This invention relates to a system for providing computer program instructions in an encrypted manner, wherein execution of the encrypted program is performed by digital logic hardware. More specifically, the invention relates to using register bit address configurations in order to permit execution of encrypted programs having excess instruction bits.
Computer program execution is performed at the processor level by the use of instructions or op codes which typically have a predetermined relatively short standard op code length. In order to work, the op codes must be compatible with an instruction set used by the processor for execution. Intermediate results of processing of the instructions are stored in comparably short registers. It is often possible to examine the status of the registers, and this provides a convenient tool for surreptitious analysis of the operation of a program during execution of the op codes. The op codes follow a particular format for bit allocation during execution. Accordingly, the op codes and intermediate results of execution are predictable, and external interpretation is simplified.
To protect computer software, there is often a need to restrict its use. This may be accomplished by end user agreements, wherein the user agrees to only use the software on one or more agreed upon computers. In other cases, in which the software can be freely copied, piracy restrictions are accomplished either by end user agreement or by simple techniques such as the requirement to use a product serial number to enable use of the software. While this may discourage software piracy and copying, it does not completely prevent a determined software pirate from reproducing the program along with one or more enabling serial numbers or keys.
It is possible to provide elaborate protective systems for encoding the software, using proprietary hardware components for example, or even by requiring the end user to comply with registration requirements in order to enable software operation. In that respect, the encryption scheme for the program ensures that the program is executable in unencrypted form, at least with respect to the instruction sets provided to the CPU. In other words, the instructions provided to the CPU are in a form that is understandable by the CPU prior to CPU execution. Thus, it is easy for an unauthorized user to determine what is necessary to operate the programs successfully.
It is often desired to provide software and updates of software to end users in such a manner that the software is transferred through public channels, such as the Internet. To provide such software in restricted form, it is desired to provide security to the distributor of the software so that the software is not subject to unauthorized use. In particular, if software is shipped via public or private channels, it is desired that the end user of the software can only use the software on the end user""s specified computer, and that the software not be willingly or unwillingly shared by the end user. By computer, it is intended that this includes personal computers, smart cards, work stations, dedicated CPUs embedded in hardware appliances, and any other device in which integrated circuit (IC) microprocessors may be used.
In some programs, the cost of the programs to the end user is such that it becomes economical for third parties to determine what is necessary to circumvent restrictions on use by unauthorized persons. Therefore, it is desired to make the unauthorized duplication or use of a program uneconomical. In order to do that, it is desired to provide an encryption scheme which prevents unauthorized persons from xe2x80x9cattackingxe2x80x9d the encryption of the software through analysis of the input and output of user commands and instruction sets from the software. It is further desired to provide a software encryption technique in which there are no external indicia of a decryption technique which can be used to analyze the encryption of the software. It is further desired that software be encrypted in such a manner that it is unnecessary to decrypt the software in order to accomplish execution of the software.
According to the invention, a microprocessor is used for processing computer programs which are selectively operable on that individual processor. The microprocessor includes an instruction decoder which is capable of decoding instructions formatted with op code lengths longer than standard op code lengths. Logic circuitry receives the instructions from the instruction decoder and responds in order to perform processor functions. A key shared by the microprocessor and a compiler, is used to enable the execution of instructions encrypted by the compiler to have the longer length op codes.
According to the invention, a key is shared by a microprocessor and a compiler. The key is used to execute instructions which are provided in encrypted form having op code lengths longer than the standard op code lengths. The use of the longer op code lengths makes external analysis of the program operation difficult, because surplus bits are inserted to lengthen the op codes according to the present invention.
According to the present invention, a microprocessor CPU is provided with an ability to modify its operation in accordance with an encryption key. When a program is compiled, the program is modified in order that execution may be performed with the CPU with its operation modified to accommodate the encrypted states of the program to be processed. Logic architecture elements established in the microprocessor are then able to shift the basic op code execution function, and the logic circuitry permits modifying operation of the microprocessor in accordance with logic instruction op codes stored in predetermined memory stores. This logic circuitry is configurable in accordance with the received logic instructions during the execution of a program, and so it is unnecessary to decrypt the program into standard op codes prior to execution.
In one aspect of the invention, longer length registers than required for standard instructions permit selective use of bits for a bit allocation scheme, and makes it difficult to externally determine which bits are being used. The use of a long word permits execution instructions to be combined. This obfuscates the instructions when observed. According to the present invention, the microprocessor combines several encrypted instructions into long instruction words. The long instruction words are gathered into groups which will fit the microprocessor""s instruction buffer.
According to the invention, the output register holds several words of data from several instruction operations. Data is output from the microprocessor in groups of data words from one word to several words. Decoding is accomplished without decrypting the op codes and logic gates immediately process data. The data representation changes change during the execution, which has the effect of securing the program from analysis for decryption.
According to a further aspect of the invention, an instruction decoder programmable so that it decodes encrypted instruction op codes. A key, shared by the microprocessor and a compiler, is used by the compiler to encrypt standard instructions into encrypted instructions. The key is optionally used to re-allocate memory resources and register resources in the microprocessor. A serial number is further used to re-allocate the resources. The reallocation of memory and register resources is available whether the instructions are encrypted or not encrypted. The invention has the advantage of executing encrypted instructions without decrypting them into standard op codes.
According to a further aspect of the invention, a CPU chip is provided in which instruction block sizes are larger than a predetermined minimum size for performing its computational functions. Programs compiled to execute on the CPU are compiled in a manner to utilize block allocations of instructions according to a key. Since the blocks of instructions are larger than they need to be, interdependencies between bits of separate instructions can be provided so that the CPU may check these dependencies for conformance to criteria shared by the compiler and the CPU.
According to a further aspect of the invention, the invention may include a coprocessor with an ordinary CPU, with the output of the CPU provided to the user""s computer.