WO1996008754A1 - Method for protecting an apparatus against unauthorized use - Google Patents

Method for protecting an apparatus against unauthorized use Download PDF

Info

Publication number
WO1996008754A1
WO1996008754A1 PCT/BE1995/000083 BE9500083W WO9608754A1 WO 1996008754 A1 WO1996008754 A1 WO 1996008754A1 BE 9500083 W BE9500083 W BE 9500083W WO 9608754 A1 WO9608754 A1 WO 9608754A1
Authority
WO
WIPO (PCT)
Prior art keywords
code word
under control
word
monitoring station
code
Prior art date
Application number
PCT/BE1995/000083
Other languages
French (fr)
Inventor
Daniel De Roover
Original Assignee
Akta N.V.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Akta N.V. filed Critical Akta N.V.
Priority to EP95931100A priority Critical patent/EP0781426A1/en
Priority to AU34672/95A priority patent/AU3467295A/en
Publication of WO1996008754A1 publication Critical patent/WO1996008754A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/81Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer by operating on the power supply, e.g. enabling or disabling power-on, sleep or resume operations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/88Detecting or preventing theft or loss

Definitions

  • the invention relates .to a method for the protection against unauthorized use of an apparatus running on an electric current, whereby at least one external first code word presented to the apparatus, is processed in the apparatus, and on the basis of the thus obtained processing result, the apparatus being switched either to at least partial deactivation or being released.
  • a method is for example applied in car radios and in computer programs loaded in a computer.
  • the method intends to render theft less attractive by application to car radios, and to prevent illegal use by application to computer programs .
  • the user knows the first code word that he must present to the apparatus.
  • the apparatus verifies if the first code word presented corresponds with the one expected, and releases the apparatus when the correct first code word is received. If not, the apparatus is totally or partially deactivated rendering it at least partially unusable.
  • a drawback of the known method is that the first code word is generally easy to discover rendering the protection insufficient.
  • the user knows the first code word' and because it remains unchanged, or could be changed by the user himself, a collusion of the user is not to be excluded in case of theft or illegal use.
  • the object of the invention is to realise a method for the protection against unauthorised use of an apparatus running on electric current that offers a more adequate protection.
  • a method according to the invention is characterised in that the occurrence of at least one predetermined event occurring upon operation of said apparatus is monitored by said apparatus, and after having established that said event has occurred a second code word is generated by the apparatus that thereupon is presented to at least one monitoring station, wherein the first code word is thereafter determined on the basis of the second code word.
  • the user does not know the first code word or only at the time it has to be presented.
  • another first code word will then be presented, preferably different form the first code word.
  • the fact that the second code word is generated after the occurrence of at least one predetermined event which is monitored by the apparatus, gives an unexpected character to the protection method on which the user has no grasp. In that manner the security facet is stressed.
  • the fact that the monitoring station generates the first code word obliges the user to implicate an external source whereby an external monitoring is rendered possible. Collusion of the user is considerably complicated by the intervention of the external station.
  • the supply of a first code word by a monitoring station to an apparatus is for example known as such from
  • EP-A-0373278 In the latter application a main station provides a code word to a remote station upon receipt of another code word furnished by the remote station.
  • the main station according to EP-A-0373278 however does not generate the code word on the basis of the other code word, as that code word is already known by the operator at the main station.
  • the first code word is not stored beforehand in the apparatus and becomes only known when the monitoring station has supplied it after having determined the first code word on the basis of the second one.
  • a first preferred embodiment of a method according to the invention is characterised in that the apparatus is at least partially deactivated upon generation of the second code word.
  • the apparatus is consequently rendered partially unusable until the correct first code word is presented, and the authorised user will be incited to request his first code word as fast as possible.
  • the attention of the user will directly be attracted to the fact that something is going on with the apparatus, without enabling him to exercise any influence thereupon.
  • a second preferred embodiment of a method according to the invention is characterised in that said partial deactivation of the apparatus is executed with a predetermined delay. The authorised user will therefor experience no discomfort from the method according to the invention during this period.
  • a third preferred embodiment of a method according to the invention is characterised in that a command word is incorporated in the first code word and that, after reception of the first code word by the apparatus, the or the events are substituted by one or more further events under control of the command word.
  • a command word is incorporated in the first code word and that, after reception of the first code word by the apparatus, the or the events are substituted by one or more further events under control of the command word.
  • a fourth preferred embodiment of a method according to the invention is characterised in that in the second code word a subsequent command word is incorporated on the basis of which the first code word is determined. Consequently differentiation between apparatuses of a same type is possible. It is favourable that under control of said one or more subsequent events a further second code word be generated on the basis of which a further first code word is generated, whereby said further first and second code words are substantially different form the first and second code word. Because code words and further code words are different from each other, the knowledge of the first code word does not offer any solution when a further second code word is generated.
  • the invention also relates to a set composed of an apparatus running on electric current and a monitoring station, which apparatus comprises a decoding unit provided to decode a first code word presented at the input of the apparatus, and on the basis of the decoded result either to at least partially deactivate the apparatus either to release it.
  • Such a set is characterised in that the apparatus comprises a first code word generator comprising a memory element provided for storing a parameter identifying at least one predetermined event to occur upon operation of said apparatus, said first code word generator being provided to monitor the occurrence of said event and to issue a second code word to said monitoring station upon establishing that said event (s) occurred, which monitoring station comprises a second decoding unit provided to decode said second code word as well as a second code word generator connected to the second decoding unit and provided to generate said first code word under control of the receipt of the second code word.
  • Figure 1 schematically represents a combination of an apparatus running on electric current and a monitoring station according to the invention.
  • Figure 2 represents a data processing device as a component of an apparatus according to the invention.
  • Figure 3 and 4 represent a flow chart of the method according to the invention, at least for what concerns the apparatus .
  • the set according to the invention and shown in figure 1 comprises an apparatus 1 running on electric current as well as at least one monitoring station 2.
  • the apparatus is for example formed of a car radio, a photo camera or video camera, a video recorder, a radio or television apparatus, a radio or television decoder, a motor management unit of a vehicle, a refrigerator, a computer, etc..., in sum, any apparatus that is fed by means of electric current. This current is subtracted from the mains and supplied to the apparatus via an input
  • the apparatus should be provided with a data processing unit such as a microprocessor or a PLA for example.
  • the apparatus has a communication module 3, preferably provided with a display unit and a data supply member.
  • the communication module 3 can additionally be provided with an antenna or a telephone connection for example.
  • the monitoring station 2 is also provided with a communication module 4 intended to cooperate with the communication module 3 when these are directly in connection with each other.
  • the monitoring station is further provided with a data processing unit in order to process information originating from the apparatus and to generate further information therefrom.
  • the apparatus is preferably provided with a data processing device 10 as shown in figure 2.
  • the data processing device comprises a microprocessor 6 connected to a communication bus 5 whereto a memory element such as for example a ROM 7 and RAM 8 are further connected as well as an input/output interface 9.
  • a memory element such as for example a ROM 7 and RAM 8 are further connected as well as an input/output interface 9.
  • the memory element could for example be included in the microprocessor or formed by a flip-flop or a counter. It is clear that the components of this data processing device are not only intended for the application of the method according to the invention, but can also execute other functions of the apparatus.
  • the method is started up (11, SRT) when electric current is presented to the apparatus. This can happen for example when the plug is introduced in the plugsocket for the first time, such as for example in video recorders , refrigerators and other apparatuses that run under uninterrupted current.
  • SRT start up
  • the starting point with apparatuses that do not run under uninterrupted current occurs when the apparatus is switched on.
  • a circuit break be registered when it occurs, for example because the plug has been unplugged from the plugsocket .
  • the apparatus is set under current again, the procedure is started over again.
  • Subsequent events that can lead to the generating of the second code word are for example a predetermined number of times that the apparatus is switched on and off, that reset operations have taken place, or that the current supply has been interrupted.
  • a number of times that well determined manipulations inherent to the apparatus have taken place such as for example in a car radio the number of times that a well determined channel is chosen, or the number of times a particular memory address is read in a computer, are all events that can lead to the generating of the second code word.
  • the generating of the second code word can also occur on request of the user, who can verify in this manner that the delivered apparatus is not registered as stolen. The user will push on the appropriate key, or execute a predetermined manipulation.
  • the apparatus monitors the occurrence of the predetermined event.
  • a parameter identifying that predetermined event is stored in the memory element .
  • That parameter is for example a preset number (N) stored in the memory element of a counter which is part of the microprocessor 6.
  • An individual counter or a "modulo N" counter could also be used for that purpose.
  • Other examples of such a parameter are for example a memory address or a data word to be addressed or read during operation of the apparatus .
  • the memory element could also be formed by a flip-flop, whereas the predetermined event could be the triggering of the flip-flop.
  • the monitoring by the apparatus of the occurrence of the predetermined event is for example realised by comparison with the parameter stored in the memory element .
  • the generating of the second code word can eventually be linked to the use of a particular software or be limited to the use of well determined functions of the apparatus. Subsequently the generating of the second code word can be time-linked, so that for example five years after the installation of the apparatus, the second code word will no longer be generated and the method will be neutralised.
  • NT? When no second code word is to be generated (12, N) because the conditions are not fulfilled, it is verified if the apparatus is not already in an at least partially deactivated condition, for example as consequence of a previous generated second code word. If not, then the program stays in a monitoring loop until said one or more events have occurred. 14. NT : If the apparatus is in an at least partially deactivated condition, then this condition is hereby reenforced eventually by means of the emission of a message to the user. 15. GN2CW : When it is confirmed by step 12 that one or more events have occurred that lead to the generating of the second code word, then that second code word is now generated. At the same time, a flag is set which shows that the second code word has been generated in order to simplify the verification within step 13.
  • the second code word can take various forms depending on the apparatus.
  • the second code word can for example be a one or more bits binary word, or it can comprise a command word that imposes a series of commands to the user that are presented on a display unit. Such commands are for example the contact establishment with one or more monitoring stations.
  • the second code word will preferably be automatically proposed to the monitoring station.
  • the second code word can comprise if required a further command word, that will then be used to determine the first code word. In that manner an individual character can be given to the first and second code word of every apparatus.
  • the second code word preferably comprises an identification of the or the element (s) that have lead to the generating of the second code word. This must then enable the monitoring station to take this identification into consideration for the determination of the first code word.
  • STC When the second code word is generated the apparatus enters a stand-by cycle whereby it awaits the reception of the first code word. During this stand-by cycle, the apparatus is at least partially deactivated either immediately or with a certain delay after expiration of a predetermined period. This deactivation can vary from one apparatus to another. In a car radio for example the receiver or the end stage amplifier can be disconnected, in a computer one or more computer programs can be locked.
  • the second code word When the second code word only deactivates the apparatus after expiration of a predetermined period, the second code word will preferably initiate counting means that count down the predetermined period. When the latter is reached without the counter being stopped beforehand, then the total or partial deactivation will become operative, depending on whether or not the apparatus was simultaneously switched to partial deactivation when generating the second code word.
  • the second word generated it has to be presented to one or more monitoring stations in order to determine the first code word there, on the basis of the second code word.
  • the emission of the second word itself varies on whether the user contacts the monitoring station and transmits the second code word, or whether the apparatus, when it is provided thereto, sends itself the second code word.
  • the monitoring station uses, for the determination of the first code word, for example the serial number of the apparatus, and identifies the source from which the second code word is originated. When the station discovers no abnormalities such as for example a strange source of origin, or does not collect from the second code word any information which demonstrates an unauthorised use, it will generate a first code word that will release the apparatus.
  • the release can as well be a release for an undetermined period as a release for a determined period, depending on what the monitoring station has decided.
  • the station uses on one hand the information present in the second code word, and on the other hand its own data. In that manner the station keeps data over theft reporting up to date in order to verify if an apparatus with a certain serial number was stolen for example. Additionally, the station keeps data up to date over when and for which apparatus a first code word has been generated. Therefrom, the station can then conclude whether, for example, there is illegal copying. Indeed, when a first code word has already been generated for a same software serial number beforehand, and that no appeal is thus expected in the short term, this clearly concludes to unauthorised use.
  • the station thus preferably keeps personalised data up to date for every apparatus, that enables it to memorise and to analyse the profile of the user for the generation of the first code word. If the station now determines abnormalities that are indicative of an unauthorised use of the apparatus, such as for example disconnection of the loud speakers in a car radio, a repetitive appeal for a same software program in the short term, etc..., the station will generate a first code word that will lead either to a total deactivation or to a temporary release. Both solutions are obtained by analysis of the second code word in which the information that reflect abnormalities is stored, as well as the information available in the station such as already described. For this purpose, such abnormalities are monitored by the apparatus, and stored in the memory in order to dispose of them when generating the second code word.
  • the extent to which such monitoring takes place and the choice of the events to be monitored and stored depends on the extent to which the apparatus is to be monitored, and the value of the apparatus.
  • a refrigerator will consequently comprise a far lower protection level then for example a big computer system.
  • To implement such monitorings use is made of for example flip-flop or clocks and the likes.
  • the first code word is determined by one or more monitoring stations it is sent to the apparatus in a manner analogous to the one used for the emission of the second code word.
  • the first code word comprises either a binary word or a series of manipulations such as for example "switch radio on a certain frequency”, “switch out AFC”, etc..., that the user must execute.
  • RC1CW The first code word such as issued by the monitoring station, is presented to the apparatus.
  • AN1CW The first code word is now analysed by the apparatus in order to verify if it is indeed a usable first code word. This analysis can occur in various manners, depending on the data processing capacity of the apparatus. In that manner an error detection algorithm can be applied on the first code word, or the first code word can be formed from a predetermined mangling of the serial number.
  • the apparatus verifies that the appropriate manipulation occurs in the appropriate order, so as imposed by the first code word.
  • the apparatus then emits a positive or negative result, whereby the negative result can eventually be nuanced and can impose a further test on a later point in time.
  • the apparatus executes the verification on the first code word by means of for example the necessary program steps stored in the memory element. In the case that only a flip-flop is used, the first code word would reset the flip-flop.
  • ACT? The apparatus takes the result of the analysis into consideration.
  • ACT If the result of the analysis is positive, which signifies that the apparatus is in the hands of an authorised user, the apparatus is released.
  • NN? The existence of a nuanced negative result is examined.
  • TACT If a nuanced negative result is determined, the apparatus is temporarily released in expectation of a subsequent control .
  • SDCW A nuanced analysis outcome is often the result of the presence of a command word in the first code word. That command word indicates that the monitoring station has objections about the second code word and considers a subsequent verification necessary.
  • the apparatus will then store this command word in order to generate a further second code word herewith, that preferably is different from the previously generated second code word, and this to prevent that a same first code word be generated. That subsequent second code word will then be determined in a later period in time, determined by the apparatus in function of the command word and an analogous procedure will then be initiated with that subsequent second code word.
  • the station will then determine a further first code word in order to execute the verification.
  • the further first code word is preferably different from the first code word.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

A method for the protection against unauthorized use of an apparatus running on an electric current, whereby at least one external first code word presented to the apparatus is processed in the apparatus, and on the basis of the thus obtained processing result, the apparatus being switched either to at least partial deactivation or released, and where the occurrence of at least one predetermined event is verified by the apparatus after that the apparatus is fed by electric current for the first time, and after determining that said event has occurred, a second code word is generated by the apparatus that thereupon is presented to at least one monitoring station, wherein the first code word is thereafter determined on the basis of the second code word.

Description

Method for protecting an apparatus against unauthorized use"
The invention relates .to a method for the protection against unauthorized use of an apparatus running on an electric current, whereby at least one external first code word presented to the apparatus, is processed in the apparatus, and on the basis of the thus obtained processing result, the apparatus being switched either to at least partial deactivation or being released. Such a method is for example applied in car radios and in computer programs loaded in a computer. The method intends to render theft less attractive by application to car radios, and to prevent illegal use by application to computer programs . The user knows the first code word that he must present to the apparatus. The apparatus verifies if the first code word presented corresponds with the one expected, and releases the apparatus when the correct first code word is received. If not, the apparatus is totally or partially deactivated rendering it at least partially unusable.
A drawback of the known method is that the first code word is generally easy to discover rendering the protection insufficient. In addition, because the user knows the first code word' and because it remains unchanged, or could be changed by the user himself, a collusion of the user is not to be excluded in case of theft or illegal use.
The object of the invention is to realise a method for the protection against unauthorised use of an apparatus running on electric current that offers a more adequate protection.
A method according to the invention is characterised in that the occurrence of at least one predetermined event occurring upon operation of said apparatus is monitored by said apparatus, and after having established that said event has occurred a second code word is generated by the apparatus that thereupon is presented to at least one monitoring station, wherein the first code word is thereafter determined on the basis of the second code word. By generating the first code word on the basis of the received second code word, the user does not know the first code word or only at the time it has to be presented. In a subsequent operation, another first code word will then be presented, preferably different form the first code word. The fact that the second code word is generated after the occurrence of at least one predetermined event which is monitored by the apparatus, gives an unexpected character to the protection method on which the user has no grasp. In that manner the security facet is stressed. The fact that the monitoring station generates the first code word obliges the user to implicate an external source whereby an external monitoring is rendered possible. Collusion of the user is considerably complicated by the intervention of the external station.
The supply of a first code word by a monitoring station to an apparatus is for example known as such from
EP-A-0373278. In the latter application a main station provides a code word to a remote station upon receipt of another code word furnished by the remote station. The main station according to EP-A-0373278 however does not generate the code word on the basis of the other code word, as that code word is already known by the operator at the main station. According to the present invention the first code word is not stored beforehand in the apparatus and becomes only known when the monitoring station has supplied it after having determined the first code word on the basis of the second one.
A first preferred embodiment of a method according to the invention is characterised in that the apparatus is at least partially deactivated upon generation of the second code word. The apparatus is consequently rendered partially unusable until the correct first code word is presented, and the authorised user will be incited to request his first code word as fast as possible. In the case of an unauthorised use of the apparatus, the attention of the user will directly be attracted to the fact that something is going on with the apparatus, without enabling him to exercise any influence thereupon.
A second preferred embodiment of a method according to the invention is characterised in that said partial deactivation of the apparatus is executed with a predetermined delay. The authorised user will therefor experience no discomfort from the method according to the invention during this period.
It is advantageous that under control of the second code word counting means be initiated that are stopped by said release under control of the first code word, which counting means when reaching a predetermined meter stand generate a stop signal under control of which the apparatus is at least partially deactivated. Consequently, the apparatus is at least partially deactivated when the first code word is not presented within a certain lapse of time.
A third preferred embodiment of a method according to the invention is characterised in that a command word is incorporated in the first code word and that, after reception of the first code word by the apparatus, the or the events are substituted by one or more further events under control of the command word. When on behalf of the monitoring station it is established that further monitoring is necessary, then it is advantageous to not make the subsequent monitoring completely analogous to the previous one. The substitution by one or more subsequent elements precisely offers the possibility to make the subsequent monitoring different from the previous one and to consequently avoid that the user, with knowledge of the previous monitoring operation be able to use it favourably in a further operation.
A fourth preferred embodiment of a method according to the invention is characterised in that in the second code word a subsequent command word is incorporated on the basis of which the first code word is determined. Consequently differentiation between apparatuses of a same type is possible. It is favourable that under control of said one or more subsequent events a further second code word be generated on the basis of which a further first code word is generated, whereby said further first and second code words are substantially different form the first and second code word. Because code words and further code words are different from each other, the knowledge of the first code word does not offer any solution when a further second code word is generated.
The invention also relates to a set composed of an apparatus running on electric current and a monitoring station, which apparatus comprises a decoding unit provided to decode a first code word presented at the input of the apparatus, and on the basis of the decoded result either to at least partially deactivate the apparatus either to release it. Such a set is characterised in that the apparatus comprises a first code word generator comprising a memory element provided for storing a parameter identifying at least one predetermined event to occur upon operation of said apparatus, said first code word generator being provided to monitor the occurrence of said event and to issue a second code word to said monitoring station upon establishing that said event (s) occurred, which monitoring station comprises a second decoding unit provided to decode said second code word as well as a second code word generator connected to the second decoding unit and provided to generate said first code word under control of the receipt of the second code word.
The invention will now be illustrated more in detail by means of the drawing wherein an embodiment is illustrated. In the drawings:
Figure 1 schematically represents a combination of an apparatus running on electric current and a monitoring station according to the invention.
Figure 2 represents a data processing device as a component of an apparatus according to the invention.
Figure 3 and 4 represent a flow chart of the method according to the invention, at least for what concerns the apparatus .
In the drawing a same reference number is attributed to a same or analogous element.
The set according to the invention and shown in figure 1 comprises an apparatus 1 running on electric current as well as at least one monitoring station 2. The apparatus is for example formed of a car radio, a photo camera or video camera, a video recorder, a radio or television apparatus, a radio or television decoder, a motor management unit of a vehicle, a refrigerator, a computer, etc..., in sum, any apparatus that is fed by means of electric current. This current is subtracted from the mains and supplied to the apparatus via an input
5. But it is also applicable to an apparatus functioning on batteries. In addition, the apparatus should be provided with a data processing unit such as a microprocessor or a PLA for example. In addition, the apparatus has a communication module 3, preferably provided with a display unit and a data supply member.
The communication module 3 can additionally be provided with an antenna or a telephone connection for example.
The monitoring station 2 is also provided with a communication module 4 intended to cooperate with the communication module 3 when these are directly in connection with each other. The monitoring station is further provided with a data processing unit in order to process information originating from the apparatus and to generate further information therefrom.
The apparatus is preferably provided with a data processing device 10 as shown in figure 2. The data processing device comprises a microprocessor 6 connected to a communication bus 5 whereto a memory element such as for example a ROM 7 and RAM 8 are further connected as well as an input/output interface 9. In a more elementary embodiment of the invention the memory element could for example be included in the microprocessor or formed by a flip-flop or a counter. It is clear that the components of this data processing device are not only intended for the application of the method according to the invention, but can also execute other functions of the apparatus.
For the application of the method according to the invention, use is preferably made of the already present data processing device.
The method according to the invention will now be illustrated by means of the flow chart represented in figure 3. The method is started up (11, SRT) when electric current is presented to the apparatus. This can happen for example when the plug is introduced in the plugsocket for the first time, such as for example in video recorders , refrigerators and other apparatuses that run under uninterrupted current. The starting point with apparatuses that do not run under uninterrupted current occurs when the apparatus is switched on. In apparatuses that run under uninterrupted current, it is favourable that a circuit break be registered when it occurs, for example because the plug has been unplugged from the plugsocket . When the apparatus is set under current again, the procedure is started over again.
The further steps of the method according to the invention will now be detailed step by step. These steps are dealt with under control of the data processing device. 12.CNDM? It is verified if the conditions for generating the second code word are satisfied. These conditions can be of any nature and vary from one apparatus to anothe . In order to stress the unpredictable character of the occurrence of the second code word, it is favourable that, even in a same class of apparatuses, the second code word be generated every time in another manner and at another period. Generally the second code word will be generated when at least one predetermined event has occurred. In that manner the second code word is generated every time in another manner and at another period, after that a predetermined time has lapsed, counting from the starting up of the apparatus. Subsequent events that can lead to the generating of the second code word are for example a predetermined number of times that the apparatus is switched on and off, that reset operations have taken place, or that the current supply has been interrupted. A number of times that well determined manipulations inherent to the apparatus have taken place, such as for example in a car radio the number of times that a well determined channel is chosen, or the number of times a particular memory address is read in a computer, are all events that can lead to the generating of the second code word. The generating of the second code word can also occur on request of the user, who can verify in this manner that the delivered apparatus is not registered as stolen. The user will push on the appropriate key, or execute a predetermined manipulation. In order to verify whether the conditions for generating the second code word are satisfied, the apparatus monitors the occurrence of the predetermined event. For that purpose a parameter identifying that predetermined event is stored in the memory element . That parameter is for example a preset number (N) stored in the memory element of a counter which is part of the microprocessor 6. An individual counter or a "modulo N" counter could also be used for that purpose. Other examples of such a parameter are for example a memory address or a data word to be addressed or read during operation of the apparatus . The memory element could also be formed by a flip-flop, whereas the predetermined event could be the triggering of the flip-flop. The monitoring by the apparatus of the occurrence of the predetermined event is for example realised by comparison with the parameter stored in the memory element . The generating of the second code word can eventually be linked to the use of a particular software or be limited to the use of well determined functions of the apparatus. Subsequently the generating of the second code word can be time-linked, so that for example five years after the installation of the apparatus, the second code word will no longer be generated and the method will be neutralised.
13. NT? : When no second code word is to be generated (12, N) because the conditions are not fulfilled, it is verified if the apparatus is not already in an at least partially deactivated condition, for example as consequence of a previous generated second code word. If not, then the program stays in a monitoring loop until said one or more events have occurred. 14. NT : If the apparatus is in an at least partially deactivated condition, then this condition is hereby reenforced eventually by means of the emission of a message to the user. 15. GN2CW : When it is confirmed by step 12 that one or more events have occurred that lead to the generating of the second code word, then that second code word is now generated. At the same time, a flag is set which shows that the second code word has been generated in order to simplify the verification within step 13. The second code word can take various forms depending on the apparatus.
So it can for example be a one or more bits binary word, or it can comprise a command word that imposes a series of commands to the user that are presented on a display unit. Such commands are for example the contact establishment with one or more monitoring stations. When the apparatus is provided with its own communication means, the second code word will preferably be automatically proposed to the monitoring station. The second code word can comprise if required a further command word, that will then be used to determine the first code word. In that manner an individual character can be given to the first and second code word of every apparatus. The second code word preferably comprises an identification of the or the element (s) that have lead to the generating of the second code word. This must then enable the monitoring station to take this identification into consideration for the determination of the first code word.
16. STC : When the second code word is generated the apparatus enters a stand-by cycle whereby it awaits the reception of the first code word. During this stand-by cycle, the apparatus is at least partially deactivated either immediately or with a certain delay after expiration of a predetermined period. This deactivation can vary from one apparatus to another. In a car radio for example the receiver or the end stage amplifier can be disconnected, in a computer one or more computer programs can be locked.
When the second code word only deactivates the apparatus after expiration of a predetermined period, the second code word will preferably initiate counting means that count down the predetermined period. When the latter is reached without the counter being stopped beforehand, then the total or partial deactivation will become operative, depending on whether or not the apparatus was simultaneously switched to partial deactivation when generating the second code word.
Once the second word generated, it has to be presented to one or more monitoring stations in order to determine the first code word there, on the basis of the second code word. The emission of the second word itself varies on whether the user contacts the monitoring station and transmits the second code word, or whether the apparatus, when it is provided thereto, sends itself the second code word. The monitoring station uses, for the determination of the first code word, for example the serial number of the apparatus, and identifies the source from which the second code word is originated. When the station discovers no abnormalities such as for example a strange source of origin, or does not collect from the second code word any information which demonstrates an unauthorised use, it will generate a first code word that will release the apparatus. The release can as well be a release for an undetermined period as a release for a determined period, depending on what the monitoring station has decided. To come up to such a decision the station uses on one hand the information present in the second code word, and on the other hand its own data. In that manner the station keeps data over theft reporting up to date in order to verify if an apparatus with a certain serial number was stolen for example. Additionally, the station keeps data up to date over when and for which apparatus a first code word has been generated. Therefrom, the station can then conclude whether, for example, there is illegal copying. Indeed, when a first code word has already been generated for a same software serial number beforehand, and that no appeal is thus expected in the short term, this clearly concludes to unauthorised use. The station thus preferably keeps personalised data up to date for every apparatus, that enables it to memorise and to analyse the profile of the user for the generation of the first code word. If the station now determines abnormalities that are indicative of an unauthorised use of the apparatus, such as for example disconnection of the loud speakers in a car radio, a repetitive appeal for a same software program in the short term, etc..., the station will generate a first code word that will lead either to a total deactivation or to a temporary release. Both solutions are obtained by analysis of the second code word in which the information that reflect abnormalities is stored, as well as the information available in the station such as already described. For this purpose, such abnormalities are monitored by the apparatus, and stored in the memory in order to dispose of them when generating the second code word. The extent to which such monitoring takes place and the choice of the events to be monitored and stored depends on the extent to which the apparatus is to be monitored, and the value of the apparatus. A refrigerator will consequently comprise a far lower protection level then for example a big computer system. To implement such monitorings, use is made of for example flip-flop or clocks and the likes.
Once the first code word is determined by one or more monitoring stations it is sent to the apparatus in a manner analogous to the one used for the emission of the second code word. The first code word comprises either a binary word or a series of manipulations such as for example "switch radio on a certain frequency", "switch out AFC", etc..., that the user must execute.
The processing of the first code word by the apparatus will now be illustrated by means of the flow chart represented in figure :
20. RC1CW : The first code word such as issued by the monitoring station, is presented to the apparatus.
21. AN1CW : The first code word is now analysed by the apparatus in order to verify if it is indeed a usable first code word. This analysis can occur in various manners, depending on the data processing capacity of the apparatus. In that manner an error detection algorithm can be applied on the first code word, or the first code word can be formed from a predetermined mangling of the serial number. When the first code word is formed by a series of manipulations, the apparatus verifies that the appropriate manipulation occurs in the appropriate order, so as imposed by the first code word. In function of this analysis, the apparatus then emits a positive or negative result, whereby the negative result can eventually be nuanced and can impose a further test on a later point in time. The apparatus executes the verification on the first code word by means of for example the necessary program steps stored in the memory element. In the case that only a flip-flop is used, the first code word would reset the flip-flop.
22. ACT? : The apparatus takes the result of the analysis into consideration. 23. ACT : If the result of the analysis is positive, which signifies that the apparatus is in the hands of an authorised user, the apparatus is released. 24. NN? : The existence of a nuanced negative result is examined. 25. TACT : If a nuanced negative result is determined, the apparatus is temporarily released in expectation of a subsequent control .
26. SDCW : A nuanced analysis outcome is often the result of the presence of a command word in the first code word. That command word indicates that the monitoring station has objections about the second code word and considers a subsequent verification necessary. The apparatus will then store this command word in order to generate a further second code word herewith, that preferably is different from the previously generated second code word, and this to prevent that a same first code word be generated. That subsequent second code word will then be determined in a later period in time, determined by the apparatus in function of the command word and an analogous procedure will then be initiated with that subsequent second code word. The station will then determine a further first code word in order to execute the verification. The further first code word is preferably different from the first code word.
27. DAT : When experiencing a negative analysis outcome, the apparatus is definitely deactivated, whereby it becomes unusable.
28. STP : The verification stops here.

Claims

1. A method for the protection against unauthorized use of an apparatus running on an electric current, whereby at least one external first code word presented to the apparatus is processed in the apparatus, and on the basis of the thus obtained processing result, the apparatus being switched either to at least partial deactivation or released, characterised in that after said apparatus is fed by electric current for the first time, the occurrence of at least one predetermined event occurring upon operation of said apparatus is monitored by said apparatus, and after having established that said event has occurred a second code word is generated by the apparatus that thereupon is presented to at least one monitoring station, wherein the first code word is thereafter determined on the basis of the second code word.
2. A method according to claim 1, characterised in that the apparatus is at least partially deactivated by the generating of the second code word.
3. A method as claimed in claim 2, characterised in that said partial deactivation of the apparatus is executed with a predetermined delay.
4. A method as claimed in claims 2 or 3, characterised in that under control of the second code word, counting means be initiated that are stopped by said release under control of the first code word, which counting means when reaching a predetermined meter stand generate a stop signal, under control of which the apparatus is at least partially deactivated.
5. A method as claimed in any one of the claims 1 to 4, characterised in that a command word is incorporated in the first code word, and that after reception of the first code word by the apparatus, the or the events under control of the command word are substituted by one or more further events.
6. A method as claimed in any one of the claims 1 to 5, characterised in that a further command word is incorporated in the second code word under control of which the first code word is determined.
7. A method as claimed in claim 5, characterised in that a further second code word, under control of said one or more further events, is generated on the basis of which a subsequent first code word is generated, whereby the content of said further first and second code words are different from the first and second code words.
8. A method as claimed in claims 1 to 7, • characterised in that the user is compelled to execute a series of manipulations with the apparatus upon the processing of the first code word.
9. A set composed of an apparatus running on electric current and a monitoring station, which apparatus comprises a decoding unit provided to decode a first code word presented at an input of the apparatus and on the basis of the decoded result, to either at least partially deactivate the apparatus or either release it, characterised in that the apparatus comprises a first code word generator comprising a memory element provided for storing a parameter identifying at least one predetermined event to occur upon operation of said apparatus, said first code word generator being provided to monitor the occurrence of said event and to issue a second code word to said monitoring station upon establishing that said event (s) occurred, which monitoring station comprises- a second decoding unit provided to decode said second code word as well as a second code word generator connected to the second decoding unit and provided to generate said first code word under control of the receipt of the second code word.
10. An apparatus to be used as a component of a set as claimed in claim 9, characterised in that the apparatus comprises a first code word generator provided to determine and issue a second code word after occurrence of at least one predetermined event.
11. A monitoring station to use as a component unit of a set as claimed in claim 9, characterised in that the monitoring station comprises a second decoding unit provided to decode the second code word as well as a second code word generator provided to generate said first code word under control of the received second code word.
PCT/BE1995/000083 1994-09-16 1995-09-15 Method for protecting an apparatus against unauthorized use WO1996008754A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP95931100A EP0781426A1 (en) 1994-09-16 1995-09-15 Method for protecting an apparatus against unauthorized use
AU34672/95A AU3467295A (en) 1994-09-16 1995-09-15 Method for protecting an apparatus against unauthorized use

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP94870149 1994-09-16
EP94870149.5 1994-09-16

Publications (1)

Publication Number Publication Date
WO1996008754A1 true WO1996008754A1 (en) 1996-03-21

Family

ID=8218672

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/BE1995/000083 WO1996008754A1 (en) 1994-09-16 1995-09-15 Method for protecting an apparatus against unauthorized use

Country Status (3)

Country Link
EP (1) EP0781426A1 (en)
AU (1) AU3467295A (en)
WO (1) WO1996008754A1 (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1990004841A1 (en) * 1988-10-27 1990-05-03 Motorola, Inc. Event-based adaptive radio control
EP0373278A1 (en) * 1988-12-13 1990-06-20 International Business Machines Corporation Remote power on control device
EP0398492A2 (en) * 1989-05-15 1990-11-22 International Business Machines Corporation A flexible interface to authentication services in a distributed data processing system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1990004841A1 (en) * 1988-10-27 1990-05-03 Motorola, Inc. Event-based adaptive radio control
EP0373278A1 (en) * 1988-12-13 1990-06-20 International Business Machines Corporation Remote power on control device
EP0398492A2 (en) * 1989-05-15 1990-11-22 International Business Machines Corporation A flexible interface to authentication services in a distributed data processing system

Also Published As

Publication number Publication date
EP0781426A1 (en) 1997-07-02
AU3467295A (en) 1996-03-29

Similar Documents

Publication Publication Date Title
US7853798B2 (en) Program tamper detecting apparatus, method for program tamper detection, and program for program tamper detection
US5003591A (en) Functionally modifiable cable television converter system
EP1280350B1 (en) Time validation system
US5708712A (en) Vehicle security device with electronic use authorization coding
KR101145546B1 (en) Device pairing
KR100997467B1 (en) Method for remote diagnostics and set-top box
US7508760B2 (en) Data distribution server and terminal apparatus
KR100213098B1 (en) Electronic money terminal function and performing method
EP0675626A1 (en) Security system
US6122350A (en) PSTN appliance security system with reduced PSTN traffic loading
US6968018B2 (en) Digital broadcast receiving apparatus, and a method for receiving digital broadcasts
EP0740037A1 (en) Security device
EP0781426A1 (en) Method for protecting an apparatus against unauthorized use
KR100245442B1 (en) Radio call receiver and receiver method
US8565431B2 (en) System and method for scrambling wireless signals using a secure time value
WO2000034929A1 (en) Disabling an electrical device
JP2002135813A (en) Broadcasting receiver and electronic equipment
WO2004017637A1 (en) Hard disk security
GB2407458A (en) Preventing use of lost/stolen article by transmission of blocking code
US7502473B2 (en) Process for managing the handling of conditional access data by at least two decoders
JP3138582B2 (en) Anti-theft viewing device in CATV terminal device
CN115086954A (en) 5G private network communication method, mobile terminal and authentication server
KR100655550B1 (en) Apparatus and Method for saving power in stand by mode in Digital TV with Digital Cable Ready Card
JPH06282893A (en) Timer-reserving recorder
KR20030091040A (en) Device for receiving and/or for processing video signals, memory card, assembly composed of such a device and of such a card and process for controlling such a device

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AM AT AT AU BB BG BR BY CA CH CN CZ CZ DE DE DK DK EE EE ES FI FI GB GE HU IS JP KE KG KP KR KZ LK LR LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SK TJ TM TT UA UG US UZ VN

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): KE MW SD SZ UG AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
ENP Entry into the national phase

Ref country code: US

Ref document number: 1997 809313

Date of ref document: 19970314

Kind code of ref document: A

Format of ref document f/p: F

WWE Wipo information: entry into national phase

Ref document number: 1995931100

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1995931100

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWW Wipo information: withdrawn in national office

Ref document number: 1995931100

Country of ref document: EP