Computer software protection system
First Claim
1. In a digital computing system including a central processing unit (CPU) capable of writing data to and reading data from a random access memory (RAM), which RAM is capable of storing and putting out data as a plurality of digitally addressable words under control of said CPU, and which CPU and RAM are connected by a common data bus for transfer of data words and a common address bus for transfer of address words, an improved data access limitation and protection subsystem for protecting data stored within software selectable boundaries of said RAM from unauthorized access by selective transformation and substitution of data and address words as enabled upon detection of a predetermined transformation control sequence in which a unique operation code word is followed by memory address upper and lower boundary words defining said boundaries, said subsystem comprising:
- operation code detector means connected to said CPU and to said data bus for detecting said unique operation code word stored in said RAM and fetched by said CPU and for putting out an operation-code-present signal when said unique operation code word is detected;
address latch means connected to said operation code detector means and to said data bus for storing an upper boundary address word and a lower boundary address word put out by said CPU when said address latch means is enabled by said operation-code-present signal from said operation code detector means;
address comparator means connected to said CPU, to said address bus and to said address latch means for comparing digital addresses subsequently put out by said CPU with said stored boundary addresses and for putting out a transform enable signal upon determination that a said address put out by said CPU lies within a range defined by said boundary addresses as the result of said comparison;
address transformation means connected to said address bus between said RAM and said CPU and responsively connected to said address comparator means and enabled by said transform enable signal for transforming said digital addresses lying between said boundary addresses into different digital addresses in accordance with a predetermined address word transform;
bi-directional data transformation means connected to said data bus between said RAM and said CPU and responsively connected to said address comparator means and enabled by said transform enable signal for encoding data words as said words are written to said RAM by said CPU and for decoding bytes of data as said words are read from said RAM by said CPU in accordance with a predetermined data word transform;
whereby whenever said transform enable signal is put out by said address comparator means a word of data written by said CPU to said RAM is encoded by said data transformation means, and a word of data fetched by said CPU from said RAM is decoded by said data transformation means, and the digital address location to which said word of data is written and from which said word of data is fetched is different than the untransformed digital address generated and put out by said CPU.
0 Assignments
0 Petitions
Accused Products
Abstract
In a digital computing system with a central processing unit (CPU) and random access memory (RAM), an improved data access limitation and protection subsystem protects data stored within predetermined boundaries of the RAM. An operation code detector detects a unique operation code stored in the RAM and fetched by the CPU, and puts out a signal when the unique operation code is detected. An address latch stores a high and a low digital boundary address put out by the CPU when the address latch is enabled by the signal from the operation code detector. An address comparator compares digital addresses subsequently put out by the CPU with the stored boundary addresses and puts out a signal as the result of the comparison. The address comparator signal controls a switch which enables or disables an address transformer and a bi-directional data transformer. A byte of data written by the CPU to the RAM is encoded by the data transformer, and a byte of data fetched by the CPU from the RAM is decoded by the data transformer; and the digital address location to which the byte of data is written and from which it is fetched is transformed from the digital address generated by the CPU in its normal mode of operation if the digital address of the byte of data within the RAM is not greater than the high boundary address and not less than the low boundary address.
-
Citations
11 Claims
-
1. In a digital computing system including a central processing unit (CPU) capable of writing data to and reading data from a random access memory (RAM), which RAM is capable of storing and putting out data as a plurality of digitally addressable words under control of said CPU, and which CPU and RAM are connected by a common data bus for transfer of data words and a common address bus for transfer of address words, an improved data access limitation and protection subsystem for protecting data stored within software selectable boundaries of said RAM from unauthorized access by selective transformation and substitution of data and address words as enabled upon detection of a predetermined transformation control sequence in which a unique operation code word is followed by memory address upper and lower boundary words defining said boundaries, said subsystem comprising:
-
operation code detector means connected to said CPU and to said data bus for detecting said unique operation code word stored in said RAM and fetched by said CPU and for putting out an operation-code-present signal when said unique operation code word is detected; address latch means connected to said operation code detector means and to said data bus for storing an upper boundary address word and a lower boundary address word put out by said CPU when said address latch means is enabled by said operation-code-present signal from said operation code detector means; address comparator means connected to said CPU, to said address bus and to said address latch means for comparing digital addresses subsequently put out by said CPU with said stored boundary addresses and for putting out a transform enable signal upon determination that a said address put out by said CPU lies within a range defined by said boundary addresses as the result of said comparison; address transformation means connected to said address bus between said RAM and said CPU and responsively connected to said address comparator means and enabled by said transform enable signal for transforming said digital addresses lying between said boundary addresses into different digital addresses in accordance with a predetermined address word transform; bi-directional data transformation means connected to said data bus between said RAM and said CPU and responsively connected to said address comparator means and enabled by said transform enable signal for encoding data words as said words are written to said RAM by said CPU and for decoding bytes of data as said words are read from said RAM by said CPU in accordance with a predetermined data word transform; whereby whenever said transform enable signal is put out by said address comparator means a word of data written by said CPU to said RAM is encoded by said data transformation means, and a word of data fetched by said CPU from said RAM is decoded by said data transformation means, and the digital address location to which said word of data is written and from which said word of data is fetched is different than the untransformed digital address generated and put out by said CPU. - View Dependent Claims (2, 3, 4)
-
-
5. A method for protecting software encoded in accordance with a predetermined encoding scheme from unauthorized use, alteration, misappropriation and the like, for use on a computer system having a central processing unit a main memory and a bi-directional data transform circuit and an address transform circuit which respectively transform address and data words in accordance with a predetermined transform arrangement, while at the same time in no way interfering with the ability of said computer system to use non-encoded software without impediment, comprising the steps of:
-
including in said software to be protected an operation code sequence in accordance with said predetermined encoding scheme, including in said sequence a transform operation code followed by an upper and a lower memory boundary address, which boundary addresses define a transform area of said main memory, operating said central processing unit with said protected software, detecting in said computer system the presence of said transform operation code and thereupon enabling a boundary address latch circuit and reading into said enabled boundary address latch circuit said upper and lower memory boundary addresses which follow said transform operation code and which define said transform area of main memory, comparing each address of each subsequent operation code word of said sequence with said latched upper and lower memory boundary addresses, and enabling said bi-directional data transform circuit and said address transform circuit upon determination that the address of the operation code being compared lies within said transform area, during CPU read operations from said main memory, decoding with said data transform circuit each data word and decoding with said address transform circuit each address word which follows said transform operation code in accordance with a predetermined inverse of said predetermined transform arrangement whenever each such data word and each such address word also lie within said transform area, and during CPU write operations to said main memory, encoding with said bi-directional data transform circuit each data word put out which follows said transform enabling operation code in accordance with said transform arrangement in the event that each such data word also is to be stored within said transform area. - View Dependent Claims (6, 7)
-
-
8. A method for operating a computing system including a central processing unit, a main memory and a selectively operable transform circuit intercepting data and address buses interconnecting said central processing unit and said main memory in at least two ways:
- a first way for use with an unencrypted software control program, and a second way for use with a software control program which has been encrypted in accordance with a predetermined encryption scheme to prevent unauthorized use, said encrypted software control program including a unique transform operation code word, followed with two memory address boundary words one of which identifies an upper boundary of a transform region of main memory and the other of which indentifies a lower boundary of the transform region, said second way of said method comprising the steps of;
detecting the occurrence of the transform operation code word during program execution, and thereupon recording the two memory address boundary words to fix the transform region of main memory, testing each subsequent operation code word to determine whether it addresses main memory within the transform region and thereupon operating the transformation circuit by decoding each address word addressing a location within the transform region in accordance with a predetermined address decoding scheme of the transform circuit which correlates to the encryption of the software and decoding each data word read at a location within the transform region in accordance with a predetermined data decoding scheme of the transform circuit which correlates to the encryption of the software during memory read operations of the system, and encoding each word to be written at a location within the transform region in accordance with a predetermined encoding scheme of the transform circuit which correlates to the encryption of the software during memory write operations of the system. - View Dependent Claims (9, 10, 11)
- a first way for use with an unencrypted software control program, and a second way for use with a software control program which has been encrypted in accordance with a predetermined encryption scheme to prevent unauthorized use, said encrypted software control program including a unique transform operation code word, followed with two memory address boundary words one of which identifies an upper boundary of a transform region of main memory and the other of which indentifies a lower boundary of the transform region, said second way of said method comprising the steps of;
Specification