WO1988009971A1 - Systeme de securite ayant des verrous de programmes logiciels selectifs utilisant des touches amovibles pla pour permettre des mises a jour de verrouillage de securite des equipements (hardware) - Google Patents
Systeme de securite ayant des verrous de programmes logiciels selectifs utilisant des touches amovibles pla pour permettre des mises a jour de verrouillage de securite des equipements (hardware) Download PDFInfo
- Publication number
- WO1988009971A1 WO1988009971A1 PCT/US1988/001902 US8801902W WO8809971A1 WO 1988009971 A1 WO1988009971 A1 WO 1988009971A1 US 8801902 W US8801902 W US 8801902W WO 8809971 A1 WO8809971 A1 WO 8809971A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- connector
- coupling
- security device
- providing
- microprocessor
- Prior art date
Links
- 230000004044 response Effects 0.000 claims abstract description 20
- 230000002093 peripheral effect Effects 0.000 claims abstract description 8
- 230000008878 coupling Effects 0.000 claims description 16
- 238000010168 coupling process Methods 0.000 claims description 16
- 238000005859 coupling reaction Methods 0.000 claims description 16
- 238000013475 authorization Methods 0.000 claims description 8
- 230000037361 pathway Effects 0.000 abstract description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000002457 bidirectional effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 230000009118 appropriate response Effects 0.000 description 1
- 239000003990 capacitor Substances 0.000 description 1
- 239000013078 crystal Substances 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
Definitions
- the present invention relates to an external hardware security device for data processing systems.
- Software companies often provide elaborate copy protection codes in a software program to prevent unauthorized copying and use of the program. Such codes usually allow only one backup copy of the program to be made and then prevent any further copying of the program. Such codes /take advantage of various vagaries of the computer operating system. Unfortunately, such codes are readily removed by copy programs such as "Locksmith". The same operating system vagaries that enable the protection codes to work may also be readily exploited by one knowledgeable with the computer's operating system to circumvent such protection codes. Once the knowledge of such protection code circum ⁇ vention is available, it is readily disseminated without hesitation to others for the purpose of making additional unauthorized copies of the subject software program.
- Security devices presently sold by Personal CAD Systems, Inc. and others connect to a serial port of a computer between the computer and a peripheral device.
- the security device has a microprocessor which receives an authorization request from the software program running on the computer.
- An algorithm run by the processor in response to ' the authorization request produces an encrypted message which is sent back to the software program to provide authorization.
- the en- crypted message is generated with the use of a PROM
- PC printed circuit
- PLA programmable logic array
- the present invention is a hardware security device enabling the operation of a software program on a computer.
- the security device is coupled to a port of the computer between the computer and a peripheral device.
- a pathway from the computer to the peripheral device through the security device is enabled by a processor in the security device.
- the processer is coupled to first and second circuits which provide predetermined responses to the processor in response to certain signals from the processor.
- one of the circuits is a PROM and the other circuit is a PLA key.
- the PLA key couples to a bus connected to the microprocessor which is capable of receiving a number of keys. Each key corresponds to a different software program.
- a new program or a program update can be enabled by providing a new key, rather than providing an entire new security device.
- the PLA key improves both the flexibility and the security of a security device of the present invention as compared to the existing security device sold by Personal CAD Systems as described above.
- the algorithm used by the processor is thus provided with a second degree of complexity.
- the algorithm also requires a coded response specific to a particular software program which is provided by a PLA key and can be easily replaced or updated any time.
- each key is provided with two I/O (input/output) lines through which all data communica ⁇ tions to and from the key are passed.
- I/O input/output
- a standard PROM would have addresses provided on address lines and data read from separate data lines, enabling a person trying to break the security code to determine what data is being provided to the PROM and what data is being provided to response.
- a potential security code breaker is prevented from determining whether the data he is monitoring is going to or from the key.
- FIG. 1 is a schematic diagram of an exemplary security device according to the present invention.
- Fig. 2 is a block diagram of a key and the key interface of Fig. 1.
- the present invention is a hardware device that puts a copy/run lock and key on any software package.
- An exemplary embodiment of the present invention is shown in schematic form in Fig. 1.
- a connector 10 couples the security device to a host computer serial communications port.
- the discussion herein is directed to a serial communications line or port, although the present invention is readily adaptable for operation in any computer addressable communications port including parallel and other such ports.
- a second connector 12 is provided for coupling the serial communications port directly through to a remote device. Accordingly, the present invention may be operated in a manner transparent to the device remotely connected to the communications port, such as disc drivers, printers, etc. In this way, the device does not limit the communications capability of the computer by tying up a communications port.
- Data from the host computer is coupled through connector 10 into an inverter 14 to a microprocessor 16
- Data received by microprocessor 16 may be of a type intended for a remote device, in which case the data is coupled through inverter 18 to a NAND gate 20 which is enabled by microprocessor 16.
- An inverter 22 converts the signal back to its original form and supplies the signal to pin 2 of connector 12, and thereafter to the remote device.
- Data received at microprocessor 16 is clocked in at a microprocessor clock rate which is a function of crystal 24.
- Microprocessor 16 examines a portion of the data to determine if it is a security device read or if the data is intended for the remote device.
- an 11-MHz clock is provided to an 80C39 microprocessor.
- An external PROM 26 is coupled to a microprocessor data bus by means of a latch circuit 28.
- PROM 26 may be readily replaced with different encryption standards as desired.
- a data word is presented to latch 28. The data word is thereafter latched to the address bus of PROM 26.
- the microprocessor turns the data bus (DBO-DB7) around to receive instructions from PROM 26.
- PROM 26 provides an instruction in the form of data output to the micropro- cessor data bus.
- One or more PLA keys are plugged into connectors 46.
- Connectors 46 are connected to microprocessor 16 via a bus 48 as shown in more detail with reference to Fig. 2 below.
- a micro ⁇ processor data output is provided to NAND gate 30 and thereafter through inverter 32 to the host computer.
- any remote device coupled to the host computer is isolated from the serial communica ⁇ tions bus by a disabling signal from microprocessor 16. Data from a remote device is thereafter coupled through inverter 36, NAND gate 34, NAND gate 30 and inverter 32 to the host computer.
- a local power supply is created by regulating and filtering a 9-volt source supplied through a connector 38. Such filtering is provided by a capacitor 40. Thereafter, voltage regulation is provided by regulator circuits 42 and 44 to produce the required outputs to operate the security device. Because a minimum number of components are required to produce the security device, it can be provided in a very small container that is readily connected to and removed from a computer. Accordingly, the security device may be taken home by the- computer user at the end of the work day, thereby preventing unauthorized operation of the computer.
- Fig. 2 shows the keys and key interface in more detail.
- the plurality of keys 50 can be coupled to bus 48 through connectors 46 shown in Fig. 1.
- Bus 48 consists of eight signal lines.
- the clock input 52 for the keys is simply an address port bit of the microprocessor which is toggled under software control. Only two bus lines 54 are used for input and output. These lines are bidirectional so that it will be difficult for an observer to discern which direction signals are flowing during communications between the microprocessor 16 and the keys 50.
- the other five lines 56 are simply data lines which address the keys and provide information to them.
- One of the keys 58 is shown in more detail in Fig. 2.
- Each key is a single CMOS PLA device having a security fuse which will prevent information from being read from the device.
- the devices are programmed so that they comprise a sequential machine. Their opera- tion is hidden from the user since most of the signals involved in the sequence are not brought out to the bus connection, but are instead fed back to the internal logic structure.
- device 58 has an array 60 of logic which feeds to output flip-flops 62. The output of these flip-flops are fed back via feedback lines 64 to array 60 for most of the outputs. Only two output lines connected to bidirectional lines 54 are used.
- microprocessor 16 scans data bus 48 to determine which keys 50 are present. Upon an authorization request from microprocessor 16, an algorithm is run which requires an appropriate response from PROM 26 and from one of keys 50. The result of the algorithm is then transmitted back to the computer. If the result is the proper one for the program being run, microprocessor 16 will be instructed to enable the data path between connectors 10 and 12 by appropriate signals to NAND gates 20 and 34 and NAND gate 30.
- the algorithm can either be very simple or fairly complex. The one requirement on the algorithm used is that it access a predetermined response from PROM 26 which is common to all programs which can be authorized and that it access a predetermined response from one of keys 50 for the particular program being used.
- the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
- a structure in which the keys plug into a single connec- tor with subsequent keys plugging into the first key could be used.
- the memory of PROM 26 could be fully contained within the microprocessor. Accordingly, the disclosure of the preferred embodiments of the invention is intended to be illustrative, but not limiting, of the scope of the invention which is set forth in the following claims.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Remote Sensing (AREA)
- Radar, Positioning & Navigation (AREA)
- Storage Device Security (AREA)
Abstract
Un dispositif de sécurité de matériel (hardware) permettant le fonctionnement d'un programme logiciel sur un ordinateur est décrit. Le dispositif de sécurité est couplé à un point d'accès (10) de l'ordinateur (10) entre ce dernier et un dispositif périphérique (12). Un chemin de passage depuis l'ordinateur (10) jusqu'au périphérique (12) en passant par le dispositif de sécurité est validé par un processeur (16) dans le dispositif de sécurité. Le processeur (16) est couplé à un premier circuit (46) et à un second circuit (28, 26) qui fournissent des réponses prédéterminées au processeur (16) en réponse à certains signaux provenant du processeur (16). Dans le mode préférentiel de réalisation, l'un des circuits est une PROM (28, 26) et l'autre circuit est une touche (50) d'un PLA (46) (réseau logique programmable). La touche (50) du PLA (46) est couplée à un bus (48) qui est connecté au microprocesseur (16) lequel est capable de recevoir un certain nombre de touches (50). Chaque touche (50) correspond à un programme logiciel différent. En utilisant des touches amovibles et remplaçables (50), un nouveau programme ou une mise à jour de programme peut être validée en utilisant une nouvelle touche (50) plutôt qu'en mettant en place tout un nouveau système de sécurité.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1019890700218A KR890702127A (ko) | 1987-06-03 | 1988-06-01 | 하드웨어 안전 록 갱신을 위해 제거가능한 pla 키를, 활용하는 선택 소프트웨어 프로그램 록을 갖는 안전 시스템 |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US5754187A | 1987-06-03 | 1987-06-03 | |
US057,541 | 1987-06-03 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO1988009971A1 true WO1988009971A1 (fr) | 1988-12-15 |
Family
ID=22011215
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/US1988/001902 WO1988009971A1 (fr) | 1987-06-03 | 1988-06-01 | Systeme de securite ayant des verrous de programmes logiciels selectifs utilisant des touches amovibles pla pour permettre des mises a jour de verrouillage de securite des equipements (hardware) |
Country Status (3)
Country | Link |
---|---|
KR (1) | KR890702127A (fr) |
AU (1) | AU1967488A (fr) |
WO (1) | WO1988009971A1 (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0457655A1 (fr) * | 1990-05-16 | 1991-11-21 | Aeg Schneider Automation | Procédé de configuration d'un poste de travail informatique et système pour sa mise en oeuvre |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4493028A (en) * | 1982-02-02 | 1985-01-08 | International Business Machines Corporation | Dual mode I/O |
US4525599A (en) * | 1982-05-21 | 1985-06-25 | General Computer Corporation | Software protection methods and apparatus |
US4562305A (en) * | 1982-12-22 | 1985-12-31 | International Business Machines Corporation | Software cryptographic apparatus and method |
US4646234A (en) * | 1984-02-29 | 1987-02-24 | Brigham Young University | Anti-piracy system using separate storage and alternate execution of selected proprietary and public portions of computer programs |
US4652990A (en) * | 1983-10-27 | 1987-03-24 | Remote Systems, Inc. | Protected software access control apparatus and method |
US4685056A (en) * | 1985-06-11 | 1987-08-04 | Pueblo Technologies, Inc. | Computer security device |
US4683968A (en) * | 1985-09-03 | 1987-08-04 | Burroughs Corporation | System for preventing software piracy employing multi-encrypted keys and single decryption circuit modules |
-
1988
- 1988-06-01 WO PCT/US1988/001902 patent/WO1988009971A1/fr unknown
- 1988-06-01 AU AU19674/88A patent/AU1967488A/en not_active Abandoned
- 1988-06-01 KR KR1019890700218A patent/KR890702127A/ko not_active Application Discontinuation
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4493028A (en) * | 1982-02-02 | 1985-01-08 | International Business Machines Corporation | Dual mode I/O |
US4525599A (en) * | 1982-05-21 | 1985-06-25 | General Computer Corporation | Software protection methods and apparatus |
US4562305A (en) * | 1982-12-22 | 1985-12-31 | International Business Machines Corporation | Software cryptographic apparatus and method |
US4652990A (en) * | 1983-10-27 | 1987-03-24 | Remote Systems, Inc. | Protected software access control apparatus and method |
US4646234A (en) * | 1984-02-29 | 1987-02-24 | Brigham Young University | Anti-piracy system using separate storage and alternate execution of selected proprietary and public portions of computer programs |
US4685056A (en) * | 1985-06-11 | 1987-08-04 | Pueblo Technologies, Inc. | Computer security device |
US4683968A (en) * | 1985-09-03 | 1987-08-04 | Burroughs Corporation | System for preventing software piracy employing multi-encrypted keys and single decryption circuit modules |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0457655A1 (fr) * | 1990-05-16 | 1991-11-21 | Aeg Schneider Automation | Procédé de configuration d'un poste de travail informatique et système pour sa mise en oeuvre |
FR2662279A1 (fr) * | 1990-05-16 | 1991-11-22 | Telemecanique | Procede de configuration d'un poste de travail informatique et systeme pour sa mise en óoeuvre. |
Also Published As
Publication number | Publication date |
---|---|
AU1967488A (en) | 1989-01-04 |
KR890702127A (ko) | 1989-12-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US5313637A (en) | Method and apparatus for validating authorization to access information in an information processing system | |
US5841868A (en) | Trusted computer system | |
US6643783B2 (en) | Multi-level secure computer with token-based access control | |
US4484306A (en) | Method and apparatus for controlling access in a data transmission system | |
US4932054A (en) | Method and apparatus for protecting computer software utilizing coded filter network in conjunction with an active coded hardware device | |
US5894551A (en) | Single computer system having multiple security levels | |
US4523271A (en) | Software protection method and apparatus | |
US5365587A (en) | Self modifying access code for altering capabilities | |
US5406624A (en) | Data processor systems | |
EP0449256B1 (fr) | MicrocontrÔleur ayant des moyens de sécurité | |
EP0093769B1 (fr) | Systeme de securite pour memoire | |
US3764742A (en) | Cryptographic identification system | |
US4562306A (en) | Method and apparatus for protecting computer software utilizing an active coded hardware device | |
US4779079A (en) | Multi-purpose computer utility arrangement | |
KR20030029970A (ko) | 프로세서에서 데이터 보안성을 갖는 메모리 장치 | |
WO1990015211A1 (fr) | Systeme de securite | |
US5506991A (en) | Printer port adapter with overlaid one-wire interface for electronic key | |
JPS61175729A (ja) | ソフトウエア保護装置 | |
US9400896B2 (en) | Portable computer and security operating method thereof | |
JPS63187353A (ja) | バスを介して信号を伝送することを阻止するためのデータ保護回路 | |
JPH04219823A (ja) | Romデータの保護方法及び装置 | |
WO1988009971A1 (fr) | Systeme de securite ayant des verrous de programmes logiciels selectifs utilisant des touches amovibles pla pour permettre des mises a jour de verrouillage de securite des equipements (hardware) | |
JPH0962583A (ja) | データ処理装置 | |
US20080049739A1 (en) | Device and method for restricting and managing data transmission | |
EP0175359A2 (fr) | Appareil pour assurer la sécurité des systèmes d'ordinateur |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AU BR DK FI JP KR NO |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): AT BE CH DE FR GB IT LU NL SE |