One method for protecting an application program includes using a serial number for activation, which is requested during a setup of the application program. This method has some drawbacks, including that the serial number may be copied, intercepted or calculated.
Another method for protecting an application program includes using an activation procedure after installing the program. For example, at a first execution, the application program requires a registration to a web site of a producer or seller and, after registration, an additional activation code is sent via email or phone to a user. The insertion of the additional activation code in the application program allows the program to be used. However, the additional activation code may also be intercepted and recalculated, and thus this method is not secure.
Moreover, in the method described above, once the application program has been installed in a device and registered, it is permanently stored in the memory of the device in executable format. Thus, it is subject to copy or reverse engineering to retrieve the source code. In some cases, the application program in executable form may be copied into a memory of another device and executed therein.
A further method for protecting application programs is based on a dongle or hardware key inserted in a physical port of a device executing the application program. In absence of the dongle or hardware key, the application program cannot be executed. However, the dangle may be duplicated and a duplicated dongle may be used to unlock an application program in other devices. Moreover, dongles are expensive because they are designed for specific purpose devices and for specific hardware configurations.
Yet a further method for protecting software is based on an integrated circuit card (ICC). For example, EP 1,253,503 discloses a method for protecting a source code [X=Y+10]. The method provides a different encoding [X:=Y+(C−T), where C:=decrypt(g(10)+t)] of the source code, including an encrypted parameter [g(10)] and a variable returned from a smartcard [T]. The different encoding of the source code [X:=Y+(C−T)] may be reconstructed only through the smart card [(X:=Y+(10+T−T)→Y+10)]. However, also in this case, when the application program is executed in the device, the memory of the device may be copied to reverse engineer the source code (X:=Y+(C−T)).