SYSTEM, METHOD AND APPARATUS FOR THE PREVENTION OF UNAUTHORISED DATA DOWNLOAD
Field of the Invention
The present invention relates to a system, method and apparatus for the prevention of unauthorised data download, in particular, the prevention of unauthorised software download.
Background of the Invention
It is known to download computer software from a source computer to a client computer via an infrastructure, for example, an Internet site, to a terminal. Such a system is described in US 4, 528, 643, which relates to any digital system where purchased software is downloaded to disk, or is already stored on disk, but can only be accessed with a decryption code received after electronic payment. However, bandwidth of the infrastructure is wasted if a user discovers subsequently that execution of the software is not authorised, thereby also reducing the capacity and so the effectiveness of the infrastructure. Also, the user is charged for any "air time" used to download the software, even though the software cannot be executed. Thus, once downloaded, the software is not executable by the user and so resources have been wasted. An additional inconvenience is also suffered by the user, since an un-user friendly delay will exist between initiation of the download of the software and the user becoming aware that execution of the software is not possible, especially if the software is large. These disadvantages are particularly pertinent when the software is downloaded via a radio frequency infrastructure.
DE-A1-4 404 327 discloses a system comprising a source computer and a client computer, both possessing a code. The code possessed by the source computer is transmitted to the client computer for comparison before data is downloaded from the source computer to the client computer.
A more sophisticated version of the above described code, known as a
Software Validation Certificate, can be used and can contain information
relating to system privileges possessed by the software, for example, full access to all device hardware and software function, and ability to execute only with no access to other programs, data or hardware. The certificate, or the above-described codes, are downloaded with the software; the code (as described in relation to US 4, 528, 643 and DE-A1-4 404 327) or the certificate is transmitted to the client computer and so is susceptible to fraud, for example, an individual possessing equipment to receive the code can achieve execution of the software without payment.
It is therefore an object of the present invention to obviate or mitigate the above mentioned disadvantages relating to the downloading of data.
Summary of the Invention
According to a first aspect of the present invention, there is provided a system for the prevention of unauthorised data download comprising a first communicating means capable of downloading data from a second communicating means, the first communicating means having a store for receiving a validation code and being provided with a validating means arranged to use the validating code so as to verify whether the first communicating means is authorised to download the data from the second communicating means.
According to a second aspect of the present invention, there is provided a method of preventing unauthorised download of data in a system having a first communications means capable of downloading data from a second communications means, the method comprising the steps of: obtaining a validation code, requesting download of data from the second communications means, verifying that the first communications means is authorised to download the data using the validation code.
According to a third aspect of the present invention, there is provided a data terminal apparatus comprising a communicating means for receiving data from a second communicating means, a store for receiving a validation code other than from the second communicating means, and a validating means
arranged to use the validating code to verify whether the first communications means is authorised to download data from the second communications means.
Other, preferred, features and advantages are set forth in dependent Claims 2 to 20, 23 to 29 and the following description and drawings.
It is thus possible to provide a system which, in terms of resources, increases the efficiency of the infrastructure (especially in the case of a radio frequency infrastructure), whilst preventing unauthorised reception, either directly or indirectly (by a third party), of the data downloaded. Also, it is possible to provide a reduced turn-around time between requesting download and denial of download; the turn-around time between requesting authorisation and authorisation should remain substantially unchanged.
Brief description of the Drawings
The invention will now be described in more detail, with reference to the accompanying drawings, in which:
FIG. 1 shows a system which is capable of constituting an embodiment of the present invention,
FIG. 2 is a schematic diagram of a computer constituting an embodiment of the present invention, and
FIG. 3 is a flow diagram of a method for use with the system and computer of FIG. l and FIG. 2.
Description of a Preferred Embodiment
Referring to FIG. 1, a system 100 comprises a client computer 101 located within a geographical area 107 and capable of communicating with a source computer 112. Although the client computer 101 is used in this example,
other devices can be used, for example, any remote destination device. The client computer 101 is connected to a cellular telephone 102, which is in communication with a Base Transceiver Station (BTS) 106, via a radio interface 104. It is conceivable to combine the cellular telephone 102 with the client computer 101 in a single unit. The BTS is connected to a wire line infrastructure 110, for example, an Integrated Service Digital Network (ISDN), via a cellular infrastructure 108, for example, a Global System for Mobile communication (GSM), the wire line infrastructure 110 being connected to the source computer 112 from which download of software is desired.
Although the source computer 112 has been described as being connected to the client computer 101 via a cellular infrastructure 108, other infrastructures are envisaged, for example, any wireless system, such as a Universal Mobile Telephone System (UMTS) or an infra-red system.
Alternatively, the cellular telephone 102 and the cellular infrastructure 108 can be replaced with a modem (not shown) connected directly to the wire line infrastructure 110.
The client computer 101 possesses an I/O card 204 (FIG. 2) for interfacing the client computer 101 with the cellular telephone 102. The I/O card 204 is connected to a processing unit 206, the structure and function of which is known in the art. The structure of the processing unit 206 is not considered relevant to the present invention and so will not be described in any further detail. The processing unit 206 is connected to an authorisation module 200 and a download store 208 for storing downloaded data, including software.
The authorisation module 200 is also connected to the I/O card 204 via the processing unit 206. The download store 208, a certificate store 212 and a Man Machine Interface (MMI) 210, for example, a keyboard and a display, a touch-screen or a voice recognition unit, the MMI 210 also being connected to the processing unit 206.
During normal operation (FIG. 3), a user is pre-provided with a Software Validation Certificate (SVC) from the proprietor of the source computer 112 and which is stored in the certificate store 212. Optionally, a Device
Authorisation Certificate (DAC) can also be loaded into the certificate store 212 and used to determine whether the client computer 101 is licensed, or allowed, to execute the downloaded software. When the user wishes to download software from the source computer 112, for example pre-paid software, the user instructs the client computer 101 to contact the source computer 112 using the cellular telephone 102 (step 302).
Once the source computer 112 has been contacted, the source computer enables the authorisation module 200 (step 304). This is achieved by either transmitting a Software Authorisation Agent (SAA) to the client computer for storage in the authorisation module 200, or by having the SAA pre- resident in the authorisation module 200 and activating the SAA via a message from the source computer 112. Information relating to the SVC or DAC is included within the SAA. Although, in this example, the SAA, is a computer program, or a suite of computer programs/processes, the SAA can be embodied by other techniques known in the art to validate the SVC, for example, an electronic circuit.
Once the SAA is enabled, or if appropriate, downloaded and enabled, the SAA verifies whether the SVC is valid, and so download of the software is authorised or invalid and download should be denied (step 306). If the SVC is valid, the user is advised, via the MMI 210, that download of the software is authorised (step 310) and an encrypted message is sent to the source computer 112 (step 311), after which download of the software from the source computer 112 to the client computer 101 takes place (step 312), the downloaded software being stored in the download store 208. Optionally, the downloaded software can be encrypted and the SAA can be provided with a decryption key for decrypting the encrypted software. The decryption key can be a function of the SVC or the DAC. If desirable, the SAA can perform the decryption of the downloaded encrypted software. Additionally, the source computer 112 can interrogate the client computer 101 in order to ascertain what preferences , if any, relating to the software the user might have, for example, language, configuration, or version. The user is then free to execute the software. If, however, the SVC is not valid, the user is advised, via the MMI 210, that download of the software is denied (step 308) and the source computer 112 is sent a download denied message to this
effect (step 314). The download denied message can be encrypted. Optionally, the user can be advised, via the MMI 210, as to the reason for the download being denied and any possible recommended subsequent action which can be take by the user, for example, contacting the software licensor for authorisation.
Once the user has been advised that download is denied or download has been authorised and the software downloaded, the SAA can subsequently be deleted from the authorisation module 200.
The SAA can also be empowered to validate the DAC. The DAC can optionally be downloaded from the source computer 112 to the client computer 101 with the SAA. Other authorisation tests known in the art can also be carried out by the SAA, for example, the SAA can determine whether the client computer 101 is capable of handling a software watermark which can be present in the software to be downloaded.
Although the above example has been described in the context of downloading software, it is not intended that the present invention be limited to software alone, and should include the downloading of any data, for example, text, images or music and other audio information.
Additionally, even though the source computer has been charged with the task of sending the SAA and communicating with the SAA in the above example, it is not intended that the invention be limited to this example. It is envisaged that the infrastructure being used can also handle the transmission of and communication with the SAA.
It is also conceivable to implement the above invention in the context of other digital telecommunications systems than those mentioned above, for example, a Future Public Private Land Mobile Telecommunications System (FPLMTS), a Personal Communications System (PCS), Cable Television system, or an Intelligent Transportation System (ITS).
The above embodiments can be implemented via the exchange of information between the SAA and a software environment which is resident in the client
computer 101. The interface between the SAA and the software environment can be an Application Programmers Interface (API). The existence of APIs is known in the art.