Use of pseudocode to protect software from unauthorized use
First Claim
1. A software application which runs in conjunction with an electronic security device (ESD), the application comprising, on a computer-readable medium:
- application code which provides application-level functionality to a user of the application;
security code which implements an ESD-based use restriction scheme to protect against an unauthorized use of the application, at least a portion of the security code being in pseudocode; and
an interpreter module which includes executable code for retrieving and executing the pseudocode.
7 Assignments
0 Petitions
Accused Products
Abstract
Three methods are disclosed for protecting software applications from unauthorized distribution and use (piracy). The first method involves using values generated by a conventional ESD (Electronic Security Device) to encrypt and/or decrypt user data (such as a file) that is generated and used by the application. In a preferred embodiment, the user data is encrypted (such as during a write to memory) using values returned by the ESD, and the user data is later decrypted using like values returned by a software-implemented ESD simulator. The second and third methods involve the use of special development tools that make the task of analyzing the application'"'"'s copy protection code (such as the code used to encrypt and/or decrypt user data) significantly more difficult. Specifically, the second method involves using pseudocode to implement some or all of the application'"'"'s copy protection functions. The pseudocode for a given function is generated (preferably in encrypted form) from actual code using a special development tool, and is then imbedded within the application together with a corresponding pseudocode interpreter. The interpreter fetches, decrypts and executes the pseudocode when the function is called. Because no disassemblers or other development tools exist for analyzing the pseudocode, the task of analyzing the copy protection functions becomes significantly more complex. The third method involves the use of a special obfuscation tool to convert the code for selected copy-protection functions into unnecessarily long, inefficient sequences of machine code. In one implementation of the obfuscation tool, the developer can control the quantity of code that is generated by specifying one or more control parameters. The three methods can also be used to protect software license management systems from security attacks.
184 Citations
30 Claims
-
1. A software application which runs in conjunction with an electronic security device (ESD), the application comprising, on a computer-readable medium:
-
application code which provides application-level functionality to a user of the application;
security code which implements an ESD-based use restriction scheme to protect against an unauthorized use of the application, at least a portion of the security code being in pseudocode; and
an interpreter module which includes executable code for retrieving and executing the pseudocode. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method of protecting a software application from unauthorized use, the method comprising:
-
providing the application with a code module which communicates with an electronic security device (ESD), the ESD configured to generate and return numeric values in response to requests from the code module;
imbedding a pseudocode module within the application, the pseudocode module including pseudocode which implements at least one function of an ESD-based security method; and
providing the application with an interpreter module, the interpreter module including code for fetching and executing instructions of the pseudocode module. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A software development kit for adding secure copy protection code to an application, the kit comprising:
-
a pseudocode interpreter module that is adapted to be added to an application and called by other modules of the application, the pseudocode interpreter module configured to decrypt and execute encrypted pseudocode that is imbedded within the application; and
a development tool which generates the encrypted pseudocode from source code. - View Dependent Claims (26, 27, 28, 29, 30)
-
Specification