There are known data protection methods, in particular methods for authorizing access to protected information and/or allowing the execution of computer programs (software) subject to obtaining a license to use them.
Known methods contemplate the use of a key not know to the user and obtainable by purchasing a license to use the software in question. This method has the drawback that this key can be fraudulently replicated, so that unauthorized users who learn about this key are able to use the software.
Other methods contemplate the use of a device, called a token, able to generate a password, generally in a numeric format, on the basis of an algorithm unknown to the user. Typically, in a two-factor authentication scheme, this password assumes a value, dependent on parameters that vary with time (e.g., time, date, etc.), plus a known part, chosen by the user (known as the Personal Identification Number or, more simply, the PIN) so as not to be easily replicable. This method has the drawback that everyone knows the time and the PIN is usually chosen by a user so that it is easy to remember (in practice, the PIN is often chosen as the user's date of birth, the names of dear ones, etc.). There are known attacks of various types that drastically reduce the protection provided by this type of scheme.
Other known methods include the steps of storing entire portions of software on the token, but in this way there is an impact on software's speed of execution, linked to the fact that it is necessary to access these portions, compile them and then execute them. In consequence, she check is usually carried out only in the software's start-up phase and not during all of the time period in which the software is used.