CA2133960A1 - System for protection of software - Google Patents

Abstract

A system for protecting (10) computer software against unauthorized copying or use includes writing to and reading (47) from storage media such as diskettes (10) and determining whether the storage medium is authorized based upon the results of the write/read (47) operation (436-446, 464-466). In a preferred embodiment, a software medium (30) is prepared for distribution (10) of an application program by writing a scrambled version of the application program (40) and an install program (20) that determines whether the medium is authorized by evaluating bad spots (434) in the medium. A similar mechanism protects against unauthorized copying of an application form a hard disk (418) drive or a computer's memory. The system provides a simple software-based mechanism (46) for turning it on another computer. The system provides for emergency use (44) of the application program in the event that the authorized distribution medium (10) becomes unusable.

Description

W0~3/21582 2 ~ 3 ~ 9 ~ O P~T/US93~03669 SYS~ OR PROTEC~IQN OF SOFTWARE

Field of the Invention :~ m iS invention relates to software protection, i.e. inhibition of unauthorized copying or use of computer : 5 software. More~ particularly, his invention relates to a :software-based software:protection system, which doss not : re~ly on specialized hardware to protect the software.

Backqround of;the~Invention Unauthorized ;:~copying and use of software ("software piracy"~)~ is a:problem that has cost software publis~ers billions ~of:~dollars per :year since it became common~for~ users~ to:;~purchase~standard software products.
S~ftware~is~ typically ~distributed on ~a removable storage médiu~uch~as~a~magnetic or optical::disk or diskette, and 15~ ;s ~ ~ ter~s~may~be used in~erchangeably herein. It is estimated~that for~every five units of sof~ware sold, four :àre piraited.:~Thé~annual~loss to software publishers from software piracy~ ~IS~ estimated at over S3 billion per year.

Two approaches have been used ~o~ attempt to 20~ protect~ oftware~::àga;inst~ piracy. ~:Hardware-based software :pr:otection~ system~ include an:auxiliary piece: of hardware which~is~ distributed~;with the software and which must b~
in~tal~led:in a:computer, such:as by being conneGted to an O~port, to pe ~ it~ the computer to run the protected

2~5:;~ software.- Such~systems can be highly~effectiv~, since the W093/215~2 PCT/US93/~3669 213`39 60 `~

: hardware "keys" can be made difficult to copy. However, :: hardware-based software prote-tion systems are t~pi~ally ;expensive, and thus suitable for use only with expensive software packagés. Sueh systems can permit use of the : 5 sotware on different compu~ers while restricting the use to one machine at a given time. Howeve~, it is often inconvenient to remove the hardware "key" ~rom one machine and install it on another.

Software-~ased software protection systems have ~ lO also been developed. Such systems are relatively :~ : : ;ne~pensive, and therefore are more suitable for use with 1ess~expensive~, mas`s-marketed software. However, such systems are~:generall:y ineffective, and may be defeatPd ~y so~tware:programs;~su~h as COPY II PC whieh are readily and :l5~ expe~ns~ively av`ailable. ~hile mass ~opying of software for resa1e~is unusual:~:~in the United :States, small scale opy~ing:~ is~ not.:::~:A~: person; may make a ~ew copies ~or f~riends,~or:for`:~use~:on~ other machines at work, or to pe~mit ~use of the same softwa:re at home and at work. The 20~ slml~1:ative efect~s~of: such smal~l-scale copying represent a ma3~o~r~10ss~to softwar~e~publishers.~ :

Much ~ so~:twa~e that~ has~ been d~tributed with software-based sof~tware protection:::has run into criticism by~u:se~rs because~ i~t~is :time consuming to move the so~tware :: 2S ~rom one computer::~:~to anoth~rO If a u:se;r uses the software ::at ~the office,~ ~i:t ~may ~:require 30 or 40 minutes to :uninstall it a:t t:he~:off:i:ce and reinstall it a~ home.

:
:: : - : : ~:

; - :

: :::: : :
:: ::
: :

~ 093/21582 PCT/US93/03S69 21'3'3g`6~

Summar~_of the Invention : It is there~ore a general object of the invention to provide an improved software protection mechanism.

It is another object of the invention to provide a software protection mechanism which is highly effective.
:: ~
: It is another object of the invention to provide ~:: : a:software protection mechanism which is inexpensive, so tnat it may be advantageously used to protect a wide ran~e a~ :of software.

It is another object of t~.e invention to provide protection for software on i~s distribution media, while ;installed~on a h~a;rd ~disk, and while in use in the compute~'s:main memory.

;lS~ It i 5 ~another object of~this invention, that in case~th~ user:'s;~instal~ed copy of the~protected sotware ;becomes~ not usable,~ the appl~icatio~ software may be reinstalled ater~the:user calls:~the soft~are publisher :for~data to allow the~r~installation.

It is~anot~her object of the invention to provide a~:software protection mechanism which does not inte~fere with~ other software protection me:chanisms wh:ich may be used by a software~publisher.

~:: :: :

~: :
::

W~93/21582 2 1 3 3 9 6 0 PCT/US93/0366~

It is ano~her object of the invention to provide a sotware protection mechanism which is easily employed by a software publi:sher.
: : :
It is dnother object o- the invention to provide a software~ protection mec~.anism which minimizes inconvenience~in uslng protected software on different machines at different times.

It is another object of the invention to provide a:softwar~e protect;ion:mechanism ~;hich permits the user to lO: run the protected~software in tne event that the ori~inal : copy: becomes unusable.~

; The ~ p-eSeAt inven~ion i5 based upon the recog:nition that:~ t~he;~software distribution medium itself ha~s~or~ may~be provided~with physical attributes which are l5~ :s~ufficiently :d~i~st~1~nctiYe and~ sufficient1y difficult to copy~as~to~be u:séful~in a process for determining whether a~ pa:rticular~dis:tribution me:dium is an original or author~iz~ed;~copy~ or~:an unauthorized copy. `The p~esent nvent~i~on~ provi~des:::software which~:operates in conjunction 20 ~ with:such~distribution: medium attributes to ;provide a : ::n~vel software~pro~tect:i~n system.~

: This~ :in~ention provides a ~mechanism that produces diskettes;~with~ a: scra.~.bléd,~: thus not usable vers~ion ~of the~software publis.r.er's application:program.
:25 ~Thls diskette is~supplied to the ~ser with an INST~LL
program:that ver~ifies t~at the disY~ette is the original by : the existence Oe bad spots (physically altered locations ::: : : ~:
: ~ ~
:~ ~: :: :

158 P~/US93~03~69 2~3~36~

on the diskette that will not properly record data) on the diskette. . The INSTALL program veriies that the bad spots are real by reading and writing to these diskette sector locations. Acco~dingly products like COPY II PC which copy diskettes including bad spot indications in the File Allocation Table will copy the diskette, but the IN5iALL
program will not run because the indicated bad spots ~re not really bad.

In a preferred embodiment, the pro~ram for bad spot verification is made difficult to analyze and/or bypass. According, the program code that reads and writes to ~hese bad spots is unpredictably scattered throu~hout the program to make it very time consuming for an expert o~ debu~ and fool the program. In addition, a~ random l5;~times~during~th~is wr~i~te~read process, the write/read tests wil;~ e ~done by a~separate spawned program that will have its own abili~y to stop the process if the results of the write/read~s are not what is expected~by the spawned write/
read~program. This~makes it very d;ficult for a computer 20~expe;rt ~to block or alter the actions of this invention to pro~ect~the softwarè~application. The order of re ds and w~i~es ~is also not~ predic~able.~ ~ ~his ~makes it Yery difficul~ to guess~ what the program expects from the reads a~d writes. The locations of these bad s~ots are used in the formulas to scramble and unscramble the application p~rogram f ile . Thus, creating a diskette t~ look exactly li~e the original as ar as formatting and ~ad spot locations would take much more time than it is worth.

WO93/21~8~ 2 1 3 3 9 6 0 PCT/US93/03669 ~

The main ~alue of the above protection mechanism is that the locaticr, of ~h~ b?d spots must be verified by the I~STALL program as being in the same place as the original. This is very difficult since the sectoring and timing functions of the computer's formatting programs do not start the tracks in the same p' ace. The probability of ~reating an exact copy of a bad spotted diskette is :very, very low. If someone does spend the time to copy a diske~te~ he w~ll not be~able to mass distribute this copy 10 mechanism because the bad spots of the next diskette will most probably not be in the same place.

In a preferred embodiment, there is a hidden scrambled USER~RECORD on the diskette with other data that ;~ ~ is: used ~ in the scramble and unscramble formulas. This :;l5~ means that this r;ecord,~ which `cannot be seen by the c~mp~ut~g';s file sy5tem because the file system did not write~ t, must be~located, read, and unscrambled. It must then; be.;used to un:scramble the application program file.
T he~ sotware~pirate must find and unscrambIe the hidden US~R~:RECOBV, ~which~ has values :to unscramble the application~program~file. These values can be changed per~iodically. ~The~order of the fields in this record may also:be changed:per:iodically. One additional step to foul the efforts of th~:software pirate is to actually change the scramble and ;unscramble~ formulas. These things :prevent~ a copy:~pro~tection break mechanism that will work pas~ a short time.

In another aspect Qf the invention, a "ONCE
~:~ INSTALLED PROTECTION" capability is used to protect the : ::

~ 0g3/21582 PCT/US93/03669 21~3~60 ~;~ software Çrom piracy from the hard disk or from the computer's main mPmory~ During the install process, a set of dat~ unique to~this specific installation is stored in a ONCE INSTALLED~ PROTECTION program. When the protected 5 ~ appli~cation~ pro9ram:~Ls~ run it spawns this program whîch checks the cuFrent ~ c,omputer's file system information about the software~applications program file. I the data returned by the~computer'~s file system does not match the data s~tored~in~the~ON~E INS~ALLED PROTECTION program, the 10 ' appl~icat~ion program ~file will be erased and ~he program w~ not execute~ In~;addi~tion. the location of hard disk ;b~ad~sp~ts~alonq~ with~;the~status of these bad spots is used to;~,v~er~ify that~t~his~;copy of the application is valid for use~ This~ pr~otecti'on~ prevents the pirating of the3,~ l5~ appli~ca~tion~from;~th~e~installed h~rd disk or the computer's main~;mémory.~ oth cases, the ONCE INSTALLED PROTECTION
mechan~`~sm,~which~requIr~es the; presence~ of the or,iginal ha~r~d~ d'isk status to~run, must be present with a~ màtching original ONCE INS~ALLCD~PRO~ECTION~PRCGRAM.;~ ~

~ In another~a~spect of~ the~ invention~, this bad spot~vérif~ication~me~chanism~may~be u's~ed,in a~SOFTWARE KEY
diskette~ his~is an~option~for the~ software publisher t~t,`~al;lows~thè usér~to install;a~not;usab~le~copy of the application;on~more~than one ~computer at a t~ime. The 25~,',50FTWARE~ KEY~pr ~ ram~ has~the abili~ty~to;turn~the use of t,he;~appl~ication~O~ on~ one computer ~and' ~ON on~ another com,puter~ ~ The~ SOFTWARE KEY diskette in~sures that the ap`plLcat:ion is u.a~ on only one~compu~ter at a time.~

W~ 93/21582 2 1 3 3 9 6 O : PCr/V!~i93/03669 ,~1~

--8~

In ano~ lier aspect of the invention, as an cption to the sof tware publisher, an EME~GENCY US~ copy of the application may be provided. This makes it unnecessary for the user to copy the diskettes prior to installation.
5: This diskette is protected in the same manner as are the ~ APPLICATION DISKETTE and SQFT~ARE KFY DISKETTE. It also : has the EMERGENCY RUN program on it that actually runs the : rea} applic tion. This diskette must be ~he original to run properly. I~ also has a limited number of ~ses that 10 allows the user to contact the sof tware publisher for a :~ new copy of the application. This will allow the sof tware publisher, who tracks the users for updates and ~: warranties, to track exc~ssive copies as well. Syste~ns :~ ~ seldom crash and diskettes seldom ~ecome unreada~le.

:15:~ Other objects and features of the invention will be ~: un~erstood with reference to the followlng specification, claims,~ and drawings.
; : : ~
:: ::
~: ~ : Br it~_~n of the Drawings The f low -~ charts and illustrations of the ~ ~ 2 0 drawi:ngs describe ~ the preerred embodiment of the : ~ invention. The: step boxes in the flow charts are ~: : accompanied by numbers wh;ch refer to a place in the text ~: in the detailed ~ description of the invention that desc~ ibes the stepO Pigures are as follows Figure l is a flow chart of the ten steps and programs that comprise the invention~

~~VC~ 93/215~2 2 1 3 ~ 9 6 13 PCI/US93/û3669 _g_ Figure 2 is a ~low char~ ~f the steps used ~o create the APPLICATION distribution diskette.
.
Figure 3 is a flow chart of the program steps o the CREATE APPLICATION DISKETTE program.

Figure :4 is a flow chart of the scramble mechanis~ used in the CREATE APPLIC~TION ~ISKETTE program.
: , .
:~ ~ Eigure S is a flow chart of the steps used by he REATE APPLICATION DISKETTE program ts scramble, hide and wrlt~e the USER RECO~D.

10: Figure:6a and 6b are a flow chart of program steps of the IN~TALL;program.

Figur~ 7 :is~ a f low char t of the pro~ram steps used~by~the INSTALL,~ SO~TWARE KEY, and EMERGENCY USE
programs that verify ~the bad spots on a diskctte.

igure~:8 is: a flow chart of lower level steps of Figure 7. Thes~e~ ;steps randomly pick which write/read :routine to use. ~

; Figure :~9; is a flow chart of the program steps used by the: INSTALL,~ SOFTWARE KEY, and ~EMERGENCY USE
programs to find, ~verify, and unscramble the USER RECORD.

Figure:~10 is a flow chart of the steps to : unscramble and install the application program.
:: :

:

.

WO 93J2158? 21 3 3 9 6 0 PCJ/US93/03669 ~ ~

Figure 11 is a flow chart of the steps used to create the SOFTWARE KEY DISKE~TE.
~ ' .
E'igure 12 is a flow chart of the CREATE SOFTWARE
KE:Y DI SKETT PROGXAM ~
:~
5~Figures 13a and 13b are a flow chart of the SOFTWARE KEY PROGRAM.

Figure 14 is a 10w chart of the steps used to create the EMERGE2~CY: US~: DISKETTE.

Figure 15 is ~ a 10w chart of the CREATE
10 EME:RC~MCY USE DISKET?E PROGRAM.

Figures 1 6a and 16b a re a flow char t o the EM13RGENCY USE P~OGRA15~. :

: ~ Figure 17: is~ an illustration of the INSTALL
P~OGRAM l)I SKE~TE .

~: 15: Figure 18 ~is~ an illus'cration of the SOFTW~RE KE:Y
DISKETTE~

Figure 19 is an illustratiorl of She EMERGENC:Y
: VSE ~D I SKET~E: . ~

Figure 2û is an illustratiorl of a process for ;~ ~ 20 creating bad spots on~ a diskette.

: :

. ~O 93/21582 2 13 3 9 ~ `~` PCr/US93/03669 Fiqures 21a and 21b are a f low chart of the INSTAI,L PROGRAM steps . that create the ONCE INSTALLE~
PROTECTION .

~ igures 22a and 22b are a flow chart of the ONCE
5 INSTALLED PROTECTION PROG~M.

igure 23 is a ~low chart ~f the program steps of the INST~LL PROGRAM to perform the UNINSTALL FROCESSo :
Etigure~ 24 ~is a flow chart of the spawned WRITE/
READ p r og ~ am .

10: ~ ~ ~ Figure 2 5 ~ is a flow chart of the BUI~D SYSTE:kS
ERIF:Y~ D~A PROCESS~

Figure 26:: is a flow chart of the BUI~D ~IARI3 DISK
VERI~:~Y ~ DA~A PP~OCESS .~

igure 27~ ~:is: a flow chart of the SYSTEM VEP~Y
`15 ~ P~OC~SS~

igure 28 ~ is a f~ow chaxt of the ~ARD DI5K
VERI FY PP~OCESS .
, igure ~29 ~ is a flos~ chart of the TURN ON PROCESS
: us~ed by the SOFTWARE :KEY program.

;: ~; 20 ~ ~ Figure 30~ is a fIow chart of the TURN OFF
PROCESS used ~y the SOFTWARE KEY program~

W093f21~2 2 1 3 ~ 9 6`0 ~CT/US93/~3669~

Figure 31 is a flow chart of the APPLICATION
EXEC~TE PROCESS.

: ~ Figure 3Z is a flow ~hart o the DOES NOT PASS
~: PROCEDURE used to destroy the ability to run if the :: 5 appli~ation is found no~ ~o be a valid copy.

Figure 33 is a flow chart of the REINSTALL
PROCESS optionally used in the INSTALL PROGRAM.

Detailed Description Int~roduction: ~ ~:

0 ~ : This i:nvention: comprises procedures and the use of rom 2 to 9 omputer programs that provide usage protection or a sof;tware publisher's:application program.

: : The first:p:rogram, called the CREATE APP~ICATION
:DISKETTE PROG ~ ,~puts~a scram~led~copy of the software publisher~'s~ program~, ~ hereafter called the application, a scrambled copy of the ~ONCE INSTALLE~ PROTEC~ION P~OG~AM, and: ~ a~ copy of a~ small wri:te/read pxogram onto a distribution medium, hereafter cal~ed the diskette. The application program:is scrambled according to the location 20~of bad spots randomly~put onto the diskette and a modulus factor that may ~be changed periodically to make unscram~ g the application more difficult. The same process is used t o copy the ONCE INSTALLED PROTECTION
PROGRAM to the diskette. This program also puts a 25 scrambled copy of a 'USER RECORD' onto the diskette in a :Y093J21582 213 3 9 ~ ~ PCT/US93/03~69 hidden area of the diskette containing the modulus fzctor, optional user inform~ti~n, and f~ags, such as the SO~l~WARE
KEY flag, which indicates if the publisher is using the SOFTWARE KEY option. This record, located on the diskette by the locations of the bad spots, must be ound and unscrambled prior to unscrambling the application. This ~ record cannot be found using the standard file system :: callable routines.

: The next program, called the INSTALL PROGRAM, is distributed with the APPLIC~TION diskette and unscrambles/
inst:al~ls the application program on the user's computer.
It also checks the ~bad ~spots on the APPLICATION diskette to :see if they are really bad. This prevents produc~s : ;such as COPY II PC from being useà to successfully copy lS~ the~ APPLICATION~;diske te. This program ~inds and u~nscrambles the~USER RE~ORD. It then unscrambles the appli:cat:ion as:it installs it on the user's ~omputer. It : : als~ unscr~mbles and installs the ONCE INSTALLED
PROTECTION PROGRP~ he ONCE ~ INSTALLED P~OTECTION PROGRlW
: 2~ is copied~to the hard disk and data used in the once installed p~ro~ection process is copied directly into the ONCE INSTAL~ED PROTECTION PROGRAM.:
:
;This program has the ability to uninstall the application if the:SOFTWARE KEY OPTION is not used. This:: 25~ is done by verifying that the appl:ication is valid by ~spawning the ONCE INSTALLED PROTECTION PROGRAM. If the application is valid, it is destro~ed and data in the user :~ data record on: the~ diskette is changed to show the uninstall. ~ : :

W093/21582 2 1 3 3 9 6 0 PCT/~S93/03669 The next program, called the SOFTWARE KEY BVILD
PROÇ~AM, builds the SO~TWARE KEY diskette for the optional SO~TWARE KEY facility provided to the software publisher.
If the software publisher has chosen to use the SO~T~ARE
S KEY option, the INSTALL PRQGRAM installs the application : with the first part of the application replaced with a small prog~am called the NOTON PROGR~M. If the : ~ applica~ion is executed, the NOTON P~OGRA~ is really executed. It will display a message telling the user that the applic~tion i5 turned off. The SOFTWARE KEY BUILD
PROG ~ scrambles and hides the USER RECORD on the SOFTWARE KEY diskette the same way the CREATE APPLICATION
DISKETTE PROGRAM does on the APPLIC.~TION diskette. It then copies the NOTON progr~m, the SOFTWARE KEY PROGRAM, 15~ and:a scram~led copy of the first 512 bytes of the application program to~the diskette.

The SOFTWARE KEY diskette contains the SOFTWAR
KEY PROGRAM which is~used to turn ON and OF~ application that; has been installed on a computer. One of the major ~ 2G problems with most pas~ pro~ection mech3nisms is tha~ it : :: :: i~:inconvenient and time consuming to ~ove th~ applicatlon :: : : : `
~ : ~:o:another computer. If the SOFT~ARE KEY FLAG is set, the ::: ~ ` : :
INSTALL PR~G~AM~:allows for the installation of the application on many computers. The SOFTWARE KEY PROGRAM
; 25 restrlcts use of ~he application to one computer at a ti~ This progra~m verifies that a diskette is an : original or ~erifies authorized copy by making sure that the bad spo~s are reaîly bad. If the user is turning the application ON on this computer, it makes sure that the :

: ~ :

'~"O 93/21582 2 1 3 3 9 ~ ~ PCI/U~93/03669 last thing the SOFTWARE KEY was used for was to turn the application OFE-. Ir this is true, it replaces a portion of the application, such as the first 512 bytes with the real program~ the user is turning the application OFF, S the first 512 bytes of the application are replaced by the N(:)TON p~ogram.

This program spawns the ONCE INSTALLE:D
PROTECTION P~OGRAM: to ver~ify that the application program to be turned off is valid. If it is not valid it is made 10 not usable.
:~
This program also gets a ran~om number and stores it in the USER DATA record and the (:)NCE INST~LLE:D
PE~OTECTION PROGRAM when ~ the application is turned ON~
This~ can be used: at a later ~ime if the SOFTWARE KEY
lS: D:~SKETTE~ is needed t o ~ v erify that the installed application program i:s ~really valid.

rke: oex:t p:rogram is the CREATE :EMERGENCY USE
DISKETTE P~.~G~AM, which builds the EMERGENCY USE DISE~ETTE
that~ optionally i9 ~ distributed with the application 20 ~ pack~age ~ :t:o~ provide: ~ emersency use~ of the application capabilities~. Shoul;d ~ the: instal?ed version o the application become not: usable, this diskette allows the user to run the application a f ixed number of times . This program and the process :that goes with i~t puts bad ~pots :: ~ 25:: on ~ ~a d;skette and~ formats the diske:~tte, copies a copy of he ~application program file to the dis3cette, copies the NOTON program to t~he diskette, copies the scrambled first : ~ block of the application pFog am to the diskette, WO93/21582 ~1 3 3 ~ 6 ~ PCT/US93/0366 scrambles and writes the USER RECORD to a hidden place on the diskette, and copies the EMERGENCY USE PROGR~M to the diskette. It then replaces the first block of the EMERGENCY USE PROGRAM file with the NOTON program, making the application n~t usable.

Should the installed copy of the application on the user's computer become unusable, the EMERGENCY USE
DISKETTE with the E~ERGENCY USE PROGRAM can be used to run : the application. This program verifies its validity using 10: the bad spots: in the same way that the INSTALL PROGRAM
did. It fin.ds, reads and unscrambles the USER RECORD
which keeps track ::of the number of uses left for the EMERGENCY USE PROGRAM. The number of uses are limited to :: a ixed~ number defined by the software pu~lisher. It 15~ replace~s::the first block of the application program file with~a~scrambled:file~containing the real be~inning of the ile. ~t runs~the~ EME~GENCY USE appLication program. It then ~replace the~f:irst:block of the application program ile~:wit~:the NOTO~N progra~, making the app~ication f;le 20~ not:usable~

: : The next~ program is the SPAWNED WRITE/RE~D
ROGRAM.: This program is manually put on the INSTALL
: PROGR~M DISKETTE, the SOFTWARE KEY DISKETTE, and the EMERGENCY USE PROG~AM DISKETTE. This program is spawned 25 by the INSTALL PROGRAM; the SOFTWARE KEY PRCG~AM, and the EMERGENCY USE PROGRAM as part of the ~iskPtte verification ~: process. These~:programs do write/read tests o the bad ~:~:: s~pots on the diskette. At ra~dom time5 during this process they will spawn this program to perform the same :: :

-~093/21582 21 3 3 9 6 ~ Pcr/uss3/o366g : tests. This being a separate prog~am makes it very difficult fo; an exp2rt t~ terce~t this function and nullify it. In addition, this program will take its own : action to termina~e the current program that spawned it.
This makes an effort by:an expert to intercept a returned value from the WRITE/READ PROGRA~ of no value.

: The next program is the ONCE INSTALLXD
PROTECTION PRO~RAM, which protects the application after it is installed on the computer's hard disk. This program is spawned from the IMSTALL PROGRAM, the application rogram, and ~;he SOFTWARE KEY PROGRAM to verify that the insta~led application is the file installed by the INST~LL
PROGRA~. Data used in the verify process, such as the phy~sical cluster addresses of the application progr~m ~nd lS t~e ONCE INSTALLED PROTEC~ION P~OGRAM, the random number s~tored~in the ONCE~INSTALLED PROTECTION PR~GRAM and the :USER~DA$A record on:the diskette, and other file names are physically stored in a scrambled manner in places in this progr~am file rather :than stored in a separate file. This 20:: makes it ~ery di:ficul for someone to find this data and ~ try;~ to manipulate~ it without destroying other data or : : ~ : : p~ogfam code.

Description of the Drawings The procedures and programs of the invention ~provide a relia~1e copy protection mechanism for software publishers. It comprises up to l0 major steps, set orth in `Figure l. Not all steps ~re always used, as some are ~: ~ optional. Step~10 is the creation of the APPLICATION

:: :

:

WO93/215~2 2 1 3 3 9 6 ~ PCT/U~93/036~9 -l8-DISKETTE, a protected diskette for distribution of the a~plication proglam. ~his diskette contains a scrambled ve~sion of the appiication program and a hidden scrambled copy of a USER RECORD~. Step 20: is execution of the INSTALL PROGRAM which unscrambles the application and installs it on the user's computer. Step 30 creates tne SOFTWARE KEY DISKETTE. Step 40 is execution of the :~ SOFT'~ARE KEY program which allows the user to turn tr.e ~: application OFF and ON on different computers. Step 42 creates the EMERGENCY USE DISKETTE. Step 44 is execution ;~ ~of the EMERGENCY ~SE PROGR~M~ Step 46 is the execution of the C)N~::E INSTALLED PROTEC~ION PROGRAM. Step 47 is the SPAWNED WRITE/READ~ ~PP~OGRAM ~hich is used by 'che INST~LL
:
: ~ PROG~AM, ~he SOFTWARE KEY PROGRAM, and the EMERGENCY USE
PROGRAM ~o do write/reads of diskette sectors. Having this ~ separate program makes the testing of bad and good diskettes more sec~e.:

CREATE~ l~EPLICATION DIS~ETTE

:: :
Step l0 that creates the APPLICATION DISKETTE
20 consists of 7 lower leYel steps ~see:Figure 2)~ The first of~ the.se (step; 50~ is to put physical bad spots on the disket~e. Such bad~spots are se tions o~ the medium,. in this case a magnetic diskette, that cannot be successfully writ:ten to or read~::from. A~number of methods may be used , ~: 25: to :accomplish this result. For instance,: a laser may be : : used to burn a small hole in or otherwise flaw the read~
~: write surfac2 of the dis~ette. Creation of bad spots by : la~er is illustrated in Figure 20. Step 50 may also be accomplished mechanical1y by usin7 a sharp edge to scrape :: .

~ ~93/21582 ~ ~ 3 3 9 6 0 . PCT/US93/03669 :.....

the surface of the disket~e. The laser method is believed preferable in a mass pro~uction environment. Por reasons that become more evident later, the effects of putting bad spots on the diskettes in random locations is better than :~ ~ 5: putting them in the same area on the diskette.
:
~ The next s~ep (s~ep 60) is to format the , diskette. Mos~:computers come with a software program to :perform this~function~.~;The format function sets up the dis~kette sectors and ~ tracks making it usable by the 10 ~ computer 's file system. In addition to this the format unction creates; ~ ~ d~ FILE ~ ALLOC.~T~ON T~LE (PAT) on the kette. ~he FAT is:used by the computer's file system o keep~ track of::disk~sectors and how they are used. It indica~es~ which sectors~are:f:re~ for use, which are in 15:~ ~ use~ a~d ~ which are~ ad . and cannot be used because the physi~al;~status of~that~ section~o the ~disk is damaged~
This~ s~very~ 1mpor~tant~ in connection with the~present in~:e~ntion~because~there~are.products on the mark~t that will :~copy ;di~skettes ~as~they ar~e with the ~AT i~dicating 20~ bad~s~pots~:that were~on~the:origiAal:diskette. Prot:ection me~hanisms~ that w~uld;~se the bad spots~:in the protection echa~ism will still~think the bad spots:are val~d on the copi e~d~:~ ve rsion .~

Step 62 copies the ONCE INSTALLE~ PROT~CTION
2~ ::PROGRAM to the diskette. : ~ :

Step 70~1~S ~o;copy tne application ~program to the~diskette. This~:st~ep may use the copy facility that is asually: supplied with the computer. In a production : ~ :

W~93/21S82 2 1 3 ~ 9 6 0 PCT/VS93/03669~ , -; ;~, .

environment this step may be omitted and the program can be copied dynamlcally in the scrambie procedure of step O

: 5tep 74 is to copy the SPAWNED WRITE/READ
S PROGRA~ to the diskette, This program is used in the diskette verification process.

:~ Step ~80 is to copy the NOTON program to the diskette. This program, which may be very small, is used to replace the first part of the application program if the ~SOFTW M E KEY: option is desired by the software publisher.

The CREATE APPLICATION ~ISKETTE PROGRAM (step 90) is then run~ This program consists of l0 lower level steps:,~ which are~ shown in Figure 3 and described below~

l5~:CREATE~APPLICATION~DIS~ETTE PROGRAM

The first function of tnis ?rogram is to create : or ~ead an exis~ing:~ customer reco~d ~step l00). Thi~
rec~rd ~ has: information about the application prog~am and the de5ired opti~ns`~ of the software pub:lisher. This ~:~ 20 :~ecord can be created or modified ~en the program sta~ts.
It may contain a ~ flag indicating: tha~ the software ;pub1isher~ does: or~: does not wish to use th SOFTWARE KEY
:option :: :
Step 110 ge'cs the diskette type information.
25 This is followed: by step 120 which reads the boot sector ::: ~

r~-~93/21S82 PCT/US93/03669 ~ ~ 3 3 9 6 0 of the diskette. In this case, using an IBM PC
environment, 'hese two steps provide the information about the d~ skette. Such things: as the number o tracks on the diskette, the number of sectors per track and the number :~ ~ 5 o~ sec~ors per cluster are provided in these steps.

: ~ The F~T sectors are read in step 130. This tells the progr:am~which sectors are yood and bad. In the embodiment shown, the first 20 bad spots are saved.

Step:140:asks for optional user information.
l0:; This step is:not part oE the:software protection aspect of the invention but:is included as an additional feature for the~;software:~publisher. It~contaiAs such things as name and~addr:ess information, product serial number, and the SOFTWARE~RE~F~AG~

15 ~ 5tep~:142~ uses a formula that uses ~he bad spot :locati~ons and the~:;nùmber of times the appli~cation has been reinstalled ~to~ produ~ce a number. ~This is done for a number o~ reins~talls~a~llowed by the ~software publisher.
A~ this~ime;:this is just~a list o~:the~e nu~bers as they 2~ would be:genera~ted~b~y:the reinstall ~proce5~ This will allow~the~user to::~al~1 the pu~lishe;r and ask E~r reinstall ; , capability should something happen to the user's installed appl~cation~ This~number cou~d be given to~the user over the~ph:one~allowing~the applicatioA to~ be reinstalled. If 25~ a~use~r:ca~1s with~such a request the publisher will record the call and be able~to keep track of~the reinstalls. The ormula could be~assigned a number~ and ~his number saved : in the USER DATA RECORD.
:: : :

:

WO93/21582 PCT/VS93/03669~
21~

Step 150 takes a global modulus factor ! file st_tus, and use ~alue that are in the customer record and puts them into the USER RECORD which gets scrambled and hidden on the diskette. Later, at install time, these variables must be correct in order for the installation to work properly.

The scramble and write function (step 160? uses ;the location of:the bad spots together with the modulus factor in ~he USER RECORD to scramble the file. The formulas used for this scramble may vary g~eAtly from what is described here. This function consists of a program loop that abes through the program file described below in : steps 180 through 240 shown in Figure 4.

; ; Step 180~ reads 2 sector-sized blocks of the 5~::appl:ica;tion program file. Step 190 creates a scramble : va~riable. This i;s put after the reads in the loop to ; allow for using the block number as a variable in the ramble variable :calculatiQn, which however is not done i:n the em~odiment:desc~ibed. The scramblP variable is 20~ used ~in the scramble algorithm to make the file not usabl~u : ~

Step 200 takes the scramble variable number of ~i:bits in a 16 bit word and swaps them with the remalni~g bits 0n the other side of the word. For example, the 25~ cluster number o~ the second bad spot on the diskette may ~ : be used as a basP, whicn is divided by 16 and the :;:remainder added to the modulus in the USER ~ECORD to get : :

:: :

.~ V093/21582 PCT/US93/03669 213`3360`

: the scramble va:riable. If this number is qreater ~han 16, 16 is subtracted rom it.

Step 210 ~further scrambles the block by swapping ~bytes in the blo k according to the scramble variable.
5~ Step 220 writes th~e ile by swapping the two blocks that are~currently ln:memory.~ The pro~ram checks for the end of file at step 230. If it is not at the end of file, the r~outine returns to step 180. If it is at the end of the ~:: file, it continues to step 240 which returns to step 170.

10 ;~ There~ ar~e~a~large number Oe other algorithms in addition to the one described here which would adequately pèr~f~rm~the s~cramble~and write file step 160.

he prog~ram proceeds to step 170 of Figure 3, which~;scr:ambles~the~;USER RECORD and; hides it on the 15~ di:sk~e~tte:. Thi:s record is hidden by u ing the bad spots as the~ke~y~. ;The recor~d ls~ritten to a good sector on ~he diskette~ The~:~ile:: system ~will not :know it is there.
Thi~s~step consists;~o~f lower level:steps 250 through 300 shown:~ n Figure~5~and descri~ed belov,~ :

20~ Step 250:creates~a scramble~:~variable just as was done in s~tep l90 excep~ that the modulus number in the :: h~ USER~ RECORD is ~not used. This: is~because the INSTALL
p~rogram will not: be able to get~ this ~ariable to :unscramble itsel:f at in~tall ti~me. The USER R~CORD is 25~scrambled ln steps~260 and 270, such ~as in the same manr,er ~ that the: application program blocks were scrambled in - ~: ~: : : : :
~ : :
:

W~93J21~2 2 1 3 3 9 ~ O pCT/~93/~36~9~ .

-~4-Figure 4. The program finds the first 16 unused sectors on the diskette in step 280.

In step 290 the program writes junk data~ This i5 done to confuse someone looking for the data record.
The format procedure initializes the empty sectors~ which means that any~hin~ that looks different may be the USER
: RECORD.

: Step 300 a tually writes the scrambled USER
: RECORD ~to the ~record corresponding to the scramble : 10 v~riable in the 16 good sectors. ~9Z instance, if the s:cramble variable is 7, the USER RECORD is written to the ~: 7th good s~ctor. :~
:
: : The p~ogram then returns to step 172 which scrambles and writes~;the:INSTALLED PROTEC~ION PROG~AM to the diskette in~:the same manner that:step 160 scrambled :; and wrote the appIication file to the diskette.

: It is important to note that this record and its lo~:tion is not~ known to the ile syst~em or operati~g :: : : :
5y5~em of ~he computerO` Unlike other pro ection ~:~ 20 mechanisms using hidden files: which may be ~o~ated by : so~tware ~ programs, this data cannot be found and identif;ed by s~oftware without knowing the finding ~ algorithm first~
:: :

:`
.
, .~ g3/21582 2 1 ~; 3 g ~ 3/03669 INSTAI,L P~:OGRAM

The INSTALL program, illustrated in Pigures 6a and 6b, uses the diskette that was created by the CREATE
, , APPLICA~ION DISKETTE: PROGRAM and allows the user to :5~ install the application on his computer. If the SOFTW M E
KEY~option is being~:~used, the user~ may install the application on many: computers in an unusable state. It must be turned ON by ~ the SOFTWARE KEY before it can be used.:

10~ In ste~ 302 the install program checks to see if the~ use;r~wi:shes::~to~ uninstall the already installed appli~cat:i~on~ pr~ogramO~; If ~ the user ~ does wish to do an un~instal1~, control~is~;passed to step 3~04;:~ which ~is the un:install~process~ This will;be de:s ribed later. If this S~ `is;~ ot~t~he user's wish~the program checks:to see if the us~er-~wi~shes to do~a~ reinstall in~step 306.~;:If this is the casè:the~program~perfor~ms step 308~which is the rei:nstall p~ocedure~ :this is not the case:control is passed to step 310~which~:star~t~s~ the;install proc~ess. ~(Step 304, the 20~ U~INS~ALL~PROCESS~(Figur~e;233, and ~Btep ~08~ the REINST~L~
PROCEDURE~ :Figure~33~ are desc~ribed later.)~

The TNSTALL~program ~ust get the disk t~pe æata and~ boot : sector~d~ata in thè ~same~way:that the CREATE
APPLICATION ~DISKETTE~PROGRAM` did in ste;ps 110 and 120, a:nd :2~5~ read~ t~he FAT ;:sectors as was done~in step 130. It does t~his~in steps 310 through 330. It then~ses through the FAT ~o identify~the:bad spots (step 340).

,: ::::: ~ :

::: : :

WO93/~1582 213 3 9 6 0 PCT/US93~03669 ~ ?

Step 322 may appear out of place, but~has an important value. Steps 322 and 324 a e used to .protect against a user copysng the installed software in a : ~ speciic manner. Once the application is installed, a ~ ~;5 user could copy the application program file and the : spawned ONCE INSTALLED P~OTECTION PROG~AM file on a sector by sector b~sis, keeping track of each sector and its physical sector address.: The user could the~ run the SOFT~ARE KEY PROGR~M to turn the application O~F. The user could copy the sectors back to the disk, which leave~
~: it in an O~: condition. The user could then use the SOFTWARE K~EY DIsKE$TE:to turn the application ON on anoth~r ~compute~,: leavin~ 2 running copies. To prevent this:~the~TURN O~F~function of the SOFT~ ME KEY PROGRAM
;15 changes ehe name of the ONCE INSTALLED PROTECTIQN PROG~AM
; and~truncates it.::~:The new name of the new file is stored in -the USER D~A RECORD on:all of the diskett:es, but is one o~ many, making the predictabilit:y difficult. This process:~also exists:: if the SOFTWARE KEY OPTION is no~
Z0~ used.~ The uninsta11, install process will produce the , same~ res;ults ~for~the user. Checking ~o 5ee if this file exis~ts~in :step 322~ and:~ writing to it ~ in step 324 means ha~, if ~ a user~wri'ses the ~iles back :to 'ch~ disk sectQr by sector,: the~ONCE INSTALLED P~OTECTI~N PROG~AM f;le will 25 ! no~ be in :the: f le directory and the user may have destroyed his file~direc~ory structure by writing over a sm~ller file.: ~he: process that creates this smaller truncated:file also:~writes many s~.all files to the disk to increase the :probability of destroying the dire~tory ~; 30~ structure of the:~i1e system. It should be noted that ~: this process performs no actions outside of those normally :

: :~

~ 093/21~82 2 1 3 3 ~ ~ ~ PCT/US93/03669 , allowed by the computer's file system. It would ~e t~e user's illegal action that is destructive.

In step 350 the program verifies the bad spots.
: I:t translates the bad spot cluster number that is stored 5 ~ in ~ :th~ FAT table into Head, Track, and Sector values.
: These values are used to do a physical write and read of these: sectors. This is done without going through the file system which is usually used to:read and write to the ;dis~kette.~ If the wr~ites:or the reads are not successful, thQ d3;ske~te has a ve~y high probabili~y of being an ari~ginal appllcation~di~stribution diskette and not a copy.
SQme~of t~he sectors: ~wi:ll return su~cessfully from the wr~ites~ and :reads~,~ but i~ they are all good, the diskette is~s~copy:.~There;are~computer experts capable, with a lot ;l5~:of:~time~and:work:,~of using DEBUG mechanisms to find places in~`programs where~::input/output: functions are going onO
They`~ may~ examine~ what~ is happening here and chan~e the program;to branch around this write/read:code, return the éxpected~r~eturn;code~and continue. In ~his case, however, 20~the~program~9et~s~;~a~ra~ndom number and either performs the wr~ite/read~rout;ine~on~a~known good~sector or a bad sector.
The~ rèturns f~rom a~:good sector must~a1ways:~be goodO If they~ are not:the`program is:terminated.~ The return from the;~bad sector wr~ite/reads can be good:or bad, but some 25 ~must;~be bad. ;Th~i~s;~makes~i~t very difficult for a person to :m~ determin what is~expectéd by the program~ To further make~:it:d;~ficul:t for a computer expert to avoid the copy p:ro~ection~, the~program gets another random number. It uses this number to~determine which of several, duplicate 30~ write/r ad routines that are distrlbuted throughout the , : :

, : :
.
:

WO93/21~82 21 3 3 9 6 0 - PCT/US93/03~9~-program is used. This means that after an expert spe~ds time finding the location of the code he wants to monitor, he cannot predict if or when it will be used again, or or what reason ~good sector test or bad sector test3 it will ~: 5 be used again.

One additional scheme adding to the problems of the expert out to break~the protection is that at random : times throughout the write/read test process the install process will spawn a separate program to do the write/read 10~ test. (See ~Figure~:~8). Step ~70 gets a random number.
Step 472 reduces~ this random numb~r to a number used to : make a:determination. ~Step 474 makes the determirlation of which write/read~;rout;ine to use in the program, or to spawn: a separa~te ~write/read program.

5~ he SPAWNED WRITEjREAD PROGRAM is shown in Figur~ 24. Step 1710 does the write~read o~ the sector pass~d as~ an argument~ This program can look at the ~AT
:and~determine if::~a~good write/read or bad write/read is expected4 If the:wr~ite/read results are a5 expected step 20~ 1730 returns a:good~value. If they are not~ step 1740 e~ases the app1ication program. Then step 1750 returns a bad value. This~makes it very difficult for the expert ecause most debu:ggers will not work on two programs at : the same: time~ Thi~s ~SPAWNED WRITE/READ PROGRAM can also ` 25 take~action on its:own;if the results from the write~reads :
are n~t what was expected. This means that the expert's actions to intercept the returns ~rom the spawned program : will not allow the~ expert to bypass the application's protection.

, '~.. V093/21582 2 133 3 ~ P~T/US93/0366g .

:
Step 360 tests the return from the routine that verifies the bad spots. If the return indicates that all of the bad spots are not really bad, the program stops and will not continue with the installation. The verify bad ~::5~ s:pots step consis~ts of:lower level steps 420 through 466 shown in Figure 7.

Steps~420 through 466 perform the actual tests of the bad sectors to:insure that some of the bad sector~
:~ are really bad. While this is happening some write/r~ ~
10 ;~o~f~ good:~sectors be~done;:to confuse any attempt to ool the pr~g~am:by using a~DEBUG~mechanism to return an expected retur~n ~code :from~ ~the write/read routines. There are ;severa:1 of these~routines~to make it more d:ifficult for someone tryin~ to:break;;;the protection.

5~Step q20 sets~a:~random number. This can be done wit~h~ random n;um~er ~eneration routin~ or~ simply by get~lng~ the ~cu~rren~t: system: time ~if it in ludes a mil~lisecond~va1~e~ ;If~the ~alue is e~en, a write/read test~ w~ be perfor~med on~a good sector rather than a bad C ~ O~ one~ If ~this ~mechanism is~ int:~ercepted :by a ~ DEB~G
mecha~ism,~:and;~à~`bad~return is~in~jected into the pr~ocess by u5ing the D~BUGGER,~the program will ~terminate~. Step :43~ passes contr;o1 ~to st;ep 460 ~-hich picks a write/read rou;tin~e~or spa~Ds~ the;~WRlT~/READ PROGRAM to execute for 25~ th~e~ good sector.:~:There are severa~l~of these write/read sec:tor routines in~t~he program in different p~aces to make it~di~f~icult~ ~or~:anyone to predict which routine w:ill be used.::~Step 460 is~comprised~ of lower le~el steps 470 through 480 show~ ln Figure 8.

: ~ ~ : . ........

W093/2~582 PCT/USg3~03~6~
21~39~

Step 470 qets another random number. Step 472 divides this number by the number of writejread routines in. the program + 1. If the remainder i5 0, step 474 passes control to step 476, which spawns the WRITE/REA~
S PROGRAM. The remainder is used in step 480 to pick the write/read routine to use.

: Step 462 actually calls the picked write/read `~routine to test the good sector~ Step 464 tests to see if the return was a good write/read. If it was, control is : 10 ~as5ed~ :back to step 420 to continue and try again, else s~ep 466~ returns an~ "invalid diskettei' code and the progr~m will terminate.

If the nu~ber: generated in step 420 was odd, control~passes to;step 432 which performs the pick write/
15~ r~ad~ sector rou~tine~:(steps 470 throùgh 480). Step 434 calls:~h:e write/re~ad of the possibly bad sector. Step 436 tests~;th ~return:~to see if the sec~or was bad. If it w~s bad,~step:438 adds~l to a bad flag vari:~le. Steps 436~
i ~the:: r~etur:n was~good, and step 438~oth:~9O to step 440 to che~k~i:f it has:gone through enough bad spots (e.g. 20 :: in: the routine shown). If enough bad spots have not been tested~ l is added~to:the number of tries in:step 450 and the routine goes back to step 4~0 to get a new random : :number. If enou~h bad:spots have been tested, a check is 25~ pe~rformed in step 4~42 to see if any o~ the bad sectors : we~e:~really badO :If ~he answer is yes, a "valid diskette"
va~lue~ is returned~in step ~44, else an~"invalid diskette"
value is returned in step 446.

~ 93/215~2 2 1 3 3 ~ 6 ~ ` PC~/US93/03669 If the bad spots indicated in the FAT are al1 good, the program stops the installation in step 370. If some of the bad spots are really bad the program continues to step 380, which ~inds and unscrambles the USER RECORD.
Step 380 has lower level steps 490 throu9h 530 shown in Figure 9.

:~ The unscramble formulas must be the reverse of ~ the scramble ormul~s u~ed in the CREATE APPLICATION
: :~ program. If they are rot, the application file will not be usable after the install. In addition, the l~cation of ~: ::: the bad spots on the in~tallation diskette must ~e in the sam~ places as they were during the CREATE APP~IC~TION
program. Also, the bad spots indicated:in the F~T mus~
: : contain~some sectors that are really bad~ In add~t~on, ~the USER ~RECORD must u~scramble to a valid record. In addi~tion,~the modulus actor in the USER RECORD must be ;the:same as:~he~USER~RECORD modulus factor when:~he CREATE
APPLI~ATION program was run~ If any of the~e are not as they~ should be, the unscramble will not work or will not ~20~ wor:k proper~y.

: Step;490 of the unscramble USER RECO~D procedure ; gets :a ~scra~ble variable value based on the locat-on of the:bad spots. This:step is the same as s~ep 250 ;n the CREATE APPLICATION program. Step 500 is the same as step 25~ 280 in the CREATE:APPLICA~ION program and find~ the fi~st 2~0 good unused se~tors on the d1skette. Step Sl0 reads the good sector corresponding to tr.~e scramble variable.
Step 520 unscrambles each 16 bit word in the reverse .
manner that step 260 scrambled each 16 bit word did in the ~ :

WO93/21582 . ~ PCT/VS93~03669 .
213~9~

CREATE APPLICATION program. Step 520 reverses the e.fects ~f step 270. At this point the USER RECORD is in memory and the modulus factor:may::be accessed.

Step 390 (Figure 62) checks to see if the USER
S RECORD is valid by checking the modulus for a valid value be~ween 3 and 14. I~ can also be checked by using a check digited serial number if the software publisher desires an ~ ~ additional level of valldation. Other validity checks may : also be used. If the USER RECORD is not valid, the l0~ i~nstallation is stop~ed at step 400. If the USER RECORD
is ~a~id the program proceeds to step 410. Step 410 :
: uns:cram~les and installs the application program file on the user~'s compu:~er. Steps 540 through ~30 shown in , Figure 10 are lower:level steps of step 410.

;15~: :Step 540 asks the user what the n2me of the pr~ogram to install is::and the path to install it to on the use~ '~s : Gomputer . In~ a production mode ~he ~irst question :~: would:~:not be asked ~as it would be built into ~he INSTALL
pr~gram. ~ ~

20: ~ Steps 550~ ~ through 600 are buil~ to unscramb~e the scrambling done~ i~n steps }80 through 230 of the C~EATE
APPLICATION pro~ram (see Figure 103.; Step 550 rea~s two, ~512 byte blocks of the application program file. Step 560 creates the scrambl:e~variable from the location of the bad spots and the USER RECORD modulus factorO step s70 : reverses the scra~ble number of bits in each word in the vpposite manner than was done in step 200 of the CREATE
~PP~ICATION program~ Step 580 unscrambles the words ~-~vo 93/2~5g2 2 1 3 3 9 6 ~ PCT/U~93/03669 within the block in the reverse manner of step 210 of the CREATE APPLICATION program. Step 590 writes ~he blocks, ~eversing the order of the two blocks it is working on, to the file of the path the u~er specified in step 540. The :5 pr:ogram checks ~or end of file in step 600. If end of file has no~ been reached~ the program returns to step s50.

When end of the file has been reached, the program th~n checks the USER R~CORD to see if the SO~TWARE
~: 10 KEY opt;on is on for this software publisher's program.
If it is not, the program returns to step 410. If the use o ~be SO~TWARE ~EY option is on, the program replaces the fi~s:t 512 bytes ~of the installed program file with the NOTON program. This~renders the program not usable and l5~requires~the use of~;the~SOFTWARE KEY to turn it ON.

After ~the application file has been installed, the:~INS~ALL program~performs the set ~p procedure, step 41:2, :~or: the ONCE ~IN5~ALLED SOFTWARE PROTECTION. This consists of a spawned ONCE INSTALLED PROTECTION PROGRAM
: :20~ that~will be usèd:~to ensure that the:installed application : program file is the one originally installed and not a copy.~ ~ This program is written with some memory constants set to specific values allowing the INST~LL program to ind them and change them. These constants will be ~; 25 replao d with systPm values that identify the hard disk : and the ;nstalle;d app~lication program ~ile as those : originally instal}ed. This is done in step 412 which :consists of lower level steps 1280 through step 1400 as shown i~ ~igures 21a and 21b.

::

WO93/21582 213 3 9 6 0 PCT/US93/03669 ~.

Step 1280 unscrambles and copies the ONCE
INSTALLED PROTECTION PROGRAM to the installation disk from the diskette. Step 1290 looks for the firs~ constant of a : predetermined pattern in the file. The constants are set at program compile time. The constant is replaced with the ASCII character ~alue of the physical cluster address of the beginning of the application file in step 1300.
: Step 1310 finds the next constant. step 1320 replaces this with the ASCI:I character value of the first cluster address of the ONCE INSTALLED PROTECTION PROGRAM f ile .
:~ This ensures that the program files are valid at execution time because when the once installed protection check is done these values must be equal to the current actual cluster addresses~. ~Fun~tions in the UNINSTALL process and SOFT~RE KEY process (changing the name of the ONCE
STA~LED PROTE~T~ON PROG~AM:file and shortening it) make it nearly impossi~le to copy these iles off and replace them. Steps 1330 through 1350 loop:, putting the names of dummy file~s into the ONCE INSTAL~ED PROTECTION PROG~AM.
One of these :files will later ha~è needed data in it.
: : These files also w~ill create:problems or someone tryi~g ; : to copy off the application ile and ONCE INSTALLED
PROT~CT~ON PRO~gAM f ile and replace them after ~ unins~alling or~ turning the appli~ation O~. Step 1360 ,~: 25~ creates and writes these files. Step 1370 does the BUILD
SY5TEM VERIFY DATA process. Most computers will tell you : the version of ~he operating system now in use. This can be used as one step in system veri~ication. If the ~:~ application is moved to a computer with a different : 30 version of the operating system, this check will return a bad value.

.

--~093/21582 ~ 13 3 9 ~ O PCT/US93/03669 There are 3 lower level steps to step .1370.
They.are shown in Figure 25. Step 1760 gets the operating system version. Step 1770 gets the hardware configuration. This ~ay be in the ~orm of a set of words;: 5 stored in the operating system or ma~ be gathered by looking for registered peripher~ls. Step 1780 stores this ~: information in the U5ER DATA RECORD structure in memory.

Figure 26:~shows the 7 Iower level steps that make up step 1380. : The function of this set of steps is ~o record a set of traits of ~he hard disk that may ~e : ~ tested at a later time to determine that this hard disk is he one that the applic2tion was installed on. This step coll~ec~ts: data: used: to identify the hard disk that the application i5 instal~led on. If the~application is ~opied 15~ ~ to a disk on another computer, it will not pass this test and~will not run.~ Step 1790 :sets~ the location of a : ; pre:determined~ num~er of bad spots or as many a may exist ;up to:this number.~ Step:1800 reads each bad spot a ~u~er of~times:.~ Man~ hard ;disks are supplied by the 20~ manufacturer~ with~a list of bad spots. The fil~e system o almost 311 computers ~will never ha~e raason to write to :the~se~locationsO~ :A~trait of magneti:c disks is that a secto~ t~a~ :is marginal may read bad some tim2s and good ;at other times. .~ The manufacturer usually tests these spots to a finer margin than can the disk drive itse1f~
:When the disk is formatted, the format function will write a recognizable pattern to the disk sectors. By reading the~ bad spot a number of times, the amount o~ the sector that is currently: not stable may be determined. Sectors with small bad spots may often be able to be written to W~93~1582 PCr/US93/03~6g,-.

and often su~cessfully. In their current state, these bad spots will not read properly because they were left with a bad block check character. A block check character is a piece of data that is calculated from dat~ in the data block written to the sector. This block check character, often called the CCR, does not agree with the data in the sector for these sectors. By determining i the bad section of this sector is small, we can guess that there is a good probability that if this sector is written to, it will write and read correotly. ~Tests have verified that this happens much of the time). I in the future ~: this sector is read, and the read is good (the data agrees with the CCR), it ~.eans that this sector has been written ~: to indica~in~ that an individual sector by sector copy of the disk has taken plac~. If the bad section of the ~d : sector is small, control is passed to step 1830, which : marks the sector as a ~'maybe good" bad spot in a data : structure. If the bad section of the sector is large, the ::~;: sector is marked as a "should be bad" bad spot in the data structure. Both steps 1830 and 1820 pass to step 1840 which sav~s ~he bit patent of a section of bits close to the good sector pattern. This may later be tested to determine the possibility that this sector was written to.
StQp 1850- store this data as a data structure~ Con~rol is then passed to step 1390 which scrambles this data.
Step 1400 then writes it to a dummy file.

It can also be of value to put real data into the good section of some o~ these sectors. Th;s will ~: serve to require that a sector by sector copy be re~uired to read/write the bad spots as well as the g~od sectors.

,- ~W093~ 82 213~1~60 ; PCT/US93/03669 CREATE SOFTWARE KEY DISKETTE

This program, shown in Figures 11 and 12, creates a diskette called the SOFTWARE KEY D~SKETTE. It is used to turn the application that may be installed on :5 many computers, ON and OF~ while insuring that it will be ON on no more than~one computer at a time.
, : ~ Step 6:40 consists of making physical bad spots on the diskette in the same manner done in step 50 for the CREATE APPLICATION: DISKETTE procedure. This diskette is lO~ then formatted (ste:p~650) as in step ~0. Step 660 copies th~ SOFTWARE KEY program to this diskette. Step 664 copies~ the SPAWNED WRITE/READ PROGRAM to th;s diskette.
S~ep~ :6~70 runs the CREAT SOPTW~RE KEY PROGRAM. This step consists of lower:level steps 680 through 750 shown in :lS; Fi:~ure 12.
, CREATE 5~F~WARE KEY DISKE ~ E PROGRA~

his ~program copies the NOTON program and the first ~512 bytes~:of~ the : application program (file STBLK.ABC~ to the SOFTW ~ E KEY DISKE~TE. Step 680 reads : 20 t~e custome~ reco~rd.~ Step 690 gets ~he disk type data.
Step 700~ reads the boot sector. Step 71~ reads the FAT
sectors and gets the first 20 bad spots~ Step 720 puts : the~modulus factor and file status into the user record in : me~mory. This data` is copi~d from the cus~omer record.
:: 25 Step 730 copies the NOTON program file to this diskette.
Step 740 copies the first block o the application program to the diskette.~ ~t is put in a file called FSTBLK.ABC, W093~21582 PCT/~S93/036~9 ~
2 1 3 3 9 6 ~ !;

; in the present example. Step 750 scrambles and writes the : USER RECORD to a hid~:en location on the diskette and may use the method shown ln Figure 5.

Many o~the:above step function descriptions are 5 ~the same as steps in :the CREATE APPLICATION DISKETTE
:::~:: :~func:tions. ~ ;

SOFTWARE~KEY PROGRAM
, . :
~: :
:This~program, shown in Figure 13a and 13b, is on the ~SOFTWARE ~KEY~; DISRETTE and is used to turn the 10 ~ nstalled~appli;cation~ON or O~F on~a computer.

:: Turning the:app1ication OFF invo1ves rep1acing the~Çirst~5l2~byte block:of the:applicat~ion~;~program with a smal1~:p~rog~ram that~tel1s the user that::the app1;cation is turned~ :OFF. ~ The~ program: also updates the hidden VSER
15~RECORD~on~t~his~diskette setting: the~status to a value indicat~ing~ ~tha;t~ t~h~e~ last thing ~it; ~did was turn the application;OFF:;.~ ;;The s~tatus-~:must~be that~the last action was:~to turn ::~the~app1ication OF~before i:t can turn the app1ication~0N~on~an~:~rom*uter. Tur:ning thq application 20~0N ~involve;s read~ing~and~unscrambling~the file~;-FSTBLK.A8C, which~is :the first~:~512 bytes~of ~he application program.
IE the status:::is~;correct, the~ SOFTWA~ ~EY PROGRAM
replaces~ the~NOTON pr~ogram~in:the ~irst~512: bytes ~of the app1ication~progra~m fi~le with the re:a1 ~irst 512 bytes o 25~the~appl:ication~;program file~. ;Turning~ ~the: appli~cation on : ::a1so ::gets a: ~:rand~m number that is stored in the ONCE
INSTALLED PROTECTION PROGRAM and the USER~ DATA record :~:

~: :: :
~:~
:

~ W093/21~B2 2 13 39 ~-~ PCT/US93/03669 which is used for validity tests in other places. This program also spawns the ONCE INSTALLED PROTECTIO~ PROGRAM
to verify that the installed application program is valid and not a copy. It al50 performs functions that will : 5: create problems for the user if other illegal copy schemes : : are tried. The SOFT~ARE KEY PROGRAM description follows.

Step 760 gets disk type information, as was done in step 110 of the CREATE APPLICATION DISKETTE: programO
Step 770 reads disk set up information as was done in step : ~ ~ 10 120. Step 780 ~read~s the FAT sectors and step 79C
identifies the f;rst 20 bad spsts and the fi~st 20 good spots. ~ ~

: : Step 800~ verifies the bad spots as was done in :step:~:50;of the INSTALL program and may use the me~hod lS~ shown in ~igure 7. Step 8l0 passes control to step 820 i the bad spots are not really bad. ~Step 820 stops the - :p~ogram and does~::not change.the status of the application.
If some: o~ the ~ad:spots are really bad~ control goes to step 830. Step~830 gets and unscrambles the USER RECORD
, ~ ~
2~ the same manner:that the INSTALL program did in step :380.~ At this point step ~40 (Figure }3b)~checks the validity o the:USER RECO~D. The modulus value must be between 3 and 14 and the status code must be 23332 or 32223. If this t;es~ is not passed step 850 stops the 25:~program and :leaves the st~tus of~the application on this : computer unchanged.

~ If the test is passed, the p~rogram proceeds to - :: : step 85~ which spawns the ONCE IN5TALLED PROTECTION
:

WO93/2158~ PC~/US93/03~69~
2133~6~

PROGRAM. This step consists of the lower level steps 1410 through 1620 snown in Figures 22a and 22b.

This spaw~ed program tests data that was stored in it during the install process with data retrieved from the computer's file system. Step 1429 gets the physical disk location of the ONCE INSTALLED PROTECTION PROGRAM.
: ~ Step 1430 checks to see that this location is equal to the value stored in the ONCE INSTALLED PROTECTION PROGRAM. If they ~re not, control is passed to step 1490 which can erase the application program file and will return a bad va:lue to the SOFTW~RE KEY:P~OGRAM which will not continue.
:~ If the test is good,:step 1440 will get the actual disk clust~er of the~application program fiIe. This must match ~ with the data~stored in the ONCE INSTALLED PROTECTION
N~ 15 PROG~M or step 1450 ~passes co~trol to step 1490, terminating the process. The disk location is used as a al~i;dity ~test because only one file can have this disk add~ress, thus a copy~ of the :application prog~am file cannot: be turned~off. If this test is passed, step 1~50 2~0~ passes control to~step 1460, which will get the first X
bad: :spots .on the~ hard disk. Almost all hard disks have : bad; : spots. The : ~:bad~ spots: provide a way of uni~ue~y identi~y;ng~ the~ installed hard disk. Thus, copying the ~installed application program file:to another hard disk 2~ will make the SO~TWARE KEY PROGRAM not function. Step :14~0~makes sure that the bad spots put into the ONCE
INSTALLED PROTECTION PROGRAM at installation time are on the current hard disko If they are not, control is passed to step -149~ to erase the application and return a bad - 30 value. If they arev control continues to s~ep 15n~ which :

~ V~93/~15~2 PCTJUS93/03~69 ~133~6~

checks ~or the dummy file that should have the built system verification data and hard disk verification data :in a scrambled form. Step 1510 reads the dummy file and unscrambles the data.~ Step 1520 does the SYSTEM V~RIFY
procedure. This step has 5 lower level s~eps shown in Figure 2~.

St~ep l a 6 0 gets the current operating system version. Step 1870 checks this aqainst the version that was stored in the dummy record. If they are not equal, a "not valid" value is re~turnedO If they are equal, con~rol is pa~sed to step 1880 which checks the hardware list with : the~ :lis~: stored in~ the dummy record. If they are not equali a "not~valid" value is return~d; otherwise step 189~0 returns a "good~value".

l5~ : If ~the returned value is good, s~ep 1540 does :;the~ Hard Di:sk Ver~ify~:procedure~ This procedure is made up o~lower~level:stèps~ 1910 through 2060 shown in FIgure 28.

: The ~dummy :file which contains a data structure :wi~h bad spot data~as been read. Step 1910 goes through this st~ucture;: to~; see if there are any bad spots with small bad:sections. If any "maybe ,ood" bad spots exist, they are read in step 1930. If they read as "good" it : ~ : means that: they :were never bad and we are not on the original install hard disk or that:someone has w:ritten to 25 them, which means that someone has tried to break the protection. In either case a "no good" value is retur:nedO
This "~o good" : value will require that the original IN5TALL DISKETTE or SOFTWARE KEY DISKETTE be used to : ~
.
::

WO93/21582 1 PCT~US93/036~9 ~, 2 ~

.

verify the installed application program. I~ the "maybe go~d" bad SpOt:a re~d as~ "bad", c~ntrol passes to step ; 1920, which checks the~bad spot data structure for "should be bad" bad~ spot~s. If~there are none of these, control 5~ passes to step 1930 which, returns a "good value". If the~re are some "sh~ould be~ bad" bad spots. Step 1960 starts a~loop to veriy these~bad spots~ The~ reason for this set of~ s~eps is to ~ensure~ that someone does not copy the enti~ré~hard~disk~ sector by sector, turn the application 10~ OFF or uninstall it so that it can be TURNED ON or reinstalled~on another computer, and restore the hard disk sector ~by~ sector~ ;Wh~n~ data ;s writt`en to ~isk bad sectors~ data around the~bad part of the~sector changes to a ~ ~ ticeab~le~degree.~ ;That is, it is possi~ble to~detec~
` ~jn~da~t~a is~writte~n to a bad~sector, even if it is the s~ame~-~dàta~that was~read~from the sector.

Step 1960 reads the bad spot. Step 1970 does a bit~;pàttern;~test~ T~his~tes~ts ~the~bi~ts~closest to the good p~t~of~the bad~ sect~or.~This is~de~termi~ned by pi cking 20`~bits~close~ to~the~correct pattern~;w~r~itten~by formatting p~og~ram.~ ``If~ the~di~f~ference ~etween~thesè bits and those s:to~ed~ in~ the~:dat:a~structu~e is small, the test is passed a~control;is~passed~to step 2~020~which~gets the~n~ext ba~
spot and continues~the loop. IE the test is not passed, 25; control goes to ~step ~1980, which determines if the bit pa~t~tern~is close~a~nd~most likely good. (~ad spots do~ get worse with-~time,~ This~step~notes the slow change in a bad ;spot.~ If the~test~is;~questionable,;not~pas~sing the test in ~step 1970,; ~but not ~bad enough to go to step 2000, 30~ control is passed~-to~ step 1990. This s~ep takes -the :: ~- ~ i :

: : ~

-~YO93/21582 ~ " `~CT/US93/~3669 213~9~

current bit pattern of the special section of the sector and writes it ir.to ~he b~d spot dat~ structure. There is then a new test bit patt rn for this sector. Tf the test in step 1980 does not pass as questionable, control passes :~ S to step 2000 which will verify that the sector is really : ~ bad and most likely:has been written to. If the sector : tests as "no good", 1 is added to bad totals in step 2010.
If this is not the case, control is passed to step 2020 to cont;nue the loop. When the loop is an`end as determined : 10 by step 2030, contr~ol passes to step 2040. This step : calculates the percentage of sectors determined to have been altered versus tho~e that have passed the tests in :steps 1970, 1980,~ and 2000 as not a1tered. This percentage is not tested against 0. It is possible, but not ~expected, that the expectations be tested within predetermin~d bounds.~ They may not exactly match the e:xpe~tations~ because bad spots will not always act in a predi~ct:ed:manner. ~If the "bad totals" are not within ~bou~ds, step ~050:returns a "no good" value. If the "bad totalst'~ are ~ithi~bounds, step 2060 returns a "goodl' , alue. ; -~ .

Control;is returned to step lSSO o If the re~urn va~lue~is "good"~ con~rol is passed to: step lSÇ0, which returns a "good" ~:value to step 854. If the test is not passed, control pas~ses to step 1570. The next set of : steps is performed if the system verify test or hard disk ~ verify ~est are not passed. The system test and hard disk :: test may fail on very rare occasions even though the user :: has not trîed to steal the application software. If is possible for the system verify test to fail if the user WO93/21582 PCT/US93/03b69 ~-2i~39~0 ~s installs a new operating system or adds new hardware to the computer. The hard disk ver~fy may ~ail if the bad spots take an unexpected~turn for t~e worse. (Bad spots ~ ~ do grow, but the system will, in most cases, k~ep track of ,~ ~ 5~a-nd~ ad~ust to the~changes of the bad spots.) Step 1570 checks to see i the SOFTWARE KEY o~tion is on. If it is, co~tro1 is passed~ to step 1580, whi h requests the SOPqW M E`~KEY DISKETTE. If not, step 1590 requests the STALL DISKETTE.~ Both of these steps lead to step 1600, 10 ~ whIch~ does an ~absolute verify that the installed software app~ication is~the;~valid current ve~sion or the origina1 prog~a~.~ ~ This~ ~is~done bv comp2ring the stored random ; nu'mbe~r`~stored l~n the~USER DATA RECO~D on he diskette and n~the~ONCE INSTALbED PQOTECTION PROGRAM during the C~EAT~
lS~ ON~E~ STALLED~PROTECTION~ procedure. ~;If this test is passed,,~step 16l0~r~e-crea~es the ONCE INSTA~LED PROTECTION
meé~ ni5mO~ If~the test is not passed,~step 1620 ~performs the~"DOES NOT~ PASS"~procedure, which;ma~kes~ the application n~t~usabl~

: ao~ Re~uIri~ng~the use of the~SOFTWARE KEY DISKETTE
oF~the~INST~LL DISKETTE for absolu~e ve:rification of ~his Qpy~of~the application ensures tha'~the ailure of~ the system~erifica,~ion~or har~d dis.k~ve~rification will not k~ the~application~ hen they shou'~d not. This, however, 25~ shou1d~seldom happen.

ontro;l~ returns to ste~ 854. If a ~Ino good"
value:~is~:~returned~ control passès to step 850, which stops :the program. If~ the return is "cood:" control passes to step 860. ~

::: :

~093/21582 PCT/US93~03669 ''-` 2f~96~' I~ t~ test is passed, step 854 proceeds to step 860 w~lich asks the user if he wishes to turn the application ON or OFF. Step 870 checks the user's intent.
I the user wants to turn the appli~ation ON step 880 checks to see if the status in the USER ~E~ORD, indicates us that the last action taken by the SOFTWARE KEY program was to turn ~e application OFF. If not, control is passed to step 8~0. If yes, control passes to step 890 :~ : which checks to see if the program is already on. This : lQ should not be possible. The chPck consists of searching ~:~ th~ first 512 bytes~of the application program file for the string value, "THE~PROGR~M IS TURNED OFF". If this is ound the NOTON program is the first block of the application file, indicating us that the program is turned 15~ OF~ Con:trol is passed to step 900 which performs the TUR~ 9N procedure. :This step is made up of the 9 lowe~
level: ~eps from 2070 to~150 shown in ~igure 29. Step : 2070~ chec~ks to~see~he ON flag in the USER DATA re~ord is on~ If i~t~is not,~:control passes to step 2100 and the 20:~proce~s can continue.: ~I it is ON, control passes to step 20;9:0, which checks to~see if the random number s~ored in :the~: USER DATA re~ord is e~ual to the number s~ored in the NCE~ IN~TALLED PROTECTION PROGRA~. This number was ~ . :
cr~ted and stored~:durin~ ~he last TUR~ 0~ processO If the:ON flag is set and the numbers matchr t~is program is :~ ~ already 0~ and~ valid. An error message is producPd in step~2092 and step 2094 returns to step 8600 I the ON
~:
flag i5 set and the numbers do not ~atrh, this appliction is on and not valid. In this case control passes to step 30~: 2~80 ~whIch performs the DOES NOT PASS procedure. This : ~ procedure makes this copy of the~application not usable.
~-:

;

W093/2~582 PCT/USg3/03~69 , Th~e DOES:NOT PASS procedure is shown insteps ~: 2310 throu~h 2360. 5tep 2310 cnanges the name of the O~CE
`
INSTALLED PROTECTION PROGRAM. Step 2320 makes this file shorter~ than it ~i~s. Step 2330 writes to this new file.
5 The: reason for thèse steps :is to leave the file system in a ~uestionable s~tate::~if a special program tr es to copy the program files off ~of the disk in a sector mode and ::late:r replace them in the same place. If this is done,.
~ the~file system~wi;ll~not find the ONCE~ INST~LLED PROGRAM
- ~ 10 in the same ~pla~ce~ Other checking functions will check for this~file and wr~ te~to~it, destroying ~the overlayed copy~of~the:ONCE:~INSTAL~ED PROTECTION PROG~AM. Step 2340 de~l:etes~a:ny dummy~fil~es~that may exist. :Step 2350 creates ;new~ dummy~ ~iles~whi~le~step 2360 write:s to them in volumes 15~ great~er~ than~1 clu~ster~ These steps raise the possibil~ty that~ f~ es~ will~be~written in places where the old ONCE
INSTA~LED:PROT CTION:PROG~AM was. ~rf these :ile areas are .ove~:r;written~ by~a:~ program restoring ~the ONCE INSTA~L~D
PROT~TION~PRORAM,~t~he~application~prog~ram will nat ru~O
20~:The~ O~E~ IN5TAL~E~ PROGRAM must be~complete, in the same p~ace~as: befor:e~ access:ible by the file:system. The dummy f~iles~ mus~ :exist`;~also ~for the appl:i~ation~to run as the NE~INSTALLEV PROTECTION PROG ~ will look for them.

Step 21~00~writes over the file that re;placed the 25~ ONCE~: INSTA~D ~PROTECTIOM PROGRAM.:~ This will~make:a not valid~copy of the;~ONCE~INSTALLED ~PROTETION PROGRAM ~ not usa~le~ Step 2110~writes over the dummy files and deletes :t~em.~ Thi:s also can~create problems if a user has :done abnormal things to;~ the disk i~n an~effoEt to c~py the

3~0~ ~applic~tion program. Step 2120 ~does the BUILD SY5TEM
~ , ~
, .
~ , :: :

~ .
~093/21582 - PCT/US93/03669 2133~

VE~I~Y. Step 2130 does the BUIL~ HARD DISK VERIFY. These functions must be done because the previous step destroyed this data in the dummy~files. Step 2140 copies the first block of the application back to th2 first block of the ~ 5 applic~tion program file. Step 2150 perform~ the ONCE
: INSTALLED PROTECTION process.

: ~ ~ If the user wants to turn the application O~F in ~ :step B70, control: goes to step 910 which checks the : current status to make sure the last a~tion taken by this program was to turn the application ON. I~ this is not the ca~e, an error~message is returned to the user and cont~ol is: passed~ to step 860. If this is the case, cont~rol~:is passed to step 920 to see if the application program~:file on this computer is ~lready OFF. I ît is an e~rror~message is returned to the user and control is :pa~ssed~: to step 8~0.~ If it is not, control passes to step 930~which~performs~:the TURN OFF procedure shown in ~igure 30 .; ~ ~ This step cons~ists of 12 lower level steps that turn the~application OFF~i all vali ity chesks are passed.

:20;~ ~ ~ S~ep 2160 checks the on/off flag in the ~SER
DA~ re~ordO If it is OFF~ contrsl is passed to step 2162 which gives:the user an error message~telling him that the : : S appli~ation is already off.: Step 2164 then passes control ::: back to step 8~0. ~f the flag was ON, step 2180 checks 25~ the random numbe~ that was stored in the~USER DAT~ record :: :and the ONCE INSTALL D PROTECTION PROGRAM. If ~hese numbers are not the same, there is~a problem that should : : :not exist un~ess someone has tried to put together a not : :
valid copy of the application. In this case control W093/21582 21 -33~ 6~ i p~T/US93/03669 t~ ~ ~

: -48-passes to step 2170 which performs the DOES NOT PASS
procedure. Th~s makes thls cop~ of the application not : ~ : usable. This was described earlier. If the numbers are equal control ~passes~-to s'tep 2190 which changes the name 5~ o~: the ONCE INSTALLÉD~PROTECTION PROGRAM. : S;tep 2200 then sh~or~tens~ the : i~1e.~ As~described earlier, this step pr~vents someone from~copying the application and ONCE
NSTALLÉD PROTECT~I~N: PROGRAM on a sector by sector basis and`copying the flles~back after the turn ~OFF function.
10 ::St~ep~22:10 does~ a~S~YSTEM VERIFY while step 2220 does a HARD
DISK~VERIFY. If~ ei~ther::~of:these steps are not passed, the DOES~;NOT~PASS~funct:ion is~performed in~step 2240 makinq the-:~:app1ication u~n~u;sab~le~. If ~they are ;~ b~oth passed, the N~TON~ pr~g~ram~ is;:~ ;copied to ~:the~ firs:t: bloc~ : of the l5~app1ica;ti~on~program~:file~, making;~the~ application~ progra~
:unusab}e~ After;~the:~successful~execution of steps 900 or 930,~contro1~passes~ ~tD~:step~940 which~ updates the: USER
;RE¢ORD~ S`tep~9~50~ scramble:s:,~ writ~e~s~and hides the ~SER
ORD~or~the~d~skette.~ Step 960 ~terminates the program.

O~ CREATE EVERGENCY~USE"DISKETTE~

This ~p~rogam,;~ shown in~igures 14~ and 15, créates ~a disk~et~te~alled the~EMERGENCY~USE~DISKETTE. It :IS ~:used:to run:the'::~application:~in~ th:e event that the installed copy,~of~ the::applicatlon;~ cannot be run.' The Z5~ number:~of:~times~ 'that,~,~ the EMERGENCY~ USE copy of the ppl~i~cat;ion~can~be run~is limit~ed. ;::

Step ~9,7~0~ consists:of making physical bad~spots on:the~disk~tte in~:the same m~nner done in step 50 for the ~ 93t21582 2133`~ ; PCT/US93/03~9 CREATE APPLICATION DISKETTE procedure. This diskette is then formatted (step 580) as in step 60. Step 990 copies the.APPLIC~TION PROGRAM to this diskette. Step 994 copies the ~PAWNED WRITE,~READ PROGRAM to the diskette. Step l000 S runs the CREATE EMERGENCY USE DISKETTE PROGRAM. This step consists of lower level steps l0l0 through l090 shown in Figure 15.

CRE~TE EMERGENCY USE DISRETTE: PRO~RAM

This program copies the APPLICATION PROGRAM, in l0~ a TURNED O~ mode, the N~TO~ program, and the first 5l2 bytes~ of the application program (FSTBLK.~C) to the E~ERGENCY USE DISKETTE.

Step l0l0 reads the customer record. Step l020 gets the disk type da~a. S~ep 1030 reads the boot sector.
15~ 5t~ep 1040 reads the PAT sectors and~gets the first 20 bad s~ots. Step l050 puts the modulus factor, file status, and~ u:ses :value, which is the. number of times the :app1i~ation on ;the EMERGENCY USE~DISKETTE will run, into t~e:user record in~memory. This data is copied from ~he ;: 20 ~cus~tomer record. ~Step l06~ copies the~APPLICATION PROGRAM
f:ile:to t~is diskette. Step 1070~ copies ~he NOTON PROG~M
and ~the first block of the application program to the diskette. It is put in a ~ile called FSTBLK.ABC~ Step 1080 replaces the ~first 512 bytes of the application proqram with the NOTON program. Step l090 scrambles and ~: w~ites the USER RECORD to a hidden location on the diskette.

WO93/21S82 PCT/US~3/~366~
2 ~ 91~6; 0~ ~
.. ~ ~.. .. . .

Many of the above step function descriptions are the same: as steps in the CREATE APPLICATION DISKETTE
functions.

~MERGE~CY USE PROGRAM

This program, shown in Figures l6a and 16b, is ~` ~ on the EMERGENCY USE DISKETTE and is u~ed run the application in emergency situations. It verifies that : this diske~te is an original and not a copy. It then :executes ~he APPLlCATION PROGRAM, low~rs the number of l0~ USES left by one, and terminates.

:Step 1100 gets disk type in~ormation, as was done~in step ll0 ~of ~the C~EATE: APPLICATION DISKETTE
:p~oyram. Step l~ll0:~reads dîsk set up information as was done~in:step 120~ 5tep 1120 reads the FAT 5ectors and 15 ;s:tep ll30 identiies~the first 20 bad spots.

Step~ 1140; veriies the ~ad spots as was done in step~ 3~50~ of the INSTALL program. Step~1l50 passes control to ~s~tep 1l60 i~the b~d spots are not really bad. Step :;1160; stops the:p~ogram and does not ~ha~ge the status of : 20 :the application.~ some of the bad spots are really bad, control goes to step~1l70. ~Step 1170 gets and unscrambles :the ~SER RECORD:~in the same manner: that the INSTALL
progra~did in step 380. At this Doint step 118n (Figure 6b) checks:the validity of the USER RECORDo The~modulus : 25 value mu5t be between 3 ~nd 14 and the statUs code must be ~;; 23332 or 32223. If this test is not passed st~p ll90 : :: :

j~;?~O~3/21582 PCT/US93/03~69 3~3~

stops the program and leaves the status of the application on this computer unchanged.

, : If the test is passed, the program proceeds to : step 120~ which checks to see if there are uses left. IE
5~ there are no uses left, con~rol passes to step 1210 which stops the program. If~here are uses left, control is :passed to step 1~20 which reads the FSTBLK.ABC file. This ~ is:the~first 512 bytes of the application p~ogram file.
:: ~ Step 1220 unscrambles this data. Step lZ30 replaces the 10~:first ~block of the appli-ation pro~ram file on the disk~ette to provide a ~runable copy of the ~pplication program file. Step 1240 runs the application as a child pr:o~ess.
~: : :: :
: When the application completes, control is 5~ returned~to the~EMERG ~CY USE program along with a return code~ i;ndicating~ is~the :run was successful. Step 1250 subt~rac~ts l from the~USES value in ;the USER RECORD. The USER~ RECORD is:t~hen scrambled and~hidden on the diskette in s:tep 12~60.

20~ S~ep I270~:replaces the first 512 bytes of the EMERGENCY US ~APP~ICATIO~ PROGRAM file with ~he NOTON
program making it ~ot usable without going through the EMERGENCY USE PROGRAM

Figure ~23 shows: the flow :of the UNINSTALL
2S ~PRO~ESS. This process is needed for publishers who choose : not to use the SOFTWARE KEY option~. It allows the user to ~ ~ move the application software from ~ne ~computer to : ~:;: :
::

WO93/21~82 PCT/US93/036S9 ' ~ X ~ i . ' ;, -~2-~: .
another. Step 1630 spawns the ONCE INSTALLED PROTECTION
PROGR~M, whicil performs all of the validity checks desc~ibed earlier. I the installed application is not valid, control passes to step 1650, which performs the S DOES NOT PASS procedure, making the application not usable. I~ the application is valid, step 1660 deletes the application program. Step 1670 then performs the DOES
NOT PASS procedure~making the application not us~ble on t:his computer:. Stèp 168~ marks the application as uninstalled in the USER DATA record. Step 1690 unscrambles th~ first block of the application program on : t:he INSTALL DISRETTE.~This is done because the block was : rescrambled, scramb~led~twice, during the install process.
: S:tep 1700 scrambles~and~writes the USER DATA RECORD to the 15 ~d:iskette. The I~ST~LL DISKETTE is now ready to be rei~nstalled.

Figure 33 ::shows a flow of the ~EINSTAL~
PROCEDURE. This pr~ocess provides an option for publishers to~be~able to allow user:s to reinstall the application :: 20~should the curre~nt~: installed application program get destroyed. The USER~DATA record will:have a field for the number~ ~ o reinstalls~done~ and a~number representi~ a speciflc formula~ The procedure starts by having ~he user : mount the INSTALL~ DISKETTE in the floppy drive in step 25: 2370~ Step ~-2380 g~ets :and unscrambles the USER DATA
record.: Step:2390 calculates a number ~rom the number of reinstalls already ~done. This ensu~es that the user : cannot reinstall the application on several computers because the calcu:lated number will change in an ;~ ~ 30 unpredictable fashion depending on the number of the ~:

~ 093/21~82 P~T/US93/03669 ~ 21~3~9~6~

reinstall and the location of the bad spots on the diskette. These nunlbers have be~n recorded by the publisher when the INSTALL DISKETTE was created. The user : had to call the publisher to get this magic number. The R INSTA~L PROCEDURE asks the user to enter this number in step 2400. Step:2410 checks to see iE the entered number : is the expected number. I it is not, the reinstall stops ~ I f the numbers are equal, l gets added to the number of times the reinstall has been used in step 2430.
If another reinstall is needed in the future, the number used in this one will not work in the next one. Step 2440 scrambles and wrLtes ~the:USER DATA record to the disk~tte.
: : The re;install then continues.

Figure 31 shows the flow of the installed :: ~ 15~ application prog:ram t o start the ONCE INSTALI,ED PROTE~TION
PPOCESSi The application spawns the ONCE INSTALI,ED
PROTE~TION PROGRAM. ~ This program then tests to see if it is on the hard disk. ~ This combined with other steps taken during the ONCE INSTALLED:PROTECTION PR~RAM ensure~ that 20~ ;the~ correct versl:~ons~of the programs are being used. If : the~ ONC~E INSTA~LED~ PROTECTION PRVG~ determines that these are:not as:~they sh~ld be, the installed application will become not~:usable. In addi~ion, a "bad't value will e returned to the application program and it will termina~e itself:. ~ If the return value is "~ood", the application will~ continueO

Figures 17, 18, and l9 illust rate the . contents ;~ : of diskettes wh:ich may ~e produced in accordance with the invention. Figure 17 shows an INSTALL PROGRAM DISKETTE

::

wo 93~2lsg2 2 1 ~ ~ 9 6 0 ~ `. ` i- P~T/U~3/036~9 which contains physical bad spots, hidden user ID
information, the SPA~NED WRITE/READ progra~n, the ONCE
INSTALLED PROTECTION program, a scrambled application file program, and the INSTALL program. The INSTALL program verifies the diskette as valid by writing to and reading ~rom bad spots, finds and unscrambles the used information, unscrambles the application program filP, and installs the application in a usable form on a user's hard disk or diskette.

~ F igu r e l B s hows a SOFTWARE KEY DI SKETTE wh i ch contains physical bad spots, hidden user ID information, the ~ SOE'TWARE KEY PR~GRAM, the SPAWNED WRITE/READ PROGRAM, : :and the~files NOTON,COM and ~STBLK.ABC. This diskette is used to turn an installed application on or off. The SOFTWARE KEY PROGRAM verifies the diskette as valid by wrî~ing to and reading from bad spots, finds and unscrambles the user information, copies the NOTON,COM
file ove:r the first block of the lnstalled application to :turn~it off, and unscrambles~ and copies the FSTBLK.ABC
:20 : f~il:e~ over the:fir:st block of the installed application to :
: ~ ~: turn: it ~n.
: : ~ ~ : :
Figure l9 shows an EMERGENCY USE DISKETTE which may be used ~o run an application if the installed copy of ; the application is ~not usable. The diskette contains 25 :physi~al bad spots, hidden user ID information, a copy of the appllcation in a turned off mode, the EMERGENCY USE
: programl the SPAWNED WRITE/READ program, and the NOTON.COM
and FSTBLK.ABC flles. The EMERGENCY USE program verifies ~: the diskette as valid by writing to and reading from bad :

~ ~ 093/21582 2 1 3 3 g 6 0 ~ ~ PCT~US~3/03669 spots, finds and unscrambles the user information, unscrambies and copies the FST~LK.ABC file over the first block of emergency use program to make it usable, runs the emergency use application program, and copies the NOTON.COM file over the first block of the EMERGENCY USE
; P~OGRAM to make it not usable.

:

:~
: ~ :

~ :

: .

WO93/21582 . PCT/U~93/03~69.~
21~39;~

-~6-FILES AND PROGRAMS

Files and programs as listed in the appendix and described above are as follows.

EXAMINE.EXE - is a program file used as the application : 5 program for this invention. Functionally the program : dumps disk files to the screen.

FSTBLK.ABC - is a scrambled copy of the real ~irst 512 bytes of the application program.

MK~PPDSK.EXE - is the program file for the CREATE
:APP:LI~CATION DISKETTE program. This program creates the d~isket:te that is dist~:ributed to the user M~E~RAPP.EXE - is~ the EMERGENCY USE program that runs a copy::`of:th2 application program a limited number of times.
:The~ ~application program run will not run without the lS~EMEBGENCY~ US~ program~running it.

MKE~RGCY~.EXE ~ s~ ~the program file for the CREATE
EMERGENCY;~USE; DISKETTE program.~ ~ It creates a diskette allowi~ the us~er~t~o~:run the application if something ~: : destroys the installed application.

20~ MKINSTAL.EXE - is~ the pro~ram ~ile for the INSTALL
: : ~:program. This program is distributed on or with the APPLICATION DISKETTE and is used to install the ~ ~; application on the user's computer's storage media.
:::, ~093/~1~82 ~ D; . PCT/US93/03669 -5?-MKONCE.EXE - is the program file of the program spawned by the IN5TP~LL and SOFTWARE ~EY PLO9raI;IS tO ensure that the installed application program file is the original and not a copy.

MKONOPF.EXE - is the program Eile for the SCFTWARE KEY
program. This program file is on the SOFTWARE KEY
diskette and turns an application ON or OFF after it is installed on a computer.

~ KSFTKEY.EXE - is the program file for the CREATE SOFT~ARE
:~EY ~ISKETTE program. This program creates the SOFTWARE
K~E~ diskette that is used to turn installed application pr~ograms~ OFF on one computer and GN on~another.

NOTONoCOM~ ~ is the program file for:the NOT ON program.
:: : This i:s a small p~rogram that is u5ed to replace the first 15:~:pa~r~t~ of~ the appllcation program when the application is turned~ O~F~ This~::pro~ram tells the user that the application is not~usable and then terminates.

: W~ITR~AD.EXE - is :~the program file~f~r the WRITE/READ
:
PrO9Fam. This:program is spawned by the INSTALL, SOFTWARE
Z0~:::KEY~ and EMERGENCY USE p~ograms.

:::: : : :
':

:~ :
~: :

WO93/21582 ~ ~ PiCT/US93/03669'~, CUSTOME~ RECORD

The following is the re~ord layout of the customer record as it may be used in this invention~ It is expressed in the 'C' language. In a production environment there would be one such record Eor every : product of a software publisher.

struct cur cust /*curr~ent customer data*/
:; {int modulos; /*changable value used in the scramble/
~: unscrambl:e calculations*/
char exext321;; /*path o~ application program file*~
char cust name(30]; /*software publisher name*/
c~ar cust addll30]; /*software publisher address*/
char cust add21301;~ :
: char cust cityf 20 ];
15 ~char :~ust s~atel3];
: char cust zip~lO~
` cha~ cust soft ey[2]; /*are w doinq a software key Y or N*/
char cust mem protect~2]; /*are ~e doing memory protect Y
or~N not used*/
char user_fla~!:21;~:/**/
int:uses; ~*number af uses allowed ~o~ emergency use : application*/
long disk made; /*number of diskettes produced*/}
: 25 ~cur cust;
~ :

::

i~Y 93/215~2 ~`133~` P~T/US93/03669 _59_ USE~ RECORD

The ~o:llowing is the record layout of the cus:tomer record as it may be used in this invention. This re~ord is on the various diskette5 and is required to qet :5:~ the modulos factor:to:unscrambIe various iles~ It may also be acces:sed ~y~he application at the option of the softwar~ publisher.~ ~

struct user_id /*user data*/
{~int~modulos: /*value~used in unscramble calculations*/
char s~erial~I6]~;/*~optional serial number for use by the appii~ca~tl~on*/~: :
char~;name[3~03; /*user~name~and address or optional use by :: the~applica~ion*/
char~addl~30~
lS~ cha~r~add2[~3~0];
char:~city[~0~
char~s~ta~te[~3];
char~zi~p[~10]~
t:~;~um r:~ei:n:stal~l:s, /*used to:generat~ and veri~y code 20~ numbers~:that allow for reins~allation*/
:: in~t: r~einstall formul:a~;~:/*used:to allow~:fo~ variable formulas~t~o~gene:rate a:reinsta~l code*j int:~uninstall_flag;:/*c~oded flag to indicate that the application~was last uninstalled*~
25~ char~cust soft_key[~;2]~;~ /*are we:doing~a software key*/
char~ cust mem protectl~2:1; /*are we doing memory protect*/
char::exex[32];~/*appl:ication path*/
unsigned status;~:j*status of the installed application : program:file*~:: 30 int filler[200];}
user_id;

:

W093/2l582 21 3 3 9 6 Q ; PCT/US93/03669 GLOSSARY

Followi~g is a glossary of terms used in this patent appllcation.

: application - is a program created for sale by a software publisher.

: bad spots - are sectors:on a magnetic or optical media that cannot be successfully written to and read from.
; ~When the media goes through a formatting procedure required to:make:it usable on the computer the file system o~f the~computer often pu~ a file allocation table on the media that points to free space on ~he media and defines sectors ~n:the media th~t are bad spots.

;:
~ : block: -~for: this invention is defined as 512 bytes of :~ ~ :: data. ::

15~ check digited :- a number whose d;gits used in a formula result in one digit of ~he number.

cluster - sequential disk sectors accessed by the computer's file~system as a unit.

; : customer recor~d - is a data record that contains 20: in~o~mation about the software pu~lisher, the application, and protection options the software publisher has chosen for this application.

: ~

~093/21582 ~!- PCT~US93/03669 21 339 6~ 3~

diskette - is a magnetic or optical information media used by many computers. Diskettes are usually removable and ::~ are used to distribute data and programs for computers.
~ . file - a set of data stored on a media such as a disk~

; 5 file allocation table (FAT) - is a table maintained ~y the file sy~tem of most computers that specify which disk sectors on a disk are~used, ree or use, or bad spots.

file system - the parts~ of a computers operating system that dea~ with managing data on a stora~e media.

10: formatting - is a ~pr~cess, usually a program provided with the computer, that makes diskettes usable tG the computer's ~ile~ system. It consists of putting timing ma:~ks~on the disk:ette,~finding and marking bad spots, and defi~ning the track~and sectors on the diskette.

5~ pa:th;-:is an ascii st~ring describin~ the location and name of a~file to a computerls file system.

protected software ~-:is a sotware program, stored as a ;ile~ ;on a mag~netic or op~ical storage mediay that is protected from unauthorized copying and use.
:
software publisher -~produces software for sale. This is often distributed on~magnetic diskettes.
software producer:- i5 the same as software publisher.

: : ~:
:~

W~93/21582 2 1 3 ~ 9 6~ P~T/US93/03669;~

-~2-user - The person using the protected software.

VSER ~EG~RD - is a data record that is hidden on the INSTA~LATION diskette and the SOFTWA~E KEY diskette that contains ~nformation about the pur~hasing user. Included : 5 in this record is the scramble modulus used to unscramble data and the options chosen by the sotware publisher.

use :value - is a value in the USER RECORD that is used by the EMERGENCY USE program to keep track of how many times the EMERGENCY USE can be used.

While ~referred embodiments of the invention have~been described, variations will no doubt occur to those skilled in the art without departing from the spirit a~nd~s~cope of the invention.

:` ~: :

:: :: ` :: :

`

:~`::: ~: :
:~
~:

Claims (39)

What is claimed is:

1. A software protection method, for use with software embodied in a distribution medium having a file allocation table indicating bad spots in said medium, comprising the steps of:
writing data to said medium in locations said file allocation table indicates are bad spots;
reading data from said indicated bad spot locations;
comparing the data read from said locations with the data written to said locations to determine whether said locations are in fact bad spots; and determining whether said medium is a copy based on the results of said comprising step.

2. The method of claim 1, wherein said medium is determined to be a copy if all locations indicated in said file allocation table to be bad spots are in fact good.

3. The method of claim 1, further comprising the step of inhibiting further use of said software upon determination that said medium is a copy.

4. The method of claim 1, further comprising the step of unscrambling said software.

5. The method of claim 4, wherein said unscrambling step includes unscrambling said software in accordance with data relating to said bad spots.

6. The method of claim 5, wherein said unscrambling step includes unscrambling a user record.

7. The method of claim 5, wherein said unscrambling step includes unscrambling an application program.

8. The method of claim 1, wherein said writing and reading steps are controlled by software which is written to two or more non-adjacent location in said distribution medium.

9. A method of making a medium for software including application software comprising the steps of:
formatting the medium, including creating a file allocation table identifying bad spots on the medium;
scrambling at least some of said software in accordance with the bad spot identification in said file allocation table; and writing said software to said medium.

10. The method of claim 9, further comprising the step of making bad spots on said medium.

11. The method of claim 9, wherein said scrambling step includes scrambling said software in accordance with a user record.

?O 93/21582 PCT/US93/03669

12. The method of claim 9, wherein said scrambled software includes said application software.

13. The method of claim 9, further comprising the step of writing an install program to said medium.

14. The method of claim 13, wherein said install program includes means for writing to and reading from portions of said medium identified as bad spots in said file allocation table.

15. The method of claim 14, wherein said install program includes means for unscrambling scrambled software in accordance with the location of bad spots in said medium.

16. The method of claim 13, wherein said install program includes means for installing said application software on a storage device in a computer and for altering said medium to prevent said application software from being installed on another computer from said medium.

17. The method of claim 16, wherein said install program includes means for rendering said installed application software unusable and altering said medium to permit said application software to be installed on a computer from said medium.

18. The method of claim 16, wherein said install program includes means for receiving predetermined user-supplied data and for enabling installation of the application software on a storage device in a computer upon receipt of said predetermined data.

19. The method of claim 18, wherein upon receipt of said predetermined data, said installation is enabled for a predetermined number of times.

20. The method of claim 9, further comprising the step of writing a software key program to said medium.

21. The method of claim 20, wherein said software key program includes means for writing to and reading from portions of said medium identified as bad spots in said file allocation table.

22. The method of claim 20, wherein said software key program includes means for interchanging a portion of an installed application program with another program in order to turn the installed application on or off.

23. The method of claim 22, wherein said software key program includes means for controlling said interchanging means in accordance with whether the last action of said interchange means was to turn the installed application on or off.

24. The method of claim 9, further comprising the step of writing an emergency use program to said medium.

25. The method of claim 24, wherein said emergency use program includes means for controlling the number of times an application program contained in said medium may be used.

26. The method of claim 9, wherein said software includes means for installing said software on a storage medium in a computer, and means for determining during installation one or more parameters of said computer and means for storing said parameters in installed software.

?O 93/21582 PCT/US93/03669

27. The method of claim 26, wherein said software includes means for comparing said stored parameters with corresponding parameters of the computer on which the software is installed, and for rendering installed application software unusable if said corresponding parameters differ.

28. The method of claim 27, wherein said comparing means includes a program spawned during execution of said application software.

29. The method of claim 26, wherein said parameters include parameters determined by the location of said software in said storage medium.

30. The method of claim 26, wherein said parameters includes parameters determined by the location of bad spots in said storage medium.

31. The method of claim 30, wherein said parameters include bit patterns stored in and/or near bad spots in said storage medium.

32. The method of claim 31, wherein said software includes means for comparing said stored bit patterns with corresponding bit patterns of the storage medium of the computer which said software is installed, and for controlling execution of application software in response to said comparison.

33. A computer readable medium for use in a software protection system, said medium having bad spots at locations identified in a file allocation table thereon, and said medium having written thereon programming code that has been scramble according to the location of bad spots identified in the file allocation table.

34. A computer readable software distribution medium for installing an application program on a computer, said medium having bad spots at locations identified in a file allocation table thereon, and said medium having written thereon:
hidden user identification information, a spawned write/read program, a once installed protection program, an install program, and an application program comprising programming code that has been scrambled according to the location of bad spots identified in the file allocation table.

35. A compute readable medium for turning ON and OFF
an application program that has been installed on a computer, said medium having bad spots at locations identified in a file allocation table thereon, and said medium having written thereon:
hidden user identification information, a spawned write/read program, a once installed protection program, a software key program, a program to be substituted for a portion of the installed application program rendering the application program unusable, and ?O 93/21582 PCT/US93/03669 a scrambled portion of the application program that is capable of being unscramble by the software key program to make the application program useable.

36. A computer readable medium for running an application program from the medium if the application program that has been installed on a computer has become unuseable, said medium having bad spots at location identified in a file allocation table thereon, and said medium having written thereon:
hidden user identification information, an unuseable copy of the application program, a spawned write/read program, an emergency use program, a program to be substituted for a portion of the installed application program rendering the application program on said medium unuseable, and a scrambled portion of the application program that is capable of being unscramble by the emergency use program to make the application program on said medium useable.

37. A software distribution medium produced in accordance with any of claims 9 to 19 or 26 to 32.

38. A computer readable medium for turning ON and OFF
an application program that has been installed on a computer, produced in accordance with any of claims 20 to 23.

39. A computer readable medium for running an application program from the medium if the application program that has been installed on a computer has become unuseable, produced in accordance with either of claims 24 or 25.