1. Technical Field
This disclosure relates to digital rights management methods and systems. More particularly, the present disclosure relates to binding digital rights management executable code to a software application.
2. Related Art
The advent of digital distribution has created new business models for the delivery of software over the internet. One of the most widely used techniques to provide protection against illegal distribution and piracy of software is called wrapping.
Wrapping consists of adding a security and verification layer or a digital rights management layer (wrapper code) on top of an unprotected executable (host software or wrapped code henceforward) that typically verifies its associated business rules. Business rules typically include verification that the protected software has been purchased or, in the case of try and buy offerings, verification that the software is still within the trial period. Other types of digital rights management technologies can similarly be used. The most obvious benefit of performing wrapping at the executable level (vs. implementing security at the source-code level) is that the software developer does not need to worry about security when designing or implementing his or her software as wrapping does not require any source-code modifications. This results in a faster time to market.
The wrapper code (stub henceforward) verifies that a set of conditions are met when the protected executable first starts and then allows it to run normally if everything is as expected. For example, in a try-before-you-buy scenario, the wrapping code might first check the current date. If the current date is greater than the trial period's end, the software will display an expiration screen. Conversely, if the software is allowed to run, the wrapped code will be unencrypted and executed. At the moment when the host software is unencrypted, the software is vulnerable.
One of the most common attacks against wrapped software is to regenerate the original executable from the wrapped (or protected) executable. Because the original, non-secured executable contains no protection logic, it is relatively easy to dump the host software from memory and then distribute the unprotected host code throughout the Internet and Peer-to-Peer networks. This attack technique is possible because in conventional wrapping, the original wrapped executable can be easily separated from the wrapper code.
Thus, a computer-implemented method and system for binding digital rights management executable code to a software application are needed.