This invention relates to software security and more specifically to a method and computer software code for providing security for a computer software program.
Once software is distributed to purchasers it is relatively easy for the purchasers to make unlimited copies and distribute them as they desire. As a result of such copying, substantial revenues have been lost. In fact, a recent study by Business Software Alliances (BSA) and the Software Publishers Association (SPA) estimated revenue losses to the worldwide software industry due to piracy at $11.4 billion. (Report available at http://www.spa.org/piracy/releases/97pir.htm). The study estimates that, of the 574 million new business software applications installed globally during 1997, 228 million applications (or four in every ten) were pirated. This represents an increase of two million more new applications being pirated than in the previous year 1996. The U.S. was reported as the country with the highest dollar losses due to software piracy followed by China, Japan, Korea, Germany, France, Brazil, Italy, Canada, and the United Kingdom. The piracy rate for the U.S. alone was estimated at 26% for 1995, and 27% for 1996 and 1997. Accordingly, revenue losses to the software industry due to piracy in the U.S. were estimated at $2,940,294 in 1995, $2,360,934 in 1996, and $2,779,673 in 1997.
With such an increasing amount of revenue being lost to software piracy, it is becoming ever-increasingly important for software developers to protect their software applications against unauthorized copying and/or use. In the prior art, several techniques have been developed in attempts to prevent software piracy. Such techniques include: security systems integrated with the software application program, and systems with certain external attachments (i.e., xe2x80x9cdonglesxe2x80x9d) that interact with the application program.
Software security solutions have been developed, which attempt to provide security for a computer application program solely through software. Such xe2x80x9csoftware onlyxe2x80x9d solutions do not require any additional hardware to perform security measures. Such software solutions typically utilize a registration database and encryption technology to provide security for an application program. That is, such security software solution typically checks the registration for an application program against a registration database to determine if use of the program is authorized. Typically, a registration is contained in the database only for application programs that have been purchased, and a registration is not contained for unauthorized copies of such application program. Therefore, such a software solution attempts to provide security by only allowing application programs that have a registration in the database to operate.
Security systems have also been developed which utilize external attachments called xe2x80x9cdongles.xe2x80x9d Dongles have been developed to interface with the parallel printer port of a personal computer (PC). Dongles have also been developed to interface with the serial port of a PC. Additionally, dongles have been developed to interface with the USB port of a personal computer. Other interfaces for which dongles have been developed include: the 36-pin Centronic interface for Japanese NEC-PC98xx systems and for standard PCs, and the ADB bus of the Apple Macintosh.
The general operation of a dongle is as follows: each dongle contains a unique code that is recognized by the protected software. During runtime, the protected program checks whether a dongle with the appropriate code is connected to the computer""s port (such as the parallel printer port). If the dongle""s code is confirmed, the software is executed. If not, the software will not run.
More specifically, most dongles contain an ASIC (Application Specific Integrated Circuit) chip with multiple electronic algorithms. During runtime, the protected software sends queries to the dongle connected to the designated port of the computer. The dongle evaluates each query and responds. If the response returned by the dongle is correct, the software is allowed to run, otherwise the software is not allowed to proceed as desired. If the correct response is not returned the software developer may be allowed to decide how the software should react, such as preventing the application from running or switching to a demo mode. Therefore, software developers may require that users connect a dongle to one of the above-described ports prior to running the corresponding software program. In this manner, software developers can utilize the above-described dongles to protect their software applications.
Several problems exist with prior art systems for providing security for software applications. Particularly where the security system resides solely in the software program, it has become relatively easy to break the code used in protecting an application program. In fact, there have been marketed other programs solely for the purposes of breaking such codes. That is, software programs. have been developed that enable buyers to duplicate protective software and avoid any internal security measures. Once the code is voided or broken, the user can then recopy the program and distribute it through computer networks to literally thousands of other unauthorized users. Furthermore, because security systems that reside solely in the program often do not allow users the ability to copy the program at all, users do not have the luxury of being able to make back-up copies of the program.
Problems also exist for the prior art dongles utilized for software application security. Dongles that connect to the parallel or serial ports are inconvenient for most users because their parallel and/or serial ports already interface with other devices, such as a mouse, an external modem, or a printer. Thus, many users are hesitant to dedicate such ports to a security device. Some parallel port dongles claim to have xe2x80x9cpass throughxe2x80x9d capabilities. Such pass through capabilities require that the dongle be connected to the port and then another device, such as a printer, can be connected to the dongle. Such a dongle is suppose to utilize the port to provide security and also allow signals to pass through to the other device. In effect, such dongles attempt to xe2x80x9csharexe2x80x9d the port with another device. However, when utilized with preemptive operating environments, such as Microsoft Windows 95, 98 and NT, potential problems with sharing ports exist. For example, a dongle may preempt a printer or other device attempting to utilize the same port such that the dongle may effectively take over the port solely for its operation for extended periods of time. By the same token a printer or other device attempting to utilize the same port with a dongle may preempt the dongle, such that the printer or other device may effectively take over the port solely for its operation for extended periods of time.
An additional problem associated with the dongles currently available is that users are aware that the software provider is requiring them to install a security device before they are allowed access to a particular program. Many users do not appreciate the inference that they are not trustworthy, and users may even forgo purchasing the software product.
Yet another problem with the dongles currently available is that most users do not like the extra effort required on their part to attach a dongle to one of the above-described ports. In this sense, even dongles that have pass-through capabilities require the user to disconnect a device that was previously interfacing with a particular port, connect the dongle to that port, and then connect the original device to the dongle. In turn, this required effort on the part of the user makes a developer""s software application less appealing to consumers.
Thus, there is a desire to provide security for software developers. There is a further desire for security software capable of receiving analog data representing a security code from an input port of a computer and enabling or disabling a protected application program based upon whether the received analog data corresponds to an expected security code. There is a further desire for such security software to be capable of executing in a non-real-time operating system to provide security for an application program. There is yet a further desire for such security software to be capable of reading analog data that is presented to an input port of a computer asynchronous to the execution of the security software to provide security for an application program.
These and other objects, features and technical advantages are achieved by a method and computer software code which provide software security by reading analog data signals representing a security code from a predetermined input port of a computer, determining whether the read security code corresponds with an expected security code, and enabling or disabling the protected application program based upon whether the read security code corresponds with an expected security code. In a preferred embodiment, the analog data signals are resistance values, and the predetermined input port of a computer is a game port. Thus, in a preferred embodiment the security software is capable of reading resistance values representing a security code from the game port of a computer, determining whether the read resistance values correspond with an expected security code, and enabling or disabling the protected application program based upon whether the read resistance values correspond with an expected security code.
As used herein, the term xe2x80x9csecurityxe2x80x9d means preventing unauthorized operation of all or a portion of a software program. In a preferred embodiment of the invention, security for an application program is provided by presenting multiple sequences of resistance values, which represent a security code sequence, to the analog pins of the game port of a computer. Security software executing on the computer may utilize the computer""s sound card to read the security code sequences presented to the analog pins of the game port. If the security code sequences read by the security software correspond with an expected security code, the application program may be enabled and allowed to operate correctly. However, if the security code sequences read by the security software do not correspond with an expected security code, the application program may be disabled and not allowed to operate correctly. For example, if the application program is disabled, all or a portion of the application program may not function, the application program may be presented in a demo mode, or the application program may vary in some other way from its normal operation.
In a preferred embodiment, the security software is capable of compensating for execution delays caused by a non-real-time operating system. In such a non-real-time operating system, the execution of reading a security code from an input port of a computer may be delayed. However, the generation of such security code may not be delayed. Thus, delays caused by a non-real-time operating system may permit the security code presented to an input port of a computer to advance to a new code within a sequence of codes before the security software is capable of reading the security code. A preferred embodiment of the security software is capable of compensating for such execution delays such that the security software may provide software security for a protected application in a reliable manner.
In a preferred embodiment, the security software is capable of compensating for the analog data being presented to the input port of a computer asynchronous to the security software reading the analog data. Because the analog data may be presented to the input port of a computer asynchronous to the security software performing a read of the analog data, the security software may perform a read of the analog data at a time when one or more of the analog data signals are in the process of changing from one state to another state. Thus, the security software may perform a read of the analog data at a time when one or more the analog data signals are at an in-between state. A preferred embodiment of the security software is capable of compensating for the analog data being presented to the input port of a computer asynchronous to the security software reading the analog data such that the security software may provide software security for a protected application in a reliable manner.
It should be appreciated that a technical advantage of the present invention is that a method and computer software code which provide software security for an application program is provided. A further technical advantage is realized in that a preferred embodiment is capable of reading analog data representing a security code from an input port of a computer and determining whether the read security code corresponds with an expected security code. A further technical advantage is realized in that a preferred embodiment is capable of enabling or disabling a protected application program based upon whether the read security code corresponds with an expected security code.
Yet a further technical advantage is realized in that a preferred embodiment is capable of compensating for execution delays in reading a security code from an input port of a computer caused by a non-real-time operating system. Still a further technical advantage is realized in that a preferred embodiment is capable of compensating for a security code being presented to an input port of a computer asynchronous to the security software reading the security code.
The foregoing has outlined rather broadly the features and technical advantages of the present invention in order that the detailed description of the invention that follows may be better understood. Additional features and advantages of the invention will be described hereinafter which form the subject of the claims of the invention. It should be appreciated by those skilled in the art that the conception and specific embodiment disclosed may be readily utilized as a basis for modifying or designing other structures for carrying out the same purposes of the present invention. It should also be realized by those skilled in the art that such equivalent constructions do not depart from the spirit and scope of the invention as set forth in the appended claims.