US20040193987A1 - Protection of software code from unauthorized use by executing portions of the code in a secure computer environment separate from the environment that executes the remaining portions of the code - Google Patents
Protection of software code from unauthorized use by executing portions of the code in a secure computer environment separate from the environment that executes the remaining portions of the code Download PDFInfo
- Publication number
- US20040193987A1 US20040193987A1 US10/752,429 US75242904A US2004193987A1 US 20040193987 A1 US20040193987 A1 US 20040193987A1 US 75242904 A US75242904 A US 75242904A US 2004193987 A1 US2004193987 A1 US 2004193987A1
- Authority
- US
- United States
- Prior art keywords
- code
- software
- program
- computer
- fragments
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 239000012634 fragment Substances 0.000 claims abstract description 38
- 238000004891 communication Methods 0.000 claims abstract description 20
- 238000000034 method Methods 0.000 claims description 55
- 238000004590 computer program Methods 0.000 claims description 10
- 238000003860 storage Methods 0.000 claims description 9
- 230000001131 transforming effect Effects 0.000 claims 2
- 230000006870 function Effects 0.000 description 13
- 238000013478 data encryption standard Methods 0.000 description 8
- 238000013475 authorization Methods 0.000 description 5
- 238000012546 transfer Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 3
- 239000003795 chemical substances by application Substances 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 238000007796 conventional method Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000002360 preparation method Methods 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/109—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by using specially-adapted hardware at the client
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/302—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters involving the integer factorization problem, e.g. RSA or quadratic sieve [QS] schemes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
- H04L2209/127—Trusted platform modules [TPM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
Definitions
- the present invention relates to the protection of software, in particular freely distributed application software, against use without permission of the copyright holder; and concerns in particular a method of preventing unauthorized utilization of software in a computer; a method and device for preparing software for the utilization in a computer only with a corresponding authorization; and a method and device for allowing authorized utilization of software in a computer which has been prepared according to an aspect of the invention.
- Piracy copying of software is an extensive problem to software vendors which annually costs them large amounts of money.
- an arrangement making it possible to use a certain computer program or a computer program package only if the permission of the copyright holder really exists would be of great importance.
- the unit may also take the form of a card reader station, or the like, in which a card is inserted, the matter stored on the card in principle being similar to that of the blind plug above.
- the checking procedure involves that the additional routine of the program makes a direct comparison of the program identity, for example, and a corresponding item of information present in the stored table.
- 2163577 uses a so-called DES algorithm (DES—Data Encryption Standard, Bureau of Standards, U.S.A., 1977) for the encryption of the application software, and the corresponding inverse DES algorithm for decrypting the same, whereby one and the same key is used for both the encryption and the decryption.
- DES Data Encryption Standard
- U.S.A. 1977
- DES Data Encryption Standard
- U.S.A., 1977 data Encryption Standard
- RSA RSA—Rivest, Shamir, Adleman
- the RSA crypto system is an asymmetric, two-key system (also termed public-key/private-key crypto system), and in the case of the arrangement according to GB patent application no. 2163577, one key only is used which, per se, may be known (the public key) to encrypt the DES key while another key which the user must not get to know (the private or secret key) is used to decrypt the DES key.
- the latter key i.e. the secret key, is stored in a memory in the tamper-proof housing and is fetched by the processor in the housing when needed to decrypt encrypted DES keys, each of which belonging to an encrypted application program, for the purpose of being able to execute such an application program.
- An object of the present invention is to provide a crypto arrangement giving suppliers and/or proprietors of the software an improved possibility of protecting their product against unauthorized utilization, and which does not suffer from the drawbacks of prior art, in such a manner that the software can be copied and distributed without restrictions, but yet not be used unless the necessary permission is present.
- a further object of the invention is to provide a crypto arrangement of a universal nature which is able to accommodate not only individual software modules but entire program packages, wherein permission of use may be assigned at different levels, such as for selected parts of a program package.
- a first general aspect of the present invention relates to a method of preventing unauthorized utilization of software in a computer, the method comprising the steps of:
- the method being characterized in that said decryption in accordance with the second algorithm is executed by employing a second key stored in said external unit, the second key being different from a first key employed in the execution of the encryption of said part of the software in accordance with the first algorithm.
- Another aspect of the present invention relates to a method of preparing software, particularly software intended for free distribution, for the utilization in a computer only with a corresponding authorization, the method comprising encrypting in accordance with a first algorithm at least a part of said software which by the utilization in said computer is decrypted in accordance with a second algorithm, the method being characterized in that a key which is employed for said encryption in accordance with the first algorithm, is a first key which is different from a second key which is employed in the execution of the decryption in accordance with the second algorithm of that part of the software which is encrypted in accordance with the first algorithm and first key.
- the invention also relates to a device for the preparation of software, particularly software intended for free distribution, to be utilized in a computer only with a corresponding authorization, the device comprising:
- crypto means effecting the encryption of at least a part of said software in accordance with a first algorithm and a first key
- an external unit adapted to be connected to said computer, the external unit at least comprising a processor of its own and a computer readable storage medium for storing a second algorithm and a key, and being disposed to execute decryption of the encrypted part of the software in accordance with said second algorithm and key,
- the device being characterized in that it further comprises generator means to provide said second algorithm and a second key intended to be employed in said decryption in accordance with the second algorithm, the second key being different from the first key employed by said crypto means in the execution of the encryption of said part of the software in accordance with the first algorithm.
- a third aspect of the invention relates to a method of making authorized utilization possible in a computer, of software, particularly freely distributed software, which is prepared according to a mode of the second aspect of the invention, the method comprising connecting an external unit to said computer, the external unit at least comprising a computer readable storage medium and a processor of its own, and a second algorithm and a key to be employed in the decryption of the encrypted part of the software being stored in said external unit.
- the method is characterized in that when the computer in the execution of that part of the software which is encrypted in accordance with the first algorithm encounters a call sequence, or a similar instruction, causing a jump to a corresponding entry point to said added object code, this object code is utilized by the computer to establish a communication channel to the external unit through which channel the encrypted part of the software is transferred in a first transfer session to the external unit to be decrypted by the unit's own processor in accordance with a second algorithm and a second key both of which being stored in said external unit, this second key being different from the first key employed in the execution of the encryption of said part of the software in accordance with the first algorithm, and the decrypted software part then being processed in the external unit and the result transferred in a second transfer session the opposite direction through the communication channel for the further utilization in the computer.
- the invention also relates to a device for making authorized utilization of software possible, particularly freely distributed software, prepared by means of a device according to the second aspect of the invention, the device comprising a computer adapted to serve as a host computer for an external unit which at least comprises a processor of its own and a computer readable storage medium, and being intended to be connected to the host computer for the communication therewith.
- this device is then characterized in that said external unit comprises decryption means adapted to execute decryption in accordance with said second algorithm and said second key produced by said generator means, the second key being different from the first key used by said crypto means in the execution of the encryption of said part of the software in accordance with the first algorithm.
- FIG. 1 illustrates a preferred hardware configuration according to the invention
- FIG. 2 is a simplified general software diagram according to the invention
- FIG. 3 illustrates schematically how a common command or execution file (.EXE file) is generated without encryption
- FIGS. 4 and 5 illustrates schematically how encryption on the level of source code can be carried out according to the invention
- FIG. 6 illustrates schematically the partitioning of software onto a magnetic storage disk and a random access memory (RAM), respectively
- FIG. 7 illustrates schematically the utilization of protected software in a computer
- FIG. 8 shows an example of an encryption process of the type shown in FIGS. 4 and 5
- FIG. 9 illustrates schematically the utilization of protected software in a computer
- FIGS. 10A and 10B taken together, illustrate schematically an application area including access checking or authentication
- FIG. 11 is a flow chart schematically illustrating a course of processes including encryption-decryption and scrambling-descrambling according to a preferred embodiment of the invention.
- FIG. 1 illustrates a preferred hardware configuration of the invention and shows a computer having the form of a workstation or personal computer (PC) serving as a host computer according to the invention.
- an external unit according to the invention is shown to be in the form of a card reader or processor, particularly for Smart Cards, provided with a commercially available integrated microprocessor, e.g. of the CCA12103 type, the unit being included in the computer shown or disposed in a separate unit of equipment connected to the computer by a serial or parallel connection.
- a commercially available integrated microprocessor e.g. of the CCA12103 type
- FIG. 1 also illustrates that now the secured software may be distributed through different types of data networks to which the computer may establish a connection, such as wide area networks (WAN), local area networks (LAN), and, in particular, Internet.
- WAN wide area networks
- LAN local area networks
- Internet Internet
- the software may in deed, as usual, be distributed on flexible disks and/or CD-ROMs (readable only, compact laser disks). In any case, the software may be copied and installed without restrictions.
- the software Since the software is protected against unauthorized utilization, there is no need for any kind of copy protection of the software as the case otherwise often may be.
- the authorization is embedded in the Smart Card, and it is not available to anyone else but the supplier of the software who himself installs the necessary decryption algorithms and the keys on the card. Hence, the permit to use a certain computer program is found on the card, not in the respective program, or another part of the software.
- FIG. 2 showing a simplified general diagram, it appears that an arrangement according to the invention can be seen to comprise:
- the protection is provided by the insertion, in different locations of the software, of program calls to the Smart Card, or to special software at the disposal to the card, thereby obtaining the information necessary to proceed correctly in the execution of the protected program.
- this information may be certain parameters which are used when the program is executed, and which is determined by those who wish to protect their software. Because they are necessary for the software to work properly, such program calls cannot be removed.
- the interaction of the protected program with the Smart Card is controlled by the special software (object code) entered into the data library of the program when the original program is encrypted.
- This special software may also provide for scrambling of the communication between the computer and the Smart Card.
- FIG. 3 shows how a common command or execution file (.EXE file) is generated without encryption; and FIGS. 4 and 5, each in their own manner, depict how encryption can be carried out on the source code level according to the invention.
- FIG. 6 illustrates that the software itself is placed on a magnetic storage disk, whereas the special program (object code or data library) is supplied to the random access memory (RAM) of the computer.
- object code or data library is supplied to the random access memory (RAM) of the computer.
- FIGS. 7 and 9 illustrate such processes which take place when the protected software is utilized in a computer.
- FIG. 8 shows an example of an encryption process of the type shown in FIGS. 4 and 5.
- the source code is present in a high level programming language, such as Pascal, C, Modula, or the like. It is the source code that is being encrypted and thus protected against so-called unauthorized use.
- a few parameters are selected which are encrypted by means of an encryption function g.
- g(10) is an encrypted parameter
- T is a variable, the random value of which, in this case, being fetched from the Smart Card.
- the decrypt program is located in the “special software”(the added object code) which constitutes a part of the protected software (see FIG. 5).
- This special software also comprises scrambling and descrambling functions, which here are denoted f and f ⁇ 1 , as well programs for the communication with the Smart Card (see FIG. 7).
- the functions f and f ⁇ 1 employ keys which are fetched from the Smart Card, the Smart Card itself containing:
- Smart Cards i.e. users
- a Smart Card may then contain licenses, or permissions, at several levels for various software packages which have the same authentication format and algorithms.
- a first level of encryption employing an unsymmetric, dual key encryption arrangement (public key/private key crypto system), such as the RSA crypto system, whereby the public key is available only to the software producer, and the private key is a secret key which the manufacturer of the Smart Card enters into the read only memory (ROM) of the Smart Card according to specifications given by the software producer.
- the private key may be different for each program package.
- a second level of encryption whereby the communication between the host computer and Smart Card is such that it becomes difficult to trace anything making sense from that communication by the logging thereof.
- the algorithms to be employed are located both in the protected software and the Smart Card, and both the encryption keys and the decryption keys are located in the Smart Card, i.e. hidden to the user.
- the encryption algorithm and key may be different for various types of software.
- FIGS. 10A and 10B serve to demonstrate that the application area of the arrangement according to the invention is extendable also to cover access checking, or authentication, for example, as further possibilities also may exist.
- the software to be protected may be provided with an authentication key encrypted by employing a so-called public key and an identification number for the software package in question.
- the external unit such as the Smart Card, would contain decryption algorithms which preferably are mask programmed, and a private key no. 0 (in the ROM) to be used to decrypt the authentication key, as well as an access or authentication table which may be configured as the table shown below.
- PID AcL PK Program I.D.
- PID denotes the identity number of the software, such that different programs are assigned dissimilar identity numbers which also may contain the version number of the respective software products, or the like, for example.
- AcL denotes the access level or status, such as:
- a time limit for the use of a program e.g. a permission expiration date
- the entries in the access level column, AcL, of the table are amendable by the importer or agent of the software product, for example.
- the software producer specifies the secret keys to be employed in the decryption of the encrypted fragments dependent on the identity number, PID, of the software.
- the secret keys are mask programmed in the Smart Card and are not available to anyone else.
- FIG. 11 is a flow chart schematically illustrating a principally complete course of processes according to a preferred embodiment of the invention, the steps being:
- a Smart Card constitutes the preferred implementation of the external units indicated in the claims below. This is quite simply because the Smart Card technology is considered as being the most “tamper-proof” protection of the algorithms, keys, a.s.o., which necessarily have to be stored in the external unit, or in a separate article, according to the annexed claims.
Abstract
Code of at least one software program is executed in a multi-processor computer environment. Each software program includes a first portion of software code to be executed in a computer, and a second portion of software code that includes one or more fragments of code of the software program. The second portion of code is executed in one or more external devices which are in communication with the computer. The second portion of code is encrypted, transferred to a secure computer environment, such as a smart card, and decrypted in the one or more external devices prior to execution. The fragments of code may be interspersed within the first portion of code.
Description
- This application is a continuation of copending application Ser. No. 09/873,351, filed Jun. 5, 2001, which in turn is a continuation of U.S. application Ser. No. 08/983,461, filed May 4, 1998, now U.S. Pat. No. 6,266,416, which was filed as a national stage application under 35 U.S.C. §371 of International Application No. PCT/NO96/00171, filed on Jul. 10, 1996. The entire disclosure of each of these priority applications are incorporated herein by reference.
- 1. Technical Field
- The present invention relates to the protection of software, in particular freely distributed application software, against use without permission of the copyright holder; and concerns in particular a method of preventing unauthorized utilization of software in a computer; a method and device for preparing software for the utilization in a computer only with a corresponding authorization; and a method and device for allowing authorized utilization of software in a computer which has been prepared according to an aspect of the invention.
- Piracy copying of software, particularly software adapted to run on personal computers, is an extensive problem to software vendors which annually costs them large amounts of money. The conventional methods employed to protect software against unauthorized utilization by demanding a password for the installation or operation of a specific computer program or program package, for example, have not provided sufficient security. Thus, an arrangement making it possible to use a certain computer program or a computer program package only if the permission of the copyright holder really exists would be of great importance.
- 2. Background Art
- Several attempts have already been made to establish arrangements in which simply typing the required password is not sufficient to gain access to a program. For example, systems have been proposed which require that a special hardware unit is connected to the computer to make it possible to utilize a given program. This unit may take the form of a blind plug (also termed “dongle”), for example, which is connected directly to one of the input-output terminals of the computer, and containing fixed tables, identity number, or the like, stored in an internal memory from which information is read upon the request of a programmed additional routine included for this purpose in the application program in question. The unit may also take the form of a card reader station, or the like, in which a card is inserted, the matter stored on the card in principle being similar to that of the blind plug above. Usually the checking procedure involves that the additional routine of the program makes a direct comparison of the program identity, for example, and a corresponding item of information present in the stored table.
- An example of such an arrangement is described in published DE patent application no. 4419115 wherein the matter stored in a chipcard is read, and if the expected content exists, this fact is regarded as being sufficient proof of identity for the use of the program. The checking may be done when a program is installed, or during the utilization thereof. Published DE patent application no. 4239865 discloses a similar system which in addition provides an arrangement by which the number of software installations performed are noted, making it possible to limit the number thereof.
- The additional routine which must be included in the software constitutes the main disadvantage of all such known devices. By simply removing such routines the software will operate normally, and the protection against unauthorized utilization would be lost. Also, during the exchange of data between the processor of the computer and the memory of the unit or card, it is possible to observe the information, and as the course of this information exchanged is the same each time the program is used, it is possible also to reveal the matter stored in the external memory. Even if the contents of the memory is encrypted in one way or another, such kind of recurrence across the communication interface makes it possible to simulate a corresponding hardware unit, for example, or “break the code” by means of relatively modest computing power.
- In the arrangement described in published GB patent application no. 2163577, some of the flaws of the above type of hardware units are avoided by employing certain crypto techniques, and by accommodating several storage means as well as a processor of its own in a tamper-proof housing. The processor in the housing makes use of a decryption key which is stored in the housing, and of instructions which also are stored in the housing, to decrypt and execute by itself an encrypted application program or program module transferred from the host computer to which the housing is connected. Regarding the crypto technique itself, the arrangement according to GB patent application no. 2163577 uses a so-called DES algorithm (DES—Data Encryption Standard, Bureau of Standards, U.S.A., 1977) for the encryption of the application software, and the corresponding inverse DES algorithm for decrypting the same, whereby one and the same key is used for both the encryption and the decryption. Hence, the DES standard is symmetrical, and the security resides only in the key itself. Therefore, not to give away this security, the encryption also of the DES key itself is proposed in the GB patent application. For this purpose it is used a so-called RSA algorithm (RSA—Rivest, Shamir, Adleman) having two different keys, that is, one for the encryption and another for the decryption, the deduction of one key from the other being practically impossible. Hence, the RSA crypto system is an asymmetric, two-key system (also termed public-key/private-key crypto system), and in the case of the arrangement according to GB patent application no. 2163577, one key only is used which, per se, may be known (the public key) to encrypt the DES key while another key which the user must not get to know (the private or secret key) is used to decrypt the DES key. The latter key, i.e. the secret key, is stored in a memory in the tamper-proof housing and is fetched by the processor in the housing when needed to decrypt encrypted DES keys, each of which belonging to an encrypted application program, for the purpose of being able to execute such an application program.
- In the arrangement according to GB patent application no. 2163577, however, it is also possible to monitor the communication between the external unit and the host computer, and the course of communication is identical each time the same encrypted program module is to be executed. Since complete program modules are encrypted and such modules make up a relatively large part of the software, this kind of predictable recurrence across the communication interface assists in the identification of respective program modules which then easily can be separated from the rest of the software, to be processed, e.g. in off-line mode, for the purpose of decrypting the encrypted program module once and for all. Moreover, external decryption, storage and execution of complete application program modules would take an unacceptably long period of time, unless the circuits in the housing possess a sufficiently high data processing capacity and the communication with the host computer from which the program modules originate, is very fast.
- An object of the present invention is to provide a crypto arrangement giving suppliers and/or proprietors of the software an improved possibility of protecting their product against unauthorized utilization, and which does not suffer from the drawbacks of prior art, in such a manner that the software can be copied and distributed without restrictions, but yet not be used unless the necessary permission is present.
- A further object of the invention is to provide a crypto arrangement of a universal nature which is able to accommodate not only individual software modules but entire program packages, wherein permission of use may be assigned at different levels, such as for selected parts of a program package.
- These and other objects will appear more clearly from the description below of examples of preferred embodiments of the present invention as seen in relation with the accompanying drawings.
- An arrangement is described to protect software, particularly freely distributed application software, against utilization without permission of the copyright holder. By encrypting the software employing a key (k1) which is different from that key (k2) which is employed in the decryption, better protection is obtained against unauthorized utilization when the decryption key is kept secret to the user. Further improved security is achieved by additionally executing scrambling-descrambling of the communication between the computer in which the software is utilized and the external unit in which the decryption key is stored. Also, the external unit is arranged such that it returns to the host computer, the result from its processing of data received from the host, the result then being utilized in the further execution of the respective program.
- A first general aspect of the present invention relates to a method of preventing unauthorized utilization of software in a computer, the method comprising the steps of:
- 1. encrypting at least a part of said software in accordance with a first algorithm, and
- 2. decrypting the encrypted part of the software in accordance with a second algorithm, the second algorithm together with a key to be employed in the decryption of the encrypted part of the software being stored in an external unit adapted to be connected to said computer, the external unit comprising at least a computer readable storage medium and a processor of its own,
- the method being characterized in that said decryption in accordance with the second algorithm is executed by employing a second key stored in said external unit, the second key being different from a first key employed in the execution of the encryption of said part of the software in accordance with the first algorithm.
- Another aspect of the present invention relates to a method of preparing software, particularly software intended for free distribution, for the utilization in a computer only with a corresponding authorization, the method comprising encrypting in accordance with a first algorithm at least a part of said software which by the utilization in said computer is decrypted in accordance with a second algorithm, the method being characterized in that a key which is employed for said encryption in accordance with the first algorithm, is a first key which is different from a second key which is employed in the execution of the decryption in accordance with the second algorithm of that part of the software which is encrypted in accordance with the first algorithm and first key.
- In this second aspect, the invention also relates to a device for the preparation of software, particularly software intended for free distribution, to be utilized in a computer only with a corresponding authorization, the device comprising:
- 1. crypto means effecting the encryption of at least a part of said software in accordance with a first algorithm and a first key, and
- 2. an external unit adapted to be connected to said computer, the external unit at least comprising a processor of its own and a computer readable storage medium for storing a second algorithm and a key, and being disposed to execute decryption of the encrypted part of the software in accordance with said second algorithm and key,
- the device being characterized in that it further comprises generator means to provide said second algorithm and a second key intended to be employed in said decryption in accordance with the second algorithm, the second key being different from the first key employed by said crypto means in the execution of the encryption of said part of the software in accordance with the first algorithm.
- A third aspect of the invention relates to a method of making authorized utilization possible in a computer, of software, particularly freely distributed software, which is prepared according to a mode of the second aspect of the invention, the method comprising connecting an external unit to said computer, the external unit at least comprising a computer readable storage medium and a processor of its own, and a second algorithm and a key to be employed in the decryption of the encrypted part of the software being stored in said external unit. According to the invention the method is characterized in that when the computer in the execution of that part of the software which is encrypted in accordance with the first algorithm encounters a call sequence, or a similar instruction, causing a jump to a corresponding entry point to said added object code, this object code is utilized by the computer to establish a communication channel to the external unit through which channel the encrypted part of the software is transferred in a first transfer session to the external unit to be decrypted by the unit's own processor in accordance with a second algorithm and a second key both of which being stored in said external unit, this second key being different from the first key employed in the execution of the encryption of said part of the software in accordance with the first algorithm, and the decrypted software part then being processed in the external unit and the result transferred in a second transfer session the opposite direction through the communication channel for the further utilization in the computer.
- In this third aspect the invention also relates to a device for making authorized utilization of software possible, particularly freely distributed software, prepared by means of a device according to the second aspect of the invention, the device comprising a computer adapted to serve as a host computer for an external unit which at least comprises a processor of its own and a computer readable storage medium, and being intended to be connected to the host computer for the communication therewith. According to the invention this device is then characterized in that said external unit comprises decryption means adapted to execute decryption in accordance with said second algorithm and said second key produced by said generator means, the second key being different from the first key used by said crypto means in the execution of the encryption of said part of the software in accordance with the first algorithm.
- By the methods and devices according to the invention an arrangement is achieved which makes it utmost difficult to use software, such as in the form of a computer program or a computer program package, if the permission of the copyright holder does not exist. As it appears from the description below and the other patent claims, this hinderance to the unauthorized use according to the invention may also be made even more secure, so that it may be nearly impossible to utilize software which is processed according to such further features of the invention, if the necessary authorization is missing.
- In the description below reference is made to appended drawings, on which:
- FIG. 1 illustrates a preferred hardware configuration according to the invention,
- FIG. 2 is a simplified general software diagram according to the invention,
- FIG. 3 illustrates schematically how a common command or execution file (.EXE file) is generated without encryption,
- FIGS. 4 and 5 illustrates schematically how encryption on the level of source code can be carried out according to the invention,
- FIG. 6 illustrates schematically the partitioning of software onto a magnetic storage disk and a random access memory (RAM), respectively,
- FIG. 7 illustrates schematically the utilization of protected software in a computer,
- FIG. 8 shows an example of an encryption process of the type shown in FIGS. 4 and 5,
- FIG. 9 illustrates schematically the utilization of protected software in a computer,
- FIGS. 10A and 10B, taken together, illustrate schematically an application area including access checking or authentication, and
- FIG. 11 is a flow chart schematically illustrating a course of processes including encryption-decryption and scrambling-descrambling according to a preferred embodiment of the invention.
- FIG. 1 illustrates a preferred hardware configuration of the invention and shows a computer having the form of a workstation or personal computer (PC) serving as a host computer according to the invention. In the figure, an external unit according to the invention is shown to be in the form of a card reader or processor, particularly for Smart Cards, provided with a commercially available integrated microprocessor, e.g. of the CCA12103 type, the unit being included in the computer shown or disposed in a separate unit of equipment connected to the computer by a serial or parallel connection.
- FIG. 1 also illustrates that now the secured software may be distributed through different types of data networks to which the computer may establish a connection, such as wide area networks (WAN), local area networks (LAN), and, in particular, Internet. Also, the software may in deed, as usual, be distributed on flexible disks and/or CD-ROMs (readable only, compact laser disks). In any case, the software may be copied and installed without restrictions.
- Since the software is protected against unauthorized utilization, there is no need for any kind of copy protection of the software as the case otherwise often may be. Here, the authorization is embedded in the Smart Card, and it is not available to anyone else but the supplier of the software who himself installs the necessary decryption algorithms and the keys on the card. Hence, the permit to use a certain computer program is found on the card, not in the respective program, or another part of the software.
- From FIG. 2 showing a simplified general diagram, it appears that an arrangement according to the invention can be seen to comprise:
- 1. software protected against unauthorized utilization (the protection, however, not interfering with the copying thereof),
- 2. a Smart Card (or the like) holding the algorithm and the key for the decryption of the software in question, and
- 3. special software for the communication between the protected software (1) and the Smart Card (2) (i.e. the added object code specified in the claims).
- The protection is provided by the insertion, in different locations of the software, of program calls to the Smart Card, or to special software at the disposal to the card, thereby obtaining the information necessary to proceed correctly in the execution of the protected program. For example, this information may be certain parameters which are used when the program is executed, and which is determined by those who wish to protect their software. Because they are necessary for the software to work properly, such program calls cannot be removed.
- The interaction of the protected program with the Smart Card is controlled by the special software (object code) entered into the data library of the program when the original program is encrypted. This special software may also provide for scrambling of the communication between the computer and the Smart Card.
- FIG. 3 shows how a common command or execution file (.EXE file) is generated without encryption; and FIGS. 4 and 5, each in their own manner, depict how encryption can be carried out on the source code level according to the invention.
- FIG. 6 illustrates that the software itself is placed on a magnetic storage disk, whereas the special program (object code or data library) is supplied to the random access memory (RAM) of the computer.
- FIGS. 7 and 9 illustrate such processes which take place when the protected software is utilized in a computer.
- FIG. 8 shows an example of an encryption process of the type shown in FIGS. 4 and 5. Here, it is assumed that the source code is present in a high level programming language, such as Pascal, C, Modula, or the like. It is the source code that is being encrypted and thus protected against so-called unauthorized use. In the source code a few parameters are selected which are encrypted by means of an encryption function g. For example, an expression, x:=y+10, present in a command in the unprotected source code can be represented as:
- C:=decrypt(g(10)+t),
- x:=y+(C−T),
- where: g(10) is an encrypted parameter, and T is a variable, the random value of which, in this case, being fetched from the Smart Card.
- To obtain a correct value of x the protected program must “arrive at” a value of C, which must be equal 10+T. The decrypt program is located in the “special software”(the added object code) which constitutes a part of the protected software (see FIG. 5). This special software also comprises scrambling and descrambling functions, which here are denoted f and f−1, as well programs for the communication with the Smart Card (see FIG. 7). In the communication with the Smart Card, the functions f and f−1 employ keys which are fetched from the Smart Card, the Smart Card itself containing:
- 1. a number generator to produce a random value of variable T located in the protected software,
- 2. a secret key for the decryption function g−1,
- 3. an algorithm for the decryption function g−1, and
- 4. one or more keys for functions f and f−1. It should be noted that it is important that the encryption function g and decryption function g−1 represent a public key crypto system not being symmetric. This means that the encryption function g employs a public key which may be known, this key, however, not being sufficient to arrive at the decryption function g−1 (neither its algorithm, nor its key). Thus, the algorithm and key for the decryption function g−1 is placed on the Smart Card, from which they are never transmitted.
- It is required that the functions f, f−1, g, g−1 are commutative (i.e. they are interchangeable without altering value). Here this means that they must have the following property:
- f −1(f(g(x))))=x.
- Upon the utilization in a computer of a program protected in this way, the execution of the program starts as usual (FIG. 7). Through the communication with the Smart Card a value of variable T and the keys for functions f, g, f−1 are entered into the software. The execution of the program then continues as usual. At the moment the execution reaches an encrypted parameter ((g(10) in the example shown) the value (g(10)+T)) is sent to the special software which further conveys f(g(10)+T)−T) to the Smart Card. In the Smart Card, the value of g−1 ((10)+T)−T) is calculated, and this value is returned to the special software. By means of the special software f−1(g−1((10)+T)−T))) is then calculated, this being equal to x and x+T; and this result is supplied to the protected program as parameter C for the utilization in the program.
- Having this kind of encryption-decryption arrangement according to the invention, the following advantages and possibilities are realized:
- 1. Great flexibility by the use of Smart Cards.
- 2. The licensing of Smart Cards (i.e. users) can be provided by the importers or agents engaged by software producers. A Smart Card may then contain licenses, or permissions, at several levels for various software packages which have the same authentication format and algorithms.
- 3. A first level of encryption employing an unsymmetric, dual key encryption arrangement (public key/private key crypto system), such as the RSA crypto system, whereby the public key is available only to the software producer, and the private key is a secret key which the manufacturer of the Smart Card enters into the read only memory (ROM) of the Smart Card according to specifications given by the software producer. The private key may be different for each program package.
- 4. An unsymmetric, encrypted authentication key which is transferred to the Smart Card when the running of protected software begins and which is decrypted in the Smart Card by means of a private key no. 0 to initiate an authentication process in the Smart Card.
- 5. Encryption at the level of source code, making the arrangement independent of the operating system. By encrypting small parts, or fragments, only of files, such as of command files, it is difficult to identify those parts of the software being encrypted for the purpose of attacking such parts in one way or another. Also, the decryption algorithms and keys are easily entered onto the Smart Card.
- 6. A second level of encryption whereby the communication between the host computer and Smart Card is such that it becomes difficult to trace anything making sense from that communication by the logging thereof. The algorithms to be employed are located both in the protected software and the Smart Card, and both the encryption keys and the decryption keys are located in the Smart Card, i.e. hidden to the user. The encryption algorithm and key may be different for various types of software.
- FIGS. 10A and 10B, taken together, serve to demonstrate that the application area of the arrangement according to the invention is extendable also to cover access checking, or authentication, for example, as further possibilities also may exist. In such an embodiment of the invention, the software to be protected may be provided with an authentication key encrypted by employing a so-called public key and an identification number for the software package in question. Then, the external unit, such as the Smart Card, would contain decryption algorithms which preferably are mask programmed, and a private key no. 0 (in the ROM) to be used to decrypt the authentication key, as well as an access or authentication table which may be configured as the table shown below.
PID AcL PK (Program I.D. No.) (Access Level) (Private Key) PID (1) AcL (1) PK (1) PID (2) AcL (2) PK (1) PID (3) AcL (3) PK (3) . . . . . . . . . PID (n) AcL (n) PK (n) - In the table, PID denotes the identity number of the software, such that different programs are assigned dissimilar identity numbers which also may contain the version number of the respective software products, or the like, for example. AcL denotes the access level or status, such as:
- 1. two different levels, namely access permitted and access not permitted,
- 2. a limited number of times the respective program can be run,
- 3. a time limit for the use of a program, e.g. a permission expiration date,
- 4. access to a shortened variant only of the program, e.g. a so-called demo-variant.
- The entries in the access level column, AcL, of the table are amendable by the importer or agent of the software product, for example.
- In the private key column, PK, the software producer specifies the secret keys to be employed in the decryption of the encrypted fragments dependent on the identity number, PID, of the software. The secret keys are mask programmed in the Smart Card and are not available to anyone else.
- FIG. 11 is a flow chart schematically illustrating a principally complete course of processes according to a preferred embodiment of the invention, the steps being:
- 1. encryption of the source code (g1, k1),
- 2. scrambling of the encrypted data (g3, k3),
- 3. transfer of the scrambled encrypted data to the external unit and descrambling thereof (g4, k4),
- 4. decryption of the transferred and descrambled data (g2, k2),
- 5. processing of the decrypted data, and scrambling of the result (g5, k5),
- 6. transfer of the scrambled result to the host computer and descrambling thereof (g6, k6), and
- 7. output of the decrypted result for further utilization.
- In the examples shown of embodiments of the invention, a Smart Card constitutes the preferred implementation of the external units indicated in the claims below. This is quite simply because the Smart Card technology is considered as being the most “tamper-proof” protection of the algorithms, keys, a.s.o., which necessarily have to be stored in the external unit, or in a separate article, according to the annexed claims. The small number of manufacturers of such cards in the world, and i.a. the large values being at disposal by the use of such cards, in particular cards having the form of payment transaction cards, contribute strongly to the fact that the knowledge required to falsify such Smart Cards, will not be readily available to persons having dishonest intentions. However, this does not impede a possible development of new techniques which may be just as well, or better, suited for the purpose of the present invention. Therefore, the patent claims are meant also to cover such future external units and separate articles indicated in the claims which may provide at least the same degree of security as the Smart Card now preferred.
Claims (33)
1. A method of executing code of at least one software program in a multi-processor computer environment, each software program including (i) a first portion of software code to be executed in a computer, and (ii) a second portion of software code that includes one or more fragments of code of the software program, the method comprising executing the second portion of code in one or more external devices which are in communication with the computer.
2. The method of claim 1 wherein the second portion of code is encrypted, the method further comprising transferring the second portion of code to a secure computer environment, and decrypting the second portion of code in the one or more external devices prior to execution.
3. The method of claim 2 wherein the one or more external devices are one or more smart cards, each smart card including a processor for executing the second portion of code, the smart card being the secure computer environment.
4. The method of claim 1 wherein the fragments of code are interspersed within the first portion of code.
5. The method of claim 1 wherein the second portion of code is stored in the computer, the method further comprising downloading the second portion of code into the one or more external devices prior to execution.
6. The method of claim 1 wherein there are a plurality of software programs, and the second portions include fragments from more than one of the software programs.
7. The method of claim 1 wherein the one or more external devices are tamper-resistant.
8. The method of claim 1 wherein the one or more external devices are one or more smart cards.
9. An apparatus which executes code of at least one software program in a multi-processor computer environment, each software program including (i) a first portion of software code, and
(ii) a second portion of software code that includes one or more fragments of code of the software program, the apparatus comprising:
(a) a first computer which executes the first portion; and
(b) one or more externals unit in communication with the computer, the one or more external units executing the second portion.
10. The apparatus of claim 9 wherein the second portion of code is encrypted, the apparatus further comprising:
(c) means for transferring the second portion of code to a secure computer environment; and
(d) means for decrypting the second portion of code in the one or more external devices prior to execution.
11. The apparatus of claim 10 wherein the one or more external devices are one or more smart cards, each smart card including a processor for executing the second portion of code, the smart card being the secure computer environment.
12. The apparatus of claim 9 wherein the second portion of code is stored in the computer, the apparatus further comprising:
(e) means for downloading the second portion of code into the one or more external devices prior to execution.
13. The apparatus of claim 9 wherein the one or more external devices are tamper-resistant.
14. The apparatus of claim 9 wherein the one or more external devices are one or more smart cards.
15. A method of transforming a computer program which includes software code, the method comprising:
(a) identifying one or more fragments of the software code,
(b) associating a program call with each of the identified fragments; and
(c) inserting the program call into the software code, thereby transforming the software program,
wherein when a program call is reached, the respective fragment of software code is executed.
16. The method of claim 15 further comprising:
(d) encrypting the software code associated with the identified fragments; and
(e) replacing the fragments with encrypted versions of the software code.
17. A method of executing a computer program which includes software code, the software code having (i) a first portion, and (ii) a second portion, the second portion including one or more fragments of the software code and a program call associated with each fragment, the method comprising:
(a) executing the first portion; and
(b) executing the associated fragments when a program call in the second portion is reached.
18. The method of claim 17 wherein the first portion executes in a computer, and the second portion executes in an external device with respect to the computer, and step (b) further comprises sending a fragment to the external device when a program call of the associated fragment is reached, and executing the fragment in the external device.
19. The method of claim 18 wherein step (b) further comprises generating a result upon execution of the fragment in the external device, the result being used during subsequent execution of the computer program.
20. The method of claim 18 wherein the external device is a smart card.
21. The method of claim 17 wherein the one or more fragments are encrypted code, the method further comprising:
(c) decrypting the one or more fragments prior to execution thereof.
22. An apparatus for executing a computer program which includes software code, the software code having (i) a first portion, and (ii) a second portion, the second portion including one or more fragments of the software code and a program call associated with each fragment, the apparatus comprising:
(a) means for executing the first portion; and
(b) means for executing the associated fragments when a program call in the second portion is reached.
23. The apparatus of claim 22 wherein the means for executing the first portion is in a computer, and the means for executing the associated fragments is in an external device with respect to the computer, and a fragment is sent to the external device when a program call of the associated fragment is reached, and is then executed in the external device.
24. The apparatus of claim 23 wherein the external device is a smart card.
25. The apparatus of claim 22 wherein the one or more fragments are encrypted code, the apparatus further comprising:
(c) means for decrypting the one or more fragments prior to execution thereof.
26. A method of access control of software code which is executed on a smart card that is in communication with a host computer, the smart card having stored therein access control parameters for identified software code, the method comprising:
(a) the host computer uploading software code and its identity data to the smart card; and
(b) the smart card using the access control parameters and the identity data to determine whether access is permissible for the uploaded software code, wherein the software may be executed only if access is permissible.
27. The method of claim 26 wherein the software code includes one or more fragments of software code of a software program that executes at the host computer.
28. The method of claim 26 wherein access control parameters include one or more of permission status, number of runs data, time data, and program variant data.
29. The method of claim 26 further comprising:
(c) modifying at least one of the access control parameters subsequent to an initial storage of the access control parameters.
30. A method of executing a plurality of software code fragments of a software program on an external unit, wherein the external unit is connected to a computer, the external unit including a processor and a memory, the method comprising:
(a) at execution time of each of the software code fragments, automatically uploading the respective software code fragment to the memory of the external unit; and
(b) executing the respective software code fragment in the external unit using only the processor and the memory of the external unit.
31. The method of claim 30 wherein the software code fragments are encrypted, the method further comprising:
(c) after step (a) and prior to step (b), decrypting the software code fragments.
32. A method of preparing code of a software program, the software program including (i) a first portion of source code to be executed by a first processor, and (ii) a second portion of source code to be executed by a second processor, the second portion of source code including one or more fragments of code of the software program, the method comprising prior to compilation of the software program, encrypting only the second portion of source code.
33. The method of claim 32 wherein the second processor is a smart card.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/752,429 US20040193987A1 (en) | 1995-07-13 | 2004-01-06 | Protection of software code from unauthorized use by executing portions of the code in a secure computer environment separate from the environment that executes the remaining portions of the code |
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
NO952795A NO302388B1 (en) | 1995-07-13 | 1995-07-13 | Procedure and apparatus for protecting software against unauthorized use |
NO952795 | 1995-07-13 | ||
US08/983,461 US6266416B1 (en) | 1995-07-13 | 1996-07-10 | Protection of software against use without permit |
US09/873,351 US20030190043A1 (en) | 1995-07-13 | 2001-06-05 | Protection of software against use without permit |
US10/752,429 US20040193987A1 (en) | 1995-07-13 | 2004-01-06 | Protection of software code from unauthorized use by executing portions of the code in a secure computer environment separate from the environment that executes the remaining portions of the code |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/873,351 Continuation US20030190043A1 (en) | 1995-07-13 | 2001-06-05 | Protection of software against use without permit |
Publications (1)
Publication Number | Publication Date |
---|---|
US20040193987A1 true US20040193987A1 (en) | 2004-09-30 |
Family
ID=19898393
Family Applications (3)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US08/983,461 Expired - Fee Related US6266416B1 (en) | 1995-07-13 | 1996-07-10 | Protection of software against use without permit |
US09/873,351 Abandoned US20030190043A1 (en) | 1995-07-13 | 2001-06-05 | Protection of software against use without permit |
US10/752,429 Abandoned US20040193987A1 (en) | 1995-07-13 | 2004-01-06 | Protection of software code from unauthorized use by executing portions of the code in a secure computer environment separate from the environment that executes the remaining portions of the code |
Family Applications Before (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US08/983,461 Expired - Fee Related US6266416B1 (en) | 1995-07-13 | 1996-07-10 | Protection of software against use without permit |
US09/873,351 Abandoned US20030190043A1 (en) | 1995-07-13 | 2001-06-05 | Protection of software against use without permit |
Country Status (17)
Country | Link |
---|---|
US (3) | US6266416B1 (en) |
EP (2) | EP0855052B1 (en) |
JP (1) | JP4267065B2 (en) |
KR (1) | KR19990028931A (en) |
CN (1) | CN1155866C (en) |
AT (1) | ATE233916T1 (en) |
AU (1) | AU713872B2 (en) |
DE (1) | DE69626530T2 (en) |
DK (1) | DK0855052T3 (en) |
ES (1) | ES2194109T3 (en) |
HK (2) | HK1009533A1 (en) |
IL (1) | IL122888A (en) |
NO (1) | NO302388B1 (en) |
NZ (1) | NZ313319A (en) |
PL (1) | PL187088B1 (en) |
PT (1) | PT855052E (en) |
WO (1) | WO1997003398A1 (en) |
Cited By (17)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010044902A1 (en) * | 2000-01-03 | 2001-11-22 | Shavit Nir N. | Secure software system and related techniques |
US20030150913A1 (en) * | 2000-07-07 | 2003-08-14 | Fujitsu Limited | IC card terminal |
US20050204405A1 (en) * | 2004-03-04 | 2005-09-15 | Brian Wormington | Method and system for digital rights management |
US20070135111A1 (en) * | 2005-12-09 | 2007-06-14 | Floyd David G | Layered mobile application security system |
EP1798653A1 (en) | 2005-12-16 | 2007-06-20 | Aladdin Europe GmbH | Method and device for protecting a program comprising a function block |
US20070177720A1 (en) * | 2004-03-11 | 2007-08-02 | Oberthur Card Systems Sa | Secure data processing method based particularly on a cryptographic algorithm |
WO2007126341A2 (en) * | 2006-04-27 | 2007-11-08 | Vladimir Nikitich Vstovskiy | Method and device for protecting software from unauthorized use |
US20080133419A1 (en) * | 2006-12-05 | 2008-06-05 | Brian Wormington | Secure financial transaction system and method |
DE102007059798B3 (en) * | 2007-12-11 | 2009-04-09 | Ascolab Gmbh | Executable program code i.e. executable file, coding method for computer, involves combining chains of sequential instructions to code fragments, and coding and storing detected code fragments belonging to methods in program library |
US20090276826A1 (en) * | 2008-04-30 | 2009-11-05 | Ricoh Company, Ltd. | Image forming apparatus, method, and computer-readable recording medium for access control |
US20110271260A1 (en) * | 2008-12-29 | 2011-11-03 | Oin Kwon | Method for separately executing software, apparatus, and computer-readable recording medium |
US20130283396A1 (en) * | 2009-07-30 | 2013-10-24 | Rascalim Software Security Ltd. | System and method for limiting execution of software to authorized users |
WO2014030168A2 (en) | 2011-08-05 | 2014-02-27 | Kpit Technologies Ltd. | A system for protection of embedded software codes |
US20170076072A1 (en) * | 2015-09-11 | 2017-03-16 | Patrick Robert Koren | Method and apparatus for preventing and investigating software piracy |
US11163859B2 (en) * | 2011-09-09 | 2021-11-02 | Nvidia Corporation | Content protection via online servers and code execution in a secure operating system |
US20220374512A1 (en) * | 2021-05-21 | 2022-11-24 | Vmware, Inc. | Software-based hardware security module (hsm) for a virtualized computing environment |
US11829454B2 (en) * | 2018-03-09 | 2023-11-28 | Patrick Robert Koren | Method and apparatus for preventing and investigating software piracy |
Families Citing this family (103)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
NO302388B1 (en) * | 1995-07-13 | 1998-02-23 | Sigurd Sigbjoernsen | Procedure and apparatus for protecting software against unauthorized use |
US6523119B2 (en) | 1996-12-04 | 2003-02-18 | Rainbow Technologies, Inc. | Software protection device and method |
FR2760871B1 (en) * | 1997-03-13 | 1999-04-16 | Bull Cp8 | METHOD FOR STORING AND EXPLOITING SENSITIVE INFORMATION IN A SECURITY MODULE, AND RELATED SECURITY MODULE |
SG67401A1 (en) * | 1997-07-07 | 1999-09-21 | Low Huan Khing | A method and system for protecting intellectual property products distributed in mass market |
US6442276B1 (en) | 1997-07-21 | 2002-08-27 | Assure Systems, Inc. | Verification of authenticity of goods by use of random numbers |
US6643775B1 (en) * | 1997-12-05 | 2003-11-04 | Jamama, Llc | Use of code obfuscation to inhibit generation of non-use-restricted versions of copy protected software applications |
EP1211681B1 (en) | 1998-01-20 | 2007-02-14 | Fujitsu Limited | Data storage device and control method therefor |
EP1004979A1 (en) * | 1998-11-24 | 2000-05-31 | CANAL+ Société Anonyme | Portable electronic card |
US7140005B2 (en) * | 1998-12-21 | 2006-11-21 | Intel Corporation | Method and apparatus to test an instruction sequence |
US7730300B2 (en) | 1999-03-30 | 2010-06-01 | Sony Corporation | Method and apparatus for protecting the transfer of data |
US6697489B1 (en) | 1999-03-30 | 2004-02-24 | Sony Corporation | Method and apparatus for securing control words |
JP2001016195A (en) * | 1999-04-27 | 2001-01-19 | Matsushita Electric Ind Co Ltd | Information utilization controller |
FR2793050B1 (en) * | 1999-04-28 | 2001-08-17 | Fingerprint | METHOD FOR SECURING USER SOFTWARE FROM A SECRET PROCESSING AND STORING UNIT AND SYSTEM USING THE SAME |
US7036738B1 (en) | 1999-05-03 | 2006-05-02 | Microsoft Corporation | PCMCIA-compliant smart card secured memory assembly for porting user profiles and documents |
US7117369B1 (en) * | 1999-05-03 | 2006-10-03 | Microsoft Corporation | Portable smart card secured memory system for porting user profiles and documents |
US6681214B1 (en) * | 1999-06-29 | 2004-01-20 | Assure Systems, Inc. | Secure system for printing authenticating digital signatures |
JP4127587B2 (en) | 1999-07-09 | 2008-07-30 | 株式会社東芝 | Content management method, content management apparatus, and recording medium |
US7351919B1 (en) * | 1999-07-15 | 2008-04-01 | Thomson Licensing | Port cover for limiting transfer of electromagnetic radiation from a port defined in a host device |
US6684389B1 (en) * | 1999-08-05 | 2004-01-27 | Canon Kabushiki Kaisha | Compiler that decrypts encrypted source code |
EP1076279A1 (en) * | 1999-08-13 | 2001-02-14 | Hewlett-Packard Company | Computer platforms and their methods of operation |
GB9922665D0 (en) | 1999-09-25 | 1999-11-24 | Hewlett Packard Co | A method of enforcing trusted functionality in a full function platform |
US6912513B1 (en) * | 1999-10-29 | 2005-06-28 | Sony Corporation | Copy-protecting management using a user scrambling key |
US7039614B1 (en) | 1999-11-09 | 2006-05-02 | Sony Corporation | Method for simulcrypting scrambled data to a plurality of conditional access devices |
DE10003086A1 (en) * | 2000-01-25 | 2001-08-02 | Infineon Technologies Ag | Data processing system |
SE0000871L (en) * | 2000-03-13 | 2001-09-14 | Oerjan Vestgoete | A method and system for preventing unauthorized use of software in electronic commerce |
KR20000053933A (en) * | 2000-05-10 | 2000-09-05 | 류종렬 | System for confirming of original software and the method thereof |
DE10023820B4 (en) * | 2000-05-15 | 2006-10-19 | Siemens Ag | Software protection mechanism |
WO2001088732A1 (en) * | 2000-05-17 | 2001-11-22 | Smart Modular Technologies, (Ma) Inc. | Programming a memory based on information obtained from a remote location |
MD1871G2 (en) * | 2000-07-28 | 2002-08-31 | Компания ДЕКАРТ с ограниченной ответственностью | Process for protection from copying of databases and computer programs |
JP4067757B2 (en) * | 2000-10-31 | 2008-03-26 | 株式会社東芝 | Program distribution system |
US8909555B2 (en) * | 2001-04-24 | 2014-12-09 | Hewlett-Packard Development Company, L.P. | Information security system |
CA2446489A1 (en) | 2001-05-11 | 2002-11-21 | Sospita As | Sequence numbering mechanism to ensure execution order integrity of inter-dependent smart card applications |
EP1296477A1 (en) * | 2001-05-15 | 2003-03-26 | Mitsubishi Denki Kabushiki Kaisha | Content reproduction apparatus, content distribution server, and content distribution system |
US7151831B2 (en) | 2001-06-06 | 2006-12-19 | Sony Corporation | Partial encryption and PID mapping |
US7747853B2 (en) | 2001-06-06 | 2010-06-29 | Sony Corporation | IP delivery of secure digital content |
US7895616B2 (en) | 2001-06-06 | 2011-02-22 | Sony Corporation | Reconstitution of program streams split across multiple packet identifiers |
US7146340B1 (en) * | 2001-07-25 | 2006-12-05 | Novell, Inc. | Method and systems for licensing electronic data |
KR100435918B1 (en) * | 2001-11-09 | 2004-06-16 | 주식회사 휴맥스 | Method for encryption recording a data in digital broadcasting program |
US20040255136A1 (en) * | 2001-11-12 | 2004-12-16 | Alexey Borisovich Fadyushin | Method and device for protecting information against unauthorised use |
CA2363795A1 (en) * | 2001-11-26 | 2003-05-26 | Cloakware Corporation | Computer system protection by communication diversity |
AU2002354095B2 (en) * | 2001-12-21 | 2008-01-10 | Sony Interactive Entertainment Inc. | Methods and apparatus for secure distribution of program content |
KR20030055713A (en) * | 2001-12-27 | 2003-07-04 | 한국전자통신연구원 | The apparatus and method of digital contents's protection |
US7823174B2 (en) | 2002-01-02 | 2010-10-26 | Sony Corporation | Macro-block based content replacement by PID mapping |
US7765567B2 (en) | 2002-01-02 | 2010-07-27 | Sony Corporation | Content replacement by PID mapping |
JP2003280754A (en) * | 2002-03-25 | 2003-10-02 | Nec Corp | Hidden source program, source program converting method and device and source converting program |
US7162644B1 (en) | 2002-03-29 | 2007-01-09 | Xilinx, Inc. | Methods and circuits for protecting proprietary configuration data for programmable logic devices |
US20030200449A1 (en) * | 2002-04-17 | 2003-10-23 | International Business Machines Corporation | Method of accessing a shared subroutine of computer system |
US20030217280A1 (en) * | 2002-05-17 | 2003-11-20 | Keaton Thomas S. | Software watermarking for anti-tamper protection |
US7093119B2 (en) | 2002-07-16 | 2006-08-15 | International Business Machines Corporation | Methods and computer program products for protecting source code of an interpreted programming language |
AU2003268037A1 (en) * | 2002-07-30 | 2004-02-16 | Digital Interactive Streams, Inc. | Digital content security system and method |
CN101145177B (en) | 2002-08-01 | 2011-06-15 | 松下电器产业株式会社 | Encrypted - program generating method and apparatus |
GB2392262A (en) * | 2002-08-23 | 2004-02-25 | Hewlett Packard Co | A method of controlling the processing of data |
US8818896B2 (en) | 2002-09-09 | 2014-08-26 | Sony Corporation | Selective encryption with coverage encryption |
US7724907B2 (en) | 2002-11-05 | 2010-05-25 | Sony Corporation | Mechanism for protecting the transfer of digital content |
US8572408B2 (en) | 2002-11-05 | 2013-10-29 | Sony Corporation | Digital rights management of a digital device |
AR042599A1 (en) * | 2002-11-19 | 2005-06-29 | Schiavoni Juan Jose | METHOD OF PROTECTION OF PROGRAMS AND EQUIPMENT TO PERFORM IT |
JP2004171367A (en) * | 2002-11-21 | 2004-06-17 | Matsushita Electric Ind Co Ltd | Circuit operation simulation device, circuit operation simulation method, circuit operation simulation program, and circuit information decoding program |
JP3878542B2 (en) * | 2002-11-29 | 2007-02-07 | 株式会社東芝 | Recording device |
US8645988B2 (en) | 2002-12-13 | 2014-02-04 | Sony Corporation | Content personalization for digital content |
US8667525B2 (en) | 2002-12-13 | 2014-03-04 | Sony Corporation | Targeted advertisement selection from a digital stream |
ATE322039T1 (en) * | 2003-01-14 | 2006-04-15 | Aladdin Knowledge Systems Gmbh | METHOD FOR EXPANDING A PROGRAM TO INCLUDE A COPY PROTECTION FUNCTION |
WO2005022341A2 (en) * | 2003-08-29 | 2005-03-10 | Tgbw Inc. | Flash memory distribution of digital content |
US7353499B2 (en) * | 2003-09-25 | 2008-04-01 | Sun Microsystems, Inc. | Multiple instruction dispatch tables for application program obfuscation |
US7363620B2 (en) * | 2003-09-25 | 2008-04-22 | Sun Microsystems, Inc. | Non-linear execution of application program instructions for application program obfuscation |
US20050071656A1 (en) * | 2003-09-25 | 2005-03-31 | Klein Dean A. | Secure processor-based system and method |
US8220058B2 (en) * | 2003-09-25 | 2012-07-10 | Oracle America, Inc. | Rendering and encryption engine for application program obfuscation |
US7415618B2 (en) * | 2003-09-25 | 2008-08-19 | Sun Microsystems, Inc. | Permutation of opcode values for application program obfuscation |
US20050069138A1 (en) * | 2003-09-25 | 2005-03-31 | Sun Microsystems, Inc., A Delaware Corporation | Application program obfuscation |
US7424620B2 (en) * | 2003-09-25 | 2008-09-09 | Sun Microsystems, Inc. | Interleaved data and instruction streams for application program obfuscation |
US7853980B2 (en) | 2003-10-31 | 2010-12-14 | Sony Corporation | Bi-directional indices for trick mode video-on-demand |
JP2007515723A (en) * | 2003-12-22 | 2007-06-14 | コーニンクレッカ フィリップス エレクトロニクス エヌ ヴィ | Software execution protection using active entities |
WO2006003632A2 (en) * | 2004-07-02 | 2006-01-12 | Philips Intellectual Property & Standards Gmbh | Security unit and method for protecting data |
US20060020552A1 (en) * | 2004-07-26 | 2006-01-26 | James Sloan | Copy-restriction system for digitally recorded, computer disk-based music recordings |
US7895617B2 (en) | 2004-12-15 | 2011-02-22 | Sony Corporation | Content substitution editor |
US8041190B2 (en) | 2004-12-15 | 2011-10-18 | Sony Corporation | System and method for the creation, synchronization and delivery of alternate content |
US20060137016A1 (en) * | 2004-12-20 | 2006-06-22 | Dany Margalit | Method for blocking unauthorized use of a software application |
CN100373376C (en) * | 2005-01-21 | 2008-03-05 | 深圳市致芯微电子有限公司 | Encryption chip, CPU program encryption method using said chip and system thereof |
US8539587B2 (en) | 2005-03-22 | 2013-09-17 | Hewlett-Packard Development Company, L.P. | Methods, devices and data structures for trusted data |
EP1717723A1 (en) | 2005-04-29 | 2006-11-02 | ST Incard S.r.l. | Improved virtual machine or hardware processor for IC-card portable electronic devices |
JP2007065850A (en) * | 2005-08-30 | 2007-03-15 | Fujitsu Ltd | Information processing device, information processing method and program |
US20070074050A1 (en) * | 2005-09-14 | 2007-03-29 | Noam Camiel | System and method for software and data copy protection |
JP4631658B2 (en) * | 2005-11-09 | 2011-02-16 | ソニー株式会社 | Digital broadcast receiving system and digital broadcast receiving apparatus |
CN100446016C (en) * | 2005-11-17 | 2008-12-24 | 北京兆维电子(集团)有限责任公司 | System for realizing data security protecting |
US8701091B1 (en) | 2005-12-15 | 2014-04-15 | Nvidia Corporation | Method and system for providing a generic console interface for a graphics application |
US8185921B2 (en) | 2006-02-28 | 2012-05-22 | Sony Corporation | Parental control of displayed content using closed captioning |
US8452981B1 (en) * | 2006-03-01 | 2013-05-28 | Nvidia Corporation | Method for author verification and software authorization |
US8963932B1 (en) | 2006-08-01 | 2015-02-24 | Nvidia Corporation | Method and apparatus for visualizing component workloads in a unified shader GPU architecture |
US8436870B1 (en) | 2006-08-01 | 2013-05-07 | Nvidia Corporation | User interface and method for graphical processing analysis |
US8607151B2 (en) * | 2006-08-01 | 2013-12-10 | Nvidia Corporation | Method and system for debugging a graphics pipeline subunit |
US8436864B2 (en) * | 2006-08-01 | 2013-05-07 | Nvidia Corporation | Method and user interface for enhanced graphical operation organization |
CN100428262C (en) * | 2006-09-22 | 2008-10-22 | 中山大学 | A software protection method based on modified one time pad |
US8479020B2 (en) * | 2007-07-25 | 2013-07-02 | Motorola Mobility Llc | Method and apparatus for providing an asymmetric encrypted cookie for product data storage |
US8448002B2 (en) * | 2008-04-10 | 2013-05-21 | Nvidia Corporation | Clock-gated series-coupled data processing modules |
KR101224717B1 (en) * | 2008-12-26 | 2013-01-21 | 에스케이플래닛 주식회사 | Method for Protecting Software License, System, Server, Terminal And Computer-Readable Recording Medium with Program therefor |
US9754115B2 (en) | 2011-03-21 | 2017-09-05 | Irdeto B.V. | System and method for securely binding and node-locking program execution to a trusted signature authority |
ITMI20120561A1 (en) | 2012-04-05 | 2013-10-06 | St Microelectronics Srl | METHOD TO PROTECT AN APPLICATION PROGRAM |
US9323315B2 (en) | 2012-08-15 | 2016-04-26 | Nvidia Corporation | Method and system for automatic clock-gating of a clock grid at a clock source |
US8850371B2 (en) | 2012-09-14 | 2014-09-30 | Nvidia Corporation | Enhanced clock gating in retimed modules |
US9471456B2 (en) | 2013-05-15 | 2016-10-18 | Nvidia Corporation | Interleaved instruction debugger |
CN103324871A (en) * | 2013-05-23 | 2013-09-25 | 董礼貌 | Software changing linking device, system and method |
CN104462990B (en) * | 2013-09-13 | 2019-02-26 | 腾讯科技(深圳)有限公司 | Character string encipher-decipher method and device |
JP6287964B2 (en) * | 2015-06-09 | 2018-03-07 | 株式会社デンソー | Software duplication prevention system |
WO2018235268A1 (en) * | 2017-06-23 | 2018-12-27 | 三菱電機株式会社 | Illegal use prevention system of ladder program, unauthorized use prevention method of ladder program, engineering tool, license distribution server and programmable controller |
Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4558176A (en) * | 1982-09-20 | 1985-12-10 | Arnold Mark G | Computer systems to inhibit unauthorized copying, unauthorized usage, and automated cracking of protected software |
US4634807A (en) * | 1984-08-23 | 1987-01-06 | National Research Development Corp. | Software protection device |
US4799258A (en) * | 1984-02-13 | 1989-01-17 | National Research Development Corporation | Apparatus and methods for granting access to computers |
US4817140A (en) * | 1986-11-05 | 1989-03-28 | International Business Machines Corp. | Software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocessor |
US5081676A (en) * | 1990-10-04 | 1992-01-14 | Chou Wayne W | Method and apparatus for protecting multiple copies of computer software from unauthorized use |
US5109413A (en) * | 1986-11-05 | 1992-04-28 | International Business Machines Corporation | Manipulating rights-to-execute in connection with a software copy protection mechanism |
US5319704A (en) * | 1993-06-17 | 1994-06-07 | Exar Corporation | Control circuit for voltage controlled attenuator for speakerphones |
US5337357A (en) * | 1993-06-17 | 1994-08-09 | Software Security, Inc. | Method of software distribution protection |
US5343527A (en) * | 1993-10-27 | 1994-08-30 | International Business Machines Corporation | Hybrid encryption method and system for protecting reusable software components |
US5398285A (en) * | 1993-12-30 | 1995-03-14 | Motorola, Inc. | Method for generating a password using public key cryptography |
US5410717A (en) * | 1991-03-22 | 1995-04-25 | Allen-Bradley Company, Inc. | Removable function card for a programmable controller processor |
US5485519A (en) * | 1991-06-07 | 1996-01-16 | Security Dynamics Technologies, Inc. | Enhanced security for a secure token code |
US5651068A (en) * | 1995-03-08 | 1997-07-22 | Hewlett-Packard Company | International cryptography framework |
US6266416B1 (en) * | 1995-07-13 | 2001-07-24 | Sigbjoernsen Sigurd | Protection of software against use without permit |
Family Cites Families (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2523745B1 (en) * | 1982-03-18 | 1987-06-26 | Bull Sa | METHOD AND DEVICE FOR PROTECTING SOFTWARE DELIVERED BY A SUPPLIER TO A USER |
GB8423784D0 (en) * | 1984-09-20 | 1984-10-24 | Fifield K J | Processing device |
CA1238427A (en) * | 1984-12-18 | 1988-06-21 | Jonathan Oseas | Code protection using cryptography |
EP0266748B1 (en) * | 1986-11-05 | 1995-02-08 | International Business Machines Corporation | A software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocessor |
US5222133A (en) * | 1991-10-17 | 1993-06-22 | Wayne W. Chou | Method of protecting computer software from unauthorized execution using multiple keys |
US5319705A (en) * | 1992-10-21 | 1994-06-07 | International Business Machines Corporation | Method and system for multimedia access control enablement |
DE4239865A1 (en) | 1992-11-27 | 1994-06-01 | Heinz Johann | Unauthorised program use prevention method - inserting installation chip card data carrier into test appts. before starting, interrogating card to check program addresses, and interrupting program with incorrect answer |
DE4419115A1 (en) * | 1994-06-01 | 1994-10-20 | Michael Doelker | Method of highly effective protection from unauthorised use of software copies |
-
1995
- 1995-07-13 NO NO952795A patent/NO302388B1/en not_active IP Right Cessation
-
1996
- 1996-07-10 WO PCT/NO1996/000171 patent/WO1997003398A1/en active Search and Examination
- 1996-07-10 KR KR1019980700233A patent/KR19990028931A/en not_active Application Discontinuation
- 1996-07-10 EP EP96925180A patent/EP0855052B1/en not_active Expired - Lifetime
- 1996-07-10 IL IL12288896A patent/IL122888A/en not_active IP Right Cessation
- 1996-07-10 DK DK96925180T patent/DK0855052T3/en active
- 1996-07-10 AT AT96925180T patent/ATE233916T1/en not_active IP Right Cessation
- 1996-07-10 PT PT96925180T patent/PT855052E/en unknown
- 1996-07-10 JP JP50571097A patent/JP4267065B2/en not_active Expired - Fee Related
- 1996-07-10 ES ES96925180T patent/ES2194109T3/en not_active Expired - Lifetime
- 1996-07-10 DE DE69626530T patent/DE69626530T2/en not_active Expired - Fee Related
- 1996-07-10 AU AU65357/96A patent/AU713872B2/en not_active Ceased
- 1996-07-10 US US08/983,461 patent/US6266416B1/en not_active Expired - Fee Related
- 1996-07-10 PL PL96324525A patent/PL187088B1/en not_active IP Right Cessation
- 1996-07-10 CN CNB96196247XA patent/CN1155866C/en not_active Expired - Fee Related
- 1996-07-10 EP EP02010974A patent/EP1253503A3/en not_active Withdrawn
- 1996-07-10 NZ NZ313319A patent/NZ313319A/en not_active IP Right Cessation
-
1998
- 1998-08-29 HK HK98110296A patent/HK1009533A1/en not_active IP Right Cessation
- 1998-08-29 HK HK02108918.0A patent/HK1048674A1/en unknown
-
2001
- 2001-06-05 US US09/873,351 patent/US20030190043A1/en not_active Abandoned
-
2004
- 2004-01-06 US US10/752,429 patent/US20040193987A1/en not_active Abandoned
Patent Citations (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4558176A (en) * | 1982-09-20 | 1985-12-10 | Arnold Mark G | Computer systems to inhibit unauthorized copying, unauthorized usage, and automated cracking of protected software |
US4799258A (en) * | 1984-02-13 | 1989-01-17 | National Research Development Corporation | Apparatus and methods for granting access to computers |
US4634807A (en) * | 1984-08-23 | 1987-01-06 | National Research Development Corp. | Software protection device |
US4817140A (en) * | 1986-11-05 | 1989-03-28 | International Business Machines Corp. | Software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocessor |
US5109413A (en) * | 1986-11-05 | 1992-04-28 | International Business Machines Corporation | Manipulating rights-to-execute in connection with a software copy protection mechanism |
US5081676A (en) * | 1990-10-04 | 1992-01-14 | Chou Wayne W | Method and apparatus for protecting multiple copies of computer software from unauthorized use |
US5410717A (en) * | 1991-03-22 | 1995-04-25 | Allen-Bradley Company, Inc. | Removable function card for a programmable controller processor |
US5485519A (en) * | 1991-06-07 | 1996-01-16 | Security Dynamics Technologies, Inc. | Enhanced security for a secure token code |
US5319704A (en) * | 1993-06-17 | 1994-06-07 | Exar Corporation | Control circuit for voltage controlled attenuator for speakerphones |
US5337357A (en) * | 1993-06-17 | 1994-08-09 | Software Security, Inc. | Method of software distribution protection |
US5343527A (en) * | 1993-10-27 | 1994-08-30 | International Business Machines Corporation | Hybrid encryption method and system for protecting reusable software components |
US5398285A (en) * | 1993-12-30 | 1995-03-14 | Motorola, Inc. | Method for generating a password using public key cryptography |
US5651068A (en) * | 1995-03-08 | 1997-07-22 | Hewlett-Packard Company | International cryptography framework |
US6266416B1 (en) * | 1995-07-13 | 2001-07-24 | Sigbjoernsen Sigurd | Protection of software against use without permit |
Cited By (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20010044902A1 (en) * | 2000-01-03 | 2001-11-22 | Shavit Nir N. | Secure software system and related techniques |
US20030150913A1 (en) * | 2000-07-07 | 2003-08-14 | Fujitsu Limited | IC card terminal |
US20050204405A1 (en) * | 2004-03-04 | 2005-09-15 | Brian Wormington | Method and system for digital rights management |
US20050216548A1 (en) * | 2004-03-04 | 2005-09-29 | Brian Wormington | Method and system for digital content distribution |
US20070177720A1 (en) * | 2004-03-11 | 2007-08-02 | Oberthur Card Systems Sa | Secure data processing method based particularly on a cryptographic algorithm |
US8386791B2 (en) * | 2004-03-11 | 2013-02-26 | Oberthur Technologies | Secure data processing method based particularly on a cryptographic algorithm |
US20070135111A1 (en) * | 2005-12-09 | 2007-06-14 | Floyd David G | Layered mobile application security system |
US7991159B2 (en) * | 2005-12-09 | 2011-08-02 | Alcatel-Lucent Usa Inc. | Layered mobile application security system |
EP1798653A1 (en) | 2005-12-16 | 2007-06-20 | Aladdin Europe GmbH | Method and device for protecting a program comprising a function block |
US20070143630A1 (en) * | 2005-12-16 | 2007-06-21 | Aladdin Knowledge Systems (Deutschland) Gmbh | Method and device for protecting a program comprising a functional block |
US8495388B2 (en) | 2005-12-16 | 2013-07-23 | Sfnt Germany Gmbh | Method and device for protecting a program comprising a functional block |
EA012921B1 (en) * | 2006-04-27 | 2010-02-26 | Владимир Никитич Встовский | Method and device for protecting software from unauthorized use |
US20090094601A1 (en) * | 2006-04-27 | 2009-04-09 | Vstovskiy Vladimir Nikitich | Method and device for protecting software from unauthorized use |
WO2007126341A3 (en) * | 2006-04-27 | 2008-04-17 | Vladimir Nikitich Vstovskiy | Method and device for protecting software from unauthorized use |
WO2007126341A2 (en) * | 2006-04-27 | 2007-11-08 | Vladimir Nikitich Vstovskiy | Method and device for protecting software from unauthorized use |
US20080133419A1 (en) * | 2006-12-05 | 2008-06-05 | Brian Wormington | Secure financial transaction system and method |
DE102007059798B3 (en) * | 2007-12-11 | 2009-04-09 | Ascolab Gmbh | Executable program code i.e. executable file, coding method for computer, involves combining chains of sequential instructions to code fragments, and coding and storing detected code fragments belonging to methods in program library |
US20090276826A1 (en) * | 2008-04-30 | 2009-11-05 | Ricoh Company, Ltd. | Image forming apparatus, method, and computer-readable recording medium for access control |
US9135468B2 (en) * | 2008-04-30 | 2015-09-15 | Ricoh Company, Ltd. | Apparatus, method, and computer-readable recording medium for access control |
US9454456B2 (en) * | 2008-12-29 | 2016-09-27 | Sk Planet Co., Ltd. | Method for separately executing software, apparatus, and computer-readable recording medium |
US20110271260A1 (en) * | 2008-12-29 | 2011-11-03 | Oin Kwon | Method for separately executing software, apparatus, and computer-readable recording medium |
US20130283396A1 (en) * | 2009-07-30 | 2013-10-24 | Rascalim Software Security Ltd. | System and method for limiting execution of software to authorized users |
WO2014030168A2 (en) | 2011-08-05 | 2014-02-27 | Kpit Technologies Ltd. | A system for protection of embedded software codes |
US11163859B2 (en) * | 2011-09-09 | 2021-11-02 | Nvidia Corporation | Content protection via online servers and code execution in a secure operating system |
US20170076072A1 (en) * | 2015-09-11 | 2017-03-16 | Patrick Robert Koren | Method and apparatus for preventing and investigating software piracy |
US9881142B2 (en) * | 2015-09-11 | 2018-01-30 | Patrick Robert Koren | Method and apparatus for preventing and investigating software piracy |
US11829454B2 (en) * | 2018-03-09 | 2023-11-28 | Patrick Robert Koren | Method and apparatus for preventing and investigating software piracy |
US20220374512A1 (en) * | 2021-05-21 | 2022-11-24 | Vmware, Inc. | Software-based hardware security module (hsm) for a virtualized computing environment |
Also Published As
Publication number | Publication date |
---|---|
NO302388B1 (en) | 1998-02-23 |
NO952795L (en) | 1997-01-14 |
EP1253503A2 (en) | 2002-10-30 |
JPH11509023A (en) | 1999-08-03 |
ATE233916T1 (en) | 2003-03-15 |
MX9800385A (en) | 1998-09-30 |
ES2194109T3 (en) | 2003-11-16 |
EP0855052A1 (en) | 1998-07-29 |
IL122888A0 (en) | 1998-08-16 |
AU6535796A (en) | 1997-02-10 |
EP1253503A3 (en) | 2004-07-14 |
DK0855052T3 (en) | 2003-07-07 |
IL122888A (en) | 2000-10-31 |
DE69626530D1 (en) | 2003-04-10 |
WO1997003398A1 (en) | 1997-01-30 |
PL324525A1 (en) | 1998-06-08 |
DE69626530T2 (en) | 2003-11-13 |
JP4267065B2 (en) | 2009-05-27 |
CN1155866C (en) | 2004-06-30 |
PT855052E (en) | 2003-06-30 |
US6266416B1 (en) | 2001-07-24 |
PL187088B1 (en) | 2004-05-31 |
HK1048674A1 (en) | 2003-04-11 |
AU713872B2 (en) | 1999-12-09 |
KR19990028931A (en) | 1999-04-15 |
HK1009533A1 (en) | 1999-06-04 |
US20030190043A1 (en) | 2003-10-09 |
EP0855052B1 (en) | 2003-03-05 |
NZ313319A (en) | 1999-10-28 |
CN1192814A (en) | 1998-09-09 |
NO952795D0 (en) | 1995-07-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6266416B1 (en) | Protection of software against use without permit | |
EP1423771B1 (en) | Method to protect software against unauthorized use | |
US6684198B1 (en) | Program data distribution via open network | |
US6871192B2 (en) | System and method for preventing unauthorized use of protected software utilizing a portable security device | |
US20060048223A1 (en) | Method and system for providing tamper-resistant software | |
EP1630998A1 (en) | User terminal for receiving license | |
CN101305333A (en) | Tamper-resistant trusted virtual machine | |
WO1997025798A1 (en) | System for controlling access and distribution of digital property | |
US20110083020A1 (en) | Securing a smart card | |
US6336189B1 (en) | Apparatus and method for data capsule generation | |
US5710817A (en) | Method and device for preventing unauthorized access to a computer system | |
US20070198857A1 (en) | Software execution protection using an active entity | |
US20030118188A1 (en) | Apparatus and method for accessing material using an entity locked secure registry | |
CN115563589A (en) | Chip piracy prevention method and device, electronic equipment and storage medium | |
EP1436998B1 (en) | Apparatus and method for accessing material using an entity locked secure registry | |
CA2226386C (en) | Protection of software against use without permit | |
AU2002351507A1 (en) | Apparatus and method for accessing material using an entity locked secure registry | |
WO1994004972A1 (en) | Method and device for preventing unauthorised access to a computer system | |
CN116167020A (en) | Software authorization method and system | |
MXPA98000385A (en) | Protection of computer programs against unauthorized use |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |