Code protection using cryptography

US 4,757,534 A
Filed: 02/03/1987
Issued: 07/12/1988
Est. Priority Date: 12/18/1984
Status: Expired due to Term

First Claim

Patent Images

1. A method of software protection comprising the steps of:

encrypting at least a predetermined portion of each program offering sold by any one of a plurality of software vendors with a unique file key;

distributing the encrypted program as a program file;

providing a computer with a unique cryptographic key identifier, a processor, a protected memory and a cryptographic facility containing a cryptographic key associated with said unique cryptographic key identifier;

providing a purchaser of the encrypted program with an authorization number unique to the particular program and said cryptographic identifier;

decrypting that portion of said program encrypted by said encrypting step with said cryptographic facility as a function of said authorization number;

storing at least said predetermined portion of said decrypted program in said protected memory; and

reading said stored portion of said decrypted program from said protected memory only to said processor for execution;

wherein the step of providing the secret password is performed by the steps of;

providing the purchaser of the storage medium containing the encrypted program with an authorization number and identifying the encrypted program with a program number and the storage medium with a storage medium number;

requesting the purchaser to input the authorization number, the program number, the storage medium number and a number identifying said cryptographic key identifier;

computing from the inputed program number and storage medium number an authorization number;

comparing the computed authorization number with the inputted authorization number;

providing a key distribution center with the inputted program number, storage medium number and the number identifying said cryptographic key identifier if the computed and inputted authorization numbers are the same, otherwise rejecting a password request by the purchaser;

generating a first key as a function of said cryptographic key identifier and then encrypting the program number and storage medium number concatenated together with said first key to produce a second key at the key distribution center; and

encrypting the secret file key of the program with said second key to produce said password.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A cryptographic method for discouraging the copying and sharing of purchased software programs allows an encrypted program to be run on only a designated computer or, alternatively, to be run on any computer but only by the user possessing a designated smart card. Each program offering sold by the software vendor is encrypted with a unique file key and then written on a diskette. A user who purchases a diskette having written thereon an encrypted program must first obtain a secret password from the software vendor. This password will allow the encrypted program to be recovered at a prescribed, designated computer having a properly implemented and initialized encryption feature. The encryption feature decrypts the file key of the program from the password, and when the encrypted program is loaded at the proper computer, the program or a portion of it is automatically decrypted and written into a protected memory from which it can only be executed and not accessed for non-execution purposes. In alternative embodiments, the user is not confined to a prescribed, designated computer buy may use the program on other, different computers with a smart card provided the computers have a properly implemented and initialized encryption feature that accepts the smart card. As a further modification, the cryptographic facility may support operations that enable the user to encrypt and decrypt user generated files and/or user generated programs.

Citations

10 Claims

1. A method of software protection comprising the steps of:
- encrypting at least a predetermined portion of each program offering sold by any one of a plurality of software vendors with a unique file key;
  
  distributing the encrypted program as a program file;
  
  providing a computer with a unique cryptographic key identifier, a processor, a protected memory and a cryptographic facility containing a cryptographic key associated with said unique cryptographic key identifier;
  
  providing a purchaser of the encrypted program with an authorization number unique to the particular program and said cryptographic identifier;
  
  decrypting that portion of said program encrypted by said encrypting step with said cryptographic facility as a function of said authorization number;
  
  storing at least said predetermined portion of said decrypted program in said protected memory; and
  
  reading said stored portion of said decrypted program from said protected memory only to said processor for execution;
  
  wherein the step of providing the secret password is performed by the steps of;
  
  providing the purchaser of the storage medium containing the encrypted program with an authorization number and identifying the encrypted program with a program number and the storage medium with a storage medium number;
  
  requesting the purchaser to input the authorization number, the program number, the storage medium number and a number identifying said cryptographic key identifier;
  
  computing from the inputed program number and storage medium number an authorization number;
  
  comparing the computed authorization number with the inputted authorization number;
  
  providing a key distribution center with the inputted program number, storage medium number and the number identifying said cryptographic key identifier if the computed and inputted authorization numbers are the same, otherwise rejecting a password request by the purchaser;
  
  generating a first key as a function of said cryptographic key identifier and then encrypting the program number and storage medium number concatenated together with said first key to produce a second key at the key distribution center; and
  
  encrypting the secret file key of the program with said second key to produce said password.
- View Dependent Claims (2, 3)
- - 2. The method of software protection as recited in claim 1 further comprising the step of determining if the computer authorization number has been used before, and if it has not, then performing the step of comparing the computed authorization number with the inputted authorization number, otherwise rejecting a password request by the purchaser.
  - 3. The method of software protection as recited in claim 1 wherein the step of decrypting at least a portion of the program is performed by the steps of:
    - reading said password, program number and storage medium number from said header record,encrypting said program number and storage medium number concatenated together with a key which is a function of said secret unique cryptographic key identifier to produce a decryption key,decrypting said password with said decryption key to produce said secret file key, anddecrypting the program using said secret file key.

4. A method of software protection comprising the steps of:
- encrypting at least a predetermined portion of each program offering sold by any one of a plurality of software vendors with a unique file key;
  
  distributing the encrypted program as a program file;
  
  providing a computer with a unique cryptographic key identifier, a processor, a protected memory and a cryptographic facility containing a cryptographic key associated with said unique cryptographic key identifier;
  
  providing a purchaser of the encrypted program with an authorization number unique to the particular program and said cryptographic identifier;
  
  decrypting the portion of said program encrypted by said encrypting step with said cryptographic facility as a function of said authorization number;
  
  storing at least said predetermined portion of said decrypted program in said protected memory; and
  
  reading said stored portion of said decrypted program from said protected memory only to said processor for execution;
  
  wherein the step of providing a computer with a unique cryptographic key identifier is performed by issuing to the purchaser a smart card having said unique cryptographic key identifier, said smart card interfacing with said computer;
  
  wherein the step of providing the secret password is performed by the steps of;
  
  providing the purchaser of the storage medium containing the encrypted program with an authorization number and identifying the encrypted program with a program number and the storage medium with a storage medium number;
  
  requesting the purchaser to input the authorization number, a number of the smart card, the program number and the storage medium number;
  
  computing an authorization number from the inputted program number and storage medium number;
  
  comparing the computed authorization number with the inputted authorization number, and if the computed and inputted authorization numbers are the same, providing a key distribution center with the inputted number of the smart card, the program number and the storage medium number, otherwise rejecting a password request by the purchaser;
  
  generating a card key corresponding to the inputted card number and then encrypting the program number and storage medium number concatenated together with said card key to produce an encryption key at the key distribution center;
  
  generating a secret file key corresponding to the inputted program number, andencrypting said secret file key with said encryption key to produce said password.
- View Dependent Claims (5)
- - 5. The method of software protection as recited in claim 4 further comprising the step of determining if the computed authorization number has been used before, and if it has not, then performing the step of comparing the computed and inputed authorization numbers, otherwise rejecting a request for a password by the purchaser.

6. The method of software protection as recited in claim 12 wherein the step of decrypting at least a portion of the program is performed by the steps of;
- supplying the smart card with the password, program number and storage medium number,encrypting in the smart card the program number and storage medium number concatenated together with the key of the smart card to produce a decryption key,decrypting the password with said decryption key to produce the secret file key, anddecrypting in the computer at least said portion of the program using the secret file key.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of software protection as recited in claim 6 further comprising the steps of:
    - supplying the smart card with a number identifying said cryptographic facility,encrypting in the smart card the number identifying said cryptographic facility with a universal key to produce a computer encryption key,generating in the computer a random number and supplying the random number to the smart card,exclusive ORing in the smart card the secret file key with the random number and encrypting the result with said computer encryption key to produce an encrypted exclusive ORed output,decrypting in the computer the encrypted exclusive ORed output with the computer encryption key, andexclusive ORing the decrypted exclusive ORed output with said random number to produce the secret file key.
  - 8. The method of software protection as recited in claim 7 wherein the steps of encryption in the smart card and decryption in the computer are performed using the DES algorithm.
  - 9. The method of software protection as recited in claim 6 further comprising the steps of:
    - providing the computer with a public key, PKt, decrypted under the secret key of a public registry, and also providing said cryptographic facility with a corresponding secret key, SKt,providing said smart card with a public key, PKu,encrypting in the smart card the computer public key decrypted under the secret key of the public registry with the card'"'"'s public key PKu to produce said key PKt,generating in the computer a random number and supplying the random number to the smart card,exclusive ORing in the smart card the secret file key with the random number and encrypting the result with said key PKt to produce an encrypted exclusive ORed output,decrypting in the computer the encrypted exclusive ORed output with the key SKt, andexclusive ORing the decrypted exclusive ORed output with said random number to produce the secret file key.
  - 10. The method of software protection as recited in claim 9 wherein the steps of encryption and decryption in the smart card and the computer are performed by selectively using the DES algorithm and a public key algorithm.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Matyas, Stephen M., Oseas, Jonathan
Primary Examiner(s)
Cangialosi, Salvatore
Assistant Examiner(s)
Lewis, Aaron J.

Application Number

US07/011,419
Time in Patent Office

525 Days
Field of Search

380/23, 380/25, 235/380, 235/382
US Class Current

705/56
CPC Class Codes

G06F 12/1408   by using cryptography for d...

G06F 21/123   by using dedicated hardware...

G06Q 20/341   Active cards, i.e. cards in...

G06Q 20/40975   using encryption therefor

G07F 17/0014   for vending, access and use...

G07F 7/1008   Active credit-cards provide...

Code protection using cryptography

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Code protection using cryptography

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links