GB2203271A - Personal computer with encrypted programs - Google Patents
Personal computer with encrypted programs Download PDFInfo
- Publication number
- GB2203271A GB2203271A GB8707850A GB8707850A GB2203271A GB 2203271 A GB2203271 A GB 2203271A GB 8707850 A GB8707850 A GB 8707850A GB 8707850 A GB8707850 A GB 8707850A GB 2203271 A GB2203271 A GB 2203271A
- Authority
- GB
- United Kingdom
- Prior art keywords
- microprocessor
- personal computer
- program
- programs
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
- 230000005055 memory storage Effects 0.000 claims 1
- 238000004891 communication Methods 0.000 description 5
- 238000004590 computer program Methods 0.000 description 5
- 238000000034 method Methods 0.000 description 5
- RRLHMJHRFMHVNM-BQVXCWBNSA-N [(2s,3r,6r)-6-[5-[5-hydroxy-3-(4-hydroxyphenyl)-4-oxochromen-7-yl]oxypentoxy]-2-methyl-3,6-dihydro-2h-pyran-3-yl] acetate Chemical compound C1=C[C@@H](OC(C)=O)[C@H](C)O[C@H]1OCCCCCOC1=CC(O)=C2C(=O)C(C=3C=CC(O)=CC=3)=COC2=C1 RRLHMJHRFMHVNM-BQVXCWBNSA-N 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
Abstract
A personal computer includes a microprocessor (27) operating under control of a read only store (31) and code stored in random access memory (32). The microprocessor receives programs in encrypted form and from a program imbedded encryption key identifier or identifiers determines which encryption key or keys to fetch the read only store and subsequently uses the fetched key or keys to decode (decrypt the received encoded/encrypted program to load decoded/ decrypted code into the random access memory for subsequent execution). One or more keys can be reserved for use with unencrypted programs. <IMAGE>
Description
PERSONAL COMPUTER WITH ENCRYPTED PROGRAMS
Description
This invention relates to a personal computer in which programs are loaded into the computer in encrypted format.
As is well known, most personal computers allow the user to load programs into the computer by means of a magnetic diskette. Some personal computers have no magnetic storage and in these the programs are loaded into the personal computer by means of a communication link.
The personal computer program industry is now a very substantial one with many program developers and vendors. A major problem for the industry is the unauthorised copying of the computer programs. Since the cost of manufacture of the program is very much smaller than the cost of development, there is a large financial incentive to program copiers to copy the programs of others rather than to spend the time and money in developing their own programs.
Generally speaking, exact copies of programs by so-called "software pirates" are fairly easy to detect and to prove copying. More difficult is the detection of copying where the copier has taken only part of a program and/or has tried to modify at least some of the program to make it look different. To make detection of copying easier, various techniques have been used such as the imbedding of "fingerprints" within the program.
The present invention is predicated on a different approach and is based in the recognition that if the computer program is encrypted by the program manufacturer using an encryption key known only to himself and the manufacturer of the personal computer on which the program is to be used, there will be a high degree of security since it would be nigh on impossible for any person to copy extracts from the program.
An object of the present invention is to provide a mechanism by which a personal computer can be loaded with programs in encrypted format. It is also advantageous if such a personal computer can also receive programs in unencrypted format.
According to the present invention, a personal computer comprises a microprocessor operable under control of a stored program and means for receiving programs for execution by said microprocessor, characterised in that said received programs are encrypted and include at least one encryption key identifier, and in that said computer further comprises key storage means containing encryption keys and logic means for identifying a received encryption key identifier within said received program and for decoding (decrypting) said received program in accordance with the encryption key obtained from said key storage means and which is identified by said identified key identifier and for storing said decrypted programs in program memory for execution by said microprocessor.
Preferably, one key identifier is provided within the personal computer which allows the processing means to load received program data into the memory without decryption.
The invention will now be particularly described, by way of example, with reference to the accompanying drawings, in which:
Figure 1 is a schematic illustrating a personal computer,
Figure 2 is a diagram showing how a manufacturer of computer programs would encrypt programs,
Figure 3 is a diagram showing how encrypted programs would be decoded within the personal computer,
Figure 4 shows a particular implementation of the present invention,
Figure 5 shows the format of a data set within a computer program for use with the implementation of Figure 4, and Figure 6 is a flow chart showing the decoding process with the implementation of Figures 4 and 5,
Figure 1 shows a typical arrangement of a personal computer which includes a system unit 1 containing, inter alia, a microprocessor 2 having a system bus 3 connected thereto.A read only store 4 containing control code and data is connected to the bus 3 as is random access memory 5 for containing programs and data to be processed by the processor 2. Display adapter 6, keyboard adapter 7, printer adapter 8, communications adapter 9 and file adapter 10 allow connection of a display device 11, keyboard 12, printer 13, communication link 14, and disk file 15 respectively to the system bus 3. Other input/output devices such as plotters and tablets (not shown) can also be connected to the PC system bus 3 by appropriate adapters.
Operation of such a personal computer is well understood as are the various components so no detailed description is believed necessary. However the operation of one implementation of printer adapter 8 will be described later. Briefly, programs and/or data are loaded into the system unit by means of a magnetic diskette on disc drive 15 or over the communications link 14 where the personal computer has no magnetic storage, and are then stored in program memory, possibly RAM 5 for execution by processor 2, or within the adapters.
Figure 2 illustrates how a program supplier or manufacturer can encrypt the program to increase security against plagiarism. To this end, each set of program data or code 16 has associated therewith a key identifier 17 and is encrypted by encryption device 18 using an encode or encryption key 19. The encryption key 19 is associated with the particular key identifier 17 as represented by line 20. Each program may have one or more encryption keys associated with it. If more than one key is used, different parts of the program will be encrypted with different keys. The encryption key 17 can be imbedded within the program code 16 with which it is associated either before encryption, as represented by line 21, or after encryption, as represented by line 22, resulting in encrypted encoded data and encode key identifier 23.
The encoded data and associated key identifier or identifiers 23 represents the program that is supplied to the user of the personal computer. Although it is still possible, of course, for the encoded program 23 to be copied from the diskette, it is extremely difficult for parts of the program to be copied without knowledge of the encryption keys and their identifiers as will be explained.
The personal computer would need within it some mechanism for receiving the encrypted programs and decoding them so that they can be used. Figure 3 shows the decoding process used in the personal computer. The encoded program data and associated key identifier(s) 23 (received via disk drive 15 or communication link 14, Figure 1) is decoded by decode logic 24 which determines which encryption key(s) 25 to use in accordance with the key identifier(s) received with the encoded data 23. The decryption/decode process results in a decoded program which is stored in the program memory 26 for execution. As mentioned above, memory 26 may be constituted by RAM 5, Figure 1, where the program is to be executed by the main microprocessor 2, or alternatively it may be constituted by random access memory contained within one of the adapters for execution by logic contained therein.
Figure 4 illustrates a particular implementation of such an adapter and represents a printer adapter 8 as used in the IBM Personal
Publishing System. This includes a microprocessor 27 having internal registers 28, whose purpose will be described later, and which may, for example, be constituted by a Motorola M68000 microprocessor. A system bus 29 allows the microprocessor 27 to communicate with the PC bus interface 30 and various devices such as read only storage 31, random access memory 32 and storage 31, random access memory 32 and a versatile interface adapter 33 which, as is well known, is used to set interrupts etc and controls the interface 30 with the PC bus 3, Figure 1. Also connected to the bus 29 is a socket connector 34 which allows attachment of the printer 13 by means of cable 35 and plug 36.
Programs to be executed by the microprocessor 27 are received from the PC bus interface 30 as represented by arrow 37 and are received in encrypted format. The structure of the received data sets 38 is shown in Figure 5. The first field 39 contains an indication of the length of the following data set, ie the number of bytes. The next field 40 contains an indication of the type of data set and will indicate whether it is of a type which requires decoding. The following control field 41 of data set 38 contains the key identifier of the key used to encrypt the following data and also the address in RAM 32, Figure 4, to which the decrypted/ decoded data is to be sent. The following variable-length field 42 contains the encoded data words which need to be decrypted.
The decode/decryption operation will be described with reference to Figure 6 which is a flow chart showing the operation of the microprocessor 27, Figure 3. It will be clear to those of ordinary skill that although the invention is being described in terms of the operation of a microprocessor on an adapter card, the invention could also be implemented using the main microprocessor 2. It will also be apparent that instead of a microprocessor, hardwired logic could also be employed to perform the decode process.
In Figure 6, in step 43 the microprocessor 43 reads the first field of the next data set on the PC interface and determines at step 44 if the length indicated thereby is a valid length. If it is not, the microprocessor will read the next field as indicated by loop 45.
If the length determination is valid, the microprocessor reads the next field (40, Figure 5), at step 46, saving the length from the length field (39, Figure 5). The microprocessor then determines at step 47 whether the data type is valid, that is requires decryption. If it does not, as represented by path 48, the microprocessor will read the next field on the PC interface.
If the determination at step 47 shows a valid data type, the microprocessor will read the next field (41, Figure 5) and save, within its internal registers 28, the key identifier and the memory address (in RAM 32) to which the decoded data will be sent as at step 49. The microprocessor will next (step 50) obtain the decode key (identified by the key identifier) from the read only store 31 (Figure 4) and will store the fetched key in one of its internal registers 28 (Figure 4).
In steps 51 and 52 respectively, the microprocessor will read the encoded data words in the next field (42, Figure 5) into another of its internal registers (28, Figure 4) and will decode and store each decoded word in random access memory 32, Figure 4.
When there are no more data sets to be decoded as determined at step 53 (using the saved length from step 46), the microprocessor will recognise a new data type and branch to a new address and execute the loaded decrypted program as indicated at step 54.
Actual field lengths for the different fields of the data set 42,
Figure 5, are not given herein since these are not required for an understanding of the invention and it might assist the unauthorised decryption of encoded data if specific information were included. It will be apparent that the number of keys is determined by the length of the key identifier. For example if 2 bytes are used, up to 256 key identifiers would be available. The size of the key itself is not, of course, dependent on the size of the key identifier and depends merely on the size of the space in the read only store 31 made available for storing such key encryption data. The keys are also arbitrary. As an example, using a key of four bytes in length, some 64K different combinations would be possible although only 256 would be used in the example given above.
The relationship between a particular key identifier and encryption key value will be known only to the personal computer manufacturer and the software manufacturer. Each program may contain more than one key so that separate parts of the program are encrypted differently to others.
After decoding, the RAM 32 will contain the decoded program. Although in theory it would be possible to dump this decoded program and hence obtain a copy of it, this would in practice be extremely difficult, if not impossible, for the average potential copier. The read only store .31, Figure 4, contains control code for the microprocessor 27 which requires the use of key identifiers and key encryption data to write a dump program into RAM over the program it wished to dump. The only person knowing the relationship between all the keys and all encryption key data would be the personal computer manufacturer.
To enable the microprocessor to receive and execute unencrypted programs, one or more key identifiers can be reserved by the PC manufacturer to identify such programs and decoding of such a reserved identifier by the microprocessor will cause the loading of unencoded/unencrypted programs into the random access memory 32 (this may be regarded as decryption without a key).
It will be appreciated that a program may contain both encrypted and non-encrypted data. For example it may be preferred to include a non-encrypted copyright notice at the beginning of each program.
Where the personal computer includes a number of adapters, each capable of receiving and executing programs, the key identifiers can be duplicated, provided their relationship with a particular adapter is recognised so that they can be used to access the correct encryption key for that adapter.
Claims (6)
1. A personal computer comprising a microprocessor (2) operable under control of a stored program (31, 32) and means for receiving programs for execution by said microprocessor, characterised in that said received programs are encrypted and include at least one encryption key identifier, and in that said computer further comprises key storage means (31) containing encryption keys and logic means (27, 28, 31) for identifying a received encryption key identifier within said received program and for decoding (decrypting) said received program in accordance with the encryption key obtained from said key storage means and which is identified by said identified key identifier and for storing said decrypted programs in program memory (32) for execution by said microprocessor.
2. A personal computer as claimed in claim 1, in which, the logic means includes means for determining when received programs are not encrypted and for storing received unencrypted programs in said memory storage without accessing said key storage means.
3. A personal computer as claimed in either preceding claim, in which said logic means is constituted by said microprocessor (27) operable under control of control code contained within a read only store (31).
4. A personal computer as claimed in claim 3, in which the read only store further includes control code for controlling the microprocessor including the key identifying and decrypting operations.
5. A personal computer as claimed in claim 3 or claim 4, in which said read only store (31) contains a table containing said encryption keys.
6. A personal computer as claimed in any preceding claim including a system bus (3) and in which the microprocessor (27) forms part of an adapter (8) by means of which an input/output device (13) can be connected to the system bus (3).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB8707850A GB2203271A (en) | 1987-04-02 | 1987-04-02 | Personal computer with encrypted programs |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| GB8707850A GB2203271A (en) | 1987-04-02 | 1987-04-02 | Personal computer with encrypted programs |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| GB8707850D0 GB8707850D0 (en) | 1987-05-07 |
| GB2203271A true GB2203271A (en) | 1988-10-12 |
Family
ID=10615088
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| GB8707850A Withdrawn GB2203271A (en) | 1987-04-02 | 1987-04-02 | Personal computer with encrypted programs |
Country Status (1)
| Country | Link |
|---|---|
| GB (1) | GB2203271A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0720098A1 (en) * | 1994-12-30 | 1996-07-03 | Thomson-Csf | Apparatus for securing information systems organised around microprocessors |
| WO2001054083A1 (en) * | 2000-01-18 | 2001-07-26 | Infineon Technologies Ag | Microprocessor system with encoding |
| GB2385951A (en) * | 2001-09-21 | 2003-09-03 | Sun Microsystems Inc | Data encryption and decryption |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0002390A1 (en) * | 1977-12-05 | 1979-06-13 | International Business Machines Corporation | Method for cryptographic file security in multiple domain data processing systems |
| GB2149944A (en) * | 1983-11-14 | 1985-06-19 | Softnet Inc | Software distribution |
| EP0155399A2 (en) * | 1984-01-18 | 1985-09-25 | Siemens Aktiengesellschaft | Protection circuit for the prevention of non-authorised execution of a programme |
| GB2163577A (en) * | 1984-08-23 | 1986-02-26 | Nat Res Dev | Software protection device |
| EP0173647A2 (en) * | 1984-08-10 | 1986-03-05 | GRETAG Aktiengesellschaft | Enciphering/deciphering method |
-
1987
- 1987-04-02 GB GB8707850A patent/GB2203271A/en not_active Withdrawn
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0002390A1 (en) * | 1977-12-05 | 1979-06-13 | International Business Machines Corporation | Method for cryptographic file security in multiple domain data processing systems |
| GB2149944A (en) * | 1983-11-14 | 1985-06-19 | Softnet Inc | Software distribution |
| EP0155399A2 (en) * | 1984-01-18 | 1985-09-25 | Siemens Aktiengesellschaft | Protection circuit for the prevention of non-authorised execution of a programme |
| EP0173647A2 (en) * | 1984-08-10 | 1986-03-05 | GRETAG Aktiengesellschaft | Enciphering/deciphering method |
| GB2163577A (en) * | 1984-08-23 | 1986-02-26 | Nat Res Dev | Software protection device |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP0720098A1 (en) * | 1994-12-30 | 1996-07-03 | Thomson-Csf | Apparatus for securing information systems organised around microprocessors |
| FR2728980A1 (en) * | 1994-12-30 | 1996-07-05 | Thomson Csf | DEVICE FOR SECURING INFORMATION SYSTEMS ORGANIZED AROUND MICROPROCESSORS |
| WO2001054083A1 (en) * | 2000-01-18 | 2001-07-26 | Infineon Technologies Ag | Microprocessor system with encoding |
| US7269742B2 (en) | 2000-01-18 | 2007-09-11 | Infineon Technologies Ag | Microprocessor configuration with encryption |
| GB2385951A (en) * | 2001-09-21 | 2003-09-03 | Sun Microsystems Inc | Data encryption and decryption |
| US7171566B2 (en) | 2001-09-21 | 2007-01-30 | Sun Microsystems, Inc. | Data encryption and decryption |
Also Published As
| Publication number | Publication date |
|---|---|
| GB8707850D0 (en) | 1987-05-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP0794487B1 (en) | Image information processing system and microprocessor for the protected reproduction of AV data | |
| US5860099A (en) | Stored program system with protected memory and secure signature extraction | |
| US6185686B1 (en) | Computer system and process for accessing an encrypted and self-decrypting digital information product while restricting access to decrypted digital information | |
| US6243813B1 (en) | Method of detaching a security device from a personal computer | |
| US4593353A (en) | Software protection method and apparatus | |
| US6895506B1 (en) | Secure storage and execution of processor control programs by encryption and a program loader/decryption mechanism | |
| US6378071B1 (en) | File access system for efficiently accessing a file having encrypted data within a storage device | |
| US5652793A (en) | Method and apparatus for authenticating the use of software | |
| JP3243331B2 (en) | Method for creating layered medium for software management, apparatus for creating layered medium for software management, and layered medium for software management | |
| WO1998011690A9 (en) | Self-decrypting digital information system and method | |
| MX2007011377A (en) | Secure boot. | |
| US6519702B1 (en) | Method and apparatus for limiting security attacks via data copied into computer memory | |
| US7805758B2 (en) | Information processing apparatus | |
| US5852736A (en) | Method and apparatus for protecting data using lock values in a computer system | |
| US7290137B2 (en) | Information processing apparatus, executable module generating method, and storage medium | |
| US20020023224A1 (en) | Computer software installation | |
| US7380269B2 (en) | Changing code execution path using kernel mode redirection | |
| GB2203271A (en) | Personal computer with encrypted programs | |
| JP3930576B2 (en) | Computer system with software misuse prevention function | |
| JP2002244757A (en) | Semiconductor circuit | |
| CN112131612B (en) | CF card data tamper-proof method, device, equipment and medium | |
| JPH07295802A (en) | Program card and computer using the card | |
| GB2243701A (en) | Controlling access to computer system features | |
| JPS6313209B2 (en) | ||
| JP2003233536A (en) | Data processing device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |