JPS59173847A - Method and device for protecting computer software - Google Patents

Abstract

PURPOSE:To protect software perfectly and surely by enciphering a password, calculating cipher code using random number, obtaining exclusive logical sum of this cipher code and the content of record, and registering in a file. CONSTITUTION:When load instruction is generated from the body 10 of a computer to a floppy disk 11, data decoded by a decoding memory 21 are loaded on the RAM of the computer 10 through a contact (a) of a selector 25. In the case of write instruction, data enciphered by an enciphering memory 22 are sent and written to the floppy disk 11 through a contact (a) of a selector 26. The enciphered code is set by a CPU23 for writing cipher code. When selectors 25, 26 are switched to a contact (b) by a data bus switching mechanism 24, the data are sent and received between the computer 10 and floppy disk 11 without enciphering and decoding.

Description

DETAILED DESCRIPTION OF THE INVENTION The present invention relates to a computer software protection method and apparatus.

In general, the functional characteristics of electronic computers can be summarized in that processing is performed using a program storage method. Such a Kameko computer performs processing in chronological order according to a pre-stored information processing method and order. therefore,
It is possible to immediately change the processing contents of a computer simply by replacing the programs to be stored in advance and changing the data. In this sense, a computer is a general-purpose processing device, and the programs, or software, added to it can bring out infinite possibilities. In other words, by mutually exchanging intangible information called software, it is possible to transfer or develop the processing content itself cheaply and quickly. Standardization and unification are progressing, and the development of simple storage media such as floppy diskettes that mediate the distribution of such software is progressing.

On the other hand, advances in hardware technology such as semiconductor printing technology have been remarkable, and Kameko computers have been rapidly increasing their capacity and becoming smaller and cheaper, and due to their wide range of flexibility, they are beginning to be used for a variety of purposes. Along with this, the development of rational and appropriate software for various uses has become essential in various fields, and the demand for the software itself is increasing rapidly.

Processing systems using electronic computers are different from general processing equipment, in which designers use wiring logic etc. to design for each purpose. Everything is left to software technology. The development and design of complex, large-scale software that controls network communication networks and data online systems requires a large amount of human investment. Even in the case of programs, there is a constraint that the software for continuous use must be on a /J'l scale, so investment is required for rational configuration.

By the way, large computers are generally managed and operated at calculation centers, etc., and there is little possibility of unauthorized removal of recording media such as data and programs, and the recording format itself often differs depending on the computer model. There are few accidents caused by the removal and misuse of the recording medium itself.

On the other hand, small-sized computers, especially personal computers, have been developed as general-purpose processing devices as mentioned above, and their appearances can be changed from word processors to business computers to system computers and system computers simply by replacing software.

For this reason, compact computers are essentially designed to have extremely high mutual flexibility in terms of software.Programs for each purpose are commercially available as standardized package programs, and programs created by users are unique. You can easily store it on a storage medium and use it for other purposes. It will be possible to transfer it to arithmetic. In this way, small computers are designed to promote the easy distribution of software using software storage media, etc., so it is necessary to completely protect the software by concealing its contents and prohibiting copying. It's difficult to do. In addition, since small computers are mass-produced and their internal structures are standardized and simple, it is difficult to keep the entire software execution process secret. Therefore, it is extremely difficult to suppress and prevent unauthorized copying and use of the software storage medium itself. In this way, computer software is beginning to be recognized as a non-physical valuable package that has its own value apart from the computer itself, but its history is still young and its position and functions are not generally understood correctly. The reality is that they have not been fully protected. Therefore, in order to improve the social environment for software, promote the healthy distribution of software packages developed at great expense, and protect the rights of developers and owners, we There is a strong demand for some kind of measure to effectively and reliably protect the software.The present invention has been made in view of the above points, and is intended to protect the software of small computers from hardware and software. The purpose of this document is to enable arguments to be made effectively, appropriately, and with complete certainty from both sides.

Hereinafter, one embodiment of the present invention will be described in detail with reference to the drawings.

FIG. 1 shows a typical example of a small computer system to which the present invention is applied. It consists of a printer 13. The software is stored in a floppy diskette l1 and loaded into the computer main body 10, its processing status is monitored on the console 12, and a hard copy is printed out to the printer 13 as necessary. An encryptor 20 constituting this software protection device is interposed on the line between the computer main body 10 and the floppy disk 11. The encoder 20 encrypts the data received from the computer main body 10 and sends it to the floppy disk drive 7, and also decrypts and sends the data received from the floppy disk drive. It can now be set to . This encoder 20 operates as if it were a floppy disk when viewed from the computer main body 10, but as if it were a computer itself when viewed from the floppy disk l1. That is, by inserting the encoder 20, no load is placed on either the computer main body or the floppy disk drive in terms of hardware and software.

FIG. 2 shows the basic configuration of the present encoder 20. When a load command is issued from the computer main body 10 to the floppy disk 11, the data decoded by the decryption memory 21 is passed through the contact a of the first selector 25. Calculator body 1
0 RAM. On the other hand, in the write command, the data encrypted by the encryption memory 22 is transferred to the second
The data is transmitted and written to the floppy disk 11 through the contact a of the selector 26. At this time, the encryption code is arbitrarily set by the encryption code writing CPU 23.

The floppy disk 11 is operated via a floppy disk control IC (not shown), so the floppy disk 11 is connected to the computer main body 10.
This command code is not encrypted. That is, when this command code is input, the computer main body 10
An encryption prohibition command is sent from the encoder 20, and this is decoded in the encoder 20 to operate the data path switching mechanism 24.
, switches the contacts of the first and second selectors 25 and 26 from a to b, respectively. Therefore, only the command code is sent from the computer main body 10 to the floppy disk 11 without being encrypted. In addition to this, the cipher 20
is just a data relay, the data is the computer main body 10
The information is transmitted and received between the computer and the downloadable disk 11 without being encrypted or decrypted.

Note that encryption here refers to rewriting the data content constituting the software into a different content according to a certain convention, and can be decrypted using that convention as necessary.

In addition, the CPU 23 for writing the encryption code is the computer main body 10.
Or a Cj built into a floppy disk drive.
U can also be substituted.Next, Figures 3 to 6 show the basic procedure of software retention according to the present invention.
Figure 3 shows the format and function of recording a software protection program (hereinafter referred to as protection program) on a floppy disk, and Figure 4 is a flowchart showing the process from loading to execution of the program in this protection device. De-ru. Further, FIG. 5 is a flowchart showing the procedure of a program for creating a protected floppy disk, and FIG. 6 is a flowchart showing the procedure of software protection by the program.

To explain the procedure for software protection using these diagrams, first, a corresponding protection program is added to the target program to be protected (hereinafter referred to as a protected program) in a chain, and this protection program protects the program. Program destruction and OS (operating system) modification by accepting passwords and detecting incorrect operations
Load the protected program, decrypt the protected program, etc. The protected program is recorded on a floppy disk after the contents of a PCB (file control board) are encrypted and modified so that the program can only be loaded by a special OS.

The protection program is loaded into a general-purpose OS, and modification of the OS begins immediately after loading. OS after modification
captures passwords, detects password errors and destroys protected programs, loads protected programs, creates post-encryption code based on passwords, decrypts protected programs with decryption code, destroys protected programs, and destroys programs. It performs functions such as receiving Os commands such as dump and save, and executing programs.

In order to create the protection program as described above, it is necessary to prepare in advance a creation program to be recorded on a floppy disk as shown in FIG. This creation program accepts a password only once, creates an encryption code for the password, encrypts the security program, modifies the OS, etc. It has functions such as saving protected programs to a floppy disk using a modified OS. The modified OS has the ability to encrypt and save the PCB format. As a result, the dump function of 9 encryption codes etc. is lost.

The encryption code is created by a logical operation between the password and a random number generated by an internal random number generation routine, and the random number used at that time is taken into a PCB or the like. Therefore, when executing a program, it is necessary to perform the decryption process using the random numbers and passwords recorded on the 7 rosopy disk. This work is performed in the section of ``Creating a decryption code'' based on the password in Fig. 4.

Then, the software is basically protected according to the procedure shown in FIG. That is, first, the protected program is firstly encrypted using a software method, this firstly encrypted program is secondly encrypted using a hardware method using the above-mentioned encoder, and then this secondarily encrypted program is encrypted using a hardware method. Stored on floppy disk. Therefore, programs stored on floppy disks are managed using passwords, protection programs, and encryption devices, and if any one of them is missing, the software will not be able to be executed. In addition, when encryption is performed in two stages using software and hardware methods, the encryption code is created using a password and a random number, so the content is encrypted differently each time, making it extremely difficult to decipher the content. Therefore, software can be guaranteed to be completely protected.

Next, FIGS. 7 to 9 show the specific configuration of the encoder 20 constituting the software protection device described above.
The figure shows its front structure, FIG. 8 shows its rear structure, and FIG. 9 shows its circuit configuration.

The encoder 20 is a flat piece pulled out from the rear surface.
Connect cable 201 to the FDC control signal connector terminal of floppy disk 11, and connect the other cable 201 to the FDC control signal connector terminal of floppy disk 11.
02 is interposed between the computer main body 10 and the floppy disk 11 by connecting it to the output of the FDCI/O port of the computer main body 10 or to the FDC port of the I/O unit.

The encoder 20 is powered by an ACI supplied from the power connector 203.
The OOV is used as a power source, and DC: 5V is applied to the inside thereof via a power source SW 204 and a fuse 205.

The encryption prohibition SW 205 has a function of prohibiting encryption by an encoder when it is turned on.
This is the same situation as when the I/O unit and the floppy disc 11 are connected with a single cable, that is, the encoder 20 is connected. Switch to act solely as a data repeater.

Next, the display LED lamps 1 to 6 will be explained.

■、LEDI (green)''...Power-on display ■、LED2 (red)...Encryption and post-encryption prohibition display (lights up when the encryption prohibition SW 205 is turned on) ■, LED3 (red): Song encryption or decryption transfer display (
(Lights when the data bus is connected via encryption and decryption memory) ■, LED4 (red)...Indicates encryption transfer mode (WRITEDATA command is sent from the computer side after encryption command) (Lights up when the SENDDATA command is sent from the computer side after the encryption command) ■, LED 5 (red)...Decryption transfer mode display (lights up when the SENDDATA command is sent from the computer side after the encryption command) ■, LED 6 (red) )...Memory write display (lights up when the computer main unit side input code, decoding data, and data are written to the memory) Next, each SW type will be explained according to FIG. 10.

■, CODE-SW... Encryption SW (encryption prohibited when turned on) ■, W-SW... Encryption prohibited (N-COD
When the E-SW is on and the W-SW is on, the write data is encrypted) ■, R-SW...Reading and decoding prohibited (N-CO
(Read data is decoded when the DE-S and W are on and the R-SW is on.) These SWs are switched and set as shown in the graph shown below.

In a computer system to which the present invention is applied, the computer main body converts data using a floppy disk and a three-wire handshake. Then, the I/O on the side of the computer main body 10 to be used
IC301 and floppy disk 11 side I/O
Both IC302 and h are used with -r=-do "o", port A is input, port B is output, and port c
The mode is set separately for each part, and they are connected as shown in Fig. 11.

Figure 12 shows the basic 14 systems used in this computer system.
Showing the species commands. 0 of these commands
0-07 is used in DISKBASIC, OB~1o
It has not been used until now. As is clear from this figure, the codes 08 to OA, 11 and above do not affect the floppy disk unit in any way, so they can be used to control the encoder 2o. Among these command codes, the command related to data encryption is 01:Writeda.
te and 03:Senddate.

Therefore, by inserting an encoder in the middle of the above three-wire handshake, data can be encrypted without any changes to the system.
It becomes possible to perform postcode.

The wallotspee disk 11 is managed by the Z80 and can be controlled by 14 types of external command codes. That is, as shown in Figure 13,
First, an external command code is sent, followed by the required number of parameters if necessary. After that, data is sent and received.

The encoder 20 receives command 0 as shown in the graph below.
1: Pass the four parameters as they are to Writedate, and then encrypt them. It has a function that immediately encrypts the command 03: Senddate and allows all other command codes to pass through.

Command 08, which is unused in this FDD (floppy disk drive), is assigned as this command.

Further, the encoder 20 is provided with an encryption prohibition mechanism,
It is equipped with a function that can perform general data transfer, and an unused command 09 is assigned to this function.

Command 08 is also used as a memory content write command that refers to encrypted data.

In this cryptographic machine, as shown in Fig. 9, the computer main body 1
0 CPU I/O, the lower 4 bits of A port and B port are used by the first and second data selectors 206,
207 to the floppy disk (FD) 11 I/
It is connected to the B port and A boat of O, respectively, and all other signals are directly coupled. Now data selector 20
6,207 is switched to SE-L=1, the B line is selected and the lower 4 bits of data sent from the CPU accesses the address of the first memory 208.

The accessed data in the memory 208 is sent to the floppy disk FD and data conversion is performed there. Further, the data sent from the floppy disk FD side accesses the address of the second memory 209. The accessed data in the memory 209 is sent to the CPU side, where it is converted. Therefore, memo lJ'208', 2090
Two data contents are ADRESS=DATAICDAT
A2 (ADRESS)), the data contents are encrypted by arbitrarily combining the memory contents. Here, DA'TAN(ADflsS) indicates the data content of the address ADHESS in the memory N.

The 4-bit output of the CPU 1411 is sent to the bus driver 21.
0, and this is connected to the data input DI of the two memo IJs 208 and 209. By switching to llEL=1, the switch is connected. Therefore, the bus driver 210 is switched to SEL=1, and each memory 208,
By setting WE of 209 to WFJ=1, memory 20
9 data can be input to 8,209 from the CPU side. Further, the lower 4-bit data output on the CPtJ side is connected to a data selector 211 so that command contents can be distinguished.

The operation of commands output from the CPU of the computer main body 10 to the floppy disk (FD) 11 through this encoder will be explained below.

■, Encryption prohibition operation - When the encrypted data prohibition command 09 is output from the C-PU, when the encryption prohibition SW 205 is on, or after the RESET71 signal is input, three-man operation is required.
The output of AND gate 212 is inverted and becomes JKFF.
213, so Q=1 and the JKFF 214 for storing the encrypted signal is cleared. Therefore, each data selector 206, 207, 211 is switched to SEL=0, and encryption and decryption are prohibited.

Furthermore, when starting up this computer system, the RESET=1 signal is input to the encoder 20'K, so to activate the encoder 2'0, the encryption permission command 09 must be output from the CPU side of the computer main body 10. Must.

(2) Encryption Permission Operation The encryption permission command is a command for activating the encoder 20.

First, the CPU side performs a source handshake before outputting the permission command! )ATN. =1 is output. This resets the encoder 20. The output of ATN=1 causes the floppy disk F. D, Siacceptor/S
#)RFD=1 is sent back to the controller, and in response to this, the CPU side ! ) Put the command θB on data T and D
Let AV=1. Then the floppy disk FD{il
DAC=1 is sent and returned from 1, but since command 08 has no meaning on the floppy disk FD side, from then on, A'TN=1 is output from the CPU side 75, and the S signal and data movement will not be involved.

In the encoder 20, the ATN=1 signal is used.
5 becomes Q=1 and is cleared by the DAC=1 signal sent back from the floppy disk FD.

Ko' (7) Q=1 and DAv=1 and Ko? The output of the data selector 211 that detected the lower 4 pits of 7j08 is N.
The OR is taken and JKFF213 is set. This output Q=1 does not change until RFJSET=1, the encryption prohibition SW 205 is turned on, or the command/do 09 signal is output, and does not change due to ATN=1. Encrypted signal (SET
=1) is prohibited from being cleared.

■, Operation of command 01 (write command), then command 0
Regarding the operation when 1 is output, Figures 9 and 14
This will be explained according to the time chart shown in the figure.

ATN=1 from the CPU performs a source handshake (hereinafter referred to as
(referred to as SH), the floppy disk FD performs an acceptor handshake (referred to as SH).
(hereinafter referred to as AH) sends back pRFD=1. In response to this, the CPU sets ATN=0 and command data 01.
is placed on the data line and outputs DAV=1. In response to this, the floppy disk FD sets RFD=O, inputs command data 01, and sets DAC=. Set 1 and SH
Send it to the CCPU. The CPU sends DAV=1 and removes command 01 from the data line.

In response to this, the floppy disk FD is DA-(21'
= 0, and enters internal processing and prepares to import the next four parameters.

In the above handshake, the encoder 2o has ATN=1
By setting the output of FF213 on the lower right side to Q=0, DA
The data selector 21 uses the pulse generated by V=1.
The o1 command detected at 1 is input, and the output of JKFF2j6 on the right side of the middle row is stored as Q=0.

When the floppy disk FD completes preparations for importing parameters, it sets RFD=1 and requests a DAV signal to the CPU side.゛After that, the handshake is the same as when sending a command.''
A necessary number of parameters are immediately sent to the floppy disk FD side. Since one DAV signal is sent for each parameter, this DAV signal is counted to detect the end of the parameter.

The counter 2L7 in the encoder 20 is reset when ATN=1. Thereafter, the DAV=1 signal is counted, but since the counter 217 uses the leading edge trigger method, the DAV=1 signal set to send the command code o1 is skipped because it is in the middle of ATN=1. sends out four parameters, and a signal DA. to send out the first data. When V=1 is sent, the counter 217 has a count content of 5.JNAND gate 21
8 and is NORed with the output Q=O of the JKFF 216, which was previously set with the command code 01, to set the JKFF 214 that outputs the encrypted signal. As a result, DQ=SEL=1, and the state of this encryption is as follows.
Sent when a command is sent from C'PU, and reset by ATN=1.

■, Operation meter for command 03 (read command) The movement of the signal when the read command for command 03 is output from the main body of the machine is basically the same as the operation for the write and write commands for command 01 mentioned above. It is. The difference is command 03
The point is that the instruction is decoded immediately because there is no parameter to follow. Therefore, the state of command 03 is changed to JKFF216 in four different ways as when command 01 is used.
is stored and set Q=0, and the counter 217 stores D. AV=1
Count the output of count = 1 and N of Q = 0.
JKF to make the encrypted signal SEL=1 by OR
Set F21'4. This state is also cleared by the next command signal ATN=1.

■On the other hand, even if command codes other than commands 01 and 03 are output, the JKFF group that generates encrypted signals, JKFF214 and 216, do not operate, and the encrypted signal must be set to SEL = O. All signals only passes through the encoder.

■ Writing operation of encrypted data to memory This encoder 2
The content of data encryption using 0 is determined by the conversion data written in the encryption memory. Therefore, when using the present encoder 20, it is necessary to store in the memory conversion data that follows predetermined rules.

Inside the encoder 20 are the above-mentioned write data conversion memory 209 and read data conversion memory 209. It has a built-in harpoon 208. Memory 209 is floppy disk F
The memory 208 is used to decode data from CP
Used to encrypt data sent over the U.

These notes! Any combination of data stored in 7208.209 enables arbitrary encryption. In that case, the contents of the two memories 208 and 209 need to be arranged in a data arrangement based on a predetermined relationship.

Data for encryption and decryption is sent to the CP. I can send it to you. By command 08. The JKFF 213 that stores the write state of encrypted and decrypted converted data becomes Q=0. This signal causes the bus driver 210 to couple the data line from the cPU to the data input D1 of the encrypting and decoding memories 208 and 209. Also, these address lines are connected to the S. EL=O (if command o1 is sent after encryption is permitted with command o8, sEL=1 from the 5th word, and from the 2nd word in command 03), connected to the counter 217. Therefore, the sear address can be predetermined using the DAV signal. Also J.K. Since the output Q of FF21'3 is switched to Q=1, RFD=1, DAC=1
Memory 20 for encryption and decryption by NANDing with
8,209 WEs can be set to W=0 to store data from the CPU. That is, first, command 08
DAV. after being output. = 1 signal causes the address to become 1, so send data for address = 1 from the CPU side, write data to address 1 with 9, RFD or DAC = 1, set RFD, DAC = 0, or DAv =
If it is set to 1, the address becomes 2.

By repeating this, data can be written one after another into the memory. Note that in this encoder 20, as described above, the counter 21
Since 7 is used both for counting command parameters and for specifying an address when writing to memory, the fill-in address starts from 1. Therefore, the data content of the address needs to be sent 16th.

5 Also, since the written data content of each of the above-mentioned memories 208 and 209 is output as an inverted output when reading, it is necessary to invert and write the converted data necessary for encryption and decryption beforehand when writing. .

Next, FIGS. 15 and 16 show the step of prohibiting the activation and operation of the encoder 20, and this activation is performed when the program for inhibiting the operation shown in FIG.
Receive ESET signal or prohibit encryption SW205
continues until it turns on (when the encryption prohibition SW 205 is on, even if the startup program is executed, it cannot be started).

After completing the startup steps shown in Figure 15. After the program is executed, handshake transfer with the floppy disk in this computer system will result in encryption. Encryption is performed automatically, but the encrypted content must be stored in the encoder 20 before that.

The procedure is performed according to the flow chart shown in FIG.

FIGS. 18 and 19 are flowcharts showing the general procedure for data source and acceptor hand transfer.

The encoder 20 operates by combining these series of software. That is, first, the encrypted content is written according to the flow shown in FIG.
The written data may be transferred according to the flow shown in FIGS. Incidentally, since the activation of the encoder 20 is performed at the same time as the writing of the encrypted content, there is no need to activate the encoder unless the encryption prohibition command 09 is sent.

Next, software for protecting protected software according to the present invention will be explained.

This protected software is protected by being registered on a floppy disk using a registration function that is part of the software that protects it. This function encrypts the protected software (program) and assigns a password to this software.

Furthermore, the execution control module section necessary for executing the protected software and the encryption code necessary for decrypting the protected software are registered on the same floppy disk and provided to the user.

Since the execution control module section is started from the general-purpose C)S before executing the protected software, it is registered as a standard COM format file without being encrypted. The file name at the time of registration can be arbitrarily set by the supplier of the pancage software.

The password is stored on the floppy disk for verification when the protected software is requested to be executed, and the encryption code is stored on the floppy disk for use in decrypting the protected software. The procedure is as follows: (1) Entering a password First, the password is input using fixed 8-digit ASCII characters from the console as shown in FIG.

If the password is less than 8 digits, 67'' is output to the console and a password input request is made again.

The password is then encrypted.

Passwords are encrypted to prevent them from being deciphered, and each digit of the password is separated and registered at a random location. The steps of password encryption and storage logic will be explained using the record relationship diagrams shown in FIGS.

Passwords are managed in three records as shown in the figure.

■, Master record (first record) This record stores the relative address in the password map record (meaning the real password map start address) in the relative 50th byte, and the encryption code in the 70th byte. It is accommodated. Note that the true password map start address is determined by a random value.

@, Password Map Record (Second Record) This record indicates a relative address within the password entity record, and indicates the storage address of each digit of the password. This password map is a continuous 8-digit area from 0 to
Take 127 unique random numbers.

0, Password entity record (third record) Encrypted passwords are randomly stored in this record. For encryption, exclusive OR is performed between the storage address of each digit and the value of each digit.

Further, the registration of the encryption code is performed by the following procedure.

■, Registration of the encryption code ■, Calculation of the encryption code Exclusive OR is performed between the total OR of each digit of the encrypted password and a random number, and the result of the operation is used as the encryption code. , the encryption code serves as a key when encrypting and decrypting the protected software.

@, and store the obtained encryption code on the floppy disk in the same FireAR as the password.

FIG. 22 shows a procedure for registering a protected program (protected program), which will be explained below with reference to the figure.

First, the protected program is encrypted using an encryption code as a key, and then stored on a floppy disk with a security program (protecting the protected program) and a password registered.

(2) Conditions for the protected program before encryption The protected program targeted by the protected program must be in COM format and have a program capacity that fits within the TPA area. Furthermore, when the program ends (including interruption), a warm boot (WB00T) request must be made to this system.

■, Input device of file 1 specified when the protected program was started. input sequentially to the base number file.

(2) Encryption The contents of the input record are subjected to exclusive logic with the encryption code one digit at a time, and then exclusive OR is performed between the result and the original memory address of the digit to encrypt it.

(2) Register the file with the file name "JSDOOOOI" and register it with the same device password as the password.

Since the protected program is encrypted by the protection program and the encoder 20, it is not possible to make it operate normally even if the protected program is independently copied and executed. In other words, all of the protection programs, passwords, encryption codes, and encryption devices. Execution becomes possible only when all of the above are in place. Therefore, complete protection can be ensured.

Next, the functions of the protection program execution module will be explained according to the flowchart shown in FIG.

(2) The execution module checks the execution right using a password before starting the protected program.

The program cannot be executed unless the password matches the password of the protected program, or the program on the floppy disk will be erased if there is a mismatch three times. Note that passwords entered from the console are not echoed back.

■The execution module expands the encrypted program to be protected into memory. At the time of expansion, the protected program is restored or decrypted by performing an exclusive OR with the memory address and an exclusive OR with the encryption code.゛■, In this computer system that uses a general-purpose OS, the user program i from the system is at the beginning τ of the TPA area.
This is an ink face that transfers control to address 0.

Therefore, when the restoration of the entire area of the protected program is completed, control is transferred to address 100, and the execution of the protected program begins 7.

Figure 24 shows the start command for a protected program when encrypting a protected program and registering it on a floppy disk, where file 1 stores the file of the program to be protected, and file 2 stores the protected program. This is the file to be used.

Further, FIG. 25 shows a startup request command when requesting execution of an encrypted protected program.Next, examples of software protection functions according to the present invention are as follows.

(2) Tracing and dumping cannot be performed using debug commands on a general-purpose OS, and this can be completely suppressed.

(2) Since the PCB contents of the protected program are decrypted starting from one line of the protected program, copying by file duplication or transfer commands is not possible and is definitely prevented.

■ Mechanical dead copying is possible, but without a password or encryptor, the program cannot be decrypted. cannot be performed and becomes unusable.

■Encryption is performed in two stages using software and hardware methods.The encryption code is created using a password and random numbers, so the content is encrypted differently each time, making it extremely difficult to decipher the content. .

■The program execution speed depends on the OS protection program.
Although the decryption processing time of the primary encrypted program by software means is increased by modification of the program, it does not affect the execution speed of the target program at all.

(2) Since the actual program is executed after the protection program is executed, the user's area in the memory is not reduced.

Therefore, according to the present invention, software can be protected effectively, appropriately, extremely firmly, and reliably without adversely affecting processing speed, access time, and the like. Moreover, this guarantee can be achieved with a simple configuration. Therefore, according to the present invention, it is possible to prevent and prevent software theft and unauthorized copying, and it greatly contributes to the establishment of appropriate distribution channels for software and the establishment of a protective system. However, it greatly contributes to its sound operation and development.

[Brief explanation of drawings]

Figure 1 shows a small computer system to which the present invention is applied. A block diagram showing an example, FIG. 2 is a block diagram showing the basic configuration of the encoder according to the present invention, and FIGS. 3 to 6 show the basic procedure of software protection according to the present invention, Fig. 3 is a flowchart showing the format and function of recording a software protection program etc. on a floppy disk, Fig. 4 is a flowchart showing the process from loading to execution of the program according to the present invention, and Fig. Figure 6 is a flowchart showing the steps of a program for creating a floppy disk. Ru. 7 to 9 show the encryptor constituting the software protection device according to the present invention. FIG. 7 shows its front structure, FIG. 8 shows its rear structure, and FIG. 9 shows its back structure. FIG. 2 is a circuit diagram showing the overall circuit configuration. Fig. 10 is a front view showing the arrangement and types of switches of the encoder, Fig. 11 is a connection diagram showing the connection structure between the computer main body and the floppy disk, and Fig. 12 is a plan view to which the present invention is applied. J4. Graphical diagrams displaying the types of commands used in the machine system,
Figure 13 is a flowchart showing an example of managing and controlling a floppy disk using command codes, Figure 14 is an encryption time chart when command 01 (write command) is output, and Figure 15 is an encoder Figure 16 is a flowchart showing the steps to disable the encoder, Figure 17 is a flowchart showing the steps to write the encrypted content into the encoder, and Figure 18 is the flowchart showing the steps to write the encrypted content into the encoder. Flowchart showing the steps of source handshake transfer, FIG. 19 is a flowchart showing the steps of acceptor handshake transfer, FIG. 20 is a diagram explaining the password input format, and FIGS. 21 (sa) to (b). The code for the password is
FIG. 22 is a flowchart showing the procedure for registering a protected program; FIG. 23 is a flowchart explaining the function of the protected program execution module; FIG. 24 is a flowchart showing the program registration request. FIG. 25 is a diagram showing a startup request command when requesting program execution. 10... Computer body, 20... Encryptor, 22, ZOS... Memo 1 for reading data conversion
ノ, 21, 209... Memo for writing data conversion 1, 11... Floppy disk (recording medium), I/OA, FDA... Input port, I/
OB, FDB... Output boat, 24...
...Data bus switching mechanism 212...Three-person NAND gate data node 2?3. ,---JKF
F switching means・214...JK, FF -278 -279- 280- -281 -282- Procedural amendment 73rd year, month and month of Showanuma, Mr. Kazuo Wakasugi, Commissioner of the Japan Patent Office"゜000 completed, ♂-2 2/ρ Patent application filed on March 23, 1982 2. Name of invention Method for protecting computer software 3
Person making the amendment L' Biso0 Related to the device case Patent applicant 711 Gana 3-26-20 Shibuya, Shibuya-ku, Tokyo Address ffi4 (Waga, Kabushisha 91'' or 8 Kyusho 6 and others) Representative Ryohei Saitanemura 4. Agent ▼160 Care Saeki Patent Office, 4th floor, Ueda Building, 18 Sanei-cho, Shinjuku-ku, Tokyo Name: Telephone: 03-351-9136 Number: Tamakusakure (8106)
) Patent attorney Tadashi Saeki 5. Date of amendment order (voluntary) A 11 [shares] 6. Subject of κ amendment (1), Application (2) Specification (3) Drawings (4) Power of attorney ゜・＼, 1.7J Contents of amendment (1) 1l Homare's engraving (no change in content) (2) (3) Engraving of the drawings (no changes to the content) (4) Supplementing the power of attorney as shown in the attached document 8. Person making amendments other than the above Address of the patent applicant related to the case゛2-8-1o, Toranomon, Minato-ku, Tokyo Name (Name) Procedural Amendment Revisited on C/ZB, 1982 J Patent Office Commissioner Kazuo Wakasugi L. Indication of Case Patent Application No. 49290, 1983 2. Name of the Invention Method and Device for Protecting Combutan Footwear 3. Person making the amendment Relationship to the case Patent Applicant Address ¥: WW6M” 63-26-20 Name Oyo Sysdem Research Institute Co., Ltd. (and one other person) Representative゛Representative: V あんヱヱ4. Agent 160 Address: 4th floor, Ueda Building, 18 Sanei-cho, Shinjuku-ku, Tokyo Saeki Patent Office Telephone number: 03-351-9136 Nanakoku Tobaku Name (8106)
) Patent attorney Tadashi Saeki 5. 111 (Date (voluntary) 6. Subject of amendment (1) "Claims" column D of the specification (2) "Detailed explanation of the invention" column (3) of the specification "Brief explanation of the drawings" ■ column (4) Drawing 7. Contents of the amendment (1) The scope of the claims will be corrected in the attached document. (2) "-" in the second line of page 5 of the specification.・・Run...'' is corrected to ``...Luck...''. (4) Correct “...” on page 6, line 8 of the specification to “…”. (5) Specification Page 19, line 12, “...208
"..." is corrected to "...209...". (6) "...208..." on page 19, line 13 of the specification.
・" is corrected to "...209...". (7) Page 19, line 16 of the specification “...209.
・” is corrected to “…208…”. (8) Page 19, line 17 of the specification: “...209.
..." is corrected to "208...". (9) “...214...” on page 21, line 6 of the specification
・” is corrected by “...215...”κ. (10) "..., 211" on page 21, line 7 of the specification
..." is deleted. (11) "215..." on page 22, line 11 of the specification.
" is corrected to "...214...". (12) "...214..." in the first line of page 23 of the specification
``...'' is corrected to ``...215...''. (13) In the second line of page 24 of the specification, "...lower right...
・" is corrected to "...J-K...". (14) Page 24, line 2 of the specification: “...213.
"..." is corrected to "...214...". (15) Delete "...in the middle right..." on page 24, line 5 of the specification. (16) "...214..." on page 25, line 6 of the specification.
``...'' is corrected to ``...215...''. (17) Delete "... and..." on page 25, line 9 of the specification. (18) "...214..." on page 26, line 7 of the specification.
``...'' is corrected to ``...215...''. (19) No. of the specification? Page 6, line 18 “...209
..." is corrected to "...208...". (20) “...208” on page 26, line 19 of the specification
"..." is corrected to "...209...". (21) Change "... binding or...-" from line 9 to line 10 on page 28 of the specification to "..."
..., set DAN=0, and correct it to "...". (22) "22.208" on page 40, line 10 of the specification
..." is corrected to "r21,209...". (23) “21,209” on page 40, line 11 of the specification
..." is corrected to "r22,208...". (24) Figures 9 and 14 of the drawings are corrected as shown in the attached sheet. 8. Person making an amendment other than the above Related to the case Patent applicant Address 2-8-10 Toranomon, Minato-ku, Tokyo Name Kyodo System Development Co., Ltd. Representative Yoshiaki Tanaka 2 Claims (1) Computer body After encrypting the several-digit password inputted from the computer by performing exclusive OR with the storage address of each digit and the value of each digit, each digit is separated and stored in a random location on the recording medium. Then, an exclusive OR is performed on the total OR of each digit of the encrypted password and a random value to calculate an encryption code, which is stored separately in the same file as the password, and The protected program is input to the input device number of a predetermined file specified when starting the protected program registered on the recording medium, and then the input record contents are exclusive-ORed with the encryption code one digit at a time. Exclusively OR the result with the original memory address of that digit and encrypt it, register it in the same file as the password, and then compare the protected program with the corresponding password. When the results match, the program is expanded into memory, and at the time of expansion, an exclusive OR is performed with the memory address, and the protected program is also exclusive ORed with the encryption code. Toss computer software protection method characterized by restoring it. (2) A write data conversion memory that encrypts data sent from the computer body, a write data conversion memory that decrypts data sent from the recording medium, and an encryption prohibition instruction from the computer body. The data bus connected between the input/output ports of the computer body and the recording medium is disconnected from the memory and connected, and encryption and decryption are prohibited, and an encryption permission command from the computer body is and a data bus switching means for connecting the data path via the memory, and the encryption data stored in the storage medium through the data conversion memory in response to a read command from the computer main body. A protection device for computer software, characterized in that the data is decoded by the embedded data conversion memory and then transferred to the computer main body. 285

Claims (2)

[Claims] (1) Exclusively OR the several-digit password input from the computer with the storage address of each digit and the value of each digit.
After encrypting, each digit is separated and stored in a random location on a recording medium, and then the total OR of each digit of the encrypted password and a random number are used as exclusive logic. In addition to calculating the encryption code and storing it separately in the same file as the password, the input device number of the predetermined file specified at the time of starting the protection program registered in the recording medium is stored. A protected program is input to the input record, and then the input record contents are exclusive-ORed with the encryption code one digit at a time, and the result is exclusive-ORed with the original memory address of that digit. After encrypting, the same file K as the password is registered, and then the protected program is compared with the corresponding password, and when the results match, the program is expanded into ζ memory, and at the time of expansion, the memory address is Let's do a logical disjunction,
A method for protecting tossled computer software, further comprising restoring the protected program by performing an exclusive OR with the encryption code. (2) a read data conversion memory that encrypts data sent from the computer body; a write data conversion memory that decrypts data sent from the recording medium;
When an encryption prohibition command is issued from the computer main body, a data bus connected between the input/output port of the computer main body and the recording medium is disconnected from the memory and connected, and the data bus is encrypted.
data bus switching means for prohibiting decryption and connecting the data bus via the memory in response to an encryption permission command from the computer main body; It is specially ordered that the encrypted data stored in the recording medium through the read data conversion memory is decrypted by the write data conversion memory and loaded into the computer main body. Protective device for combatant footwear.