The term “digital data object” will be used with its general meaning, according to which a data object is a structured element of associated data, which can be stored temporarily on a medium or in a memory. The term “digital data object” thus encompasses executable files, such as executable programs, applications or application programs, programs in machine language or in script languages. It also includes non-executable files, such as programs in the source code, text files, database files, audio files, image files, video files or other digital contents, or general binary files such as are used by proprietary programs for storing data. Device files, such as mouse drivers or other driver files are also included. At the same time, besides these types of data objects, which remain stored after the runtime of a program and are characterized as non-volatile files or data objects, the term also refers to “live stream” data objects or data, such as streaming video data, which is held on a computer only for a certain time, frequently in volatile storage, for example the RAM.
Digital data objects such as application programs are typically protected on data processors or computers by electronic protection mechanisms such as licenses or digital rights management systems (DRM systems). In this manner, it is ensured that only registered users or users who have purchased a license are actually authorized to use a digital data object, to run an application program for example. The object underlying the invention and the solution will hereafter be described with reference to application programs but without thereby limiting its general applicability.
It is normal, for example, supply a license number or product key when installing the application program or software, and to key it into an electronic form. For the purposes of the present patent application, the terms application programs and software will be used synonymously. These are executable files that can be executed on a computer or data processing device. The terms “device, data processing device, data processor and computer” will also be used interchangeably except where otherwise indicated.
Besides the option to enter a license key during installation, it is also known to use “dongles.” A dongle is a data processing device that is connected to a computer and used as an authorization key for an application program. Dongles may have the form of USB sticks for example. The protected computer program then checks whether the corresponding dongle is present during execution or when the program is started.
It is also known to couple the software to be protected with a certain computer in order to protect software programs. When a program is started, certain components of the computer are queried automatically: their specific values, for example their serial numbers or the “MAC address” of the computer are determined. If all necessary components are present, the software is permitted to run. In this type of check, the system not only verifies that the corresponding hardware component is present, but also whether the hardware component is the one for which the license was granted. This makes it impossible for the software to be run on another computer with hardware components of the same kind. The software requires exactly the same components that were present when it was installed or when the license key was generated.
With this type of protection, as far as possible the computer or other technical device must be identifiable unambiguously and unforgeable. However, this is complicated by the fact that over time the devices undergo technical transformation due to repairs, modifications of individual components such as updates, changes in their field of use or the requirements they must satisfy. It may also happen that individual components are temporarily not present at all: for example, if the computer's operating environment changes, a second network card that was in the computer originally may have been removed. It is also possible that individual features of the computer, that is to say components, cannot be identified correctly for a period of time. This may be caused by software errors, runtime-related system limitations, or by individual components being temporarily disabled or developing short-term faults.
In many cases, the identification of individual components or a computer will relate to the licensing of digital files, application programs or software, or the evidence of warranty claims. Claims of this kind can then be processed automatically, without manual intervention.
With this type of licensing, which ensures that a licensed software product can only run on a specific computer, the owner of the right may be assured of good protection. In this way, it is ensured that the digital file cannot be installed or run on any other computer. It also provides the user with a simple way to guarantee that purchased digital files are only executable on his computer. No additional devices (such as dongles) need to be installed on the computer, and no long installation keys need to be noted and entered via the keyboard. Moreover, such a key cannot be lost because the software can be re-installed on the computer in question at any time. However, the drawback of this method is that no changes, or only extremely limited changes, can be made to the computer.
Therefore, in the prior art only a few features or components of the computer are used to guarantee this kind of protection. As a rule, not all of the components (features) that were originally installed on the computer have to be physically present. It is considered sufficient if, for example, three out of five features are present. Now combinations or permissible configurations can be determined from the originally defined features, in which for example three of five features are present. This results in a total of ten options, that is to say ten permissible configurations that must be queried and checked. A larger number of features results in a very large number of combinations, rendering the process inflexible and slow.
If protection for the rights owner is to be improved by requiring that a plurality of features must be verified, or that a smaller subset of a plurality of features must be verified, the number of combinations grows very rapidly. For example, if four out of ten components must be identical with the original components, this results in a total of 210 (=(10*9*8*7)/(4*3*2*1)) possible combinations. The number of possible configurations is calculated from the binomial coefficient of (N, k), where N is the number of originally present components and k is the number of components currently present that must match the original components. This method is therefore impractical and not commonly used.