Code protection using cryptography
First Claim
1. A method of software protection comprising the steps of:
- encrypting at least a predetermined portion of each program offering sold by any one of a plurality of software vendors with a unique file key;
distributing the encrypted program as a program file;
providing a computer with a unique cryptographic key identifier, a processor, a protected memory and a cryptographic facility containing a cryptographic key associated with said unique cryptographic key identifier;
providing a purchaser of the encrypted program with an authorization number unique to the particular program and said cryptographic identifier;
decrypting that portion of said program encrypted by said encrypting step with said cryptographic facility as a function of said authorization number;
storing at least said predetermined portion of said decrypted program in said protected memory; and
reading said stored portion of said decrypted program from said protected memory only to said processor for execution;
wherein the step of providing the secret password is performed by the steps of;
providing the purchaser of the storage medium containing the encrypted program with an authorization number and identifying the encrypted program with a program number and the storage medium with a storage medium number;
requesting the purchaser to input the authorization number, the program number, the storage medium number and a number identifying said cryptographic key identifier;
computing from the inputed program number and storage medium number an authorization number;
comparing the computed authorization number with the inputted authorization number;
providing a key distribution center with the inputted program number, storage medium number and the number identifying said cryptographic key identifier if the computed and inputted authorization numbers are the same, otherwise rejecting a password request by the purchaser;
generating a first key as a function of said cryptographic key identifier and then encrypting the program number and storage medium number concatenated together with said first key to produce a second key at the key distribution center; and
encrypting the secret file key of the program with said second key to produce said password.
0 Assignments
0 Petitions
Accused Products
Abstract
A cryptographic method for discouraging the copying and sharing of purchased software programs allows an encrypted program to be run on only a designated computer or, alternatively, to be run on any computer but only by the user possessing a designated smart card. Each program offering sold by the software vendor is encrypted with a unique file key and then written on a diskette. A user who purchases a diskette having written thereon an encrypted program must first obtain a secret password from the software vendor. This password will allow the encrypted program to be recovered at a prescribed, designated computer having a properly implemented and initialized encryption feature. The encryption feature decrypts the file key of the program from the password, and when the encrypted program is loaded at the proper computer, the program or a portion of it is automatically decrypted and written into a protected memory from which it can only be executed and not accessed for non-execution purposes. In alternative embodiments, the user is not confined to a prescribed, designated computer buy may use the program on other, different computers with a smart card provided the computers have a properly implemented and initialized encryption feature that accepts the smart card. As a further modification, the cryptographic facility may support operations that enable the user to encrypt and decrypt user generated files and/or user generated programs.
-
Citations
10 Claims
-
1. A method of software protection comprising the steps of:
-
encrypting at least a predetermined portion of each program offering sold by any one of a plurality of software vendors with a unique file key; distributing the encrypted program as a program file; providing a computer with a unique cryptographic key identifier, a processor, a protected memory and a cryptographic facility containing a cryptographic key associated with said unique cryptographic key identifier; providing a purchaser of the encrypted program with an authorization number unique to the particular program and said cryptographic identifier; decrypting that portion of said program encrypted by said encrypting step with said cryptographic facility as a function of said authorization number; storing at least said predetermined portion of said decrypted program in said protected memory; and reading said stored portion of said decrypted program from said protected memory only to said processor for execution; wherein the step of providing the secret password is performed by the steps of; providing the purchaser of the storage medium containing the encrypted program with an authorization number and identifying the encrypted program with a program number and the storage medium with a storage medium number; requesting the purchaser to input the authorization number, the program number, the storage medium number and a number identifying said cryptographic key identifier; computing from the inputed program number and storage medium number an authorization number; comparing the computed authorization number with the inputted authorization number; providing a key distribution center with the inputted program number, storage medium number and the number identifying said cryptographic key identifier if the computed and inputted authorization numbers are the same, otherwise rejecting a password request by the purchaser; generating a first key as a function of said cryptographic key identifier and then encrypting the program number and storage medium number concatenated together with said first key to produce a second key at the key distribution center; and encrypting the secret file key of the program with said second key to produce said password. - View Dependent Claims (2, 3)
-
-
4. A method of software protection comprising the steps of:
-
encrypting at least a predetermined portion of each program offering sold by any one of a plurality of software vendors with a unique file key; distributing the encrypted program as a program file; providing a computer with a unique cryptographic key identifier, a processor, a protected memory and a cryptographic facility containing a cryptographic key associated with said unique cryptographic key identifier; providing a purchaser of the encrypted program with an authorization number unique to the particular program and said cryptographic identifier; decrypting the portion of said program encrypted by said encrypting step with said cryptographic facility as a function of said authorization number; storing at least said predetermined portion of said decrypted program in said protected memory; and reading said stored portion of said decrypted program from said protected memory only to said processor for execution; wherein the step of providing a computer with a unique cryptographic key identifier is performed by issuing to the purchaser a smart card having said unique cryptographic key identifier, said smart card interfacing with said computer; wherein the step of providing the secret password is performed by the steps of; providing the purchaser of the storage medium containing the encrypted program with an authorization number and identifying the encrypted program with a program number and the storage medium with a storage medium number; requesting the purchaser to input the authorization number, a number of the smart card, the program number and the storage medium number; computing an authorization number from the inputted program number and storage medium number; comparing the computed authorization number with the inputted authorization number, and if the computed and inputted authorization numbers are the same, providing a key distribution center with the inputted number of the smart card, the program number and the storage medium number, otherwise rejecting a password request by the purchaser; generating a card key corresponding to the inputted card number and then encrypting the program number and storage medium number concatenated together with said card key to produce an encryption key at the key distribution center; generating a secret file key corresponding to the inputted program number, and encrypting said secret file key with said encryption key to produce said password. - View Dependent Claims (5)
-
-
6. The method of software protection as recited in claim 12 wherein the step of decrypting at least a portion of the program is performed by the steps of;
-
supplying the smart card with the password, program number and storage medium number, encrypting in the smart card the program number and storage medium number concatenated together with the key of the smart card to produce a decryption key, decrypting the password with said decryption key to produce the secret file key, and decrypting in the computer at least said portion of the program using the secret file key. - View Dependent Claims (7, 8, 9, 10)
-
Specification