|
|
|
| United States Patent | 4652990 |
| Link to this page | http://www.wikipatents.com/4652990.html |
| Inventor(s) | Pailen; William (Derwood, MD);
Harper; Jim L. (Olney, MD) |
| Abstract | A software access control system is disclosed for controlling access to a
protected application program. The software access control system
comprises first and second processors, each having a terminal or port
adapting its processor to be coupled with the other. The first processor
is programmed to permit access to the protected application program and
comprises a first memory storing the protected application program, a
program identification manifestation and a customer identification
manifestation. The second processor comprises a second memory for storing
a program identification manifestation and a customer identification
manifestation, as assigned to the second processor. A user terminal is
actuated to transmit an access request message including a requested
program identification manifestation to the first processor requesting
permission to execute a particular application program. There is disclosed
a two-step process of granting access to a protected application program.
First, the requested program identification manifestation, as entered on
the user terminal, is compared with a program identification manifestation
retained within the second processor. If there is a first match, a
customer authentication message is transmitted from the first processor to
the second processor. In response, the second processor transmits its
assigned customer identification manifestation to the first processor,
wherein a comparison is made between the retained customer identification
manifestation and the assigned customer identification transmission. If
there is a second match, access to use and to execute the application
program is granted. |
|
|
 |
Title Information  |
|
|
|
|
|
Drawing from US Patent 4652990 |
|
|
Protected software access control apparatus and method |
|
|
|
|
|
| Publication Date |
March 24, 1987 |
|
|
|
|
|
| Filing Date |
October 27, 1983 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
 |
Title Information |
|
|
|
References |
|
|
| *references marked with an asterisk below are user-added references |
 |
U.S. References |
|
|
| Add a new US reference: |
| | Reference | Relevancy | Comments | Reference | Relevancy | Comments | 4471163
Donald
705/55
Sep,1984 |  Your vote accepted
[0 after 0 votes] | | 4438824
Mueller-Schloer
713/185
Mar,1984 | Your vote accepted
[0 after 0 votes] | | 4386234
Ehrsam
380/281
May,1983 | Your vote accepted
[0 after 0 votes] | | 4326098
Bouricius
713/155
Apr,1982 | Your vote accepted
[0 after 0 votes] | | 4317957
Sendrow
705/71
Mar,1982 | Your vote accepted
[0 after 0 votes] | | 4315101
Atalla
705/75
Feb,1982 | Your vote accepted
[0 after 0 votes] | | 4310720
Check, Jr.
Jan,1982 | Your vote accepted
[0 after 0 votes] | | 4288659
Atalla
380/281
Sep,1981 | Your vote accepted
[0 after 0 votes] | | 4283599
Atalla
705/72
Aug,1981 | Your vote accepted
[0 after 0 votes] | | 4281215
Atalla
705/72
Jul,1981 | Your vote accepted
[0 after 0 votes] | | 4268715
Atalla
705/75
May,1981 | Your vote accepted
[0 after 0 votes] | | 4264782
Konheim
705/75
Apr,1981 | Your vote accepted
[0 after 0 votes] | | 4259720
Campbell
705/71
Mar,1981 | Your vote accepted
[0 after 0 votes] | | 4238853
Ehrsam
380/45
Dec,1980 | Your vote accepted
[0 after 0 votes] | | 4238854
Ehrsam
713/165
Dec,1980 | Your vote accepted
[0 after 0 votes] | | 4227253
Ehrsam
380/45
Oct,1980 | Your vote accepted
[0 after 0 votes] | | 4223403
Konheim
705/72
Sep,1980 | Your vote accepted
[0 after 0 votes] | | 4218738
Matyas
705/72
Aug,1980 | Your vote accepted
[0 after 0 votes] | | 4214230
Fak
235/380
Jul,1980 | Your vote accepted
[0 after 0 votes] | | 4193131
Lennon
380/281
Mar,1980 | Your vote accepted
[0 after 0 votes] | | 4123747
Lancto
713/185
Oct,1978 | Your vote accepted
[0 after 0 votes] | | 4025760
Trenkamp
705/73
May,1977 | Your vote accepted
[0 after 0 votes] | | 3996449
Attanasio
235/431
Dec,1976 | Your vote accepted
[0 after 0 votes] | | 3985998
Crafton
235/380
Oct,1976 | Your vote accepted
[0 after 0 votes] | | 3956615
Anderson
705/72
May,1976 | Your vote accepted
[0 after 0 votes] | | 3892948
Constable
340/5.41
Jul,1975 | Your vote accepted
[0 after 0 votes] | | 3846622
Meyer
340/5.54
Nov,1974 | Your vote accepted
[0 after 0 votes] | | 3798605
Feistel
713/155
Mar,1974 | Your vote accepted
[0 after 0 votes] | | 3761883
Alvarez
711/164
Sep,1973 | Your vote accepted
[0 after 0 votes] | | 3611293
Constable
WITHDRAWN
Oct,1971 | Your vote accepted
[0 after 0 votes] | | |
|
 |
|
|
|
U.S. References |
|
|
|
Foreign References |
|
|
|
|
|
|
|
|
Foreign References |
|
|
|
Other References |
|
|
|
|
|
|
|
|
Other References |
|
|
|
|
|
|
|
References |
|
|
|
|
|
|
| Market Size |
|
Estimate the gross annual revenues of the relevant market
sector:
|
| | |
| |
|
|
| Market Share |
|
Estimate the percentage of the relevant market sector this invention will capture:
|
| | |
| |
|
|
| Reasonable Royalty |
|
What percentage of gross sales should the inventor or assignee be paid?
|
| | |
| |
|
|
|
Public's "Guesstimation" of Royalty Value
|
| Market Size | N/A | [No votes] | | x | Market Share | N/A | [No votes] | | x | Reasonable Royalty | N/A | [No votes] |
| | N/A | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Market Review |
|
|
|
Technical Review |
|
|
|
Claims |
|
|
We claim:
1. A software access control for limiting access to an executable program
to an authorized user, said software access control system comprising:
(a) data communication means for transmitting an access request message
requesting permission to execute a selected program;
(b) processor means comprising means for controlling access to said
program, means for executing said program, first memory means for storing
said program and a manifestation identifying said selected program, and
first means coupled to said data communication means and responsive to the
receipt of said access request message for transmitting an authentication
message including said selected program identifying manifestation;
(c) portable key means possessed by the authorized user and comprising
second memory means for storing a program identifying manifestation
assigned to said key means; and
(d) means coupled to said processor means for releasably receiving said key
means and responsive to said authentication message for detecting the
presence of said portable key means and, if present, for applying said
authentication to said portable key means;
(e) said portable key means comprising means responsive to said applied
authentication message for accessing said second memory means to obtain
from said second memory means said assigned program identifying
manifestation, for determining whether there is a match between said
selected program identifying manifestation and said assigned program
identifying manifestation and, if there is a match, for generating and
transmitting to said access controlling means of said processor means an
access granting signal whereby said access controlling means permits
access to the executable program.
2. The software access control system as claimed in claim 1, wherein said
key means comprises a programmed processor.
3. The software access control system as claimed in claim 1, wherein said
selected program identifying manifestations is embedded in said program.
4. A software cross control system for limiting access to an executable
program to an authorized user, said program having a first manifestation
particularly identifying said program and a second manifestation
particularly identifying an authorized user to be granted access to the
executable program, said software access control system comprising:
(a) data comunication means for transmitting an access request message
requesting permission to execute a selected program;
(b) processor means comprising means for executing said program, first
memory means for storing a program and its first and second identifying
manifestations, and first means responsive to the receipt of said access
request message for transmitting a program authentication message
including said selected first identifying manifestation;
(c) portable key means possessed by the authorized user and comprising
second memory means for storing an assigned first identifying
manifestation assigned to said key means and identifying that program to
which access is to be granted, and a second identifying manifestation
assigned to said key means its authorized user;
(d) means coupled to said processor for releasably receiving said portable
key means and comprising means responsive to said program authentication
message for determining the presence of said portable key means and, if
present, for accessing said second memory means to obtain said assigned
first identifying manifestation, and matching means for determining
whether there is a match between said selected first identifying
manifestation and said assigned first identifying manifestation indicating
that a corresponding key means is coupled to said processor means;
(e) said key means including means responsive to said match between said
selected and assigned first identifying manifestations for obtaining said
assigned second identifying manifestation from said second memory means
and for transmitting said second assigned identification manifestation to
said processor means; and
(f) said processor means comprising matching means for obtaining from said
first memory means said second identifying manifestation and for comparing
said second identifying manifestation with said assigned second
identifying manifestation to determine whether there is a match
therebetween and, if there exists a match, for providing an access
permission signal, said executing means responsive to said access
permission signal for enabling the execution of said program.
5. The software access control system as claimed in claim 4, wherein said
key means comprises a programmed processor.
6. The software access control system as claimed in claim 4, wherein said
first and second identifying manifestations are embedded in said program.
7. A software access control system for limiting access to a protected
program to an authorized user, said protected program having at least one
manifestation particularly identifying an authorized user to be granted
access to said protected program, said software access control system
comprising:
(a) data communication means for transmitting an access request message
requesting permission to gain access to a selected protected program;
(b) processor means comprising means for executing said protected program,
first memory means for storing a program, and means responsive to the
receipt of said access request message for transmtting a program
authentication message indicative of said selected protected program if
said selected protected program is stored in said first memory means;
(c) portable key means possessed by the authorized user and adapted to be
coupled to said processor means and comprising second memory means for
storing an identifying manifestation assigned to said key means and
indicative of its authorized user; and
(d) means coupled to said processor means for releasably receiving said
portable key means and comprising means for receiving and analyzing said
authentication message to determine whether said portable key means is
present and, if present, for determining whether said authentication
message is compatible with said key means;
(e) said key means including means, actuable if said program authentication
message is compatible with said key means, for obtaining said assigned
identifying manifestation from said second memory means and for
transmitting said assigned identification manifestation to said processor
means;
(f) said processor means further comprising matching means for receiving
and comparing said assigned identifying manifestation with said
identifying manifestations stored in said first memory means and, if there
is a match, for providing an access permission signal.
8. The software access control system as claimed in claim 7, wherein said
executing means is responsive to said access permission signal for
enabling the execution of said selected protected program.
9. The software access control system as claimed in claim 7, wherein said
identifying manifestation is embedded in said protected program.
10. A software access control system for limiting access to a protected
program to an authorized user, said protected program having at least one
manifestation particularly identifying an authorized user to be granted
access to said protected program, said software access control system
comprising:
(a) means for transmitting a program authentication message requesting
permission to gain access to a selected protected program;
(b) processor means comprising means for executing said protected program
and first memory means for storing a program;
(c) portable key means possessed by the authorized user and adapted to be
coupled to said processor means and comprising second memory means for
storing an identifying manifestation assigned to said key means and
indicative of its authorized user; and
(d) means coupled to said transmitting means for receiving releasably said
key means, and comprising means for receiving and analyzing said
authentication message to determine whether said portable key means is
present and, if so, to determine whether it is compatible with said key
means;
(e) said key means including means, actuatable if said program
authentication message is compatible with said key means, for obtaining
said assigned identifying manifestation from said second memory means and
for transmitting said assigned identification manifestation to said
processor means;
(f) said processor means further comprising matching means for receiving
and comparing said assigned identifying manifestation with said
identifying manifestations stored in said first memory means and, if there
is a match, for providing an access permission signal.
11. A software access control system for limiting access to a plurality of
protected programs to authorized users, each of said protected programs
having a list of manifestations, each manifestation identifying an
authorized user to be granted access to a corresponding program, said
software access control system comprising:
(a) processor means comprising means for controlling access to said
protected programs, first memory means for storing said plurality of
programs and said list of user identifying manifestations, means for
generating and transmitting an access request message requesting
permission to gain access to a selected one of said plurality of protected
programs;
(b) portable key means possessed by an authorized user and comprising
second memory means for storing a user identifying manifestation assigned
to said key means; and
(c) means for releasably receiving said portable key means, said receiving
means comprising means for determining the presence of said portable key
means and, if present, for applying said access request message to said
received portable key means;
(d) said portable key means comprising means for interpreting said applied
access request message to determine whether it is compatible with said key
means, and means for transmitting said assigned user identifying
manifestation if said interpreted access request message is compatible
with said key means;
(e) said access controlling means coupled to said transmitting means to
receive said user assigned identifying manifestation for determining
whether said transmitted, assigned user identifying manifestation matches
one of said list of user identifying manifestations of said selected one
protected program and, if there is a match, for granting user access to
said selected protected program.
12. The software access control system as claimed in claim 11, wherein said
receiving means comprises means for releasedly receiving a plurality of
said key means and means coupled to receive said access request message
for applying said access request message in order to each of said key
means presently associated with said receiving means. |
|
|
|
|
|
|
Claims |
|
|
|
Description |
|
|
FIELD OF THE INVENTION
This invention relates to apparatus and methods for protecting software
stored in reproducible media, whereby theft and, in particular,
unauthorized reproduction and/or execution of the protected software is
prevented.
DESCRIPTION OF THE PRIOR ART
In the prior art, authors and publishers of software programs for computers
have had no acceptable means to prevent the copying of their programs by
unauthorized individuals. The most common storage medium for these
programs is the magnetic disk or its functional equivalents. Once the
program is released to the user in this medium, it is a fairly simple task
to have a computer read the software program and store it temporarily in
the memory of the user's computer until such time as a blank disk can be
placed in the computer and the computer can then release from its memory
and record the program on the blank disk. Accordingly, every year the
owners and publishers of these programs are being cheated of revenues due
them for their product, by the user copying the program from a friend at
no cost to the user. In this manner, individuals and businesses alike are
acquiring hundreds or thousands of dollars worth of programs for the mere
cost of the blank disk, which in most cases costs less than $10.
The relative explosion of the microcomputer market for use in the office
and home has propelled the problem of software piracy to near epidemic
proportions. Software development for microcomputers, for example, is
expensive and time consuming. It is therefore important to the software
developer that each authorized user pay for the programs used and not
reproduce the programs to be used by others or at other sites. Software
piracy is, in practice, difficult to prevent because it is generally easy
for users to make multiple copies of the programs for unauthorized users,
and easy for competitors to repackage and distribute valuable programs at
a fraction of the cost to the original developer. The problem is
aggravated by the existence of microcomputers which are becoming
widespread.
Software manufacturers and publishers are losing millions of dollars every
year in revenues due to the piracy of their programs, both by
professionals as well as the hobbyist or casual users. Published 1982
statistics indicate that the average personal computer owner, also
possesses at least five application programs. It is further believed that
three application programs were purchased and the other two were pirated.
The advent of program rentals and computer clubs will further compound
this problem.
In the past, software manufacturers have tried to prevent the problem by
writing unique codes or routines and embedding them in the storage mediums
in a fashion that would disable the program in the event that the proper
code was not present. Even the unsophisticated user can easily figure a
way to get around or beat this technique, by copying the program as
published, listing it out and looking for the unique codes, or passwords.
Once he has found the password and can determine its function in the
program, he can easily defeat it.
Access keys have been employed in the prior art to gain access to
computers. In those key/computer security systems where only the software
programs, and not the key itself, contain active encoding and decoding
algorithms, the program information can be easily read and related to the
corresponding key information contained in the software program. As a
result, the key can be discerned and used subsequently to defeat the
security system.
The most effective way to secure a program for its intended use, is
believed to be by the use of a hardware key which works in conjunction
with the software program. Some of the same problems exist with respect to
defeating the security of such key mechanisms. Previously reported
attempts to develop a hardware solution have suffered from a number of
disadvantages.
First, the key information is contained only on the software storage medium
itself in some implementations. Therefore, making a complete copy of the
medium will result in the possibility of creating an unauthorized copy of
the program since the key can be copied along with the protected program.
When used normally, the approach further suffers by preventing the user
from making legitimate back-up copies of the software program and renders
it impossible to use the programs with large bulk storage devices.
Other techniques have been developed to contain the key information with a
read only memory (ROM) which is interrogated by the software program prior
to authorized execution. The defeat of this technique lies in the ability
of the unauthorized user to record the interrogation of the ROM key and to
use the key information including the password for the creation of
duplicate keys. In particular, such ROM keys are coupled by exposed cables
or ports to the computer, whereby access to the transmitted password
between the ROM key and the computer is available to the unauthorized
user. Typically, the transmission of data between the computer and the ROM
key is accessed and then stored in a table, where the stored key data is
analyzed to reveal the password.
Techniques have been developed to encrypt the key information including the
password to prevent easy discovery of the password. If encryption is
effected in a fixed manner, the password may be discovered by storing
repeated transmissions between the ROM key and the computer in a table.
The stored transmissions can be observed to discern the password to
simulate the original key's function or to allow duplicate keys to be
created. Even worse, these observed patterns can allow the relationship
between the key information and the software program to be deduced so that
an unauthorized universal master key can be created.
The prior art is replete with various methods and apparatus for encrypting
data to be transmitted over lines, whereby even if the data is
intercepted, stored within a table or memory and later analyzed, it would
be difficult to decipher the encoding technique. It is evident that the
degree of data or software security is dependent upon the nature of the
encryption technique. Such techniques have been developed in a context of
network systems comprising a computer and a plurality of remote terminals,
whereby a user gains access to the computer through a remote terminal. The
user's access request is transmitted over a communications link to the
computer. In many applications, it is critical that only authorized users
be capable of gaining access to the computer and/or have access to the
data transmitted over the communications link.
Such data transmission security systems have been adapted to banking
applications. Typically, a bank customer accesses a centrally disposed
computer by entering his personal identification number (PIN) to be
transmitted via the communications link to the central computer. If the
customer's PIN has a match with a like PIN stored within a table of many
PINs, a transaction is then authorized to be completed. To prevent
unauthorized access to a customer's PIN or other data, the access request
including the customer's PIN is encrypted to prevent recognition. It is
well recognized in the art that it is virtually impossible to secure such
communication links; as a result, the unauthorized user may gain access to
the link and store the flow of data thereof for later analysis.
U.S. Pat. Nos. 4,268,715 and 4,281,215 of Atalla disclose a method of
encrypting a user's PIN for transmission from the user station to a
processing station. In particular, an encoding algorithm module is
responsive to the output of a random number generator to provide a first
encryption key. The encryption key is applied to an encryption module
which provides an encrypted message indicative of the data to be secured.
The encrypted message is then transmitted from the user station to the
processing station, along with the random number and the key. A decryption
module at the processing station decrypts the encrypted message using the
transmitted key and random number. In this manner, the user's PIN is not
transmitted over the communication links, where it would be available
potentially to be read and discovered by an unauthorized user.
U.S. Pat. No. 4,310,720 of Check, Jr. discloses a computer accessing
system, wherein a user enters his password into a portable access unit to
be encrypted as an access code to be transmitted over a communications
link to a computer. In particular, the access unit comprises a
microprocessor programmed with a random number algorithm for generating a
chain of nonrecurring, pseudorandom numbers from a group of seed numbers
originally implanted in the microprocessor's memory. The pseudorandom
numbers are used to encode the password to form the access code. The
computer is programmed with a congruent random number generation algorithm
and initial seed numbers compatible with those stored in the
microprocessor of the access unit. The computer is initialized such that
the initial access code generated by each access unit is stored in an
available memory at the computer. Thus, the computer generates a chain of
congruent random numbers, whereby a corresponding access code is provided
to be compared with that access code transmitted from the remote access
unit; if a match is made, access | | |
