Electrical computers and digital processing systems: support – Computer program modification detection by cryptography
Reexamination Certificate
1999-08-18
2003-08-19
Peeso, Thomas R. (Department: 2132)
Electrical computers and digital processing systems: support
Computer program modification detection by cryptography
C713S189000, C713S190000, C713S152000, C713S152000
Reexamination Certificate
active
06609201
ABSTRACT:
FIELD OF THE INVENTION
This invention relates to a system for providing computer program instructions in an encrypted manner, wherein execution of the encrypted program is performed by digital logic hardware. More specifically, the invention relates to using the instruction buffers of a processor to control the execution of encrypted instructions.
BACKGROUND OF THE INVENTION
Microprocessors characteristically perform a series of instruction buffer operations during program execution, which follow a series of steps. While each step changes the information stored in buffers in the microprocessor, there is generally a discernable pattern which is established by the steps, thus enabling undesired surreptitious analysis.
It is possible to provide more elaborate protective systems for encoding the software, by use of proprietary hardware components for example, or even by requiring the end user to comply with registration requirements in order to enable software operation. In that respect, the encryption scheme for the program ensures that the program is executable in unencrypted form, at least with respect to the instruction sets provided to the CPU. Unfortunately, the instructions provided to the CPU are in a form that is understandable by the CPU prior to CPU execution. Thus, it is easy for an unauthorized user to determine what is necessary to operate the programs successfully.
It is often desired to provide software and updates of software to end users in such a manner that the software is transferred through public channels, such as the Internet. To provide such software in restricted form, it is desired to provide security to the distributor of the software so that the software is not subject to unauthorized use. In particular, if software is shipped via public or private channels, it is desired that the end user of the software can only use the software on the end user's specified computer, and that the software not be willingly or unwillingly shared by the end user. By computer, it is intended that this includes personal computers, smart cards, work stations, dedicated CPUs embedded in hardware appliances, and any other device in which integrated circuit (IC) microprocessors may be used.
In some programs, the cost of the programs to the end user is such that it becomes economical for third parties to determine what is necessary to circumvent restrictions on use by unauthorized persons. Therefore, it is desired to make the unauthorized duplication or use of a program uneconomical. In order to do that, it is desired to provide an encryption scheme which prevents unauthorized persons from “attacking” the encryption of the software through analysis of the input and output of user commands and instruction sets from the software. It is further desired to provide a software encryption technique in which there are no external indicia of a decryption technique which can be used to analyze the encryption of the software. It is further desired that software be encrypted in such a manner that it is unnecessary to decrypt the software in order to accomplish execution of the software.
SUMMARY OF THE INVENTION
According to of the invention, a microprocessor processes computer programs which are selectively operable on selected ones of individual processors. The microprocessor according the present invention includes an instruction buffer with a predetermined plurality of bit locations, and further includes reconfigurable logic circuitry for processing instructions from the instruction buffer. Additionally the microprocessor includes a programmable instruction decoder which interprets instructions represented by bits stored on the instruction buffer, and the logic circuitry routes the register bits to subsequent bit locations within the instruction buffer. The subsequent bit locations must conform to a predetermined interdependency criteria corresponding to the predetermined format subsequent to execution of at least one instruction by the logic circuitry, and the logic circuitry provides a verification of the interdependency criteria.
More particularly according to the invention, in order to execute program instructions, buffer interdependencies must match those predicted by the compiler. If one were to reverse engineer the program, the interdependencies may not match, and this provides a means of detecting unauthorized use.
According to a further aspect of the invention, a CPU is provided with an ability to modify its operation in accordance with an encryption key. When a program is compiled, the program is modified in order that execution may be performed with the CPU changes with respect to pipelined instruction routing. Logic on the CPU is able to route a subset of the register bits, and selects destination logic gates in the microprocessor. This in turn establishes an instruction buffer interdependency.
According to one aspect of the invention, a microprocessor contains logic able to route a subset of bits from selected bit locations in the buffer to destination logic circuits in the microprocessor. The destination logic circuits then provide verification of whether the register bits meet a predetermined criteria.
An instruction buffer on a keyed microprocessor contains logic which is able to route a subset of the instruction bits on the microprocessor. This selects destination logic gates in the microprocessor which eventually reach a programmable instruction decoder. If the interdependencies fail to match a predetermined acceptable pattern, then the interdependencies are deemed not to match.
According to a further aspect of the invention, a microprocessor is able to process computer programs which are selectively operable on selected ones of individual processors. A key is shared by the microprocessor and a compiler, and the key is used by the compiler to encrypt standard instructions into encrypted instructions. An instruction buffer on the keyed microprocessor contains logic able to route a subset of the instruction bits from any bit locations in the buffer to destination logic circuits in the microprocessor. The instruction bits reach a programmable instruction decoder, and the routing of the instruction bits is controlled in accordance with the key.
According to a further aspect of the invention, a computer program is executable on a selected processor. The processor buffers instructions as instruction bits on the microprocessor. A subset of the instruction bits are routed from bit locations in the buffer to destination logic circuits in the microprocessor. The instruction bits then reach a programmable instruction decoder.
According to a further aspect of the invention, a microprocessor processes computer programs which are selectively operable on that particular microprocessor. Logic instructions for executing encrypted program instruction are received at memory locations. Logic circuitry modifies operation of the microprocessor in accordance with logic instructions stored in the memory locations. The logic circuitry is configurable in accordance with the received logic instructions.
In the invention, a microprocessor uses a programmable instruction decoder to decode encrypted instruction op codes. The decoding is accomplished without decrypting the op codes and logic gates immediately process data. The data representation changes change during the execution, which has the effect of securing the program from analysis for decryption.
A custom instruction set is provided for each CPU chip or groups of CPU chips. That custom instruction set is used by the software manufacturer to provide a unique version of a mass produced program to a customer for program operation with a microprocessor chip. The CPU is therefore programmed for that custom instruction set. The length of each instruction, and the other features of this invention are configurable to have according to the present invention cryptographically significant level of security when viewed from the IC pins. Pirates who examine signals inside the IC will accordingly be deterred from success by the inventive features
Martine & Penilla LLP
Peeso Thomas R.
Sun Microsystems Inc.
LandOfFree
Secure program execution using instruction buffer... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure program execution using instruction buffer..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure program execution using instruction buffer... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3077190