This invention relates to a system for providing computer program instructions in an encrypted manner, wherein execution of the encrypted program is performed by digital logic hardware. More specifically, the invention relates to using processor result configurations to frustrate analysis of program operation.
In distributing computer software, there is often a need to restrict the use or utility of the software, for example by preventing people with unauthorized copies from executing the program. Typically, restricting use of software is accomplished by software end user license agreements, wherein the user agrees to only use the software on one or more agreed upon computers. Often, the software itself can be freely copied, so that piracy restrictions are implemented either by the end user agreement or by simple techniques such as a requirement to use a product serial number to enable the software. While this may discourage software piracy, it does not prevent a determined software pirate from reproducing the program, along with one or more enabling serial numbers or keys.
It is often possible for an adversary to reverse engineer the software, particularly with respect to the copy protection scheme, by observing such things as register states and intermediate results of program execution.
It is possible to specifically identify individual CPUs. In that way, each CPU can be separately identified by a serial number encoded into the CPU. Thus, in addition to laser marking of the CPU package with a serial number, it is possible to provide a serial number which can be read by the end user with appropriate instructions.
It is possible to specifically identify individual CPUs. In that way, each CPU can be separately identified by a serial number encoded into the CPU. Identification can be accomplished by laser marking of the CPU package with a serial number. Further, it is possible to provide a serial number which can be read out by the end user during execution with appropriate instructions.
It is possible to provide more elaborate protective systems for encoding the software, by use of proprietary hardware components for example, or even by requiring the end user to comply with registration requirements in order to enable software operation. In that respect, the encryption scheme for the program ensures that the program is executable in unencrypted form, at least with respect to the instruction sets provided to the CPU. In other words, the instructions provided to the CPU are in a form that is understandable by the CPU prior to CPU execution. Thus, it is easy for an unauthorized user to determine what is necessary to operate the programs successfully.
It is often desired to provide software and updates of software to end users in such a manner that the software is transferred through public channels, such as the Internet. To provide such software in restricted form, it is desired to provide security to the distributor of the software so that the software is not subject to unauthorized use. In particular, if software is shipped via public or private channels, it is desired that the end user of the software can only use the software on the end user""s specified computer, and that the software not be willingly or unwillingly shared by the end user. By computer, it is intended that this includes personal computers, smart cards, work stations, dedicated CPUs embedded in hardware appliances, and any other device in which integrated circuit (IC) microprocessors may be used.
In some programs, the cost of the programs to the end user is such that it becomes economical for third parties to determine what is necessary to circumvent restrictions on use by unauthorized persons. Therefore, it is desired to make the unauthorized duplication or use of a program uneconomical. In order to do that, it is desired to provide an encryption scheme which prevents unauthorized persons from xe2x80x9cattackingxe2x80x9d the encryption of the software through analysis of the input and output of user commands and instruction sets from the software. It is further desired to provide a software encryption technique in which there are no external indicia of a decryption technique which can be used to analyze the encryption of the software. It is further desired that software be encrypted in such a manner that it is unnecessary to decrypt the software in order to accomplish execution of the software.
According to the present invention, a particularly configurable microprocessor is used to process selected computer programs to produce obfuscated results. The microprocessor has an instruction decoder which is programmable to accept instruction op codes in excess of a minimal set of instruction op codes required for execution of the program. Plural buffers are used to store plural answers provided by the instruction decoder during processing, and the excess op codes result in production of plausible wrong answers. Instruction output selection logic is used to select a predetermined buffer, and this permits further microprocessor operation with a selected one of the plural answers.
More particularly according to the present invention, the microprocessor architecture includes instruction output selection logic circuitry configured to select a valid buffer for the results of processing, thereby permitting further microprocessor operation with a selected particular one of the plurality of answers. According to one embodiment of the present invention, the microprocessor has an instruction decoder which is programmable to accept instruction op codes in excess of a minimal set of instruction op codes required for program execution. The excess op codes produce multiple answers including plausible wrong answers, ensuring that undesired external program analysis is made difficult.
According to the invention, a CPU executes program instructions which result in valid and invalid intermediate results. By selecting the desired intermediate results, a program is able to be successfully executed; however, analysis of the intermediate results must avoid plausible wrong results. A programmable feature allows the instruction decoder to provide plural answers, including plausible wrong answers. Instruction output selection logic selects a predetermined buffer, and this permits further microprocessor operation with the correct intermediate result.
According to one aspect of the invention, program instructions for a processor result in both valid and invalid intermediate results produced in the course of execution. By selecting particular desired intermediate results, the program selected for operation is able to be successfully executed, while undesired external analysis of intermediate results will be frustrated by the invalid intermediate results.
According to a further aspect of the invention, an instruction decoder is programmable so that it accepts instruction op codes in excess of a set of instruction op codes required for execution of a program. The decoder then provides plural answers, including intermediate results, and the excess op codes provide plausible wrong answers. Plural answers are provided from the instruction decoder, and these include plausible wrong answers. One buffer is selected, containing the correct answer. A logic circuit is used to select one buffer containing the correct intermediate result, and that buffer is used for microprocessor operation with a selected answer. This permits further microprocessor operation with the correct results.
The processor includes a instruction decoder which is programmable so that it accepts instruction op codes in excess of a set of instruction op codes required for execution of a program. This allows the instruction decoder to provide plural answers, including plausible wrong answers. Instruction output selection logic is capable of selecting a predetermined buffer, and this permits further microprocessor operation with the correct intermediate result.
Optionally, data may be used in various numeric representations which do not constitute encryption. These data representations may be of varieties which can be immediately evaluated by logic circuits. The data resulting from program execution are output from the IC in blocks which are larger than usual block sizes so that adversaries would have more difficulty in benefitting from knowledge of the data results. Data coding is of secondary importance in this invention, while instruction coding is of primary importance. The varying data numeric representations are not expected to provide much security from highly skilled experts, but they are expected to prevent unskilled adversaries from understanding the data. This technique raises a barrier against some adversaries, without using data encryption. The compiler will be notified, by means of the key distribution information, of the variable data numeric representations so that it will compile instructions and data which conform to the data representations which the IC is prepared to handle.
The way instructions are executed ensure that, an adversary attempting to pirate the software will have difficulty understanding the results of instruction execution. It is a goal of the present invention to anticipate pirate attacks, and to provide measures which will thwart their tactics. The microprocessor chip according to the present invention will use instructions, data, addresses, and RAM memory as well as instructions with bits in each instruction configured cause confusion for attackers, but which are disregarded by the instruction decoder of the present invention during execution.