System and method for an autonomous software protection device

US 8,307,215 B2
Filed: 01/23/2008
Issued: 11/06/2012
Est. Priority Date: 01/23/2008
Status: Active Grant

First Claim

Patent Images

1. A software protection device for carrying out computations in a protected environment, the device comprising:

a processing unit;

means of preventing access to at least part of said processing unit from outside of said processing unit;

a decryption means for decrypting protected data said decryption means configured to decrypt at least partly encrypted data by said processing unit using said means of preventing access to at least part of said processing unit;

a virtual machine configured for executing computer program code said virtual machine configured to execute at least partially by said processing unit using said means of preventing access to at least part of said processing unit;

whereby decryption of at least partly encrypted program and execution of decrypted said at least partly encrypted program by said virtual machine within at least part of said software protection device protects code contents and protects said virtual machine executing said code contents from outside of said software protection device.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method is introduced for protecting software from being altered, duplicated, inspected or used in an unauthorized manner. An autonomous software protection device is presented, containing encryption and decryption unit along with an independent execution environment such as a Java Virtual Machine to carry out computations in a protected environment. The software protection device carries out protected code and may make use of protected data to carry out protected computations. Unsecured memory may be used securely by software protection device through an internal virtual memory mechanism managed by the independent execution environment. The software protection device may serve an external computing device for making computations that are protected from software and data alteration and inspection while preventing duplication and usage not as intended by the software and data owner.

11 Citations

View as Search Results

17 Claims

1. A software protection device for carrying out computations in a protected environment, the device comprising:
- a processing unit;
  
  means of preventing access to at least part of said processing unit from outside of said processing unit;
  
  a decryption means for decrypting protected data said decryption means configured to decrypt at least partly encrypted data by said processing unit using said means of preventing access to at least part of said processing unit;
  
  a virtual machine configured for executing computer program code said virtual machine configured to execute at least partially by said processing unit using said means of preventing access to at least part of said processing unit;
  
  whereby decryption of at least partly encrypted program and execution of decrypted said at least partly encrypted program by said virtual machine within at least part of said software protection device protects code contents and protects said virtual machine executing said code contents from outside of said software protection device.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The software protection device of claim 1, wherein said virtual machine implements a secure virtual memory mechanism using memory external to said processing unit wherein memory used by said virtual machine is at least partly encrypted when located outside of said processing unit.
  - 3. The software protection device of claim 2, further comprising an encryption engine configured for at least partially encrypting memory for said secure virtual memory mechanism said decryption functionality unit configured for decrypting at least partly encrypted memory for said virtual memory mechanism, thereby protecting memory of said virtual machine located outside of said processing unit.
  - 4. The software protection device of claim 1, further comprising a means of entering a secure mode of operation of said software protection device using authenticated data stored in said at least part of non volatile memory that is inaccessible outside of software protection device.
  - 5. The device of claim 1 further comprising external memory located outside of said processing unit and further comprising means of securely making use of at least part of said external memory to execute said virtual machine wherein contents of said at least part of said external memory used by said virtual machine is encrypted for use of said virtual machine.

6. A method for executing a protected program in a protected manner using a software protection device the method comprising:
- a. sending one or more at least part of at least partially encrypted programs to said software protection device;
  
  b. preventing access to at least part of said software protection device from outside of said software protection device;
  
  c. decrypting said at least one part of one of said at least partially encrypted programs within said at least part of said software protection device prevented from access outside of said device;
  
  d. executing said at least one partially decrypted program part by a virtual machine configured to execute computer program code within at least part of said software protection device prevented from access outside of said device.
- View Dependent Claims (7, 8, 9)
- - 7. The method according to claim 6 wherein said at least one part of said protected program executed by said virtual machine makes use of at least one at least partially encrypted data content file during execution of said protected program.
  - 8. The method according to claim 6 further comprising sending out at least partially encrypted memory used by said virtual machine for executing said protected program and receiving at least partly encrypted memory for use of said virtual machine for executing said protected program.
  - 9. A method according to claim 6 wherein securing of at least part of external memory located outside of said software protection device for use of executing said virtual machine for protecting execution of said computer program from access outside said processing unit.

10. A secure software protection unit configured for limiting access to restricted data for carrying out computations in a protected environment, the software protection unit comprising:
- a processing unit;
  
  means of preventing access to at least part of said processing unit from outside of said processing unit;
  
  a virtual machine configured for executing computer program code using said processing unit said virtual machine configured to execute at least partially on said processing unit using said means of preventing access to at least part of said processing unitexternal memory located outside of said processing unit;
  
  means of securely making use of at least part of said external memory to execute said virtual machine wherein contents of said at least part of said external memory used by said virtual machine is encrypted for use of said processing unit;
  
  whereby computer program executed by said virtual machine using said at least part of said processing unit and using said at least part of said external memory to execute said computer program in a protected environment.

11. A method for executing a protected program in a protected manner using a software protection device the method comprising:
- a. sending one or more at least part of at least partially authorized programs to said software protection device;
  
  b. preventing access to at least part of said software protection device from outside of said software protection device;
  
  c. authorizing said at least one part of one of said at least partially authorized programs within said at least part of said software protection device prevented from access outside of said device;
  
  d. executing said at least one partially authorized program part by a virtual machine configured to execute computer program code within at least part of said software protection device prevented from access outside of said device.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method according to claim 11 wherein said at least one part of said protected program makes use of at least one at least partially authorized data content file during execution of said protected program by said virtual machine.
  - 13. The method according to claim 11 wherein said at least one part of said protected program makes use of at least one at least partially encrypted data content file during execution of said protected program by said virtual machine.
  - 14. The method according to claim 11 further comprising sending out at least partially encrypted swapped out memory used by said virtual machine for executing said protected program and receiving at least partly encrypted swapped in memory for use of said virtual machine executing said protected program.
  - 15. The method according to claim 11 further comprising sending out at least partially authorized swapped out memory used by said virtual machine for executing said protected program and receiving at least partly authorized swapped in memory for use of said virtual machine for executing said protected program.
  - 16. A method according to claim 11 wherein securing of at least part of external memory located outside of said software protection device for executing said virtual machine in a protected environment.

17. A method for executing a protected program in a protected manner using a software protection device the method comprising:
- a. preventing access to at least part of processing unit of said software protection device from outside of said processing unit (for securing execution of said virtual machine);
  
  b. executing said protected computer program using a virtual machine executing on at said at least part of said processing unit at least partially prevented from access outside of said software protection device;
  
  c. securely making use of at least part of external memory located outside of said processing unit by said virtual machine for said executing said protected computer program at least partially prevented from access outside of said software protection device wherein said at least part of external memory used by said virtual machine is encrypted for use of said virtual machine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Noam Camiel
Original Assignee
Noam Camiel
Inventors
Camiel, Noam
Primary Examiner(s)
POWERS, WILLIAM S

Application Number

US12/018,204
Publication Number

US 20090187769A1
Time in Patent Office

1,749 Days
Field of Search

None
US Class Current

713/189
CPC Class Codes

G06F 21/123   by using dedicated hardware...

H04L 2209/605   Copy protection

H04L 9/3247   involving digital signatures

System and method for an autonomous software protection device

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

11 Citations

17 Claims

Specification

Use Cases

Quick Links

Others

System and method for an autonomous software protection device

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

17 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others