Software or information piracy is the activity of using or making copies of software or information without the authorization of the creator or legitimate owner of that software or information. Piracy is prevalent in the computer software application industry where people frequently make unlicenced illegal copies of a software application. The application may be copied for use among a circle of acquaintances or for re-production and commercial profit. Other types of piracy include acts of copying information such as musical recordings or an electronically readable version of documentation or an electronic book. In all cases, piracy costs billions of dollars of lost profits to legitimate business annually.
The software and information technology industries have responded to the threat of piracy through the use of locking schemes. Locking schemes can include software locking mechanisms, licenses and specialized hardware devices which prevent unauthorized use of software, information, or an entire electronic device. These schemes seek to prevent adversaries from being able to freely copy software.
There are many types of software locking mechanisms. For example, a manufacturer can encrypt portions of a copy of a software program with an encryption key uniquely associated with that copy. A customer who purchases the software is given the associated decryption key which allows decryption and execution of the software. Another form of software protection mechanism involves a “Certificate of Authenticity” supplied with the purchase of a copy of a software program. The Certificate of Authenticity includes a unique number associated with the copy. During installation of the copy of software, the copy number is requested and must be entered correctly by the user. If the copy number entered matches a number expected by the installation program, the copy of the software is assumed to be legitimate and is installed and executed as being legitimate. If the number entered is incorrect, the software will not install properly. Neither of the above schemes provides full protection against illegal copying and use of software. For the scheme employing encryption, if the original customer wishes to distribute illegal copies, he or she needs only to transfer the copy together with the decryption key to others. Similarly, the original purchaser of the copy of software can circumvent the protection offered by the Certificate of Authenticity by passing the software along with the Certificate of Authenticity to other users.
Protection against piracy schemes often employ features of a User Device's operating system. Thus, it is important to protect the operating system against modifications that would circumvent the protections. Ensuring that an operating system is unmodified can be achieved though hardware. An example of a hardware protection scheme for the integrity of the operating system is provided in U.S. Pat. No. 3,996,449 which discloses a method for determining if a program or a portion of a program when running on a computer is unmodified. In this system, a hash function is applied to a user's identification code or key along with the text of the program itself in a special tamper-proof hardware checking device. The checking device compares a resulting value from the hash function with a verifier value to see if the program text is correct. If the text is correct, the program is allowed to execute on the device.
Schemes to protect against piracy using hardware entail attaching a device to the processor, typically through a communications port of the User Device. These types of hardware devices are often called “dongles”. Protection schemes may employ dongles in a variety of ways. For example, software may have a specific dongle associated with it where that dongle stores information or a number unique to that software. The software periodically checks whether the dongle is present at the communications port by requesting the information or number. One dongle is sold with each copy of the software. Since, presumably, the dongle cannot be reproduced, there can be only as many running copies of the software as there are dongles sold. In another application of dongles to protection against piracy of software, the dongle is an attached processor that executes parts of the application program which are inaccessible to the user. Again, the program cannot be executed without having the dongle attached to the User Device. Protection through dongles has a number of severe disadvantages. First, the user needs one dongle per protected program and has to attach and replace dongles when switching between programs. Users find this to be an inconvenience. Second, dongles are viable only provided they are tamper-proof and their internal algorithms and data are hidden from an attacker. In many instances in the past, both of these provisions have been violated by sophisticated, determined pirates. Third, in many instances software protected against piracy through dongles has been modified so as to eliminate the reference to dongles and thereby circumvent the protection. Finally, in the coming years where software will be preferably downloaded to customers through the Internet, accompanying physical devices such as dongles cannot be downloaded and thus become a burden to commerce.
Another hardware related approach assigns a unique identifier to each processor that can execute software. Software copies purchased for a User Device include the identifier of the processor on that device. When a User Device executes a software copy, the identifier included in that software copy is compared with the Device's processor identifier. Processing is enabled only if these two identifiers are equal. This approach has a number of drawbacks. In its basic version, there is no stopping a pirate from modifying a legitimate software copy by replacing the original identifier with the identifiers of the processors on which he or his illegal customers wish to install this software. Furthermore, this method inextricably links a software copy to a single User Device. This renders it impossible to move the software another User Device as required, for example, when a customer upgrades his computer. Finally, the unique processor identifier on User Devices has raised grave concerns of intrusion on users' privacy through monitoring their software purchases which are identified by the same number.
Digital water marking is a technique that places invisible, or inaudible identifying data in certain types of content primarily to identify the user to whom the content was sold. If that same content is found elsewhere, then the original buyer is suspected of participating in privacy.
Ideally, watermarks are persistent in that they can not be removed or altered without degrading the content. While these techniques contribute to detection of theft, they do not prevent someone from copying the content, so they require legal intervention to prevent continued copyright infringement. Further there are many attacks on such systems.