CA1290070C - Implementing privilege on microprocessor systems for use in software asset protection - Google Patents
Implementing privilege on microprocessor systems for use in software asset protectionInfo
- Publication number
- CA1290070C CA1290070C CA000550161A CA550161A CA1290070C CA 1290070 C CA1290070 C CA 1290070C CA 000550161 A CA000550161 A CA 000550161A CA 550161 A CA550161 A CA 550161A CA 1290070 C CA1290070 C CA 1290070C
- Authority
- CA
- Canada
- Prior art keywords
- application
- read
- memory device
- secure
- processor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 230000015654 memory Effects 0.000 claims abstract description 45
- 238000012545 processing Methods 0.000 claims abstract description 22
- 230000004044 response Effects 0.000 claims abstract 3
- 230000006870 function Effects 0.000 claims description 25
- 230000008878 coupling Effects 0.000 claims 1
- 238000010168 coupling process Methods 0.000 claims 1
- 238000005859 coupling reaction Methods 0.000 claims 1
- 230000009977 dual effect Effects 0.000 abstract description 3
- 150000002500 ions Chemical class 0.000 description 8
- 230000006854 communication Effects 0.000 description 6
- 238000004891 communication Methods 0.000 description 6
- 238000012546 transfer Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 3
- 238000000034 method Methods 0.000 description 3
- NSMXQKNUPPXBRG-SECBINFHSA-N (R)-lisofylline Chemical compound O=C1N(CCCC[C@H](O)C)C(=O)N(C)C2=C1N(C)C=N2 NSMXQKNUPPXBRG-SECBINFHSA-N 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- DIWRORZWFLOCLC-UHFFFAOYSA-N Lorazepam Chemical compound C12=CC(Cl)=CC=C2NC(=O)C(O)N=C1C1=CC=CC=C1Cl DIWRORZWFLOCLC-UHFFFAOYSA-N 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000007175 bidirectional communication Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 150000001768 cations Chemical class 0.000 description 1
- 239000002131 composite material Substances 0.000 description 1
- 230000001066 destructive effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000001747 exhibiting effect Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
Abstract
?9-86-086 IMPLEMENTING PRIVILEGE ON MICROPROCESSOR SYSTEM FOR
USE IN SOFTWARE ASSET PROTECTION
ABSTRACT OF THE DISCLOSURE
A dual privilege level coprocessor especially suited for use in a software asset protection system is described.
The coprocessor includes a supervisor processing element and an application processing element. The supervisor processing element includes a supervisor processor and dedicated supervisor random access and read only memory.
The application processing element includes an application processor, an application random access memory, a secure random access memory, a low privilege read only memory, and a high privilege read only memory. An internal bus couples the supervisor processor, application processor, high and low privilege random access memories, application random access memory and secure random access memory. The high privilege read only memory and the secure random access memory are enabled only in response to dedicated control signals from the supervisor processor. While the application processor in combination with the low privilege random access memory has many general purpose computing capabilities, it is incapable of executing input or output operations. An input/output device is controlled by the supervisor processor. The secure random access memory is provided for storage of sensitive information such as decryption keys. The coprocessor implements a low privilege level of operation for the purpose of executing protected software which is
USE IN SOFTWARE ASSET PROTECTION
ABSTRACT OF THE DISCLOSURE
A dual privilege level coprocessor especially suited for use in a software asset protection system is described.
The coprocessor includes a supervisor processing element and an application processing element. The supervisor processing element includes a supervisor processor and dedicated supervisor random access and read only memory.
The application processing element includes an application processor, an application random access memory, a secure random access memory, a low privilege read only memory, and a high privilege read only memory. An internal bus couples the supervisor processor, application processor, high and low privilege random access memories, application random access memory and secure random access memory. The high privilege read only memory and the secure random access memory are enabled only in response to dedicated control signals from the supervisor processor. While the application processor in combination with the low privilege random access memory has many general purpose computing capabilities, it is incapable of executing input or output operations. An input/output device is controlled by the supervisor processor. The secure random access memory is provided for storage of sensitive information such as decryption keys. The coprocessor implements a low privilege level of operation for the purpose of executing protected software which is
Description
~2~ 7(~
~09-86-086 -1-USE IN SOFTWARE ASSET PROTECTION
DESCRIPTION
Technical Field The invention is in the field of data processing, and particularly with respect to a software copy protection mechanism. That mechanism re~uires a two privilege state processor, and the present invention provides a dual privilege processor which can be implemented using currently available low cost processors which inherently do not provide the desired multi-level privilege structure.
Cross-Reference to Related Patents ~ Reerence is made to the following issued patents, assigned to the assignee of this application:
U.S. Patent No. 4,916,738, issued April 10, 1990;
U.S. Patent No. 4,817,140, issued March 28, 1989; U.S.
Patent No. 4,860,351, issued August 22, 1989;
Background Patent No. 4,817,140, describes a software cop-~protection mechanism which is unique in that it segregates the right to execute a particular piece of application software from a copy of the software itself.
The sof-tware is protected to the extent that it is di~stributed in encrypted form. The protected software is executable on a composite computiny system including a conventional host (which may be a mainframe computer although typically it would be represented by a PC) in combination with a physically and logically secure coprocessor. The logically and physically secure coprocessor basically performs two essential functions.
The coprocessor stores a software decryption key (AK) for a protected application in secure, non-volatile storage;
the software decryption key (AK) when installed in a coprocessor represents the user's right to execute the protected application. The coprocessor also efects the decryption and execution of the protected application~
and thus while it provides to the host the results of execution of the protected application, the protected application itself is maintained secure.
Typically, the protected application will be represented on a distribution media in at least two files, a first file of plain text software, which (to the extent it is present) is executed on the host, :`
Yoss6-o~6 and a second file of encrypted so~tware which will be ~xecuted on the coprocessorO The coprocessor, since it has access to the software decryp~ion key, can rea~ the software portion provided in encrypted form, -~ S and decryp~ it so that its ran~om acces~ memory stores the protec~ed software in plain text form.
The physical and logical security provided by the coprocessor prevents the user (or a pirate) from obtaining access to clear ~ex~ of the protected ; 10 application. -The co~rocessor execu~es the protected application, passing only results onto the host. In this fashion, the entire application is executed but the user never has access to the pro~ec~ed application in plain text or executable form.
The present invention is direc~ed at a simple, low cost implementation of ~he coprocessor; with respect to its logical security.
Processors exhibiting mul~iple privilege levels have been known in the prior art. With the introduction of multi-processing, the mainframe computer field found a need for implementing privilege structure at least to ensure that user #l's program and/or data did not interfere with or be interfered by user #2's program or data. In many cases the privilege structure was implemented in software. In the past, in the mainframe computing field, the software privilege structure was feasible because the system programmers and system operators were part and parcel of the security system and they would ensure that OV'7(:~
application programs complied with the necesæary privilege structure.
There are processors which provide multi-level privilege structures, but those are too costly for use in such low cost applications as the present invention is directed at. The function of the privilege structure in prior art systems has been the separation of execution spaces of multiple users to insure meaningful, orderly, non-destructive use and allocation of system processing resources but not for cop~y protection of software. These do not always exhibit open architecture.
For the software asset protection mechanism described in issued U.S. Patent No. 4,817,140, to be widely applied, the architecture of the coprocessor must be open to allow widespread use; this necessarily requires that the coprocessor and its instruction set will be widely known.
Without some form of privilege structure, an application program could be written which would access information violating the security requirements, such as decryption keys, or the plain text version of protected software.
More particularly, as described in the issued U.S. Patent No. 4,817,140, the coprocessor must provide functions and data which are not available to the user. These include data encryption and decryp-tion, the right to execute a specific application, and encryption keys. The coprocessor, in addition to implementing security, must also be capable of general purpose computing tasks since the protected portion of any applica-tio~. is intended to be executed on the coprocessor.
It is an aspect of the invention to provide, in accordance with a software asset protection mechanism, logical security for a coprocessor, which eoprocessor is capable of general computing tasks. A further aspect of the invention is to provide logical security for such a coprocessor notwith-standing the fact that the internal architecture and in-struction set for the coprocessor are expected to be widely eirculated and known. ~ further aspect of the present invention is to provide a coprocessor for such a software asset protection mechanism which is capable of storing and using rights to execute implemented in the form of software decryption keys, but which prevent the user from obtaining aecess to any software decryption key. A further aspeet of the present invention is to provide sueh a seeure , eoprocessor which, in the course of executing protected software, will decrypt and store that software in plain text form, but which will deny access to the user to plain text of protected software. A further aspect of the invention is to provide such a coprocessor notwithstanding the fact that the architecture and instruction set of the coprocessor are _ widely known. _-; `' ~, .~ .;, . .
Yos-s6-os6 Summary of the Invention The invention structures the coprocessor so that it consists of two processing elements; one of those two processing elements, referred to hereinafter as the application processor ~AP) is actually used to execute the protected application, and a second processor element, hereinafter referred to as the supervisor processor (SP) is used to control the privilege state of the coprocessor consisting of both the AP and SP.
The coprocessor includes an I/O service element with an I/O
terminal; the I/O service element is controlled by the SP.
In accordance with the invention the SP is responsible for communication with the host and performing tasks based on commands it receives. These tasks include changing the privilege state, data encryption/decryption, and transfer of privilege. The instructions the SP is capable of responding to are defined and thosé definitions are stored in a secure ROM, such that they cannot be modified by external commands.
To further ensure security of the SP, it fetches instructions only from its secure ROM. Data may be fetched or stored to its internal register file or external random access memory.
On the other hand, the AP is, for the most part, a-general purpose processor since it must execute application code, and is capable of fetching instructions and/or data in RAM
or ROM. The RAM and/or ROM used by the AP is ~09-86-08~
~: logically and/or physically separate from that o the SP. While the AP can perform many general purpose ~ computing functions, it has no I/O capability and :~: thus canno~ transfer to the host any data or ~ 5 sof~ware. When the host computer reques~s execution :
of a protected program, the first function of the SP
is to clear the AP RAM; thereafter the SP reads the encrypted application code and employing the :: appropriat~ software decryption key, stores thP
decrypted application code in the AP RAM. The SP
then issues a start instruction to the AP. Since the ~P does not have access to the SP memory, programs writte~ to de~eat the security system cannot rPad or transfer data such as encryption keys or the right to ~15 ex~cu~e application~. The SP is programmed to : ~ransfer to the host only ~he xesults of processing informa~ion from t~e AP memory, Accordingly, the invention provides a logically secure processor with an I/o terminal ~or input o~
output operations with protection from allowing access to protected data stored in the processor.
The logically secure processor comprises an application processor for executing software in accordance with a first set of executable operations.
The apparatus further includes a supervisor processor coupled to and controlling th~ application processor and a system bus coupled to both the supervisor and application processor. The apparatus further includes an I/O terminal coupled to and controlled by YOg86-086 :
; the supervisor processor. The apparatus further includes a secure read only memory device and a secure read/write memory device. These are coupled to the system bus and controlled by the supervisor processox. The secure xead only memory has conten~s defining a second set of operations executable by the application processor only when the secure memory devices are enabled by ~he supervisor processor.
"~ Thus, the application processor, ln responding to external commands via ~he system bu~, is prohibited from performing operations requiring access to the secure read only memory device or secure read/write memory device, absent enablement of the secure memory devices by th~ supervisor processor.
In the foregoing description ~he firs~ se~ of executable operations (those performable by the application processor) are ~ypical of general data processing techniques except that the first set of executable operations doe~s not include input or ou~put opexations.
In genexal, the logically secure processor operates in one of two privilege states, a high privilege state or a low privilege state. In the low privilege state, essentially the only function being performed is executing protected software by the application processor. While the protected software is stored in random access memory available to the application processor ~as it must be for the application processor to execute it), the inahility of the application processor to output any information oss6-os6 9 :~
ensures that the protected application is secure from access by the user, or anyone else, via the ~ application processor. Since the application -~ processor is controlled by the supervisor processor, the application processor is only initiated into operation by action of the supervi~or processor.
Furthermore, as a protection mechanism, prior to !',,-, . ~
~ loading a protected applica~ion in the application ;~ processor random access memory, the supervisor processor clears that memory. The low privilege state of operation of the secure processor can be considered a service to the software vendor, since while it provides the user wi~h the right to execute-the software, it protects that software from ` 15 unauthorized access (as a service to the software vendor).
~ .
The logically secure processor also operates in a high privilege state, the high privilQge state can be consid~red a service to ~he hardware vendor in that it guarantees the security offered, from the hardware vendor to the co~lection of software vendors. In the high privilege state, the logically secure processor is capable of manipulating rights to execute, i.e.
acquiring rights and transferring rights, which necessarily requires manipulation of decryption keys stored in a secure random access memory. While the secure random access memory which provides for storage of decryption keys could be arranged to be solely accessible by the supervisor processor, such architecture would re~uire that the supervisor processor per se be capable of itself performing all , . . .
: YO986-086 ': ~
those funrtions necessary to decryption key ; managemen~. As ~escribed in this application, however, such architecture could be considered inefficient since the application processor is ; 5 already available and, as already indicated, has general computing capabilities. Accordingly, the secure random access memory i~ arranged so as to be ~ accessible to the application processor, along with a ~: secure read only memory. While both such memories are accessible to the application processor, access to those memory devices is controlled by ~he ~ supervisor processox. More particularly, both the : secure random access memory and the secure read only memory respond to enable signals from the supervisor processor, and o~ly in the presence of an appropriate enabling signal from the supervisor processor, can the application processor access these memory devices. The secure read on~y memory device in effect defines a second set of executable operations : 20 performable by the application processor; the second set of executable operations.includes those operations whose execution is required from the coprocessor in the high privilege state. The high - privilege state is characterized by those operations which require decryption key mana~ement, transfer or manipulation. Security for this sensitive data is assured by the requirement for the presence of an enabling signal generated by the supervisor processor before such data is accessible.
Finally, the supervisor processor, which controls all of the foregoing functions, has access to dedicated 3~Z~'7(~
Y09-86-~86 random access and read only memory devices, i.e. devices not accessible by the application processor.
Thus, the dedicated read only memory defines a third set of executable operations performable by the supervisor processor including changing privile~e levels, I/0 operation and at least supervisor of key management.
Brief Description of the Drawings The presen-t invention will noW be described in such further detail so as to enable those skilled in the art to practice the same, in the following portions of this specification when taken in conjunction with the attached drawings in which like reference characters identify identical apparatus and in which:
Fig. 1 is a block diagram showing a typical application of the logically secure processor of this invention;
Fig. 2 is a detail block diagram of one embodiment of a logically secure processor in accordance with this invention; and Figs. 3 and 4 are respectively copies of Figs. 8 and 9B
from U.S. issued Patent No. 4,817,140, describing functions required of the coprocessor.
Detailed Description of Preferred Embodiments Fig. 1 shows a combined processing system suitable for implementing the software asset protection mechanism o~
U.S. Patent No. 4,817,140. In particular, -the combined processing system includes a host system 10 which may be a mainframe computer, although in the typical application it will be a PC such as the IBM~ PC. A secure coprocessor 20 is capable of communicating, bidirectionally, with the host system 10 via a communication link 14. The secure coprocessor 20 in accordance with the invention is physically secure; that security is denoted by the dashed rectangle interior of the borders in the coprocessor 20.
Such physical security can be provided in accordance with the techniques described in U.S. Patent No. 4,860,351, or other techniques. The host system 10 has an I/O path 12.
Other peripheral components which may be associated with the host system 10 and/or the secure coprocessor 20 are not specifically called out in Fig. l; reference is made to U.S. Patent No. 4,817,140, for a more detailed illustration of such peripheral equipment.
The protected software lS is made available to the host system 10; because of the characteristics of the protected software 15, the user of the host system 10 does not have access to that application in plain text form. Allowing the user access to the 7~
application in plain text form would enable him to duplicate usable copies of the software. Rather, the protected software includes at least an encrypted portion; and it is the encrypted portion which is subject to the protection of the software asset protection mechanism described in U.S. Patent No. 4,817,140. In accordance with this software asset protection mechanism, the secure coprocessor 20 may store a distinct right to execute, represented in the form of a software decryption key; how that distinct right to execute is transferred to the secure coprocessor 20 is described in the U.S. Patent No. 4,817,140. When the user desires execution of the protected application, a utility program running in the host 10 signals the secure coprocessor 20 that a Load-Decrypt-Run (LDR) sequence is to begin. As part of that sequence, the encrypted portion of the application is transferred to the secure coprocessor 20 and therein it is decrypted. At various times during execution of the application, the secure coprocessor 20 may be called on to execute the protected portion of the application, passing results onto the host system 10. Accordingly, the logical characteristics of the secure coprocessor 20 play a large role in implementing the software asset protection mechanism. In particular, the software decryption key or ~eys which may be stored in the secure coprocessor 20 should be, and remain, unavailable to the user (access by the user to any of the software decryption keys would allow the user to decrypt the corresponding protected application portion, which ~ `
-3L;~91~137~
, ~0~86-086 would defeat the sof~ware ass~t protection mechanism) and the decrypted form of the protected portion of the application, which is stored in the read/write memory of the secure coprocessor 20, should also be unavailable to the user; only the results of the execution of that software should be provided to the user. As has already been mentioned, the physical security of the coprocessor 20 is beyond the scope of the present invention. The logical security of the coprocessor 20 is the subjec~ of this invention.
Fig. 2 is a block diagram showing a logically secure coprocessor 20 in accordance with the present ~` invention. More particularly, the secure coprocessor ~- 20; as seen in Fig. 2, includes a supervisor processor element 201 and an application processor ; element 240; as shown in Fig. 2 both elements 201 and 240 are protec~ed by the physical securit~0 More particularly, the supervisor element 201 includes a processor 210 and protected memory 220. Protected memory 220 includes both read only memory as well as read/write memory. The only access to the protected memory 220 is from/to the supervisor processor 210.
The application processor element 240 includes a number of components; specifically an application 25 processor 242, a high privilege read only memory 241, a low privilege read only memory 245, a random access AP memory 243, a key storage memory 246 and a communications buffer 244. All of the foregoing elements communicate among each other and with the 7~
processor 210 via an internal bus 250. Tws of the foregoiny memories, specifically the high privilege read only memory 241 and the key store 246 have, in addition ko address input and output terminals, an enable terminal ~EN) which is controlled by the supervisor processor 210.
Only in the presence of a predetermined enable siynal at the EN terminal, will the corresponding memory respond to its address inputs with information output. The supervisor processor element 201 also includes an I/O
service element 247. The I/O service element 247 in turn is the link to the bidirectional communication link 14 through which the secure coprocessor 20 communicates with the host system 10. only in the presence of a predetermined enable signal from the SP, at the EN
terminal of the I/O servlce element, will the I/O service element respond.
Of the various tasks executed by the supervisor processor 210 and the application processor 242, the supervisor is responsible for communication with the host 10 and performing tasks based on the commands it receives. These tasks include changing the privilege state of the secure coprocessor 20 (between distinct high privilege and low privilege states), data encryption/decryption and privilege transfers. The particular functions of the supervisor processor 210 are defined in the read only memory portion of the protected memory 220 and hence are not modifiable by ~90070 any external agency or command. The supervisor processor 210 fetches instructions only from the read only memory portion of the memory 220; the supervisor processor 210 may fetch data from or store data to its internal register file or an external random access memory portion of the protected memory 220. Supervisor processor 210 may also store data in any of the elements 243, 244, 246 as is permitted by its instruction set.
On the other hand, the application processing element 240 is a general purpose processor since it must execute application code and is capable of fetching instructions and/or data from either read/write memory or read only memory. Memory employed by the application processor 242 is logically and/or physically separate from the protected memory 220.
In general when the host 10 requests execution of a protected program, the supervisor processor 210 responds by first clearing the application processor random access memory 243. The supervisor processor 210 then fetches (for example from the application disk) the encrypted portion of the application and, employing the appropriate software decryption key, access from the key store 246, the encrypted application portion is decrypted and stored in the application processor RAM 243. It will be understood that the fetch may be indirect via host 10 as lescribed in U.S. Patent No. 4,817,140. The supervisor processor 210 then issues a start instruction to the application pxocessor 242. The supervisor processor 210 also supervises the output operation, transferring results from the execution by the applicatian proce~sor 242 via the I/O service element 247 to the host 10.
.
During the course of i~s execution, ~he application processor 242 of course executes the protected application from RAM 243. Because of the interconnections of the various elements, there are . 10 some things the application processor 242 is simply incapable of achieving. For example, the application processor 242 cannot transfer any keys from the key store 246, since the key store 246 can only be enabled by the supervisor pxocessor 210.
The foregoing is an example o~ the application processor 242 working in a low privilege state. In ~hat state any request, for example by the host 10, to read the protected memory 220 of the supervisor, would not be honored si~ce ~he supervisor is programmed to ~ransfer only information rrom the -; application processor RAM 243. Other illegal commands that might be issued by the host 10 would require the supervisor 201 to output decryption keys;
- again the supervisor 201 would merely clear the AP
RAM 243 and wait for a new command.
While the supervisor processor 210 may have general purpose processing capabilities, those capabilities are not essential (though they are preferred). The supervisor processor 210 can call on the appllcation processor 242 to perform selected tasks for it; these tasks can involve high privilege information, such as manipulation of decryption keys and the like since the supervlsor 201 can require the application processing element 240 to operate in a high privilege state. In this state, the application processing element 240 executes instructions contained solely in the high privileye ~OM
241, and of course the high privilege ROM 241 would prohibit the application processor 242 from outputting high privilege information such as decryption keys to the host 10. Thus, the supervisor element 201, by controlling the addressability of the application processing element 240, allows the processing power of the application processing element 240 to be applied to security or high privilege tasks. The application processor 242 and supervisor processor 210 can communicate either via the bus 250 or through the communication buffer 244; and it should be understood that the communication buffer 244 can correspond to a dedicated RAM location.
As thus far described, the invention has the advantage of being simple to construct from currently available microcircuits, which in themselves inherently have no privilege structure but yet the coprocessor 20 shown in Fig. 2 does possess a dual privilege structure, as described.
.
Fig. 3 corresponds to Fig. 8 in U.S. Patent No.
4,817,140, and describes the functions executed by -YO986-086 ~ ~ ~
;
,:
the coprocessor 20 in order to perform an Acquire-Right-to-Execute function. In order to ac~uire right to execute, the coprocessor 20 mus~ have access to at least three files of information, the protected application, encrypted under a software decryption key AK, the software decryption key itself encrypted under the hardware vendor's key CSK and a third file which is used to authenticate the user's right to execute in connec~ion wi~h a use snce token. As shown in Fig. 3, ~unctions Cl and C2 ac~uire the encrypted decryption key and~ employing the hardware vendor's key C~K (provided as part of the secure memory of the coprocessor), decr~pting the software decryp~ion key AK. S~eps C3-C10 authenticate the user's ri~ht to execute; if that right is considered valid, ~unctions C13 and C14 are performed and, on the other hand, if tha~ righk is not oonsidered valid then function Cli is performed. Success~ul : conclusion of the ARE s~quence leaves the secure key storage memory 246 in a different condition than it ; was in prior to operation of the sequence; that difference is the presence, in that memory, of the software decryption key AK. At least the functions C2 and C13 require the copxocessor 20 to access the secure key storage 246 and, for that reason, the ~RE
sequence is considered a high privilege operation.
While the supervisor processor 210 could theoretically perform all these functions wholly divorced from the application processor 242, it is an advantage of the invention that the application processor 2~2 could execute many if not all the functions so long as it was properly authorized by YO98~-~86 ;; 2 ' ~
t~e supervisor prsce~sor 21~. ~hat authorization would include at leas~ e~abl~g the high privilege : read only memory 241 a~d th~ secure key storage memory 246.
Once the copro~essor 20 has a~quired ~he righ~ to execute (stored the application decryption key AX in :~ : its secure key storage memury 246~, when a user re~uests execution of the pro~ected appl~cation the seguence shown in Fig. ~ is executed.
~eferring to Fig. ~, functi~s C16 ~nd C17 identify the particular softw~re decryption key li there is ~ e tha~ one~ an~ cce~s it ~rom ~he s~cure key st~rage memory-246. ~i~h access to the decryption key AK, ~un~tions ~1~ and C19 obtain ~he e~rypted protected app~ica~ion and ~C19~ decrypt ~hat applica~ion . Function Cl9 in~:ludes ~ al~hough it is nc~t expressly shown in Fig. 4) the prepara~ory function of clearing the ap~lication processor random access memory 243, preparatory ~o loading the decrypted software therein. Function C21 is the execution, by the application processor, of the decrypted software.
/
Inasmuch as the functions C16-C19 require access to the key storage memory 246, these functions come within the ambit of high privilege operation and accordingly supervisor processor 210 permission is required for their execution. While it ls within the scope of the invention to have these functions perform~d by the supervisor processor 210, it is also .
: YO986-086 ~9~7~
; 21 ;
within the scope of the invention to enable the : application processor to perform ~hese func~ions under the supervision of the supervisor processor 210. Function C21, on ~he other hand, is a low S privilege operation and is exe~uted by the application proeessor. To the extent that function C21 requires transmission of execution results from :-- the application processor element 240 (and specifically from the AP RAM 243j to the host 10, that I/O operation is executed by the supervisor processox 210~
~09-86-086 -1-USE IN SOFTWARE ASSET PROTECTION
DESCRIPTION
Technical Field The invention is in the field of data processing, and particularly with respect to a software copy protection mechanism. That mechanism re~uires a two privilege state processor, and the present invention provides a dual privilege processor which can be implemented using currently available low cost processors which inherently do not provide the desired multi-level privilege structure.
Cross-Reference to Related Patents ~ Reerence is made to the following issued patents, assigned to the assignee of this application:
U.S. Patent No. 4,916,738, issued April 10, 1990;
U.S. Patent No. 4,817,140, issued March 28, 1989; U.S.
Patent No. 4,860,351, issued August 22, 1989;
Background Patent No. 4,817,140, describes a software cop-~protection mechanism which is unique in that it segregates the right to execute a particular piece of application software from a copy of the software itself.
The sof-tware is protected to the extent that it is di~stributed in encrypted form. The protected software is executable on a composite computiny system including a conventional host (which may be a mainframe computer although typically it would be represented by a PC) in combination with a physically and logically secure coprocessor. The logically and physically secure coprocessor basically performs two essential functions.
The coprocessor stores a software decryption key (AK) for a protected application in secure, non-volatile storage;
the software decryption key (AK) when installed in a coprocessor represents the user's right to execute the protected application. The coprocessor also efects the decryption and execution of the protected application~
and thus while it provides to the host the results of execution of the protected application, the protected application itself is maintained secure.
Typically, the protected application will be represented on a distribution media in at least two files, a first file of plain text software, which (to the extent it is present) is executed on the host, :`
Yoss6-o~6 and a second file of encrypted so~tware which will be ~xecuted on the coprocessorO The coprocessor, since it has access to the software decryp~ion key, can rea~ the software portion provided in encrypted form, -~ S and decryp~ it so that its ran~om acces~ memory stores the protec~ed software in plain text form.
The physical and logical security provided by the coprocessor prevents the user (or a pirate) from obtaining access to clear ~ex~ of the protected ; 10 application. -The co~rocessor execu~es the protected application, passing only results onto the host. In this fashion, the entire application is executed but the user never has access to the pro~ec~ed application in plain text or executable form.
The present invention is direc~ed at a simple, low cost implementation of ~he coprocessor; with respect to its logical security.
Processors exhibiting mul~iple privilege levels have been known in the prior art. With the introduction of multi-processing, the mainframe computer field found a need for implementing privilege structure at least to ensure that user #l's program and/or data did not interfere with or be interfered by user #2's program or data. In many cases the privilege structure was implemented in software. In the past, in the mainframe computing field, the software privilege structure was feasible because the system programmers and system operators were part and parcel of the security system and they would ensure that OV'7(:~
application programs complied with the necesæary privilege structure.
There are processors which provide multi-level privilege structures, but those are too costly for use in such low cost applications as the present invention is directed at. The function of the privilege structure in prior art systems has been the separation of execution spaces of multiple users to insure meaningful, orderly, non-destructive use and allocation of system processing resources but not for cop~y protection of software. These do not always exhibit open architecture.
For the software asset protection mechanism described in issued U.S. Patent No. 4,817,140, to be widely applied, the architecture of the coprocessor must be open to allow widespread use; this necessarily requires that the coprocessor and its instruction set will be widely known.
Without some form of privilege structure, an application program could be written which would access information violating the security requirements, such as decryption keys, or the plain text version of protected software.
More particularly, as described in the issued U.S. Patent No. 4,817,140, the coprocessor must provide functions and data which are not available to the user. These include data encryption and decryp-tion, the right to execute a specific application, and encryption keys. The coprocessor, in addition to implementing security, must also be capable of general purpose computing tasks since the protected portion of any applica-tio~. is intended to be executed on the coprocessor.
It is an aspect of the invention to provide, in accordance with a software asset protection mechanism, logical security for a coprocessor, which eoprocessor is capable of general computing tasks. A further aspect of the invention is to provide logical security for such a coprocessor notwith-standing the fact that the internal architecture and in-struction set for the coprocessor are expected to be widely eirculated and known. ~ further aspect of the present invention is to provide a coprocessor for such a software asset protection mechanism which is capable of storing and using rights to execute implemented in the form of software decryption keys, but which prevent the user from obtaining aecess to any software decryption key. A further aspeet of the present invention is to provide sueh a seeure , eoprocessor which, in the course of executing protected software, will decrypt and store that software in plain text form, but which will deny access to the user to plain text of protected software. A further aspect of the invention is to provide such a coprocessor notwithstanding the fact that the architecture and instruction set of the coprocessor are _ widely known. _-; `' ~, .~ .;, . .
Yos-s6-os6 Summary of the Invention The invention structures the coprocessor so that it consists of two processing elements; one of those two processing elements, referred to hereinafter as the application processor ~AP) is actually used to execute the protected application, and a second processor element, hereinafter referred to as the supervisor processor (SP) is used to control the privilege state of the coprocessor consisting of both the AP and SP.
The coprocessor includes an I/O service element with an I/O
terminal; the I/O service element is controlled by the SP.
In accordance with the invention the SP is responsible for communication with the host and performing tasks based on commands it receives. These tasks include changing the privilege state, data encryption/decryption, and transfer of privilege. The instructions the SP is capable of responding to are defined and thosé definitions are stored in a secure ROM, such that they cannot be modified by external commands.
To further ensure security of the SP, it fetches instructions only from its secure ROM. Data may be fetched or stored to its internal register file or external random access memory.
On the other hand, the AP is, for the most part, a-general purpose processor since it must execute application code, and is capable of fetching instructions and/or data in RAM
or ROM. The RAM and/or ROM used by the AP is ~09-86-08~
~: logically and/or physically separate from that o the SP. While the AP can perform many general purpose ~ computing functions, it has no I/O capability and :~: thus canno~ transfer to the host any data or ~ 5 sof~ware. When the host computer reques~s execution :
of a protected program, the first function of the SP
is to clear the AP RAM; thereafter the SP reads the encrypted application code and employing the :: appropriat~ software decryption key, stores thP
decrypted application code in the AP RAM. The SP
then issues a start instruction to the AP. Since the ~P does not have access to the SP memory, programs writte~ to de~eat the security system cannot rPad or transfer data such as encryption keys or the right to ~15 ex~cu~e application~. The SP is programmed to : ~ransfer to the host only ~he xesults of processing informa~ion from t~e AP memory, Accordingly, the invention provides a logically secure processor with an I/o terminal ~or input o~
output operations with protection from allowing access to protected data stored in the processor.
The logically secure processor comprises an application processor for executing software in accordance with a first set of executable operations.
The apparatus further includes a supervisor processor coupled to and controlling th~ application processor and a system bus coupled to both the supervisor and application processor. The apparatus further includes an I/O terminal coupled to and controlled by YOg86-086 :
; the supervisor processor. The apparatus further includes a secure read only memory device and a secure read/write memory device. These are coupled to the system bus and controlled by the supervisor processox. The secure xead only memory has conten~s defining a second set of operations executable by the application processor only when the secure memory devices are enabled by ~he supervisor processor.
"~ Thus, the application processor, ln responding to external commands via ~he system bu~, is prohibited from performing operations requiring access to the secure read only memory device or secure read/write memory device, absent enablement of the secure memory devices by th~ supervisor processor.
In the foregoing description ~he firs~ se~ of executable operations (those performable by the application processor) are ~ypical of general data processing techniques except that the first set of executable operations doe~s not include input or ou~put opexations.
In genexal, the logically secure processor operates in one of two privilege states, a high privilege state or a low privilege state. In the low privilege state, essentially the only function being performed is executing protected software by the application processor. While the protected software is stored in random access memory available to the application processor ~as it must be for the application processor to execute it), the inahility of the application processor to output any information oss6-os6 9 :~
ensures that the protected application is secure from access by the user, or anyone else, via the ~ application processor. Since the application -~ processor is controlled by the supervisor processor, the application processor is only initiated into operation by action of the supervi~or processor.
Furthermore, as a protection mechanism, prior to !',,-, . ~
~ loading a protected applica~ion in the application ;~ processor random access memory, the supervisor processor clears that memory. The low privilege state of operation of the secure processor can be considered a service to the software vendor, since while it provides the user wi~h the right to execute-the software, it protects that software from ` 15 unauthorized access (as a service to the software vendor).
~ .
The logically secure processor also operates in a high privilege state, the high privilQge state can be consid~red a service to ~he hardware vendor in that it guarantees the security offered, from the hardware vendor to the co~lection of software vendors. In the high privilege state, the logically secure processor is capable of manipulating rights to execute, i.e.
acquiring rights and transferring rights, which necessarily requires manipulation of decryption keys stored in a secure random access memory. While the secure random access memory which provides for storage of decryption keys could be arranged to be solely accessible by the supervisor processor, such architecture would re~uire that the supervisor processor per se be capable of itself performing all , . . .
: YO986-086 ': ~
those funrtions necessary to decryption key ; managemen~. As ~escribed in this application, however, such architecture could be considered inefficient since the application processor is ; 5 already available and, as already indicated, has general computing capabilities. Accordingly, the secure random access memory i~ arranged so as to be ~ accessible to the application processor, along with a ~: secure read only memory. While both such memories are accessible to the application processor, access to those memory devices is controlled by ~he ~ supervisor processox. More particularly, both the : secure random access memory and the secure read only memory respond to enable signals from the supervisor processor, and o~ly in the presence of an appropriate enabling signal from the supervisor processor, can the application processor access these memory devices. The secure read on~y memory device in effect defines a second set of executable operations : 20 performable by the application processor; the second set of executable operations.includes those operations whose execution is required from the coprocessor in the high privilege state. The high - privilege state is characterized by those operations which require decryption key mana~ement, transfer or manipulation. Security for this sensitive data is assured by the requirement for the presence of an enabling signal generated by the supervisor processor before such data is accessible.
Finally, the supervisor processor, which controls all of the foregoing functions, has access to dedicated 3~Z~'7(~
Y09-86-~86 random access and read only memory devices, i.e. devices not accessible by the application processor.
Thus, the dedicated read only memory defines a third set of executable operations performable by the supervisor processor including changing privile~e levels, I/0 operation and at least supervisor of key management.
Brief Description of the Drawings The presen-t invention will noW be described in such further detail so as to enable those skilled in the art to practice the same, in the following portions of this specification when taken in conjunction with the attached drawings in which like reference characters identify identical apparatus and in which:
Fig. 1 is a block diagram showing a typical application of the logically secure processor of this invention;
Fig. 2 is a detail block diagram of one embodiment of a logically secure processor in accordance with this invention; and Figs. 3 and 4 are respectively copies of Figs. 8 and 9B
from U.S. issued Patent No. 4,817,140, describing functions required of the coprocessor.
Detailed Description of Preferred Embodiments Fig. 1 shows a combined processing system suitable for implementing the software asset protection mechanism o~
U.S. Patent No. 4,817,140. In particular, -the combined processing system includes a host system 10 which may be a mainframe computer, although in the typical application it will be a PC such as the IBM~ PC. A secure coprocessor 20 is capable of communicating, bidirectionally, with the host system 10 via a communication link 14. The secure coprocessor 20 in accordance with the invention is physically secure; that security is denoted by the dashed rectangle interior of the borders in the coprocessor 20.
Such physical security can be provided in accordance with the techniques described in U.S. Patent No. 4,860,351, or other techniques. The host system 10 has an I/O path 12.
Other peripheral components which may be associated with the host system 10 and/or the secure coprocessor 20 are not specifically called out in Fig. l; reference is made to U.S. Patent No. 4,817,140, for a more detailed illustration of such peripheral equipment.
The protected software lS is made available to the host system 10; because of the characteristics of the protected software 15, the user of the host system 10 does not have access to that application in plain text form. Allowing the user access to the 7~
application in plain text form would enable him to duplicate usable copies of the software. Rather, the protected software includes at least an encrypted portion; and it is the encrypted portion which is subject to the protection of the software asset protection mechanism described in U.S. Patent No. 4,817,140. In accordance with this software asset protection mechanism, the secure coprocessor 20 may store a distinct right to execute, represented in the form of a software decryption key; how that distinct right to execute is transferred to the secure coprocessor 20 is described in the U.S. Patent No. 4,817,140. When the user desires execution of the protected application, a utility program running in the host 10 signals the secure coprocessor 20 that a Load-Decrypt-Run (LDR) sequence is to begin. As part of that sequence, the encrypted portion of the application is transferred to the secure coprocessor 20 and therein it is decrypted. At various times during execution of the application, the secure coprocessor 20 may be called on to execute the protected portion of the application, passing results onto the host system 10. Accordingly, the logical characteristics of the secure coprocessor 20 play a large role in implementing the software asset protection mechanism. In particular, the software decryption key or ~eys which may be stored in the secure coprocessor 20 should be, and remain, unavailable to the user (access by the user to any of the software decryption keys would allow the user to decrypt the corresponding protected application portion, which ~ `
-3L;~91~137~
, ~0~86-086 would defeat the sof~ware ass~t protection mechanism) and the decrypted form of the protected portion of the application, which is stored in the read/write memory of the secure coprocessor 20, should also be unavailable to the user; only the results of the execution of that software should be provided to the user. As has already been mentioned, the physical security of the coprocessor 20 is beyond the scope of the present invention. The logical security of the coprocessor 20 is the subjec~ of this invention.
Fig. 2 is a block diagram showing a logically secure coprocessor 20 in accordance with the present ~` invention. More particularly, the secure coprocessor ~- 20; as seen in Fig. 2, includes a supervisor processor element 201 and an application processor ; element 240; as shown in Fig. 2 both elements 201 and 240 are protec~ed by the physical securit~0 More particularly, the supervisor element 201 includes a processor 210 and protected memory 220. Protected memory 220 includes both read only memory as well as read/write memory. The only access to the protected memory 220 is from/to the supervisor processor 210.
The application processor element 240 includes a number of components; specifically an application 25 processor 242, a high privilege read only memory 241, a low privilege read only memory 245, a random access AP memory 243, a key storage memory 246 and a communications buffer 244. All of the foregoing elements communicate among each other and with the 7~
processor 210 via an internal bus 250. Tws of the foregoiny memories, specifically the high privilege read only memory 241 and the key store 246 have, in addition ko address input and output terminals, an enable terminal ~EN) which is controlled by the supervisor processor 210.
Only in the presence of a predetermined enable siynal at the EN terminal, will the corresponding memory respond to its address inputs with information output. The supervisor processor element 201 also includes an I/O
service element 247. The I/O service element 247 in turn is the link to the bidirectional communication link 14 through which the secure coprocessor 20 communicates with the host system 10. only in the presence of a predetermined enable signal from the SP, at the EN
terminal of the I/O servlce element, will the I/O service element respond.
Of the various tasks executed by the supervisor processor 210 and the application processor 242, the supervisor is responsible for communication with the host 10 and performing tasks based on the commands it receives. These tasks include changing the privilege state of the secure coprocessor 20 (between distinct high privilege and low privilege states), data encryption/decryption and privilege transfers. The particular functions of the supervisor processor 210 are defined in the read only memory portion of the protected memory 220 and hence are not modifiable by ~90070 any external agency or command. The supervisor processor 210 fetches instructions only from the read only memory portion of the memory 220; the supervisor processor 210 may fetch data from or store data to its internal register file or an external random access memory portion of the protected memory 220. Supervisor processor 210 may also store data in any of the elements 243, 244, 246 as is permitted by its instruction set.
On the other hand, the application processing element 240 is a general purpose processor since it must execute application code and is capable of fetching instructions and/or data from either read/write memory or read only memory. Memory employed by the application processor 242 is logically and/or physically separate from the protected memory 220.
In general when the host 10 requests execution of a protected program, the supervisor processor 210 responds by first clearing the application processor random access memory 243. The supervisor processor 210 then fetches (for example from the application disk) the encrypted portion of the application and, employing the appropriate software decryption key, access from the key store 246, the encrypted application portion is decrypted and stored in the application processor RAM 243. It will be understood that the fetch may be indirect via host 10 as lescribed in U.S. Patent No. 4,817,140. The supervisor processor 210 then issues a start instruction to the application pxocessor 242. The supervisor processor 210 also supervises the output operation, transferring results from the execution by the applicatian proce~sor 242 via the I/O service element 247 to the host 10.
.
During the course of i~s execution, ~he application processor 242 of course executes the protected application from RAM 243. Because of the interconnections of the various elements, there are . 10 some things the application processor 242 is simply incapable of achieving. For example, the application processor 242 cannot transfer any keys from the key store 246, since the key store 246 can only be enabled by the supervisor pxocessor 210.
The foregoing is an example o~ the application processor 242 working in a low privilege state. In ~hat state any request, for example by the host 10, to read the protected memory 220 of the supervisor, would not be honored si~ce ~he supervisor is programmed to ~ransfer only information rrom the -; application processor RAM 243. Other illegal commands that might be issued by the host 10 would require the supervisor 201 to output decryption keys;
- again the supervisor 201 would merely clear the AP
RAM 243 and wait for a new command.
While the supervisor processor 210 may have general purpose processing capabilities, those capabilities are not essential (though they are preferred). The supervisor processor 210 can call on the appllcation processor 242 to perform selected tasks for it; these tasks can involve high privilege information, such as manipulation of decryption keys and the like since the supervlsor 201 can require the application processing element 240 to operate in a high privilege state. In this state, the application processing element 240 executes instructions contained solely in the high privileye ~OM
241, and of course the high privilege ROM 241 would prohibit the application processor 242 from outputting high privilege information such as decryption keys to the host 10. Thus, the supervisor element 201, by controlling the addressability of the application processing element 240, allows the processing power of the application processing element 240 to be applied to security or high privilege tasks. The application processor 242 and supervisor processor 210 can communicate either via the bus 250 or through the communication buffer 244; and it should be understood that the communication buffer 244 can correspond to a dedicated RAM location.
As thus far described, the invention has the advantage of being simple to construct from currently available microcircuits, which in themselves inherently have no privilege structure but yet the coprocessor 20 shown in Fig. 2 does possess a dual privilege structure, as described.
.
Fig. 3 corresponds to Fig. 8 in U.S. Patent No.
4,817,140, and describes the functions executed by -YO986-086 ~ ~ ~
;
,:
the coprocessor 20 in order to perform an Acquire-Right-to-Execute function. In order to ac~uire right to execute, the coprocessor 20 mus~ have access to at least three files of information, the protected application, encrypted under a software decryption key AK, the software decryption key itself encrypted under the hardware vendor's key CSK and a third file which is used to authenticate the user's right to execute in connec~ion wi~h a use snce token. As shown in Fig. 3, ~unctions Cl and C2 ac~uire the encrypted decryption key and~ employing the hardware vendor's key C~K (provided as part of the secure memory of the coprocessor), decr~pting the software decryp~ion key AK. S~eps C3-C10 authenticate the user's ri~ht to execute; if that right is considered valid, ~unctions C13 and C14 are performed and, on the other hand, if tha~ righk is not oonsidered valid then function Cli is performed. Success~ul : conclusion of the ARE s~quence leaves the secure key storage memory 246 in a different condition than it ; was in prior to operation of the sequence; that difference is the presence, in that memory, of the software decryption key AK. At least the functions C2 and C13 require the copxocessor 20 to access the secure key storage 246 and, for that reason, the ~RE
sequence is considered a high privilege operation.
While the supervisor processor 210 could theoretically perform all these functions wholly divorced from the application processor 242, it is an advantage of the invention that the application processor 2~2 could execute many if not all the functions so long as it was properly authorized by YO98~-~86 ;; 2 ' ~
t~e supervisor prsce~sor 21~. ~hat authorization would include at leas~ e~abl~g the high privilege : read only memory 241 a~d th~ secure key storage memory 246.
Once the copro~essor 20 has a~quired ~he righ~ to execute (stored the application decryption key AX in :~ : its secure key storage memury 246~, when a user re~uests execution of the pro~ected appl~cation the seguence shown in Fig. ~ is executed.
~eferring to Fig. ~, functi~s C16 ~nd C17 identify the particular softw~re decryption key li there is ~ e tha~ one~ an~ cce~s it ~rom ~he s~cure key st~rage memory-246. ~i~h access to the decryption key AK, ~un~tions ~1~ and C19 obtain ~he e~rypted protected app~ica~ion and ~C19~ decrypt ~hat applica~ion . Function Cl9 in~:ludes ~ al~hough it is nc~t expressly shown in Fig. 4) the prepara~ory function of clearing the ap~lication processor random access memory 243, preparatory ~o loading the decrypted software therein. Function C21 is the execution, by the application processor, of the decrypted software.
/
Inasmuch as the functions C16-C19 require access to the key storage memory 246, these functions come within the ambit of high privilege operation and accordingly supervisor processor 210 permission is required for their execution. While it ls within the scope of the invention to have these functions perform~d by the supervisor processor 210, it is also .
: YO986-086 ~9~7~
; 21 ;
within the scope of the invention to enable the : application processor to perform ~hese func~ions under the supervision of the supervisor processor 210. Function C21, on ~he other hand, is a low S privilege operation and is exe~uted by the application proeessor. To the extent that function C21 requires transmission of execution results from :-- the application processor element 240 (and specifically from the AP RAM 243j to the host 10, that I/O operation is executed by the supervisor processox 210~
Claims (16)
1. A logically secure processor with an I/O terminal for input or output operations with security for protected data stored in said processor comprising:
application processor means for executing software in accordance with a first set of executable operations, supervisor processor means coupled to and controlling said application processor means, and said I/O terminal, a system bus coupled to both said supervisor and application processor means, a secure read only memory device also coupled to said system bus and controlled by said supervisor processor means, said secure read only memory device having contents defining a second set of operations executable by said application processor means when said secure read only memory device is enabled by said supervisor processor means, whereby said application processor means, responsive to external commands via said system bus, is prohibited from performing operations requiring access to said secure read only memory device absent enablement of said secure read only memory device by said supervisor processor means.
application processor means for executing software in accordance with a first set of executable operations, supervisor processor means coupled to and controlling said application processor means, and said I/O terminal, a system bus coupled to both said supervisor and application processor means, a secure read only memory device also coupled to said system bus and controlled by said supervisor processor means, said secure read only memory device having contents defining a second set of operations executable by said application processor means when said secure read only memory device is enabled by said supervisor processor means, whereby said application processor means, responsive to external commands via said system bus, is prohibited from performing operations requiring access to said secure read only memory device absent enablement of said secure read only memory device by said supervisor processor means.
2. The logically secure processor of claim 1 which further includes:
a secure read/write memory device coupled to said system bus, said secure read/write memory device including means enabling response of said secure read/write memory device to signals on said system bus only on enablement by said supervisor processor means, whereby contents of said secure read/write memory device remain secure notwithstanding connection to said system bus.
a secure read/write memory device coupled to said system bus, said secure read/write memory device including means enabling response of said secure read/write memory device to signals on said system bus only on enablement by said supervisor processor means, whereby contents of said secure read/write memory device remain secure notwithstanding connection to said system bus.
3. The logically secure processor of claim 2 in which said secure read/write memory device is a non-volatile memory device.
4. A coprocessor implementing a software asset protection system requiring protection of application decryption keys comprising the logically secure processor as claimed in claim 2 which includes means to store said application decryption keys in said secure read/write memory device.
5. A coprocessor as claimed in claim 4 in which:
said supervisor processor means includes means to enable reading of said secure read/write memory device to extract therefrom an application decryption key, said application processor means for executing software in accordance with a first set of executable operations includes general data processing capabilities, said secure read only memory device having contents defining a second set of operations executable by said application processor means includes at least decryption function means for decrypting an application relying on an application decryption key read, under control of said supervisor processor means.
said supervisor processor means includes means to enable reading of said secure read/write memory device to extract therefrom an application decryption key, said application processor means for executing software in accordance with a first set of executable operations includes general data processing capabilities, said secure read only memory device having contents defining a second set of operations executable by said application processor means includes at least decryption function means for decrypting an application relying on an application decryption key read, under control of said supervisor processor means.
6. A coprocessor as claimed in claim 5 in which said supervisor processor means includes:
a dedicated read only memory device with contents defining a third set of executable instructions, and means for writing into said secure read/write memory device for storing and destroying application decryption keys in accordance with said third set of executable instructions.
a dedicated read only memory device with contents defining a third set of executable instructions, and means for writing into said secure read/write memory device for storing and destroying application decryption keys in accordance with said third set of executable instructions.
7. A coprocessor as claimed in claim 6 in which said supervisor processor means includes means for fetching instructions exclusively from said dedicated read only memory device.
8. A coprocessor as claimed in claim 6 in which said application processor means includes an application read/write memory means for storing a decrypted application and wherein said supervisor processor means includes means to clear said application read/write memory means prior to each time an application is written therein.
9. A logically secure processor comprising:
application processor means including an application microprocessor and application read only and read/write memory devices for executing software stored in said application read/write memory device in accordance with contents of said application read only memory device, supervisor processor means including a supervisor microprocessor and associated memory devices coupled via a dedicated signal path, said supervisor processor means including a read only memory device with contents defining operations executable by said supervisor microprocessor, a system bus coupled to said application microprocessor, said supervisor microprocessor and to both said application read only and read/write memory devices, a secure read only memory device also coupled to said system bus with a control terminal driven by said supervisor processor means, said secure read only memory device having contents defining a secure set of operations executable by said application processor means when said secure read only memory device is enabled by said supervisor processor means, and means coupling said system bus for input/output operation, whereby said application processor means, responsive to external commands, is prohibited from performing operations requiring access to said secure read only memory device absent enablement of said secure read only memory device by said supervisor processor means.
application processor means including an application microprocessor and application read only and read/write memory devices for executing software stored in said application read/write memory device in accordance with contents of said application read only memory device, supervisor processor means including a supervisor microprocessor and associated memory devices coupled via a dedicated signal path, said supervisor processor means including a read only memory device with contents defining operations executable by said supervisor microprocessor, a system bus coupled to said application microprocessor, said supervisor microprocessor and to both said application read only and read/write memory devices, a secure read only memory device also coupled to said system bus with a control terminal driven by said supervisor processor means, said secure read only memory device having contents defining a secure set of operations executable by said application processor means when said secure read only memory device is enabled by said supervisor processor means, and means coupling said system bus for input/output operation, whereby said application processor means, responsive to external commands, is prohibited from performing operations requiring access to said secure read only memory device absent enablement of said secure read only memory device by said supervisor processor means.
10. The logically secure processor of claim 9 which further includes:
a secure read/write memory device coupled to said system bus with a control terminal driven by said supervisor processor means, said secure read/write memory device including means preventing response of said secure read/write memory device to signals on said system bus in absence of enablement by said supervisor processor means, whereby contents of said a secure read/write memory device remain secure notwithstanding connection to said system bus.
a secure read/write memory device coupled to said system bus with a control terminal driven by said supervisor processor means, said secure read/write memory device including means preventing response of said secure read/write memory device to signals on said system bus in absence of enablement by said supervisor processor means, whereby contents of said a secure read/write memory device remain secure notwithstanding connection to said system bus.
11. The logically secure processor of claim 10 in which said secure read/write memory device is a non-volatile memory device.
12. A processor implementing a software asset protection system requiring protection of application decryption keys comprising the logically secure processor as claimed in claim 10 in which said secure read/write memory device includes means to store said application decryption keys.
13. A processor as claimed in claim 12 in which:
said supervisor processor means includes means to enable reading said secure read/write memory device to extract therefrom an application decryption key, said application processor means for executing software in accordance with a first set of executable operations includes general data processing capabilities, said secure read only memory device having contents defining a second set of operations executable by said application processor means including at least decryption function means for decrypting an application relying on an application decryption key read, under control of said supervisor processor means.
said supervisor processor means includes means to enable reading said secure read/write memory device to extract therefrom an application decryption key, said application processor means for executing software in accordance with a first set of executable operations includes general data processing capabilities, said secure read only memory device having contents defining a second set of operations executable by said application processor means including at least decryption function means for decrypting an application relying on an application decryption key read, under control of said supervisor processor means.
14. A processor as claimed in claim 13 in which:
said supervisor processor means includes a dedicated read only memory device with contents exclusively defining a third set of executable instructions, and means for writing into said secure read/write memory device for storing and destroying application decryption keys in accordance with said third set of executable instructions.
said supervisor processor means includes a dedicated read only memory device with contents exclusively defining a third set of executable instructions, and means for writing into said secure read/write memory device for storing and destroying application decryption keys in accordance with said third set of executable instructions.
15. A processor as claimed in claim 14 in which said supervisor processor means includes means for fetching instructions exclusively from said dedicated read only memory device.
16. A processor as claimed in claim 15 in which said supervisor processor means includes means to clear said application read/write memory device prior to each time an application is written therein.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US927,286 | 1978-07-24 | ||
| US06/927,286 US5146575A (en) | 1986-11-05 | 1986-11-05 | Implementing privilege on microprocessor systems for use in software asset protection |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA1290070C true CA1290070C (en) | 1991-10-01 |
Family
ID=25454519
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA000550161A Expired - Fee Related CA1290070C (en) | 1986-11-05 | 1987-10-23 | Implementing privilege on microprocessor systems for use in software asset protection |
Country Status (9)
| Country | Link |
|---|---|
| US (1) | US5146575A (en) |
| EP (1) | EP0268138B1 (en) |
| JP (1) | JPH0769870B2 (en) |
| AR (1) | AR245833A1 (en) |
| AT (1) | ATE108918T1 (en) |
| BR (1) | BR8705865A (en) |
| CA (1) | CA1290070C (en) |
| DE (1) | DE3750249T2 (en) |
| ES (1) | ES2058088T3 (en) |
Families Citing this family (73)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5469556A (en) * | 1989-12-12 | 1995-11-21 | Harris Corporation | Resource access security system for controlling access to resources of a data processing system |
| GB9010603D0 (en) * | 1990-05-11 | 1990-07-04 | Int Computers Ltd | Access control in a distributed computer system |
| JP2519390B2 (en) * | 1992-09-11 | 1996-07-31 | インターナショナル・ビジネス・マシーンズ・コーポレイション | DATA COMMUNICATION METHOD AND DEVICE |
| US5237616A (en) * | 1992-09-21 | 1993-08-17 | International Business Machines Corporation | Secure computer system having privileged and unprivileged memories |
| CA2137488C (en) * | 1994-02-18 | 1998-09-29 | Richard I. Baum | Coexecuting method and means for performing parallel processing in conventional types of data processing systems |
| US5586301A (en) * | 1994-11-09 | 1996-12-17 | Ybm Technologies, Inc. | Personal computer hard disk protection system |
| JPH08263438A (en) | 1994-11-23 | 1996-10-11 | Xerox Corp | Distribution and use control system of digital work and access control method to digital work |
| US6948070B1 (en) | 1995-02-13 | 2005-09-20 | Intertrust Technologies Corporation | Systems and methods for secure transaction management and electronic rights protection |
| US5892900A (en) | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
| US6157721A (en) | 1996-08-12 | 2000-12-05 | Intertrust Technologies Corp. | Systems and methods using cryptography to protect secure computing environments |
| US5943422A (en) | 1996-08-12 | 1999-08-24 | Intertrust Technologies Corp. | Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels |
| US7133846B1 (en) | 1995-02-13 | 2006-11-07 | Intertrust Technologies Corp. | Digital certificate support system, methods and techniques for secure electronic commerce transaction and rights management |
| DE69637733D1 (en) | 1995-02-13 | 2008-12-11 | Intertrust Tech Corp | SYSTEMS AND METHOD FOR SAFE TRANSMISSION |
| US6658568B1 (en) | 1995-02-13 | 2003-12-02 | Intertrust Technologies Corporation | Trusted infrastructure support system, methods and techniques for secure electronic commerce transaction and rights management |
| USRE39369E1 (en) | 1995-06-29 | 2006-10-31 | Igt | Electronic casino gaming system with improved play capacity, authentication and security |
| US5643086A (en) | 1995-06-29 | 1997-07-01 | Silicon Gaming, Inc. | Electronic casino gaming apparatus with improved play capacity, authentication and security |
| US7063615B2 (en) * | 1995-06-29 | 2006-06-20 | Igt | Electronic gaming apparatus with authentication |
| US5581700A (en) * | 1995-08-11 | 1996-12-03 | Dell U.S.A., L.P. | Hierarchical multiple password acceptance system |
| US5805702A (en) * | 1995-09-29 | 1998-09-08 | Dallas Semiconductor Corporation | Method, apparatus, and system for transferring units of value |
| US5805880A (en) * | 1996-01-26 | 1998-09-08 | Dell Usa, Lp | Operating system independent method for avoiding operating system security for operations performed by essential utilities |
| US20010011253A1 (en) | 1998-08-04 | 2001-08-02 | Christopher D. Coley | Automated system for management of licensed software |
| GB9608696D0 (en) * | 1996-04-26 | 1996-07-03 | Europ Computer Ind Res | Electronic copy protection mechanism |
| US6523119B2 (en) * | 1996-12-04 | 2003-02-18 | Rainbow Technologies, Inc. | Software protection device and method |
| DE69719934T2 (en) * | 1996-12-20 | 2003-11-27 | Ibm | Method and device for fast and secure data collection |
| US5920861A (en) | 1997-02-25 | 1999-07-06 | Intertrust Technologies Corp. | Techniques for defining using and manipulating rights management data structures |
| FR2762417B1 (en) * | 1997-04-16 | 1999-07-02 | Gemplus Card Int | METHOD FOR MONITORING THE EXECUTION OF A SOFTWARE PRODUCT |
| US20020025852A1 (en) * | 2000-09-29 | 2002-02-28 | Alcorn Allan E. | Gaming apparatus with portrait-mode display |
| US6112181A (en) | 1997-11-06 | 2000-08-29 | Intertrust Technologies Corporation | Systems and methods for matching, selecting, narrowcasting, and/or classifying based on rights management and/or other information |
| US6128741A (en) * | 1998-03-05 | 2000-10-03 | Rainbow Technologies, Inc. | Compact transparent dongle device |
| EP1086411B1 (en) * | 1998-06-12 | 2003-11-12 | Gemplus | Method for verifying the execution of a software product |
| US6289455B1 (en) * | 1999-09-02 | 2001-09-11 | Crypotography Research, Inc. | Method and apparatus for preventing piracy of digital content |
| US6842896B1 (en) | 1999-09-03 | 2005-01-11 | Rainbow Technologies, Inc. | System and method for selecting a server in a multiple server license management system |
| US6968384B1 (en) | 1999-09-03 | 2005-11-22 | Safenet, Inc. | License management system and method for commuter licensing |
| US7716348B1 (en) | 1999-09-03 | 2010-05-11 | Safenet, Inc. | License management system and method with license balancing |
| US7035918B1 (en) | 1999-09-03 | 2006-04-25 | Safenet Canada. Inc. | License management system and method with multiple license servers |
| AU2001243365A1 (en) * | 2000-03-02 | 2001-09-12 | Alarity Corporation | System and method for process protection |
| US7988559B2 (en) | 2001-03-08 | 2011-08-02 | Igt | Computerized gaming system, method and apparatus |
| CA2402389A1 (en) | 2000-03-08 | 2002-09-19 | Shuffle Master, Inc. | Computerized gaming system, method and apparatus |
| US7043641B1 (en) | 2000-03-08 | 2006-05-09 | Igt | Encryption in a secure computerized gaming system |
| US6986052B1 (en) | 2000-06-30 | 2006-01-10 | Intel Corporation | Method and apparatus for secure execution using a secure memory partition |
| AU2001285125B2 (en) * | 2000-08-21 | 2004-08-26 | Igt | Method and apparatus for software authentication |
| US7194759B1 (en) | 2000-09-15 | 2007-03-20 | International Business Machines Corporation | Used trusted co-servers to enhance security of web interaction |
| US7080406B2 (en) * | 2000-12-15 | 2006-07-18 | International Business Machines Corporation | Method for transferring privilege access to a resource manager with subsequent loss of privilege by the initiating identity |
| US7203841B2 (en) | 2001-03-08 | 2007-04-10 | Igt | Encryption in a secure computerized gaming system |
| JP2002353960A (en) * | 2001-05-30 | 2002-12-06 | Fujitsu Ltd | Code performing device and code distributing method |
| US7421411B2 (en) | 2001-07-06 | 2008-09-02 | Nokia Corporation | Digital rights management in a mobile communications environment |
| US7162036B2 (en) | 2001-08-06 | 2007-01-09 | Igt | Digital identification of unique game characteristics |
| US6685567B2 (en) | 2001-08-08 | 2004-02-03 | Igt | Process verification |
| NZ531200A (en) * | 2001-08-13 | 2006-03-31 | Qualcomm Inc | Application level access privilege to a storage area on a computer device |
| US7618317B2 (en) | 2001-09-10 | 2009-11-17 | Jackson Mark D | Method for developing gaming programs compatible with a computerized gaming operating system and apparatus |
| US8708828B2 (en) | 2001-09-28 | 2014-04-29 | Igt | Pluggable modular gaming modifiers and configuration templates for gaming environments |
| US6902481B2 (en) | 2001-09-28 | 2005-06-07 | Igt | Decoupling of the graphical presentation of a game from the presentation logic |
| US7931533B2 (en) | 2001-09-28 | 2011-04-26 | Igt | Game development architecture that decouples the game logic from the graphics logics |
| WO2003045519A1 (en) | 2001-11-26 | 2003-06-05 | Igt | Pass-through live validation device and method |
| US7698522B1 (en) * | 2002-01-11 | 2010-04-13 | Global Foundries | Method and apparatus for linear address based page level security scheme to determine current security context |
| JP4042420B2 (en) * | 2002-01-31 | 2008-02-06 | コニカミノルタビジネステクノロジーズ株式会社 | Print processing program, print system, and output device |
| US20050204155A1 (en) * | 2004-03-09 | 2005-09-15 | Nec Laboratories America, Inc | Tamper resistant secure architecture |
| US20060020552A1 (en) * | 2004-07-26 | 2006-01-26 | James Sloan | Copy-restriction system for digitally recorded, computer disk-based music recordings |
| DE102005014837B4 (en) * | 2004-08-02 | 2007-08-30 | Mahltig, Holger | Security module and method for controlling and controlling a data traffic of a personal computer |
| JP2006190119A (en) * | 2005-01-07 | 2006-07-20 | Hitachi Industrial Equipment Systems Co Ltd | Programmable controller |
| DE102005002472A1 (en) * | 2005-01-18 | 2006-07-27 | Maschinenfabrik Rieter Ag | Software protection device e.g. MODEM, for e.g. rotor spinning machine, has data memory for receiving software enabling data, and data interface linked at control of machine for data transmission between data memory and control of machine |
| CA2593441A1 (en) * | 2005-02-11 | 2006-08-17 | Universal Data Protection Corporation | Method and system for microprocessor data security |
| US20060271915A1 (en) * | 2005-05-24 | 2006-11-30 | Contentguard Holdings, Inc. | Usage rights grammar and digital works having usage rights created with the grammar |
| WO2007028241A2 (en) * | 2005-09-07 | 2007-03-15 | Universal Data Protection Corporation | Method and system for data security of recording media |
| US8181038B2 (en) * | 2007-04-11 | 2012-05-15 | Cyberlink Corp. | Systems and methods for executing encrypted programs |
| CN101414341B (en) * | 2007-10-15 | 2014-12-10 | 北京瑞星信息技术有限公司 | Software self-protection method |
| WO2009065135A1 (en) | 2007-11-17 | 2009-05-22 | Uniloc Corporation | System and method for adjustable licensing of digital products |
| US7966465B2 (en) * | 2008-01-17 | 2011-06-21 | Broadcom Corporation | Method and system for secure code encryption for PC-slave devices |
| US7530106B1 (en) | 2008-07-02 | 2009-05-05 | Kaspersky Lab, Zao | System and method for security rating of computer processes |
| US9633183B2 (en) | 2009-06-19 | 2017-04-25 | Uniloc Luxembourg S.A. | Modular software protection |
| CN102184373B (en) * | 2011-05-30 | 2013-01-23 | 南京大学 | Method for designing safety core of operation system based on protection mode and virtualization mechanism |
| US8627097B2 (en) | 2012-03-27 | 2014-01-07 | Igt | System and method enabling parallel processing of hash functions using authentication checkpoint hashes |
| KR101566145B1 (en) * | 2014-10-23 | 2015-11-06 | 숭실대학교산학협력단 | Mobile device and method operating the mobile device |
Family Cites Families (48)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US4228496A (en) * | 1976-09-07 | 1980-10-14 | Tandem Computers Incorporated | Multiprocessor system |
| GB1561482A (en) * | 1976-11-18 | 1980-02-20 | Ibm | Protection of data processing system against unauthorised programmes |
| US4104721A (en) * | 1976-12-30 | 1978-08-01 | International Business Machines Corporation | Hierarchical security mechanism for dynamically assigning security levels to object programs |
| US4139893A (en) * | 1977-04-01 | 1979-02-13 | Texas Instruments Incorporated | Calculator program security system |
| US4168396A (en) * | 1977-10-31 | 1979-09-18 | Best Robert M | Microprocessor for executing enciphered programs |
| US4278837A (en) * | 1977-10-31 | 1981-07-14 | Best Robert M | Crypto microprocessor for executing enciphered programs |
| US4184201A (en) * | 1978-04-26 | 1980-01-15 | Sperry Rand Corporation | Integrating processor element |
| US4465901A (en) * | 1979-06-04 | 1984-08-14 | Best Robert M | Crypto microprocessor that executes enciphered programs |
| US4328542A (en) * | 1979-11-07 | 1982-05-04 | The Boeing Company | Secure implementation of transition machine computer |
| US4386399A (en) * | 1980-04-25 | 1983-05-31 | Data General Corporation | Data processing system |
| US4386416A (en) * | 1980-06-02 | 1983-05-31 | Mostek Corporation | Data compression, encryption, and in-line transmission system |
| US4442484A (en) * | 1980-10-14 | 1984-04-10 | Intel Corporation | Microprocessor memory management and protection mechanism |
| US4394734A (en) * | 1980-12-29 | 1983-07-19 | International Business Machines Corp. | Programmable peripheral processing controller |
| US4433207A (en) * | 1981-09-10 | 1984-02-21 | Best Robert M | Cryptographic decoder for computer programs |
| US4471163A (en) * | 1981-10-05 | 1984-09-11 | Donald Thomas C | Software protection system |
| US4525599A (en) * | 1982-05-21 | 1985-06-25 | General Computer Corporation | Software protection methods and apparatus |
| US4519032A (en) * | 1982-06-09 | 1985-05-21 | At&T Bell Laboratories | Memory management arrangement for microprocessor systems |
| US4523271A (en) * | 1982-06-22 | 1985-06-11 | Levien Raphael L | Software protection method and apparatus |
| US4521853A (en) * | 1982-06-30 | 1985-06-04 | Texas Instruments Incorporated | Secure microprocessor/microcomputer with secured memory |
| US4558176A (en) * | 1982-09-20 | 1985-12-10 | Arnold Mark G | Computer systems to inhibit unauthorized copying, unauthorized usage, and automated cracking of protected software |
| US4757468A (en) * | 1982-09-22 | 1988-07-12 | Intel Corporation | Authenticated read-only memory |
| JPS59112341A (en) * | 1982-12-18 | 1984-06-28 | Fuji Electric Co Ltd | Method for preventing leakage of secret information in software |
| DE3373848D1 (en) * | 1983-02-23 | 1987-10-29 | Ibm | Interactive work station with auxiliary microprocessor for storage protection |
| US4573119A (en) * | 1983-07-11 | 1986-02-25 | Westheimer Thomas O | Computer software protection system |
| US4562306A (en) * | 1983-09-14 | 1985-12-31 | Chou Wayne W | Method and apparatus for protecting computer software utilizing an active coded hardware device |
| DE3483410D1 (en) * | 1983-10-14 | 1990-11-22 | Toshiba Kawasaki Kk | ONE-CHIP MICROCOMPUTER WITH LOCKABLE FUNCTION OF THE PROGRAM MEMORY. |
| JPS6091447A (en) * | 1983-10-24 | 1985-05-22 | Fujitsu Ltd | Program protecting system |
| US4652990A (en) * | 1983-10-27 | 1987-03-24 | Remote Systems, Inc. | Protected software access control apparatus and method |
| US4583196A (en) * | 1983-10-28 | 1986-04-15 | Honeywell Inc. | Secure read only memory |
| US4633388A (en) * | 1984-01-18 | 1986-12-30 | Siemens Corporate Research & Support, Inc. | On-chip microprocessor instruction decoder having hardware for selectively bypassing on-chip circuitry used to decipher encrypted instruction codes |
| US4621321A (en) * | 1984-02-16 | 1986-11-04 | Honeywell Inc. | Secure data processing system architecture |
| US4636947A (en) * | 1984-03-14 | 1987-01-13 | Docutel/Olivetti Corporation | ATM task scheduling system for simultaneous peripheral device transactions processing |
| US4791565A (en) * | 1984-06-20 | 1988-12-13 | Effective Security Systems, Inc. | Apparatus for controlling the use of computer software |
| GB2163577B (en) * | 1984-08-23 | 1988-01-13 | Nat Res Dev | Software protection device |
| US4644493A (en) * | 1984-09-14 | 1987-02-17 | International Business Machines Corporation | Implementing a shared higher level of privilege on personal computers for copy protection of software |
| US4691355A (en) * | 1984-11-09 | 1987-09-01 | Pirmasafe, Inc. | Interactive security control system for computer communications and the like |
| CA1238427A (en) * | 1984-12-18 | 1988-06-21 | Jonathan Oseas | Code protection using cryptography |
| JPS61231631A (en) * | 1985-04-05 | 1986-10-15 | Nec Corp | Data processor |
| US4649233A (en) * | 1985-04-11 | 1987-03-10 | International Business Machines Corporation | Method for establishing user authenication with composite session keys among cryptographically communicating nodes |
| US4757533A (en) * | 1985-09-11 | 1988-07-12 | Computer Security Corporation | Security system for microcomputers |
| US4864494A (en) * | 1986-03-21 | 1989-09-05 | Computerized Data Ssytems For Mfg., Inc. | Software usage authorization system with key for decrypting/re-encrypting/re-transmitting moving target security codes from protected software |
| EP0257585B1 (en) * | 1986-08-22 | 1992-11-25 | Nec Corporation | Key distribution method |
| US4797928A (en) * | 1987-01-07 | 1989-01-10 | Miu Automation | Encryption printed circuit board |
| FR2613565B1 (en) * | 1987-04-03 | 1989-06-23 | Bull Cps | METHOD FOR ROUTING SECRET KEYS TO SECURITY MODULES AND USER CARDS, IN AN INFORMATION PROCESSING NETWORK |
| US4866769A (en) * | 1987-08-05 | 1989-09-12 | Ibm Corporation | Hardware assist for protecting PC software |
| US4908861A (en) * | 1987-08-28 | 1990-03-13 | International Business Machines Corporation | Data authentication using modification detection codes based on a public one way encryption function |
| US4959861A (en) * | 1988-07-13 | 1990-09-25 | Howlette Edward L | Security system for computer software |
| US4932054A (en) * | 1988-09-16 | 1990-06-05 | Chou Wayne W | Method and apparatus for protecting computer software utilizing coded filter network in conjunction with an active coded hardware device |
-
1986
- 1986-11-05 US US06/927,286 patent/US5146575A/en not_active Expired - Fee Related
-
1987
- 1987-09-18 JP JP62232740A patent/JPH0769870B2/en not_active Expired - Lifetime
- 1987-10-23 CA CA000550161A patent/CA1290070C/en not_active Expired - Fee Related
- 1987-11-03 DE DE3750249T patent/DE3750249T2/en not_active Expired - Fee Related
- 1987-11-03 AR AR87309200A patent/AR245833A1/en active
- 1987-11-03 EP EP87116177A patent/EP0268138B1/en not_active Expired - Lifetime
- 1987-11-03 BR BR8705865A patent/BR8705865A/en not_active IP Right Cessation
- 1987-11-03 ES ES87116177T patent/ES2058088T3/en not_active Expired - Lifetime
- 1987-11-03 AT AT87116177T patent/ATE108918T1/en not_active IP Right Cessation
Also Published As
| Publication number | Publication date |
|---|---|
| BR8705865A (en) | 1988-06-14 |
| EP0268138B1 (en) | 1994-07-20 |
| JPS63124151A (en) | 1988-05-27 |
| EP0268138A2 (en) | 1988-05-25 |
| ES2058088T3 (en) | 1994-11-01 |
| AR245833A1 (en) | 1994-02-28 |
| DE3750249D1 (en) | 1994-08-25 |
| US5146575A (en) | 1992-09-08 |
| JPH0769870B2 (en) | 1995-07-31 |
| EP0268138A3 (en) | 1990-05-23 |
| ATE108918T1 (en) | 1994-08-15 |
| DE3750249T2 (en) | 1995-03-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA1290070C (en) | Implementing privilege on microprocessor systems for use in software asset protection | |
| CN109558211B (en) | Method for protecting interaction integrity and confidentiality of trusted application and common application | |
| CN109766165B (en) | Memory access control method and device, memory controller and computer system | |
| JP4989543B2 (en) | Security control in data processing system based on memory domain | |
| CN101162492B (en) | Protecting system control registers in a data processing apparatus | |
| US5483649A (en) | Personal computer security system | |
| US4918653A (en) | Trusted path mechanism for an operating system | |
| US5469556A (en) | Resource access security system for controlling access to resources of a data processing system | |
| RU2313126C2 (en) | System and method for protection from non-trusted system control mode code by means of redirection of system management mode interrupt and creation of virtual machine container | |
| US10223290B2 (en) | Processing device with sensitive data access mode | |
| US5581763A (en) | Secure architecture and apparatus using an independent computer cartridge | |
| US10719632B2 (en) | Data processing systems | |
| US9536111B2 (en) | Secure processing unit systems and methods | |
| CN103080871B (en) | For solving the system and method for resource management in computer system and safety | |
| KR101323858B1 (en) | Apparatus and method for controlling memory access in virtualized system | |
| US20080052709A1 (en) | Method and system for protecting hard disk data in virtual context | |
| KR20130036189A (en) | Restricting memory areas for an instruction read in dependence upon a hardware mode and a security flag | |
| US8443451B2 (en) | Manually controlled application security environments | |
| JPH03500827A (en) | terminal device | |
| JP4375980B2 (en) | Multitask execution system and multitask execution method | |
| JP2018535483A (en) | Memory access instruction | |
| EP1141805B1 (en) | System for processing a security critical activity | |
| CN117708832A (en) | Method and system for realizing high-performance heterogeneous trusted execution environment | |
| Lister et al. | Protection | |
| JPS6054691B2 (en) | Memory protection method for information processing equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MKLA | Lapsed |