WO2008104020A1 - Device and method for detecting software piracy - Google Patents

Device and method for detecting software piracy Download PDF

Info

Publication number
WO2008104020A1
WO2008104020A1 PCT/AU2008/000249 AU2008000249W WO2008104020A1 WO 2008104020 A1 WO2008104020 A1 WO 2008104020A1 AU 2008000249 W AU2008000249 W AU 2008000249W WO 2008104020 A1 WO2008104020 A1 WO 2008104020A1
Authority
WO
WIPO (PCT)
Prior art keywords
software
operating system
list
file
types
Prior art date
Application number
PCT/AU2008/000249
Other languages
French (fr)
Inventor
Zachariah Stanborough
Original Assignee
Home Entertainment Suppliers Pty Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from AU2007901066A external-priority patent/AU2007901066A0/en
Application filed by Home Entertainment Suppliers Pty Ltd filed Critical Home Entertainment Suppliers Pty Ltd
Publication of WO2008104020A1 publication Critical patent/WO2008104020A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect

Definitions

  • the present invention relates to a device and method for detecting software piracy.
  • One way of attempting to prevent such piracy is by providing software on special or proprietary media such as discs or cartridges.
  • software on a proprietary media the number of people with access to hardware that can create copies of the software is limited compared to the number of people who can create copies of simple CD's and DVD's.
  • the present invention provides a method for determining whether software being run by an operating system on a computing system is an unauthorised copy, the method including the steps of auditing the types of files open on the operating system against a list of file types and, if the type of a file open on the operating system matches a type of file appearing in the list determining the software to be unauthorised and executing one or more response measures.
  • the operating system maintains in a memory of the computing system a handle pool in which file handles of all open files are recorded, and the step of auditing the types of files open on the operating system includes auditing all files appearing in the handle pool.
  • the list includes types of files known to be used in the distribution and/or running of unauthorised software.
  • the software includes instructions which, when the software is run by the operating system, initiate the auditing step.
  • the software may also include the list of file types.
  • the operating system includes instructions which, when the software is run by the operating system, initiate the auditing step.
  • the operating system may also include the list of file types.
  • system on which the operating system and software is being run includes a system memory accessible by the operating system and the instructions for initiating the auditing step and/or the list of file types are stored on the system memory.
  • the system memory may be an embedded memory such as a BIOS chip.
  • the one or more response measures may include discontinuing running the software, deleting the software, storing a record of the software, and/or notifying a third party via a network of the software.
  • the present invention provides software to be run by an operating system on a computing system, the software including instructions for determining whether the software is unauthorised and, if unauthorised, instructions relating to one or more response measures, wherein the instructions are configured to cause the operating system to audit the types of files open on the operating system against the types of files in a list of file types and, if the type of a file open on the computing system matches a type of file appearing in the list, causing the operating system to execute one or more response measures.
  • the list of file types is included in the software instructions, however the list of file types may be stored on a system memory accessible by the operating system.
  • the present invention provides a medium on which software is recorded, the software including instructions as discussed above.
  • the present invention provides a method for determining whether software being run by an operating system on a computing system is an unauthorised copy, the computing system including a processing system for running an operating system, a BIOS, a first memory device and a communication interface for interfacing with one or more second memory devices, wherein if the software is run from the one or more second memory devices connected to the communication interface one or more files must be opened, the method including the steps of auditing the types of files opened on the operating system against a list of file types and, if the type of a file open on the operating system matches a type of file appearing in the list determining the software to be unauthorised and executing one or more response measures.
  • the operating system maintains a handle pool in which file handles of all open files are recorded, and the step of auditing the types of files open on the operating system includes auditing all files appearing in the handle pool.
  • the list includes types of files known to be used in the distribution and/or running of unauthorised software.
  • the software includes instructions which, when the software is run by the operating system, initiate the auditing step.
  • the software may also include the list of file types.
  • the operating system includes instructions which, when the software is run by the operating system, initiate the auditing step.
  • the operating system may also include the list of file types.
  • the instructions for initiating the auditing step and/or the list of file types are stored on the BIOS.
  • the one or more response measures may include discontinuing running the software, deleting the software, storing a record of the software, and/or notifying a third party via a network of the software.
  • Figure 1 provides a simplified depiction of a generic computing system suitable for use in the preferred embodiment of the present invention
  • Figure 2 provides a flow chart of the preferred method for detecting certain types of content being run by the computing system of figure 1 ;
  • Figure 3 provides a high level flow chart of the instructions to be included in a software program or operating system in accordance with an embodiment of the invention.
  • FIG 1 a simplified depiction of a generic computing system 10 suitable for use in the embodiments of the present invention is shown.
  • the components represented in the system 10 may be found as part of any number of computing devices such as desktop computers, portable computers such as laptops, personal digital assistants (PDA's), digital book reading screens, and hand held gaming units.
  • desktop computers such as desktop computers, portable computers such as laptops, personal digital assistants (PDA's), digital book reading screens, and hand held gaming units.
  • PDA's personal digital assistants
  • digital book reading screens digital book reading screens
  • hand held gaming units hand held gaming units
  • the system 10 includes a central processing unit (CPU) 11 and a basic input output system 12 (BIOS) which stores and executes initial startup instructions to be run by the CPU 11 when the computing system is first switched on.
  • the BIOS 12 is generally provided on an embedded memory such as a BIOS chip.
  • the system 10 also includes an operating system 14 configured to execute various programmed instructions and software and control operation of the central processing unit. Amongst other things the operating system 14 controls the CPU in respect of accessing an internal memory 16, controlling input devices 18, and controlling output devices 20.
  • the input devices 18 controllable by the operating system 14 may include a keyboard or keypad 22, a communication receiver 24 such as a wireless receiver or network interface card and one or more disk readers 26 (e.g. a CD drive, DVD drive, memory card reader, cartridge reader).
  • the output devices 20 controllable by the operating system may, for example, include a screen or monitor 28, a speaker 30, a communication transmitter 32 (such as a wireless transmitter or network interface card), and disc writer 34 (such as a CD/DVD writer or memory card slot).
  • the communication receiver 24 and communication transmitter 32 may be incorporated in the same physical device for example a connection to a DSL line, as may be the disc reader 26 and disc writer 34.
  • Other input and output devices may also be used, and, of course, not all input and output devices will be available on all computing systems.
  • the software 13 In order to run software 13 on the system 10 the software 13 must be accessible to the operating system 14. This access may be achieved by storing the digital content in the internal memory 16, by making the content accessible to the operating system 14 over a network (through the communication receiver 24), or by inserting a disc/card/cartridge into an appropriate disc reader 26.
  • Operating system 14 manages file access by use of file handles and a handle pool 17. Each time a new file is opened the operating system 14 creates a file handle which uniquely identifies that file and can be used by the operating system 14 to access and manipulate that file. The operating system 14 then stores that file handle in a handle pool 17. When a file is closed the operating system removes the associated file handle from the handle pool 17. Accordingly, at any given time the open files on a system can be determined by reference to the handle pool 17.
  • a method 50 for determining whether an unauthorised copy of software 13 is being run by the operating system 14 is described.
  • the software 13 is made accessible 52 to the operating system 14.
  • a user of the system 10 then directs the software 13 to be run 54 which causes the operating system 14 to begin executing instructions contained within the software 13.
  • the software 13 includes auditing instructions along with a list of file types 15.
  • the auditing instructions cause the operating system 14 to undertake an audit 56 of files concurrently open by the operating system. This is done by review of the handle pool 17 as discussed above which provides a list of file handles by which all files open on the operating system 14 may be ascertained and accessed. While in this embodiment the list of file types 15 has been described as part of the software 13, the list of file types 15 could equally be stored elsewhere and accessed by the software 13 during the auditing process.
  • the list of file types 15 could, for example, be stored on a BIOS chip, on the memory 16 of the system 10, or be provided as part of the operating system 14.
  • the types of those files are compared 58 to the file types in the list of file types 15. If the type of an open file matches a file type appearing in the list of file types 15, the auditing instructions of the software 13 cause the operating system 14 to execute one or more response measures 60. If none of the open file types match any of the file types appearing in the list 15 the digital content continues running 62.
  • the appropriate file types to include in the list of file types 15 will depend on the intended application and target of the present invention.
  • software 13 is often illegally copied, distributed and run by providing disc images of the original version of the software.
  • images may, for example, be a .ISO file type or .CISO file type, and may be distributed either on a physical memory disc/memory card or over a network.
  • a .ISO or .CISO file that file must be opened (causing the operating system to create a file handle for that file and record it in the handle pool 17) to access the executable file relating to the software intended to be run.
  • file types included in the list could include .ISO and .CISO files, and in the event that an open file is identified as being of that type, the operating system interprets the existence of this open file as an indicator that a file from which the instructions are presently being executed is unauthorised and executes the response measures 60.
  • the response measures 60 may include instructions to log a record of the software 13 and the file type in the list that was open while the software 13 was being run. If the system 10 is, for example, connected to the internet, the instructions in the digital content may also cause the operating system 14 to send a record of this to a third party. Finally, the instructions may cease the running of the software 13 and or cause the software 13 to be deleted.
  • the software 13 is written to include instructions and a list of file types 15. While it is advantageous that the instructions 70 are written to be executed shortly or immediately on the execution of the software 13 itself, it is of course possible to include the instructions to be executed at any point during the execution of the software 13 or at multiple points.
  • the instructions should include instructions to access the handle pool 17 to obtain file handle details of currently open files 72, review the files associated with the file handles to determine their type 74, and compare 76 those file types with the list of file types 15. If a match between the currently open file types and a file type in the list 15 occurs, the instructions should further log the event 78 and then exit 80.
  • the instructions should continue processing as normal and proceed 82 the software 13 to those instructions for running the main program.
  • the following is psuedocode appropriate for use where the file handles of a system are accessed as integers. All handles from 0 to 100 inclusive are tested. If known identifier data is present at a known identifier location then a flag gets set. If this flag is found to be set after the file_handle testing has completed, then appropriate action can be taken.
  • Authorised software such as games are generally provided for the PSP on proprietary memory devices which are inserted into a device reader of the PSP to be run.
  • the PSP also, however, includes a memory stick reader which allows a user to store digital content on a memory stick and have that content read by the operating system of the PSP.
  • PSP to allow executable files to be run from a memory stick.
  • game file images such as .ISO or .CISO files
  • the operating system must first open the .ISO or .CISO file (causing the creation and recordal of a file handle) on the memory stick to be able to access the actual game executable file.
  • this executable file includes instructions which upon execution cause the operating system to audit the types of open files and compare them with a list of file types.
  • the operating system When the operating system matches the .ISO or .CISO file (which has been opened to allow access to the game) to a file in the list, it determines that the executable file is being run from a pirated copy of the game and executes appropriate response measures, for example completing the execution of the software and/or closing the file.
  • .ISO or .CISO file which has been opened to allow access to the game
  • the instructions and list of file types may be run from alternate locations.
  • the instructions may be included in the software but the list of file types stored in the internal memory 16 or even BIOS 12 of the system 10. This is advantageous in that the types of files recorded in the list may be easily updated without having to re-write the software code.
  • the software itself may not include either the list of file types or the instructions.
  • the operating system 14 or BIOS 12 would include the instructions and list in such a way that any time an executable file is run the instructions are also run.

Abstract

The present invention provides software (13) to be run by an operating system (14) on a computing system (10), the software (13) including instructions for determining whether the software (13) is unauthorised and, if unauthorised, instructions relating to one or more response measures, wherein the instructions are configured to cause the operating system (14) to audit the types of files open on the operating system (16) against the types of files in a list of file types (15) and, if the type of a file open on the computing system matches a type of file appearing in the list (15), causing the operating system (14) to execute one or more response measures (60).

Description

Device and method for detecting software piracy
Field of the invention
The present invention relates to a device and method for detecting software piracy.
Background of the invention Software is often distributed on read only memory devices. Such devices include, for example, compact discs (CD's), digital versatile discs (DVD's), and cartridges or propriety discs. It is well known that a significant problem concerning software is that of piracy and illegal copying of the software. As technology develops so too does the ability to make and distribute illegal copies of what was originally legitimately obtained digital content.
One way of attempting to prevent such piracy is by providing software on special or proprietary media such as discs or cartridges. By providing software on a proprietary media the number of people with access to hardware that can create copies of the software is limited compared to the number of people who can create copies of simple CD's and DVD's.
A further problem, however, arises in the ease and speed with which a single copy of a piece of software can be distributed to multiple people over the Internet. Due to this it takes only a single person to make a copy and make that copy available for download to reduce or negate most of the advantages associated with distribution on a proprietary disc or cartridge.
Accordingly, it would be desirable to provide a device and method to aid in the prevention of software piracy or to provide a device and method that dissuades software piracy.
Summary of the invention In one aspect the present invention provides a method for determining whether software being run by an operating system on a computing system is an unauthorised copy, the method including the steps of auditing the types of files open on the operating system against a list of file types and, if the type of a file open on the operating system matches a type of file appearing in the list determining the software to be unauthorised and executing one or more response measures.
In one embodiment, the operating system maintains in a memory of the computing system a handle pool in which file handles of all open files are recorded, and the step of auditing the types of files open on the operating system includes auditing all files appearing in the handle pool.
In one embodiment the list includes types of files known to be used in the distribution and/or running of unauthorised software.
In one embodiment, the software includes instructions which, when the software is run by the operating system, initiate the auditing step. The software may also include the list of file types.
Alternatively, the operating system includes instructions which, when the software is run by the operating system, initiate the auditing step. The operating system may also include the list of file types.
Further alternatively, the system on which the operating system and software is being run includes a system memory accessible by the operating system and the instructions for initiating the auditing step and/or the list of file types are stored on the system memory. The system memory may be an embedded memory such as a BIOS chip.
The one or more response measures may include discontinuing running the software, deleting the software, storing a record of the software, and/or notifying a third party via a network of the software.
In a second aspect the present invention provides software to be run by an operating system on a computing system, the software including instructions for determining whether the software is unauthorised and, if unauthorised, instructions relating to one or more response measures, wherein the instructions are configured to cause the operating system to audit the types of files open on the operating system against the types of files in a list of file types and, if the type of a file open on the computing system matches a type of file appearing in the list, causing the operating system to execute one or more response measures.
In one embodiment the list of file types is included in the software instructions, however the list of file types may be stored on a system memory accessible by the operating system.
In a third aspect the present invention provides a medium on which software is recorded, the software including instructions as discussed above.
In a fourth aspect the present invention provides a method for determining whether software being run by an operating system on a computing system is an unauthorised copy, the computing system including a processing system for running an operating system, a BIOS, a first memory device and a communication interface for interfacing with one or more second memory devices, wherein if the software is run from the one or more second memory devices connected to the communication interface one or more files must be opened, the method including the steps of auditing the types of files opened on the operating system against a list of file types and, if the type of a file open on the operating system matches a type of file appearing in the list determining the software to be unauthorised and executing one or more response measures.
In one embodiment, the operating system maintains a handle pool in which file handles of all open files are recorded, and the step of auditing the types of files open on the operating system includes auditing all files appearing in the handle pool.
In one embodiment the list includes types of files known to be used in the distribution and/or running of unauthorised software.
In one embodiment, the software includes instructions which, when the software is run by the operating system, initiate the auditing step. The software may also include the list of file types. Alternatively, the operating system includes instructions which, when the software is run by the operating system, initiate the auditing step. The operating system may also include the list of file types.
Further alternatively, the instructions for initiating the auditing step and/or the list of file types are stored on the BIOS.
The one or more response measures may include discontinuing running the software, deleting the software, storing a record of the software, and/or notifying a third party via a network of the software.
Further aspects of the present invention, which should be considered in all its novel aspects, will become apparent from the following description.
Brief description of the drawings
The invention will now be described with reference to the accompanying drawings which show embodiments of the invention. It is to be understood, however, that the invention is not limited to the features of the embodiments shown in the drawings in which:
Figure 1 provides a simplified depiction of a generic computing system suitable for use in the preferred embodiment of the present invention;
Figure 2 provides a flow chart of the preferred method for detecting certain types of content being run by the computing system of figure 1 ; and
Figure 3 provides a high level flow chart of the instructions to be included in a software program or operating system in accordance with an embodiment of the invention.
Detailed description of the embodiments
Referring to figure 1 , a simplified depiction of a generic computing system 10 suitable for use in the embodiments of the present invention is shown. The components represented in the system 10 may be found as part of any number of computing devices such as desktop computers, portable computers such as laptops, personal digital assistants (PDA's), digital book reading screens, and hand held gaming units.
The system 10 includes a central processing unit (CPU) 11 and a basic input output system 12 (BIOS) which stores and executes initial startup instructions to be run by the CPU 11 when the computing system is first switched on. The BIOS 12 is generally provided on an embedded memory such as a BIOS chip. The system 10 also includes an operating system 14 configured to execute various programmed instructions and software and control operation of the central processing unit. Amongst other things the operating system 14 controls the CPU in respect of accessing an internal memory 16, controlling input devices 18, and controlling output devices 20.
The input devices 18 controllable by the operating system 14 may include a keyboard or keypad 22, a communication receiver 24 such as a wireless receiver or network interface card and one or more disk readers 26 (e.g. a CD drive, DVD drive, memory card reader, cartridge reader). The output devices 20 controllable by the operating system may, for example, include a screen or monitor 28, a speaker 30, a communication transmitter 32 (such as a wireless transmitter or network interface card), and disc writer 34 (such as a CD/DVD writer or memory card slot). In the physical system the communication receiver 24 and communication transmitter 32 may be incorporated in the same physical device for example a connection to a DSL line, as may be the disc reader 26 and disc writer 34. Other input and output devices may also be used, and, of course, not all input and output devices will be available on all computing systems.
In order to run software 13 on the system 10 the software 13 must be accessible to the operating system 14. This access may be achieved by storing the digital content in the internal memory 16, by making the content accessible to the operating system 14 over a network (through the communication receiver 24), or by inserting a disc/card/cartridge into an appropriate disc reader 26.
Operating system 14 manages file access by use of file handles and a handle pool 17. Each time a new file is opened the operating system 14 creates a file handle which uniquely identifies that file and can be used by the operating system 14 to access and manipulate that file. The operating system 14 then stores that file handle in a handle pool 17. When a file is closed the operating system removes the associated file handle from the handle pool 17. Accordingly, at any given time the open files on a system can be determined by reference to the handle pool 17.
Referring now to figure 2, a method 50 for determining whether an unauthorised copy of software 13 is being run by the operating system 14 is described. As an initial step, and as discussed above, the software 13 is made accessible 52 to the operating system 14. Through the operating system 14 a user of the system 10 then directs the software 13 to be run 54 which causes the operating system 14 to begin executing instructions contained within the software 13.
As discussed below, the software 13 includes auditing instructions along with a list of file types 15. When the digital content is run 54 the auditing instructions cause the operating system 14 to undertake an audit 56 of files concurrently open by the operating system. This is done by review of the handle pool 17 as discussed above which provides a list of file handles by which all files open on the operating system 14 may be ascertained and accessed. While in this embodiment the list of file types 15 has been described as part of the software 13, the list of file types 15 could equally be stored elsewhere and accessed by the software 13 during the auditing process. The list of file types 15 could, for example, be stored on a BIOS chip, on the memory 16 of the system 10, or be provided as part of the operating system 14.
Once the concurrently open files are identified, the types of those files are compared 58 to the file types in the list of file types 15. If the type of an open file matches a file type appearing in the list of file types 15, the auditing instructions of the software 13 cause the operating system 14 to execute one or more response measures 60. If none of the open file types match any of the file types appearing in the list 15 the digital content continues running 62.
The appropriate file types to include in the list of file types 15 will depend on the intended application and target of the present invention. For example, software 13 is often illegally copied, distributed and run by providing disc images of the original version of the software. Such images may, for example, be a .ISO file type or .CISO file type, and may be distributed either on a physical memory disc/memory card or over a network. In order to run a .ISO or .CISO file that file must be opened (causing the operating system to create a file handle for that file and record it in the handle pool 17) to access the executable file relating to the software intended to be run.
In light of this the file types included in the list could include .ISO and .CISO files, and in the event that an open file is identified as being of that type, the operating system interprets the existence of this open file as an indicator that a file from which the instructions are presently being executed is unauthorised and executes the response measures 60.
The response measures 60 may include instructions to log a record of the software 13 and the file type in the list that was open while the software 13 was being run. If the system 10 is, for example, connected to the internet, the instructions in the digital content may also cause the operating system 14 to send a record of this to a third party. Finally, the instructions may cease the running of the software 13 and or cause the software 13 to be deleted.
Referring to figure 3, and as mentioned above, the software 13 is written to include instructions and a list of file types 15. While it is advantageous that the instructions 70 are written to be executed shortly or immediately on the execution of the software 13 itself, it is of course possible to include the instructions to be executed at any point during the execution of the software 13 or at multiple points. The instructions should include instructions to access the handle pool 17 to obtain file handle details of currently open files 72, review the files associated with the file handles to determine their type 74, and compare 76 those file types with the list of file types 15. If a match between the currently open file types and a file type in the list 15 occurs, the instructions should further log the event 78 and then exit 80. If no match between the types of files open and the types of files in the list of file types 15 occurs, the instructions should continue processing as normal and proceed 82 the software 13 to those instructions for running the main program. The following is psuedocode appropriate for use where the file handles of a system are accessed as integers. All handles from 0 to 100 inclusive are tested. If known identifier data is present at a known identifier location then a flag gets set. If this flag is found to be set after the file_handle testing has completed, then appropriate action can be taken.
Begin copy_detected_flag := 0 file_handle := 0 loop while(file_handle <= 100) seek(file_handle, known_identifierjocation) test_identifier := read(file_handle, known identifier size) if(test_identifier = knownjdentifier) copy_detected_flag := 1 break from loop end if file_handle := filejiandle + 1 endloop if(copy_detected_flag = 1 ) respond to detected copy endif
Use of the method in relation to a PlayStation® Portable (PSP) handheld gaming device from Sony® will now be described by way of a specific but non-limiting example.
Authorised software such as games are generally provided for the PSP on proprietary memory devices which are inserted into a device reader of the PSP to be run. The PSP also, however, includes a memory stick reader which allows a user to store digital content on a memory stick and have that content read by the operating system of the PSP.
A common way of obtaining and running pirated games is by modifying the BIOS of the
PSP to allow executable files to be run from a memory stick. Once this modification has occurred, users can upload game file images (such as .ISO or .CISO files) onto a memory stick and run the game from the memory stick reader. When the game is run from the memory stick reader the operating system must first open the .ISO or .CISO file (causing the creation and recordal of a file handle) on the memory stick to be able to access the actual game executable file. As discussed above, this executable file includes instructions which upon execution cause the operating system to audit the types of open files and compare them with a list of file types. When the operating system matches the .ISO or .CISO file (which has been opened to allow access to the game) to a file in the list, it determines that the executable file is being run from a pirated copy of the game and executes appropriate response measures, for example completing the execution of the software and/or closing the file.
While the above has been described with the instructions and list of file types being included in a software program, it will be appreciated that the instructions and/or list may be run from alternate locations. For example, the instructions may be included in the software but the list of file types stored in the internal memory 16 or even BIOS 12 of the system 10. This is advantageous in that the types of files recorded in the list may be easily updated without having to re-write the software code.
Alternatively, the software itself may not include either the list of file types or the instructions. In this case the operating system 14 or BIOS 12 would include the instructions and list in such a way that any time an executable file is run the instructions are also run.
It will be understood that the invention disclosed and defined in this specification extends to all alternative combinations of two or more of the individual features mentioned or evident from the text or drawings. All of these different combinations constitute various alternative aspects of the invention.

Claims

1. A method for determining whether software being run by an operating system on a computing system is an unauthorised copy, the method including the steps of auditing the types of files open on the operating system against a list of file types and, if the type of a file open on the operating system matches a type of file appearing in the list of file types determining the software to be unauthorised and executing one or more response measures.
2. A method according to claim 1 , wherein the operating system maintains in a memory of the computing system a handle pool in which file handles of all open files are recorded, and the step of auditing the types of files open on the operating system includes auditing all files appearing in the handle pool.
3. A method according to either claim 1 or claim 2, wherein the list of file types includes types of files known to be used in the distribution and/or running of unauthorised software.
4. A method according to any one of the preceding claims, wherein the software further includes instructions which, when the software is run by the operating system, initiate the auditing step.
5. A method according to any one of claims 1 to 3, wherein the operating system includes instructions which, when the software is run by the operating system, initiate the auditing step.
6. A method according to any one of the preceding claims, wherein the software includes the list of file types.
7. A method according to any one of claims 1 to 4, wherein the operating system includes the list of file types.
8. A method according to any one of claims 1, 2, 3, 5, or 7, wherein the system on which the operating system and software is run includes a system memory accessible by the operating system, and the instructions for initiating the auditing step and/or the list of file types are stored on the system memory.
9. A method according to claim 8, wherein the system memory is an embedded memory.
10. A method according to claim 8 wherein the embedded memory is a BIOS chip.
11. A method according to any one of the preceding claims, wherein the one or more response measures are selected from the list: discontinuing running the software; deleting the software; storing a record of the software; and/or notifying a third party via a network of the software.
12. Software to be run by an operating system on a computing system, the software including instructions which when run determine whether the software is unauthorised and, if unauthorised, instructions relating to one or more response measures, wherein the instructions are configured to cause the operating system to audit the types of files open on the operating system against the types of files in a list of file types and, if the type of a file open on the computing system matches a type of file appearing in the list, cause the operating system to execute one or more response measures.
13. Software according to claim 12, wherein the list of file types is included in the software instructions
14. Software according to claim 12, wherein the list of file types is stored on a system memory accessible by the operating system.
15. Software according to claim 14, wherein the system memory is an embedded memory.
16. Software according to claim 15, wherein the embedded memory is a BIOS chip.
17. Software according to any one of claims 12 to 16, wherein the one or more response measures are selected from the list: discontinuing running the software; deleting the software; storing a record of the software; and/or notifying a third party via a network of the software.
18. A medium on which software according to any one of claims 12 to 17 is recorded.
19. A method for determining whether software being run by an operating system on a computing system is an unauthorised copy, the computing system including
a processing system for running an operating system,
a BIOS,
a first memory device and a communication interface for interfacing with one or more second memory devices, wherein if the software is run from a said second memory device, one or more files is be opened, the method including auditing the types of files opened on the operating system against a list of file types and, if the type of a file open on the operating system matches a type of file appearing in the list, determining the software to be unauthorised and executing one or more response measures.
20. A method according to claim 19, wherein the operating system maintains a handle pool in which file handles of all open files are recorded, and the step of auditing the types of files open on the operating system includes auditing all files appearing in the handle pool.
21. A method according to claim 19 or 20, wherein the list of file types includes types of files known to be used in the distribution and/or running of unauthorised software.
22. A method according to any one of claims 19 to 21 , wherein the software further includes instructions which, when the software is run by the operating system, initiate the auditing step.
23. A method according to any one of claims 19 to 21 , wherein the operating system includes instructions which, when the software is run by the operating system, initiate the auditing step.
24. A method according to any one of the claims 19 to 23, wherein the software includes the list of file types.
25. A method according to any one of claims 19 to 23, wherein the operating system includes the list of file types.
26. A method according to any one of claims 19, 20, 21 , 23, or 25, wherein the system on which the operating system and software is run includes a system memory accessible by the operating system, and the instructions for initiating the auditing step and/or the list of file types are stored on the system memory.
27. A method according to claim 26, wherein the system memory is an embedded memory.
28. A method according to claim 27 wherein the embedded memory is a BIOS chip.
29. A method according to any of claims 19 to 28, wherein the one or more response measures are selected from the list of: discontinuing running the software; deleting the software; storing a record of the software; and/or notifying a third party via a network of the software.
30. A method according to any one of claims 1 to 11 or 19 to 33, wherein the list of file types includes ISO and/or CISO file types.
31. Software according to any one of claims 12 to 17, wherein the list of file types includes ISO and/or CISO file types.
PCT/AU2008/000249 2007-03-01 2008-02-26 Device and method for detecting software piracy WO2008104020A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AU2007901066A AU2007901066A0 (en) 2007-03-01 Device and method for detecting software piracy
AU2007901066 2007-03-01

Publications (1)

Publication Number Publication Date
WO2008104020A1 true WO2008104020A1 (en) 2008-09-04

Family

ID=39720786

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2008/000249 WO2008104020A1 (en) 2007-03-01 2008-02-26 Device and method for detecting software piracy

Country Status (1)

Country Link
WO (1) WO2008104020A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5483658A (en) * 1993-02-26 1996-01-09 Grube; Gary W. Detection of unauthorized use of software applications in processing devices
US20020099952A1 (en) * 2000-07-24 2002-07-25 Lambert John J. Policies for secure software execution
US20040133801A1 (en) * 2001-10-30 2004-07-08 Bernardo Pastorelli Computer implemented method and system for controlling use of digitally encoded products
US20060179486A1 (en) * 2000-06-14 2006-08-10 Reuben Bahar Method and system for prevention of piracy of a given software application via a communications network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5483658A (en) * 1993-02-26 1996-01-09 Grube; Gary W. Detection of unauthorized use of software applications in processing devices
US20060179486A1 (en) * 2000-06-14 2006-08-10 Reuben Bahar Method and system for prevention of piracy of a given software application via a communications network
US20020099952A1 (en) * 2000-07-24 2002-07-25 Lambert John J. Policies for secure software execution
US20040133801A1 (en) * 2001-10-30 2004-07-08 Bernardo Pastorelli Computer implemented method and system for controlling use of digitally encoded products

Similar Documents

Publication Publication Date Title
US7743422B2 (en) System and method for validating a computer platform when booting from an external device
US7761927B2 (en) Apparatus and method for monitoring and controlling access to data on a computer readable medium
RU2637997C1 (en) System and method of detecting malicious code in file
US8117608B1 (en) System and method of providing mobility to personal computers
US8688584B2 (en) Electronic gaming machine security for software stored in nonvolatile media
TWI466019B (en) Method, computer readable medium, and system for multifaceted system capabilities analysis
US7475203B1 (en) Methods and systems for enabling non-destructive erasure of data
US20100306552A1 (en) Systems and methods for preventing unauthorized use of digital content
US8376859B2 (en) Online game provision system using storage medium and method thereof
EP2270703A2 (en) Systems and methods for providing conditional authorization to operate licensed software
TWI324349B (en) Secure protable storage device and control method for the same
US20130007396A1 (en) Method for protecting digital contents of a solid state memory
US20040078497A1 (en) Method and apparatus for detecting configuration change
Raggi et al. Beginning ubuntu linux
US20090307536A1 (en) Method for protecting software programs
US20090126027A1 (en) File accessing and retrieval using soft digital rights management technology
WO2008104020A1 (en) Device and method for detecting software piracy
JP2008234539A (en) Information processing apparatus, file processing method and program
WO2016002121A1 (en) Content management system, content management server and management program for server, client terminal and management program for terminal, and removable media
JP2011107956A (en) Computer system
AU2002219852B2 (en) Systems and methods for preventing unauthorized use of digital content
CN109413414A (en) A kind of silence based on android system is taken pictures detection method
CN101373452A (en) Method for testing hard disk read-write operations
KR20090072383A (en) System and method for providing online game using storage media
Colangelo Digital Rights Management in video games: their impact on performance and the legal structure connected to them

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08706131

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08706131

Country of ref document: EP

Kind code of ref document: A1