Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
2000-01-03
2001-10-16
Iqbal, Nadeem (Department: 2184)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C380S029000
Reexamination Certificate
active
06304972
ABSTRACT:
CROSS REFERENCE TO RELATED APPLICATIONS
Not applicable.
STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH
Not applicable.
BACKGROUND OF THE INVENTION
As is known in the art, there is a trend to couple computers including personal computers (PCs) to computer networks such as the internet, for example. There is also a trend for software providers or vendors to deliver software to software users over computer networks. The ease of transporting software over networks makes illegal or otherwise unauthorized copying, use, and distribution of computer code relatively easy.
While a variety of different techniques exist for protecting software against unlawful copying, use and distribution, those systems which are considered relatively secure include specialized hardware attached to or embedded in a processor of a computer executing the software. Such specialized hardware can be customized to operate with a specific software program or can be implemented in a general manner to operate with any software program executed by the processing system which executes the software and includes the specialized hardware. One system which employs such a hardware approach to securing software is described in U.S. Pat. No. 5,234,045 entitled Comprehensive Software Protection System issued to Goldriech, et al. This patent describes a system which includes hardware to execute encrypted portions of computer code in a way that prevents the encrypted portions from being revealed.
Unfortunately, it is possible to reverse engineer such specialized hardware, thereby allowing an unauthorized third party to decode the missing parts of the computer code. Moreover, once a third party has decoded the computer code, the unauthorized user can pose as a legal vendor of the computer code by encrypting the unauthorized version of the software using the accepted hardware based protection standard. The unauthorized user can then distribute the software. Furthermore, it is relatively difficult to detect such unauthorized use and copying, since to demonstrate that computer code is an illegal copy, one would have to decrypt the missing parts of the computer code.
Given the current rate of progress in assuring reliability and availability of communication over computer networks, it will soon become effective and acceptable to rely on a network to guarantee fast response time to messages sent over the network to a specialized server site. It would, therefore, be desirable to provide a technique for securely distributing over a network software executable on a client processing system but which cannot be easily copied for unauthorized use.
SUMMARY OF THE INVENTION
In accordance with the present invention, a processing system includes a code extraction processor to receive an original software program and to parse the original software program to provide a first program and a second program, a first storage device having the first program stored therein, a second storage device having stored therein a server program which utilizes the second program and an execution processor coupled to the first and second storage devices to execute the server program and the second program. With this particular arrangement, a processing system for use in a secure software system is provided.
The code extraction processor operates on the original program and extracts at least a portion of the original program. The remaining portions of the original program correspond to the first program which is intended to be transmitted to a client or lessee site over a network. The lessee site includes a processing system appropriate for executing the first program. The second program includes the excised portion of the original program code.
In a preferred embodiment, the excised program portion corresponds to a relatively small portion of the original program and, taken alone, does not constitute an executable computer program. Rather, the excised program portion is utilized by a server program which provides communication and responses to queries provided thereto by the first program executing at the lessee site. The first program transmitted to the lessee site for execution includes substantially all of the original program.
In one particular embodiment, the code extraction processor generates a plurality of different first programs each intended to be transmitted to a different lessee site and a corresponding plurality of excised program portions. A server program executes or otherwise utilizes a particular excised code portion associated with a particular first program executing at a lessee site. In a preferred embodiment, the code extraction processor concurrently generates the first and second programs as well as one or more server programs which cooperate with respective ones of the second programs. Preferably, the second program includes one or more portions of the original program selected to render it difficult to recreate the functionality of the original program from information stored at or otherwise available at the lessee site.
It is economically viable and in many cases preferable for a software vendor to lease rather than sell software to interested parties, as can be achieved with the present invention. This gives both the software vendor and the software customer more flexibility since the customer can elect to pay for the software on a per-use basis thereby avoiding the need to purchase a new copy of the software in the event the software is updated. Moreover, the software user can retrieve the latest version of the software from the software vendor over a network. For the vendor, leasing the software provides an opportunity to market the software to software users who would not otherwise purchase a particular software program. Moreover, the software vendor can advertise the software program relatively easily by allowing users to lease the software without fee or at a reduced fee for limited time periods, charging fees only after the customer has become accustomed to the software. Furthermore, the vendor can maintain control over those parties able to use the software. Given the growing concern over limiting access to software that may be rated as adult material, the system of the present invention allows the vendor to control distribution and thus prevent possible liability without requiring a software user to purchase or include specialized hardware in the user's processing system.
In accordance with a further aspect of the present invention, a method for securing a computer program to be distributed over a network includes the steps of providing an original program, identifying selected inputs to the original program and extracting program code portions from the original program in response to the selected inputs to provide a first program to be transmitted and executed at a lessee site. The method further includes the steps of including the excised code portions in a second program, storing the second program in a storage device located at a vendor site and providing a server program which executes on a processor at the vendor site, wherein the server program utilizes the second program and the vendor site includes a communication mechanism between the first and second programs. With this particular technique, a method of generating a secure computer program is provided. In a preferred embodiment, the program code portions extracted from the original program to provide the second program correspond to one or more portions of the program code which represent a relatively small percentage of the total functionality of the original program but which are necessary for complete execution of the first program. The first program may be transmitted to a lessee site and executed on a lessee's computer. However, the first program executed at the lessee site does not include all of the functionality of the original program and thus, requires one or more inputs transmitted thereto over the network from the vendor site. Such inputs are provided by the cooperative execution of the vendor server program and the second program.
REFER
Daly, Crowley & Mofford LLP
Iqbal Nadeem
Massachusetts Institute of Technology
LandOfFree
Secure software system and related techniques does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure software system and related techniques, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure software system and related techniques will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2573038