When distributing software packages to customers, for instance in view of a software purchase, an evaluation trial, or a software upgrade, it is known to establish a binding with the owner of the software. Moreover, it is known to take precautions to ensure only authorized customers can access the software package. A known way to do this is by encrypting the package or its interfaces by means of a standardized cipher, for instance AES or DES. A disadvantage of this approach is that a malign user can decrypt the package using the official key and then easily re-encrypt the package with another key of his choice (since the malign user knows the key-schedule of the cipher used) and, in the extreme case, the malign user could, after re-encrypting the package, resell the application as if the program was his or hers.
“White-Box Cryptography and an AES Implementation”, by S. Chow, P. A. Eisen, H. Johnson, and P. C. van Oorschot, in: Proceeding SAC 2002 Revised Papers from the 9th Annual International Workshop on Selected Areas in Cryptography, pages 250-270, Springer-Verlag London, UK discloses a method called white-box cryptography, in which the key is expanded into one or more look-up tables that are an integral part of the implementation of the cipher. The inputs and outputs of these look-up tables are encoded, possibly using different encodings, to make it more difficult to understand the process steps that the look-up tables represent.