CA1262575A - System for preventing software piracy employing multi- encrypted keys and single decryption circuit modules - Google Patents
System for preventing software piracy employing multi- encrypted keys and single decryption circuit modulesInfo
- Publication number
- CA1262575A CA1262575A CA000517059A CA517059A CA1262575A CA 1262575 A CA1262575 A CA 1262575A CA 000517059 A CA000517059 A CA 000517059A CA 517059 A CA517059 A CA 517059A CA 1262575 A CA1262575 A CA 1262575A
- Authority
- CA
- Canada
- Prior art keywords
- key
- computer
- program
- module
- efk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired
Links
- 230000003405 preventing effect Effects 0.000 title description 4
- 238000000034 method Methods 0.000 claims abstract description 25
- 230000004044 response Effects 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 4
- 101100064697 Caenorhabditis elegans efk-1 gene Proteins 0.000 claims 3
- 230000006870 function Effects 0.000 description 7
- 238000004364 calculation method Methods 0.000 description 4
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 239000004809 Teflon Substances 0.000 description 1
- 229920006362 Teflon® Polymers 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 229920001721 polyimide Polymers 0.000 description 1
- 229920000642 polymer Polymers 0.000 description 1
- 229920000136 polysorbate Polymers 0.000 description 1
- 229940036310 program Drugs 0.000 description 1
- 235000002020 sage Nutrition 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
Abstract
ABSTRACT OF THE DISCLOSURE
A system (FIG. 1) which enables a protected program (e.g., prog. A, prog. B., ...) to run only a selected plurality of computers (e.g., computer 10) including a respective unique key Ki for each computer of the plurality, the key being triple encrypted (14a) in the form EFK[EFK[Ki]]]. A respective module (16) is coupled (via 17) to each computer (10) of the plurality. A
checker program (15) in each computer responds to a request (from station 11) to use the protected program by performing a single decryption procedure E?? on the triple encrypted key (step 22 of FIG. 2) and sends the result (step 23) to the module (16) as a message. The module (16) performs a single decryption procedure E?? on the message (step 25) and sends that result (step 26) back to the computer. The checker program (15) receives the module's result and performs another single decryption procedure E?? on it (step 28) to obtain key Ki. Then the checker program (15) uses key Ki to decrypt an identifier, (e.g., 14b, 14c, ...) and proceeds with the execution of the protected program only if it is identified by the decrypted identifier (step 32).
A system (FIG. 1) which enables a protected program (e.g., prog. A, prog. B., ...) to run only a selected plurality of computers (e.g., computer 10) including a respective unique key Ki for each computer of the plurality, the key being triple encrypted (14a) in the form EFK[EFK[Ki]]]. A respective module (16) is coupled (via 17) to each computer (10) of the plurality. A
checker program (15) in each computer responds to a request (from station 11) to use the protected program by performing a single decryption procedure E?? on the triple encrypted key (step 22 of FIG. 2) and sends the result (step 23) to the module (16) as a message. The module (16) performs a single decryption procedure E?? on the message (step 25) and sends that result (step 26) back to the computer. The checker program (15) receives the module's result and performs another single decryption procedure E?? on it (step 28) to obtain key Ki. Then the checker program (15) uses key Ki to decrypt an identifier, (e.g., 14b, 14c, ...) and proceeds with the execution of the protected program only if it is identified by the decrypted identifier (step 32).
Description
2S7~
SYSTEM FOR PREVENTI~G SOFltWARE PIRACY EMPLOYING
MULTI--ENCRYPTED KEYS A~D SINGLE DECRYPTION CIRCUIT MODUr,ES
lE3ACKGROVND OF TE~ INVENTION
.
This invention relates to data proce3sing systems;
and in particular it relates to data processing systems which include some means for preventing the piracy of soft-ware programs.
Basically, every data processing sys~em includes a digital computer which perform~ various tasks in response to a sequence of instruction~ called a program or software.
Many different programs can be written for the ~ame compu-ter; and in each program, the ~equence of instruction~ i5differently arranged in accordance with the particular task that the computer is to perform. For example, one program can direct the computer to perform inventory operations, another program can direct ~he computer to perform payroll operations, etc.
Often, the programs which are writ~en for a compu-ter are very co~plex, comprise thou~ands of in.s~ructions, and represent a considerable investment in time and money.
:
.. :
.
: : :
.
..
Therefore, efforts have been made in the prior art to prevent software from being stolen by software pirates.
However, software is very easy to copy since it usually is stored on a magnetic tape or magnetic disk which is readily duplicated. Consequently, prot~cting software from piracy is difficult to achievP.
This problem of protecting software is most diffi-cult for corporations which produce and license software programs, a~ a product, to many di~ferent customers. Each time a program is distributed under a license to a differ-ent customer, that customer become~ a potential software pirate. For e~ample, the potential Pxists for a customer to copy the licensed software, terminate his license, and thereafter run the software copy. Also, the potential exists for the customer to copy the sof~ware and distribute it to third parties.
One of the prior art means which has been devised to prevent software piracy is described in United States Patents 4,168,396 and 4,278,837 to ~est. In these patents, each instruction of the program is encrypted and sent to the customer in the encrypted form. Then, when the program is to be run, it is read into the computer in encrypted form, decrypted inside of the compute~, and executed.
In the Best ~ystem, the decrypted program is not available for copying since the program on the storage media is always encrypted. However, since each :instruction must be decrypted prior to being executed, execut:ion of the program i8 very 810w. Further, the program only runs on sp~cially con~tructed computers which do the decryption.
These computers are only supplied by the software vendor;
so the Best system does not even work in the typical case where the ~oftware customer wants to run a licensed program on a computer which he already owns.
, , ;' ;2~75 Ano~her prior art software protection system is described in Patent 4,471,163 by Donald et al. In ~ha~
~ystem, the customer of a licensed program is supplied a program lock unit which performs a predetermined calcula-tion on a number, and the program it~el is modified toalso perform t~e same calculation on the ~ame number. Then the program compares the result of its calculations to the r~sult obtained from the lock unit and the program stops if the two re~ult~ are not equal.
A problem, however, with the Donald et al system is that ~he result of the calculation which the lock unit perfonms i~ passed to the computer over a co~ductor on which it could be read by a line analyzer. After being read, that same result could be generated by any memory circuit, such a~ a programmed read only memory. Thu~ a copy of the protected program could be made to run by simply replacing the lock unit with the read only memory.
Also in the Donald et al system, no further checks are made after the two results have been compar~d and the program has started ~o run. Iherefore, one copy of ~he program can be started on a sy~tem to which the lock unit is attached, and thereafter the lock unit can be remo~ed and transfsrred to another system whereupon another copy of the program can be started. Thus the protection system is not suitable for programs of ~ type which operate for long time periods, - ~uch as graphic6 programs which operate all day in an interactive fashion with an operator.
Another problem with the Donald et al system is that the cu~tomer of a licensed program must be given a copy of a Xey that contain~ several parameters which the customer then enters via a keyboard into the lock unit.
Tho~e parameters are opera~ed on by the lock unit to pro-duce ~he re3ult which the licensed program compares~
However, having thi~ key enables a customer of one program (program A) to copy his key and his program, and then give .
~. , r~ 5 75 ;
those c~opies to a customer of anothPr program ( program B ) .
In return, the customer o:f program B can copy hic program and his key, and give thelTI to the cu~tomer of progrzun A.
In view, therefore all o~ these prior art probl~m~ with prote~:ting sotware, it is a prima:ry object o the inventi~n 1:o provide an improved ystem for prevent-ing ~oftwar~ pirary in w~ich the~e and other prior art deficiencies are overcome.
1~
In accordance with embodiments of the present invention, the above object, and others, are achieved by a system which enables a protected program to run on only a selected plurality of computers, and which comprises: .
lS a respective u~ique key for each computer of 1:he plurality: the key being triple encrypted in the form E~K~EKi~EF~CKi]]] where Ki i~ the unencrypted key, EKi is an encryption procedure E which u.~es Ki r and EFK iq the same encryption procedure E using a single f ixed key FK
20 for all of the computers;
a respective module coupled to each computer of the plurality;
a checker program in each computer which responds to a reque3t to use the protected program by performing a 25 single decryption procedur~ EFl on the triple encrypted key and send the result to the module as a message M, a means in the module which performs a single decryption procedure EKli on message M and sends E~ M]
back ~o the computer a means in the checker program for receiving EK~CM~ from the module and for performing another single decryption procedure l~K on it to obtain k~y Ki;
an identifier for the protected program that is encrypted with Xey Ki, and `
~L~22575 a means in ~he checker program for usi~g key Ki to decrypt th2 identifier, and or proceeding with the execution of th@ protected program only if it is ldentifled by the decrypted identifier.
8RIEF DESCRIPTIO~ OF THE DRAWINGS
Various ~eatures and advantages of embodiments of th~
inventlon are described in detail in the following Detailed Description in conjunction with the accompanying drawings wherein:
FIG. 1 illustrates a system for preventing software piracy in accordance with an embodiment of the invention; and FIG. 2 illustrates additional details of a decryptor checker program in the FIG. 1 system.
DETAILED DESCRIPTION
Reerring now to FIG. 1, a preferred embodiment of a ~y~tem w~ich prev~nts software piracy in accordance with one embodiment will be descr~ed in detail. This system includes a digital computer 10, a plurality of worX sta-20 ~ion~ 11, and an input/output bus 12 ~hich coup:Les the work ~tations 12 to computer 10. Computer 10 may be any type of general purpose digital computer, such as a G~TEK* Comet.
Similarly, each work ~tation 11 may be any type of terminal which has- a keyboard that enabl~s an operator to request computer 10 to e~ecute various progr~ms, such as a GRA~TEX
Meteor.
Al~o included in ~he FIG. 1 system i.s a dis~ 13 which s~ores protected software programs that run on com-puter 10. These programs are i~dicated as PROG A, PROG B, and P~O~ C. E~ch program may direct computer 10 to perform any type of de~ired functions, and it~ exact makeup is un.im-portant. For example, the program~ could interact with an operator at the worX~tation to rotate a graphic~ image on a CRT screen in the worXstation, display two graph.ics image.s * Trade l~ark 5~;
in a split screen fashion on the CRT screen, or zoom in on a particular feature of the image that is being displayed.
Disk 13 al50 stores an encrypted list 14. Entry 14a of this list i~ a triple encryptecl key of the form EFK~EKi[EFK[Ki]~. In this expression, Ki i5 an unencryp-ted Xey that is unique to computer 10. That is, each time the FIG. 1 system is duplicated for a different customer, key Ki is changed.
Term EKi in the above expression represents an encryption procedure E which uses key Ki. Thus, when the FIG. 1 ~ystem i~ duplicated for different customer3, the encryption procedure E in each system is the same, but the key Ki in each system is diffPrent.
Similarly, term EFK in the above e~pression repre-gents the encryption procedure E a~ recited above but w~lich is performed with a ~ingle fixed key FK. Thu~, when the FIG. 1 sy~tem i9 duplicated for different customers, the encryption procedure E and it~ key FK is the same in each system.
All oP the protected programs on the FIG. 1 system also have a corrasponding encrypted identifier in list 14.
Entry 14b is the encrypted identifier for PROG A; entry 14c is the encrypted identifier for PROG B; and entry I4d is the encrypted identifier for PROG C. Each of these identi-25 fiers is encrypted first with procedure EFK and thereaft~r with procedure EKi.
Diek 13 al90 stores a decryptor-checker program 15. All of the de~ails of this program will be described ~hortly in conjunction with FIG. 2. In general, however, program 15 operates i~ response ~-o a request Prom an opera-tor at work station 11 for computer lO to run a particular program. During its operation, program 15 checks whether the requested program i5 included in ~he encrypted list 14.
IP the requested program is in list 14, then execution of 35 that proyram is permitted to occur; otherwise, it is not.
-7- '~L,2~575 A software pro~ection module (SPM~ 16 which operate~ in conjunction with program 15 is also included in the FIG. 1 sys~em~ Module 16 is coupled to computer 10 via a serial I/o bu3 17. In operation, module 16 recei~es a m~s~age via bus 17 from computer 10, performs a d~cryption f~ction EKi on that message, and sends ~he re~ult~ bac~ via bu 17 ~o computer 10.
If the FIG. 1 sy~tem i duplicated ~or diferent customer~, ~he decryption st~ps E-l which module 16 perform~ i~ the same in each sy3tem~ ~owever, the key Ki which ~odule 16 use3 in those steps is differ~nt in each sys~em.
Preferably, module 16 is packaged such that it is very difficult, if not impossible, ~o open the package without de~troying the key Ki. This may be achieved by integrating the key inside of a microprocessor chip which is programmed to perform the EKi function, and by putting the microproce~sor chip in a very hard and chemically resi3tant substance, such as a polyimid~, Teflon* or ladder-organosiLoxane*polymers.
Referring r~ext to FIG. 2, the decryp~or-checker program 15 will be described in detail. This program is entered at a point 20 in response to a request from an operator at work station 11 for computer 10 to run PROG A, PROG B, or PROG C. Program 15 begins by reading the triple encrypted key 14a from li~t 14. Then it performs the single decryption functon E ~ on entry 14a and sends the result to module 16 as a me~sage M. This is indicated by reference numerals 21, 22, and 23.
Module 16 responds by receiving the message M
: which computer 10 sent and performing a single decryption function E~l on that information. Then module 16 sends the result back to computer 10 as ~Ki~M~. This is indicated in FIG. 2 by reference numerals 24, 25 and 26.
* Trade Marks s~
Program 15 receiveS the information which module 16 s~nt and performs the single decryption function EFK on it to obtain the unencrypted key Ki. This is indicated by reference numerals 27 and 28.
Thereafter, program 15 reads the remaining entries in list 14 and perform~ the decryption function~ E~i and EFK on them. If the result of those decryption operations yield# the name of *he program which was requested by work qtation 11, then execution of that program continue5.
Otherwiqe, execution of the r~quested prcgram i5 bypassed.
Thi8 i8 indica~ed by reference numerals 29 thru 33.
One important feature of the above described ~ys-tem i~ that the list 14 and module 16 are matched such that they only work together a-~ a pair. Thus a pc>tential soft--ware pirate cannot make and sell copies of the protectl3dprograms becau~e each program will only run on a system which has a particular module 16.
Another important feature of the above de~cribed system is that none of the messages on bus 17 b~tween com-puter 10 and module 16 contain key Ki in itq unencryptedform. Therefore, a potential software pirate cannot cletect the key Ki by placing a line analyzer on bus 17 to read the mes~ages on the bus.
Yet another feature of the above system is that none of the messages that are transmitted on bus 17 corres pond to any entry in the encryp~d list 14. Therefore, a potential software pirate cannot even determine what part~
of li~t 14 are being transmitted on bus 17 by placing a line analy~er on bu8 17 to record the me.qsages ancl by lat~r comparing thos~ messages to the data which is stor~d on the di~k.
Still another ~eature of the a~ove described sy6tem i~ that key Ki permanently exis~s in its une~crypted orm only in module 16. Bu~ module 16 is tamperproo~ in g the sense that key Ki is destroyed if the module is opened.
Therefore, there is no permanent copy of key Ki for a potential sotware pirate to obtain.
~no~her feature of the above system is that it 5 provides a very practical means for a software vendor to protect his program~. This is because most computers h~ve a serial I/O bus, and so the software vendor doesn't need to design a module ~ith a new bus interface for each custo-mer. In~tead for each cu~tomer, only l:ist 14 needs to be encrypted differently and a different key Ki needs to be potted in module 16.
Program 15 also has a ~econd entry point as in~i-cated by reference numeral 40. This point of the program i9 entered at randomly select2d time instants while any of lS the authorized programs are running.
Upon entering point 40, program 15 generates a ran-dom number and sends it to module 16. In response, module 16 receives the random number, performs the decryption function EKi on the random number, and sends the result back to computer lO. This is indicated by referencP
numerals 41 thru 45.
After receiving the decrypted random number, program 15 acquires key Ki and performs the encryption function EKi on the decrypted random number. This result is then compared to the originally generated random number of ~tep 41. If the two numbers are equal, the running of the reque~ted program is continued. Otherwise, the running of the requested program is terminated. This is indicated by reference numeral~ 46 49.
One feature of thi~ portion of program 15 is that it prevents a thief from removing module 16 after a pro-tected program has started running. Therefore, a thief can-no~ start the protected programs on ~he FIG. 1 system, move .:
~2~75 module 16 to another system which has a copy of the protec-ted programs/ and start the copied programs running without having FIG. 1 system stop.
Yet another feature of the above portion of program 15 is that it prevents a thief from duplicating module 16 by placing a line analyzer on bus 17, monitoring and storing all of the responses which module 16 make~, and building a circuit which duplicates those responRes. Such an attempt will not work ince the numbers sent via step 42 and the response received via ~tep 46 will alway~ be changing with time.
A preferred embodiment of ~he invention has now been de~cribed in detail. In addition, however, many changes and modifications can be made ~o these de~aiLs withou~ departing from the nature and spirit o:E the invention.
For example, the details of the encryption steps E
and decryption steps E-l as well as their specific implemen-tation i~ unimportant. Any encryption-decryption algorithm will work so long as it meets the constraint ~Ki~EKi~Ki3~-Ki.
Many ~uitable algorithms and implementations are described, for example, in the text Cry~tography: A New Dimension :in Computer Data Security by Meyer et al, published by John Wiley ~ Sonc.
As another modification, entry 14a in list 14 may be replaced with a double encrypted key of the form EKi[EFK[~i]]. ThiS would eliminate the need for ~tep 22 .in program 14, which would make the program run fa.~ter.
However, ~he price for this increase in speed will be a decreased degree of ~ecurity.
As still another modification, checker program 15 can be partitioned into many parts which are scramble~d throughout the protected program~ (e.g., - program A, pro-gram B, and program C). Usually the protected programs axe ~2~2S~
much larger than the checker program, so locating the checker program after such 5cr~mbling is essentially impos~
sible. Thu5, this gives an added degree of security since it prevents a potential software pirate from locating the checker program and bypassing it.
Ascordingly, ~ince many such modifications are possible, it is to be understood that the invention is not limited to the above details but is defined by the appended claims.
`
, . :
, ~ ,
SYSTEM FOR PREVENTI~G SOFltWARE PIRACY EMPLOYING
MULTI--ENCRYPTED KEYS A~D SINGLE DECRYPTION CIRCUIT MODUr,ES
lE3ACKGROVND OF TE~ INVENTION
.
This invention relates to data proce3sing systems;
and in particular it relates to data processing systems which include some means for preventing the piracy of soft-ware programs.
Basically, every data processing sys~em includes a digital computer which perform~ various tasks in response to a sequence of instruction~ called a program or software.
Many different programs can be written for the ~ame compu-ter; and in each program, the ~equence of instruction~ i5differently arranged in accordance with the particular task that the computer is to perform. For example, one program can direct the computer to perform inventory operations, another program can direct ~he computer to perform payroll operations, etc.
Often, the programs which are writ~en for a compu-ter are very co~plex, comprise thou~ands of in.s~ructions, and represent a considerable investment in time and money.
:
.. :
.
: : :
.
..
Therefore, efforts have been made in the prior art to prevent software from being stolen by software pirates.
However, software is very easy to copy since it usually is stored on a magnetic tape or magnetic disk which is readily duplicated. Consequently, prot~cting software from piracy is difficult to achievP.
This problem of protecting software is most diffi-cult for corporations which produce and license software programs, a~ a product, to many di~ferent customers. Each time a program is distributed under a license to a differ-ent customer, that customer become~ a potential software pirate. For e~ample, the potential Pxists for a customer to copy the licensed software, terminate his license, and thereafter run the software copy. Also, the potential exists for the customer to copy the sof~ware and distribute it to third parties.
One of the prior art means which has been devised to prevent software piracy is described in United States Patents 4,168,396 and 4,278,837 to ~est. In these patents, each instruction of the program is encrypted and sent to the customer in the encrypted form. Then, when the program is to be run, it is read into the computer in encrypted form, decrypted inside of the compute~, and executed.
In the Best ~ystem, the decrypted program is not available for copying since the program on the storage media is always encrypted. However, since each :instruction must be decrypted prior to being executed, execut:ion of the program i8 very 810w. Further, the program only runs on sp~cially con~tructed computers which do the decryption.
These computers are only supplied by the software vendor;
so the Best system does not even work in the typical case where the ~oftware customer wants to run a licensed program on a computer which he already owns.
, , ;' ;2~75 Ano~her prior art software protection system is described in Patent 4,471,163 by Donald et al. In ~ha~
~ystem, the customer of a licensed program is supplied a program lock unit which performs a predetermined calcula-tion on a number, and the program it~el is modified toalso perform t~e same calculation on the ~ame number. Then the program compares the result of its calculations to the r~sult obtained from the lock unit and the program stops if the two re~ult~ are not equal.
A problem, however, with the Donald et al system is that ~he result of the calculation which the lock unit perfonms i~ passed to the computer over a co~ductor on which it could be read by a line analyzer. After being read, that same result could be generated by any memory circuit, such a~ a programmed read only memory. Thu~ a copy of the protected program could be made to run by simply replacing the lock unit with the read only memory.
Also in the Donald et al system, no further checks are made after the two results have been compar~d and the program has started ~o run. Iherefore, one copy of ~he program can be started on a sy~tem to which the lock unit is attached, and thereafter the lock unit can be remo~ed and transfsrred to another system whereupon another copy of the program can be started. Thus the protection system is not suitable for programs of ~ type which operate for long time periods, - ~uch as graphic6 programs which operate all day in an interactive fashion with an operator.
Another problem with the Donald et al system is that the cu~tomer of a licensed program must be given a copy of a Xey that contain~ several parameters which the customer then enters via a keyboard into the lock unit.
Tho~e parameters are opera~ed on by the lock unit to pro-duce ~he re3ult which the licensed program compares~
However, having thi~ key enables a customer of one program (program A) to copy his key and his program, and then give .
~. , r~ 5 75 ;
those c~opies to a customer of anothPr program ( program B ) .
In return, the customer o:f program B can copy hic program and his key, and give thelTI to the cu~tomer of progrzun A.
In view, therefore all o~ these prior art probl~m~ with prote~:ting sotware, it is a prima:ry object o the inventi~n 1:o provide an improved ystem for prevent-ing ~oftwar~ pirary in w~ich the~e and other prior art deficiencies are overcome.
1~
In accordance with embodiments of the present invention, the above object, and others, are achieved by a system which enables a protected program to run on only a selected plurality of computers, and which comprises: .
lS a respective u~ique key for each computer of 1:he plurality: the key being triple encrypted in the form E~K~EKi~EF~CKi]]] where Ki i~ the unencrypted key, EKi is an encryption procedure E which u.~es Ki r and EFK iq the same encryption procedure E using a single f ixed key FK
20 for all of the computers;
a respective module coupled to each computer of the plurality;
a checker program in each computer which responds to a reque3t to use the protected program by performing a 25 single decryption procedur~ EFl on the triple encrypted key and send the result to the module as a message M, a means in the module which performs a single decryption procedure EKli on message M and sends E~ M]
back ~o the computer a means in the checker program for receiving EK~CM~ from the module and for performing another single decryption procedure l~K on it to obtain k~y Ki;
an identifier for the protected program that is encrypted with Xey Ki, and `
~L~22575 a means in ~he checker program for usi~g key Ki to decrypt th2 identifier, and or proceeding with the execution of th@ protected program only if it is ldentifled by the decrypted identifier.
8RIEF DESCRIPTIO~ OF THE DRAWINGS
Various ~eatures and advantages of embodiments of th~
inventlon are described in detail in the following Detailed Description in conjunction with the accompanying drawings wherein:
FIG. 1 illustrates a system for preventing software piracy in accordance with an embodiment of the invention; and FIG. 2 illustrates additional details of a decryptor checker program in the FIG. 1 system.
DETAILED DESCRIPTION
Reerring now to FIG. 1, a preferred embodiment of a ~y~tem w~ich prev~nts software piracy in accordance with one embodiment will be descr~ed in detail. This system includes a digital computer 10, a plurality of worX sta-20 ~ion~ 11, and an input/output bus 12 ~hich coup:Les the work ~tations 12 to computer 10. Computer 10 may be any type of general purpose digital computer, such as a G~TEK* Comet.
Similarly, each work ~tation 11 may be any type of terminal which has- a keyboard that enabl~s an operator to request computer 10 to e~ecute various progr~ms, such as a GRA~TEX
Meteor.
Al~o included in ~he FIG. 1 system i.s a dis~ 13 which s~ores protected software programs that run on com-puter 10. These programs are i~dicated as PROG A, PROG B, and P~O~ C. E~ch program may direct computer 10 to perform any type of de~ired functions, and it~ exact makeup is un.im-portant. For example, the program~ could interact with an operator at the worX~tation to rotate a graphic~ image on a CRT screen in the worXstation, display two graph.ics image.s * Trade l~ark 5~;
in a split screen fashion on the CRT screen, or zoom in on a particular feature of the image that is being displayed.
Disk 13 al50 stores an encrypted list 14. Entry 14a of this list i~ a triple encryptecl key of the form EFK~EKi[EFK[Ki]~. In this expression, Ki i5 an unencryp-ted Xey that is unique to computer 10. That is, each time the FIG. 1 system is duplicated for a different customer, key Ki is changed.
Term EKi in the above expression represents an encryption procedure E which uses key Ki. Thus, when the FIG. 1 ~ystem i~ duplicated for different customer3, the encryption procedure E in each system is the same, but the key Ki in each system is diffPrent.
Similarly, term EFK in the above e~pression repre-gents the encryption procedure E a~ recited above but w~lich is performed with a ~ingle fixed key FK. Thu~, when the FIG. 1 sy~tem i9 duplicated for different customers, the encryption procedure E and it~ key FK is the same in each system.
All oP the protected programs on the FIG. 1 system also have a corrasponding encrypted identifier in list 14.
Entry 14b is the encrypted identifier for PROG A; entry 14c is the encrypted identifier for PROG B; and entry I4d is the encrypted identifier for PROG C. Each of these identi-25 fiers is encrypted first with procedure EFK and thereaft~r with procedure EKi.
Diek 13 al90 stores a decryptor-checker program 15. All of the de~ails of this program will be described ~hortly in conjunction with FIG. 2. In general, however, program 15 operates i~ response ~-o a request Prom an opera-tor at work station 11 for computer lO to run a particular program. During its operation, program 15 checks whether the requested program i5 included in ~he encrypted list 14.
IP the requested program is in list 14, then execution of 35 that proyram is permitted to occur; otherwise, it is not.
-7- '~L,2~575 A software pro~ection module (SPM~ 16 which operate~ in conjunction with program 15 is also included in the FIG. 1 sys~em~ Module 16 is coupled to computer 10 via a serial I/o bu3 17. In operation, module 16 recei~es a m~s~age via bus 17 from computer 10, performs a d~cryption f~ction EKi on that message, and sends ~he re~ult~ bac~ via bu 17 ~o computer 10.
If the FIG. 1 sy~tem i duplicated ~or diferent customer~, ~he decryption st~ps E-l which module 16 perform~ i~ the same in each sy3tem~ ~owever, the key Ki which ~odule 16 use3 in those steps is differ~nt in each sys~em.
Preferably, module 16 is packaged such that it is very difficult, if not impossible, ~o open the package without de~troying the key Ki. This may be achieved by integrating the key inside of a microprocessor chip which is programmed to perform the EKi function, and by putting the microproce~sor chip in a very hard and chemically resi3tant substance, such as a polyimid~, Teflon* or ladder-organosiLoxane*polymers.
Referring r~ext to FIG. 2, the decryp~or-checker program 15 will be described in detail. This program is entered at a point 20 in response to a request from an operator at work station 11 for computer 10 to run PROG A, PROG B, or PROG C. Program 15 begins by reading the triple encrypted key 14a from li~t 14. Then it performs the single decryption functon E ~ on entry 14a and sends the result to module 16 as a me~sage M. This is indicated by reference numerals 21, 22, and 23.
Module 16 responds by receiving the message M
: which computer 10 sent and performing a single decryption function E~l on that information. Then module 16 sends the result back to computer 10 as ~Ki~M~. This is indicated in FIG. 2 by reference numerals 24, 25 and 26.
* Trade Marks s~
Program 15 receiveS the information which module 16 s~nt and performs the single decryption function EFK on it to obtain the unencrypted key Ki. This is indicated by reference numerals 27 and 28.
Thereafter, program 15 reads the remaining entries in list 14 and perform~ the decryption function~ E~i and EFK on them. If the result of those decryption operations yield# the name of *he program which was requested by work qtation 11, then execution of that program continue5.
Otherwiqe, execution of the r~quested prcgram i5 bypassed.
Thi8 i8 indica~ed by reference numerals 29 thru 33.
One important feature of the above described ~ys-tem i~ that the list 14 and module 16 are matched such that they only work together a-~ a pair. Thus a pc>tential soft--ware pirate cannot make and sell copies of the protectl3dprograms becau~e each program will only run on a system which has a particular module 16.
Another important feature of the above de~cribed system is that none of the messages on bus 17 b~tween com-puter 10 and module 16 contain key Ki in itq unencryptedform. Therefore, a potential software pirate cannot cletect the key Ki by placing a line analyzer on bus 17 to read the mes~ages on the bus.
Yet another feature of the above system is that none of the messages that are transmitted on bus 17 corres pond to any entry in the encryp~d list 14. Therefore, a potential software pirate cannot even determine what part~
of li~t 14 are being transmitted on bus 17 by placing a line analy~er on bu8 17 to record the me.qsages ancl by lat~r comparing thos~ messages to the data which is stor~d on the di~k.
Still another ~eature of the a~ove described sy6tem i~ that key Ki permanently exis~s in its une~crypted orm only in module 16. Bu~ module 16 is tamperproo~ in g the sense that key Ki is destroyed if the module is opened.
Therefore, there is no permanent copy of key Ki for a potential sotware pirate to obtain.
~no~her feature of the above system is that it 5 provides a very practical means for a software vendor to protect his program~. This is because most computers h~ve a serial I/O bus, and so the software vendor doesn't need to design a module ~ith a new bus interface for each custo-mer. In~tead for each cu~tomer, only l:ist 14 needs to be encrypted differently and a different key Ki needs to be potted in module 16.
Program 15 also has a ~econd entry point as in~i-cated by reference numeral 40. This point of the program i9 entered at randomly select2d time instants while any of lS the authorized programs are running.
Upon entering point 40, program 15 generates a ran-dom number and sends it to module 16. In response, module 16 receives the random number, performs the decryption function EKi on the random number, and sends the result back to computer lO. This is indicated by referencP
numerals 41 thru 45.
After receiving the decrypted random number, program 15 acquires key Ki and performs the encryption function EKi on the decrypted random number. This result is then compared to the originally generated random number of ~tep 41. If the two numbers are equal, the running of the reque~ted program is continued. Otherwise, the running of the requested program is terminated. This is indicated by reference numeral~ 46 49.
One feature of thi~ portion of program 15 is that it prevents a thief from removing module 16 after a pro-tected program has started running. Therefore, a thief can-no~ start the protected programs on ~he FIG. 1 system, move .:
~2~75 module 16 to another system which has a copy of the protec-ted programs/ and start the copied programs running without having FIG. 1 system stop.
Yet another feature of the above portion of program 15 is that it prevents a thief from duplicating module 16 by placing a line analyzer on bus 17, monitoring and storing all of the responses which module 16 make~, and building a circuit which duplicates those responRes. Such an attempt will not work ince the numbers sent via step 42 and the response received via ~tep 46 will alway~ be changing with time.
A preferred embodiment of ~he invention has now been de~cribed in detail. In addition, however, many changes and modifications can be made ~o these de~aiLs withou~ departing from the nature and spirit o:E the invention.
For example, the details of the encryption steps E
and decryption steps E-l as well as their specific implemen-tation i~ unimportant. Any encryption-decryption algorithm will work so long as it meets the constraint ~Ki~EKi~Ki3~-Ki.
Many ~uitable algorithms and implementations are described, for example, in the text Cry~tography: A New Dimension :in Computer Data Security by Meyer et al, published by John Wiley ~ Sonc.
As another modification, entry 14a in list 14 may be replaced with a double encrypted key of the form EKi[EFK[~i]]. ThiS would eliminate the need for ~tep 22 .in program 14, which would make the program run fa.~ter.
However, ~he price for this increase in speed will be a decreased degree of ~ecurity.
As still another modification, checker program 15 can be partitioned into many parts which are scramble~d throughout the protected program~ (e.g., - program A, pro-gram B, and program C). Usually the protected programs axe ~2~2S~
much larger than the checker program, so locating the checker program after such 5cr~mbling is essentially impos~
sible. Thu5, this gives an added degree of security since it prevents a potential software pirate from locating the checker program and bypassing it.
Ascordingly, ~ince many such modifications are possible, it is to be understood that the invention is not limited to the above details but is defined by the appended claims.
`
, . :
, ~ ,
Claims (10)
1. A system for enabling a protected program to run on only a selected plurality of computers, comprising:
a respective triple encrypted key for each of said computers of the form EFK[EKi[EFK[Ki]]] where Ki is an unencrypted key that is unique to each of said computers, EKi is an encryption procedure E which uses key Ki, and EFK is the same encryption procedure E using a single fixed key FK for all of said computers;
a respective unique module coupled to each computer of said plurality for performing a decryption procedure EKi-1 where Ki is unique to each module;
a checker program in each computer which responds to requests to use said protected program by performing a single decryption procedure EFK-1 on said triple encrypted key and sends the result to said module as a message M;
said module being adapted to perform said single decryption procedure EKi-1 on said message M and send EKi-1[M] back to said computer;
a means in said checker program for receiving EFK-1[M] from said module and for performing another single decryption procedure EFR-1 on it to obtain key Ki;
an identifier that is encrypted with said key Ki;
and a means in said checker program for using key Ki to decrypt said identifier, and for proceeding with the execution of said protected program only if it is identified by the decrypted identifier.
a respective triple encrypted key for each of said computers of the form EFK[EKi[EFK[Ki]]] where Ki is an unencrypted key that is unique to each of said computers, EKi is an encryption procedure E which uses key Ki, and EFK is the same encryption procedure E using a single fixed key FK for all of said computers;
a respective unique module coupled to each computer of said plurality for performing a decryption procedure EKi-1 where Ki is unique to each module;
a checker program in each computer which responds to requests to use said protected program by performing a single decryption procedure EFK-1 on said triple encrypted key and sends the result to said module as a message M;
said module being adapted to perform said single decryption procedure EKi-1 on said message M and send EKi-1[M] back to said computer;
a means in said checker program for receiving EFK-1[M] from said module and for performing another single decryption procedure EFR-1 on it to obtain key Ki;
an identifier that is encrypted with said key Ki;
and a means in said checker program for using key Ki to decrypt said identifier, and for proceeding with the execution of said protected program only if it is identified by the decrypted identifier.
2. A system according to claim 1 wherein said checker program further includes a means for intermittently stopping the protected program's execution to send a random number to said module, to receive a response from said module, and to continue with the execution of said protected program only if the encryption EKi of said response matches said random number.
3. A system according to claim 2 wherein said identifier is double encrypted via procedures EFK and EKi.
4. A system according to claim 3 wherein said module is coupled to its computer via a bit serial bus.
5. A data processing system comprised of:
a computer having a key Ki that is unique to said computer and is at least double encrypted in the form EKi[EFK[Ki]] where EKi is an encryption procedure E which uses key Ki, and EFK is the same encryption procedure E
using another key FK;
a module coupled to said computer for receiving said key in said double encrypted form in response to a request for said computer to run a protected program and for partially decrypting said double encrypted key to a single encrypted key EFK[Ki];
a checker program for receiving said single encrypted key EFK[Ki] from said module and for completing its decryption to Ki;
an identifier that is encrypted with said key Ki;
and a means in said checker program for using Ki to decrypt said identifier, and for proceeding to run said protected program only if it is identified by the decrypted identifier.
a computer having a key Ki that is unique to said computer and is at least double encrypted in the form EKi[EFK[Ki]] where EKi is an encryption procedure E which uses key Ki, and EFK is the same encryption procedure E
using another key FK;
a module coupled to said computer for receiving said key in said double encrypted form in response to a request for said computer to run a protected program and for partially decrypting said double encrypted key to a single encrypted key EFK[Ki];
a checker program for receiving said single encrypted key EFK[Ki] from said module and for completing its decryption to Ki;
an identifier that is encrypted with said key Ki;
and a means in said checker program for using Ki to decrypt said identifier, and for proceeding to run said protected program only if it is identified by the decrypted identifier.
6. A system according to claim 5 wherein said checker program further includes a means for temporarily stopping the protected program's execution to send a random number to said module, to receive a response from said module, and to continue with the execution of said protected program only if the encryption EKi of said response matches said random number.
7. A system according to claim 5 wherein said key Ki is stored in a storage media in a triple encrypted form EFK[EKi[EFK[Ki]]], and said checker program includes a means for performing EFK-1 on the permanently stored key and sending the double encrypted result to said module.
8 A system according to claim 5 wherein said identifier is double encrypted via procedures EFK and EKi.
9. A system according to claim 5 wherein said module is coupled to said computer via a bit serial bus.
10. A data processing system of the type which includes a computer, a protected program for said computer, and a module coupled to said computer; said system further including:
a key Ki that is unique to said computer and is double encrypted;
a means in said computer for receiving a request to use said protected program, and in response thereto, for sending said double encrypted key to said module;
a means in said module for performing a decryption procedure EKi-1 on said double encrypted key to obtain a single encrypted key and for sending the latter back to said computer;
a means in said computer for decrypting said single encrypted key to an unencrypted key; and a means in said computer for utilizing said unencrypted key to decrypt an encrypted identifier, and for proceeding with the execution of said protected program only if the decrypted identifier has a predetermined value.
a key Ki that is unique to said computer and is double encrypted;
a means in said computer for receiving a request to use said protected program, and in response thereto, for sending said double encrypted key to said module;
a means in said module for performing a decryption procedure EKi-1 on said double encrypted key to obtain a single encrypted key and for sending the latter back to said computer;
a means in said computer for decrypting said single encrypted key to an unencrypted key; and a means in said computer for utilizing said unencrypted key to decrypt an encrypted identifier, and for proceeding with the execution of said protected program only if the decrypted identifier has a predetermined value.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US06/771,901 US4683968A (en) | 1985-09-03 | 1985-09-03 | System for preventing software piracy employing multi-encrypted keys and single decryption circuit modules |
| US771,901 | 1985-09-03 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA1262575A true CA1262575A (en) | 1989-10-31 |
Family
ID=25093283
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA000517059A Expired CA1262575A (en) | 1985-09-03 | 1986-08-28 | System for preventing software piracy employing multi- encrypted keys and single decryption circuit modules |
Country Status (6)
| Country | Link |
|---|---|
| US (1) | US4683968A (en) |
| EP (1) | EP0238537B1 (en) |
| JP (1) | JPS62502080A (en) |
| CA (1) | CA1262575A (en) |
| DE (1) | DE3674581D1 (en) |
| WO (1) | WO1987001483A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7752139B2 (en) | 2005-12-27 | 2010-07-06 | Michael Noel Hu | Method and system for managing software licenses and reducing unauthorized use of software |
Families Citing this family (60)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4835697A (en) * | 1984-04-02 | 1989-05-30 | Pitney Bowes Inc. | Combination generator for an electronic postage meter |
| US4864494A (en) * | 1986-03-21 | 1989-09-05 | Computerized Data Ssytems For Mfg., Inc. | Software usage authorization system with key for decrypting/re-encrypting/re-transmitting moving target security codes from protected software |
| FR2600189B1 (en) * | 1986-06-16 | 1991-02-01 | Bull Cp8 | PROCESS FOR AUTHENTICATING BY AN EXTERNAL ENVIRONMENT A PORTABLE OBJECT SUCH AS A MEMORY CARD COUPLED TO THIS ENVIRONMENT |
| US4916738A (en) * | 1986-11-05 | 1990-04-10 | International Business Machines Corp. | Remote access terminal security |
| US4969188A (en) * | 1987-02-17 | 1990-11-06 | Gretag Aktiengesellschaft | Process and apparatus for the protection of secret elements in a network of encrypting devices with open key management |
| US4850017A (en) * | 1987-05-29 | 1989-07-18 | International Business Machines Corp. | Controlled use of cryptographic keys via generating station established control values |
| KR890702127A (en) * | 1987-06-03 | 1989-12-22 | 원본미기재 | Safety system with optional software program lock utilizing removable PLA key for hardware safety lock update |
| US4866769A (en) * | 1987-08-05 | 1989-09-12 | Ibm Corporation | Hardware assist for protecting PC software |
| US5390297A (en) * | 1987-11-10 | 1995-02-14 | Auto-Trol Technology Corporation | System for controlling the number of concurrent copies of a program in a network based on the number of available licenses |
| US4941176A (en) * | 1988-08-11 | 1990-07-10 | International Business Machines Corporation | Secure management of keys using control vectors |
| US4924514A (en) * | 1988-08-26 | 1990-05-08 | International Business Machines Corporation | Personal identification number processing using control vectors |
| US4924515A (en) * | 1988-08-29 | 1990-05-08 | International Business Machines Coprporation | Secure management of keys using extended control vectors |
| US4932054A (en) * | 1988-09-16 | 1990-06-05 | Chou Wayne W | Method and apparatus for protecting computer software utilizing coded filter network in conjunction with an active coded hardware device |
| US5199066A (en) * | 1989-04-18 | 1993-03-30 | Special Effects Software, Inc. | Method and apparatus for protecting software |
| US5103478A (en) * | 1989-04-27 | 1992-04-07 | International Business Machines Corporation | Secure management of keys using control vectors with multi-path checking |
| US4918728A (en) * | 1989-08-30 | 1990-04-17 | International Business Machines Corporation | Data cryptography operations using control vectors |
| US4993069A (en) * | 1989-11-29 | 1991-02-12 | International Business Machines Corporation | Secure key management using control vector translation |
| JP3080382B2 (en) * | 1990-02-21 | 2000-08-28 | 株式会社日立製作所 | Cryptographic communication system |
| US5007089A (en) * | 1990-04-09 | 1991-04-09 | International Business Machines Corporation | Secure key management using programable control vector checking |
| US5343524A (en) * | 1991-06-21 | 1994-08-30 | Mu Xiao Chun | Intelligent security device |
| US5214696A (en) * | 1992-02-04 | 1993-05-25 | International Business Machines Corporation | Data processing system and method to produce softcopy book readers which are limited to reading only books published by a specific publisher |
| AU4400993A (en) * | 1992-06-12 | 1994-01-04 | Dow Chemical Company, The | Secure front end communication system and method for process control computers |
| JPH07507891A (en) * | 1992-06-12 | 1995-08-31 | ザ、ダウ、ケミカル、カンパニー | Intelligent process control communication system and method |
| US5416840A (en) * | 1993-07-06 | 1995-05-16 | Phoenix Technologies, Ltd. | Software catalog encoding method and system |
| US5400403A (en) * | 1993-08-16 | 1995-03-21 | Rsa Data Security, Inc. | Abuse-resistant object distribution system and method |
| US5572589A (en) * | 1993-12-09 | 1996-11-05 | Microsoft Corporation | Disc serialization |
| US6948070B1 (en) | 1995-02-13 | 2005-09-20 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
| US7133846B1 (en) | 1995-02-13 | 2006-11-07 | Intertrust Technologies Corp. | Digital certificate support system, methods and techniques for secure electronic commerce transaction and rights management |
| US5892900A (en) | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
| US6157721A (en) | 1996-08-12 | 2000-12-05 | Intertrust Technologies Corp. | Systems and methods using cryptography to protect secure computing environments |
| DE69638018D1 (en) | 1995-02-13 | 2009-10-15 | Intertrust Tech Corp | Systems and procedures for managing secure transactions and protecting electronic rights |
| US6658568B1 (en) | 1995-02-13 | 2003-12-02 | Intertrust Technologies Corporation | Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management |
| US5943422A (en) | 1996-08-12 | 1999-08-24 | Intertrust Technologies Corp. | Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels |
| US5564106A (en) * | 1995-03-09 | 1996-10-08 | Motorola, Inc. | Method for providing blind access to an encryption key |
| US5623546A (en) * | 1995-06-23 | 1997-04-22 | Motorola, Inc. | Encryption method and system for portable data |
| US5758068A (en) * | 1995-09-19 | 1998-05-26 | International Business Machines Corporation | Method and apparatus for software license management |
| JP3093678B2 (en) * | 1996-06-28 | 2000-10-03 | 株式会社東芝 | Encryption method, decryption method, recording / reproducing device, decryption device, decryption unit device and recording medium manufacturing method |
| EP0840477B1 (en) | 1996-10-31 | 2012-07-18 | Panasonic Corporation | Secret key transfer method which is highly secure and can restrict the damage caused when the secret key is leaked or decoded |
| US6005935A (en) * | 1996-11-20 | 1999-12-21 | At&T Corp. | Method and system of using personal information as a key when distributing information |
| US6173403B1 (en) | 1997-04-30 | 2001-01-09 | Achates Reference Publishing, Inc. | Method and apparatus for distributing information products |
| US5982889A (en) * | 1997-04-30 | 1999-11-09 | Demont; Jason Paul | Method and apparatus for distributing information products |
| US7092914B1 (en) * | 1997-11-06 | 2006-08-15 | Intertrust Technologies Corporation | Methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information |
| US6643775B1 (en) | 1997-12-05 | 2003-11-04 | Jamama, Llc | Use of code obfuscation to inhibit generation of non-use-restricted versions of copy protected software applications |
| US6334189B1 (en) | 1997-12-05 | 2001-12-25 | Jamama, Llc | Use of pseudocode to protect software from unauthorized use |
| US6480959B1 (en) | 1997-12-05 | 2002-11-12 | Jamama, Llc | Software system and associated methods for controlling the use of computer programs |
| US6115820A (en) * | 1998-06-01 | 2000-09-05 | International Business Machines Corporation | Determining theft of grammar code |
| US7142676B1 (en) * | 1999-06-08 | 2006-11-28 | Entrust Limited | Method and apparatus for secure communications using third-party key provider |
| EP1164747B1 (en) * | 2000-01-14 | 2004-09-15 | Matsushita Electric Industrial Co., Ltd. | Authentication communication device and authentication communication system |
| ATE249664T1 (en) * | 2000-01-18 | 2003-09-15 | Infineon Technologies Ag | MICROPROCESSOR ARRANGEMENT WITH ENCRYPTION |
| EP1344212B1 (en) | 2000-12-14 | 2008-08-13 | ECD Systems, Inc. | Method for determining authenticity of an optical recording medium and optical recording medium |
| US7562396B2 (en) * | 2001-08-21 | 2009-07-14 | Ecd Systems, Inc. | Systems and methods for media authentication |
| JP3773431B2 (en) * | 2001-09-20 | 2006-05-10 | 松下電器産業株式会社 | Key mounting system, LSI for realizing the same, and key mounting method |
| US7643393B2 (en) * | 2001-12-12 | 2010-01-05 | Ecd Systems, Inc. | Systems and methods for optical media modification |
| US7716485B2 (en) | 2002-02-01 | 2010-05-11 | Sca Ipla Holdings Inc. | Systems and methods for media authentication |
| JP4440825B2 (en) * | 2005-05-17 | 2010-03-24 | 株式会社バンダイナムコゲームス | Game program recording medium |
| DE102005051577B4 (en) * | 2005-10-21 | 2008-04-30 | Engel Solutions Ag | Method for encrypting or decrypting data packets of a data stream and signal sequence and data processing system for carrying out the method |
| US20080263366A1 (en) * | 2007-04-19 | 2008-10-23 | Microsoft Corporation | Self-verifying software to prevent reverse engineering and piracy |
| US8010809B1 (en) | 2007-06-22 | 2011-08-30 | Qlogic, Corporation | Method and system for securing network data |
| US9355224B1 (en) * | 2008-05-16 | 2016-05-31 | Kaspersky Lab, Zao | System and method for dynamic adjustment of expiration date for authorization key for antivirus products |
| US20100290575A1 (en) * | 2009-05-15 | 2010-11-18 | Rosenthal Glenn B | Particle beam isotope generator apparatus, system and method |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4123747A (en) * | 1977-05-20 | 1978-10-31 | International Business Machines Corporation | Identity verification method and apparatus |
| US4278837A (en) | 1977-10-31 | 1981-07-14 | Best Robert M | Crypto microprocessor for executing enciphered programs |
| US4168396A (en) | 1977-10-31 | 1979-09-18 | Best Robert M | Microprocessor for executing enciphered programs |
| US4203166A (en) * | 1977-12-05 | 1980-05-13 | International Business Machines Corporation | Cryptographic file security for multiple domain networks |
| US4193131A (en) * | 1977-12-05 | 1980-03-11 | International Business Machines Corporation | Cryptographic verification of operational keys used in communication networks |
| US4186871A (en) * | 1978-03-01 | 1980-02-05 | International Business Machines Corporation | Transaction execution system with secure encryption key storage and communications |
| US4386266A (en) * | 1980-02-11 | 1983-05-31 | International Business Machines Corporation | Method for operating a transaction execution system having improved verification of personal identification |
| US4529870A (en) * | 1980-03-10 | 1985-07-16 | David Chaum | Cryptographic identification, financial transaction, and credential device |
| US4471163A (en) | 1981-10-05 | 1984-09-11 | Donald Thomas C | Software protection system |
| US4453074A (en) * | 1981-10-19 | 1984-06-05 | American Express Company | Protection system for intelligent cards |
-
1985
- 1985-09-03 US US06/771,901 patent/US4683968A/en not_active Expired - Lifetime
-
1986
- 1986-08-06 WO PCT/US1986/001650 patent/WO1987001483A1/en active IP Right Grant
- 1986-08-06 JP JP61504712A patent/JPS62502080A/en active Granted
- 1986-08-06 DE DE8686905500T patent/DE3674581D1/en not_active Expired - Fee Related
- 1986-08-06 EP EP86905500A patent/EP0238537B1/en not_active Expired - Lifetime
- 1986-08-28 CA CA000517059A patent/CA1262575A/en not_active Expired
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7752139B2 (en) | 2005-12-27 | 2010-07-06 | Michael Noel Hu | Method and system for managing software licenses and reducing unauthorized use of software |
Also Published As
| Publication number | Publication date |
|---|---|
| JPS62502080A (en) | 1987-08-13 |
| EP0238537B1 (en) | 1990-09-26 |
| US4683968A (en) | 1987-08-04 |
| EP0238537A1 (en) | 1987-09-30 |
| WO1987001483A1 (en) | 1987-03-12 |
| DE3674581D1 (en) | 1990-10-31 |
| JPH0260008B2 (en) | 1990-12-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA1262575A (en) | System for preventing software piracy employing multi- encrypted keys and single decryption circuit modules | |
| US5530752A (en) | Systems and methods for protecting software from unlicensed copying and use | |
| EP0679978B1 (en) | Method and apparatus enabling software trial using a decryption stub | |
| JP3914430B2 (en) | Method and apparatus for enabling distribution of software objects | |
| EP0679979B1 (en) | Method and apparatus enabling software trial with a try-and-buy user interaction | |
| AU671049B2 (en) | Apparatus and method for storing data | |
| JP3503773B2 (en) | Method and apparatus for securing access to a file | |
| US6185686B1 (en) | Computer system and process for accessing an encrypted and self-decrypting digital information product while restricting access to decrypted digital information | |
| CN101477676B (en) | Securing content for playback | |
| EP1596269A2 (en) | A system and method for rendering selective presentation of documents | |
| US6009518A (en) | Computer system for providing improved security for stored information | |
| US20050246284A1 (en) | Digital record carrier and method for use of same to inhibit copying using decryption code or key from remote depository | |
| JPH0789345B2 (en) | A safety system for remotely launching personal computer software. | |
| JPH08335182A (en) | File protection system, software utilization system using the same and recording medium to be used for the same | |
| NO952585L (en) | System for reading encrypted information and a device for use in such a system | |
| US20030046564A1 (en) | Storage medium and method for storing data decrypting algorithm | |
| Suhler et al. | Software Authorization Systems. | |
| JPS6358538A (en) | Software protecting system | |
| JPH10260902A (en) | Information protecting method | |
| JPH01194029A (en) | Device for preventing program from being furtively used | |
| IE914474A1 (en) | Security of stored data | |
| USRE39802E1 (en) | Storage medium for preventing an irregular use by a third party | |
| KR200367258Y1 (en) | Software security driving apparatus using portable storage apparatus | |
| JPS6313209B2 (en) | ||
| JPH09319572A (en) | Device for managing use of software |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MKLA | Lapsed |