The present invention relates to anti-tamper computer systems, and more particularly to a system whereby exposed client software is protected from effective reverse engineering and tampering to prevent modification, illicit usage, malware injection, or other unauthorized customization.
Many anti-tamper methods are known in the art, including self checking anti-tamper systems integrated into software, white box cryptography methods for encrypting and/or decrypting information while hiding the encryption/decryption key in software, and computational outsourcing as a means of achieving limited security in deployed client software. In addition, client software updating to deliver new functionality, performance improvements, defect corrections and for other purposes is a broadly utilized practice.
Integrated anti-tamper technologies in deployed client software are designed to block effective software analysis and tampering. Reasons for blocking such tampering include stopping subversion of license management, stopping the enablement of functionality not expressly licensed or otherwise prohibited, stopping access to unencrypted digital content managed and/or processed by such software, stopping injection of arbitrary new software, and many others.
The problem with any static deployment of an integrated anti-tamper technology in software is the fact that ultimately, all static software is analyzable. With sufficient investment, even extremely complex protection networks can be fully analyzed, modeled as necessary, and attacks created and tested until success is ultimately achieved. With sufficient effort and time, static integrated anti-tamper techniques in software can be defeated.
It would be desirable to have a system that changes over time so as not to provide the necessary time for an attacker to overcome the anti-tamper techniques of the system, or even if the attacker overcomes the anti-tamper techniques for the system to be re-protected so that the tampered software only operates for a limited time.