SOFTWARE PROTECTION DEVICE AND METHOD

US 20010056539A1
Filed: 12/04/1996
Published: 12/27/2001
Est. Priority Date: 12/04/1996
Status: Active Grant

First Claim

Patent Images

1. An apparatus for protecting software comprising a plurality of instructions executable on a computer, comprising:

(a) communicating means coupled to the computer for receiving command messages and providing response messages to the computer;

(b) a memory for storing data used in translating command messages into response messages enabling execution of the software on the computer, the memory comprising a plurality of storage locations;

(c) a processor coupled to the communicating means and the memory, the processor comprising (i) means for interpreting command messages to generate processor commands;

(ii) a translator for generating response messages from processor commands; and

(iii) a memory manager comprising means for logically segmenting the memory into at least one protected segment and for controlling access to the protected segment, the controlling means comprising an instruction mapper for selectively mapping processor commands to the memory storage locations external to the protected segment.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for protecting computer software from unauthorized execution or duplication using a hardware key is disclosed. The apparatus comprises a means for communicating with the computer to receive command messages from the computer in the hardware key and to provide response messages to the computer, a memory for storing data for translating command messages into response messages enabling software execution, and a processor coupled to the communicating means for translating command messages into response messages using the data stored in the memory. The processor further comprises a memory manager, including means for logically segmenting the memory storing the data into at least one protected segment, and a means for controlling access to the protected segment.

137 Citations

22 Claims

1. An apparatus for protecting software comprising a plurality of instructions executable on a computer, comprising:
- (a) communicating means coupled to the computer for receiving command messages and providing response messages to the computer;
  
  (b) a memory for storing data used in translating command messages into response messages enabling execution of the software on the computer, the memory comprising a plurality of storage locations;
  
  (c) a processor coupled to the communicating means and the memory, the processor comprising (i) means for interpreting command messages to generate processor commands;
  
  (ii) a translator for generating response messages from processor commands; and
  
  (iii) a memory manager comprising means for logically segmenting the memory into at least one protected segment and for controlling access to the protected segment, the controlling means comprising an instruction mapper for selectively mapping processor commands to the memory storage locations external to the protected segment.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The apparatus of claim 1 wherein the processor is capable of addressing all of the memory storage locations.
  - 3. The apparatus of claim 1 wherein the executable software comprises an encrypted segment stored in the memory and a plaintext segment stored in the host computer, and the translator comprises:
    - (a) means for decrypting the encrypted segment into plaintext instructions; and
      
      (b) means for performing the plaintext instructions to generate the response message.
  - 4. The apparatus of claim 1, wherein the translator further comprises:
    - (a) a message decryptor for decrypting command messages from the host computer; and
      
      (b) a message encryptor for encrypting response messages.
  - 5. The apparatus of claim 1, further comprising an application interface linked to the executable software for translating executable software command instructions into command messages, the application interface stored in the memory of and executed by the computer.
  - 6. The apparatus of claim 5 wherein the application interface comprises a client library for encrypting command messages from the computer, and for decrypting command messages to the computer.
  - 7. The apparatus of claim 1 wherein the processor further comprises a programming interface module comprising:
    - (a) means for accessing the protected memory segment;
      
      (b) means for erasing the protected memory segment whenever the protected memory segment is accessed; and
      
      (c) means for storing data in the protected memory segment.
  - 8. The apparatus of claim 1 wherein the memory and the processor are implemented in a single application specific integrated circuit.
  - 9. The apparatus of claim 1 wherein the data comprises instructions defining a plurality of command class modules, and the translator comprises a command class dispatcher for routing command messages to the command class module according to the command message.
  - 10. The apparatus of claim 1 wherein the processor further comprises a license manager, the license manager comprising:
    - (a) means for storing license data in the protected memory segment, the license data comprising means for determining whether a client is authorized to access the software;
      
      (b) means for retrieving license data from the protected memory segment when the client is authorized to access the software; and
      
      (c) means for transmitting the license data to the computer.
  - 11. The apparatus of claim 10 wherein the license manager further comprises means for encrypting the retrieved license data.
  - 12. The apparatus of claim 10 wherein the means for determining whether a client should be granted access to the software comprises a means for determining the number of clients permitted to use the software and a means for determining the number of clients using the software.
  - 13. The apparatus of claim 1 wherein the memory manager comprises means for programmably logically segmenting the memory.

14. A method of securing software executable on a computer, comprising the steps of:
- (a) segmenting the software into a first and a second software segment;
  
  (b) transmitting the first software segment to a first hardware key communicatively coupled to a developer computer, the first hardware key comprising a first hardware key processor and a first hardware key memory, the first hardware key memory having a secure segment with the first encryption key stored therein;
  
  (c) encrypting the first software segment using the first encryption key and the first hardware key processor; and
  
  (d) receiving an encrypted first software segment from the first hardware key.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The method of claim 14, further comprising the steps of:
    - (a) storing the encrypted first software segment and the second software segment in a host computer communicatively coupled to a second hardware key comprising a second hardware key processor and a second hardware key memory having the first encryption key stored therein;
      
      (b) transmitting the encrypted first software segment to the second hardware key;
      
      (c) decrypting the encrypted first software segment using the first encryption key to produce first software segment instructions;
      
      (d) storing the first software segment instructions in a secure portion of the second hardware key memory;
      
      (e) performing the first software segment instructions by the second hardware key processor to produce a response message; and
      
      (f) transmitting the response message to the host computer.
  - 16. The method of claim 15, wherein the response message is encrypted before transmission to the host computer.
  - 17. The method of claim 14 further comprising the steps of:
    - (a) transmitting the encrypted first software segment from the first hardware key to a second hardware key, the second hardware key comprising a second hardware key processor and a second hardware key memory having a secure segment with the first encryption key stored therein; and
      
      (b) storing the encrypted first software segment in the secure segment.
  - 18. The method of claim 14, further comprising the steps of:
    - (a) storing the second software segment in a host computer communicatively coupled to a second hardware key comprising a second hardware key processor and a second hardware key memory having the first encryption key securely stored therein;
      
      (b) decrypting the encrypted first software segment using the first encryption key to produce first software segment instructions;
      
      (c) storing the first software segment instructions in a secure portion of the second hardware key memory;
      
      (d) performing the first software segment instructions by the second hardware key processor to produce a response message; and
      
      (e) transmitting the response message to the host computer.

19. A method of protecting software executable by a computer from unauthorized access by a client, comprising the steps of:
- (a) receiving an access request message in a hardware key communicatively coupled to the computer, the hardware key comprising a processor and a memory comprising a protected memory segment for storing license data therein, the license data comprising the number of clients permitted to use the software;
  
  (b) determining the number of clients using the software;
  
  (c) computing the difference between the number of clients currently using the software and the number of clients permitted to use the software using the processor; and
  
  (d) transmitting an access granted message to the computer when the number of clients currently using the software is less than the number of clients permitted to use the software.
- View Dependent Claims (20)
- - 20. The method of claim 19 wherein the access granted message is encrypted.

21. A method of protecting software executable on a computer, comprising the steps of:
- (a) receiving a command message generated by the executable software in the computer in a hardware key, the hardware key comprising (i) communicating means coupled to the computer for receiving command messages and providing response messages to the host computer;
  
  (ii) a memory for storing data used in translating command messages into response messages enabling execution of the software on the host computer the memory comprising a plurality of storage locations;
  
  (iii) a processor coupled to the communicating means and the memory, the processor comprising means for interpreting command messages to generate processor command functions;
  
  a translator for generating response messages from processor commands; and
  
  a memory manager comprising means for logically segmenting the memory into at least one protected segment and for controlling access to the protected segment, the controlling means comprising an instruction mapper for selectively mapping processor command functions to the memory storage locations external to the protected segment;
  
  (b) generating a response message from the command message and the data stored in the hardware key; and
  
  (c) transmitting a response message from the hardware key to the computer

22. The method of claim 23 wherein the software comprises an encrypted segment and a plaintext segment and the step of generating a response message from the command message and the data stored in the hardware key comprises the steps of:
- (a) receiving the encrypted segment in the hardware key;
  
  (b) decrypting the encrypted segment with a software key stored in the protected segment to produce plaintext instructions;
  
  (c) performing the plaintext instructions to generate response messages; and
  
  (d) transmitting the response messages to the host computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SafeNet Incorporated (Thales SA)
Original Assignee
Rainbow Technologies, Inc. (Thales SA)
Inventors
SOTOODEH, MEHDI, TIBBETTS, REED H., NIXON, ROGER GRAHAM, GODDING, PATRICK N., SPIEWEK, ALAIN RAYMOND, PAVLIN, DOMINIQUE VINCENT

Granted Patent

US 6,523,119 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/193
CPC Class Codes

G06F 21/123   by using dedicated hardware...

G06Q 20/0855   involving a third party

Y10S 707/99953   Recoverability

Y10S 707/99956   File allocation

SOFTWARE PROTECTION DEVICE AND METHOD

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

137 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

SOFTWARE PROTECTION DEVICE AND METHOD

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

137 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links