SYSTEM AND METHOD FOR AN AUTONOMOUS SOFTWARE PROTECTION DEVICE

US 20090187769A1
Filed: 01/23/2008
Published: 07/23/2009
Est. Priority Date: 01/23/2008
Status: Active Grant

First Claim

Patent Images

1. A software protection device for carrying out computations in a protected environment, the device comprising:

a decryption functionality unit capable of decrypting protected files;

a program execution environment for executing computer program code;

whereby at least a partly encrypted program may be decrypted by said decryption unit and executed by said program execution environment within said software protection device thereby allowing protection of code contents and executing program environment from outside of said software protection device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is introduced for protecting software from being altered, duplicated, inspected or used in an unauthorized manner. An autonomous software protection device is presented, containing encryption and decryption unit along with an independent execution environment such as a Java Virtual Machine to carry out computations in a protected environment. The software protection device carries out protected code and may make use of protected data to carry out protected computations. Unsecured memory may be used securely by software protection device through an internal virtual memory mechanism managed by the independent execution environment. The software protection device may serve an external computing device for making computations that are protected from software and data alteration and inspection while preventing duplication and usage not as intended by the software and data owner.

19 Citations

View as Search Results

29 Claims

1. A software protection device for carrying out computations in a protected environment, the device comprising:
- a decryption functionality unit capable of decrypting protected files;
  
  a program execution environment for executing computer program code;
  
  whereby at least a partly encrypted program may be decrypted by said decryption unit and executed by said program execution environment within said software protection device thereby allowing protection of code contents and executing program environment from outside of said software protection device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The device of claim 1, further comprising non volatile memory with means of preventing access to at least part of said non volatile memory from outside of said software protection device.
  - 3. The device of claim 2, wherein said program execution environment is an execution environment capable of executing programs without said programs being executed directly by said device hardware.
  - 4. The device of claim 2, further comprising a means of protecting at least part of said software protection device hardware at least during processing of secure at least partly encrypted code whereby computation taking place within said software protection device during processing of said secure code is secure from alteration and said at least party encrypted code is safe from being viewed in decrypted form.
  - 5. The device of claim 2, wherein said program execution environment implements a virtual memory mechanism internal to said program execution environment.
  - 6. The device of claim 5, further comprising an encryption engine capable of at least partially encrypting swapped out memory for said virtual memory mechanism said decryption functionality unit capable of decrypting said at least partly encrypted swapped in memory for said virtual memory mechanism, thereby protecting said swapped out memory contents.
  - 7. The device of claim 4, further comprising a means of entering a secure mode of operation using data stored in said at least part of non volatile memory that is inaccessible outside of software protection device.

8. A method for executing a protected program in a protected manner using a software protection device the method comprising:
- a. sending one or more at least part of at least partially encrypted programs to said software protection device;
  
  b. decrypting said at least one part of one of said at least partially encrypted programs within said software protection device into at least one partially decrypted program part;
  
  c. executing said at least one partially decrypted program part within said software protection device;
- View Dependent Claims (9, 10, 11)
- - 9. A method according to claim 8 wherein said at least one part of said protected program makes use of at least one at least partially encrypted data content file during execution of said protected program.
  - 10. A method according to claim 8 wherein at least one parameter is passed to said software protection device for execution of said protected program.
  - 11. A method according to claim 8 further comprising sending out at least partially encrypted swapped out memory of executing said protected program and receiving at least partly encrypted swapped in memory of executing said protected program.

12. A secure software protection core capable of limiting access to restricted data for carrying out computations in a protected environment, the software protection core comprising:
- a processing unit;
  
  internal volatile memory;
  
  internal non-volatile memory;
  
  means of protecting access to at least part of said internal non-volatile memory;
  
  a program execution environment for executing computer program code using said processing unit;
  
  an internal decryption capability;
  
  whereby at least partially encrypted program may be decrypted using said internal decryption capability using keys stored in said internal non-volatile memory protected by said means of protecting access to at least part of non-volatile memory to be executed by said program execution environment using said internal volatile memory.
- View Dependent Claims (13, 14, 15, 16, 17)
- - 13. The secure software protection core of claim 12, wherein said program execution environment is an execution environment capable of executing programs without said programs being executed directly by said processing unit.
  - 14. The secure protection core of claim 13, wherein said program execution environment implements a virtual memory mechanism internal to said program execution environment.
  - 15. The secure protection core of claim 14, further comprising an internal encryption capability and comprising connection to external memory whereby said encryption capability is capable of at least partially encrypting swapped out virtual memory produced by said virtual memory mechanism said swapped out virtual memory is stored on said external memory said internal decryption capability is capable of decrypting at least partly encrypted swapped in virtual memory for use by said virtual memory mechanism, thereby protecting said swapped out virtual memory contents.
  - 16. The secure protection core of claim 13, further comprising hardware protection means for protecting at least some of said internal volatile memory and at least some registers of said processing unit at least during processing of secure code decrypted by said internal decryption capability.
  - 17. The secure protection core according to claim 13 wherein said at least partly encrypted program makes use of at least part of one at least partly encrypted data content during execution of said at least partly encrypted program whereby said at least partly encrypted data content is decrypted by said internal decryption capability for use by said at least partly encrypted program.

18. A software protection device for carrying out computations in a protected environment, the device comprising:
- An authentication functionality unit capable of authenticating files;
  
  a program execution environment for executing computer program code;
  
  whereby at least a partly authenticated program may be authorized by said authentication unit and executed by said program execution environment within said software protection device thereby allowing protection from alteration of code contents and executing program environment from outside of said software protection device.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The device of claim 18, further comprising non volatile memory with means of preventing access to at least part of said non volatile memory from outside of said software protection device.
  - 20. The device of claim 19, wherein said program execution environment is an execution environment capable of executing programs without said programs being executed directly by said device hardware.
  - 21. The device of claim 19, further comprising a means of protecting at least part of said software protection device hardware at least during processing of authorized code whereby computation taking place within said software protection device during processing of authorized code is secure from anteration.
  - 22. The device of claim 21, wherein said program execution environment implements a virtual memory mechanism internal to said program execution environment.
  - 23. The device of claim 22, capable of at least partially signing swapped out memory of said virtual memory mechanism using said authentication functionality unit and authorizing electronic signature of said at least partly authorized swapped in virtual memory using said authentication functionality unit, thereby protecting said swapped out memory contents from being altered.
  - 24. The device of claim 22, further comprising an encryption and decryption engine capable of at least partially encrypting swapped out memory for said virtual memory mechanism using said encryption engine and decrypting said at least partly encrypted swapped in memory using said decryption engine for said virtual memory mechanism, thereby protecting said swapped out memory contents.

25. A method for executing a protected program in a protected manner using a software protection device the method comprising:
- a. sending one or more at least part of at least partially authorized programs to said software protection device;
  
  b. authorizing said at least one part of one of said at least partially authorized programs within said software protection device.c. executing said at least one partially authorized program part within said software protection device;
- View Dependent Claims (26, 27, 28, 29)
- - 26. A method according to claim 25 wherein said at least one part of said protected program makes use of at least one at least partially authorized data content file during execution of said protected program.
  - 27. A method according to claim 25 wherein said at least one part of said protected program makes use of at least one at least partially encrypted data content file during execution of said protected program.
  - 28. A method according to claim 25 further comprising sending out at least partially encrypted swapped out memory of executing said protected program and receiving at least partly encrypted swapped in memory of executing said protected program.
  - 29. A method according to claim 25 further comprising sending out at least partially authorized swapped out memory of executing said protected program and receiving at least partly authorized swapped in memory of executing said protected program.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Noam Camiel
Original Assignee
Noam Camiel
Inventors
Camiel, Noam

Granted Patent

US 8,307,215 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/123   by using dedicated hardware...

H04L 2209/605   Copy protection

H04L 9/3247   involving digital signatures

SYSTEM AND METHOD FOR AN AUTONOMOUS SOFTWARE PROTECTION DEVICE

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR AN AUTONOMOUS SOFTWARE PROTECTION DEVICE

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links