 5 is a block diagram of a signature token generation module, depicted
in accordance with a preferred embodiment of the present invention;
FIG. 6 is a block diagram of a signature token validation module depicted
in accordance with a preferred embodiment of the present invention;
FIG. 7 is a flowchart of a process for generating signature tokens in a
signature token generation module depicted in accordance with a preferred
embodiment of the present invention; and
FIG. 8 is a flowchart of a process for validating multimedia titles in a
validation program depicted in accordance with a preferred embodiment of
the present invention.
DETAILED DESCRIPTION OF PREFERRED EMBODIMENT
With reference now to the figures and in particular with reference to FIG.
1, a data processing system, personal computer system 10 is depicted, in
which the present invention can be employed. As shown, personal computer
system 10 comprises a number of components, which are interconnected
together. More particularly, a system unit 12 is coupled to and can drive
an optional monitor 14 (such as a conventional video display). A system
unit 12 also can be optionally coupled to input devices such as a PC
keyboard 16 or a mouse 18. Mouse 18 includes right and left buttons (not
shown). The left button is generally employed as the main selector button
and alternatively is referred to as the first mouse button or mouse button
1. The right button is typically employed to select auxiliary functions as
explained later. The right mouse button is alternatively referred to as
the second mouse button or mouse button 2. An optional output device, such
as a printer 20, also can be connected to the system unit 12. Finally,
system unit 12 may include one or more mass storage devices such as the
diskette drive 22.
As will be described below, the system unit 12 responds to input devices,
such as PC keyboard 16, the mouse 18, or local area networking interfaces.
Additionally, input/output (I/O) devices, such as floppy diskette drive
22, display 14, printer 20, and local area network communication system
are connected to system unit 12 in a manner well known. Of course, those
skilled in the art are aware that other conventional components also can
be connected to the system unit 12 for interaction therewith. In
accordance with the present invention, personal computer system 10
includes a system processor that is interconnected to a random access
memory (RAM), a read only memory (ROM), and a plurality of I/O devices.
In normal use, personal computer system 10 can be designed to give
independent computing power to a small group of users as a server or a
single user and is inexpensively priced for purchase by individuals or
small businesses. In operation, the system processor functions under an
operating system, such as IBM's OS/2 operating system or DOS. OS/2 is a
registered trademark of International Business Machines Corporation. This
type of operating system includes a Basic Input/Output System (BIOS)
interface between the I/O devices and the operating system. BIOS, which
can be stored in a ROM on a motherboard or planar, includes diagnostic
routines which are contained in a power on self test section referred to
as POST.
Prior to relating the above structure to the present invention, a summary
of the operation in general of personal computer system 10 may merit
review. Referring to FIG. 2, there is shown a block diagram of personal
computer system 10 illustrating the various components of personal
computer system 10 in accordance with the present invention. FIG. 2
further illustrates components of planar 11 and the connection of planar
11 to I/O slots 46a-46d and other hardware of personal computer system 10.
Connected to planar 11 is the system central processing unit (CPU) 26
comprised of a microprocessor which is connected by a high speed CPU local
bus 24 through a bus controlled timing unit 38 to a memory control unit 50
which is further connected to a volatile random access memory (RAM) 58.
While any appropriate microprocessor can be used for CPU 26, one suitable
microprocessor is the Pentium microprocessor, which is sold by Intel
Corporation. "Pentium" is a trademark of Intel Corporation.
While the present invention is described hereinafter with particular
reference to the system block diagram of FIG. 2, it is to be understood at
the outset of the description which follows, it is contemplated that the
apparatus and methods in accordance with the present invention may be used
with other hardware configurations of the planar board. For example, the
system processor could be an Intel 80286, 80386, or 80486 microprocessor.
These particular microprocessors can operate in a real addressing mode or
a protected addressing mode. Each mode provides an addressing scheme for
accessing different areas of the microprocessor's memory.
Returning now to FIG. 2, CPU local bus 24 (comprising data, address and
control components) provides for the connection of CPU 26, an optional
math coprocessor 27, a cache controller 28, and a cache memory 30. Also
coupled on CPU local bus 24 is a buffer 32. Buffer 32 is itself connected
to a slower speed (compared to the CPU local bus) system bus 34, also
comprising address, data and control components. System bus 34 extends
between buffer 32 and a further buffer 36. System bus 34 is further
connected to a bus control and timing unit 38 and a Direct Memory Access
(DMA) unit 40. DM | | |
