|
|
|
| United States Patent | 4817140 |
| Link to this page | http://www.wikipatents.com/4817140.html |
| Inventor(s) | Chandra; Ashileshwari N. (Mahopac, NY);
Comerford; Liam D. (Carmel, NY);
White; Steve R. (New York, NY) |
| Abstract | The invention provides a software asset protection mechanism which is based
on the separation of the software to be protected from the right to
execute that software. Protected software can only be executed on
composite computing systems in which a physically and logically secure
coprocessor is associated with a host computer. The software to be
protected is broken down into a protected (encrypted) portion and an
(optional) unprotected or plain text portion. The software is distributed
by any conventional software distribution mechanism (for example a floppy
disk) including the files already identified along with an encrypted
software decryption key. The coprocessor is capable of decrypting the
software decryption key so it can thereafter decrypt the software, for
execution purposes. However, the coprocessor will not perform these
functions unless and until the user's right to execute is evidenced by
presentation of a physically secure token. The physically secure token
provides to the coprocessor token data in plain text form (the physical
security of the plain text token data is provided by the cartridge within
which token data is stored). The physical properties of that cartridge
taken together with the correspondence between the token data provided by
the cartridge and the encrypted token data evidence the user's right to
execute. While the coprocessor can, thereafter, decrypt and execute the
protected portion of the software, access to that software is denied the
user by the physical and logical features of the coprocessor. Other
properties of the cartridge (specifically a destructive read property)
ensure that the act of transferring token data to the coprocessor
obliterates that data from the cartridge so it cannot be revised. Further,
the protocol for the coprocessor/cartridge exchange is arranged so that
observation of even the entire exchange provides inadequate information
with which to simulate or spoof the effect of an authentic, unused
cartridge. |
|
|
 |
Title Information  |
|
|
|
|
|
Drawing from US Patent 4817140 |
|
|
Software protection system using a single-key cryptosystem, a
hardware-based authorization system and a secure coprocessor |
|
|
|
|
|
| Publication Date |
March 28, 1989 |
|
|
|
|
|
| Filing Date |
November 5, 1986 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
 |
Title Information |
|
|
|
References |
|
|
| *references marked with an asterisk below are user-added references |
 |
U.S. References |
|
|
| Add a new US reference: |
| | Reference | Relevancy | Comments | Reference | Relevancy | Comments | 4652990
Pailen
705/56
Mar,1987 |  Your vote accepted
[0 after 0 votes] | | 4644493
Chandra
705/56
Feb,1987 | Your vote accepted
[0 after 0 votes] | | 4633388
Chiu
712/208
Dec,1986 | Your vote accepted
[0 after 0 votes] | | 4621321
Boebert
707/8
Nov,1986 | Your vote accepted
[0 after 0 votes] | | 4621334
Garcia
382/115
Nov,1986 | Your vote accepted
[0 after 0 votes] | | 4609777
Cargile
713/184
Sep,1986 | Your vote accepted
[0 after 0 votes] | | 4609985
Dozier
711/102
Sep,1986 | Your vote accepted
[0 after 0 votes] | | 4599489
Cargile
705/52
Jul,1986 | Your vote accepted
[0 after 0 votes] | | 4598288
Yarbrough
340/5.74
Jul,1986 | Your vote accepted
[0 after 0 votes] | | 4577289
Comerford
360/60
Mar,1986 | Your vote accepted
[0 after 0 votes] | | 4562305
Gaffney, Jr.
713/190
Dec,1985 | Your vote accepted
[0 after 0 votes] | | 4562306
Chou
726/20
Dec,1985 | Your vote accepted
[0 after 0 votes] | | 4558176
Arnold
713/190
Dec,1985 | Your vote accepted
[0 after 0 votes] | | 4525599
Curran
713/190
Jun,1985 | Your vote accepted
[0 after 0 votes] | | 4523271
Levien
726/22
Jun,1985 | Your vote accepted
[0 after 0 votes] | | 4513174
Herman
711/214
Apr,1985 | Your vote accepted
[0 after 0 votes] | | 4471163
Donald
705/55
Sep,1984 | Your vote accepted
[0 after 0 votes] | | 4471216
Herve
235/380
Sep,1984 | Your vote accepted
[0 after 0 votes] | | 4462078
Ross
726/32
Jul,1984 | Your vote accepted
[0 after 0 votes] | | 4458315
Uchenick
726/30
Jul,1984 | Your vote accepted
[0 after 0 votes] | | 4446519
Thomas
711/164
May,1984 | Your vote accepted
[0 after 0 votes] | | 4442484
Childs, Jr.
711/163
Apr,1984 | Your vote accepted
[0 after 0 votes] | | 4433207
Best
713/190
Feb,1984 | Your vote accepted
[0 after 0 votes] | | 4278837
Best
713/190
Jul,1981 | Your vote accepted
[0 after 0 votes] | | 4246638
Thomas
712/208
Jan,1981 | Your vote accepted
[0 after 0 votes] | | 4183085
Roberts
705/76
Jan,1980 | Your vote accepted
[0 after 0 votes] | | 4168396
Best
713/190
Sep,1979 | Your vote accepted
[0 after 0 votes] | | 4120030
Johnstone
713/190
Oct,1978 | Your vote accepted
[0 after 0 votes] | | 4104721
Markstein
711/164
Aug,1978 | Your vote accepted
[0 after 0 votes] | | 3996449
Attanasio
235/431
Dec,1976 | Your vote accepted
[0 after 0 votes] | | 4465901
Best
713/190
Dec,1969 | Your vote accepted
[0 after 0 votes] | | | | | |
|
 |
|
|
|
U.S. References |
|
|
|
Foreign References |
|
|
|
|
|
|
|
|
Foreign References |
|
|
|
Other References |
|
|
|
|
|
|
|
|
Other References |
|
|
|
|
|
|
|
References |
|
|
|
Claims |
|
|
Having thus described our invention, what we claim as new, and desire to
secure by Letters Patent is:
1. A method of restricting use of software to an authorized computer
comprising the steps of:
providing said software in a form in which at least a portion thereof is
encrypted,
providing an encrypted decryption key for decrypting said encrypted
software portion,
providing a physically secure coprocessor coupled to said computer, which
coprocessor is capable of decrypting said software if it retains said
decryption key,
coupling a transfer token source to said physically secure coprocessor,
which transfer token source stores a token whose presence is required to
effect a step of retaining said encrypted decryption key,
transferring said encrypted decryption key to said physically secure
coprocessor along with said token from said transfer token source,
wherein said transferring step includes the step of altering said transfer
token source as said token is transferred to said physically secure
coprocessor so that said transfer token source is incapable of again
transferring said token.
2. The method of claim 1 which includes the further step of decrypting said
encrypted portion of said software in said coprocessor with said
decryption key.
3. The method of claim 1 which includes the further step of reproducing
said software including said encrypted portion.
4. The method of claim 1 which includes the further step of executing said
software on said computer and decrypting said encrypted portion, during
said execution, by said coprocessor with said decryption key.
5. The method of claim 1 in which said step of providing said software
includes providing a magnetic medium on which said software is recorded.
6. The method of claim 1 in which said step of providing said software
includes connecting a communication link to said computer and transmitting
said software over said communication link.
7. The method of claim 1 in which said step of providing said physically
secure coprocessor and coupling said physically secure coprocessor to said
computer includes directly coupling said physically secure coprocessor to
an internal bus of said computer.
8. The method of claim 1 in which said step of providing said physically
secure coprocessor and coupling said physically secure coprocessor to said
computer includes removably coupling said physically secure coprocessor to
an input port of said computer.
9. The method of claim 1 in which said source of said transfer token is
physically secure.
10. The method of claim 1 which includes the further steps of:
decrypting, in said coprocessor, said encrypted decryption key using a
vendor decryption key stored in said coprocessor,
using said decryption key to decrypt said encrypted software portion at
those times as said computer attempts to execute said software.
11. The method of claim 1 in which said step of altering said source of
said transfer token includes destroying said token as stored in said
transfer token source.
12. The method of claim 1 in which said step of transferring said transfer
token includes the step of verifying, by said coprocessor, that said
transfer token is authentic.
13. The method of claim 12 which includes the step of rejecting said
transfer token and said encrypted decryption key in the event that said
transfer token is not authentic.
14. The method of claim 12 in which said step of transferring said transfer
token includes:
(a) generating a random number and coupling said random number to said
transfer token source,
(b) generating, in response to said random number a selected portion of
said stored token and coupling said portion to said coprocessor.
15. The method of claim 14 which includes the further steps of:
(c) transferring an encrypted token to said coprocessor,
(d) decrypting said encrypted token to produce a clear text token,
(e) applying said random number to said clear text token to generate in
response a clear text token portion,
(f) comparing said selected token portion, generated in said step (b) with
said clear text token portion, generated in step (e), and
(g) considering said token source authentic if a result of said step (f)
identifies a first relation and considering said token source not
authentic if said step (f) identifies any other relation.
16. The method of claim 15 which includes the further step of:
(h) decrypting said software prior to execution, and in which a key used
for said decryption is identical to a key employed in said step (d).
17. The method of claim 1 in which said physically and logically secure
coprocessor provides for establishing a dual privilege computation
environment, a first lower privilege for executing that portion of said
software which had been provided in encrypted form, and a higher level
privilege for manipulating said decryption key.
18. A method of restricting execution of software to authorized processors
and preventing execution of said software by unauthorized processors
comprising the steps of:
(a) distributing said software in a form in which at least a significant
portion is encrypted,
(b) providing a coprocessor in association with a potentially authorized
processor, which coprocessor has a memory space secured against external
access for storing decrypted software and operating instructions,
(c) coupling said software to said processor,
(d) coupling a distinct right to execute to said coprocessor and storing
said distinct right to execute in said secure memory of said coprocessor,
(e) in response to presence of said distinct right to execute, decrypting
and storing said significant portion of said software in said coprocessor,
and
(f) executing said stored software portion in said coprocessor.
19. The method of claim 18 in which, along with said step (f), said
processor executes encrypted portions of said software.
20. The method of claim 18 in which said distinct right to execute
comprises a decryption key and said step (d) includes:
(d1) providing a token cartridge storing a clear text token,
(d2) coupling said token cartridge to said coprocessor,
(d3) generating a token query in said coprocessor and coupling said token
query to said token cartridge,
(d4) generating, in response to said token query a token response and
coupling said token response to said coprocessor,
(d5) verifying authenticity of said token cartridge, in said coprocessor by
testing said token response,
(d6) if and only if said token cartridge is determined to be authentic,
transferring a decryption key, representing said distinct right to
execute, into said secure storage of said coprocessor.
21. The method of claim 20 in which said step (e) includes using said
decryption key to decrypt said software portion.
22. The method of claim 20 in which said step (d5) includes:
(d5a) coupling encrypted token data to said coprocessor,
(d5b) decrypting said encrypted token data in said coprocessor to produce
clear text token data,
(d5c) combining said clear text token data with said token query to produce
a computed response,
(d5d) comparing said computed response with said token response, and
(d5e) verifying authenticity of said cartridge if said responses are
identical, otherwise failing to verify authenticity of said cartridge.
23. The method of claim 22 in which said encrypted token data resides in
common on a medium supporting said software.
24. The method of claim 22 in which said encrypted token data is stored in
said cartridge.
25. The method of claim 22 in which said encrypted token data is coupled
over a communication link to said coprocessor.
26. The method of claim 20 in which said step (d4) includes the step of
erasing said clear text token data as said token response is generated.
27. The method of claim 20 in which said step (d3) includes the step of
coupling said token query to said token cartridge in a bit serial form of
N bit length, where N is an integer, and in which said step (d4) includes
the steps of:
(d4a) dividing said clear text token data into first and second portions,
(d4b) for each bit of said query, selecting a bit from either said first or
second portions and returning said selected bit as a portion of said token
response, and replacing both the selected bit and a corresponding
unselected bit of said first and second portions,
whereby after a last bit of the token response is generated said clear text
token data in said token cartridge is at least reduced in bit length by
twice the bit length of said query.
28. The method of claim 27 in which said bit length of said query is equal
to the bit length of said clear text token data portions whereby at
conclusion of generation of said token response all said clear text token
data has been replaced.
29. A method of securing protected software against unauthorized use
without perturbing existing channels of software distribution and, at the
same time not interfering in users creation of unlimited backup copies of
protected software, said method comprising the steps of:
(a) providing to a user a physically secure coprocessor and coupling said
coprocessor to a user host computer to support bidirectional communication
therebetween to create a composite computing system including said host
computer and said coprocessor,
(b) providing logical security to said coprocessor by:
(1) providing a first privilege level including first level secure memory
and first level operating instructions, secured against access or
variation by said user, for executing protected software,
(2) providing a second privilege level including second level secure memory
and second level operating instructions, secured against access or
variation by said user or any author of protected software, for
controlling authorization for execution of said protected software by said
first privilege level,
(c) distributing protected software in a form in at which at least a
portion is inexecutable by said host computer but which is executable by
said coprocessor but only with authorization by said second privilege
level,
(d) distributing a further tangible element distinct from said protected
software representing a right to execute said protected software,
(e) providing said composite computing system access to said protected
software and to said further tangible element,
(f) verifying authenticity of said further tangible element by said
coprocessor at said second privilege level,
(g) altering said second level secure memory in a distinctive fashion to
reflect a determination by said second privilege level of authenticity of
said tangible element, and
(h) executing said protected software so long as said alteration of said
second privilege level secure memory is detected and denying said request
if said alteration is not present.
30. A method as recited in claim 29 in which said software as distributed
in said step (c) has at least a portion encrypted and said second
privilege level subsequent to performance of said step (f) has access to a
decryption key and in which said step (h) comprises performing the
following steps on each subsequent request by said user to execute said
protected software:
(1) responding, at said second privilege level to check for said alteration
of said second level secure memory, if said alteration is present honoring
said request by;
(a) initiating decryption of said protected software and storage of said
decrypted software in said first privilege level secure memory,
(b) authorizing execution of said decrypted software by said first
privilege level and initiating operation of said first privilege level,
and, if said alteration is not present, refusing said request.
31. A method as recited in claim 29 wherein said protected software as
distributed in said step (c) includes a portion which is encrypted under a
software key which itself is distributed encrypted under a different key,
and in which said second privilege level has access to said different key
so that said encrypted software key can be decrypted by said second
privilege level, and in which said step (g) includes:
(1) decrypting said software key with said second key,
(2) altering said second privilege level secure memory by writing said
software key therein.
32. A method as recited in claim 31 in which said composite computing
system is provided information with which to verify said tangible element
and in which said step (d) includes:
(1) providing said tangible element with physical security,
(2) providing said tangible element with electronic storage having a
destructive read function, and
(3) storing a verifiable entity in said electronic storage.
33. A method as recited in claim 32 in which said information with which to
verify said tangible element comprises said verifiable entity encrypted
under said software key and in which said step (f) includes:
(1) generating a random number and storing said random number for later
use,
(2) transmitting said random number to said tangible element,
(3) transmitting from said tangible element a reply comprising a
transformation of said verifiable entity determined by said random number,
(4) using said software key to decrypt said encrypted verifiable entity,
(5) simulating at said coprocessor said transformation using said random
number and said decrypted verifiable entity to generate an expected reply,
and
(6) comparing said reply and expected reply and determining authenticity
only if a result of said comparison is an equality,
whereby said destructive read property of said tangible element restricts
it to a use once device and review of said random number and said reply is
inadequate to specify said verifiable entity so that operation of said
tangible device cannot be simulated notwithstanding access to said random
number and said reply.
34. A method as recited in claim 29 in which said composite computing
system is provided information with which to verify said tangible element
and in which said step (d) includes:
(1) providing said tangible element with physical security,
(2) providing said tangible element with electronic storage having a
destructive read function, and
(3) storing a verifiable entity in said electronic storage.
35. A method as recited in claim 34 wherein:
said protected software as distributed in said step (c) includes a portion
which is encrypted under a software key which itself is distributed
encrypted under a different key,
in which said second privilege level has access to said different key so
that said encrypted software key can be decrypted by said second privilege
level,
in which said information with which to verify said tangible element
comprises said verifiable entity encrypted under said software key, and
in which said step (f) includes:
(1) generating a random number and storing said random number for later
use,
(2) transmitting said random number to said tangible element,
(3) transmitting from said tangible element a reply comprising a
transformation of said verifiable entity determined by said random number,
(4) using said software key to decrypt said encrypted verifiable entity,
(5) simulating at said coprocessor said transformation using said random
number and said decrypted verifiable entity to generate an expected reply,
and
(6) comparing said reply and expected reply and determining authenticity
only if a result of said comparison is an equality,
whereby said destructive read property of said tangible element restricts
it to a use once device and review of said random number and said reply is
inadequate to specify said verifiable entity so that operation of said
tangible device cannot be simulated notwithstanding access to said random
number and said reply. |
|
|
|
|
|
|
Claims |
|
