Computer software protection system

US 4,573,119 A
Filed: 07/11/1983
Issued: 02/25/1986
Est. Priority Date: 07/11/1983
Status: Expired due to Fees

First Claim

Patent Images

1. In a digital computing system including a central processing unit (CPU) capable of writing data to and reading data from a random access memory (RAM), which RAM is capable of storing and putting out data as a plurality of digitally addressable words under control of said CPU, and which CPU and RAM are connected by a common data bus for transfer of data words and a common address bus for transfer of address words, an improved data access limitation and protection subsystem for protecting data stored within software selectable boundaries of said RAM from unauthorized access by selective transformation and substitution of data and address words as enabled upon detection of a predetermined transformation control sequence in which a unique operation code word is followed by memory address upper and lower boundary words defining said boundaries, said subsystem comprising:

operation code detector means connected to said CPU and to said data bus for detecting said unique operation code word stored in said RAM and fetched by said CPU and for putting out an operation-code-present signal when said unique operation code word is detected;

address latch means connected to said operation code detector means and to said data bus for storing an upper boundary address word and a lower boundary address word put out by said CPU when said address latch means is enabled by said operation-code-present signal from said operation code detector means;

address comparator means connected to said CPU, to said address bus and to said address latch means for comparing digital addresses subsequently put out by said CPU with said stored boundary addresses and for putting out a transform enable signal upon determination that a said address put out by said CPU lies within a range defined by said boundary addresses as the result of said comparison;

address transformation means connected to said address bus between said RAM and said CPU and responsively connected to said address comparator means and enabled by said transform enable signal for transforming said digital addresses lying between said boundary addresses into different digital addresses in accordance with a predetermined address word transform;

bi-directional data transformation means connected to said data bus between said RAM and said CPU and responsively connected to said address comparator means and enabled by said transform enable signal for encoding data words as said words are written to said RAM by said CPU and for decoding bytes of data as said words are read from said RAM by said CPU in accordance with a predetermined data word transform;

whereby whenever said transform enable signal is put out by said address comparator means a word of data written by said CPU to said RAM is encoded by said data transformation means, and a word of data fetched by said CPU from said RAM is decoded by said data transformation means, and the digital address location to which said word of data is written and from which said word of data is fetched is different than the untransformed digital address generated and put out by said CPU.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a digital computing system with a central processing unit (CPU) and random access memory (RAM), an improved data access limitation and protection subsystem protects data stored within predetermined boundaries of the RAM. An operation code detector detects a unique operation code stored in the RAM and fetched by the CPU, and puts out a signal when the unique operation code is detected. An address latch stores a high and a low digital boundary address put out by the CPU when the address latch is enabled by the signal from the operation code detector. An address comparator compares digital addresses subsequently put out by the CPU with the stored boundary addresses and puts out a signal as the result of the comparison. The address comparator signal controls a switch which enables or disables an address transformer and a bi-directional data transformer. A byte of data written by the CPU to the RAM is encoded by the data transformer, and a byte of data fetched by the CPU from the RAM is decoded by the data transformer; and the digital address location to which the byte of data is written and from which it is fetched is transformed from the digital address generated by the CPU in its normal mode of operation if the digital address of the byte of data within the RAM is not greater than the high boundary address and not less than the low boundary address.

Citations

11 Claims

1. In a digital computing system including a central processing unit (CPU) capable of writing data to and reading data from a random access memory (RAM), which RAM is capable of storing and putting out data as a plurality of digitally addressable words under control of said CPU, and which CPU and RAM are connected by a common data bus for transfer of data words and a common address bus for transfer of address words, an improved data access limitation and protection subsystem for protecting data stored within software selectable boundaries of said RAM from unauthorized access by selective transformation and substitution of data and address words as enabled upon detection of a predetermined transformation control sequence in which a unique operation code word is followed by memory address upper and lower boundary words defining said boundaries, said subsystem comprising:
- operation code detector means connected to said CPU and to said data bus for detecting said unique operation code word stored in said RAM and fetched by said CPU and for putting out an operation-code-present signal when said unique operation code word is detected;
  
  address latch means connected to said operation code detector means and to said data bus for storing an upper boundary address word and a lower boundary address word put out by said CPU when said address latch means is enabled by said operation-code-present signal from said operation code detector means;
  
  address comparator means connected to said CPU, to said address bus and to said address latch means for comparing digital addresses subsequently put out by said CPU with said stored boundary addresses and for putting out a transform enable signal upon determination that a said address put out by said CPU lies within a range defined by said boundary addresses as the result of said comparison;
  
  address transformation means connected to said address bus between said RAM and said CPU and responsively connected to said address comparator means and enabled by said transform enable signal for transforming said digital addresses lying between said boundary addresses into different digital addresses in accordance with a predetermined address word transform;
  
  bi-directional data transformation means connected to said data bus between said RAM and said CPU and responsively connected to said address comparator means and enabled by said transform enable signal for encoding data words as said words are written to said RAM by said CPU and for decoding bytes of data as said words are read from said RAM by said CPU in accordance with a predetermined data word transform;
  
  whereby whenever said transform enable signal is put out by said address comparator means a word of data written by said CPU to said RAM is encoded by said data transformation means, and a word of data fetched by said CPU from said RAM is decoded by said data transformation means, and the digital address location to which said word of data is written and from which said word of data is fetched is different than the untransformed digital address generated and put out by said CPU.
- View Dependent Claims (2, 3, 4)
- - 2. The digital computing system set forth in claim 1 in which said bi-directional data transformation means comprises:
    - read only memory (ROM) means for storing said predetermined data word transform as a secret, predetermined set of data transformation words;
      
      table lookup means connected to said address bus for using selected bits of the digital address of a data word to select a data transformation word of said transform stored within said ROM and for putting out said data transformation word;
      
      bi-directional gate means connected to said table lookup means and to said data bus for combining said data word initially put out on said data bus with said data transformation word in an exclusive OR operation and for putting the result of said exclusive OR operation out on said data bus as a transformed data word during encoding operations and as a decoded word during decoding operations;
      
      whereby said data word on said data bus is encoded and decoded as a function of its digital address.
  - 3. The digital computing system set forth in claim 1 in which said address transformation means comprises:
    - read only memory (ROM) means for storing said predetermined address word transform as a secret, predetermined set of address transformation words;
      
      table lookup means for using selected bits of the digital address word corresponding to a data word put out by said CPU in order to select a transformed address word stored within said ROM for putting out said transformed address word onto said address bus to address said RAM;
      
      whereby said digital address is transformed into said transformed address as a function of its own value.
  - 4. The digital computing system as set forth in claim 1 in which said address comparator means includes switch means for enabling and disabling said address transformation means and said bi-directional data transformation means in response to the transform enable signal.

5. A method for protecting software encoded in accordance with a predetermined encoding scheme from unauthorized use, alteration, misappropriation and the like, for use on a computer system having a central processing unit a main memory and a bi-directional data transform circuit and an address transform circuit which respectively transform address and data words in accordance with a predetermined transform arrangement, while at the same time in no way interfering with the ability of said computer system to use non-encoded software without impediment, comprising the steps of:
- including in said software to be protected an operation code sequence in accordance with said predetermined encoding scheme,including in said sequence a transform operation code followed by an upper and a lower memory boundary address, which boundary addresses define a transform area of said main memory,operating said central processing unit with said protected software,detecting in said computer system the presence of said transform operation code and thereupon enabling a boundary address latch circuit and reading into said enabled boundary address latch circuit said upper and lower memory boundary addresses which follow said transform operation code and which define said transform area of main memory,comparing each address of each subsequent operation code word of said sequence with said latched upper and lower memory boundary addresses, and enabling said bi-directional data transform circuit and said address transform circuit upon determination that the address of the operation code being compared lies within said transform area,during CPU read operations from said main memory, decoding with said data transform circuit each data word and decoding with said address transform circuit each address word which follows said transform operation code in accordance with a predetermined inverse of said predetermined transform arrangement whenever each such data word and each such address word also lie within said transform area, andduring CPU write operations to said main memory, encoding with said bi-directional data transform circuit each data word put out which follows said transform enabling operation code in accordance with said transform arrangement in the event that each such data word also is to be stored within said transform area.
- View Dependent Claims (6, 7)
- - 6. The software protection method set forth in claim 5 further comprising the step of selectively disabling said transform circuits of said computer system by executing in said CPU a transform operation code followed by an upper and a lower memory boundary, which boundaries are equal values and indicate the lowest addressable location in main memory.
  - 7. The software protection method set forth in claim 5 comprising the further steps of making said transform arrangement to be unique for each said computer system, encoding and distributing said software to multiple computer systems in accordance with a single predetermined encoding scheme, and tailoring said distributed software for each said computer system in accordance with the said transform arrangement unique thereto.

8. A method for operating a computing system including a central processing unit, a main memory and a selectively operable transform circuit intercepting data and address buses interconnecting said central processing unit and said main memory in at least two ways:
- a first way for use with an unencrypted software control program, and a second way for use with a software control program which has been encrypted in accordance with a predetermined encryption scheme to prevent unauthorized use, said encrypted software control program including a unique transform operation code word, followed with two memory address boundary words one of which identifies an upper boundary of a transform region of main memory and the other of which indentifies a lower boundary of the transform region, said second way of said method comprising the steps of;
  
  detecting the occurrence of the transform operation code word during program execution, and thereuponrecording the two memory address boundary words to fix the transform region of main memory,testing each subsequent operation code word to determine whether it addresses main memory within the transform region and thereupon operating the transformation circuit bydecoding each address word addressing a location within the transform region in accordance with a predetermined address decoding scheme of the transform circuit which correlates to the encryption of the software and decoding each data word read at a location within the transform region in accordance with a predetermined data decoding scheme of the transform circuit which correlates to the encryption of the software during memory read operations of the system, andencoding each word to be written at a location within the transform region in accordance with a predetermined encoding scheme of the transform circuit which correlates to the encryption of the software during memory write operations of the system.
- View Dependent Claims (9, 10, 11)
- - 9. The software protection method set forth in claim 8 comprising the further step of selectively disabling said transform circuit by executing in the central processing unit a transform operation code word followed by upper and lower memory boundary address words, which address words are equal values and indicate the lowest addressable location in the main memory.
  - 10. The software protection method set forth in claim 8 comprising the further step of selectively disabling said transform circuit by executing in the central processing unit an operation code which effectively clears the transform circuit of the transform operation code word and of the memory boundary address words.
  - 11. The software protection method set forth in claim 8 comprising the further steps of:
    - encrypting multiple copies of the same control program in accordance with a single predetermined encryption scheme,making the transform process carried out by the transform circuit of a said computer system to be unique to that system, andconverting a copy of the software to be compatible with the unique transform process of the particular computer system by executing a tailoring program which tailors the copy of the encrypted software control program to the characteristics of the particular computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Peter D. Hipson, Thomas O. Westheimer
Original Assignee
Peter D. Hipson, Thomas O. Westheimer
Inventors
Hipson, Peter D., Westheimer, Thomas O.
Primary Examiner(s)
Springborn, Harvey E.

Application Number

US06/512,218
Time in Patent Office

960 Days
Field of Search

364/200, 364/900, 178/22.08, 178/22.09
US Class Current

713/190
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 12/1441   for a range

G06F 21/123   by using dedicated hardware...

G06F 21/72   in cryptographic circuits

Computer software protection system

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Computer software protection system

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links