This invention relates generally to a method for disabling execution of a software application stored within a computer absent data indicative of an authorised use of the software application and more particularly relates to a method for disabling execution of a software application using a smart card.
Software piracy is causing huge losses in profits for companies developing and selling computer software. The sale and distribution of software designed for general use is based on the assumption that a software provider only wishes to sell a right to use the software to one person or to a select group of people. The seller specifically does not wish the purchaser to distribute the software to other users or to resell the software. Various methods are employed to prevent the purchaser from distributing the software. The most common method of software distribution is via a storage medium. The user is often unrestricted from either copying the software from this storage medium to another one or installing the software from a same storage medium on different computers. This results in undesirable software piracy.
In the past, piracy protection schemes were implemented to prevent a purchaser from making a back up copy of a software application. When a storage medium, such as a floppy disk, that is copy protected becomes damaged, the software provider must replace the storage medium. Some software providers have included a backup copy of the software application along with the original copy to lessen inconvenience when the original copy is damaged, but sometimes even these xe2x80x9cbackupxe2x80x9d copies fail.
Some software providers have avoided software copy protection schemes. Instead these software providers rely on the honesty of the purchaser, the fact that the documentation is difficult to duplicate, and/or a license agreement that the purchaser is expected to honour. The license agreement makes it illicit to distribute the software. Many software providers view convenience as essential for software users and therefore are wary of software piracy protection methods that inconvenience users in any way.
Another method of software protection involves writing to an installation disk to indicate that installation has occurred. This limits a disk to one use. This has many of the aforementioned drawbacks and also is unworkable with CD ROM technology. Using CD ROM technology, a software provider writes a program and other information to a CD ROM which can be written to only once using special hardware for that purpose. Therefore, adding information to a CD ROM during installation is not possible.
With the increasing use of digital communications such as the Internet, computer software is now commonly distributed using these means. In this case, the aforementioned methods of preventing undesired proliferation of pirated software can not be applied; users require some form of backup and this backup is easily distributed to other users. Also, interception of software by unauthorised third parties is a significant risk to software providers .
Computer security is fast becoming an important issue. With the proliferation of computers and computer networks into all aspects of business and daily lifexe2x80x94financial, medical, education, government, and communicationsxe2x80x94the concern over secure file access is growing. Using passwords is a common method of providing security. Password protection is employed for computer network security, automatic teller machines, telephone banking, calling cards, and telephone answering services. These systems generally require knowledge of an entry code that has been selected by a user or has been configured in advance. Examples of commonly used security codes for preventing software piracy include information from a user""s manual and a serial number. Unfortunately for use in copy protection, security codes are unworkable since the software is easily transferred with the security code.
A security access system that provides substantially secure access and does not require a password or access code is a biometric identification system. A biometric identification system accepts unique biometric information from a user and identifies the user by matching the information against information belonging to registered users of the system. One such biometric identification system is a fingerprint recognition system.
The use of a biometric imaging device with a personal computer is becoming widespread. In a fingerprint input transducer or sensor, the finger under investigation is usually pressed against a flat surface, such as a side of a glass plate; the ridge and valley pattern of the finger tip is sensed by a sensing means such as an interrogating light beam. Various optical devices are known which employ prisms upon which a finger whose print is to be identified is placed. The prism has a first surface, a platen, upon which a finger is placed, a second surface disposed at an acute angle to the first surface through which the fingerprint is viewed and a third illumination surface through which light is directed into the prism. In some cases, the illumination surface is at an acute angle to the first surface, as seen for example, in U.S. Pat. Nos. 5,187,482 and 5,187,748. In other cases, the illumination surface is parallel to the first surface, as seen for example, in U.S. Pat. Nos. 5,109,427 and 5,233,404. Fingerprint identification devices of this nature are generally used to control the building-access or information-access of individuals to buildings, rooms, and devices such as computer terminals.
U.S. Pat. No. 4,353,056 in the name of Tsikos issued Oct. 5, 1982, discloses an alternative kind of fingerprint sensor that uses a capacitive sensing approach. The described sensor has a two dimensional, row and column, array of capacitors, each comprising a pair of spaced electrodes, carried in a sensing member and covered by an insulating film. The sensors rely upon deformation to the sensing member caused by a finger being placed thereon so as to vary locally the spacing between capacitor electrodes, according to the ridge/trough pattern of the fingerprint, and hence, the capacitance of the capacitors. In one arrangement, the capacitors of each column are connected in series with the columns of capacitors connected in parallel and a voltage is applied across the columns. In another arrangement, a voltage is applied to each individual capacitor in the array. Sensing in the respective two arrangements is accomplished by detecting the change of voltage distribution in the series connected capacitors or by measuring the voltage values of the individual capacitances resulting from local deformation. To achieve this, an individual connection is required from the detection circuit to each capacitor.
Before the advent of computers and imaging devices, research was conducted into fingerprint characterisation and identification. Today, much of the research focus in biometrics has been directed toward improving the input transducer and the quality of the biometric input data. Fingerprint characterisation is well known and can involve many aspects of fingerprint analysis. The analysis of fingerprints is discussed in the following references, which are hereby incorporated by reference:
Xiao Qinghan and Bian Zhaoqi,: An approach to Fingerprint Identification By Using the Attributes of Feature Lines of Fingerprint,xe2x80x9d IEEE Pattern Recognition, pp 663, 1986; C. B. Shelman, xe2x80x9cFingerprint Classificationxe2x80x94Theory and Application,xe2x80x9d Proc. 76 Carnahan Conference on Electronic Crime Countermeasures, 1976;
Feri Pernus, Stanko Kovacic, and Ludvik Gyergyek, xe2x80x9cMinutaie Based Fingerprint Registration,xe2x80x9d IEEE Pattern Recognition, pp 1380, 1980;
J. A. Ratkovic, F. W. Blackwell, and H. H. Bailey, xe2x80x9cConcepts for a Next Generation Automated Fingerprint System,xe2x80x9d Proc. 78 Carnahan Conference on Electronic Crime Countermeasures, 1978;
K. Millard, xe2x80x9cAn approach to the Automatic Retrieval of Latent Fingerprints,xe2x80x9d Proc. 75 Carnahan Conference on Electronic Crime Countermeasures, 1975;
Moayer and K. S. Fu, xe2x80x9cA Syntactic Approach to Fingerprint Pattern Recognition,xe2x80x9d Memo Np. 73-18, Purdue University, School of Electrical Engineering, 1973;
Wegstein, An Automated Fingerprint Identification System, NBS special publication, U.S. Department of Commerce/National Bureau of Standards, ISSN 0083-1883; no. 500-89, 1982;
Moenssens, Andre A., Fingerprint Techniques, Chilton Book Co., 1971; and, Wegstein and J. F. Rafferty, The LX39 Latent Fingerprint Matcher, NBS special publication, U.S. Department of Commerce/National Bureau of Standards; no. 500-36, 1978.
It is an object of this invention to disable execution of a software application stored within a computer absent data indicative of an authorised use of the software application using a smart card.
In accordance with the invention there is provided a method for protecting a software application from piracy comprising the steps of:
providing data indicative of an authorised use of the software application;
executing a first portion of the software application;
receiving user authorisation information;
using a processor within a peripheral device, comparing the received user authorisation information with user authorisation information stored in memory of the peripheral device to produce a comparison result and, if the comparison result is indicative of the authorised user of the software application, providing data from the peripheral device to the computer, the data indicative of the authorised use of the software application on the computer; and,
executing a second portion of the software application only upon receipt of the data indicative of the authorised use of the software application.
In accordance with the invention there is also provided a method for protecting a software application from piracy comprising the steps of:
providing data indicative of an authorised use of the software application;
executing a first portion of the software application using a first processor;
receiving user authorisation information from an input device disposed within a first housing;
transmitting the user authorisation information to a second processor within a second housing, the second housing comprising memory, wherein the user authorisation information is unavailable to the first processor; using the second processor, comparing the received user authorisation information with user authorisation information stored in memory to produce a comparison result and, if the comparison result is indicative of the authorised user of the software application, providing data from the second processor to the first processor, the data indicative of the authorised use of the software application on the first processor; and,
executing a second portion of the software application only upon receipt of the data indicative of the authorised use of the software application.
In accordance with another aspect of the invention there is provided a system for protecting a software application from piracy comprising:
a software application for execution on a computer, the software application including executable commands for preventing execution of a portion of the software application absent data indicative of an authorised use of the software application; and
a peripheral device including:
a housing;
a port for interfacing the peripheral device to the computer; memory within the housing, the memory for storing user authorisation information indicative of an authorised user of the software application; and,
a processor within the housing for receiving authorisation information provided by a user, for comparing received authorisation information with the user authorisation information stored in the memory to produce a comparison result and, if the comparison result is indicative of an authorised user of the software application, providing data from the device to the computer, the data indicative of an authorised use of the software application on the computer,
wherein the software application execution is at least partially prevented until the data indicative of the authorised use of the software application is received.
Preferably the peripheral device comprises a smart card reader and a smart card. More preferably, the peripheral device also comprises a biometric sensor in the form of a fingerprint imager.