Computer systems to inhibit unauthorized copying, unauthorized usage, and automated cracking of protected software
First Claim
1. A general purpose computer system for executing a plurality of encrypted software packages having provisions that inhibit unauthorized usage of encrypted software instructions comprising:
- storage means for storing information;
processing means for executing re-encrypted software instructions from the current package using an execution key common to all re-encrypted software instructions, and for executing unencrypted software instructions;
said processing means including register/flag means for storing information being processed by said processing means under the control of said software instructions;
translation means, coupled to said processing means, operative for re-encrypting said plurality of encrypted software packages using said execution key to form a plurality of re-encrypted software packages;
said translation means including multiple translation prevention means for preventing said translation means from storing a second re-encrypted software package into locations of said storage means occupied by a first re-encrypted software package;
secure communication means, coupled to said processing means and said translation means, operative for buffering information between said processing means and said translation means, including information describing the region of said storage means occupied by said plurality of re-encrypted software packages;
said processing means including destruction means for destroying said execution key and the contents of said register/flag means upon receiving a destroy signal;
package description means for indicating the region of said storage means occupied by said current package;
violation recognition means, coupled to said destruction means, operative for generating said destroy signal if a re-encrypted software instruction came from a region of said storage means other than the region of said storage means indicated by said package description means; and
branch allowing means, coupled to said violation recognition means and to said package description means, operative for preventing said violation recognition means from generating said destroy signal when a re-encrypted software instruction executing in said processing means is a handshake instruction originating from a region of said storage means other than the region of said storage means indicated by said package description means, and further for establishing the region of said storage means that contains said handshake instruction as the current package in said package description means, and additionally for erasing a portion of the information contained in said register/flag means.
0 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus are provided for inhibiting unauthorized copying, unauthorized usage and automated cracking of proprietary software used in computer systems. The computer systems execute protected programs, which are protected by encapsulation and/or encryption. To provide security against unauthorized copying of software, means are provided that detect and inhibit automated cracking of protected programs. These means will destroy or make inaccessible information in the CPU during conditions when automated cracking could occur. These means will also store interrupt contexts in secret to prevent implementation of automated cracking. Additional features may be provided to allow operation as a general purpose computer system, where protected programs are distributed using public key cryptography and a means is provided to convert from this distribution form to the protected execution form.
-
Citations
12 Claims
-
1. A general purpose computer system for executing a plurality of encrypted software packages having provisions that inhibit unauthorized usage of encrypted software instructions comprising:
-
storage means for storing information; processing means for executing re-encrypted software instructions from the current package using an execution key common to all re-encrypted software instructions, and for executing unencrypted software instructions; said processing means including register/flag means for storing information being processed by said processing means under the control of said software instructions; translation means, coupled to said processing means, operative for re-encrypting said plurality of encrypted software packages using said execution key to form a plurality of re-encrypted software packages; said translation means including multiple translation prevention means for preventing said translation means from storing a second re-encrypted software package into locations of said storage means occupied by a first re-encrypted software package; secure communication means, coupled to said processing means and said translation means, operative for buffering information between said processing means and said translation means, including information describing the region of said storage means occupied by said plurality of re-encrypted software packages; said processing means including destruction means for destroying said execution key and the contents of said register/flag means upon receiving a destroy signal; package description means for indicating the region of said storage means occupied by said current package; violation recognition means, coupled to said destruction means, operative for generating said destroy signal if a re-encrypted software instruction came from a region of said storage means other than the region of said storage means indicated by said package description means; and branch allowing means, coupled to said violation recognition means and to said package description means, operative for preventing said violation recognition means from generating said destroy signal when a re-encrypted software instruction executing in said processing means is a handshake instruction originating from a region of said storage means other than the region of said storage means indicated by said package description means, and further for establishing the region of said storage means that contains said handshake instruction as the current package in said package description means, and additionally for erasing a portion of the information contained in said register/flag means. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for executing a plurality of encrypted software packages on a processor having a program counter, registers/flags, a decryption unit, and a storage unit, comprising the steps of:
-
selecting an execution key; initializing a bounds memory, capable of holding lower bounds and upper bounds, to an empty condition; choosing a load address; translating one of said encrypted software packages, to form a reencrypted software package, whereby said re-encrypted software package is composed of a plurality of re-encrypted software instructions that are decryptable using said execution key; storing said re-encrypted software package in a region of said storage unit beginning at said load address; terminating said storing step if any re-encrypted software instructions were previously stored in said region; recording the highest address of said region; inserting in said bounds memory said load address as the lower bound corresponding to said re-encrypted software package, and said highest address as the upper bound corresponding to said re-encrypted software package; repeating said steps of choosing, translating, storing, terminating, recording, and inserting for each of said plurality of encrypted software packages, to form a plurality of re-encrypted software packages; establishing a current lower bound and a current upper bound from said bounds memory; decrypting the re-encrypted software instruction pointed to by said program counter, using said decryption unit with said execution key, to form an unencrypted software instruction; executing said unencrypted software instruction, to to perform useful results, and to form a new value in said program counter; destroying said execution key and said registers/flags if said unencrypted software instruction is not a handshake instruction, and said program counter is above said current upper bound or below said current lower bound; searching said bounds memory for a zone of said storage unit that surrounds the location pointed to by said program counter, if said unencrypted software instruction is a handshake instruction and said program counter is above said current upper bound or below said current lower bound, to form new values for said current lower bound, and said current upper bound; and repeating said steps of decrypting, executing, destroying, and searching. - View Dependent Claims (12)
-
Specification