P
USRE38375EExpiredUtilityPatentIndex 97

Method and system for the secured distribution of multimedia titles

Assignee: IBMPriority: Dec 13, 1994Filed: Apr 27, 2000Granted: Dec 30, 2003
Est. expiryDec 13, 2014(expired)· nominal 20-yr term from priority
Inventors:HERZBERG AMIRKRAWCZYK HUGO MARIOKUTTEN SHAYLE AN VANMATYAS STEPHEN MICHAELYUNG MARCEL MORDECHAY
G06F 2211/008G06F 2211/007G06F 21/10
97
PatentIndex Score
134
Cited by
26
References
38
Claims

Abstract

A method and system for detecting authorized programs within a data processing system. The present invention creates a validation structure for validating a program. The validation structure is embedded in the program and in response to an initiation of the program, a determination is made as to whether the program is an authorized program. The determination is made using the validation structure.

Claims

exact text as granted — not AI-modified
What is claimed is:  
     
       1. A method in a data processing system for detecting unauthorized programs within the data processing system, the method comprising: 
       creating a validation structure for validating a program including program data, wherein the structure includes data derived from data selected from a portion  portions of the program data including sections other than a lead-in section of the program data, which is used to determine whether the program is an unauthorized program;  
       imbedding the validation structure in the program; and  
       responsive to an initiation of the program, determining whether the program is an authorized program using the validation structure.  
     
     
       2. The method of  claim 1 , further comprising preventing execution of the program in response to a determination that the program is unauthorized. 
     
     
       3. The method of  claim 1 , further comprising permitting limited execution of the program in response to a determination that the program is unauthorized. 
     
     
       4. The method of  claim 1 , where in the determining step comprises 
       randomly selecting portions of the validation structure; and  
       determining whether the program is an unauthorized program using the randomly selected portions of the validation structure.  
     
     
       5. The method of  claim 1 , wherein the creating step comprises randomly selecting data from within the program. 
     
     
       6. The method of  claim 5 , wherein the creating step comprises: 
       randomly selecting a plurality of sections from within the program;  
       creating a cryptographic hash value for each selected section from the plurality of randomly selected sections within the program; and  
       storing the cryptographic hash value and a location value for each selected section as a data record within a validation structure, wherein the location is a location of the selected section within the program.  
     
     
       7. The method of  claim 6 , wherein the creating step further comprises: 
       creating a signature for the validation structure, wherein the signature is a cryptographic hash value calculated on the validation structure; and  
       associating the signature with the validation structure.  
     
     
       8. The method of  claim 7 , wherein the associating step comprises placing the signature within the validation structure. 
     
     
       9. The method of  claim 1 , wherein the determining step comprises: 
       randomly selecting a number of data records from within the validation structure;  
       for each randomly data selected record, creating a cryptographic hash value on the section in located indicated by the location value for the randomly selected data record; and  
       comparing the created cryptographic hash value with the hash value within the randomly selected data record.  
     
     
       10. The method of  claim 9 , wherein the determining step further comprises: 
       creating a cryptographic hash value for the validation structure; and  
       comparing the created cryptographic hash value with the signature.  
     
     
       11. A data processing system for detecting unauthorized programs within the data processing system, the data processing system comprising: 
       creation means for creating a validation structure for validating a program including program data, wherein the structure includes data derived from data selected from a portion  portions of the program data including sections other than a lead-in section of the program data, wherein the structure may be used to determine whether the program is an unauthorized program;  
       imbedding means for imbedding the validation structure in the program; and  
       determination means, responsive to an initiation of the program, for determining whether the program is an unauthorized program.  
     
     
       12. The data processing system of  claim 11 , further comprising means for preventing execution of the program in response to a determination that the program is unauthorized. 
     
     
       13. The data processing system of  claim 11 , further comprising means for permitting limited execution of the program in response to a determination that the program is unauthorized. 
     
     
       14. The data processing system of  claim 11 , wherein the determination means comprises 
       random selection means for randomly selecting portion of the validation structure; and  
       determination means for determining whether the program is an unauthorized program using the randomly selected portions of the validation structure.  
     
     
       15. The data processing system of  claim 11 , wherein the creation means comprises: 
       second random selection means for randomly selecting a plurality of sections from within the program;  
       second creation means for creating a cryptographic hash value for each selected section from the plurality of randomly selected sections within the program; and  
       storage means for storing the cryptographic hash value and a location value for each selected section as a data record within a validation structure, wherein the location is a location of the selected section within the program.  
     
     
       16. The data processing system of  claim 14 , wherein the creation means further comprises: 
       third creation means for creating a signature for the validation structure, system is calculated on the cryptographic hash value; and  
       association means for associating the signature with the validation structure.  
     
     
       17. The data processing system of  claim 16 , wherein the association means comprises placement means for placing the signature within the validation structure. 
     
     
       18. The data processing system of  claim 16 , wherein the determination means comprises: 
       random selection means for randomly selecting a number of data records from within the validation structure;  
       creations means for creating a cryptographic hash value on the section in located indicated by the location value for the randomly selected data record for each randomly data selected record; and  
       comparison means for comparing the created cryptographic hash value with the hash value within the randomly selected data record.  
     
     
       19. The data processing system of  claim 18 , wherein the determination means further comprises: 
       creation means for creating a cryptographic hash value for the validation structure; and  
       validation means for the created cryptographic hash value with the signature.  
     
     
       20. A method in a data processing system for creating a validation structure for use in validating a program, the method comprising: 
       selecting a plurality of sections including sections other than a lead-in section from within the program, each section within the plurality of sections containing program data;  
       creating a cryptographic hash value for each selected section from the program data within the plurality of selected sections within the program; and  
       storing the cryptographic hash value and a location for each selected section as a data record within a validation structure, wherein the location is a location of the selected section within the program.  
     
     
       21. The method of  claim 20 , wherein the selecting step comprises randomly selecting a plurality of sections from within the program. 
     
     
       22. The method of  claim 20 , wherein the creating step further comprises: 
       creating a signature for the validation structure, and  
       associating the signature with the validation structure.  
     
     
       23. The method of  claim 22 , wherein the associating step comprises placing the signature within the validation structure. 
     
     
       24. A data processing system for creating a validation structure for use in validating a program, the data processing system comprising: 
       random selection means for randomly selecting a plurality of sections including sections other than a lead-in section from within the program, each selected section within the plurality of randomly selected sections containing program data;  
       creation means for creating a cryptographic hash value for program data within each selected section from within the plurality of randomly selected sections within the program; and  
       storage means for storing the cryptographic hash value and a location value for each selected section as a data record within a validation structure, wherein the location is a location of the selected section within the program.  
     
     
       25. The data processing system of  claim 24 , wherein the creation means further comprises: 
       second creation means for creating a signature for the validation structure, and  
       association means for associating the signature with the validation structure.  
     
     
       26. The data processing system of  claim 25 , wherein the association means comprises placement means for placing the signature within the validation structure. 
     
     
       27. A method in a data processing system for validating a program, wherein the program includes a validation structure having a plurality of data records, wherein each data record within the plurality of data records includes a cryptographic hash value for program data within a section selected from sections including sections other than a lead-in section of the program and a location value, wherein the location value indicates a location of the selected section, the method comprising: 
       randomly selecting a number of data records from within the validation structure;  
       creating a cryptographic hash value on program data within the section in the location indicated by the location value for the randomly selected data record for each randomly selected data record; and  
       comparing the created cryptographic hash value with the hash value within the randomly selected data record.  
     
     
       28. The data processing system of  claim 27 , wherein the determination means further comprises: 
       creating a cryptographic hash value for the validation structure; and  
       validating the created cryptographic hash value with the signature.  
     
     
       29. A data processing system for validating a program, wherein the program includes a validation structure having a plurality of data records, wherein each data record within the plurality of data records includes a cryptographic hash value for program data within a section selected from sections including sections other than a lead-in section of the program and a location value, wherein the location value indicates a location of the selected section, the data processing system comprising: 
       random selection means for randomly selecting a number of data records from within the validation structure;  
       creation means for creating a cryptographic hash value on program data within the section in the location indicated by the location value for the randomly selected data record for each randomly selected data record; and  
       comparison means for comparing the created cryptographic hash value with the hash value within the randomly selected data record.  
     
     
       30. The data processing system of  claim 29 , wherein the determination means further comprises: 
       creation means for creating a cryptographic hash value for the validation structure; and  
       signature validation means for validating the created cryptographic hash value with the signature.  
     
     
       31. A storage device readable by a data processing system and encoding data processing system executable instructions comprising: 
       selections means for selecting a plurality of sections including sections other than a lead-in section from within a program containing program data;  
       creation means for creating a cryptographic hash value for program data within each selected section from the plurality of selected sections within the program; and  
       storage means for storing the cryptographic hash value and a location value for each selected section as a data record within a validation structure, wherein the location is a location of the selected section within the program, wherein the means are activated when the storage device is connected to and accessed by a data processing system.  
     
     
       32. The storage device of  claim 31 , wherein the storage device is a hard disk drive. 
     
     
       33. The storage device of  claim 31 , wherein the storage device is a ROM for use with a data processing system. 
     
     
       34. The storage device of  claim 31 , wherein the storage device is a floppy diskette. 
     
     
       35. A storage device readable by a data processing system and encoding data processing system executable instructions for validating a program, wherein the program includes a validation structure having a plurality of data records, wherein each data record within the plurality of data records includes a cryptographic hash value for program data within a section selected from sections including sections other than a lead-in section of the program and a location value, wherein the location value indicates a location of the section, the storage device comprising: 
       creation means for creating a cryptographic hash value on program data within the section in the location indicated by the location value for the randomly selected data record for each randomly selected data record; and  
       comparison means for comparing the created cryptographic hash value with the hash value within the randomly selected data record, wherein the means are activated when the storage device is connected to and accessed by a data processing system.  
     
     
       36. The storage device of  claim 35 , wherein the storage device is a hard disk drive. 
     
     
       37. The storage device of  claim 35 , wherein the storage device is a ROM for use with a data processing system. 
     
     
       38. The storage device of  claim 35 , wherein the storage device is a floppy diskette.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.