Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-04-28
2003-12-16
Wright, Norman M. (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000, C705S054000, C379S093020
Reexamination Certificate
active
06665799
ABSTRACT:
TECHNICAL FIELD
This invention relates to software security and more specifically to a method and computer software code for providing security for a computer software program.
BACKGROUND
Once software is distributed to purchasers it is relatively easy for the purchasers to make unlimited copies and distribute them as they desire. As a result of such copying, substantial revenues have been lost. In fact, a recent study by Business Software Alliances (BSA) and the Software Publishers Association (SPA) estimated revenue losses to the worldwide software industry due to piracy at $11.4 billion. (Report available at http://www.spa.org/piracy/releases/97pir.htm). The study estimates that, of the 574 million new business software applications installed globally during 1997, 228 million applications (or four in every ten) were pirated. This represents an increase of two million more new applications being pirated than in the previous year 1996. The U.S. was reported as the country with the highest dollar losses due to software piracy followed by China, Japan, Korea, Germany, France, Brazil, Italy, Canada, and the United Kingdom. The piracy rate for the U.S. alone was estimated at 26% for 1995, and 27% for 1996 and 1997. Accordingly, revenue losses to the software industry due to piracy in the U.S. were estimated at $2,940,294 in 1995, $2,360,934 in 1996, and $2,779,673 in 1997.
With such an increasing amount of revenue being lost to software piracy, it is becoming ever-increasingly important for software developers to protect their software applications against unauthorized copying and/or use. In the prior art, several techniques have been developed in attempts to prevent software piracy. Such techniques include: security systems integrated with the software application program, and systems with certain external attachments (i.e., “dongles”) that interact with the application program.
Software security solutions have been developed, which attempt to provide security for a computer application program solely through software. Such “software only” solutions do not require any additional hardware to perform security measures. Such software solutions typically utilize a registration database and encryption technology to provide security for an application program. That is, such security software solution typically checks the registration for an application program against a registration database to determine if use of the program is authorized. Typically, a registration is contained in the database only for application programs that have been purchased, and a registration is not contained for unauthorized copies of such application program. Therefore, such a software solution attempts to provide security by only allowing application programs that have a registration in the database to operate.
Security systems have also been developed which utilize external attachments called “dongles.” Dongles have been developed to interface with the parallel printer port of a personal computer (PC). Dongles have also been developed to interface with the serial port of a PC. Additionally, dongles have been developed to interface with the USB port of a personal computer. Other interfaces for which dongles have been developed include: the 36-pin Centronic interface for Japanese NEC-PC98xx systems and for standard PCs, and the ADB bus of the Apple Macintosh.
The general operation of a dongle is as follows: each dongle contains a unique code that is recognized by the protected software. During runtime, the protected program checks whether a dongle with the appropriate code is connected to the computer's port (such as the parallel printer port). If the dongle's code is confirmed, the software is executed. If not, the software will not run.
More specifically, most dongles contain an ASIC (Application Specific Integrated Circuit) chip with multiple electronic algorithms. During runtime, the protected software sends queries to the dongle connected to the designated port of the computer. The dongle evaluates each query and responds. If the response returned by the dongle is correct, the software is allowed to run, otherwise the software is not allowed to proceed as desired. If the correct response is not returned the software developer may be allowed to decide how the software should react, such as preventing the application from running or switching to a demo mode. Therefore, software developers may require that users connect a dongle to one of the above-described ports prior to running the corresponding software program. In this manner, software developers can utilize the above-described dongles to protect their software applications.
SUMMARY OF THE INVENTION
Several problems exist with prior art systems for providing security for software applications. Particularly where the security system resides solely in the software program, it has become relatively easy to break the code used in protecting an application program. In fact, there have been marketed other programs solely for the purposes of breaking such codes. That is, software programs. have been developed that enable buyers to duplicate protective software and avoid any internal security measures. Once the code is voided or broken, the user can then recopy the program and distribute it through computer networks to literally thousands of other unauthorized users. Furthermore, because security systems that reside solely in the program often do not allow users the ability to copy the program at all, users do not have the luxury of being able to make back-up copies of the program.
Problems also exist for the prior art dongles utilized for software application security. Dongles that connect to the parallel or serial ports are inconvenient for most users because their parallel and/or serial ports already interface with other devices, such as a mouse, an external modem, or a printer. Thus, many users are hesitant to dedicate such ports to a security device. Some parallel port dongles claim to have “pass through” capabilities. Such pass through capabilities require that the dongle be connected to the port and then another device, such as a printer, can be connected to the dongle. Such a dongle is suppose to utilize the port to provide security and also allow signals to pass through to the other device. In effect, such dongles attempt to “share” the port with another device. However, when utilized with preemptive operating environments, such as Microsoft Windows 95, 98 and NT, potential problems with sharing ports exist. For example, a dongle may preempt a printer or other device attempting to utilize the same port such that the dongle may effectively take over the port solely for its operation for extended periods of time. By the same token a printer or other device attempting to utilize the same port with a dongle may preempt the dongle, such that the printer or other device may effectively take over the port solely for its operation for extended periods of time.
An additional problem associated with the dongles currently available is that users are aware that the software provider is requiring them to install a security device before they are allowed access to a particular program. Many users do not appreciate the inference that they are not trustworthy, and users may even forgo purchasing the software product.
Yet another problem with the dongles currently available is that most users do not like the extra effort required on their part to attach a dongle to one of the above-described ports. In this sense, even dongles that have pass-through capabilities require the user to disconnect a device that was previously interfacing with a particular port, connect the dongle to that port, and then connect the original device to the dongle. In turn, this required effort on the part of the user makes a developer's software application less appealing to consumers.
Thus, there is a desire to provide security for software developers. There is a further desire for security software capable of receiving analog data representing a security code from an input
DVI Acquisition Corp.
Fulbright & Jaworski L.L.P
Wright Norman M.
LandOfFree
Method and computer software code for providing security for... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and computer software code for providing security for..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and computer software code for providing security for... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3167668