GB2122777A - Software protection apparatus and method - Google Patents
Software protection apparatus and method Download PDFInfo
- Publication number
- GB2122777A GB2122777A GB08217456A GB8217456A GB2122777A GB 2122777 A GB2122777 A GB 2122777A GB 08217456 A GB08217456 A GB 08217456A GB 8217456 A GB8217456 A GB 8217456A GB 2122777 A GB2122777 A GB 2122777A
- Authority
- GB
- United Kingdom
- Prior art keywords
- program
- memory
- decryption
- key
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/72—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/605—Copy protection
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
Apparatus for preventing the unauthorised copying of or tampering with software in a computer makes use of a tamper-resistant module (1) for decrypting an encrypted program in the computer memory (4). The tamper-resistant module includes a microprocessor (2) and decryption circuitry which together operate to decrypt and execute the program instruction by instruction in real time. The decryption circuitry includes a first memory for storing a decryption key and decryption algorithms, and a second memory for temporarily storing a memory map generated inside the tamper-proof module when a decryption key, prefixed to the encrypted program, is received. Elements of the memory map correspond to locations in the computer memory (4) and are individually combined with respective instructions in the program as they are read out of the computer memory, each instruction being decrypted in this way and then executed in the processor (2) before the next instruction is processed. The apparatus is also capable of decrypting a key which is itself in encrypted form, using for example a public key system. Advantages of the apparatus are that the decrypted program does not appear on conductors outside the tamper- resistant module, and that once the memory map has been generated, the program can be decrypted and executed in real time at a relatively fast rate. <IMAGE>
Description
SPECIFICATION
Software protection apparatus and method
This invention relates to apparatus and a method for inhibiting the unauthorised copying of or tampering with computer software. It is directed primarily to the protection of programs for industrial and business use.
The increasing use of microprocessors in equipment for industry and commerce has implications not only on the design of hardware but al#so the distribution and storage of software packages. The problem of protecting software from 'piracy' is particularly important in view of the increasing proportion of relatively small systems having for example two or three monitors and the consequent potential for unauthorised copying. Whilst advantages in the compatibility of systems are important for a software supplier, 'piracy' either aggressively or through more passive associations seriously limits the returns that the supplier may expect to gain.
Two principal methods have been applied to the problem of protecting software in an attempt to limit copying activities. The first is to make the copying of data from discs difficult to implement, but this has the disadvantage for the user who may then be unable to take back-up copies of his programs. Secondly, a number of modifications can be made to the computer hardware so that the software will only execute correctly if the appropriate response is received from the hardware. In the simplest case this may be a register that is read by the system to confirm some unique code, or in more complex cases may involve a set of instructions that actually define sequences in the copying process. Whilst both methods may deter the bona fide business user, they would be unlikely to prevent more determined efforts from succeeding.
It is an object of this invention to provide a device and a method for inhibiting the unauthorised copying of stored computer programs largely without preventing an authorised user from taking back-up copies for his own use.
According to a first aspect of this invention, there is provided computer data processing apparatus including a memory and a central processing unit for executing a program stored in the memory, characterised in that the processing unit is connected to decryption means, the said decryption means and the processing unit or part thereof comprising a tamper-resistant module. To take an embodiment of this invention as applied to a microcomputer, the tamper-resistant module preferably comprises an integrated or sealed unit including together a microprocessor and decryption circuitry arranged specifically to decipher incoming data signals encrypted in a particular way.The tamper-resistant module is connected to the memory in the same way that a microprocessor is connected to the memory in a standard microcomputer, and can be so designed that it may be used as a direct plug-in replacement for the microprocessor integrated circuit in the standard microcomputer when the microcomputer is to be used for executing encrypted programs.
By bringing the processing unit and decryption circuitry together in a tamper-resistant module and providing the user with an encrypted program, the program can be executed in the computer without the decrypted program appearing in the memory or on accessible electrical conductors. It can thus be arranged that the decrypted program exists only inside the tamper-resistant module where it is inaccessible to copying.
According to a second aspect of the invention a device for inhibiting unauthorised copying of or tampering with computer programs comprises a tamper-resistant module for replacing a central processing unit in a computer, wherein the module includes a processing unit, a decryption circuit, a data bus, and address bus for connection to an external memory unit in the computer.
According to a third aspect of the invention a method of inhibiting the copying or tampering with computer programs in a computer designed to execute such programs comprises: storing a program in a memory in the computer in encrypted form, and executing the said program by feeding it instruction by instruction to a tamper-resistant module including a central processing unit and a decryption device.
In a preferred embodiment of the invention, the tamper-resistant module contains a microprocessor chip and a RAM (random access memory) memory map. The protected software is supplied to the user encrypted using the DES algorithm, with the key to the DES algorithm prefixed to the software in encrypted form using the RSA Public Key system. The Public Key is uniquely defined for the particular tamperresistant module contained in the user's computer. (For a description of encryption and decryption using the DES algorithm, see Federal
Information Processing Standards (FIPS) publication 46 "Data Encryption Standard" published January 1977. The RSA Public Key system is disclosed in "A Method for Obtaining
Digital Signatures and Public Key Cryptosystems" by Rivest, Shamir and Aldeman
Communications of the Association for
Computing Machinery, February 1978).In operation the DES key is loaded into the tamperresistant module and decrypted. The decrypted key is then used in the DES algorithm to generate a local memory map in the RAM corresponding to at least a portion of a memory external to the module. When an encrypted program is fed into the module from the external memory, each opcode is exclusive-OR'ed with the corresponding code in the memory map to decrypt the op-code before presentation to the microprocessor chip.
The tamper-resistant module can be arranged to recognise an incoming encrypted program to put the above decryption operation into effect, or alternatively to by-pass the exclusive-OR function when the incoming program is not recognised as being encrypted.
The invention will now be described by way of example with reference to the drawings in which:
Fig. 1 is a simplified block diagram of apparatus in accordance with one aspect of the invention;
Fig. 2 is a block diagram of a tamper-resistant module;
Fig. 3 is a circuit diagram of part of the tamperresistant module showing a microprocessor, memory devices, a combining circuit and signal switching devices;
Fig. 4 is a circuit diagram of a memory selector circuit in the tamper-resistant module; and
Fig. 5 is a circuit diagram of decryption select logic.
Referring to Fig. 1 a system in accordance with the invention in a simplified form comprises a tamper-resistant unit 1 including a central processing unit (c.p.u.) 2 (in this case a microprocessor) and decryption means 3. The tamper-resistant unit 1 replaces the c.p.u. of a conventional computer, and like a conventional c.p.u., is connected to a system memory 4 which transfers program op-codes and data to and from the c.p.u. Permanent storage of programs and data is provided in this embodiment by a disc store 5. In operation of the system an encrypted program and data is loaded into the memory 4 from the disc store 5 and then fed instruction by instruction to the decryption means 3 and the c.p.u. 2. Preferably, only the op-codes are encrypted, since this makes the program relatively secure from cryptanalysis.
The tamper-resistant module 1 is shown in more detail in Fig. 2. The module is connected to the system memory by a data bus 10 and an address bus 12. Signals transmitted from the memory to the module on the data bus pass to the microprocessor c.p.u. via a switching means
14 either through an exclusive-OR (XOR) combiner stage 16 or via a bypass connection 18 in response to signals from select logic circuitry 20. The XOR stage 16 is also connected to an internal RAM 22 the purpose of which will be described below. Thus, signals on the data bus 10 entering the XOR stage 16 are combined in an exclusive-OR process with signals from the
internal RAM 22, the resultant signals then
passing along an internal data bus 24 to the c.p.u.
The data inputs of the c.p.u. can also receive
signals from a third source via the switching
means 14, this being an internal PROM 26 which
contains a program or programs for controlling decryption operations. The PROM 26, the internal
RAM 22 and the external memory 4 are
connected to the c.p.u. 2 by the common address
bus 12. The function of these elements will
become clear from the following description of
the decryption process.
The preferred encryption method which is
applied by the software supplier to the programs
delivered to the user is that described in the Data
Encryption Standard (DES) referred to in the introduction to this specification. In this method, the same algorithm (the 'DES algorithm') is used both to encrypt and decrypt the message. The algorithm is well known, but successful deciphering depends on knowledge of a key (the 'DES key') which was used in the algorithm to encrypt the message. In the present system the program op-codes are encrypted by the software supplier or dealer using the DES algorithm and a particular DES key. To transmit the DES key in a secure manner to the user, it is prefixed to the program in an encrypted form using a second encryption- process. This second encryption process is carried out according to the RSA method also referred to in the introduction.
In the RSA method, the message (in this case the DES key) is encrypted by a mathematical operation using a public encryption key which is associated with the recipient, i.e. the DES key is encrypted using the user's public key. Decryption can only be carried out by a private decryption key which cannot be derived from the public key. The private key is stored in the tamper-resistant module, in a second internal RAM 32 which is powered by a small battery.
Referring again to Fig. 2, when an encrypted program is fed to the tamper-resistant module, the DES key is first decrypted by the -c.p.u. 2 working in accordance with an RSA decryption program stored in the PROM 26. Further execution of the main encrypted program is then delayed while the DES key is used in the DES algorithm to generate a local memory map in the
RAM 22 under the control of a further program in the PROM 26. This operation complete, the DES encrypted program is then run with each op-code being subjected to an exclusive-OR operation in which it is combined with a mapped code from a location in the RAM 22 corresponding to the location of the op-code in the system memory 4 (Fig. 1). The result of the exclusive-OR operation is a decrypted op-code which passes through the switching means 14 to the c.p.u. instruction register.It should be noted that at no time does the decrypted op-code appear outside the tamper-resistant module. If the user wishes to make a back-up copy of the program, it is the encrypted program which is reproduced.
on'the decryption process described above the
DES is used in the cipher feedback mode in order to remove pattern repetition from the memory map. By generating the memory map before the program is run, decryption is carried out in two stages, a first stage which is not time-critical, and a second stage (the exclusive-OR operations) which is comparatively trivial and can be implemented in real time consistent with the normal clocking rate of the c.p.u.
Figs. 3, 4 and 5 are circuit diagrams of a tamper-resistant module in accordance with the invention. The circuit includes a number of individual integrated circuit chips but it should be understood that a circuit carrying out similar functions could be built into one or two purpose designed LSI chips to reduce unit costs in large scale manufacture.
The circuit shown is designed to be mounted as a sealed container inside an existing or new computer as a replacement for the Z80 microprocessor. The module is capable of retroactive refit, and for this purpose has a 40way header plug 30 (Fig.3) for connection with the standard 40-way microprocessor socket.
A number of subsidiary features of the circuit which do not appear in the block diagram of Fig. 2 include the provision of storage space in the second internal RAM 32 for use during execution of the RSA and DES algorithms, and a decoding circuit 34 (Fig. 5) for by-passing the decryption circuitry when accessing portions of the external memory containing CP/M operating system pointers.
Referring firstly to Fig. 3, the illustrated part of the circuit contains virtually all of the circuitry associated with the blocks of Fig. Z with the main exception of the select logic circuitry 20. The 40way header plug 30 brings in the system data bus
10, address bus 12 and the Z80 interrupt and control lines.
Signals entering the tamper-resistant module on the external data bus 10 are transmitted to an internal data bus 38 either directly via a transceiver device 40 or via a parallel pair of exclusive-OR combining devices 42 and 44 and a tri-state buffer switch 46. Transmission via exclusive-OR gates 42 and 44 occurs in response to input D on buffer 46 being active. This happens when the incoming signal is an encrypted opcode during execution of the main program. At other times during execution of the main program signals pass freely between the external data bus
10 and internal data bus 38 via transceiver 40 in
response to an active input C.
Prior to decrypting an incoming main program, it is necessary to decrypt the incoming DES key and generate the DES memory map in the first internal RAM 22. The programs for these operations are stored in PROM 26. Thus, initially the c.p.u. 2 executes internal programs in conjunction with PROM 26 and second RAM 32 without accessing the external memory. During this operation the RSA private key is looked up in the RAM 32 and the DES key decrypted. The DES is then used with the DES algorithm stored in the
PROM to build up the DES memory map in the first RAM 22 via buffer 48.
Once the memory map has been established, the main program can be run in the c.p.u. 2, the contents of the memory map being exclusive
OR'ed with incoming op-codes in gates 42 and 44.
Routing of signals on the data buses is controlled by the circuitry of Figs. 4 and 5. Fig. 4 shows a one-of-four selector device 49 for selecting and controlling the memory chips 26, 32 and 22 in response to address lines Al 2 and
A13 (internal~RAM/PROM select), an op-code detect signal B from op-code detect circuitry (Fig.
5), and a write signal WR from the c.p.u. 2.
The select logic circuitry in Fig. 5 includes an array of flip-flops 50 to 56 controlling the generation of interrupt signals INTR and INTR which are fed to the c.p.u. 2 when an incoming encrypted program is signalled. Generation of the interrupt signal causes the c.p.u. 2 to enter the internal program loop for generating the memory map. In this example it is assumed that an encrypted program will be prefixed by a restart instruction which is detected by AND gate 58.
However, any suitable recognition signal may be used in conjunction with means for detecting the signal.
The existence of an op-code on the data bus is signalled by the c.p.u. 2 to OR-gates 60 and 62 which activate output B (connected to selector device 49 in Fig. 4) and output D (connected to buffer 46 in Fig. 3) to select the decrypt operation.
Flip-flop 56 preset input is coupled to the microprocessor HALT and BUSACK outputs as a safeguard against possible interference with the c.p.u. 2 in an attempt to read out decrypted signals.
The address decoding circuit 34 detects accessing of addresses in memory associated with the CP/M operating system, and generates an output CPM for by-passing the decryption circuitry.
Claims (filed 13/6/83)
1. Computer data processing apparatus including a memory and a central processing unit for executing an encrypted program stored in the memory, characterised in that the processing unit is connected to decryption means, the decryption means and at least a part of the processing unit comprising a tamper-resistant module.
2. Apparatus according to claim 1, wherein the processing unit is a microprocessor.
3. A device for inhibiting unauthorised copying of or tampering with computer programs, comprising:
a tamper-resistant module at least part of a processing unit, a decryption circuit, and data and address busses for connection to an external
memory.
4. A device according to claim 3, wherein the tamper-resistant module is arranged to execute .encrypted instructions of a program fed to the
module from the data bus.
5. Computer data processing apparatus for
executing an encrypted computer program,
comprising:~
a program memory for storing the encrypted
program and a decryption key;
a central processing unit for executing the
program;
a decryption circuit;
a data bus coupling the program memory to
the decryption circuit; and
an address bus coupling the processing unit to
the program memory;
the decryption circuit and at least part of the
processing unit forming part of a tamper-resistant
module;
**WARNING** end of DESC field may overlap start of CLMS **.
Claims (24)
- **WARNING** start of CLMS field may overlap end of DESC **.designed LSI chips to reduce unit costs in large scale manufacture.The circuit shown is designed to be mounted as a sealed container inside an existing or new computer as a replacement for the Z80 microprocessor. The module is capable of retroactive refit, and for this purpose has a 40way header plug 30 (Fig.3) for connection with the standard 40-way microprocessor socket.A number of subsidiary features of the circuit which do not appear in the block diagram of Fig. 2 include the provision of storage space in the second internal RAM 32 for use during execution of the RSA and DES algorithms, and a decoding circuit 34 (Fig. 5) for by-passing the decryption circuitry when accessing portions of the external memory containing CP/M operating system pointers.Referring firstly to Fig. 3, the illustrated part of the circuit contains virtually all of the circuitry associated with the blocks of Fig. Z with the main exception of the select logic circuitry 20. The 40way header plug 30 brings in the system data bus 10, address bus 12 and the Z80 interrupt and control lines.Signals entering the tamper-resistant module on the external data bus 10 are transmitted to an internal data bus 38 either directly via a transceiver device 40 or via a parallel pair of exclusive-OR combining devices 42 and 44 and a tri-state buffer switch 46. Transmission via exclusive-OR gates 42 and 44 occurs in response to input D on buffer 46 being active. This happens when the incoming signal is an encrypted opcode during execution of the main program. At other times during execution of the main program signals pass freely between the external data bus10 and internal data bus 38 via transceiver 40 in response to an active input C.Prior to decrypting an incoming main program, it is necessary to decrypt the incoming DES key and generate the DES memory map in the first internal RAM 22. The programs for these operations are stored in PROM 26. Thus, initially the c.p.u. 2 executes internal programs in conjunction with PROM 26 and second RAM 32 without accessing the external memory. During this operation the RSA private key is looked up in the RAM 32 and the DES key decrypted. The DES is then used with the DES algorithm stored in the PROM to build up the DES memory map in the first RAM 22 via buffer 48.Once the memory map has been established, the main program can be run in the c.p.u. 2, the contents of the memory map being exclusive OR'ed with incoming op-codes in gates 42 and 44.Routing of signals on the data buses is controlled by the circuitry of Figs. 4 and 5. Fig. 4 shows a one-of-four selector device 49 for selecting and controlling the memory chips 26, 32 and 22 in response to address lines Al 2 and A13 (internal~RAM/PROM select), an op-code detect signal B from op-code detect circuitry (Fig.5), and a write signal WR from the c.p.u. 2.The select logic circuitry in Fig. 5 includes an array of flip-flops 50 to 56 controlling the generation of interrupt signals INTR and INTR which are fed to the c.p.u. 2 when an incoming encrypted program is signalled. Generation of the interrupt signal causes the c.p.u. 2 to enter the internal program loop for generating the memory map. In this example it is assumed that an encrypted program will be prefixed by a restart instruction which is detected by AND gate 58.However, any suitable recognition signal may be used in conjunction with means for detecting the signal.The existence of an op-code on the data bus is signalled by the c.p.u. 2 to OR-gates 60 and 62 which activate output B (connected to selector device 49 in Fig. 4) and output D (connected to buffer 46 in Fig. 3) to select the decrypt operation.Flip-flop 56 preset input is coupled to the microprocessor HALT and BUSACK outputs as a safeguard against possible interference with the c.p.u. 2 in an attempt to read out decrypted signals.The address decoding circuit 34 detects accessing of addresses in memory associated with the CP/M operating system, and generates an output CPM for by-passing the decryption circuitry.Claims (filed 13/6/83) 1. Computer data processing apparatus including a memory and a central processing unit for executing an encrypted program stored in the memory, characterised in that the processing unit is connected to decryption means, the decryption means and at least a part of the processing unit comprising a tamper-resistant module.
- 2. Apparatus according to claim 1, wherein the processing unit is a microprocessor.
- 3. A device for inhibiting unauthorised copying of or tampering with computer programs, comprising: a tamper-resistant module at least part of a processing unit, a decryption circuit, and data and address busses for connection to an external memory.
- 4. A device according to claim 3, wherein the tamper-resistant module is arranged to execute .encrypted instructions of a program fed to the module from the data bus.
- 5. Computer data processing apparatus for executing an encrypted computer program, comprising:~ a program memory for storing the encrypted program and a decryption key; a central processing unit for executing the program; a decryption circuit; a data bus coupling the program memory to the decryption circuit; and an address bus coupling the processing unit to the program memory; the decryption circuit and at least part of the processing unit forming part of a tamper-resistant module;wherein the decryption circuit includes a first decryption memory for storing a decryption algorithm, a second decryption memory for storing a decrypted copy of the program.
- 6. Apparatus according to claim 5, wherein the decrypted copy is a memory map having elements corresponding to program storage locations in the program memory, and wherein the apparatus includes combining means having an input coupled respectively to the data bus and the second decryption memory and an output coupled to the processing unit.
- 7. Apparatus according to claim 6, wherein the decryption circuit further includes a switching device coupled to the data bus for routing signals from the program memory to the processing unit so that the combining means is by-passed.
- 8. Apparatus according to claim 7, wherein the switching device has a control input coupled to an output of the processing unit for routing signals through the combining unit only when the signals represent a program instruction.
- 9. Apparatus according to claim 5, wherein the first decryption memory is a read only memory having a decryption program stored therein for generating the decrypted copy of the encrypted program using the said decryption key and the decryption algorithm.
- 10. Apparatus according to claim 6, wherein the combining means is operable to combine signals on the data bus with elements of the memory map by a reversible logic operation.
- 11. Apparatus according to claim 10, wherein the reversible logic operation is an exclusive-OR operation.
- 12. Apparatus according to claim 5, including means for decrypting the decryption key when the latter is itself in encrypted form in the program memory, the decryption circuit including means for storing a private auxiliary decryption key, means for recognising a public auxiliary encryption key in incoming signals, which public key is mathematically related to the private key, and means for decrypting the encrypted decryption key prior to generating the decrypted program copy.
- 13. Apparatus according to claim 12 arranged to decrypt the program using the DES Data Encryption Standard, and to decrypt the DES decryption key using the RSA Public Key system.
- 14. Apparatus according to claim 5, wherein the decryption circuit is arranged to decrypt the encrypted program such that the program can be run in real time, each program instruction being decrypted and fed to the processing unit for execution.
- 1 5. A method of inhibiting the copying of or tampering with computer programs in a computer designed to execute such programs, comprising the steps of: storing a program in a memory in the computer in encrypted form, and executing the program by feeding instructions in the program to a tamper resistant module including at least a part of a processing unit and a decryption device.
- 16. A method of inhibiting the copying of or tampering with a computer program in a computer designed to execute such programs, comprising the steps of: providing, in the computer, a tamper-resistant module containing a processing unit, or at least a part thereof, and decryption circuitry including a first decryption memory; encrypting a program using an encryption key; storing the encrypted program and the key in a memory in the computer, which memory is external to the tamper-resistant module; feeding the key and the encrypted program from the external memory to the tamper-resistant module and generating therefrom a decrypted copy of the program in the first decryption memory using the key; feeding the encrypted program to the tamperresistant module to decrypt the program; and executing the decrypted program in the real time in the processing unit; electrical signals representing the decrypted program being confined to electrical elements inside the tamper-resistant module.
- 17. A method according to claim 16, wherein the decrypted program copy comprises a decryption memory map in the first decryption memory, and wherein the encrypted program is combined with the memory map, increments of the encrypted program being fed sequentially to the combining means, each individual increment being combined and then executed before the next increment is combined.
- 18. A method according to claim 17, wherein the encryption step comprises encryption only of the instructions or op-codes of the program, data or operands remaining as plain text, and wherein execution of the program includes determining which signals fed to the tamper-resistant module are program instructions, and activating means for combining incoming signals with the memory map only when the incoming signals are determined as representing a program instruction.
- 19. A method according to claim 16, further including the steps of encrypting the key prior to storing the encrypted program and the key, and decrypting the key in the tamper-resistant module prior to generating the decrypted program copy.
- 20. A method according to claim 19, wherein encryption of the key is performed using a public key system, an auxiliary public key being stored in the external memory, and an auxiliary private key corresponding to the public key being stored in a second decryption memory in the tamper resistant module for decrypting the first mentioned key.
- 21. A method according to claim 20, wherein the program is encrypted using the DES algorithm and the key for generating the decrypted program copy is itself encrypted using the RSA public key system.
- 22. A method according to claim 21, wherein the encryption step includes using the DES algorithm in the cipher feedback mode.
- 23. Computer data processing apparatus constructed and arranged substantially as herein described and shown in the drawings.
- 24. A method of inhibiting the copying of or tampering with a computer program substantially as herein described,
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB08217456A GB2122777A (en) | 1982-06-16 | 1982-06-16 | Software protection apparatus and method |
FR8309866A FR2529000A1 (en) | 1982-06-16 | 1983-06-15 | METHOD AND DEVICE FOR PROTECTING COMPUTER SOFTWARE |
DE19833321910 DE3321910A1 (en) | 1982-06-16 | 1983-06-16 | DEVICE AND METHOD FOR PROTECTING SOFTWARE |
JP58109093A JPS5947646A (en) | 1982-06-16 | 1983-06-16 | Computer data processing apparatus and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
GB08217456A GB2122777A (en) | 1982-06-16 | 1982-06-16 | Software protection apparatus and method |
Publications (1)
Publication Number | Publication Date |
---|---|
GB2122777A true GB2122777A (en) | 1984-01-18 |
Family
ID=10531086
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
GB08217456A Withdrawn GB2122777A (en) | 1982-06-16 | 1982-06-16 | Software protection apparatus and method |
Country Status (4)
Country | Link |
---|---|
JP (1) | JPS5947646A (en) |
DE (1) | DE3321910A1 (en) |
FR (1) | FR2529000A1 (en) |
GB (1) | GB2122777A (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2146149A (en) * | 1983-07-19 | 1985-04-11 | Software Distribution Network | Secure copy method and device for stored programs |
GB2149944A (en) * | 1983-11-14 | 1985-06-19 | Softnet Inc | Software distribution |
GB2158622A (en) * | 1983-12-21 | 1985-11-13 | Goran Anders Henrik Hemdal | Computer controlled systems |
GB2165377A (en) * | 1984-09-19 | 1986-04-09 | Itt Ind Ltd | A computer element |
GB2204970A (en) * | 1987-05-19 | 1988-11-23 | Gen Electric Co Plc | Data storage system |
GB2205667A (en) * | 1987-06-12 | 1988-12-14 | Ncr Co | Method of controlling the operation of security modules |
EP1202150A2 (en) * | 2000-10-31 | 2002-05-02 | Kabushiki Kaisha Toshiba | Microprocessor with program and data protection function under multi-task environment |
CN100517417C (en) * | 2001-07-25 | 2009-07-22 | 松下电器产业株式会社 | Deciphering equipment, deciphering equipment making method and providing system |
US20100251363A1 (en) * | 2009-03-24 | 2010-09-30 | Rade Todorovic | Modified file tracking on virtual machines |
CN111868724A (en) * | 2017-12-12 | 2020-10-30 | 约翰·阿尔梅达 | Virus immunization computer system and method |
CN117892265A (en) * | 2024-03-15 | 2024-04-16 | 沈阳市蔚然科技有限公司 | Digital media copyright protection method and system for intelligent terminal |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0121853A3 (en) * | 1983-04-04 | 1988-01-13 | BURROUGHS CORPORATION (a Delaware corporation) | Data processing system having public encryption and private decryption keys |
EP0171456A1 (en) * | 1984-08-17 | 1986-02-19 | Thomas O. Westheimer | Computer software protection system |
DE3432721A1 (en) * | 1984-09-06 | 1986-03-06 | Ruediger Hahn | Data-protecting standard microprocessor |
EP0184023A1 (en) * | 1984-11-13 | 1986-06-11 | Software Protect Ltd. | Method and apparatus for the protection against unauthorized operation of protected programmes in a microcomputer |
AT390148B (en) * | 1985-08-22 | 1990-03-26 | Novomatic Automatenindustrie U | ARRANGEMENT FOR DECRYLING COMMANDS |
FR2644261B1 (en) * | 1989-03-09 | 1994-06-10 | Vernois Goulven | DEVICE FOR TRANSFERRING DECODING CODING OF COMPUTER FILES |
WO1990010908A1 (en) * | 1989-03-09 | 1990-09-20 | Vernois Goulven | Data processing device for the security of copyrights |
FR2666160B2 (en) * | 1990-08-21 | 1994-08-12 | Vernois Goulven | DEVICE FOR ANTICIPATING THE NEEDS OF A DECODING MODULE AND ORGANIZING FILES AND PROGRAMS WITH A VIEW TO THIS ANTICIPATION. |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0008033A1 (en) * | 1978-07-24 | 1980-02-20 | Best, Robert MacAndrew | Microprocessor for executing enciphered programs |
US4262329A (en) * | 1978-03-27 | 1981-04-14 | Computation Planning, Inc. | Security system for data processing |
WO1981002351A1 (en) * | 1980-02-04 | 1981-08-20 | Western Electric Co | Digital computer |
-
1982
- 1982-06-16 GB GB08217456A patent/GB2122777A/en not_active Withdrawn
-
1983
- 1983-06-15 FR FR8309866A patent/FR2529000A1/en not_active Withdrawn
- 1983-06-16 DE DE19833321910 patent/DE3321910A1/en not_active Withdrawn
- 1983-06-16 JP JP58109093A patent/JPS5947646A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4262329A (en) * | 1978-03-27 | 1981-04-14 | Computation Planning, Inc. | Security system for data processing |
EP0008033A1 (en) * | 1978-07-24 | 1980-02-20 | Best, Robert MacAndrew | Microprocessor for executing enciphered programs |
WO1981002351A1 (en) * | 1980-02-04 | 1981-08-20 | Western Electric Co | Digital computer |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
GB2146149A (en) * | 1983-07-19 | 1985-04-11 | Software Distribution Network | Secure copy method and device for stored programs |
US4550350A (en) * | 1983-07-19 | 1985-10-29 | Software Distribution Newtork, Inc. | Secure copy method and device for stored programs |
GB2149944A (en) * | 1983-11-14 | 1985-06-19 | Softnet Inc | Software distribution |
GB2158622A (en) * | 1983-12-21 | 1985-11-13 | Goran Anders Henrik Hemdal | Computer controlled systems |
GB2165377A (en) * | 1984-09-19 | 1986-04-09 | Itt Ind Ltd | A computer element |
GB2204970A (en) * | 1987-05-19 | 1988-11-23 | Gen Electric Co Plc | Data storage system |
GB2205667B (en) * | 1987-06-12 | 1991-11-06 | Ncr Co | Method of controlling the operation of security modules |
US4849927A (en) * | 1987-06-12 | 1989-07-18 | Ncr Corporation | Method of controlling the operation of security modules |
GB2205667A (en) * | 1987-06-12 | 1988-12-14 | Ncr Co | Method of controlling the operation of security modules |
EP1202150A2 (en) * | 2000-10-31 | 2002-05-02 | Kabushiki Kaisha Toshiba | Microprocessor with program and data protection function under multi-task environment |
EP1202150A3 (en) * | 2000-10-31 | 2003-07-30 | Kabushiki Kaisha Toshiba | Microprocessor with program and data protection function under multi-task environment |
US7065215B2 (en) | 2000-10-31 | 2006-06-20 | Kabushiki Kaisha Toshiba | Microprocessor with program and data protection function under multi-task environment |
US7673152B2 (en) | 2000-10-31 | 2010-03-02 | Kabushiki Kaisha Toshiba | Microprocessor with program and data protection function under multi-task environment |
CN100517417C (en) * | 2001-07-25 | 2009-07-22 | 松下电器产业株式会社 | Deciphering equipment, deciphering equipment making method and providing system |
US20100251363A1 (en) * | 2009-03-24 | 2010-09-30 | Rade Todorovic | Modified file tracking on virtual machines |
US9177145B2 (en) * | 2009-03-24 | 2015-11-03 | Sophos Limited | Modified file tracking on virtual machines |
CN111868724A (en) * | 2017-12-12 | 2020-10-30 | 约翰·阿尔梅达 | Virus immunization computer system and method |
CN117892265A (en) * | 2024-03-15 | 2024-04-16 | 沈阳市蔚然科技有限公司 | Digital media copyright protection method and system for intelligent terminal |
CN117892265B (en) * | 2024-03-15 | 2024-05-31 | 沈阳市蔚然科技有限公司 | Digital media copyright protection method and system for intelligent terminal |
Also Published As
Publication number | Publication date |
---|---|
DE3321910A1 (en) | 1984-03-01 |
FR2529000A1 (en) | 1983-12-23 |
JPS5947646A (en) | 1984-03-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
GB2122777A (en) | Software protection apparatus and method | |
EP0583140B1 (en) | System for seamless processing of encrypted and non-encrypted data and instructions | |
US5828753A (en) | Circuit and method for ensuring interconnect security within a multi-chip integrated circuit package | |
US9727709B2 (en) | Support for secure objects in a computer system | |
USRE40694E1 (en) | Apparatus and method for re-encrypting data without unsecured exposure of its non-encrypted format | |
US5915025A (en) | Data processing apparatus with software protecting functions | |
EP1964316B1 (en) | Secure system-on-chip | |
CA2100234C (en) | Commercial data masking | |
KR100837270B1 (en) | Smart card and data security method thereof | |
US5214698A (en) | Method and apparatus for validating entry of cryptographic keys | |
EP0175487A2 (en) | Software protection device | |
WO1997039552A9 (en) | An apparatus and method for re-encrypting data | |
US8656191B2 (en) | Secure system-on-chip | |
US7103769B1 (en) | IEEE 1394 link layer chip with “5C” authentication and key exchange accelerator | |
KR20020071274A (en) | Universal Serial Bus(USB) security secondary storage device using Crypto Chip and Flash memory based on PC | |
CN114520740B (en) | Encryption method, device, equipment and storage medium | |
JP2001265744A (en) | Device and method for processing data | |
CN118473796A (en) | Data transmission method and storage medium applied to port network security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WAP | Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1) |