US 6,918,038 BL
`(10) Patent No:
`a2) United States Patent
`Smith et al.
`(45) Date of Patent:
`Jul. 12, 2005
`
`
`US006918038B1
`
`(54) SYSTEM AND METHOD FOR INSTALLING
`AN AUDITABLE SECURE NETWORK
`Inventors: Benjamin Hewitt Smith, NY, NY
`May as Hewitt Smith, Belmont,
`MA (US
`
`(75)
`
`(73) Assignee: Angel Secure Networks, Inc., Belmont,
`MA (US)
`
`EP
`EP
`
`FOREIGN PATENT DOCUMENTS
`0.703 531 Al
`3/1996
`0.778 512 A2
`6/1997
`OTHER PUBLICATIONS
`
`Schneier, Applied Cryptography, 1996, 2nd Edition, pp. 1-5
`and 173.*
`
`:
`(Continued)
`
`(*) Notice:
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`US.C. 154(b) by 0 days
`~~
`,
`
`.
`.
`.
`Prinary Examiner—Kim Vu .
`Assistant Examiner—Paula Klimach
`Ys
`AS
`74) Attorney, Agent, or Firm—McDermott Will & Emer
`LLP
`
`y
`
`(21) Appl. No.: 09/441,403
`(22)
`Filed:
`Nov. 16, 1999
`
`eas
`Related U.S. Application Data
`(63) Continuationanpart ° appricationNo.1/8/689.767, filedon
`ug.
`A>
`> Now Fal.
`NO.
`0,107,002.
`(60)
`Provisional application No. 60/121,959, filed on Feb. 25,
`1999, provisional application No. 60/108,868, filed on Nov.
`18, 1998, and provisional application No. 60/108,566,filed
`on Nov. 16, 1998.
`
`7
`(51)
`Tint. Cdeee ceeecteneteeeesenseneees HO4L 9/32
`(52)
`- 713/200; 709/223; 713/100
`
`(58) Field of Search .........0.0000000.. 709/203, 217-225,
`709/229; 713/100, 200; 717/176-178
`
`(56)
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`4,408,203 A
`4,658,093 A
`4,696,003 A
`4,731,880 A
`4,962,498 A
`4,999,806 A
`5,001,755 A
`5,005,122 A
`5,023,907 A
`5,155,847 A
`
`10/1983 Campbell
`4/1987 Hellman
`9/1987 Kerretal.
`3/1988 Ault etal.
`10/1990 May,Ir.
`3/1991 Chernowetal.
`3/1991 Skret
`4/1991 Griffin et al.
`6/1991 Johnsonetal.
`10/1992 Kirouacetal.
`
`(Continued)
`
`ABSTRACT
`67)
`Asystem and method for
`generating and remotely installin,
`sg
`ys
`g
`g
`:
`y
`a private secure and auditable network is provided. Node
`identification, link, and application information is input into
`a template. A generator generates components using the
`inf
`ti
`in
`the
`t
`lat
`d th
`t
`vemotel "sastalled sineay ‘nstallation <erverThecompo.
`oy lud
`& dul
`hich
`h :
`Il -
`nents inclu €
`agent mo Wes WwW. 1c]
`are eac
`insta €
`at
`predetermined target site and establish communication with
`the installation server to facilitate the download of other
`components, including application software and configura-
`tion files. Each node can only be installed once and is
`specific to a predetermined target site. For each link, a
`unique pair of keys is generated in a form which is not
`humanreadable, each key correspondsto a different direc-
`tion of communication over the link. Data transmitted
`between nodes is encrypted using public-private key pairs.
`At
`least one monitor node manages the security of the
`network, strobes keys, and may take nodes out of the
`network in the event of a security violation. In such a case,
`one or more nodes, or the entire network, may be regener-
`ated and installed anew. Throughout
`the generation and
`installation a plurality of verifications, authorizations, and
`password entries may be required by independent groups to
`arrive at the network. Preferably, the installation is audited
`by several groups, and the overall operation may be audited
`by a second monitor node to detect the presence of an
`interposed “pirate” node.
`
`58 Claims, 28 Drawing Sheets
`
`
`
`
`
`DetermineSite
`
`
`
`Information
`
`os
`‘AM Generate
`
`Node'é Public,
`
`Privata Key Pair
`|
`190
`AM Transmit
`
`Noda's Pubile Key
`to Installation
`
`Server
`4910
`AM Decrypt
`Session Key
`With Private
`
`Key & Store
`701
`
`Input Local(Sales)
`Password @ Sita
`
`
`
`
`
`
`
` onTargetSite, AM
`
`
`
`
`
`
`
`
`
`
`
`‘Trans
`Installation Server
`
`Google Exhibit 1071
`Google v. VirtaMove
`
`Google Exhibit 1071
`Google v. VirtaMove
`
`

`

`US 6,918,038 B1
`
`Page 2
`
`U.S. PATENT DOCUMENTS
`
`9/1993 Holmesetal.
`5,247,683 A
`4/1994 Rasmussenetal.
`5,301,247 A
`5/1994 Harwell et al.
`5,317,744 A
`2/1995 Hornbuckle
`5,388,211 A
`5/1995 Aziz
`5,416,842 A
`5/1995 Platt
`5,421,009 A
`8/1995 Wyman
`5,438,508 A
`9/1995 Hotka
`5,452,415 A
`2/1996 Shing etal.
`5,495,610 A
`4/1996 Schull
`5,509,070 A
`4/1996 Choudhuryetal.
`5,509,074 A
`8/1996 Jacobson
`5,548,649 A
`1/1997 Nugent
`5,594,866 A
`6/1997 Osmanetal.
`5,638,512 A
`9/1997 Elgamal
`5,671,279 A
`1/1998 Schloss
`5,706,507 A
`1/1998 Rose
`5,708,709 A
`1/1998 Levergood
`5,708,780 A
`1/1998 Hongetal.
`5,710,883 A
`3/1998 Kullick
`5,732,275 A
`4/1998 Seazholtz et al.
`5,737,706 A
`5/1998 Dalyetal.
`5,748,896 A
`10/1998 Coleyetal.
`5,826,014 A
`1/1999 Clark etal.
`5,864,747 A
`6/1999 Parkeretal.
`5,909,589 A
`10/1999 Angeloet al.
`5,974,250 A
`8/2000 Sandahlet al. «0.0.00... 709/221
`6,098,098 A *
`6,298,445 B1 * 10/2001 Shostacket al.
`............ 713/201
`6,523,166 B1 *
`2/2003 Mishra et al.
`.............. FAT/AT4
`OTHER PUBLICATIONS
`
`Udo Flohr, Electric Money, Jun. 1996, BYTE, pp. 74-84.
`Ellen Messmer, Start-up puts security SOCKS on Windows
`apps, May 20, 1996, Network World, p. 39.
`Ellen Messmer, Edify Software to Let Banks Open Doors
`Online, May 20, 1996, Network World, p. 16.
`Joanie Wexler, AT&T Sells Insurers on the Web, May 20,
`1996, Network World, p. 27.
`Set Tool Kit for Secure Commerce, Bank Systmes +Tech-
`nology, May 1996, p. 16.
`Margie Semilof, Boosting Web Business, Communications
`Week, May 20, 1996, Section: News Brief, p. 31.
`Martin Marshall, Banking on the Internet, Communications
`Week, May 20, 1996, p. 1.
`Software Taps Net for Supply Data Sharing, Electronic
`Buyers News, Apr. 22, 1996, Section: Purchasing, p. 50.
`Kim S. Nash and Lisa Picarille, Vendors Deliver IS—specific
`Apps Over the ‘Net’, Computer World, May 6, 1996,
`Section: News, p. 16.
`Jan Ozer, Online Software Stores, PC Magazine, May 28,
`1996, Section: Trends, p. 36.
`Sebastian Rupley, Digital Bucks? Stop Here, PC Magazine,
`May 28, 1996, Section: First Looks, p. 54.
`Karen Rodriguez, Pushing the Envelope, Communications
`Week, May 31, 1996, Section:Internet/Internet, p. 37.
`Diane Trommer, ECS Catalog Merges EDI/Net Platforms,
`Electronic Buyers News, May 20, 1996, Section: Purchas-
`ing, p. 54.
`Carol Sliwa, Netscape Unveils New ‘New Commerce Offer-
`ings’, Networld World, May 13, 1996, Section: Internet
`News, p. 10.
`One Click Software Via the Web, DATAMATION, May 1,
`1995, p. 16.
`Chris Jones, Licensing Plan Flows from Stream, INFO-
`WORLD, May6, 1996, Section: News.
`
`Inc., Stream, LitleNet, BBN, and
`Stream International
`KPMG Announce Industry—-Wide
`Initiative to Enable
`Wide-Scale Software Electronic Commerce, May 12, 1996,
`http:/Avww.stream.com.
`Daniel J. Bernstein, Let’s Talk: Interapplication Communi-
`cations in C+ + Using X Properties, Jan—Feb. 1996, The X
`Journal, pp. 37-44.
`C. Anthony DellaFera et al., The Zephyr Notification Ser-
`vice, Usenix Winter Conference, Feb. 9-12, 1988.
`Adam Bryant, Am I Bid Six? Click to Bid Six!, The New
`York Times, May 13, 1996, Section D1.
`Daniel Nachbar, When Network File Systems Aren’t
`Enough: Automatic Software Distribution Revisited, Sum-
`mer 1986, USENIX Tech. Conf., pp. 159-171.
`David M. Arnow, DP: A Library for Building Portable,
`Reliable Distributed Applications
`Jan.
`16-20,
`1995
`USENIX Tech. Conf, pp. 235-247.
`Thomas Eirich, Beam: A Tool for Flexible Software Update,
`Sep. 19-23, 1994, USENIX Tech Conf, pp. 75-82.
`Chris Maeda and Brian N. Bershad, Service without Servers,
`Aug. 1, 1993, IEEE, 4th IEEE Workshop on Workstation
`Operating Systems, pp. 170-176.
`Michel Dagenais, Stephane Boucher, Robert Gerin—Lajoie,
`Pierre Laplante, Pierre Mailhot, LUDE: A Distributed Soft-
`ware Library, Nov. 1-5, 1993, USENIX Tech Conf, pp.
`25-32.
`
`Walter C. Wong, Local Disk Depot—Customizing the Soft-
`ware Environment, Nov. 1-5, 1993, USENIX Tech Conf,pp.
`51-55.
`
`Steven W. Lodin, The Corporate Software Bank, Nov. 1-5,
`1993, USENIX Tech Conf, pp. 33-42.
`Murray Turnoff and Sanjit Chinai, An Electronic Informa-
`tion Marketplace, 1985, North Holland Computer Networks
`and ISDN Systems 9, pp. 79-90.
`Ken Yamada and Barbara Darrow, Electronic Distribution
`Program on Tap, Apr. 29, 1996, Computer Reseller News,
`pp, 1 and 169.
`Michael Baentsch, Georg Molter and Peter Sturm, Web-
`Make: Integrating Distributed Software Development in a
`Structure-enhanced Web, 1995, Computer Networks and
`ISDN Systems 27, pp. 789-800.
`Brian D. Noble, Morgan Price and M. Satyanarayanan, A
`Programming Interface for Application—Aware Adaptation
`in Mobile Computing, Fall 1995, USENIX Association, vol.
`8, No. 4, pp. 345-363.
`Michael B. Jones, Interposition Agents: Transparently Inter-
`posing User Codeat the System Interface, 1993, 14th ACM
`Symposium on Operating Systems Principles, pp. 80-93.
`Diane Trommer, GE/Netscape Form Software Venture,
`Electronic Buyers News, Apr. 22, 1996, Section: Online
`@EBN,p. 54.
`Ellen Messmer, Active X Pioneer Pushes Commerce, Net-
`work World, May 6, 1996, p 33.
`Takahata M. et al., Real-Time Video—On—Demand System
`based on Distributed Servers and An Agent—Oriented Appli-
`cation, vol. 2663, Jan. 31, 1996, pp. 242-251.
`Tim Clark, The Big Sell, Software Online, Apr. 22, 1996,
`Inter@ctive Week, pp. 31-35.
`Chii-Ren Tsaiet al., Distributed Audit with Secure Remote
`Procedure Calls, Oct. 1991, pp. 154-160, XP000300426.
`
`* cited by examiner
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 1 of 28
`
`US 6,918,038 BI
`
`18
`
`
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 2 of 28
`
`US 6,918,038 B1
`
`Installation
`Request
`36
`
`
`
`
`
`
`
`Credential
`Verification?
`38
`
`Input Code
`40
`
`
`
`
`
`
` RequestApplication Information
`42
`
`
`Installer
`Verified?
`41
`
`Input Billing Information
`44
`
`
`
`Billing Info
`Verified
`46
`
`48
`
`
`
`Yes
`
`50
`
`TransferInstallation Modules
`
`
`52
`
`
`
`i
`
`
`vanityGood
`4
`
`Contact
`
`Technical
`
`
`
`Department
`
`
`
`58
`
`Yes|60
`
`Future Contact Options
`62
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 3 of 28
`
`US 6,918,038 B1
`
`
` Update
`
`
`Requested
`70
`
`Request Application Information
`72
`
`Old
`Version?
`74
`
`78
`
`
`
`
`
`
`Disable
`
`
`
`Program
`94
`
`
`
`Same
`Machine?
`
`80
`
`84
`
`Check Hardware
`86
`
`
`
`Input Billing Information
`83
`
`Install New Version
`90
`
`FIG.3
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 4 of 28
`
`US 6,918,038 BI
`
`Le--—----|
`
`FIG.4
`
`
`

`

`Jul. 12, 2005
`
`U.S. Patent 1
`
`ii{iti1'1''|i1II’1i'ttI'ii'I'''|iii1!!!5!!!J!1!I1'
`
`Sheet 5 of 28
`
`US 6,918,038 BI
`
`FIG.5
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 6 of 28
`
`US 6,918,038 B1
`
`
`
`Installation
`Server 630
`
`
`Web Server
`615
`
`
`
`Generator1
`
`620
`
`
`o>OooO
`
`Template
`610
`
`Account
`Server 680
`
`
`
`
`
`
`
`

`

`Template
`610
`
`|
`
`Web Server
`615
`
`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 7 of 28
`
`US 6,918,038 BI
`
`aiOoO
`
`
`
`FIG. 6B
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 8 of 28
`
`US 6,918,038 B1
`
`TEMPLATE
`Company Network
`
`NETWORK NODES
`
`Node B-Node C
`
`Monitor 162.222.111.088
`Node A 165.108.21.10
`Node B 155.108.130.108
`Node C 155.108.111.5
`Node D 165.108.120.9
`Node E 155.108.120.52
`
`monitor
`appA pwdAs
`appB
`appA pwdCs
`appA pwdDs
`appB pwdEs
`
`612
`
`614
`
`616
`
`617A
`
`NETWORKLINKS
`
`Node A-Node B .
`Node A-Node C
`Node A-Node D
`
`FIG. 7
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 9 of 28
`
`US 6,918,038 B1
`
`802
`
`Generate
`Template
`
`lat
`T
`emprate
`
`610
`
`806
`
`804
`
`Input Template
`into Generator
`
`Build Network Components (Network Files, Node
`Configuration Files, Etc.) & Agent Modules
`
`808
`
`Store Agent Modules
`
`Add Network Components to
`Installation Server
`
`Register All Agent Moduleswith
`Installation Server
`
`816
`
`810
`
`812
`
`Node(s)
`
`
`Load (Next) Agent
`Install (next)
`
`
`
`Application Node
`Module on .
`
`
`Respective Target
`using Dual Key
`
`
`7
`Site
`Encryption
`
`814
`
`Yes——_————_
`
`No
`
`Install (Next)
`Monitor
`
`820
`
`Perform On-Site Audit
`Procedures
`
`821
`
`
`
`
`All Application
`
`NodesInstalled?
`822
`
`Audio Procedures
`
`Network Installed
`
`Audit Network
`
`
`
`825
`
`Verify Onsite
`
`
`
`Strobe Keys
`
`FIG. 8
`
`628
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 10 of 28
`
`US 6,918,038 BI
`
`Generator
`
`
`
`
`
`
`
`
`Read Template
`Network Data
`(Nodes,Links,
`. Applications)
`
`
`
`enerate Network
`G
`Information File(s)
`
`902
`
`904
`
`906
`
`908
`
`
`
`
`
`Generate 2 Keys
`
`for Each End Node
`
`in Each Link
`
`
`
`Generate Local
`
`(Sales) Passwords
`
`(Optional)
`
`
`
`
`Generate
`
`Agent
`Modules
`
`914
`
`
`
`Include Relevant
`
`
`Keys and
`
`Generate
`Passwords In
`Configuration Files
`
`
`
`Config. File for
`‘For Each Node
`
`
`Each Node
`
`
`LernerteRRTERETTTTIESCeCeASLOCEERIBee
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 11 of 28
`
`US 6,918,038 BI
`
`prevewenseremenennweraveressennaseorenteenrermereernnncoreesanannesasennny
`
`Installation Server
`
`
`
`
`
`
`
`
`
`Begin Execution of
`
`Agent Module (AM)
`
`
`on Target Site, AM
`
`
`Determine Site
`Information
`
`
`1004
`
`
`AM Generate
`
`
`Node's Public,
`Private Key Pair
`
`
`
`
`AM Decrypt
`Session Key
`
`With Private
`Key & Store
`
`
`1012
`
`
`1006
`
`AM Transmit
`Node's Public Key
`. to Installation
`Server
`
`
`
`input Local (Sales)
`Password @ Site
`(Optional)
`
`1014 °
`
`
`
`
`
`AM Store Local
`Passwords, Node
`1.D. Info.,
`Application Info,
`etc. in Message .
`
`
`1016
`
`
`
`Installation Server
`
`AM Encrypt
`Message With
`Session Key &
`Transmit to
`
`
`
`Store Node's Public Key, Generate
`Session Key, Encrypt Session Key
`with Node's Public Key & Transmit
`
`
`Session Key to Node
`
`
`
`
`1008
`
`Executing on
`Proper Target
`
`
`
`
`
`Has Agent
`
`Module
`Been Installed
`
`Previously?
`
`
`Communicate
`
`Detection of a
`
`Security
`Violation to
`
`Encrypt Configuration File
`Monitor Node
`
`
`& Application With New
`Node Public Key &
`
`Session Key & Transmit
`
`to Node
`
`
`
`FIG. 10A
`
`Lee
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 12 of 28
`
`US 6,918,038 B1
`
`ea
`
`i
`
`4
`
`
`
`i
`
`
`
`
`
`puevevreenerentesstpersssenusrtpscsenesesenruaveneroenscnennertanerenserirenrsoneatermannnegareassetanestaerrntnanenannneensesttsesetinernternententraunatareamsasengeremancaaseneaneseueuntetrereenecanesnmta
`
`
`
`Decrypt Config.
`.
`File & Application
`
`From IS with Node
`}«—
`Monitor Node
`
`i MonitorNodei ; i
`
`
`
`Private Key and
`i
`Session Key
`1028
`|
`4038
`
`
`
`Decrypt
`
`
`Message?
`Received
`
`
`
`
`
`
`
`
`Generate Connect
`
`To Monitor (Login)
`Message(incl.
`Node Name &
`
`
`Node KeyPairs)
`
`Generate Accept
`
`(Login) Message
`|
`
`
`
`Encrypt Message
`?
`(incl. Monitor Name &
`With Monitor Public
`Monitor Keys)
`
`Key & Transmit
`(Node Loggedinto
`
`Monitor)
`
`
`
`Store Relevant
`Initial Link Key
`Pairs
`
`
`Run/Install Node
`Application(s)
`
`1030
`
`1032
`
`1034
`
`-1036
`
`1046
`
`
`
`
`
`
`Encrypt Accept
`
`Message Using
`Node Public
`Key & Transmit
`
`
`
`
`
`Node
`
`Security
`
`Recognizes
`Violation
`Monitor?
`
`
`
`
`
`
`
`
`(Monitor Logged
`into Node)
`Double Login
`Complete,
`
`Connection
`Established
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 13 of 28
`
`US 6,918,038 BI
`
`renee anguenerastenesensacsnvymerenresayssescenreneneeerereeenernenteent
`
`iii
`
`i t
`
`ii
`
`ii|
`
`i i
`
`Target Site
`
`1056
`
`Input Audit
`Password
`
`
`
`Monitor Node
`
`1054
`[Prsvesrecemesrenrsereemeeranserraneanmeaneenanttenanenny
`
`StrobeMonitor -
`Node Link Keys
`
`
`Decrypt
`Password
`
`
`
`with Monitor
`Private Key
`
`
` Encrypt
`
`
`
`Audit Password
`
`Password with
`
`correct for this
`
`
`Monitor Public
`Node?
`
`
`Key & Transmit
`to Monitor
`
`
`1068
`Yes
`
`First Time Node
`Installed?
`
`1064
`
`1066
`
`
`
`
`
`
`
`
` Generate
`
`
`
`
`Acknowledgement
`Message, Encrypt
`with Node Public Key
`
`
`& Transmit to Node
`_}
`
`1072
`
`For Each Exisiting
`Node with Which
`Nodeis to be linked,
`Update Existing
`Nodes With Node
`Information (e.g.,
`Node Public Key)
`
`
`Generate Enter
`Network Message,
`Encrypt with Node
`Public Key & Transmit
`
`1074
`
`
`Key
`Installed)
`
`Decrypt
`Acknowledgement
`Message With
`Node Private Key
`
`1076
`
`Decrypt Enter
`Network
`Message With
`NodePrivate
`
`1078
`
`Connect to
`Existing
`Nodes with
`Which Node
`is to be
`Linked
`(Node
`
`FIG. 10C
`
`[resronnetersevessasessaccnerertescemsearssseaceamaereny
`Ii
`
`{ ! |j tii
`
`ii
`
`|i
`
`Account Server
`
`1070 |
`|
`
`
`
`Update Acct.
`Server to reflect
`Installation of
`New Node
`(Node
`Authenticated)
`
`| ii i {
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 14 of 28
`
`US 6,918,038 B1
`
`i
`
`M
`
`Encrypt with current Node
`Pub. Key & Xmit
`
`1102
`410471
`
`1127
`
`11147:
`
`Decrypt Msg
`
`Gen. "Ready" Msg
`
`Enervptwith current Moni)
`Pub. Key & Xmit
`
`
`
`
`
`||Current Node Session Key & |_| Gen. New Node Private,
`
`
` er
`: nnan
`
`082 :[Gen. "Get Ready to Strobe" po i
`
`Msg
`PG
`-1106
`ion
`-1108
`mt
`:
`bi
`1110
`Do
`|
`+
`|_[
`i
`io
`+1120
`Poi
`i
`4118
`Store
`i
`oi
`Gen. New Monitor
`N
`7
`Priv. & Pub. Keys
`i
`Decrypt Msg
`ew
`ict
`y
`Monitor|;
`Pub. Key||
`
`Encrypt New Monitor Pub.
`11167
`j
`Key & Msg to "Begin" with
`
`
`
`
`Xmit
`Public, & Session Keys
`
`
`1126
`
`
`1128
`
`
`
`Decrypt Msg
`
`Store New
`Node
`Session &
`
`Pub. Keys
`
`
`
`
`
`Gen. New
`Monitor
`Session Key
`1130
`
`
`Encrypt New Monitor
`
`Session Key With New Node
`
`Pub. Key & Current Node
`Gen. Msg "Ready to Change|!
`Session Key & Xmit
`
`
`Session Keys"
`
`
`
`
`
`Encrypt New Node Session
`& Pub. Keys with New
`Monitor Pub. Key & Current
`
`
`Monitor Session Key & Xmit
`
`
`1134
`Sine
`Nore
`Decrypt Msg
`Monitor
`Session Key i
`
`1132
`
`
`
`i
`
`New
`
`1144
`
`11427
`
`Decrypt Msg
`
`Gen. MsgIndicating Accep.
`of New Session Keys
`
`Encrypt Msg with New
`Monitor Pub. Key & Current
`Monitor Session Key & Xmit
`
`1146
`
`
`
`
`
`Decrypt Msg
`
`114
`
`8
`
`
`
`Encrypt with New Node
`
`Pub. Key and New Node
`Gen. Msg Acknowledging
`Session Key & Xsmit
`Use of New Session Keys||
`
`
`1154
`1156
`056}
`
`Decrypt Msg
`Strobe Complete
`
`
`
`Encrypt with New Monitor
`
`
`Pub. Key and New Monitor
`Session Key & Xmit
`
`
`
`FIG.11
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 15 of 28
`
`US 6,918,038 B1
`
`
`
`
`m"NodeA || MonitorNode||NodeB|
`625) ;
`i
`ID 2 Nodes
`i
`i
`
`
`; ||(A&B) To Strobe if |
`
`au
`|
`1204 |
`|
`
`| ||A:Connect Node|;|
`
`
`i ||B:Accept Node |
`1
`|
`1206 |
`|
`
`
`
`i ||"Get Ready To||; |
`
`
`
`1212} ||Strobe" Msg For|| | |
`
`i
`i
`id
`4
`ii
`/¢t5
`Decrypt Msg.s
`AaB
`+1220
`
`
`i Decrypt Msg.s|;' }] 1208 ip»
`
`
`
`
`
`
`|
`{/[
`Encrypt Msg to
`]]/||
`lyo20
`1214;
`
`i|Complete Msg.-s| i | Awith A's Wire
`
`
`
`i
`Hi
`i
`omplete Msg.s
`1216;
`4
`i}
`
`1224
`i
`ii
`|
`
`| i|Gen. B Ready1|Gen. A Ready Encrypt Mag to) |
`
`
`
`
`
`i
`|
`B with B's
`i
`|
`Msg
`Msg
`
`42184
`iij
`oc
`
`
`
`
`
`
`i} i[Encrypt MsgEncrypt Msg i Kanesecre | j1226
`
`
`
`
`
`
`i|with Monitors|| ||with Monitor's||| ;
`
`
`
`
`
`
`
`
`/|CurrentPub.|| |[”Monitor Gen. i:|Current Pub.
`
`
`
`
`
`
`
`Key & Xmit ii|Ack.Msg and[|| Key & Xmit
`
`
`
`
`
`
`
`
`12324 Instruction for A|ji ["| | 14232
`
`
`
`
`
`| 1|&BtoStrobe|| | pe
`
`
`
`
`
`
`
`
`
`
`
`
`
`|| Nodes Strobe||| 1|Nodes Strobe |Oo virope J: |
`
`
`|| (Steps 1114-|| ;i|(Steps1114-||| 1228
`
`
`
`
`Li
`1156),
`ii
`1156),
`
`
`
`||Connect Node Eeot to Connect Node||+»
`
`
`
`
`
`
`
`
`||As Monitor Node||| (||As Monitor Node|, |
`
`
`
`
`
`& Accept Node|| ||& Accept Node||| 1230 |
`
`
`
`
`
`
`iy
`As Node X
`7
`As Node X
`ij
`i
`ii
`i
`
`12344
`Lj
`i
`|
`11238
`
`| Strobe Complete ||Strobe Complete|
`
`Msg.
`|
`i
`Msg
`
`|
`|
`42364
`11240
`
`
`(44
`Encrypt Msg
`_ Encrypt Msg
`>
`DecryptMsg.s
`i
`
`||With Monitor's ||With Monitor's|; | |
`
`
`
`
`
`||Pub. Key & Xmit} ||1244 |||Pub. Key & Xmit||
`
`
`1246} ||[Authorize Nodes 11248
`
`
`|| Resume Data||Resume Data || || ToExchange |: ||
`
`
`
`
`
`
`
`
`
`
`
`||Transmissions Transmissions|||«~ Data Using New i>
`
`
`Keys
`i
`ToB
`Vy
`| i
`ToA
`LoLo
`
`
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 16 of 28
`
`US 6,918,038 B1
`
`Priv. & Pub.
`
`Ke
`
`
`
`
`
`
`
`[BOO ccessnrestneeetneenerienenenenentennnnnnnnete,—_penennanennnenttitennnenint
`|
`A302
`Node A (Connect
`|
`| 1308
`Node B (Accept
`“atc
`
`NodeA(Connect) Pog ( pt)
`
`
`Block Pending Xmissions ft} Decrypt MsgjrStore New|||
`
`
`(sends) to Node B NodeA||Ll
`
`
`i]
`[Block
`1304~,
`PubKey
`J
`
`Gen. New Ts|nenang ‘o 41312
`
`
`NodeA Priv.
`ub. Keys
`fy
`Node A
`|
`|i ‘4304
`1308~
`i|Encrypt New Node A Pub. Key|||: i
`
`
`:|& Msg to "Begin" with Current -— | 1316
`
`
`|| Node A Session Key &Xmit Gen.NewNodeBPriv.,[|||; ||
`
`
`
`
`|
`io
`Pub., & Session Keys
`i
`1320
`:
`13224
`Fog
`_—
`4318
`
`
`
`iT ||Encrypt New NodeSession |Store New Decrypt Msg }e#—
`
`
`
`
`
`Node B i|||& Pub. Keys with New Node| ;
`
`
`
`
`i|Session & ||A Pub. Key & Current Nodeen.New ; i
`| ASessionKey&Xmit||Pub. Keys NodeA |i ||
`
`
`
`
`
`
`Session Key]:
`i 1330
`
`1324~ Store New||3321328 | ls! Decypi Mag}!
`
`
`
`i|Persist Current Node B NodeA||i} i
`
`
`|
`Gen. Msg
`Session and Pub. Keys
`Session
`
`1328~ |}|"Readytoi Key
`
`
`
`||Encrypt New Node A Session||| ! Change Persist 1711934
`
`
`
`
`
`
`
`||Key With New Node B Pub. Key| i||| Session C :
`
`
`
`
`i
`.
`iti
`Keys"
`urrent
`i
`
`;|& Current Node B Session Key|| | y: Node A
`
`
`|
`|, \1336
`Session
`|
`& Xmit
`1340
`i:
`Key
`|
`i
`Decrypt Msg
`ae
`14338
`
`
`4342-1 i|1|Encrypt Msg with New Node| ;
`
`i|Change Node A Session Key 7] A Pub. Key & Current Node||i
`
`g
`ii
`A Session Key & Xmit
`:
`1344
`-
`1348
`
`i|Gen. Msg Confirming Use of|| [7 Decrypt Msg
`
`an
`New Keys
`1346
`Change Node B Session
`
`
`
`||Encrypt with New Node Pub. | — |
`Gen. Response Meg
`Key andNewNodeSession
`|
`74352
`
`1356 ey&Am [Confirming Use of New Keys||| |
`
`
`
`:
`2
`|
`Decrypt Msg :_||Encrypt with New Node A - 1354
`
`
`1358~ ||Pub. Key and New Node A!
`
`Strobe Complete
`'
`iol
`Session Key &Xmit
`|
`Oeeae
`
`a
`
`i
`
`Ke
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 17 of 28
`
`US 6,918,038 BI
`
`Send A, B and
`Send B, A and
`Monitor A public
`Monitor A public
`keys to Monitor B
`keys to Monitor B|No
`
`Meeeeneemeeeeeeeeeeeeeeeaaeeeeseeneeeeeenaan
`
`Node A(Connect)
`
`Are two
`monitors
`installed?
`
`Unblock
`Transmissions
`
`Unblock
`Transmissions
`
`~
`
`FIG. 13B
`
`
`
`
`

`

`i|
`
`U.S. Patent
`
`Jul. 12, 2005
`
`Node A (Connect)
`
`1376
`
`Sheet 18 of 28
`
`US 6,918,038 B1
`
`i t
`
`‘i i
`
`;i i:ti
`
`i
`
`a
`
`Node B (Accept)
`
`i
`
`1378 | ||Save New NodeBPrivate, |
`
`i
`i
`Decrypt Message
`
`
`i
`Public Key & Session Keys;
`and Node A Public &
`Session Keysin “Stage
`One"file
`
`
`
`1372
`
`|
`
`Generate
`Saving Keys
`Message
`
`1374
`
`:
`i
`
`|
`
`i
`
`
`
`
`
`
`
`Save New Node A
`
`
`Private, Public, &
`Session Keys; and
`Node B Public &
`
`
`Session Keys in
`t
`i
`"Stage One"file
`1380 |
`
`Generate Keys
`
`1382 |
`i
`
`|!
`
`i
`
`i
`i
`
`}
`
`Encrypt Message
`with New Keys &
`Transmit
`
`=
`
`i
`i
`i
`
`-
`
`1386
`
`Save Previous Node B
`Private, Public, & Session
`Keys; and Previous Node A
`Public & Session Keys in
`Stage Two" file
`
`1388
`
`
`Saved Message
`New Keys & Transmit Decrypt
`Message
`
`I i
`
`Encrypt Message with
`
`4392
`
`Decrypt Message
`
`1394
`
`
`
`ave Previous Node A
`
`Private, Public, &
`
`
`Session Keys; and
`Previous Node B Public
`
`
`& Session Keys in
`"Stage Two"file
`
`nnn a
`
`|
`
`
`
`
`
`:
`i
`
`
`
` qanssaanaranepensonnensmansstadseeensensersneeonenuseeeessnmnannantunassneensranedssamsesreneeeseseneensracecanminesmenansnnes.
`
`
`
`Generate Keys Saved
`Message
`
`1390
`
`
`
`New Keys & Transmit Cicamnsccmnererestoneerensessseenenseessanassenenscans
`
`628
`
`FIG. 13C
`
`Encrypt Message with
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 19 of 28
`
`US 6,918,038 BI
`
`
`
`OShLWO}J8PJO
`
`yomjeueuoyUeq
`
`
`
`SOPONMOMJON
`
`JOyNgSIP¢uowaEpZJOUOW|,
`
`JOINquIsIP9uowep¢JOWUOW
`
`
`
`SU!WIOMION
`
`E—JO#UOLW}uoWweepZ—-LOWUOW|
`
`ol
`
`JOJNGUISIPQ-UOWBEPZJOWNGLSIP
`
`
`
`
`Wia}sAsBulpesj--s0]NqUysIPgwesks
`
` Buipeyj—-uolusep¢JOINGUISIPQ--JOWUOLpUOLUSEP
`
`
`
`G-JOINQUISIP G-JO}IUOWUpSUE)UIEUI—JO}NQUISIP¢JUBAS
`
`
`art“Ola
`
`Vbl
`
`€
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 20 of 28
`
`US 6,918,038 BI
`
`;
`
`1502
`
`Add Agent
`Library Software
`to Bank Appl.
`
`4540
`
`BDG Obtain Password &
`Authorization to Install
`Network Definition on
`
`Model & Test
`Network in
`Test
`Environment
`
`1508
`Perform User
`Acceptance
`Testing on
`Model in UAT
`Environment
`
`1512
`
`1514
`
`Submit Source
`Code to Agent
`
`SD Audit Network
`Definition Against
`Template, Provide
`
`BDGInstalls
`Network
`Definition On
`Generator
`
`Sales Dept.
`Obtains
`Passwords &
`Authorization to
`Install Network
`
`1518
`
`1516
`
`
`
`
`
`
`
`Generator Create &
`Store Agent
`Modules, Register
`Modules, Generate
`Network
`Components
`
`1524
`
`
`
`
`
`
`1526
`
`SD Communicate
`Sales Passwords to
`SD @ Target Sites
`
`1528
`
`AD Communicate
`Audit Passwords to
`AD @ TargetSites
`
`Download Agent
`Modules, Execute
`Agent Modules
`
`1530
`
`1532
`
`
`
`
`
`SD @ Target Sites Enter
`Sales Passwords,
`Download Network
`Components
`
`1534
`
`Run Applications,
`Agent Modules
`Communicate With
`
`
`Monitor Node
`1536
`
`AD @ TargetSite
`Enter Audit
`Passwrods, Confirm
`App. Running on
`
`Software
`Installation Server
`Build Module
`Sales Passwords
`ProperSite
`
`Audit Dept. Obtains
`Passwords &
`Authorization to
`Install Network
`
`AD Audit Network
`Definition Against
`Template, Provide
`Audit Passwords
`
`1538
`
`Nodes Enter Network
`(Installed)
`0 ea
`
`FIG. 15
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 21 of 28
`
`US 6,918,038 BI
`
`
`
`FIG. 16A
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 22 of 28
`
`US 6,918,038 BI
`
`
`
`FIG. 16B
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 23 of 28
`
`US 6,918,038 BI
`
`tr<x>°a+wT
`
`1410UAT
`
`1428UAT we eeee eee ee ew wee wee
`
`FIG. 16C
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 24 of 28
`
`US 6,918,038 BI
`
`
`
`FIG. 16D
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 25 of 28
`
`US 6,918,038 BI
`
`
`
`FIG. 16E
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 26 of 28
`
`US 6,918,038 BI
`
`491‘Old
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 27 of 28
`
`US 6,918,038 BI
`
`t1t1'1'''1itJtt 1tiJ!J11 '1 {It1 1I i||A
`
`Record hash values of
`public key used by
`
`monitorat this time
`
`Main Office
`Audit Group
`
`Piace call to auditor or
`personally confirm
`auditor has visited site
`
`1752
`
`
`
`
`
`Compared auditors hash
`of public key with hash
`
`produced by Monitor
`
`
`
`
`Audit Group at Target Site
`
`1740
`
`
`
`
`
`Attargetsite, fill
`out on site audit
`
`report
`
`1742
`
`At targetsite, login to
`application
`
`1744
`
`t target site, recordin
`audit notebook the hash
`values from public keys
`
`1746
`
`At targetsite, fill out
`on-site audit report
`1748
`
`( 14411!111t1' 'tttt’JJa'ii1 \i
`
`Retum to branch
`office or main office
`
`1750
`
`Talk by telephoneorin
`person with main office
`
`.
`
`
`
`
`i1Tttt'
`
`
`
`

`

`U.S. Patent
`
`Jul. 12, 2005
`
`Sheet 28 of 28
`
`US 6,918,038 BI
`
`Monitor A
`
`1801
`
`Are these two
`monitors?
`
`Yes
`
`1802
`
`a3c©<9ca”
`£0>ox2a3a
`Monitor B
`
`Monitor B
`
`1820
`
`side of strobe
`
`1822
`
`Store data from accept
`side of strobe
`
`1824
`
`Store data from
`Monitor
`
`s there enough
`data available for
`comparison?
`
`Yes
`
`Are nodes using
`correct public keys?
`
`Security violation
`
`+
`
`
`
`
`
`
`

`

`US 6,918,038 B1
`
`1
`SYSTEM AND METHOD FOR INSTALLING
`AN AUDITABLE SECURE NETWORK
`
`RELATED APPLICATIONS
`
`This application is a continuation-in-part of U.S. patent
`application Ser. No. 08/689,767, entitled SYSTEM AND
`METHOD FOR DISTRIBUTING SOFTWARE OVER A
`
`NETWORK,filed Aug. 13, 1996 now U'S. Pat. No. 6,067,
`582, both incorporated herein by reference. This application
`claims the benefit of priority from U.S. Provisional Appli-
`cation No. 60/108,566, filed Nov. 16, 1998; U.S. Provisional
`Application 60/108,868, filed Nov. 18,1998; and U.S. Pro-
`visional Application 60/121,959, filed Feb. 25, 1999, each of
`which is incorporated herein by reference.
`
`BACKGROUND
`
`The invention relates to a system and methodfor distrib-
`uting software over a network. Moreparticularly, the inven-
`tion relates to a method for controlling software distribution
`by embedding a sub-component of the distribution control
`software in each software application, and having a central
`monitoring software for monitoring the distribution of the
`software applications.
`Digitally encoded information, or software, is one of the
`most economically important commodities of the era The
`ease and economy with which perfect copies can be made
`and distributed has promoted the spread of software and
`related technologies through traditional commercial chan-
`nels such as retail and mail-order sales. More recently,
`non-traditional distribution channels such as distribution
`over networks of interconnected computers such as the
`Internet have become more viable. These non-traditional
`distribution channels have made it difficult for software
`
`creators and copyright holders to regulate the use of their
`creations or to receive paymentand registration information
`from their users. Consequently, software producers forfeit
`substantial revenues and valuable information about their
`customer base and potential markets.
`Various security methods have been employed in an
`attemptto inhibit illegal copying of software. Such attempts
`have included software security, such as password protec-
`tion and requiring original diskettes to initiate startup, for
`example, and hardware security, such as a dongle,
`for
`example, inter alia. Further, hardware-based copy protection
`techniques, as well as those which involve modification or
`customization of executable programs, prevent software
`vendors from exploiting the non-traditional distribution net-
`worksthat are becoming a mainstay of software distribution
`in the software marketplace. Therefore,
`these protection
`methods have generally proved inadequate for large-scale
`commercial distribution of software. Thus, most large soft-
`ware companies have relied on shrink-wrap licenses and
`legal remedies to enforce their copyrights which have
`proved moderately effective.
`Another challenge to the software industry is regulating
`the installation of software. Since individual users perform
`most installations of software, the vendor has no control
`over the software installation. A user can currently purchase
`software that will not run on the user’s computer. The user
`may not know the limitations of the user’s computer hard-
`ware or may not understand the software’s hardware
`requirements. If a user purchases software and the user’s
`computer hardware is inadequate to run the software, then
`various problems are going to occur in the installation and
`execution of the software on the user’s hardware. The user
`
`will have to spend much time and effort attempting to
`
`10
`
`15
`
`20
`
`25
`
`30
`
`35
`
`40
`
`45
`
`50
`
`55
`
`60
`
`65
`
`2
`resolve the problem, often including multiple calls to the
`vendor’s technical support lines at a cost to both the vendor
`and potentially the user.
`Additionally, companies having large networkedfacilities
`can internally have thousands of networked computers
`accessible by numerouscontent servers on a single network.
`Each of the content servers can be running any of various
`operating systems as can the computers with which the
`servers are communicating. From an information manage-
`ment standpoint, maintaining such a computer base can be
`very difficult given that each user may haveto install their
`own software or, in the case of networked software, each
`server has an individual copy of networked software for a
`subset of the users.
`
`Many computer users are reluctant to purchase software
`on-line due to security issues. The possibility of piracy of the
`software and, more importantly to the user, personal infor-
`mation inhibits many users from taking advantage of this
`method of transaction. Some on-line services include secu-
`rity features for such information, but generally lack an
`ability for the user or the service to audit the security of the
`transmission. In addition, on-line services generally do not
`allow the service to keep users informed of new products
`and releases, unless the users release personal information to
`the service.
`
`In some environments, the security of the network and
`data transmitted and stored thereon is critical. Such net-
`works and environments include military, legal, business,
`and financial services. As a financial services example, an
`investment trading system may belinked to a bank custody
`and accounting system, wherein the two systems exchange
`data so that
`the bank system can provide “settlement”
`services related to the trading system’s investmenttransac-
`tions. Attempts to make such networks secure, preventing
`the theft or manipulation of data by insiders and outsiders,
`often involves using human entered passwords to gain
`access to the network. However, because such passwords
`exist in human readable form, it is possible to steal such
`passwords and gain access to the system. Such systems may
`also implement key encryption to secure the data, butif the
`system is violated through password detection or other
`means, the keys may be obtained and used, unknown to
`network administrators. As an example, a method presently
`used to protect transmission of data over a network is a
`virtual private network that uses digital certificates, which
`involves the use of various root private keys which are
`manually protected in a secure environment. If these root
`keys can be discovered or broken,
`the network can be
`compromised. These keys generally have a life of one or two
`years. If a key in one of these system is stolen, the theft
`cannot be detected. Consequently, these networks may be
`unacceptably vulnerable.
`Additionally, these networksare typically large and com-
`plex and susceptible to the inclusion of “trap doors” during
`their generation and installation. A “trap door” is hidden
`software code that allows an application to secretly send
`data to unauthorized recipients, for example. Furthermore,
`the generation andinstallation is typically l