FR2834573A1 - Electronic data processing device suitable for execution of software protected against copying, whereby software is sub-divided with an auxiliary program stocked and executed in a secure chip card reader - Google Patents

Abstract

Electronic device for processing data comprises a central unit (UC) for execution of a software application and a reader (16), e.g. a chip card reader. A main program is executed by the central unit, while an auxiliary program is stocked and executed in a secure electronic device, such as a chip card (17) inserted in the reader. An Independent claim is made for: a software medium, such as a CD comprising two units, each containing two parts of the same program, i.e. a main and auxiliary program. The invention also relates to a corresponding electronic device such as a mobile phone or PDA, suitable for accepting such a software medium.

Description

<Desc / Clms Page number 1>

 The invention relates to an electronic data processing device comprising a central unit capable of executing software. It more particularly relates to an improvement for both the characteristics of the electronic device and the packaging of the software itself, to avoid duplication without authorization. The invention applies in particular to the field of software marketed for use on a personal computer, an electronic game console, a device called "PDA" (Personal Digital Assistant, in English), a mobile phone or the like.

 We know that many software, for work, study or entertainment, are marketed in the form of CD-ROM discs or by downloading, for example on a website. Reading the CD or downloading, possibly resulting in the transfer of information to the hard disk of the central unit of a computer, allows the program to be executed. Safeguards are provided to prevent illicit uses, for example by copying the disc. One of these means is commonly referred to as "Dongle". It is a device that integrates or associates with the central unit and contains a "key" using codes and passwords authorizing the program. The software calls the key corresponding to this "Dongle" and can only work if the device called "Dongle" is associated with the computer. This means is used to protect important source codes, confidential information and files. However, this system can be hijacked if a software tool is used to identify, in the executable program, the portions of code intended to check the presence of the "Dongle". It is then enough to delete these portions of code or to replace them with another portion of code making it possible to omit the verification of the presence of the "Dongle" so that the program can be executed and copied without authorization. It is known to make a "dongle" in the form of a microcircuit card (also referred to as a smart card) for example in patent document DE 10001126.

<Desc / Clms Page number 2>

 The invention overcomes the disadvantage of the "Dongle" mentioned above. The basic idea of the invention is to physically share the software itself in two parts, one of the parts being stored and executed in a secure electronic entity, that is to say, can not be easily copied. Such an entity is, for example, a microcircuit card.

 More specifically, the invention relates to an electronic data processing device comprising a central unit capable of executing software, characterized in that it comprises a reader of a secure electronic entity, in that such software comprises at least two parts: a main program executed by said central unit and at least one auxiliary program stored and executed in such a secure electronic entity placed in said reader and in that said main program generates commands for executing all or part of said auxiliary program .

 Thus, placing in a secure electronic entity and keeping a part of the program itself secret, that is to say the auxiliary program and no longer a simple key, makes it possible to avoid fraudulent use of the software in the extent that the call of the auxiliary program by the main program does not cause the same response of said auxiliary program (unlike a key) depending on the stage of the main program where the call auxiliary program. The latter, stored and executed in a microcircuit card, can not be copied as such. To constitute the auxiliary program, the publisher of the software will choose the parts that seem the most critical for the operation of the software to be protected. The two parts of the software are interdependent. In other words, the main program can not be executed (or its execution can not be continued) without the execution of the auxiliary program each time it is called. Conversely, the auxiliary program is meaningless.

 By "reader" of said secure electronic entity is meant any device capable of functionally coupling the secure electronic entity placed in the reader to the central unit so that the main program can execute normally by calling the program whenever necessary. auxiliary that is stored and executed in the secure electronic entity itself. Only the response is returned to the CPU. In the case of a card

<Desc / Clms Page number 3>

 With a microcircuit, the reader may include a connection system capable of making electrical contact with the connection pads located on the surface of the card. If it is a so-called contactless card, including an antenna, the reader will include RF transmission-reception means.

 With regard to the central unit responsible for executing the main program and transmitting the execution commands for all or part of said auxiliary program, several solutions are possible. If the device has a central memory, the main program can be stored there. The central unit may then be provided with a software support reader not necessarily copy-protected, for example a CD-ROM reader or the like. In this case, the main program will be made available to the user on such a medium, that is to say a CD-ROM or the like. Once read, the contents of the CD-ROM can be transferred to the main memory, typically the hard disk of a computer. In this case, the electronic data processing device will also include a reader of said secure electronic entity and the complete software will be made available to the user in the form of two entities containing the two parts of the same program, ie ie the CD-ROM containing the main program and the microcircuit card containing the auxiliary program.

 Another interesting variant consists in making the main program available on an Internet-type telecommunication network and in associating with the electronic data processing device an information decoding modem connected to said network, in order to allow the downloading of the main program into a network. memory of said central unit. In this case, the authorized user receives (for example purchases) said secure electronic entity, that is to say typically the microcircuit card. Also, it is possible to load or download the auxiliary program in a secure electronic entity already used on said central unit. For example, a gaming provider on the Internet can provide its customers with a microcircuit card. With each new game purchase, the auxiliary program can be downloaded to this card by means of a secure protocol. This method of downloading a program into a microcircuit card throughout the lifetime is well known to those skilled in the art and is called "post-blindness".

<Desc / Clms Page number 4>

The customer can therefore use the same card to run multiple games and acquire a new game at any time.

 Another more specialized electronic data processing device may consist of a video game console provided that it is equipped both with a software support reader that is not necessarily copy-protected (for example a reader CD) and a reader of a secure electronic entity, for example a microcircuit card reader. The microcircuit card being by nature not "piratable" the user can implement the video game and edited in two parts only if he has both the CD and the microcircuit card. It becomes unnecessary to make copies of the CD.

 In addition, another device in which the invention can be implemented is a telephone equipped with a microcircuit card, including a mobile phone, or a device called "PDA" as defined above, equipped with a card with microcircuit.

 Advantageously, in order to execute the entire software without failure, the central unit may generate "APDU" commands or the like by executing the main program, for the execution of all or part of said auxiliary program. In return, said secure electronic entity will be arranged to generate corresponding "APDU" responses which will be sent back to the central unit for further execution of the main program. Any execution of the auxiliary program takes place entirely in the secure electronic entity, that is to say for example the microcircuit card. Only the answer necessary for the smooth running of the main program is sent back to the central unit.

 "APDU" commands and responses are known to those skilled in the art. It is a set of commands standardized in particular by the ISO 7816-4 standard. They are defined independently of the data transfer protocol. One distinguishes the instructions "APDU" which represent instructions sent to the card by the central unit and the answers "APDU" which are the answers of the card. In other words, the central unit sends "APDU" commands to the card, the card performs these instructions and returns the result to the central unit.

<Desc / Clms Page number 5>

An "APDU" statement contains a header and a body of arbitrary length that can be represented as follows:

<Tb>
<tb> CLA <SEP> INS <SEP> P1 <SEP> P2 <SEP> Lc <SEP> CH <SEP> The
<Tb>

CLA is a byte that defines the instruction class.

 INS is a byte that defines the instruction to be executed by the card.

 P1 and P2 are bytes that define the possible options of the instruction.

 The bytes defined above constitute the header of the instruction. The body of the instruction includes the following bytes: Lc is a byte that sets the length of the instruction field.

 CH is the actual instruction field. It contains the information sent to the card to enable it to process the instruction.

 The is a byte that sets the length of the instruction field of the "APDU" response that will be sent by the card.

An APDU response contains the following:

<Tb>
<tb> CHR <SEP> SW1 <SEP> SW2
<Tb>

CHR is the response field of the card.

 SW1 and SW2 give the return code of the instruction executed by the card. In the present case, it is possible to define a particular command (INS) which instructs the card to execute at least a portion of the auxiliary program.

This portion may be specified by P1 and P2 bytes or by using a portion of the CH field. The parameters or the additional data or more generally the context necessary for the execution of the portion of the auxiliary program B (in the case of functions, these are arguments of the function) can be provided to the card using the CH field.

 The invention will be better understood and other advantages thereof will appear more clearly in the light of the following description of several examples of an electronic data processing device according to its principle, given solely by way of example and with reference to the accompanying drawings in which:

<Desc / Clms Page number 6>

 - Figure 1 is a block diagram of a first embodiment of a device according to the invention; FIG. 2 illustrates a variant of FIG. 1; FIG. 3 illustrates another electronic data processing device forming a video game or the like; and FIG. 4 is a timing diagram illustrating the reconstitution of the software by interleaved execution of the main program and the auxiliary program.

 The electronic data processing device very schematically represented in FIG. 1 is constituted by a computer of the PC type whose central unit UC notably comprises a processor Pr coupled to a memory of the hard disk type, DD. The processor is also connected to a disk drive 15 capable of receiving software support that is not necessarily protected, for example, a disk of the CD-ROM type and with a reader 16 of a secure electronic entity. In the example, said secure electronic entity is constituted by a microcircuit card 17. In other words, the protected software is divided into two parts: a main program written on the disk 18 read by the reader 15 and executed by said central unit and at least one auxiliary program stored and executed in the secure electronic unit, i.e. in the card 17, as long as it is placed in the reader 16.

As indicated above, the main program written on the disk 18 and possibly transferred to the hard disk DD generates commands to execute all or part of said auxiliary program.

 To implement the software, the user places the disk 18 in the reader 15 and the card 17 in the reader 16. The processor optionally loads the main program into the hard disk DD and begins to run it. Whenever an "APDU" command is processed by the processor, it controls the execution of the auxiliary program or part of it in the card 17 itself. It receives and processes the corresponding "APDU" response. By way of example, FIG. 4 illustrates the reconstitution of the software from the execution of the main program A interspersed with executions of the auxiliary program B or at least a part of it. The execution of the software is shown schematically from left to right. A first part of the main program is executed in E. Then an "APDU" instruction is analyzed which

<Desc / Clms Page number 7>

 causes call A. B of the auxiliary program B which results in the execution E. B of this auxiliary program or part of it, according to the instruction.

Meanwhile, the execution of the main program E. A continues (if the software was designed for that). When the execution of the auxiliary program B is completed, a response R. B is generated and processed by the processor. The main program continues to be executed in E'A until the appearance of a new command "APDU" again constituting the call A. B of the auxiliary program. This is again executed in E. B at the same time that the execution E'A of the main program continues, until the elaboration of a response R. B which allows the continuation of the execution E. A of the main program and so on.

 FIG. 2 illustrates a simple variant of FIG. 1 where the analogous structural elements bear the same references and will not be described again. According to this variant, the central unit is associated with an information decoding modem 20 connected to a telecommunications network 22, for example of the Internet type. In this case, the main program is downloaded under the control of the processor into a memory of the central unit, for example the hard disk DD. The card reader 16 is connected to the processor as indicated with reference to FIG. 1. Once the downloading of the main program has been carried out, the software is executed exactly in the same way as in the previous example.

 FIG. 3 very schematically represents a video game console 25 equipped with a disk player 15a able to receive a disc 18a enclosing the main program. The game console further comprises a microcircuit card reader 16a adapted to receive a microcircuit card 17a. The video game is offered for sale in two parts, that is to say the disc 18a and the card 17a.

Any copy of the disc 18a is useless since the game can only work if the card 17a is present in the player 16a for the duration of the game, this card being deemed inviolable.

 Advantageously, one can use the technology "Javacard" to register the auxiliary program in a microcircuit card. This technology

<Desc / Clms Page number 8>

 allows you to develop applications regardless of the type of card. The technology "Javacard" develops an object-oriented language whose compilation produces a standardized code called "code byte" independent of the card on which will be installed the auxiliary program. The card has a "code byte" interpreter called a virtual machine, which makes it possible to execute an auxiliary program contained in its memory (of the EEPROM type) in the form of "code byte". In the language "Javacard", such programs are called "applets". These are small software interpreted on a virtual machine. The auxiliary program may therefore consist of "applets" stored in the card itself. These "applets" will also be executed in the map, as mentioned before.

 The installation of an applet is carried out by the card manufacturer, by the issuing organization of the card and possibly throughout the life of the card (mechanism called "post-blindness", in English) by one following procedures: - loading the applet by a trusted terminal; - loading the apple by any terminal using a secure connection to a trusted terminal; - secure installation loading: before installing an applet, the card checks the legitimacy of the apple by a digital cryptographic signature system.

Claims (13)

 1. An electronic data processing device comprising a central unit (CPU) capable of executing software, characterized in that it comprises a reader (16) of a secure electronic entity, in that such software includes the at least two parts: a main program executed by said central unit and at least one auxiliary program stored and executed in such a secure electronic entity (17) placed in said reader and in that said main program generates commands for execution of all or part of the said auxiliary program.  2. Electronic device according to claim 1, characterized in that said reader (16) of said secure electronic entity is a microcircuit card reader or the like.  3. Electronic device according to claim 1 or 2, characterized in that it comprises a central memory (DD) in which said main program is stored.  4. Device according to claim 2 or 3, characterized in that it comprises a reader (15) for software support not necessarily protected against copying, said main program being made available on such a support.  5. Device according to claim 4, characterized in that said software support reader (15) not necessarily protected is a CD-ROM disk drive or the like.  6. Device according to one of claims 3 to 5, characterized in that it is associated with a modem (20) for decoding information connected to a telecommunications network, for example of the Internet type, for downloading said program in a memory of said central unit.  7. Device according to one of the preceding claims, characterized in that, by executing said main program, said central unit (CPU) generates APDU commands or the like for the execution of all or part of said auxiliary program and in that said secure electronic entity (16) generates corresponding APDU responses, returned to said CPU. <Desc / Clms Page number 10>  8. Device according to one of claims 2 to 7, characterized in that it consists essentially of a computer equipped with a reader (16) microcircuit card aforementioned.  9. Device according to one of claims 2 to 7, characterized in that it consists essentially of a video game console (25) equipped with a reader (16a) microcircuit card aforesaid.  10. Software support characterized in that it comprises two entities containing two parts of the same program, respectively a main program and an auxiliary program.  11. Software support according to claim 10, characterized in that the entity which encloses said auxiliary program is a microcircuit card (17).  12. Electronic device adapted to receive a software support according to claim 10 or 11, characterized in that it constitutes a telephone, including a mobile phone.  13. Device adapted to receive a software support according to claim 10 or 11, characterized in that it constitutes a device called "PDA".