1. Field of the Invention
The present invention relates to secure methods for distributing software and data objects, as well as to access-controlled software and data objects, and computer systems which practice or utilize any of the foregoing.
2. Description of the Prior Art
Commercial distribution of software and data (such as media files and reports) by data communication is a very rapidly growing form of commerce. It is both efficient and convenient as compared to traditional distribution methods.
Distribution of software and data on a xe2x80x9cTry and Buyxe2x80x9d basis permits the user to run or xe2x80x9cdemoxe2x80x9d the product before committing to buy it. This assumes that the software licensor or media distributor somehow exercises control over the use of the product at least until the recipient buys the right to use it. The widespread availability of data communication, especially via the Internet, also emphasizes the need for the software licensor and other media distributors to exercise control over their products.
One technique for controlling access to executables involves xe2x80x9cwrappingxe2x80x9d the executable to be controlled within a second program, termed a xe2x80x9cwrapperxe2x80x9d. In effect, the executable to be controlled and the wrapper are joined into one executable, in which the wrapper is executed first and controls access to the wrapped executable.
However, conventional software protection systems based on wrapping are easily circumvented by class attacks which destroy the security otherwise afforded by a given type of wrapper. This is achieved through a modification of only a single part of the wrapper which is identical in all wrappers of that type. Generic unprotectors can easily be obtained via the Internet.
Another form of attack is the so-called xe2x80x9cdump attackxe2x80x9d in which the attacker waits for the wrapped application to be decompressed and or decrypted in memory, and then dumps it to a hard disk in its original, unprotected state. Programs to carry out dump attacks also are easily obtained via the Internet.
A widely used security device injects new code into an existing executable in order to control access to the latter. When the executable is run, a specially-designed DLL executable is loaded for controlling access to the existing executable. The presumed xe2x80x9csecurityxe2x80x9d afforded by this scheme is circumvented by eliminating the call to the DLL or by modifying the DLL itself.
It has been proposed to package the objects with executables which carry out such control functions.
A dedicated user program is required to decrypt, decompress, and format the data for display by a monitor, and/or audio reproduction device. Consequently, it is necessary to provide a different user program for each data format which may be encountered. For example, a different program is required to play an AVI file than is used to display a BMP or JPG file.
It would, therefore, be desirable to provide methods, software and computer systems which control access to data objects, but do not require different programs to display or present objects in various formats. It would also be desirable to provide methods, software and computer which control access to executables but which are not subject to class attacks or dump attacks.
As used in this application, the following terms shall have the indicated meanings:
Software: includes both data and programming instructions.
Package: any software to be stored, accessed, loaded, assembled, prepared for transmission or received as a unit.
Object: any software to be run, utilized, or displayed as a unit.
Feature: a xe2x80x9cfeaturexe2x80x9d of an object is any function, instruction, capability or information included therein, or controlled or enabled thereby.
Computer System: includes a single computer or multiple cooperating computers, and includes one or more PC""s, mainframes, digital processors, workstation, DSP""s or a computer network or networks, or a computer internetwork.
xe2x80x9cWrappingxe2x80x9d: joining one executable with another executable in a package, one of the executables (termed the xe2x80x9cWrapperxe2x80x9d) being executed first and controlling access to the other executable.
xe2x80x9cWatermarkxe2x80x9d: includes information in software which either enables identification of an owner, licensee, distribute, or another having rights in or an obligation in connection with the software, or enables identification of a version or copy of the software. Usually, but not necessarily, the watermark is imperceptible and preferably is difficult to remove from the software.
xe2x80x9cPadding Areaxe2x80x9d: a space within a software object or package which does not contain required code or data.
In accordance with an aspect of the present invention, a method of securely distributing software with limited usage rights is provided. The method comprises: supplying software for distribution to a user, the software including access control means for preventing at least some usage thereof on a computer system without the use of a first access control code; producing the first access control code based on selected information characteristic of the predetermined computer system; and supplying the first access control code to the predetermined computer system to enable the at least some usage of the software.
In accordance with another aspect of the present invention, an executable object is provided, comprising: a first code portion comprising first predetermined instructions; and a second code portion comprising loading instructions required for loading the first code portion in a memory of a computer system to be programmed thereby, the second code portion being operative to control the computer system to erase the loading instructions from memory upon loading the first code portion in memory.
In accordance with still another aspect of the invention, a software package is provided, comprising: a first executable object, and a wrapper for the first executable object, the wrapper being operative to erase predetermined software from the first executable object when it has been loaded in running format in memory.
In accordance with a further aspect of the present invention, a computer system is provided, comprising: a processor; a memory; an instruction input device; and an executable stored in the computer system, the executable having a first code portion comprising first predetermined instructions for execution by the processor, and a second code portion including loading instructions, the processor being operative upon receipt of a predetermined instruction from the instruction input device to load the second code portion in the memory, the processor being operative under the control of the loading instructions to load the first code portion in the memory and operative under the control of the second code portion to erase the loading instructions from the memory upon loading the first code portion in memory.
In accordance with yet another aspect of the present invention, a software package comprises: a first object providing a first set of a plurality of features; a second object providing a second set of a plurality of features including some, but less than all, of the features included in the first set; and an access control portion affording selective access to the first software object and/or the second software object.
In accordance with still another aspect of the present invention, a software package is provided comprising: a first executable object, and a wrapper for the first executable object, the first executable object being operative, while running to access a feature of the wrapper; the wrapper being operative to supply the feature to the first executable object when the feature is accessed thereby.
In accordance with yet another aspect of the invention, a software package is provided comprising: a first executable object, and a wrapper for the first executable object, the first executable object being operative to call a predetermined feature external thereto; the wrapper being operative upon a call of the predetermined feature by the first executable object to transfer program execution control to a predetermined address within the wrapper to control access by the first executable object to the predetermined feature.
In accordance with a still further aspect of the present invention, a computer system is provided, comprising; a processor; a memory; an instruction input device, and a software package stored in the computer system, the software package having a first object providing a first set of a plurality of features, a second object providing a second set of a plurality of features including some, but less than all, of the features included in the first set, and an access control portion; the processor being operative to load the software package in the memory, the processor being further operative to request access to a selected one of the first and second objects in response to a predetermined instruction from the instruction input device, the access control portion being operative to selectively control access to the selected object.
In accordance with still another aspect of the invention, a software package is provided, comprising: a first object providing a first set of a plurality of features, the first object being encrypted, and a second object providing a second set of a plurality of features including some, but less than all, of the features included in the first set, the second object being unencrypted.
In accordance with yet still another aspect of the present invention, a driver executable is provided, comprising: first code for accessing a requested file from a storage device; second code for detecting the presence of a predetermined identifier in the accessed file; and decryption code for decrypting at least a portion of the accessed file in response to detection of the identifier therein.
In accordance with a still further aspect of the present invention, a software package is provided, comprising: a software object having a first set of features and a second set of features, the first set of features being encrypted and the second set of features being unencrypted; and a signature readable by a predetermined executable serving to control access to the encrypted first set of features.
In accordance with a yet still further aspect of the present invention, a computer system is provided. The computer system comprises: a processor; a memory; an instruction input device; a storage device storing a file; an operating system; a driver executable; and a device driver serving to control access to the storage device; the instruction input device being operative to input a first request for access to the file; the operating system serving to control the processor to direct a second request for the file to the driver executable in response to the first request for access; the driver executable being operative in response to the second request to control the processor to direct a third request for the file to the driver; the driver being operative in response to the third request to control the processor to read the file from the device to the memory and thereupon return control of the processor to the driver executable; the driver executable being operative upon return of control thereto to control the processor to examine the file in memory to detect the presence of a predetermined identifier in the file and to decrypt at least a portion of the file in response to detection of the predetermined identifier therein.
The foregoing, as well as further aspects of the invention and advantages thereof, will be apparent in the following detailed description of certain illustrative embodiments thereof which is to be read in connection with the accompanying drawings forming a part hereof, and wherein corresponding parts and components are identified by the same reference numerals in the several views of the drawings.