This invention relates to a system for providing computer program instructions in an encrypted manner, wherein execution of the encrypted program is performed by digital logic hardware. More specifically, the invention relates to on-chip verification of proper configurations of instructions, logic and data.
When a microprocessor is operating in the process of executing computer software, it is possible for the surreptitious observer to decipher proprietary details regarding processor operation. To protect the computer software, there is often a need to restrict its use. This may be accomplished by end user agreements, wherein the user agrees to only use the software on one or more agreed upon computers. In other cases, the software can be freely copied, so that piracy restrictions are accomplished either by end user agreement or by simple techniques such as the requirement to use a product serial number to enable use of the software. While this may discourage software piracy and copying, it does not completely prevent a determined software pirate from reproducing the program along with one or more enabling serial numbers or keys.
It is possible to specifically identify individual CPUs. In that way, each CPU can be separately identified by a serial number encoded into the CPU. Identification can be accomplished by laser marking of the CPU package with a serial number. Further, it is possible to provide a serial number which can be read out by the end user during execution with appropriate instructions.
It is possible to provide elaborate protective systems for encoding the software, by use of proprietary hardware components for example, or even by requiring the end user to comply with registration requirements in order to enable software operation. In that respect, the encryption scheme for the program ensures that the program is executable in unencrypted form, at least with respect to the instruction sets provided to the CPU. In other words, the instructions provided to the CPU are in a form that is understandable by the CPU prior to CPU execution. Thus, it is easy for an unauthorized user to determine what is necessary to operate the programs successfully.
It is often desired to provide software and updates of software to end users in such a manner that the software is transferred through public channels, such as the Internet. To provide such software in restricted form, it is desired to provide security to the distributor of the software so that the software is not subject to unauthorized use. In particular, if software is shipped via public or private channels, it is desired that the end user of the software can only use the software on the end user""s specified computer, and that the software not be willingly or unwillingly shared by the end user. By computer, it is intended that this includes personal computers, smart cards, work stations, dedicated CPUs embedded in hardware appliances, and any other device in which integrated circuit (IC) microprocessors may be used.
In some programs, the cost of the programs to the end user is such that it becomes economical for third parties to determine what is necessary to circumvent restrictions on use by unauthorized persons. Therefore, it is desired to make the unauthorized duplication or use of a program uneconomical. In order to do that, it is desired to provide an encryption scheme which prevents unauthorized persons from xe2x80x9cattackingxe2x80x9d the encryption of the software through analysis of the input and output of user commands and instruction sets from the software. It is further desired to provide a software encryption technique in which there are no external indicia of a decryption technique which can be used to analyze the encryption of the software. It is further desired that software be encrypted in such a manner that it is unnecessary to decrypt the software in order to accomplish execution of the software.
According to the invention, a particularly configurable microprocessor is used for processing computer programs which are selectively operable on that processor, provided that its instruction buffers are properly configured. The microprocessor includes an instruction buffer, destination logic circuitry, and a logic block on the instruction buffer which is able to route a subset of instruction bits from selected bit locations in the buffer to the destination logic circuitry. The routing of signals reaches the logic block which determines whether predetermined bits in the instruction buffer conform to predetermined criteria.
More particularly according to the invention, a microprocessor is able to process computer programs which are selectively operable on that particular processor. An instruction buffer contains logic which is able to route a subset of instruction bits from selected bit locations in the buffer to destination logic gates in the microprocessor. The routing reaches a logic block, and the logic block determines whether predetermined bits in the instruction buffer conform to predetermined criteria.
According to a further aspect of the invention, a CPU is provided with an ability to modify its operation in accordance with an encryption key. When a program is compiled, the program is modified in order that execution may be performed with the CPU with its operation modified. In order to execute program instructions, the buffer interdependencies must match that expected by the compiler. This makes analysis of the program operation extremely difficult. The instruction buffer on a keyed microprocessor contains logic which is able to route a subset of the instruction bits on the microprocessor. This selects destination logic gates in the microprocessor which eventually reach a programmable instruction decoder and an instruction buffer interdependency checking logic block.
In one aspect of the invention, an instruction buffer on a keyed microprocessor contains logic which is able to route to selected logic gates a subset of the instruction bits on the microprocessor. The routing operation selects destination logic gates in the microprocessor which eventually reach a programmable instruction decoder and an instruction buffer interdependency checking logic block. In order to execute program instructions, buffer interdependencies must match those predetermined by a compiler. A requirement to create these interdependencies makes analysis of the program operation extremely difficult.
According to a further aspect of the invention, microprocessor for processing computer programs which are selectively operable on that processor. The microprocessor uses logic block checking. An instruction buffer contains logic which is able to route a subset of instruction bits from selected bit locations in the buffer to destination logic gates. The routing reaches a programmable instruction decoder and a logic block. The logic block checking whether bits in the instruction buffer conform to predetermined criteria.
According to a further aspect of the invention, a microprocessor is capable of processing computer programs which are selectively operable on that processor. A memory location for receives logic instructions for executing encrypted program instructions and logic circuitry modifies operation of the microprocessor in accordance with the stored logic instructions. An instruction buffer on the microprocessor contains logic for routing a subset of the instruction bits from bit locations in the buffer to destination logic gates in the microprocessor. An instruction buffer interdependency checking logic block responds to routing of the instruction bits.
According to a further aspect of the invention, program instructions are executed on a selected processor. A subset of instruction bits are routed from bit locations in the buffer to destination logic gates. The routing reaches a programmable instruction decoder and an instruction buffer interdependency checking logic block. Successful program execution requires a successful interdependency check at the interdependency checking logic block.
In one embodiment, a microprocessor uses a programmable instruction decoder to decode encrypted instruction op codes. The decoding is accomplished without decrypting the op codes and the logic gates of the logic circuitry immediately process data upon receipt without prior decryption. The data representation of the op codes is changeable during the execution.
A custom instruction set is provided for each CPU chip or groups of CPU chips. That custom instruction set is used by the software manufacturer to provide a unique version of a mass produced program to a customer for program operation with a microprocessor chip. The CPU is therefore programmed for that custom instruction set. The length of each instruction, and the other features of this invention are configurable to have according to the present invention cryptographically significant level of security when viewed from the IC pins. Pirates who examine signals inside the IC will accordingly be deterred from success by the inventive features described herein.
The way instructions are executed ensure that, an adversary attempting to pirate the software will have difficulty understanding the results of instruction execution. It is a goal of the present invention to anticipate pirate attacks, and to provide measures which will thwart their tactics. The microprocessor chip according to the present invention will use instructions, data, addresses, and RAM memory as well as instructions with bits in each instruction configured cause confusion for attackers, but which are disregarded by the instruction decoder of the present invention during execution.
According to a further aspect of the invention, a CPU chip is provided in which instruction block sizes are larger than a predetermined minimum size for performing its computational functions. Programs compiled to execute on the CPU are compiled in a manner to utilize block allocations of instructions according to a key. Since the blocks of instructions are larger than they need to be, interdependencies between bits of separate instructions can be provided so that the CPU may check these dependencies for conformance to criteria shared by the compiler and the CPU.