MXPA98000385A - Protection of computer programs against unauthorized use - Google Patents

Protection of computer programs against unauthorized use

Info

Publication number
MXPA98000385A
MXPA98000385A MXPA/A/1998/000385A MX9800385A MXPA98000385A MX PA98000385 A MXPA98000385 A MX PA98000385A MX 9800385 A MX9800385 A MX 9800385A MX PA98000385 A MXPA98000385 A MX PA98000385A
Authority
MX
Mexico
Prior art keywords
algorithm
key
computer
program
external unit
Prior art date
Application number
MXPA/A/1998/000385A
Other languages
Spanish (es)
Other versions
MX9800385A (en
Inventor
Arild Haglund Magne
A Oleshchuk Vladimir
Sigbj Rnsen Sigurd
Original Assignee
Sigbjoernsen Sigurd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from NO952795A external-priority patent/NO302388B1/en
Application filed by Sigbjoernsen Sigurd filed Critical Sigbjoernsen Sigurd
Publication of MX9800385A publication Critical patent/MX9800385A/en
Publication of MXPA98000385A publication Critical patent/MXPA98000385A/en

Links

Abstract

A device for protecting the computer program, particularly the application computing program freely distributed against the use without permission of the owner of the copyright. By coding the computer program using a key (k1) that is different from that key (k2) that is used in the decoding, the best protection against unauthorized use is obtained when the decoding key is kept secret by the user. The additional improved security is achieved by additionally executing the combination-separation of the communication between the computer in which the computer program is used and the external unit in which the decoding key is stored. Likewise, the external unit is placed so that it returns to the main computer, the result of its processing of data received from the main computer, the result being used in the additional execution of the respective program.

Description

PROTECTION OF COMPUTER PROGRAMS AGAINST UNAUTHORIZED USE CAM PO TÉCN ICO The present invention relates to the protection of computer programs, in particular freely distributed application programs, against the unauthorized use of the copyright owner; and refers in particular to a method to prevent unauthorized use of the software on a computer; a method or device for preparing computer programs for use in a computer only with a corresponding authorization; and a method and device for enabling authorized use of computer programs in a computer that has been prepared in accordance with an aspect of the invention. The copying of computer software piracy, particularly in computer programs adapted to operate on personal computers, is an extensive problem for the vendors of computer programs that cost them large amounts of money annually. The conventional methods used to protect computer programs against unauthorized use by requesting an access key for installation or operation of a specific computer program or program package, for example, has not provided sufficient security, therefore, a provision It makes it possible to use a certain computer program or a computer program package only if the permission of the owner of the copyright really exists, which would be of great importance.
PREVIOUS TECHNIQUE Several attempts have already been made to establish provisions in which the simple typing of the code word required is not sufficient to obtain access to a program, for example, systems have been proposed that require a special hardware unit that is connected to a computer. the computer to make it possible to use a given program. This unit can take the form of a blind bolt (also called a "dongle"), for example, which is directly connected to one of the input-output terminals of the computer and which contains fixed tables, identity numbers or similar, stored in an internal memory from whose information the request for an additional programmed routine is included for this purpose in the application program in question. The unit can also take the form of a card reading station or the like, in which a card is inserted, the material stored on the card in principle being similar to that of the previous blind pin. Usually, the verification procedure involves the additional routine of the program making a direct comparison of the identity of the program, for example, and a corresponding article of information present in the stored table. An example of such an arrangement is described in the published patent application DE No.44 19 115, where the matter stored in a microcircuit is read and if the expected content exists, this fact is considered as sufficient proof of identity for the use of the Program. The verification can be done when a program is installed or during the use of it. The published patent application, DE No. 42 39 865, describes a similar system that also provides an arrangement whereby the number of computer program facilities executed is recorded, making it possible to limit the number thereof. The additional routine that can be included in the computer program components has the main disadvantage of all known devices. By simply removing such routines, the computer program will operate normally and protection against unauthorized use will be lost. Likewise, during the exchange of data between the computer processor and the memory of the unit or card, it is possible to observe the information, and as the course of this information is changed the same each time the program is used, it is possible Also reveal the material stored in the external memory. I nclusive if the contents of the memory are encoded in one way or another, such recurrence through the communication interface makes it possible to mutate a corresponding hardware unit, for example, or "break the code" by means of the relatively modest computing energy. In the arrangement described in the patent application G B No. 2 163 577 published, some of the defects of the above type of hardware units are avoided by employing certain coding techniques and accommodating various means of storage, as well as a processor in an alteration-proof housing. The processor in the housing makes use of a decoding key that is stored in the housing and of instructions that are also stored in the housing to decode and execute by themselves, an encoded application program or program module transferred from the computer central to which the housing is connected. With respect to the coding technique itself, the arrangement according to GB Patent Application No. 2 163 577, uses an algorithm called DES (DES-Data Encyption Standars, Bureaw of standard, USA, 1977) for the coding of the program of application computation and the corresponding reverse DES algorithm to decode it, so that one and the same key is used for both coding and decoding. Therefore, the standard, DES is symmetric and security resides only in the key itself. Therefore, in order not to displace this security, the coding of the DES key is proposed in the GB patent application. For this purpose an RSA algorithm (RSA-Rivest, Shamir, Adieman) is used that has two different keys, that is, one for coding and the other for decoding, the deduction of one key from the other being practically impossible. Therefore, the RSA coding system is an asymmetrical two-key system (also called a public-key / key-code coding system) and in the case of the arrangement according to GB Patent Application No. 2 163 577, it uses only one key that by itself can be known (the public key) to code the DES key while another key that the user should not know (the private or secret key) is used to decode the DES key. The last key, ie the secret key, is stored in a memory in the tamper-resistant housing and is recorded by the processor in the housing when it is necessary to decode encoded DES keys each of which belongs to an encoded application program for the purpose of being able to execute such an application program. In an arrangement according to GB Patent Application No. 2 163 577, however, it is also possible to monitor the communication between the external unit and the main computer, and the course of the communications is identical each time the same is executed. codified program module. Since the complete program modules are coded and such modules make up a relatively large part of the computer application program, this type of predictable recurrence through the communication interface, helps in the identification of the respective program modules that can easily be separated from the rest of the computation program to be processed, for example in an off-line mode, for the purpose of decoding the coded program module once and for all. Furthermore, the external decoding of storage and execution of the entire application program would take an unacceptably long period, unless the circuits in the housing possess a sufficiently high data processing capacity and communication with the personal computer from which the Program modules originate, be very fast. An object of the present invention is to provide a coding arrangement, given by the providers and / or owners of the computer program, an improved possibility of protecting its product against unauthorized use and not suffering from the disadvantages of the prior art. , so that the computer program can be copied and distributed without restrictions, although it can not be used unless the necessary permission is present. A further object of the invention is to provide a coding arrangement of a universal nature that is capable of accommodating not only the computer program modules, but the complete program packages, where the permission of use, can be assigned in different levels, such as the selected parts of a program package. These and other objects will appear clearer from the following description of the examples, of the preferred embodiments, of the present invention as seen in connection with the accompanying drawings.
DESCRIPTION OF THE NONDION A first general aspect of the present invention relates to a method for preventing the unauthorized use of computer programs in a computer, the method comprises the steps of: - decoding at least a part of the computer program according to a first algorithm and - decoding the coded part of the counting program according to a second algorithm, the second algorithm together with a key to be used in the decoding of the coded part of the counting program that is stored in an external unit adapted to be connected to the computer, the external unit comprising at least a computer-readable storage medium and a processor of its own, the method being characterized in that the decoding according to the second algorithm is executed using a second key stored in the external unit , the second key being different from a first key used in the execution of the code ation of the part of the computer program according to the first algorithm. Another aspect of the present invention relates to a method for preparing computer program, particularly the computer program intended for free distribution, for use only in a computer with a corresponding authorization, the method comprises coding according to a first algorithm of at least a part of the computer program which by means of the use in the computer is decoded according to a second algorithm, the method being characterized in that a key used for coding according to the first algorithm is a first key that is different from a second key that is used in the execution of the decoding according to the second algorithm of that part of the computation program that is coded according to the first algorithm and the first key. In this second aspect, the invention also relates to a device for the preparation of the computer program, particularly the computer program intended for free distribution to be used only in a computer with a corresponding authorization, the device comprises: - means of coding that performs the coding of at least a part of the computer program according to a first algorithm and a first key, and - an external unit adapted to be connected to the computer, the external unit comprises at least one processor of its own and a computer readable storage medium for storing a second algorithm and a key and being positioned to execute the decoding of the encoded part of the computer program according to the second algorithm and the key, the device being characterized in that it also comprises means generators to provide a second algorithm, a second cl bird destined to be used in the decoding according to the second algorithm, the second key being different from the first key used by the coding means in the execution of the coding of such part of the computer program according to the first algorithm . A third aspect of the invention relates to a method for making the authorized use possible in a computer, of the computer program, particularly the freely distributed computer program, which is prepared according to a mode of the second aspect of the invention. nvention, the method comprises connecting an external unit to the computer, the external unit comprises at least one means of storage eligible for computer and a processor of its property, and a second algorithm and a key to be used in the decoding of the part encoded from the computer program that is stored in the external unit. According to the invention, the method is characterized in that the computer in the execution of that part of the computer program that is encoded according to the first algorithm, finds a call sequence, and a similar instruction, which causes a jump to an entry point corresponding to such object code II In addition, this object code is used for the computer to establish a communication channel to the external unit through which the channel of the coded part of the computer program is transferred in a first transfer session to the external unit to be decoded by the processor that owns the units according to a second algorithm and a second key, both of which are stored in the external unit, the second key being different from the first key used in the execution of the coding of such part of the computer program according to the first algorithm and the described computer program that is being processed in the external unit and the result transferred in a second session of transfer in the opposite direction through the communication channel for further use in the computer . In this third aspect, the invention also relates to a device for making the authorized use of the possible computer program, particularly the freely distributed computer program, prepared by means of a device according to the second aspect of the invention, the device it comprises a computer adapted to serve as a main computer for an external unit that at least comprises a processor of its own and a computer readable storage medium and which is intended to be connected to the main computer for communication with it. According to the invention, this device is characterized in that the external unit comprises decoding means adapted to execute the decoding according to the second algorithm and the second key produced by the generating means, the second key being different from the first key by means of the encoding means in the execution of the coding of part of the computation program according to the first algorithm. By means of the methods and devices according to the invention a provision is made which makes the use of the computer program more difficult, so that in the form of a computer program or a computer program package, without the permission of the owner of the computer program. copyright does not exist. As appears from the description below and other patent claims, impediment to unauthorized use according to the invention can also be made even more secure so that it can be almost impossible to use the computer program which is processed in accordance with such Additional features of the invention, if the necessary authorization is not present.
BRIEF DESCRIPTION OF THE DIAMETERS In the following description, reference is made to the drawings and annexes, in which: Figure 1 illustrates a preferred hardware configuration according to the invention, Figure 2 is a simplified general computation program diagram according to the invention. Figure 3 illustrates schematically how a common command or execution file (EXE file) is generated without coding. Figures 4 and 5 illustrate schematically how the coding on the level of the source code can be carried out according to the invention. Figure 6 illustrates schematically the division of the computation program on a magnetic storage disk and a random access memory (RAM), respectively; Figure 7 schematically illustrates the use of the protected computing program in a computer, Figure 8 shows a example of a coding process of the type shown in Figures 4 and 5, Figure 9 schematically illustrates the use of the protected computation program in a computer, Figure 10 illustrates schematically an application area that includes access or access verification or authentication, and Figure 11 is a flowchart schematically illustrating a course of processes including coding-decoding and combining-separation according to a preferred embodiment of the invention.
DESCRI PTION OF THE MODALI DADES PREFERI DAS Reference is first made to Figure 1 which illustrates a preferred hardware configuration of the invention and which shows a computer that has the form of a work station or personal computer (PC) that serves as a computer according to the invention. In the Figure, an external unit according to the invention is shown to be in the form of a card reader or processor, particularly for Smart Cards, provided with a commercially available integrated microprocessor, for example of type CCA12103, the unit being included in the computer displayed or placed in a separate unit of equipment, connected to the computer through a serial connection or in parallel.
Figure 1 also illustrates that the secured computing program can be distributed through different types of data networks for which the computer can establish a connection, such as wide area networks (WAN), local area networks (LAN) , and, in particular, the Internet. Likewise, the computer program can in fact, as usual, be distributed over flexi-discs and / or CD-ROMs (read-only compact laser discs). In any case, the computer program can be copied and installed without restrictions. Since the computer program is protected against unauthorized utilization, there is no need for any type of copy protection of the computer program as it may often be in other cases. Here, the authorization is included in the smart card and is not available to anyone other than the computer system provider that installs them with the necessary decoding algorithms and keys on the card. Therefore, the permission to use a certain computer program is on the card not in the respective program or in another part of the computer program. From Figure 2 which shows a simplified general layout, it appears that an arrangement according to the invention can be seen to comprise: 1. the computer program protected against unauthorized use (the protection, although not the interference with the copying thereof), 2. a smart card (or similar) that holds the algorithm and the key for the decoding of the computer program in question, and 3. the special computing program for communication between the protected computing program (1) and the smart card (2) (ie, the object code added in the specifications in the claims). The protection is provided through the insertion in different locations of the computer program, of the so-called smart card program or for the special computation program in the card layout, which thus obtains the necessary information to process correctly in the execution of the protected program. For example, this information can certify parameters that are used when the program is executed and that is determined by those who wish to protect their computer program. Because it is necessary for the computer program to work properly, such program calls can not be withdrawn. The interaction of the protected program with the smart card is controlled by the special computation program (object code), registered within this program's data library when it encodes the original program. This special computing program can also provide the combination of communication between the computer and the smart card. Figure 3 shows how a common command or executable file (EXE file) is generated without coding and Figures 4 and 5 each in its own form, describing how the coding can be carried out at the source code level according to with the invention. Figure 6 illustrates that the computation program itself is placed on a magnetic storage disk, considering the special program (object code or data library) that is supplied to the random access memory (RAM) of the computer. Figures 7 and 9 illustrate such processes that take place when the protected computing program is used in a computer. Figure 8 shows an example of a coding process of the type shown in Figures 4 and 5. Here, it is assumed that the source code is present in a high level programming language such as Pascal, C, Modula or the like. It is the source code that is encoded thus protected against unauthorized use in the source code a few parameters are selected that are encoded by means of a coding function g. For example, a 1H expression, x: = y + 10, present in a command in the unprotected source code can be represented as: C: = decoding (g (10) + t), x: = y + (CT), where: g ( 10) is a coded parameter, and T is a variable, the random value of which, in this case, is embedded from the existing smart card. To obtain a correct value of x the protected program must reach a value of C, which must be equal to 1 0 + T. The decoding program is localized in the "special computer program" (the object code added) that constitutes a part of the protected computing program (see Figure 5). The special computing program also includes the combination and separation of functions which are denoted f and f1 here, as well as the programs for communication with the smart card (see Figure 7). In communication with the smart card, functions f and f1 use keys that are recorded from the smart card, the smart card that contains: - a number generator to produce a random value of variable T located in the protected computation program, - a secret key for the g-1 decoding function. an algorithm for the decoding function 9 -. 9 -1 and, -one or more keys for functions f and f1. It should be noted that the coding function g and the decoding function g ~ 1 represent a public key coding system that is not symmetric. This means that the decoding function g uses a public key that can be known, this key, however, is not enough to get to the decoding function g ~ 1 (neither its algorithm nor its key). Therefore, the algorithm and the key for the decoding function g ~ 1 is placed on the smart card, from which they are never transmitted. It is required that the functions f, f1, g, g "1, be commutative (that is, they are interchangeable without altering the value.) Here that means that they can have the following property: f1 (gi (f (g (?)» ) * * When a program protected in this way is used in a computer, the execution of the program starts as usual (Figure 7), through the communication with the smart card, a value of the variable T and the keys for the functions fo f '' are recorded within the counting program, the execution of the program continues later as usual, the moment the execution reaches a coded parameter ((g (10) in the example shown), the value ( g (10) + T)) is sent to the special computation program that also carries f (g (10) + T) -T) to the intelligent card.In the smart card, the value of g "1 ((10 ) + T) -T) is calculated, and this value is returned to the special computation program. By means of the special computation program f1 (g '^ UI OJ + TJ-T))) it is calculated after, being equal to x + T; and this result is supplied to the protected program as parameter C for the use of the program. Having this type of coding-decoding arrangement according to the invention, the following advantages and possibilities are realized: -Great flexibility for the use of intelligent cards. -The authorization of smart cards (ie users) can be provided by the importers or agents connected by the producers of the computer program. A smart card may contain licenses, or permissions at various levels of several computer program packages that have the same format and authentication algorithms. A first level of coding employing a non-symmetric double-key encoding arrangement (public key / private key coding system), such as the RSA coding system, whereby the key is available only to the program producer of the program. computation, and the private key is a secret key that the manufacturer of the smart card records within the read-only memory (ROM) of the smart card according to the specifications given by the producer of the computer program. The private key can be different for each program package. -A non-symmetric encoded authentication key that is transferred to the smart card when the operation of the protected computing program starts and which is decoded on the smart card by means of a private key No.O to initiate an authentication process on the card intelligent. -The coding at the source code level, which makes the provision independent of the operating system. By coding small parts or fragments, only files, such as command files, it is difficult to identify those parts of the computer program that are coded for the purpose of attacking such parts in one form or another. Also, decoding algorithms and keys are easily recorded on the smart card. -A second level of coding by which the communication between the main computer and the smart card is such that it becomes difficult to trace any meaning from that communication by registering it. The algorithms to be used are both located in the protected computing program and in the smart card and the coding keys and the decoding keys are both located on the smart card, that is hidden for the user. The coding algorithm and the key may be different for several types of computer program. Figure 10 serves to demonstrate that the application area of the arrangement according to the invention is also extended to cover access verification or authentication for example, as additional possibilities that may also exist. In such an embodiment of the invention, the computer program for being protected can be provided with an encrypted authentication key using a public key and an identification number for the package of the computer program in question. Then, the external unit, such as that of the smart card, would contain the description algorithms that are preferably masked programs, and a private key No. 0 (in the ROM) to be used to decode the authentication key, as well as a access or authentication table that can be configured as the table shown below.
PID AoL (Program ID No.) (Access Level) (Private Key) PID (1) AoMi) PK (I) PID (2) AftL (2) PK (1) PID (3) Act (3) PK ( 3 > Pin (p) AcL (n) PK (n) In the Table, PI D denotes the identity number of the computer program, so that different programs are assigned with different identity numbers which may also continue the version number of the respective computer program products, or if my lares, for example. AcL denotes the level of access or status, such as: -two different levels, primarily the allowed access and the non-allowed access. - a limited number of times that the respective program can be run, - a time limit for the use of a program, for example an expiration date of the permit, - access to a variant cut only from the program, for example a demo- variant. The entries in the access level column, AcL, of the table are amended by the importer agent of the computer program product, for example.
In the PK private key column, the computer program protector specifies the secret keys to be used in the decoding of the coded fragments dependent on the identity number, PI D, or the counting program. The secret keys are programmed masked on the smart card and are not available to any other person. Figure 1 1 is a flow chart using a mainly complete course of processes according to a preferred embodiment of the invention, the steps being: -the coding of the source code (g1, k1) -the combination of the data encoded (g3, k3), -the transfer of the combined encoded data to the external unit and the separation thereof (g4, k4), -the decoding of the transferred and separated data (g2, k2), -processing the decoded data and combine the results (g5, k5), -transfer of the combined result to the main computer and the decoding of the same (g6, k6), and -emit the decoded result for later use. In the examples shown of the embodiments of the invention, a smart card constitutes the preferred implementation of the external units indicated in the following claims. This is very simple since the smart card technology is considered to be the greatest protection against alteration of the algorithms, keys, a.s. or, which necessarily have to be stored in the external unit or in a separate article, according to the appended claims. The small number of manufacturers of such cards in the world and the large values that are available for the use of such cards, in particular cards that have the form of payment transaction cards, contribute greatly to the fact that the knowledge required for facilitating such cards will not be readily available to people who have dishonest intentions. However, this does not prevent a possible development of new techniques that may be fair or better suited for the purpose of the present invention. Therefore, the patent claims are intended to also cover such future external units and separate items indicated in the claims that can provide at least the same degree of security as the smart card now preferred.

Claims (27)

  1. CLAIMS 1 . A method for avoiding the unauthorized use of the computer program in a computer, the method comprising the steps of: - decoding at least a part of the computer program according to a first algorithm, and - decoding the codified part of the program of computation according to a second algorithm, the second algorithm together with a key to be used in the decoding of the coded part of the counting program that is stored in an external unit adapted to be connected to the computer, the external unit comprises less a computer readable storage medium and a processor of its property, characterized in that the decoding according to the second algorithm (g2) is executed using a second key (k2) stored in the external unit, the second key being different from a first key (k1) used in the execution of the decoding of this part of the computer program according to the first algorithm (gi)
  2. 2. The method according to claim 1, characterized in that the coding of such part of the counting program according to the first algorithm (g1) is executed on the source code of the respective counting program before compilation and joining, or during similar processing steps that produce an executable program and at least at the same time that add the data library to the executable program of an object program with respect to communication with the external unit.
  3. 3. A method according to claim 1 or 2, characterized in that the decoding of the coded part of the counting program that is executed according to the second algorithm (g2), takes place when the computer in the execution of such counting program finds a call sequence, or a similar instruction, causing a jump to an entry point corresponding to such aggregate object codes, whereby a communication channel is established between the computer and the external unit by using the added object code, through which the communication channel of the coded part of the software is transferred in a first transfer session to the external unit to be decoded by the processor units, the decoded computer program that is processed in the external unit and the result transferred in a second transfer session to the opposite direction through the common channel ication for additional use in the computer.
  4. 4. A method according to claim 3, characterized in that the method further comprises: a step wherein the part of the computation program that is coded according to the first algorithm (g1), before the first transfer session, is triggered when combined according to a third algorithm (g3) and a third key (k3), the third key (k3) being advanced in a number which, for the respective transfer session, is randomly selected and preferably produced by the external unit, and - a step where the part of the computer program that is coded according to the first algorithm (g1), and which is combined according to the third algorithm (g3) and transferred to the external unit in the first transfer session, is triggered to be separated in the external unit according to a fourth algorithm (g4) and a fourth key (k4), the fourth key (k4) being based on the randomly selected number for the third key (k3), and the fourth algorithm (g4) being the inverse algorithm of the third algorithm (g3).
  5. 5. A method according to claims 3 and 4, characterized in that the method further comprises: - a step wherein the result produced in the external unit on the progress of that part of the computation program that is decoded according to the second algorithm (g2), before the second transfer session is triggered to be combined according to a fifth algorithm (g5) and a fifth key (k5) the fifth key (k5) being based on a number which, for its respective transfer session is selected randomly and preferably provided by the external unit, and - a stage where the result produced in the external unit on the basis of that part of the computer program that is decoded according to the second algorithm (g2) and which is combined according to the fifth algorithm (g5) and transferred to the computer in the second transfer session, it is triggered to be separated in a coputer according to a sixth algorithm (g6) and a sixth key (k6), the sixth key being based on a randomly selected number for the fifth key (k5), and the sixth algorithm (g6) being the inverse gorithm of the fifth algorithm (g5).
  6. 6. A method according to claims 4 and 5, characterized in that the number selected randomly for the third and fourth keys (k3, k4) and the number randomly selected for the fifth and sixth keys (k5, k6) is the same number.
  7. 7. A method of preparing a computer program, particularly the computer program intended for free distribution, for use only on a computer with a corresponding authorization, the method comprising coding according to a first algorithm at least give a part of the computer program which by means of the authorization in the computer is decoded according to a second algorithm, characterized in that a key used for coding according to the first algorithm (g 1) is a first key (k1) which is different from a second key (k2) in the execution of the decoding according to the second algorithm (g2) of the part of the computation program that is coded according to the first algorithm and the first key.
  8. 8. A method according to claim 7, characterized in that the coding of the part of the counting program according to the first algorithm (g1) is executed on the same source code for the respective counting program before compiling and linking to a program executable, or in similar process steps that produce an executable program, and at the same time add an object code to the data library of the executable program with respect to communication with an external unit adapted to be connected to the computer.
  9. 9. A method according to claim 7 or 8, characterized in that the compilation and / or linking of the source code to an executable program or in similar processing steps that produce an executable program, the call sequences or similar instructions are inserted, which in the execution in a computer of the executable program cause a jump to an entry point corresponding to such added object code, the object code being used to establish a communication channel between the coputer and an external unit in which the decoding takes place from according to the second algorithm (g2).
  10. 10. The method according to claim 9, characterized in that it comprises a step wherein a third key (k3) is inserted in the part of the counting program that is coded according to the first algorithm (g1), the third key (k3) ) being inserted to be used in a third algorithm (g ^) to combine the part of the computer program before it is transferred to the external unit. eleven .
  11. A method to make possible the authorized use in a computer, of the computer program, particularly the program of computerized distribution, prepared in accordance with the renouncement 9, the method includes connecting an external unit to the computer, the external unit comprises at least a computer readable storage medium and a processor of its property, and a second algorithm and a key to be used in the description of the encoded part of the computer program that is stored in the external unit, characterized in that when the computer in the execution of the part of the computer program that is coded according to the first algorithm (g1) encounters a call sequence or a similar instruction, it causes a jump to an entry point corresponding to the added object code , this object code is used by the computer to establish a communication channel to the external unit through s of which the channel of the coded part of the counting program is transferred in a first transfer session to the external unit to be decoded by the processor of the unit according to a second algorithm (g2) and a second key ( k2) both of which are stored in the external unit, this second key (g2) being different from the first key used in the execution of the coding of that part of the computer program according to the first algorithm (g1) and the decoded computing program that is processed in the external unit and the result transferred in a second transfer session in the opposite direction through the communication channel for additional use in the computer.
  12. 12. The method according to claim 1, which makes possible the authorized use of the computer program prepared according to claim 10, characterized in that: - before the first transfer session to the connected external unit, the part of the program of computation that is coded according to the first algorithm (g1) is caused to be combined according to the third algorithm (g3) and the third key (k3), the third key (k3) being based on a randomly selected number for the session respective transfer and preferably provided by the external unit, and - such part of the computer program that is coded according to the first algorithm (g1) and which is combined according to the third algorithm (g3) and transferred to the unit external of the first transfer session is caused to separate in the external unit according to a fourth algorithm (g4) and a fourth key (k4) such fourth clav e being based on a randomly selected number for the third key (g3) and the fourth algorithm (g4) being the inverse algorithm of the third algorithm (g3).
  13. 13- The method according to the claim 12, characterized in that the method further comprises: a step wherein the result produced in the external unit on the basis of the part of the computation program that is decoded according to the second algorithm (g2) before the second transfer session is caused to be combined according to a fifth algorithm (g5) and a fifth key (k5), the fifth key (k5) being passed over a randomly selected number for the respective transfer session and preferably provided by the external unit, and - a stage where the result produced in the external unit on the basis of that part of the computation program that is decoded according to the second algorithm (g2) and that is combined according to the fifth algorithm (g5) and transferred in the second session of transfer to the computer, is caused to separate on the computer according to a sixth algorithm (g6) and a sixth key (k6), the sixth key (k6) being based on the number randomly selected for the fifth key (k5) and the sixth algorithm (g6) being the inverse algorithm of the fifth algorithm (g5).
  14. 14. The method according to any preceding claim, characterized in that the fifth and second algorithm (g1, g2) and the first and second keys (k1, k2) are determined according to an asymmetric key coding arrangement (public key coding system) / private key) such as the RSA coding system the first key (k1) being preferably the known key (public key) and the second key (k2) being the secret key (private key) of the coding arrangement.
  15. 15. The method according to any preceding claim, characterized in that the part of the computer program that is coded according to the first algorithm (g1) is selected to be completely for the use of the respective computer program for a computer and preferably comprises one or more instructions in a command or execution file, such as in a COM or EXE file.
  16. 16. A device for the preparation of the computer program, particularly the computer program intended for free distribution, to be used in a computer only without a corresponding authorization, the device comprising: -coding means that perform the coding of at least a part of the computer program according to a first algorithm and a first key, and - an external unit adapted to be connected to the computer, the external unit comprising at least one processor of its own and a storage medium readable by computer to store a second algorithm and a key and being placed to execute the decoding of the coded part of the computer program according to the second algorithm and key, characterized in that the device further comprises generating means for providing the second algorithm (g2), and a second key (k2) intended to be used in the decoding according to the second algorithm (g2), the second key being different from the first one key (k1) used by the encoding means in the execution of the coding of the part of the computation program according to the first algorithm (g1).
  17. The device according to claim 16, characterized in that the coding means are adapted to execute the coding of the part of the computer program of conformity with the first algorithm (g1) on the source code of the program itself. respective computation before it is compiled and linked, or in any other form, is transformed into an executable program and the coding means at the same time effects the addition of the data library of the executable program, of an object code with respect to the communication with the external unit.
  18. 18. A device according to claim 1 or 6, characterized in that the encoding measures are adapted to be inserted during the compilation and / or source code link to an executable program, or during a similar processing that produces an executable program. , side sequences, or similar instructions that in the execution of the executable program in the computer provide a jump to an entry point corresponding to the added object code that the computer then uses to establish a communication channel to the connected external unit.
  19. 19. The device according to claim 18, characterized in that the coding means are adapted to enter the part of the computer program that is coded according to the first algorithm (g1), a third key (k3) destined to be used in a third algorithm (g3) to combine the part of the computer program before its transfer to the external unit.
  20. 20. A device for making possible the unauthorized use of the computer program, particularly the freely distributed computer program, prepared by means of a device according to claim 16, the device comprising a computer adapted to serve as a guest computer for an external unit comprising at least one processor of its property and a computer readable storage medium, and which is intended to be connected to the main computer for communication therewith, characterized in that the external unit comprises adapted decoding means to execute the decoding according to the second algorithm (g2) and the second key (k2) produced by the generating means, the second key being different from the first key (k1) used by the encoding means in the execution of the coding of the part of the computer program according to the first algorithm (g1). twenty-one .
  21. A device according to claim 20, characterized in that the decoding means is adapted to execute the decoding according to the second algorithm (g2) when the computer starts the execution of the part of the computer program that is coded according to the first the algorithm (g1) finds a sequence of call or if milar, which provides a jump to an entry point corresponding to the obj eto code added, so the main computer uses this object code to establish a communication channel to the external unit through which the main computer performs the coded part of the computer program that is transferred in a first transfer session to the external unit and subjected to the decoding, and the processor of the external unit is adapted to process the decoded part of the computer program and have the result transferred to the address opposite ion in a second transfer session through the communication channel for the additional use of the computer result
  22. 22. The device according to claim 21, and which is adapted to be possible the authorized use of the computer program prepared by means of a device according to claim 19, characterized in that the external unit comprises decoding means for separating according to a fourth algorithm (g4) and a fourth key (k4) the part of the computer program that is encoded in accordance with the first algorithm (g1) and which, before the first transfer session is combined by the main computer according to the third algorithm (g3) and transferred to the external unit in the first transfer session, the third key (k3) used by the main computer in this combination it is based on a randomly selected number for the transfer session and preferably provided by a number generator in the external unit, and the fourth key (k4) used by the decoding means in the external unit which are based on the same selected number randomly that that of the third key (k3), the fourth algorithm (g4) being the inverse algorithm of the third algorithm (g3).
  23. 23. The device according to claim 21 or 22, characterized in that the external unit comprises combining means to combine, before the second transfer session, according to a fifth algorithm (g5) and a fifth key (k5) the result produced in the external unit on the basis of that part of the computation program that the unit has decoded according to the second algorithm (g2), the fifth key (k5) used by the combination means in this combination that is based on a number that is randomly selected for the respective transfer session and preferably produced by a numeric generator in the external unit, the main computer being able to separate according to a sixth algorithm (g6) and a sixth key (k6), the result produced in the external unit for additional use in the main computer, the result before the second transfer session that is combined in accordance with the fifth algorithm (g5) by means of the combination means in the external unit and transferred to the computer in the second transfer action, the sixth key (k6) being based on the same randomly selected number as that of the fifth key ( k5), and the sixth algorithm (g6) which is the inverse algorithm of the fifth algorithm (g5).
  24. 24. The device according to any of claims 16 to 23, characterized in that the external unit comprises adapter means and a separate article, preferably made tamper-proof, in or in which the electronic circuits are placed, comprising the unit processor external and computer-readable memory and that are positioned so that a communication channel can be established between the circuits of the separate article and the primary computer when the article is inserted into a slot in the adapting media or in the any other form is connected to the adapting means, the second algorithm (g2) and the second key (k2) being preferably stored in such a manner in such memory that they can not be read by other means than the processor of the separate article and are never available outside the separate article.
  25. The device according to claim 24, characterized in that the separate item takes the form of a small substrate plate, such as a chat card having the size of a usual credit card, or Smart Card, the adapting means comprising a card reader station for said substrate plate that can optionally be incorporated with the main computer or a peripheral unit connected thereto.
  26. 26. A device according to claim 24, characterized in that the separate article takes the form of an electronic circuit board adapted to be placed in a position or provisional card slot to the main computer for extension cards, the circuit card, in the case of a portable main computer, being configured in accordance with one of the standard designs used for such plug-in cards, such as the PCMCIA standard.
  27. 27. The device according to claim 24, characterized in that the separate article takes the form of an electronic blind pin or the like, the adapter means comprising an input-output terminal of the main computer.
MXPA/A/1998/000385A 1995-07-13 1998-01-13 Protection of computer programs against unauthorized use MXPA98000385A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
NO952795A NO302388B1 (en) 1995-07-13 1995-07-13 Procedure and apparatus for protecting software against unauthorized use
NO952795 1995-07-13

Publications (2)

Publication Number Publication Date
MX9800385A MX9800385A (en) 1998-09-30
MXPA98000385A true MXPA98000385A (en) 1998-11-16

Family

ID=

Similar Documents

Publication Publication Date Title
EP0855052B1 (en) Protection of software against use without permit
US8683610B2 (en) Method and apparatus for managing digital rights of secure removable media
US7516331B2 (en) Tamper-resistant trusted java virtual machine and method of using the same
EP0875814B1 (en) Information processing apparatus and method and recording medium for executing programs having been encrypted using public keys
CN100342296C (en) Method for realizing computer software intruder preventing edition based on confidence computation module chip
WO2004006075A1 (en) Open type general-purpose attack-resistant cpu, and application system thereof
US20060085645A1 (en) Software application integrity verification method and device
GB2149944A (en) Software distribution
Mana et al. An efficient software protection scheme
CN107391971A (en) A kind of guard method of software license mandate
KR20060127007A (en) Software execution protection using an active entity
WO2004111751A2 (en) Method and system for performing a transaction and for performing a verification of legitimate use of digital data
US7552342B1 (en) Method and system for increasing the tamper resistance of a software application
MXPA98000385A (en) Protection of computer programs against unauthorized use
CN111611551B (en) Dynamic link library protection method and system based on cryptographic algorithm
US7174464B1 (en) Method of making a user piece of software secure by means of a processing and secret memorizing unit, and a system constituting an application thereof
CN1338691A (en) Anti-piracy technique for network software
KR20030010240A (en) method of preventing an illegal software copy using an IC chip installed card and software protection IC chip installed card therefor
AU2168599A (en) Simultaneous protection for several types of software of several software designers
AU777158B2 (en) Centralised cryptographic system and method with high cryptographic rate
Misra Strategies to combat software piracy
WO2001069353A1 (en) A method and a system for preventing unauthorised use of computer programs in electronic commerce