Electrical computers and digital processing systems: support – Data processing protection using cryptography – Tamper resistant
Reexamination Certificate
1999-04-28
2004-03-09
Darrow, Justin T. (Department: 2132)
Electrical computers and digital processing systems: support
Data processing protection using cryptography
Tamper resistant
C713S189000, C713S190000, C713S193000
Reexamination Certificate
active
06704872
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Technical Field
The present invention relates to a technology of preventing a software program provided to a computer system from being used or executed illegally and, in particular, to a processor which is provided with a function to prevent illegal execution of a program, an instruction executed by a processor to prevent illegal execution of a program and a method of preventing illegal execution of a program. More particularly, this invention relates to a processor which is provided with a function to prevent illegal execution of a program which can not be externally monitored or modified, an instruction executed by a processor and a method of preventing illegal execution of a program.
2. Prior Art
Along with recent technological revolution, computer systems have penetrated into enterprises and homes in addition to universities and institutes. A computer system includes a workstation and a personal computer (PC), etc., which are relatively less expensive and can be purchased by general users in addition to host/main frames and office computers. Especially, rapid popularization of a PC is remarkable.
Along such technological trend, various software programs running on computer systems have been developed and sold and the software industry are now as prosperous as or even more prosperous than the hardware industry. The software as referred to here includes an OS (operating system) for controlling the operation of an entire computer system and an application program for implementing functional operation suited an objective and an operation of users on a system. Programs of various functions and for various uses are available as an application program such as a word processing, spread sheet, database and communication programs, etc.
Users typically purchase a software which the users want to install on their own computer systems in the form of removable media such as a floppy disk and a CD-ROM and use the media by mounting them on a suitable drive unit. Also, it is recently possible to install a software program by a process of file transfer (download) of a desired software into the user's own local disk via an external network such as the internet.
However, purchasing media which store software programs is no more than obtaining a limited right to use the software programs and does not mean that the purchaser has obtained copyright of the software program or the right to reproduce it. Unlimited or unlicenced reproduction of a software program is an act which is strictly prohibited by the copyright law. (Incidentally, it would be reasonable to interpret that the use of a software downloaded via a network is also limited).
From the stand point of a software vendor who provides a software program, profit comes from distribution of program storing media with charge. If reproduction is rampant without limitation and permission, profit which should be rightfully enjoyed could not be assured. Illegal use of a software program discourages the volition of those who engage software industries to develop a software and may thus deactivate the activity of the software industries. In view of the above, a protection technology has been so far developed to prohibit a software program from being illegally used or reproduced without permission (or prevent beforehand).
An example of protection is to encrypt a software program for which it is desired to prevent illegal use. Specifically, by distributing program storing media in encrypted condition with charge or charge free and providing a key to decrypt the encryption only to a legitimate user, the use of the program which is stored in the media is suitably limited.
A problem involved here is by what media to provide a user with a key. For example, it may be possible for a software vendor to provide the user with a key by a mail such as an envelop but it would be very easy to use the key illegally in this case.
A further highly technological method includes the use of a so-called “security device”. In this case, the software vendor distributes program storing media with a security device attached thereto. The security device contains identification information and the like required for a predetermined authentication procedure and is used by being connected to a serial port or a parallel port of User's PC, for example. On the other hand, the program stored in the media includes some number of check points (i.e., “authentication routine”) in addition to a main routine for effecting an operation which is specific to the function and the use of the program per se.
An example of the authentication routine is such that a CPU (Central Processing Unit) executing a program gets an access to the security device to read out the identification information for verifying whether or not it matches identification information possessed by the program in each check point and permits the CPU to continue to run the program only when the identification information match each other.
In another example of an authentication routine, a CPU executing a program writes a code conforming to a certain rule into a security device. The security device prepares scrambled or encrypted identification information using the received code. The CPU reads out the scrambled or encrypted identification information and descrambles or decrypts it by a program to correlate it to the identification information possessed by the program. The CPU is permitted to continue to run the program only when the information is successfully correlated. While the CPU and the security device are connected via a bus external to the CPU chip, the authentication routine is prevented from being decoded by bus snooping by effecting scrambling or encryption.
These two examples using the security device are analogous each other in that authentication processing is effected by an instruction to the CPU executing a program.
By using the security device, the security level could be upgraded considerably. Also, the right to use a software program could be limited only to a single computer system in which the security device is mounted. However, this method could not be said to be perfect. For example, because a bus transaction can be easily monitored by using a logic analyzer (well known), it would be possible to analyze the authentication routine to reveal the identity of identification information and an encryption key.
For further improving the security level, a measure has been employed to successively change an input value to the security device. However, with a device like ICE (InCircuitEmulator)*, a software can be relatively easily reverse-assembled so that the program can be modified so as to unconditionally jump a routine accessing to the security device (i.e., authentication routine).
Accordingly, it is desirable to so design that a security operation is indispensable to the execution of a program in order to enhance the protection of a software program. In this sense, the above prior art examples in which a program per se stored in the media contains an authentication routine are adequate. Further, the authentication routine must be in a form which can not be externally accessed or modified. In the above prior art examples using the security device, although the authentication routine is implemented in the form of a system operation and is invisible in the appearance, it can be decoded technically (described in the above). In summary, a conventional protection method which is externally accessible can not be said to be perfect in protecting a program.
ICE is a device normally used for assisting to develop a program and a software and operates exactly similar to a CPU by inserting it in a CPU socket in place of a CPU. Contrary to a CPU, the ICE can access to a bus and read out a register value for each instruction. By using such instruction trace function of the ICE, the authentication routine can be located in the software program using the address of an external device as a trigger. Further, by applying an illegal patch to a program address, the program can be m
Darrow Justin T.
Ludwin, Esq. Richard M.
Scully Scott Murphy & Presser
Zand Kambiz
LandOfFree
Processor with a function to prevent illegal execution of a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Processor with a function to prevent illegal execution of a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Processor with a function to prevent illegal execution of a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3244575