Protection of software against use without permit
First Claim
1. A method of preventing unauthorized utilization of software in a computer, the method comprising the steps of:
- encrypting only a part of the software in accordance with a first algorithm (g1), wherein said first algorithm uses a public first key (k1); and
decrypting said encrypted part of the software in accordance with a second algorithm (g2), said second algorithm (g2) together with a private second key (k2) to be employed in said decryption of said encrypted part of the software being stored in an external unit adapted to be connected to the computer, said external unit comprising at least a computer readable storage medium and a processor of its own, wherein said private second key (k2) is different than said public first key (k1) employed in said encryption.
1 Assignment
0 Petitions
Accused Products
Abstract
An arrangement to protect software, particularly freely distributed application software, against utilization without permission of the copyright holder. By encrypting the software employing a key (k1) which is different from that key (k2) which is employed in the decryption, better protection is obtained against unauthorized utilization when the decryption key is kept secret to the user. Further improved security is achieved by additionally executing scrambling-descrambling of the communication between the computer in which the software is utilized and the external unit in which the decryption key is stored. Also, the external unit is arranged such that it returns to the host computer, the result from its processing of data received from the host, the result then being utilized in the further execution of the respective program.
-
Citations
30 Claims
-
1. A method of preventing unauthorized utilization of software in a computer, the method comprising the steps of:
-
encrypting only a part of the software in accordance with a first algorithm (g1), wherein said first algorithm uses a public first key (k1); and
decrypting said encrypted part of the software in accordance with a second algorithm (g2), said second algorithm (g2) together with a private second key (k2) to be employed in said decryption of said encrypted part of the software being stored in an external unit adapted to be connected to the computer, said external unit comprising at least a computer readable storage medium and a processor of its own, wherein said private second key (k2) is different than said public first key (k1) employed in said encryption. - View Dependent Claims (2, 3, 4, 5, 6, 14, 15)
a step wherein said part of the software which is encrypted in accordance with said first algorithm (g1), prior to said first transfer session, is caused to be scrambled according to a third algorithm (g3) and a third key (k3), said third key (k3) being based on a number which, for the respective transfer session, is selected randomly and preferably produced by said external unit, and a step wherein said part of the software which is encrypted in accordance with said first algorithm (g1), and which is scrambled according to said third algorithm (g3) and transferred to said external unit in said first transfer session, is caused to be descrambled in said external unit in accordance with a fourth algorithm (g4) and a fourth key (k4), said fourth key (k4) being based on said randomly selected number for said third key (k3), and said fourth algorithm (g4) being the inverse algorithm of said third algorithm (g3).
-
-
5. A method according to claim 4, wherein the method further comprises:
-
a step wherein said result produced in said external unit on the basis of said part of the software which is decrypted in accordance with said second algorithm (g2), prior to said second transfer session, is caused to be scrambled according to a fifth algorithm (g5) and a fifth key (k5), said fifth key (k5) being based on a number which, for the respective transfer session, is randomly selected and preferably provided by said external unit, and a step wherein said result produced in said external unit on the basis of said part of the software which is decrypted in accordance with said second algorithm (g2), and which is scrambled according to said fifth algorithm (g5) and transferred to the computer in said second transfer session, is caused to be descrambled in the computer in accordance with a sixth algorithm (g6) and a sixth key (k6), said sixth key (k6) being based on said randomly selected number for said fifth key (k5), and said sixth algorithm (g6) being the inverse algorithm of said fifth algorithm (g5).
-
-
6. A method according to claim 5, wherein said randomly selected number for said third and fourth keys (k3, k4) and said randomly selected number for said fifth and sixth keys (k5, k6) are the same number.
-
14. A method according to claim 1, wherein said first algorithm (g1), said second algorithm (g2), said public first key (k1) and said private second key (k2) are determined in accordance with an RSA crypto system.
-
15. A method according to claim 1, wherein said part of the software to be encrypted in accordance with said first algorithm (g1) is selected by being required for the use of the software by the computer, and comprising one or more instructions in a command or execution file, such as in a .COM or .EXE file.
-
7. A method of preparing software for the utilization in a computer only with a corresponding authorization, the method comprising:
-
encrypting in accordance with a first algorithm (g1) only a part of the software;
transferring the software encrypted using said first algorithm (g1) to an external unit connected to the computer;
decrypting within said external unit the software encrypted using said first algorithm (g1) in accordance with a second algorithm (g2), wherein a key which is employed for said encryption in accordance with said first algorithm (g1), is a public first key (k1) which is different from a private second key (k2) which is employed in the execution of said decryption in accordance with said second algorithm (g2) of that part of the software which is encrypted in accordance with said first algorithm (g1) and said public first key (k1). - View Dependent Claims (8, 9, 10)
-
-
11. A method of making authorized utilization possible in a computer of software prepared for utilization in the computer only with a corresponding authorization, the method comprising:
-
encrypting in accordance with a first algorithm (g1) only a part of the software which by the utilization in the computer is decrypted in accordance with a second algorithm (g2), wherein a key which is employed for said encryption in accordance with said first algorithm (g1), is a public first key (k1) which is different from a private second key (k2) which is employed in decryption in accordance with said second algorithm (g2) of said part of the software which is encrypted in accordance with said first algorithm (g1) and said public first key (k1), said encryption of said part of the software in accordance with said first algorithm (g1) is executed on the source code for the software prior to compiling and linking to an executable program, or in similar processing steps producing an executable program, and at the same time adding an object code to the data library of said executable program associated with an external unit adapted to be connected to the computer, and said compiling and/or linking of said source code to an executable program, or in similar processing steps producing an executable program, call sequences, or similar instructions, are inserted which in the execution in the computer of said executable program causes a jump to a corresponding entry point to said object code, said object code being used to establish a communication channel between the computer and said external unit in which said decryption takes place in accordance with said second algorithm (g2);
connecting said external unit to the computer, said external unit comprising a computer readable storage medium and a processor, said second algorithm (g2) and a said private second key k2 to be employed in said decryption of said encrypted part of the software being stored in said external unit; and
when the computer in the execution of said part of the software which is encrypted in accordance with said first algorithm (g1) encounters a call sequence, or a similar instruction, causing a jump to a corresponding entry point to said object code, said object code is utilized by the computer to establish a communication channel to said external unit through which communication channel said encrypted part of the software is transferred in a first transfer session to said external unit to be decrypted by said processor of said external unit in accordance with said second algorithm (g2) and said private second key (k2) both of which being stored in said external unit, said second key (k2) being different from said public first key (k1) employed in the execution of said encryption of said part of the software in accordance with said first algorithm (g1), and said decrypted software part then being processed in said external unit and a result transferred in a second transfer session in the opposite direction through said communication channel for the further utilization in the computer. - View Dependent Claims (12, 13)
prior to said first transfer session to said external unit, said part of the software which is encrypted in accordance with said first algorithm (g1) is caused to be scrambled according to said third algorithm (g3) and said third key (k3), said third key (k3) being based on a number randomly selected for the respective transfer session and provided by said external unit, and said part of the software which is encrypted in accordance with said first algorithm (g1), and which is scrambled according to said third algorithm (g3) and transferred to said external unit in said first transfer session, is caused to be descrambled in said external unit in accordance with a fourth algorithm (g4) and a fourth key (k4), said fourth key (k4) being based on said randomly selected number for said third key (k3), and said fourth algorithm (g4) being the inverse algorithm of said third algorithm (g3).
-
-
13. A method according to claim 12, wherein the method further comprises:
-
a step wherein said result produced in said external unit on the basis of said part of the software which is decrypted in accordance with said second algorithm (g2), prior to said second transfer session, is caused to be scrambled according to a fifth algorithm (g5) and a fifth key (k5), said fifth key (k5) being based on a randomly selected number for the respective transfer session and preferably provided by said external unit, and a step wherein said result produced in said external unit an the basis of said part of the software which is decrypted in accordance with said second algorithm (g2), and which is scrambled according to said fifth algorithm (g5) and transferred in said second transfer session to the computer, is caused to be descrambled in the computer in accordance with a sixth algorithm (g6) and a sixth key (k6), said sixth key (k6) being based on said randomly selected number for said fifth key (k5), and said sixth algorithm (g6) being the inverse algorithm of said fifth algorithm (g5).
-
-
16. A device for the preparation of software to be utilized in a computer only with a corresponding authorization, the device comprising:
-
crypto means effecting the encryption of only a part of the software in accordance with a first algorithm (g1) and a public first key (k1), and an external unit adapted to be connected to the computer, said external unit comprising a processor and a computer readable storage medium for storing a second algorithm (g2) and a private second key (k2), and being disposed to execute decryption of said encrypted part of the software in accordance with said second algorithm (g2) and said private second key (k2,) wherein the device further comprises generator means to provide said second algorithm (g2) and said private second key (k2) intended to be employed in said decryption in accordance with said second algorithm (g2), said private second key (k2) being different from said public first key (k1) employed by said crypto means in the execution of said encryption of said part of the software in accordance with said first algorithm (g1). - View Dependent Claims (17, 18, 19, 24, 25, 26, 27)
-
-
20. A device for making authorized utilization of software in a computer possible comprising:
-
a device including crypto means for effecting the encryption of only a part of the software in accordance with a first algorithm (g1) and a public first key (k1), and an external unit adapted to be connected to the computer, said external unit comprising a processor and a computer readable storage medium for storing a second algorithm (g2) and a private second key (k2), and being disposed to execute decryption of said encrypted part of the software in accordance with said second algorithm (g2) and said private second key (k2), and generator means to provide said second algorithm (g2) and said private second key (k2) intended to be employed in said decryption in accordance with said second algorithm (g2), said private second key (k2) being different from said public first key (k1) employed by said crypto means in the execution of said encryption of said part of the software in accordance with said first algorithm (g1), said device comprising a computer adapted to serve as a host computer for said external unit, wherein said external unit comprises decryption means adapted to execute decryption in accordance with said second algorithm (g2) and said private second key (k2) produced by said generator means. - View Dependent Claims (21, 22, 23)
wherein said external unit comprises descrambling means to descramble in accordance with a fourth algorithm (g4) and a fourth key (k4) said part of the software being encrypted in accordance with said first algorithm (g1), and which, prior to said first transfer session, is scrambled by said host computer according to said third algorithm (g3) and transferred to said external unit in said first transfer session, said third key (k3) used by said host computer in said scrambling being based on a number randomly selected for the respective transfer session and preferably provided by a number generator in said external unit, and said fourth key (k4) used by said descramble means in said external unit based on said number randomly selected, said fourth algorithm (g4) being the inverse algorithm of said third algorithm (g3). -
23. A device according to claim 22, wherein said external unit further comprises:
-
scrambler means to scramble, prior to said second transfer session, in accordance with a fifth algorithm (g5) and a fifth key (k5), said result produced in said external unit on the basis of said part of the software which said external unit has decrypted in accordance with said second algorithm (g2), said fifth key (k5) used by said scrambler means to scramble being based on a number which is randomly selected for the respective transfer session and produced by a number generator in said external unit, said host computer being capable of descrambling in accordance with a sixth algorithm (g6) and a sixth key (k6), said result produced in said external unit for further utilization in said host computer, said result prior to said second transfer session being scrambled according to said fifth algorithm (g5) by means of said scrambler means in said external unit and transferred to the computer in said second transfer session, said sixth key (k6) being based on the same randomly selected number as that for said fifth key (k5), and said sixth algorithm (g6) being the inverse algorithm of said fifth algorithm (g5).
-
-
-
28. A method of preventing unauthorized utilization of software in a computer, comprising the steps of:
-
encrypting only a part of the software in accordance with a first algorithm (g1) and a public first key (k1);
storing a second algorithm (g2) and a private second key from said public first key (k1) in an external unit having a computer readable storage medium and a processor, said external unit adapted to be connected to the computer; and
decrypting said encrypted part of the software using said second algorithm (g2) and said private second key (k2).
-
-
29. A device for the preparation of software to be utilized in a computer only with a corresponding authorization, comprising:
-
determining means for determining a public private key to be used by the computer to decrypt only a part of the software in accordance with a decryption algorithm;
an external unit connected to the computer, wherein said decryption algorithm and said private key are stored in said external unit and encrypting means for encrypting only said part of the software in accordance with an encryption algorithm and another private public key different from said public private key determined by said determining means.
-
-
30. A device for making authorized utilization of software in a computer possible, comprising:
-
a device including crypto means for effecting the encryption of only a part of the software in accordance with a first algorithm (g1) and a public first key (k1), and an external unit adapted to be connected to the computer, said external unit comprising a processor and a computer readable storage medium for storing a second algorithm (g2) and a private second key (k2), and being disposed to execute decryption of said encrypted part of the software in accordance with said second algorithm (g2) and said private second key (k2), and generator means to provide said second algorithm (g2) and said private second key (k2) intended to be employed in said decryption in accordance with said second algorithm (g2), said private second key (k2) being different from said public first key (k1) employed by said crypto means in the execution of said encryption of said part of the software in accordance with said first algorithm (g1), said device comprising a computer to serve as a host computer for said external unit, and wherein said external unit comprises decryption means for decrypting said part of the software in accordance with said second algorithm (g2) and said private second key (k2) produced by said generator means.
-
Specification