1. Background-Field of Invention
This invention relates to a system for protecting computer software. More specifically, this invention relates to a cryptographic system for protecting mass marketed software.
2. Background-Description of Prior Art
As of this writing more than 100 million microcomputers are in use worldwide. Encouraged by this large installed base of systems, software developers are creating products at a rapid pace. However, one problem threatens the continued development of reasonably priced software: software piracy, the unauthorized copying of programs. Software vendors have dealt with the piracy issue by various means, both technical and legal, but it still remains a serious problem. The Software Publishing Association, an industry group of more than 900 firms, recently estimated that the industry loses revenues of $2.5 billion annually due to this problem. Although many patents have been issued whose purpose is to discourage or prevent software piracy, the operational mechanism of many of these patents are too complex to be accepted by purchasers of computer software. Computer users have come to expect software products to be easy to use, else they will not buy them.
One method for protecting software (now rarely used) is copy protection. The term "copy protected" means that program distribution media (e.g., floppy diskettes) cannot be copied by normal means. A diskette is formatted, or magnetically encoded, as concentric rings of bit patterns called tracks. Each ring is divided into parts called sectors; normally the number of sectors is the same for all tracks. Each sector is comprised of a header area followed by a data block. A checksum follows, whose value is used to detect errors in the recording process. A typical copy protection scheme modifies an unused sector after a program has been recorded onto the diskette, such that the program may be executed without error, and a copy utility will duplicate the program without detecting the invalid sector. However, the program contains instructions which check the diskette for its error sector, and will terminate if loaded from a copied disk.
The use of this protection method led to development and sale of numerous "bit copier" utility programs, which, unlike standard copy utilities, can produce executable duplicates of the programs. Thus, this form of media copy protection discouraged but did not prevent software piracy.
A second approach to software protection is the use of an electronic security device, sometimes called a dongle, which attaches to one of the computer's external input/output ports. Programs which are to be protected in this way must make procedure calls which interrogate the port to make sure the dongle is in place, and that the dongle has a unique identifier which matches the unique identifier embedded in a location within the program. If the dongle is not there, or if one is attached which has a non-matching identifier, the program terminates. U.S. Pat. No. 4,609,777 to Cargile (1986) and U.S. Pat. No. 4,685,055 to Thomas (1987), describe two such devices. Various manufacturers of dongle devices continue to sell them to software vendors, but most software is still sold without these devices, either because of cost criteria or lack of acceptance by software purchasers. A disadvantage of the hardware dongle protection method is the ease with which a determined perpetrator can crack the protection algorithm by monitoring the port and bus lines with a storage type data analyzer. Another disadvantage is that each software package is typically supplied with its own dongle, so that the user might soon run out of ports. Additionally, the hardware dongle method does not actually conceal instruction codes. By using a well-known technique (disassembly) a skilled programmer could easily find the appropriate interrogation code and disable it.
Protection Criteria
At a minimum, a software protection method should do two things: prevent disclosure of the actual program instruction codes (whether in source or object form) and restrict the use of a software product to the software's purchaser or licensee. One approach which promises to meet these requirements is the use of the crypto microprocessor. A crypto microprocessor is a plug-in replacement device for the conventional microprocessor, but is capable of executing enciphered instructions. An enciphered program may execute only on a designated computer system incorporating a cryto microprocessor which deciphers the program according to a specific cipher key or algorithm. Crypto microprocessors can be built at reasonable cost, since the translation circuitry is not unduly complex. In addition, the method does not interfere with computer user's customary practices. For example, the user is able to copy his software for backup purposes. Equally important, enciphered software can be processed in a manner compatible with current production and distribution methods.
If a method prevents disclosure of program instructions, we say it conceals codes. If a method restricts or assigns the software to one computer system, we say it assigns a system. Table 1 compares protection methods according to these criteria.
TABLE 1 ______________________________________ Comparison of Protection Methods Conceals Assigns Method Codes System ______________________________________ Copy protect No Yes * Dongle No Yes * Crypto processor Yes Yes ______________________________________ *Can be defeated in all cases by means discussed
Concealment and assignment criteria must be met for any acceptable protection method, and the comparison above shows that only the crypto processor meets both.
Patents for crypto processors have existed for more than a decade, yet no general-purpose devices are currently being manufactured. The lack of success for these other approaches is partly explained by failure to address the marketing requirement, stemming from cost and logistical criteria, such that software be distributed as standardized, non-customized ("shrink wrapped") packages. For a software protection method to attain market acceptance, it should provide four additional capabilities:
1) User customization. This means that the purchaser may designate the computer system on which the software will reside and execute after the sale rather than prior to purchase. The only alternative to user customization is encipherment by the vendor before its sale. A labor-intensive and expensive approach, pre-sale customization is specified in U.S. Pat. No. 4,633,388 to Chiu (1986), which describes a microprocessor with a means of selecting one of a set of cipher keys for decryption. The microprocessor also supports execution of both enciphered and unenciphered programs, as does U.S. Pat. No. 4,757,534 to Matyas et al. (1988). Although the Matyas et al. patent provides for post-sale customization, the system does not actually employ a crypto processor. Instead, enciphered programs are stored on disk and loaded into "private" memory for execution. Decipherment is performed by ROM-resident software prior to launching the program.
2) Multiple keys. Use of the same cipher key in a crypto microprocessor to decipher all protected programs makes it vulnerable to the "known plaintext" attack. U.S. Pat. No. 5,034,980 to Kubota (1991) proposed a fixed cipher key embedded in each chip. If, for example, a programmer working for a software developer has both a protected version and the plaintext version of a program, he could easily determine the cipher key of a system on which the protected version runs. He could then crack any protected software which was subsequently installed on that system. Because of this weakness, a crypto processor needs to use a different key for deciphering each enciphered program. PA1 3) Network support. It is estimated that by the year 1995, seven of every ten computer systems will be connected to a local area network (LAN). In LAN environments, programs are typically stored on a file server computer, then are loaded from the server's disk drive over the network into the main memory of a requesting workstation, there to be executed. None of the described crypto microprocessors provides for a network server mode. PA1 4) Mixed enciphered/nonenciphered code support. Because a user is likely to possess programs that are not protected under encipherment, he should not lose this software investment as a consequence of owning a computer using a crypto microprocessor. In fact, with today's powerful computers, he will probably want the ability to concurrently execute enciphered and nonenciphered programs. One approach to mixed mode execution would allow the same program to contain both enciphered and clear text instructions, implying the use of a program means to switch modes, as Chiu described in U.S. Pat. No. 4,633,388 (1986). This method is not suited for mixed support of independently developed programs, however. PA1 1) Prevent a computer program from being executed on computer systems other than those authorized or licensed for said program. PA1 2) Provide a network operating mode, allowing a single copy of a protected program to reside on a file server system, then loading executable copies to requesting workstations, with each workstation having its own cipher key. PA1 3) Provide for user customization of programs, making it possible to mass distribute "shrink wrapped" protected software. PA1 4) Remain compatible, insofar as possible, with current software production and distribution methods, and with the practices of computer users. PA1 1) Contact a remote EXCHANGE database system to transmit software product release information, including: software vendor identifier, product name and version, and number of product copies, either by serial number range or by enumeration. The EXCHANGE system will respond to this information by specifying a cipher key and cipher algorithm with which the software developer is to encipher the software product prior to duplication and distribution of copies. PA1 2) Encipher a master copy of the software product under the cipher specified by the EXCHANGE system. This master copy will be used by the developer's duplication department or a service bureau as the source copy for duplication. PA1 BRIEF DESCRIPTION OF THE DRAWINGS
A second method would support serial execution of either nonenciphered or enciphered programs, but not both modes concurrently such as the crypto microprocessor described in U.S. Pat. No. 4,573,119 to Westheimer et al (1986). The Westheimer device has a circuit which detects an operation code specifying lower and upper bound addresses of enciphered programs. The circuit responds by enabling two transform units which decipher the program's instruction codes and data addresses within the specified bounds, but a branch to a location outside the bounds would result in a fault.
Yet another method would allow multiple enciphered programs to be run concurrently with nonenciphered programs within a single environment but not allow mixing of enciphered and nonenciphered modes within one program (as in U.S. Pat. No. 5,034,980 to Kubota, 1991). In this approach, mode switching is performed by software after loading a mode register prior to the dispatch of a process. This method is the most flexible for multitasking systems.
In summary, there are three main approaches to software protection: diskette media copy protection, hardware dongle devices, and crypto microprocessors. While the crypto microprocessor offers the strongest form of protection, previous crypto microprocessor patents omitted some important capabilities. These include: user customization (to designate the target computer system); use of multiple cipher keys (to avoid the weakness of "known plaintext" attack); support of a protection mode for operation on a local area network; and mixed enciphered/nonenciphered code support of independently developed programs.
Table 2 compares support of features by these patents.
TABLE 2 ______________________________________ Crypto Processors: Comparison of Features Conceal Assign User Multi- Network Codes System Custom Key Support ______________________________________ Best yes yes no yes no Chandra yes yes yes yes no Chiu yes yes no no no Gaffney yes yes no yes no Kubota yes yes no no no Matyas yes yes no yes no Westhe/ yes yes yes no no ______________________________________