Data processing: financial – business practice – management – or co – Business processing using cryptography – Usage protection of distributed data files
Reexamination Certificate
1998-10-01
2002-06-25
Sough, Hyung-Sub (Department: 2161)
Data processing: financial, business practice, management, or co
Business processing using cryptography
Usage protection of distributed data files
C705S050000, C705S051000, C705S053000, C705S057000
Reexamination Certificate
active
06411941
ABSTRACT:
FIELD OF THE INVENTION
This invention relates to a method and system of identifying and restricting an unauthorized software program's operation.
BACKGROUND OF THE INVENTION
Numerous methods have been devised for the identifying and restricting of an unauthorized software program's operation. These methods have been primarily motivated by the grand proliferation of illegally copied software, which is engulfing the marketplace. This illegal copying represents billions of dollars in lost profits to commercial software developers.
Software based products have been developed to validate authorized software usage by writing a license signature onto the computer's volatile memory (e.g. hard disk). These products may be appropriate for restricting honest software users, but they are very vulnerable to attack at the hands of skilled system's programmers (e.g. “hackers”). These license signatures are also subject to the physical instabilities of their volatile memory media.
Hardware based products have also been developed to validate authorized software usage by accessing a dongle that is coupled e.g. to the parallel port of the P.C. These units are expensive, inconvenient, and not particularly suitable for software that may be sold by downloading (e.g. over the internet).
There is accordingly a need in the art to provide for a system and method that substantially reduce or overcome the drawbacks of hitherto known solutions.
SUMMARY OF THE INVENTION
The present invention relates to a method of restricting software operation within a license limitation. This method strongly relies on the use of a key and of a record, which have been written into the non-volatile memory of a computer.
For a better understanding of the underlying concept of the invention, there follows a specific non-limiting example. Thus, consider a conventional computer having a conventional BIOS module in which a key was embedded at the ROM section thereof, during manufacture. The key constitutes, effectively, a unique identification code for the host computer. It is important to note that the key is stored in a non-volatile portion of the BIOS, i.e. it cannot be removed or modified.
Further, according to the invention, each application program that is to be licensed to run on the specified computer, is associated with a license record; that consists of author name, program name and number of licensed users (for network). The license record may be held in either encrypted or explicit form.
Now, there commences an initial license establishment procedure, where a verification structure is set in the BIOS so as to indicate that the specified program is licensed to run on the specified computer. This is implemented by encrypting the license record (or portion thereof) using said key (or portion thereof) exclusively or in conjunction with other identification information) as an encryption key. The resulting encrypted license record is stored in another (second) non-volatile section of the BIOS, e.g. E
2
PROM (or the ROM). It should be noted that unlike the first non-volatile section, the data in the second non-volatile memory may optionally be erased or modified (using E
2
PROM manipulation commands), so as to enable to add, modify or remove licenses. The actual format of the license may include a string of terms that correspond to a license registration entry (e.g. lookup table entry or entries) at a license registration bureau (which will be further described as part of the preferred embodiment of the present invention).
Having placed the encrypted license record in the second non-volatile memory (e.g. the E
2
PROM), the process of verifying a license may be o commenced. Thus, when a program is loaded into the memory of the computer, a so called license verifier application, that is a priori running in the computer, accesses the program under question, retrieves therefrom the license record, encrypts the record utilizing the specified unique key (as retrieved from the ROM section of the BIOS) and compares the so encrypted record to the encrypted records that reside in the E
2
PROM. In the case of match, the program is verified to run on the computer. If on the other hand the sought encrypted data record is not found in the E
2
PROM database, this means that the program under question is not properly licensed and appropriate application define action is invoked (e.g. informing to the user on the unlicensed status, halting the operation of the program under question etc.)
Those versed in the art will readily appreciate that any attempt to run a program at an unlicensed site will be immediately detected. Consider, for example, that a given application, say Lotus 123, is verified to run on a given computer having a first identification code (k
1
) stored in the ROM portion of the BIOS thereof. This obviously requires that the license record (LR) of the application after having been encrypted using k
1
giving rise to (LR)
k1
is stored in the E
2
PROM of the first computer.
Suppose now that a hacker attempts to run the specified application in a second computer having a second identification code (k
2
) stored in the ROM portion of the BIOS thereof. All or a portion the database contents (including of course (LR)
k1
) that reside in the E
2
PROM portion in the first computer may be copied in a known per se means to the second computer. It is important to note that the hacker is unable to modify the key in the ROM of the second computer to K
1
, since, as recalled, the contents of the ROM is established during manufacture and is practically invariable.
Now, when the application under question is executed in the second computer, the license verifier retrieves said LR from the application and, as explained above, encrypts it using the key as retrieved from the ROM of the second computer, i.e k
2
giving rise to encrypted license record (LR)
k2
. Obviously, the value (LR)
k2
does not reside in the E
2
PROM database section of the second computer (since it was not legitimately licensed) and therefore the specified application is invalidated. It goes without saying that the data copied from the first (legitimate) computer is rendered useless, since comparing (LR)
k2
with the copied value (LR)
k1
results, of course, in mismatch.
The example above is given for clarity of explanation only and is by no means binding.
In its broadest aspect, the invention provides for a method of restricting software operation within a license limitation including; for a computer having a first non-volatile memory area, a second non-volatile memory area, and a volatile memory area; the steps of: selecting a program residing in the volatile memory, setting up a verification structure in the non-volatile memories, verifying the program using the structure, and acting on the program according to the verification.
An important advantage in utilizing non-volatile memory such as that residing in the BIOS is that the required level of system programming expertise that is necessary to intercept or modify commands, interacting with the BIOS, is substantially higher than those needed for tampering with data residing in volatile memory such as hard disk. Furthermore, there is a much higher cost to the programmer, if his tampering is unsuccessful, i.e. if data residing in the BIOS (which is necessary for the computer's operability) is inadvertently changed by the hacker. This is too high of a risk for the ordinary software hacker to pay. Note that various recognized means for hindering the professional-like hacker may also be utilized (e.g. anti-debuggers, etc.) in conjunction with the present invention.
In the context of the present invention, a “computer” relates to a digital data processor. These processors are found in personal computers, or on one or more processing cards in multi-processor machines. Today, a processor normally includes a first non-volatile memory, a second non-volatile memory, and data linkage access to a volatile memory. There are also processors having only one non-volatile memory or having more than two non-v
Mullor Miki
Valiko Julian
Beeble, Inc.
Hewitt Calvin L
Kaminski Jeffri A.
Kinberg Robert
Sough Hyung-Sub
LandOfFree
Method of restricting software operation within a license... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method of restricting software operation within a license..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method of restricting software operation within a license... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2900924