EP0610497A1 - A dongle - Google Patents

A dongle

Info

Publication number
EP0610497A1
EP0610497A1 EP94908859A EP94908859A EP0610497A1 EP 0610497 A1 EP0610497 A1 EP 0610497A1 EP 94908859 A EP94908859 A EP 94908859A EP 94908859 A EP94908859 A EP 94908859A EP 0610497 A1 EP0610497 A1 EP 0610497A1
Authority
EP
European Patent Office
Prior art keywords
dongle
memory
software
address
location
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP94908859A
Other languages
German (de)
French (fr)
Inventor
Melih Abdulhayoglu
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cerise (uk) PLC
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Publication of EP0610497A1 publication Critical patent/EP0610497A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • G06F21/80Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data in storage media based on magnetic or optical technology, e.g. disks with sectors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2121Chip on media, e.g. a disk or tape with a chip embedded in its case
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2153Using hardware token as a secondary aspect

Definitions

  • This invention relates to a method for preventing use of unauthorised copies of software and to a protected recording medium, unauthorised copies of which are rendered useless.
  • the invention also provides a communication link between any device using a memory, whether physical or virtual, and also provides security for such a device.
  • the invention is thus useful for protecting software and also the confidentiality of certain data.
  • Another approach to software protection is the use of some sort of circuitry plugged into one of the computer ports and having a communication between itself and the software thereby providing security for the software since the latter could not be activated without communicating with this circuit.
  • the latter is known as a "Dongle".
  • the use of a conventional dongle is not generally favoured especially because it is inconvenient for the user who must place the required circuitry into a computer port or bus slot.
  • the computer user may need to change dongles between programmes which could well cause him to use other proprietary brands of software not employing this form of protection.
  • the invention seeks to provide an improved form of dongle for use in protecting computer software and data.
  • a device comprising means for changing information at a particular memory location forming part of a computer system.
  • the device may be a dongle.
  • the memory may be either real or virtual.
  • the dongle according to the invention may comprise circuitry in the form of electronics which circuitry may be built onto a cable between a controller card (IDE, SCSI, EISA controller cards etc) and the computer hard disk.
  • IDE IDE
  • SCSI Serial Bus interface
  • EISA controller cards etc
  • the dongle forming the present invention may comprise circuitry which may be included within the hard disk controller circuitry or on the controller card (IDE, SCSI, EISA controller cards etc.or in the input/output controller thus providing a simple solution to security problems.
  • the controller card IDE, SCSI, EISA controller cards etc.or in the input/output controller thus providing a simple solution to security problems.
  • the present invention may be positioned on any device such as a floppy disk, game cartridge, memory card etc which comprises a memory whether physical or virtual.
  • the circuitry which may be in the form of an integrated circuit, silicon chip etc may be formed to perform a mathematical algorithm.
  • a well known algorithm is the RSA algorithm which is virtually impossible to crack.
  • the dongle of the present invention will contain a key code on which the circuitry will perform the algorithm.
  • the software * to be protected will look for a particular code which is the output produced by the circuitry to a memory location, and once it sees this string of digits, will run the programme.
  • the software may be programmed to address a particular memory location in the hard disk. However, the software may also be programmed to address a location which does not actually exist on the hard disk or any other memory. In such a situation, on receipt of a signal from the software, the circuitry will emulate a memory and will produce an appropriate code using a predetermined algorithm. By means of a virtual me ory, none of the memory spaces in the hard disk is taken up with codes.
  • the means for changing information comprises a dongle which comprises a computer disk having circuitry enabling it to change the information on a particular location of the disk according to a predetermined pattern.
  • disk is used generally to include software recording media and includes magnetic tapes disks and diskettes as well as memory cards, optical disks and the like as well as hard disks.
  • the invention seeks to provide a transparent operation which is invisible to the user and also to other devices such as printers interfacing the computer.
  • the means for changing the data may comprise an integrated circuit, a read write head and a battery attached to a magnetic diskette.
  • a synchronisation point so that the integrated circuit can be synchronised with the disk drive control circuitry.
  • the circuit targets a particular location, which may be a sector or cluster, for example sector 1, on the disk and changes the data recorded on that location each time the disk revolves according to a predetermined pattern which could be as simple as zero one zero one etc. or could be more complicated than this.
  • the software to be protected "looks" for this changing pattern on the disk and will not respond, that is start the programme running, unless the relevant pattern is detected.
  • the disk may be used as a "key" to start the programme running.
  • the disk of the invention cannot be successfully copied since any attempted copy will only record one value of the location having changing information and this will not be sufficient subsequently to run the software being protected.
  • a magnetic diskette When a magnetic diskette is employed, it may be activated as soon as the metal covering is open (when inserted into the computer disk drive).
  • there are other methods of activating the disk for example manual, revolution caused activation, or even a key pad on the disk which may, for instance, need to have a PIN number inserted for it to be activated.
  • Exactly the same principle of operation can be used on hard disks.
  • the floppy dongle of the invention need be used once only since the identification code of the hard disk can be transferred to the chip on the diskette only allowing that particular identified computer to use the software.
  • Other variations or modifications can be included such as features allowing the software to be used in a different computer provided it is deleted from the previous computer, protection against accidental deletion, and the like.
  • the disk or diskette in accordance with the invention is used as a "key" every time the software is run in order to start it. This would give complete protection with simplicity provided that the hard disk is designed in accordance with the invention. Alternatively, the floppy dongle of the invention would need to remain in place as long as the software is being used.
  • the read/write head of the disk can be in direct communication with the read/write head of the computer and information may be passed directly without passing through the magnetic or other recording medium.
  • Figure 1 is a diagrammatic view of a diskette modified in accordance with the invention.
  • FIGS. 2 to 9 are flow charts showing functions which may be performed by means of the present invention.
  • Figure 10 is a schematic representation of a system including a dongle according to the present invention.
  • Figure 11 is a schematic representation of a system including a communications link according to the present invention enabling an external device to communicate with a computer.
  • a magnetic computer diskette generally designated (10) comprises a disk of magnetic recording material (12) within a housing (14) having a openable metal covering (16) allowing the disk drive of the computer access to the recording medium (12).
  • This comprises a conventional magnetic diskette.
  • the diskette (10) additionally carries an integrated circuit (18) coupled to a battery (20) and a read write head (22).
  • a synchronisation point (24) is also provided. It is thus possible to pick a specific sector of the recording medium (12), for example sector 1 (although any other sector or indeed sectors could be used if desired) and change the data on this sector on subsequent revolution via the read write head (22) according to information held in the integrated circuit (18).
  • the particular pattern of change of information will be predetermined and embedded in the software which it is desired to protect so that the latter "looks for" that particular pattern and will not run unless it detects it.
  • the diskette (10) of the invention is inserted into the or one of the disk drives of the computer on which the software to be protected has already been loaded and the relevant commands to run the software are entered.
  • the software will detect the pattern on the disk thus releasing it to run and the user can use the software. Without the diskette (10) the software will not run. Alternatively, the software can be installed using the disk. Any attempt to copy the diskette (10) will not be successful since only one value of the protected location can be copied and thus the copy will not activate the software.
  • a second embodiment of the invention the dongle according to the invention comprises circuitry which may for example be built onto the cable between the controller card on controller and the hard disk.
  • the invention makes use of a dedicated memory location in which the data within that location is changed in predetermined manner by means of the invention.
  • the memory location effectively serves as a communication link between the device which could be a security device or any other device, and say a computer.
  • the memory location may be either physical or virtual.
  • the computer Whenever the computer requests access to the security device it wakes up the device by either addressing a particular location, so that when that particular location is addressed the device wakes up, or using any other control signals available between the memory and the computer.
  • any other control signals available between the memory and the computer.
  • command and control signals or any combination thereof which are available and can be used to wake up the device forming the invention at that particular memory location.
  • the device Once the device is awake it performs its algorithm and puts the output of the algorithm on the particular memory location. If the output is longer than the particular memory location then the device repeatedly puts segments of the algorithm into the memory location as many times as necessary, thus allowing the computer to read it in its entirety. Once the software has read the entire algorithm and has identified that it is the correct algorithm the software to be protected will run.
  • a communication link is established without the need for an extra link between the computer and a security device.
  • a security device according to the present invention may be installed into any computer without having to use available ports or bus slots or any other communication link.
  • a standard security device can be built to be incorporated in every computer at very little cost.
  • the device will be able to fit any computer and will effectively be transparent. This aspect of transparency is a sharp contrast to any existing devices.
  • the invention also provides a communication link between the security device according to the present invention and the computer, it can also act as an additional port or bus slot of the computer.
  • a specially designed slot may be provided on the device according to the invention which would allow for input from other devices such as printers into the computer.
  • a system including a dongle according to the present invention is designated generally by the reference numeral 90.
  • the system 90 comprises an input/output (I/O) controller 91, a comparator 92, a hard disk 93, a data control disable/enable device 94 and a dongle according to the present invention 95.
  • the software to be run is loaded into the computer system. This causes the I/O controller 91 to send a "wake-up" signal to the comparator.
  • the comparator 92 checks for the wake-up signal and if it is present and correct, "wakes up" the dongle 95.
  • the dongle 95 changes the data in a predetermined manner in accordance with an algorism programmed within it.
  • the dongle 95 then sends the data back from the data line and tells the disable/enable device 94 that it has finished.
  • the data is transmitted to the software, and if the data returned to the software is identified as being correct by the software, the software will run.
  • FIG. 11 a similar system is illustrated in which the dongle 95 according to the present invention is replaced by an external device 105.
  • the device could be for example a printer. It would be possible to have several external devices for example a printer, a modem etc positioned in series with one another.
  • the software in the system shown in Figure 11 would be able to communicate with the external device 110 in exactly the same manner as described in respect of communication between the software and the dongle 95 in Figure 10.
  • XI When this address is addressed the Smart / Intelligent Memory Emulation Circuitry (SMEC) forming the dongle according to the present invention will start performing an algorithm. This is the start signal for the algorithm performing function.
  • SMEC Smart / Intelligent Memory Emulation Circuitry
  • X2 This is the address which will act as the enabling signal to the location locking function.
  • X21 The locked location will require an authorisation code for access and this address will store it.
  • X22 This address will store the start address of the location to be protected.
  • X3 This address will act as the enabling signal for the location unlocking function to start.
  • X41 This address will store a value which will tell the circuitry whether an access code is required for encryption / decryption.
  • X7 This address will start the selective data encryption.
  • X8 This address will start the selective data encryption deactivation.
  • the circuit forming the dongle according to the invention "looks for" a signal which is in the form of an address of memory location (or any other control signal or combination thereof) called X1. If it detects it the circuit disables the data lines between for example the hard disk drive where the memory locator is located (any other memory device could be used such as floppy disk drive, memory card etc) and the host controller and passes it onto the Smart / Intelligent Memory Emulation Circuitry (SMEC) circuitry forming the present invention. The software then puts a value, which is to be the value of a secret key for performing the algorithm, on the address X12 and the circuitry reads this as many times as necessary in order to obtain a long key which might be up to 200 bytes long.
  • X1 an address of memory location
  • the circuit would read the location XI 2 200 times. After obtaining the secret key the circuit performs the algorithm and generates an output of say 200 bytes and puts this value at address XI 2 for the software to read say 200 times. In other words, the software accesses this address X12 200 times. The operation is completed and, depending on the output generated by the circuitry, the software will either run or halt.
  • This function is useful for protecting locations where either confidential data has been stored or software resides.
  • the protection is provided by preventing access to the locations / areas designated therefore providing security.
  • the function is explained below, with reference to Figures 3 and 4.
  • the circuit "looks for" a signal which is in the form of an address of memory location called X2. If detected then the SMEC circuit of the present invention reads the value of X22 which stores the starting address of the location to be protected. This value is put there by the software. The SMEC circuit of the present invention then reads the value at address X23 which holds the ending address of the location, and then reads the address X21 which holds the authorisation code for accessing this location. After completing these operations the circuit will activate itself to look for the commands (anything from read / write to copy etc) relating to the memory locations and which are located in between the memory location starting address which was given by X22 and the memory locating ending address which was given by X23. If it detects the commands the circuit will ask for the authorisation code which was stored at address X21. If the code is correct it will grant access to these locations.
  • the circuit of the invention looks for a signal which is in the form of an address or memory location called X3. If it detects it then it reads data at address X22, which stores the information about the starting address of the location and then reads X23, which stores the information about the ending address of the location. It then reads the data at X21 , which stores the code for accessing the location and if it is correct then it deactivates the circuit.
  • This function is useful for storing confidential / non- confidential data in an encrypted form therefore preventing unauthorised users to gain access to the original data since it is stored in an encrypted form and does not mean anything unless the secret keys are obtained.
  • the function is explained below with reference to Figures 5 to 7.
  • the circuit of the present invention "looks for" a signal which is in the form of an address or memory location called X41. If it detects the code it reads the data stored at this address, which will tell the circuit of the present invention whether to expect an access code or not depending on the value of that address. If it requests the code, the code is stored at address X42. The circuitry will then "look for" a command defining a function to be carried out. For example the function may be to encrypt or decrypt a read / write signal. If the function relates to the write mode of the computer, the circuit forming the present invention encrypts the data and puts it into the memory. If the function relates to the read mode, then depending on any previous procedure, it either asks for an access code or not.
  • the circuit If it requests the access code then the circuit reads the address X42 and if the value is correct it decrypts the data from the memory. If the value is incorrect, the user has 3 tries before access is denied and the system halted. If there are no access codes the data is decrypted directly.
  • Address X6 reads address X41 , which tells the SMEC forming the present invention whether an access code is needed. If an access code is required X42 is read, and if the value is correct the data is read, decrypted and written back onto the memory. If the code is incorrect access is denied, say three times. The encryption circuit is then deactivated and remains transparent.
  • control signal is a read signal then start encryption if the control signal is a write signal start decryption and stay active.
  • the invention provides a means of security without occupying any port or bus slot therefore providing a very desirable security since it uses a memory as a communication link which would make the "standard security" a reality in computers .
  • the dongle of the invention is very much more easy to use than conventional dongles and provides a simple cheap and effective way of protecting software against unauthorised copying.

Abstract

Dispositif de protection électronique comprenant des moyens se présentant, par exemple, sous forme d'un circuit conçu pour modifier l'information contenue dans un emplacement particulier d'une mémoire de façon prédéterminée. Le logiciel à protéger ne fonctionnera pas à moins qu'il identifie une configuration prédéterminée d'un emplacement particulier de la mémoire. Cet emplacement peut être réel ou virtuel.Electronic protection device comprising means taking the form, for example, of a circuit designed to modify the information contained in a particular location of a memory in a predetermined manner. The software to be protected will not work unless it identifies a predetermined configuration of a particular memory location. This location can be real or virtual.

Description

A DONGLE
This invention relates to a method for preventing use of unauthorised copies of software and to a protected recording medium, unauthorised copies of which are rendered useless.
The invention also provides a communication link between any device using a memory, whether physical or virtual, and also provides security for such a device. The invention is thus useful for protecting software and also the confidentiality of certain data.
The use of magnetic recording media such as diskettes to record computer programmes has become very widespread in recent years. Conventional diskettes are easily copied and this leads to the problem that unauthorised copies can be widely disseminated thus depriving the software copyright owner from his rightful fees or royalties.
It has been proposed to prevent copying of information from diskettes by encoding on them instructions which normally prevent the writing of the contents of the diskette onto another disk or diskette. However, what can be protected by software can be changed by software and sophisticated copiers can circumvent such protection.
Another approach to software protection is the use of some sort of circuitry plugged into one of the computer ports and having a communication between itself and the software thereby providing security for the software since the latter could not be activated without communicating with this circuit. The latter is known as a "Dongle". However, the use of a conventional dongle is not generally favoured especially because it is inconvenient for the user who must place the required circuitry into a computer port or bus slot. Moreover, where several different types of software are employed each needing a different dongle, the computer user may need to change dongles between programmes which could well cause him to use other proprietary brands of software not employing this form of protection.
In addition, such devices are never transparent and may therefore cause problems when it is required to interface other devices such as printers, modems etc with the computer.
The invention seeks to provide an improved form of dongle for use in protecting computer software and data.
According to a first aspect of the invention there is provided a device comprising means for changing information at a particular memory location forming part of a computer system.
The device may be a dongle.
The memory may be either real or virtual.
The dongle according to the invention may comprise circuitry in the form of electronics which circuitry may be built onto a cable between a controller card (IDE, SCSI, EISA controller cards etc) and the computer hard disk.
Alternatively, the dongle forming the present invention may comprise circuitry which may be included within the hard disk controller circuitry or on the controller card (IDE, SCSI, EISA controller cards etc.or in the input/output controller thus providing a simple solution to security problems.
The present invention may be positioned on any device such as a floppy disk, game cartridge, memory card etc which comprises a memory whether physical or virtual.
The circuitry, which may be in the form of an integrated circuit, silicon chip etc may be formed to perform a mathematical algorithm. A well known algorithm is the RSA algorithm which is virtually impossible to crack. The dongle of the present invention will contain a key code on which the circuitry will perform the algorithm. The software * to be protected will look for a particular code which is the output produced by the circuitry to a memory location, and once it sees this string of digits, will run the programme.
The software may be programmed to address a particular memory location in the hard disk. However, the software may also be programmed to address a location which does not actually exist on the hard disk or any other memory. In such a situation, on receipt of a signal from the software, the circuitry will emulate a memory and will produce an appropriate code using a predetermined algorithm. By means of a virtual me ory, none of the memory spaces in the hard disk is taken up with codes.
Alternatively, the means for changing information comprises a dongle which comprises a computer disk having circuitry enabling it to change the information on a particular location of the disk according to a predetermined pattern.
It will be understood that the term "disk" is used generally to include software recording media and includes magnetic tapes disks and diskettes as well as memory cards, optical disks and the like as well as hard disks.
The invention seeks to provide a transparent operation which is invisible to the user and also to other devices such as printers interfacing the computer.
The means for changing the data may comprise an integrated circuit, a read write head and a battery attached to a magnetic diskette. In addition there is provided a synchronisation point so that the integrated circuit can be synchronised with the disk drive control circuitry. The circuit targets a particular location, which may be a sector or cluster, for example sector 1, on the disk and changes the data recorded on that location each time the disk revolves according to a predetermined pattern which could be as simple as zero one zero one etc. or could be more complicated than this. The software to be protected "looks" for this changing pattern on the disk and will not respond, that is start the programme running, unless the relevant pattern is detected. Thus the disk may be used as a "key" to start the programme running.
The disk of the invention cannot be successfully copied since any attempted copy will only record one value of the location having changing information and this will not be sufficient subsequently to run the software being protected.
Where a magnetic diskette is employed, it may be activated as soon as the metal covering is open (when inserted into the computer disk drive). However, there are other methods of activating the disk for example manual, revolution caused activation, or even a key pad on the disk which may, for instance, need to have a PIN number inserted for it to be activated. It is currently preferred to activate the disk from the opening of the metal cover after insertion into the disk drive. The disk will be directly in synchronisation with the disk drive provided this is compatible with the disk operating system of the computer.
It is possible to provide a switch or key which will cause the dongle of the invention to write to a different location on the disk. This may be useful if the particular sector on which the changing information is written on is destroyed which would otherwise render the dongle of the invention unusable. If another sector can be utilised then the life of the dongle is extended.
Exactly the same principle of operation can be used on hard disks. In this case then the floppy dongle of the invention need be used once only since the identification code of the hard disk can be transferred to the chip on the diskette only allowing that particular identified computer to use the software. Other variations or modifications can be included such as features allowing the software to be used in a different computer provided it is deleted from the previous computer, protection against accidental deletion, and the like.
In one mode of operating the invention the disk or diskette in accordance with the invention is used as a "key" every time the software is run in order to start it. This would give complete protection with simplicity provided that the hard disk is designed in accordance with the invention. Alternatively, the floppy dongle of the invention would need to remain in place as long as the software is being used.
In an alternative mode of operation, the read/write head of the disk can be in direct communication with the read/write head of the computer and information may be passed directly without passing through the magnetic or other recording medium.
The invention will now be described further, by way of example, with reference to the accompanying drawing in which:
Figure 1 is a diagrammatic view of a diskette modified in accordance with the invention;
Figures 2 to 9 are flow charts showing functions which may be performed by means of the present invention;
Figure 10 is a schematic representation of a system including a dongle according to the present invention; and
Figure 11 is a schematic representation of a system including a communications link according to the present invention enabling an external device to communicate with a computer.
Referring to Figure 1 , a magnetic computer diskette generally designated (10) comprises a disk of magnetic recording material (12) within a housing (14) having a openable metal covering (16) allowing the disk drive of the computer access to the recording medium (12). This comprises a conventional magnetic diskette. In accordance with the invention the diskette (10) additionally carries an integrated circuit (18) coupled to a battery (20) and a read write head (22). In order that the position of the recording medium (12) can be accurately known a synchronisation point (24) is also provided. It is thus possible to pick a specific sector of the recording medium (12), for example sector 1 (although any other sector or indeed sectors could be used if desired) and change the data on this sector on subsequent revolution via the read write head (22) according to information held in the integrated circuit (18). The particular pattern of change of information will be predetermined and embedded in the software which it is desired to protect so that the latter "looks for" that particular pattern and will not run unless it detects it.
In use the diskette (10) of the invention is inserted into the or one of the disk drives of the computer on which the software to be protected has already been loaded and the relevant commands to run the software are entered. The software will detect the pattern on the disk thus releasing it to run and the user can use the software. Without the diskette (10) the software will not run. Alternatively, the software can be installed using the disk. Any attempt to copy the diskette (10) will not be successful since only one value of the protected location can be copied and thus the copy will not activate the software.
A second embodiment of the invention the dongle according to the invention comprises circuitry which may for example be built onto the cable between the controller card on controller and the hard disk. The invention makes use of a dedicated memory location in which the data within that location is changed in predetermined manner by means of the invention. The memory location effectively serves as a communication link between the device which could be a security device or any other device, and say a computer. The memory location may be either physical or virtual.
Whenever the computer requests access to the security device it wakes up the device by either addressing a particular location, so that when that particular location is addressed the device wakes up, or using any other control signals available between the memory and the computer. In the case of a hard disk, there are command and control signals or any combination thereof, which are available and can be used to wake up the device forming the invention at that particular memory location.
Once the device is awake it performs its algorithm and puts the output of the algorithm on the particular memory location. If the output is longer than the particular memory location then the device repeatedly puts segments of the algorithm into the memory location as many times as necessary, thus allowing the computer to read it in its entirety. Once the software has read the entire algorithm and has identified that it is the correct algorithm the software to be protected will run.
By means of the present invention therefore a communication link is established without the need for an extra link between the computer and a security device. This is a very useful feature, because it means that a security device according to the present invention may be installed into any computer without having to use available ports or bus slots or any other communication link. This in turn will mean that by means of the invention a standard security device can be built to be incorporated in every computer at very little cost. In addition, due to the small size of the preferred embodiment of the invention, the device will be able to fit any computer and will effectively be transparent. This aspect of transparency is a sharp contrast to any existing devices.
Because the invention also provides a communication link between the security device according to the present invention and the computer, it can also act as an additional port or bus slot of the computer. In other words, a specially designed slot may be provided on the device according to the invention which would allow for input from other devices such as printers into the computer.
Referring to Figure 10, a system including a dongle according to the present invention is designated generally by the reference numeral 90. The system 90 comprises an input/output (I/O) controller 91, a comparator 92, a hard disk 93, a data control disable/enable device 94 and a dongle according to the present invention 95. In use, the software to be run is loaded into the computer system. This causes the I/O controller 91 to send a "wake-up" signal to the comparator. The comparator 92 checks for the wake-up signal and if it is present and correct, "wakes up" the dongle 95. The dongle 95 changes the data in a predetermined manner in accordance with an algorism programmed within it. The dongle 95 then sends the data back from the data line and tells the disable/enable device 94 that it has finished. The data is transmitted to the software, and if the data returned to the software is identified as being correct by the software, the software will run.
Referring to Figure 11, a similar system is illustrated in which the dongle 95 according to the present invention is replaced by an external device 105. The device could be for example a printer. It would be possible to have several external devices for example a printer, a modem etc positioned in series with one another. The software in the system shown in Figure 11 would be able to communicate with the external device 110 in exactly the same manner as described in respect of communication between the software and the dongle 95 in Figure 10.
Functions which may be performed by way of the present invention will now be described in more detail. The addre≤ses referred to have the following meanings:
XI = When this address is addressed the Smart / Intelligent Memory Emulation Circuitry (SMEC) forming the dongle according to the present invention will start performing an algorithm. This is the start signal for the algorithm performing function.
X12 = This address will hold the secret key that is needed to perform the algorithm. So when the request is made for the algorithm this address must be read as well so that the secret key can be obtained in order to perform the function.
X2 = This is the address which will act as the enabling signal to the location locking function.
X21 = The locked location will require an authorisation code for access and this address will store it.
X22 = This address will store the start address of the location to be protected.
X23 = This address will store the ending address of the location to be protected.
X3 = This address will act as the enabling signal for the location unlocking function to start.
X4 = This address will act as the enabling signal for the Data Encryption function (activation) to start.
X41 = This address will store a value which will tell the circuitry whether an access code is required for encryption / decryption.
X42 = This address will hold the access code value for encryption.
X5 = This address will act as the enabling signal for the initial activation of data encryption mode.
X6 = This address will start the data encryption deactivation.
X7 = This address will start the selective data encryption. X8 = This address will start the selective data encryption deactivation.
Function 1 ) Algorithm performing
This function is useful for software protection. A simple confirmation of the security device's existence by performing an almost uncrackable algorithm is sufficient for the software to start. The function is explained below with reference to Figure 2.
The circuit forming the dongle according to the invention "looks for" a signal which is in the form of an address of memory location (or any other control signal or combination thereof) called X1. If it detects it the circuit disables the data lines between for example the hard disk drive where the memory locator is located (any other memory device could be used such as floppy disk drive, memory card etc) and the host controller and passes it onto the Smart / Intelligent Memory Emulation Circuitry (SMEC) circuitry forming the present invention. The software then puts a value, which is to be the value of a secret key for performing the algorithm, on the address X12 and the circuitry reads this as many times as necessary in order to obtain a long key which might be up to 200 bytes long. In other words, the circuit would read the location XI 2 200 times. After obtaining the secret key the circuit performs the algorithm and generates an output of say 200 bytes and puts this value at address XI 2 for the software to read say 200 times. In other words, the software accesses this address X12 200 times. The operation is completed and, depending on the output generated by the circuitry, the software will either run or halt.
Function 2) Location protection
(a) Locking
This function is useful for protecting locations where either confidential data has been stored or software resides. The protection is provided by preventing access to the locations / areas designated therefore providing security. The function is explained below, with reference to Figures 3 and 4.
The circuit "looks for" a signal which is in the form of an address of memory location called X2. If detected then the SMEC circuit of the present invention reads the value of X22 which stores the starting address of the location to be protected. This value is put there by the software. The SMEC circuit of the present invention then reads the value at address X23 which holds the ending address of the location, and then reads the address X21 which holds the authorisation code for accessing this location. After completing these operations the circuit will activate itself to look for the commands (anything from read / write to copy etc) relating to the memory locations and which are located in between the memory location starting address which was given by X22 and the memory locating ending address which was given by X23. If it detects the commands the circuit will ask for the authorisation code which was stored at address X21. If the code is correct it will grant access to these locations.
(b) Unlocking
The circuit of the invention looks for a signal which is in the form of an address or memory location called X3. If it detects it then it reads data at address X22, which stores the information about the starting address of the location and then reads X23, which stores the information about the ending address of the location. It then reads the data at X21 , which stores the code for accessing the location and if it is correct then it deactivates the circuit.
Function 3) Data encryption (Activation)
This function is useful for storing confidential / non- confidential data in an encrypted form therefore preventing unauthorised users to gain access to the original data since it is stored in an encrypted form and does not mean anything unless the secret keys are obtained. The function is explained below with reference to Figures 5 to 7.
The circuit of the present invention "looks for" a signal which is in the form of an address or memory location called X41. If it detects the code it reads the data stored at this address, which will tell the circuit of the present invention whether to expect an access code or not depending on the value of that address. If it requests the code, the code is stored at address X42. The circuitry will then "look for" a command defining a function to be carried out. For example the function may be to encrypt or decrypt a read / write signal. If the function relates to the write mode of the computer, the circuit forming the present invention encrypts the data and puts it into the memory. If the function relates to the read mode, then depending on any previous procedure, it either asks for an access code or not. If it requests the access code then the circuit reads the address X42 and if the value is correct it decrypts the data from the memory. If the value is incorrect, the user has 3 tries before access is denied and the system halted. If there are no access codes the data is decrypted directly.
Function 3) Data encryption (initial activation) This initial activation is needed because once the system is invoked for data encryption, if the user tries to read a location, even though that memory location is not encrypted, the location will be decrypted therefore causing problems. Initial activation is therefore needed to initially encrypt all the data in the memory preparing it for the data encryption. When the address X5 is detected each location is read, encrypted and stored again.
Function 3) Data encryption (Deactivation) Address X6 reads address X41 , which tells the SMEC forming the present invention whether an access code is needed. If an access code is required X42 is read, and if the value is correct the data is read, decrypted and written back onto the memory. If the code is incorrect access is denied, say three times. The encryption circuit is then deactivated and remains transparent.
Function 4) Selective data encryption (activation) This function is useful for protecting selected data by encrypting). The function is explained below with reference to Figure 8:
If address X7 check the control signals. If the control signal is a read signal then start encryption if the control signal is a write signal start decryption and stay active.
Function 4) Selective data encryption (deactivation)
If address X8, decrypt the locations that were encrypted with selective data encryption and stay transparent (Figure 9).
The invention provides a means of security without occupying any port or bus slot therefore providing a very desirable security since it uses a memory as a communication link which would make the "standard security" a reality in computers .
The dongle of the invention is very much more easy to use than conventional dongles and provides a simple cheap and effective way of protecting software against unauthorised copying.

Claims

1. A dongle comprising means for changing information at a particular memory location in a device having a memory.
2. A dongle according to claim 1 wherein the memory is a virtual memory.
3. A dongle according to claim 1 wherein the memory is a real memory.
4. A dongle according to any one of the preceding claims comprising circuitry in the form of electronics which circuitry may be built onto a cable between a control card (IDE, SCSI, EISA control card) and a computer hard disk.
5. A dongle according to amy one of claims 1 to 3 wherein the dongle comprises circuitry which may be included within a hard disk controller circuitry.
6. A dongle according to any one of claims 1 to 3 positionable on a device such as a floppy disk, game cartridge, memory card.
7. A dongle according to any one of the preceding claims comprising an integrated circuit.
8. A dongle according to any one of the preceding claims adapted to perform a mathematical algorism.
9. A system comprising a dongle as claimed in any one of the preceding claims, and further comprising software to be protected by the dongle.
10. A system according to claim 9 wherein the software is programmed to address a memory location.
11. A communication link established between a device having a memory location and any other device, which communications link comprises means for altering the information in a particular memory location in a predetermined manner.
12. A device comprising means for changing information at a particular memory location in a device having a memory.
EP94908859A 1992-08-29 1993-08-27 A dongle Withdrawn EP0610497A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
GB9218452A GB9218452D0 (en) 1992-08-29 1992-08-29 Non-copiable software recording medium
GB9218452 1992-08-29
PCT/GB1993/001835 WO1994006071A1 (en) 1992-08-29 1993-08-27 A dongle

Publications (1)

Publication Number Publication Date
EP0610497A1 true EP0610497A1 (en) 1994-08-17

Family

ID=10721197

Family Applications (1)

Application Number Title Priority Date Filing Date
EP94908859A Withdrawn EP0610497A1 (en) 1992-08-29 1993-08-27 A dongle

Country Status (5)

Country Link
EP (1) EP0610497A1 (en)
JP (1) JPH07503566A (en)
AU (1) AU4971993A (en)
GB (1) GB9218452D0 (en)
WO (1) WO1994006071A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6033257A (en) * 1995-11-20 2000-03-07 The Foxboro Company I/O connector module for a field controller in a distributed control system
DE19612999C2 (en) * 1996-03-22 1999-04-01 Wasy Ges Fuer Wasserwirtschaft System for protecting protected software against unauthorized use in computer networks
AT405466B (en) * 1996-09-24 1999-08-25 Ericsson Austria Ag DEVICE FOR PROTECTING AN ELECTRONIC DEVICE
DE59813490D1 (en) * 1997-01-28 2006-05-24 Siemens Ag Method for customer-specific packaging of features in a telecommunications system
DE19963471B4 (en) * 1999-12-29 2008-10-09 Robert Bosch Gmbh Apparatus and method for preventing piracy of computer programs
DE102004040462A1 (en) 2004-08-20 2006-02-23 Giesecke & Devrient Gmbh Authenticated secure access to a volume with mass storage and a chip
EP1881467A3 (en) 2006-07-19 2008-03-05 Aristocrat Technologies Australia Pty. Ltd. A gaming machine
JP5915107B2 (en) * 2011-11-15 2016-05-11 株式会社バッファロー COMMUNICATION METHOD, COMMUNICATION DEVICE, STORAGE DEVICE, AND CONTROL PROGRAM

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS61175729A (en) * 1984-11-19 1986-08-07 シユラムバ−ガ− テクノロジ− コ−ポレ−シヨン Software protector
FR2643475A1 (en) * 1989-02-21 1990-08-24 Livowsky Jean Michel METHOD FOR CONTROLLING THE USE OF AN INFORMATION MEDIUM, IN PARTICULAR MAGNETIC OR MAGNETO-OPTICAL, AND SYSTEMS FOR ITS IMPLEMENTATION
US5033084A (en) * 1990-04-02 1991-07-16 Data I/O Corporation Method and apparatus for protection of software in an electronic system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See references of WO9406071A1 *

Also Published As

Publication number Publication date
JPH07503566A (en) 1995-04-13
AU4971993A (en) 1994-03-29
GB9218452D0 (en) 1992-10-14
WO1994006071A1 (en) 1994-03-17

Similar Documents

Publication Publication Date Title
US6330648B1 (en) Computer memory with anti-virus and anti-overwrite protection apparatus
JP3688292B2 (en) Apparatus and method for data security in a computer memory having a removable memory
US6473861B1 (en) Magnetic optical encryption/decryption disk drive arrangement
US6367017B1 (en) Apparatus and method for providing and authentication system
US5748744A (en) Secure mass storage system for computers
CN100371847C (en) Method for ciphering and diciphering of file, safety managing storage apparatus and system method thereof
KR100454797B1 (en) Wireless security access management for a portable data storage cartridge
EP1667008A2 (en) A data protection method for a removable storage medium and a storage device using the same
US20070033320A1 (en) Crypto pass-through dangle
WO1994011969A9 (en) Apparatus and method for providing data security in a computer system having a removable memory
US20080307522A1 (en) Data Management Method, Program For the Method, and Recording Medium For the Program
US20030145182A1 (en) Data storage apparatus, data storing method, data verification apparatus, data access permission apparatus, and program and storage medium therefor
EP0610497A1 (en) A dongle
JPH08263383A (en) Information processor
KR20010043582A (en) Copy-protection on a storage medium by randomizing locations and keys upon write access
JP2592856B2 (en) IC card issuing system
US6516999B1 (en) Method of protecting data stored in the memory device of a computer system and equipment to carry out this method
JP4480513B2 (en) Information leakage prevention device for HDD
JPH04163768A (en) Disk security system and apparatus
JPH07161172A (en) Data recording medium
JP3561203B2 (en) Memory device
JPH03105419A (en) Fixed disk device
JPH04163649A (en) Data protective system for external storage device
JPH11249825A (en) Common key managing method, data reader using the same and ic card system
KR100358108B1 (en) Apparatus for protecting harddisk data

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 19940527

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): CH DE ES FR GB IT LI NL

RBV Designated contracting states (corrected)

Designated state(s): AT BE CH DE DK ES FR GB GR IE IT LI LU MC NL PT SE

RBV Designated contracting states (corrected)

Designated state(s): CH DE ES FR GB IT LI NL

RAP1 Party data changed (applicant data changed or rights of an application transferred)

Owner name: CERISE (UK) PLC

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 19990302