The present invention relates to a system for protecting software. More precisely, the invention relates to a system for protecting software that can be executed on a computer machine. The system is of the type in which the software to be protected is associated with a memory card for insertion in a read/write device connected to the computer machine, the presence of the card being required continuously throughout execution of the software.
In the present description, the term xe2x80x9csoftwarexe2x80x9d is used to cover not only computer software in the usual sense, but also an executable file, an image file, a video file, a sound file, etc. Similarly, the term xe2x80x9ccomputer machinexe2x80x9d is used to cover any machine capable of executing software such as PCs, portable telephones, set-top boxes, or games consoles. Finally, the term xe2x80x9cmemory cardxe2x80x9d is used to cover any removable medium including memory circuits and, in particular, a microprocessor.
To protect software against its unauthorized use, the main solution presently in existence on the market uses a component in the form of an application-specific integrated circuit (ASIC) and referred to as a xe2x80x9cprotective keyxe2x80x9d incorporated in a device known as a xe2x80x9cdonglexe2x80x9d. Such dongles need to be connected to the parallel port of the computer on which the software is being executed in order to enable the protected software to operate properly. The principle of using a dongle is as follows: each piece of software is associated with a dongle. The dongle and the software are personalized with one or more keys by the software developer. Once installed on the computer, the software makes calls to the dongle in order to verify that it is present and that the keys are valid. Each call is in the form of a question and a response. For each question (implemented as a string of characters), the dongle returns a predefined response that is known to the software. If the response to a question is different from the expected response then the software locks up to prevent further use thereof.
More sophisticated xe2x80x9cdonglesxe2x80x9d use an encryption system generated by a hardware system which enables a character string to be transformed in a determined manner. These models are easily xe2x80x9cbrokenxe2x80x9d by reverse engineering.
U.S. Pat. No. 5,083,309 discloses a system for using software in a secure manner. The system includes using an electronic memory card in which a portion of the data and/or of the software is stored and made inaccessible by the circuits of the electronic memory card itself. That solution provides a high degree of protection, but it is relatively cumbersome to implement because a portion of the software needs to be stored in the card which executes certain portions of the software.
An object of the present invention is to provide a system for protecting software using an electronic memory card in association with the software, which system likewise provides a high degree of protection but without requiring a large quantity of information, and in particular without requiring pre-storing in the memory card elements of the software to be protected and which does not require secret information to be generated by the software or by the file contained in the computer system.
This and other objects are attained in accordance with one aspect of the invention directed to a system for protecting software executable on a computer machine, the system being of the type in which the software is associated with a memory card adapted for insertion in a read/write device connected to the computer machine. The software includes means for storing a public key or value, and means for periodically generating a pseudo-random number and for transmitting the pseudo-random number to the read/write device. Another means implements a first algorithm using the public key or value on information received from the read/write device. A comparator compares the result of implementing the first algorithm with the pseudo-random numbers, and the execution of the software can be interrupted depending on the comparison.
The card includes protected memory means for storing an associated private value or key. A means is provided for implementing a second algorithm associated with the first algorithm and using the private value or key on received information issued by the computer machine, thereby obtaining encoded information. The encoded information is transmitted to the computer machine.
It will be understood that in such a system, the computer machine sends a message to which the response is the same message, but as encrypted using the algorithm stored in the circuits of the card. An associated algorithm is stored in the software. It is thus possible for the message to be in the form of any numbers or data generated in pseudo-random fashion, and the response is determined by the algorithm stored in the card. The number of messages and responses is thus infinite.
To implement such a system, the first and second algorithms are public key algorithms or zero disclosure algorithms. The card contains the private key in its memory and the software contains the associated public key. It will be understood that the public key is accessible in the software but that does not lead to a failure in protecting the software. In contrast, the private key is stored in the circuit of the electronic memory card which makes access to this information if not impossible, at least extremely difficult. This implementation thus provides maximum protection.
In a first implementation, each piece of software includes its own public key and the card includes its own private key. It is therefore necessary to have one card per piece of software. In a second implementation, the public keys and the private keys are all the same for all instances of the same piece of software. The number of instances of the software that can be executed simultaneously is thus under control since this number is limited by the number of cards.
In an improved implementation, the system further comprises network means for downloading said software from a supplier and into the computer machine, means using said card to request said supplier to supply the private key associated with said software over the network, and means for receiving in return said private key in encrypted form and for decrypting it in the card so as to store it in decrypted form.