Computer software protection is applied in many ways for a variety of reasons. Some of the reasons for using software protection are to protect investments of code development, such as to restrict reverse engineering and product copying. Another reason for using software protection is to prevent program alteration and breaking, for example in digital wallets. Another reason for using software protection is to prevent software duplication. Numerous other reasons for using software protection mechanisms exist.
Nevertheless, hacking programmers (referred herein as hackers) manage to bypass these protection schemes and break the program secure mechanism creating hacked versions of the program. Hacked versions are then made available, for example on the Internet for free download. In other cases a special chip known as a modchip is created by a manufacturer specifically to allow using duplicated software. A modchip is a small electronic device used to modify or disable built-in restrictions and limitations of many popular videogame consoles for example. See in Wikipedia http://en.wikipedia.org/wiki/Modchip.
In many cases, hackers are able to break program protection due to the fact that access is granted to entire memory, CPU and registers of their computer, console or device. With advanced tools, it is possible to view the protection mechanisms in action and learn how bypass them.
The damage from these hacks is not small, whether invested work is easily reverse engineered and copied, or since less software is being purchased. In addition, stand alone programs of the type that require high security such as payment programs or programs using sensitive data cannot be made for wide usage.
Some software companies offer a demonstration version of their software, for people to evaluate prior to purchase. The problem with these demonstration versions is that hackers can use these demonstration versions to break the software protection mechanisms. As a result, the software vendors cripple these demonstration versions.
Other software protection requirements include protecting databases from being used not as directed by its owner. For example, suppose a phone directory program is sold to individuals. A hacker can then extract the database and use the home directory database in unlawful manners, such as lookup of personal information from a given phone number, or requesting the personal information of all people living in a building or in a certain block.
Additional software protection requirements include protecting programs from being altered by hackers. An altered program can result in changing policies of software rules by a hacker. Protecting the execution environment of software is another important issue. If the execution environment of a program can be altered by a hacker, security measures built into a program can be circumvented and the program can be used in manners undesired by the program maker. This may result in using protected data in ways not allowed by the data owner.
There are different software protection mechanisms being used today. Some programs use an internal protection mechanism in software. This method however is easily circumvented by a hacker analyzing the authentication process and breaking it.
Some software protection mechanisms rely on an external device which may be used as an external authentication agent. This however is easily circumvented by a hacker analyzing the authentication process on the computer or device and breaking it.
Some software protection mechanisms are tied to a storage device that may protect data using storage device protective capabilities. Protection may be carried out autonomously by storage device logic that may limit access to certain data residing on physical memory of storage device. This however is limiting in that mixing storage and data protection causes dependency between the storage unit and the data protection. In addition this manner of protection usually requires execution to be carried out on hardware located on the storage unit. Execution on storage unit hardware still requires protection of storage unit execution environment.
Some software protection mechanisms operate by requiring the user to be online for example on the Internet while using the software. In this scenario, the software installed on the user's device is incomplete and some portions are carried out online. The problem with this mechanism is that network connection is not always available and can be a major drawback for people wishing to use the software when not connected to the Internet. In addition, network speed and congestion may be a limiting factor for the execution of the protected software. Another major disadvantage of the online protection mechanism is that enterprises that are careful about protecting their data and network do not wish their software to transfer data outside the organization.
Another method for protecting software is to use a hardware protection mechanism which may be implemented within a processor. One of these hardware methods is the Lockbox technology implemented by Analog Devices. http://www.analog.com/processors/blackfin/lockboxSecureTechnology.html
In Lockbox technology, a confidential execution mode of the CPU is introduced. Entering this mode of execution must follow an authentication process. Part of internal on-CPU non volatile memory is only accessible during this confidential execution mode. Furthermore, during confidential execution, access to CPU registers and internal volatile memory is restricted and controlled by executing confidential code. In this manner it is possible to form an environment where confidential computations may take place without allowing reading or altering of confidential information.
The lockbox technology however is limited in that specific code in a specific manner must be written for a specific family of chips. Such protection is usually useful for embedded software. The available memory on the chip is usually small due to the high cost of implementing on-chip memory. The complex authentication process with the limitation of memory, both volatile and non-volatile and the complication of embedded environment development limits and makes the software development process difficult and complex.
It is an object of this disclosure to allow securing of software in a manner that protects software execution environment and prevents code alteration, modification, code viewing, and duplication using a high level programming language and without small memory constraints.
There is thus a widely recognized need for way to protect software and data that would prevent software copying, database access and code viewing while protecting program execution environment and protecting programs from being altered during execution. There is a widely recognized need for this capability in a unit that is an independent, separate entity from a computing device and from a storage device and it would be highly advantageous to have such a method devoid of the above limitations.