1. Field of the Invention
The invention is related generally to data encryption and more specifically to a method and apparatus for protecting software stored in memory from unauthorized use and/or copying.
2. Description of the Relevant Art
As a result of advances in the art of digital data production and storage, it is now possible to store vast amounts of information (i.e., computer software) in a memory device such as an electrically programmable read only memory chip (EPROM), a magnetic disk or an optical disk. Typically, the information is proprietary and is subject, at least legally, to usage restrictions so that only those who are authorized by agreement to copy, use or enjoy the stored data (software), are supposed to derive benefit from it. But because there have been many advances made in the art of digital information duplication, it is now possible for even relatively unskilled persons to duplicate proprietary data stored in memory devices with ease, and as such, the problem of unauthorized copying and use of proprietary software (piracy) is rampant throughout the industry.
For the case of EPROM's or other read-only types of memory, an EPROM duplicator is used. The duplicator sequentially addresses each location in the address space of the original chip and copies the output data into a similar location of a second chip. For the cases of disks, duplication is performed track by track and sector by sector in much the same way. The magnetic pattern of an original disk is blindly copied onto a second disk.
Numerous methods have been proposed for protecting data in memory devices from unauthorized copying and/or use, but as a general rule, the previous methods tend to be overly complex and usually slow down the performance of the computer system in which they are implemented. While some methods resist the copying of ROM chips by an EPROM duplicator, few are resistant to copying through the use of an in-circuit-emulator (ICE) which allows sophisticated pirates to peek into protected memory regions through the "eyes" of the CPU. An ICE probe is inserted into a proprietary circuit in place of the circuit CPU and the entirety of software information stored within protected memory is then exposed for scrutiny and/or rapid duplication.
A description of previous works in the general fields of data encryption and protection follows. Not all of these works are directed to the problem of protecting stored data from unauthorized use. Their approaches may nonetheless help in understanding the present invention and thus they are incorporated here by reference.
U.S. Reissue Pat. No. 30,957, "Variant Key Matrix Cipher System" issued June 1, 1982, to Feistel (based on parent U.S. Pat. No. 4,195,196) describes a serial data transmission scheme in which an enciphering key is switched for every bit of a serially transmitted message. Key switching occurs at the receiver end in the same manner for every bit of the received message. Data is not segmented into blocks of predetermined sizes. The use of a key-switching method for protecting data stored in memory is neither disclosed nor suggested.
U.S. Pat. No. 4,817,140, "Software Protection System Using A Single-Key Cryptosystem, A Hardware-Based Authorization System and A Secure Co-processor" issued Mar. 28, 1989 to Chandra et al. describes a software protection system wherein a block of software is partitioned into an encrypted portion and a plain text portion. Token data is stored within a read-once separate cartridge and sent to a co-processor device for enabling de-encryption of the encrypted portions of the software block. A user needs to have possession of the cartridge in order to prove his right to decipher and use the encrypted software portion. There is only one encryption key (token). When it is comprised the security of the entire software package is comprised.
U.S. Pat. No. 4,764,959, "Single-Chip Microcomputer with Encryptable Function on Program Memory" issued Aug. 16, 1988 to Watanabe describes a single-chip microcomputer having a memory section integrated within its package such that the software contents of the memory section cannot be scanned directly. When proprietary data stored in the memory is to be transmitted to a point outside the chip, the microcomputer first encrypts the data before transmitting it externally so that only those with an authorized key can decrypt the transmitted block of data. Only one encryption key is used, and thus, the entirety of the internal software is compromised once the key is compromised. Inclusion of a computer on the same chip which holds data tends to limit the information storing capacity of the chip.
U.S. Pat. No. 4,759,026, "Arrangement for a Method for Protecting Private Security Codes from Unauthorized Disclosure" issued July 19, 1988 to Traub discloses a system wherein a random number generator is used for generating an unpredictable encryption code. A decryption key is temporarily displayed by a data encrypting machine and only those in possession of this key are able to use data encrypted by the encrypting machine.
U.S. Pat. No. 4,757,534 "Code Protection Using Cryptography" issued July 12, 1988 to Matyas discloses a method for protecting software that is distributed by disk to members of the public. A unique encryption algorithm and key is used for each copy of the program. To run the program on a computer, a user must be in possession of a designated smart card in which there is stored the appropriate decryption key.
U.S. Pat. No. 4,634,807 "Software Protection Device" issued Jan. 6, 1987 to Chorley et al. disclose a software protection device ("SPD") which is used for securely holding a secret key needed to unlock an encrypted software module.
U.S. Pat. No. 4,573,119, "Computer Software Protection System" issued Feb. 25, 1986 to Westheimer discloses a software protection system including an address transform means and a data transform means. Upper and lower boundary addresses are used to designate portions of a RAM file that are to be protected. A read only memory device (ROM) is used in the address transformation circuit for converting an input address into an output address. This inclusion of the ROM device in the address path of the system increases the data access time of the CPU.
U.S. Pat. No. 4,558,176 "Computer Systems To Inhibit Unauthorized Copying, Unauthorized Usage, and Automated Cracking of Protected Software" issued Dec. 10, 1985 to Arnold discloses a memory protection system wherein means are provided for detecting memory access by automated encipher cracking programs and for altering the encrypted data once such an enciphering attempt is detected.
U.S Pat. No. 4,525,599 "Software Protection Methods And Apparatus" issued June 25, 1985 to Curran et al. discloses a system wherein means are included for detecting an invalid program event such as may occur when a microprocessor emulator (ICE) is used to attempt unauthorized copying. A switchable encryption/decryption means is included in the system for switching from a first operating mode to a second operating mode whenever an invalid program event is detected by an address bus monitoring means (when access to a "trap" address is detected).
U.S. Pat. No. 4,471,163 "Software Protection System" issued Sept. 11, 1984 to Donald et al. discloses a system wherein a program number must be combined with a lock number and a key number in order to enable usage of a protected program stored in memory.
The above-mentioned works suffer in general from the problems of excessive cost, overly complex circuitry and user inconvenience.
With respect to excessive cost, the price of memory devices should be dictated primarily by their data storage capacity and not by the cost of associated software protection means. The protection means function primarily to protect the rights of the software copyright owner rather than providing convenience and enjoyment to the end user. It is not fair to ask end users to cover the cost of a complex protection scheme.
With respect to convenience, users generally do not want to bother with the task of attaching and detaching a variety of so called "dongles" (sealed hardware devices which store a decryption key such that only those in possession of the dongle can use the protected software) to their computers as they switch from one software package to another software package. Dongles can consume unacceptably large areas of a desktop as more and more protected software packages are acquired from different vendors.
With respect to computer performance, it is undesirable to have a software protection scheme which substantially slows the instruction execution speed of a CPU. There should be a way to protect the rights of legitimate software originators and distributors (copyright licensors and licensees) without inconveniencing end users. The cost of the protection means should be minimal to end users and degradation to CPU execution speed should also be minimal.