Software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocessor
First Claim
1. A method of restricting use of software to an authorized computer comprising the steps of:
- providing said software in a form in which at least a portion thereof is encrypted,providing an encrypted decryption key for decrypting said encrypted software portion,providing a physically secure coprocessor coupled to said computer, which coprocessor is capable of decrypting said software if it retains said decryption key,coupling a transfer token source to said physically secure coprocessor, which transfer token source stores a token whose presence is required to effect a step of retaining said encrypted decryption key,transferring said encrypted decryption key to said physically secure coprocessor along with said token from said transfer token source,wherein said transferring step includes the step of altering said transfer token source as said token is transferred to said physically secure coprocessor so that said transfer token source is incapable of again transferring said token.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides a software asset protection mechanism which is based on the separation of the software to be protected from the right to execute that software. Protected software can only be executed on composite computing systems in which a physically and logically secure coprocessor is associated with a host computer. The software to be protected is broken down into a protected (encrypted) portion and an (optional) unprotected or plain text portion. The software is distributed by any conventional software distribution mechanism (for example a floppy disk) including the files already identified along with an encrypted software decryption key. The coprocessor is capable of decrypting the software decryption key so it can thereafter decrypt the software, for execution purposes. However, the coprocessor will not perform these functions unless and until the user'"'"'s right to execute is evidenced by presentation of a physically secure token. The physically secure token provides to the coprocessor token data in plain text form (the physical security of the plain text token data is provided by the cartridge within which token data is stored). The physical properties of that cartridge taken together with the correspondence between the token data provided by the cartridge and the encrypted token data evidence the user'"'"'s right to execute. While the coprocessor can, thereafter, decrypt and execute the protected portion of the software, access to that software is denied the user by the physical and logical features of the coprocessor. Other properties of the cartridge (specifically a destructive read property) ensure that the act of transferring token data to the coprocessor obliterates that data from the cartridge so it cannot be revised. Further, the protocol for the coprocessor/cartridge exchange is arranged so that observation of even the entire exchange provides inadequate information with which to simulate or spoof the effect of an authentic, unused cartridge.
673 Citations
35 Claims
-
1. A method of restricting use of software to an authorized computer comprising the steps of:
-
providing said software in a form in which at least a portion thereof is encrypted, providing an encrypted decryption key for decrypting said encrypted software portion, providing a physically secure coprocessor coupled to said computer, which coprocessor is capable of decrypting said software if it retains said decryption key, coupling a transfer token source to said physically secure coprocessor, which transfer token source stores a token whose presence is required to effect a step of retaining said encrypted decryption key, transferring said encrypted decryption key to said physically secure coprocessor along with said token from said transfer token source, wherein said transferring step includes the step of altering said transfer token source as said token is transferred to said physically secure coprocessor so that said transfer token source is incapable of again transferring said token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method of restricting execution of software to authorized processors and preventing execution of said software by unauthorized processors comprising the steps of:
-
(a) distributing said software in a form in which at least a significant portion is encrypted, (b) providing a coprocessor in association with a potentially authorized processor, which coprocessor has a memory space secured against external access for storing decrypted software and operating instructions, (c) coupling said software to said processor, (d) coupling a distinct right to execute to said coprocessor and storing said distinct right to execute in said secure memory of said coprocessor, (e) in response to presence of said distinct right to execute, decrypting and storing said significant portion of said software in said coprocessor, and (f) executing said stored software portion in said coprocessor. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. A method of securing protected software against unauthorized use without perturbing existing channels of software distribution and, at the same time not interfering in users creation of unlimited backup copies of protected software, said method comprising the steps of:
-
(a) providing to a user a physically secure coprocessor and coupling said coprocessor to a user host computer to support bidirectional communication therebetween to create a composite computing system including said host computer and said coprocessor, (b) providing logical security to said coprocessor by; (1) providing a first privilege level including first level secure memory and first level operating instructions, secured against access or variation by said user, for executing protected software, (2) providing a second privilege level including second level secure memory and second level operating instructions, secured against access or variation by said user or any author of protected software, for controlling authorization for execution of said protected software by said first privilege level, (c) distributing protected software in a form in at which at least a portion is inexecutable by said host computer but which is executable by said coprocessor but only with authorization by said second privilege level, (d) distributing a further tangible element distinct from said protected software representing a right to execute said protected software, (e) providing said composite computing system access to said protected software and to said further tangible element, (f) verifying authenticity of said further tangible element by said coprocessor at said second privilege level, (g) altering said second level secure memory in a distinctive fashion to reflect a determination by said second privilege level of authenticity of said tangible element, and (h) executing said protected software so long as said alteration of said second privilege level secure memory is detected and denying said request if said alteration is not present. - View Dependent Claims (30, 31, 32, 33, 34, 35)
-
Specification