System for preventing software piracy employing multi-encrypted keys and single decryption circuit modules
First Claim
1. A system for enabling a protected program to run on only a selected plurality of computers, comprising:
- a respective triple encrypted key for each of said computers of the form EFK [EKi [EFK [Ki]]] where Ki is an unencryped key that is unique to each of said computers, EKi is an encryption procedure E which uses key Ki, and EFK is the same encryption procedure E using a single fixed key FK for all of said computers;
a respective unique module coupled to each computer of said plurality for performing a decryption procedure EKi-1 where Ki is unique to each module;
a checker program in each computer which responds to requests to use said protected program by performing a single decryption procedure EFK-1 on said triple encrypted key and sends the result to said module as a message M;
4 Assignments
0 Petitions
Accused Products
Abstract
A system which enables a protected program to run only a selected plurality of computers includes a respective unique key Ki for each computer of the plurality, the key being triple encrypted in the form EFK [EKi [EFK [Ki]]]. A respective module is coupled to each computer of the plurality. A checker program in each computer responds to a request to use the protected program by performing a single decryption procedure EFK-1 on the triple encrypted key and sends the result to the module as a message. The module performs a single decryption procedure EKi-1 on the message and sends that result back to the computer. The checker program receives the module'"'"'s result and performs another single decryption procedure EFK-1 on it to obtain key Ki. Then the checker program uses key Ki to decrypt an identifier, and proceeds with the execution of the protected program only if it is identified by the decrypted identifier.
-
Citations
12 Claims
-
1. A system for enabling a protected program to run on only a selected plurality of computers, comprising:
-
a respective triple encrypted key for each of said computers of the form EFK [EKi [EFK [Ki]]] where Ki is an unencryped key that is unique to each of said computers, EKi is an encryption procedure E which uses key Ki, and EFK is the same encryption procedure E using a single fixed key FK for all of said computers; a respective unique module coupled to each computer of said plurality for performing a decryption procedure EKi-1 where Ki is unique to each module; a checker program in each computer which responds to requests to use said protected program by performing a single decryption procedure EFK-1 on said triple encrypted key and sends the result to said module as a message M; - View Dependent Claims (3, 5, 7, 8, 9, 10)
-
-
2. said module being adapted to perform said single decryption procedure EKi-1 on said message M and send EKi-1 [M] back to said computer;
-
a means in said checker program for receiving EFK-1 [M] from said module and for performing another single decryption procedure EFK-1 on it to obtain key Ki; an identifier that is encrypted with said key Ki; and a means in said checker program for using key Ki to decrypt said identifier, and for proceeding with the execution of said protected program only if it is identified by the decrypted identifier. - View Dependent Claims (4)
-
-
6. A data processing system comprised of:
-
a computer having a key Ki that is unique to said computer and is at least double encrypted in the form EKi [EFK [Ki]] where EKi is an encryption procedure E which uses key Ki, and EFK is the same encryption procedure E using another key FK; a module coupled to said computer for receiving said key in said double encrypted form in response to a request for said computer to run a protected program and for partially decrypting said double encrypted key to a single encrypted key EFK [Ki]; a checker program for receiving said single encrypted key EFK [Ki] from said module and for completing its decryption to Ki; an identifier that is encrypted with said key Ki; and a means in said checker program for using Ki to decrypt said identifier, and for proceeding to run said protected program only if it is identified by the decrypted identifier.
-
-
11. A data processing system of the type which includes a computer, a protected program for said computer, and a module coupled to said computer;
- said system further including;
a key Ki that is unique to said computer and is double encrypted; a means in said computer for receiving a request to use said protected program, and in response thereto, for sending said double encryted key to said module; a means in said module for performing a decryption procedure EKi-1 on said double encrypted key to obtain a single encrypted key and for sending the latter back to said computer; a means in said computer for decrypting said single encrypted key to an unencrypted key; and
- said system further including;
-
12. a means in said computer for utilizing said unencrypted key to decrypt an encrypted identifier, and for proceeding with the execution of said protected program only if the decrypted identifier has a predetermined value.
Specification