`Karp
`
`[19
`
`[11] Patent Number:
`[45] Date of Patent:
`
`4,866,769
`Sep. 12, 1989
`
`[54] HARDWARE ASSIST FOR PROTECTING PC
`SOFTWARE
`
`OTHER PUBLICATIONS
`
`(75]
`
`Inventor: Alan H. Karp, Palo Alto, Calif.
`
`[73] Assignee:
`
`IBM Corporation, Armonk, N.Y.
`
`[21] Appl. No.: 82,015
`
`[22] Filed:
`
`Aug. 5, 1987
`
`
`[SU] Ant, C14 ceecscsssssssssssssssssssssssssssssssssssssen HO4L 9/00
`
`[52] U.S. Clsaccescesecs
`380/4; 360/60
`[58] Field of Search oo... eseseeseesseeeens 380/2-5,
`380/22, 25, 59; 364/200, 900; 360/60
`
`[56]
`
`References Cited
`U.S. PATENT DOCUMENTS
`
`Voelcker et al., “How Disks are Padlocked”; JEEE
`Spectrum, (vol. 23, No. 6;%/86; pp. 32-40).
`Diffie et al., “New Directions in Cryptography”; In-
`vited Paper, IEEE Transactions on Information The-
`ory, vol. IT-22, No. 6, Nov. 1976.
`Merkleet al., “Hiding Information and Receipts in Trap
`Door Knapsacks”, Department of Electrical Engineer-
`ing, Stanford University, Stanford, California 94305.
`Rivest et al., “A Method for Obtaining Digital Signa-
`tures
`and Public-Key Cryptosystems”’, Technical
`Memo LCS/TM82, Massachusetts Institute of Technol-
`ogy, Laboratory for Computer Sciences, Cambridge,
`Mass. 02139.
`Lamport, “Password Authentication with Insecure
`Communication”, SRI International, 333 Ravenswood
`Ave., Menlo Park, California 94025.
`Primary Examiner—Stephen C. Buczinski
`Assistant Examiner—Bernarr Earl Gregory
`Attorney, Agent, or Firm—Baker, Maxham, Jester &
`Meador
`
`[57]
`
`ABSTRACT
`
`9/1979 Best ....cccsccesceecesereenreeee 364/200 X
`4,168,396
`9/1979 Best..
`weee 364/200 &
`4,168,396
`savatewve 380/4
`2/1984 Best.....
`4,433,207
`
`.. 235/320
`4,453,074 5/1984 Weinstein
`
`The copy protection of personal computer (PC) soft-
`7/1984 Uchenick 0...
`eee 364/200
`4,458,315
`9/1984 Donald etal.
`- 364/200 X
`4,471,163
`ware distributed on diskettes is assisted by providing a
`
`. 364/200 X
`4,513,174 4/1985 Herman......
`unique identification (ID) stored in read only memory
`
`7/1985 Léfberg «0...
`seve 380/5 X
`4,528,588
`(ROM)of a personal computer in which software on a
`
`............ 364/900
`3/1986 Comerford et al.
`4,577,289
`diskette is to be used. This ID is accessible to the user of
`eee 364/200
`4/1986 Guglielmino
`4,584,641
`
`the computer. A vendor who wishes to protect his
`we 640/825.31
`4,590,470
`5/1986 Koenig....
`diskette-distributed software from illegal copying or use
`4,593,353 6/1986 Pickholtz..0...ceeeceseeee 364/200
`
`
`provides a source ID on the diskette. The personal
`4,595,950 6/1986 LGfberg occ
`ceseetseesseceseees 380/5
`computer ID is used with the source ID onthedistrib-
`1/1987 Chorley et al.
`oc
`4,634,807
`eeeeee 380/4
`
`2/1987 Chandraet al.
`. 364/900
`4,644,493
`uted diskette to produce an encoded check word,using
`
`3/1987 Bass et al........
`4,649,233
`. 380/21
`any available encryption modality. The check word is
`
`4,652,990
`3/1987 Pailen et al.
`364/200
`generated and written onto the distributed diskette dur-
`
`4,658,093 4/1987 Hellman......
`380/25
`ing installation and copied onto all backup versions
`
`4,670,857 6/1987 Rackman«00.0.0...ceeeeeeeeeee 380/4
`
`made by the user’s personal computer. Prior to each use
`4,683,553
`7/1988 Mollier .......0....
`. 380/4
`of the program, the software on the diskette uses the
`4,683,968
`8/1987 Appelbaum etal.
`personal computer and the source IDs and check word
`:
`4,740,890 4/1988 William ...........
`
`to verify that the software is being used on the same
`eesesesenseesenees 380/4 X
`4,747,139
`5/1988 Taaffe 2c
`personal computer on which it was installed.
`¢
`7/1988 Domeniketal. ..
`4,757,468
`7/1988 Matyas etal.
`..
`we
`4,757,534
`
`1/1989. Wolfe ssssessisivcinavessavsveurssesires 364/900
`4,796,220:
`
`9 Claims, 4 Drawing Sheets
`
`INSTALL
`
`21
`22
`
`
`[sel”
`730
`CHKSTOR
`CHK |
`
`INITIALIZE
`
`
`
`
`
`
`32
`
`26
`
`24
`
`ENCRYPT
`COPY PROTECT
`
`APPLICATION
`
`GOOGLE 1015
`
`GOOGLE 1015
`
`1
`
`
`
`
`
`US. Patent—Sep.12, 1989 Sheet 1 of 4 4,866,769
`
`
`
`2 |
`
`28
`
`CHKSTOR
`
`CHK |
`
`ENCRYPT
`
`COPY PROTECT
`
`' APPLICATION
`
`ENCRYPT
`CPUID
`
`i6 BITS
`
`48 BITS
`
`VALIDITY
`FLAG
`
`RANDOMLY
`GENERATED
`
`22
` INSTALL
`
`
`psoy
`
`
`
`
`
`
`
` 32
`
` ey 6
` 24
` it
`
`ID CODE
`
`
`
`1S CHKSTOR
`INITIALIZED
`
`
` CHK WRITTEN
`TO CHKSTOR
`EXECUTION
`
`
`
`
`
`EVADE
`
`FIG. 3
`
`COMPLETE
`INSTALL
`
`2
`
`
`
`4,866,769
`
`eOld
`
`YOLSHHD
`
`NOISVAS11
`
`AdO9YO
`
`LO310ud
`
`US. Patent
`
`Sep. 12, 1989
`
`Sheet 2 of 4
`
`aq
`
`3
`
`
`
`
`
`US. Patent—Sep. 12, 1989 Sheet 3 of 4 4,866,769
`
`
`
`BEGIN
`INITIALIZE
`
`ENCRYPT
`
`END
`INITIALIZE
`
`CPUID
`
`EXECUTION YES
`
`
`EVADE
`
`FIG. 4
`
`
` CALL
`COPY
`
`
`PROTECT
` DO COPY
`
`
`
`FIG. 5
`
`4
`
`
`
`
`
`US. Patent—Sep. 12, 1989 Sheet 4 of 4 4,866,769
`
`
`
`50 PUBLIC
`
`CCPUID,
`
`ENCRYPT
`
`FCPUID,
`
`FIG. 7
`
`5
`
`
`
`1
`
`4,866,769
`
`5
`
`10
`
`2
`cal Engineering, Stanford University, entitled “Hiding
`Information and Receipts in Trap Door Knapsacks”;
`“New Directions
`in Cryptography”
`from IEEE
`TRANSACTIONS ON INFORMATION THEORY,
`Volume IT-22, No. 6 November 1976, by Diffie et al.;
`and the article entitled “Password Authentication With
`Insecure Communication,” COMMUNICATIONS OF
`THE ACM, Volume 24, No. 11, November 1981 by
`Lamport. It is understood that many modifications of
`encryption are available, including public-key encryp-
`tion.
`Utilization of encryption to protect data carried in a
`portable data storage medium is found in U.S. Pat. No.
`4,453,074 of Weinstein. The Weinstein patent discloses
`use of a password referenced to the personal character-
`istics of the possessor of a “credit card.” This patent
`concerns the encryption of the concatenation of the
`password with a non-secret reference text, with the
`encryption effected by the secret one of a key pair. The
`result of the encryption is placed on the credit card so
`that, when the credit card is presented to a terminal for
`conducting a transaction, the transaction is authorized
`by decryption of the concatenated words in the termi-
`nal and comparison of the decryption with the joinder
`of the password entered by the user and the non-secret
`reference text which is available to the terminal. In the
`Weinstein example, one appreciates the use of encryp-
`tion simply to gain entree to a system through a portable
`means(a credit card). In Weinstein the only use of en-
`cryption is to disguise the key unlocking the gate of
`access to the system; once accessis gained, a transaction
`is conducted through the exchange of unencrypted
`data.
`Other examples of cryptographically controlled ac-
`cess to computing resources are provided in U.S. Pat.
`No. 4,649,233 of Bass et al. and U.S. Pat. No. 4,590,470
`of Koenig. However, neither of these examples use an
`encrypted key to limit the use of diskette-distributed
`software to authorized hardware which is under the
`control of a software user, rather than the software
`distributor.
`
`HARDWAREASSIST FOR PROTECTING PC
`SOFTWARE
`
`BACKGROUNDOF THE INVENTION
`
`This invention relates to copy protection of software
`on publicly-distributed diskettes through the use of an
`encryption technique which authenticates a uniquely-
`identified computing system as the one on which the
`software has originally been installed.
`Computing and the use of computers is no longer
`limited exclusively to large businesses and scientific or
`technical organizations. Computers are now widely
`employed byindividuals to conduct the everydaytrans-
`actions necessary to the lives of those individuals. A
`large personal computing industry has sprung up as a
`result.
`The personal computing industry includes not only
`the production and marketing of hardware (personal
`computers), but also development and commercial dis-
`tribution of software.
`The software sector of the personal computing indus-
`try is marked by fierce competition and predatory prac-
`tices. The possible consequences of copyright, trade-
`mark, and patent infringement haveaslittle effect in
`dissuading the illegal reproduction, distribution and use
`of retail software as do commonly-acknowledgedideals
`of personal property and fair play. Elaborate schemes
`have been hatched to preventillegal copying of soft-
`ware from diskettes. These efforts are directed not only
`at software pirates who operate as illegal, secondary
`suppliers of software, but also at individuals who permit
`casual, but illegal copying of software which they le-
`gally own.
`.
`The efforts to prevent illegal copying of personal
`computing software distributed in the form ofdiskettes
`are lumped under the term “copy protection.” In view
`of the substantial and continuing black marketin illegal
`personal
`computing software, additional effective
`schemes for copy protection are desperately needed.
`Further, it would be desirable also to provide a deter-
`rent to use whichis illegal, but which may not include
`copying.
`The term copy protection includes a host of tech-
`niques aimed at the detection and preventionofillegal
`copying. These are known and widely reported One
`technique involves insertion into software ofartifacts
`whose locations are randomly determined when the
`softwareis initially placed on a diskette, and which can
`only be reproduced under the original copying condi-
`tions. When illegal copying is attempted, the artifacts
`are obliterated; their absence is detected by a process in
`the software which reacts by altering the software pro-
`gram
`Another approach to copy protection involves the
`use of encryption to encrypt all or part of a mass-mar-
`keted software distributed on diskette form. In this re-
`gard, because of the prohibitive cost of encrypting and
`decrypting all of the software which is to be protected,
`encryption of an entire program is usually limited to
`certain main frame systems.
`Encryption is well understood in both its theoretical
`and practical aspects. Reference is given to: Massa-
`chusetts
`Institute
`of
`Technology
`document
`MIT/LCS/TM-82entitled “A Method for Obtaining
`Digital Signatures in Public-Key Cryptosystems,” au-
`thored by Rivest et al.; a publication authored By Mer-
`kle et al. and distributed by the Departmentof Electri-
`
`45
`
`60
`
`65
`
`SUMMARY OF THE INVENTION
`
`The invention is based onthecritical observation that
`a software vendor or distributor can limit access to
`diskette-borne software out of his control by use of a
`pass to the software which is created when the software
`is initially installed, then placed in the software after
`creation, and, thereafter, checked each time the soft-
`wareis initialized for execution or copying. The inven-
`tor has realized that such checking is effectively and
`efficiently implemented by the assignment of a random-
`ly-determined CPU identification (CPUID) to each
`CPU capable of executing the software. Whenthesoft-
`ware is distributed in diskette form, the source of the
`software (the vendor, for example) places a unique
`source identification (SID) on each diskette, which is
`combined with a CPUID by an encryption modality
`also on the diskette. The encryption takes place when
`the diskette is first installed in the personal computer
`wherein the identified CPU is located. The product of
`the encryption is a check numberplaced on the diskette
`and used to qualify a check number generated by the
`encryption modality each time the software is executed
`or copied. If execution or copyingis attempted through
`a CPU different from the one on which the software
`wasoriginally installed, the check numberplaced on the
`
`6
`
`
`
`4
`read in connection with the below-described drawings,
`in which:
`FIG.1 illustrates the components of the invention in
`their application context.
`FIG.2 illustrates in greater detail the interconnection
`of a personal computer with a disk driver in whichis
`inserted a disk configured for practicing the invention.
`FIG.3 is a flow diagram illustrating the practice of
`the method of the invention during theinitial installa-
`tion routine contained in the softwareof the diskette of
`FIGS. 1 and 2.
`FIG.4 is a flow diagram illustrating the method of
`the invention practiced during a legal execution of soft-
`wareinstalled according to FIG.3.
`FIG, 5 is a flow diagram fragmentillustrating the
`method of the invention during copying ofthe diskette
`of FIGS. 1 and 2.
`FIG.6 is a representation of a CPUID.
`FIG.7 illustrates an alternative embodiment of the
`invention.
`
`3
`diskette at installation will, in all likelihood, not match
`that produced by the encryption modality in response
`to the SID on the diskette and the identification of the
`other CPU. If the check number generated does not
`match the stored one, an evasion process is invoked
`which prevents user copying of the software on the
`unauthorized machine.
`Theinvention is expressed as a method ofcontrolling
`the use andreplication ofdiskette software contents and
`the like on unauthorized diskette-driven computing
`systems. The method includesplacing a first identifica-
`tion (ID) code in a preselected computing system and
`then associating a second identification (ID) code with
`a source of programming software for the computing
`system. Next, the second ID codeis placed on a diskette
`having a program obtained from the programming
`source. A first check number is derived through en-
`cryption of oneofthe identification codes by the other
`of the identification codes, and the check numberis
`placed on the diskette. Thereafter, upon access of the
`diskette by any computing system, a second check num-
`ber is derived through the encryption based upon the
`secondidentification code on the diskette and an identi-
`Giving reference to FIG.1, a description of the envi-
`fication code in the accessing computing system and the
`ronment in which the invention is to be utilized is now
`second check number is compared with thefirst check
`presented. The invention is executable upon a combina-
`number. If the two check numbersare identical, execu-
`tion including a personal computer (PC) 10 and a mag-
`tion or copying of the software proceeds. This method
`netic disk (“diskette”) 12. The personal computercan be
`contemplates the provision of execution evasion and
`from any vendor, for example,
`it can comprise one
`copy protect features embedded in the software on the
`selected from any of the PC series available from Inter-
`diskette and bypassing the features in the event that the
`national Business Machines Corporation, Armonk, New
`two check numbers match.
`York. The diskette 12 is a flat circular plate with at least
`Theinvention is expressed also as a system for autho-
`one magnetizable surface layer on which data can be
`rizing the use or replication of diskette software con-
`stored by magnetic recording.It is understood that PCs
`tents on selected computing systems, the system includ-
`of the type contemplated by the invention include hard-
`ing a diskette containing a software program, a source
`ware embracing a central processing unit (CPU), which
`identification (SID) code on thediskette associated with
`is the portion of a personal computer that includes cir-
`and identifying the source of the software, and a com-
`cuits which interpret and execute instructions. A CPU
`puting system for receiving the diskette and includingat
`such as the CPU 14 is a programmable entity whose
`least one CPU having an embedded CPUidentification
`basic operationsare controlled by software constituting
`(CPUID) code associated with and identifying that
`an operating system. Personal computers such as the PC
`CPU, A programming modality is provided in the soft-
`10 characteristically operate under the control ofa disk
`ware whichis executable on the CPU and which gener-
`operating system (DOS)such as the DOS 16. The DOS
`ates a check number through encryption of one ofthe
`16 conventionally operates in connection with a disk
`ID codes by the other of the ID codes and uses the
`driver (DD)suchas the disk driver 18 to manageuse of
`check number to prevent the execution or copying of
`a diskette such as the diskette 12 as a secondary storage
`the software on a CPU other than the identified one.
`device. The DOS16 providesthe instructions necessary
`The system affordssite licensing of the software on
`to operate the disk driver 18 in reading and writing data
`the diskette by including a check storage area on the
`on the diskette 12.
`diskette for receiving a plurality of check numbers, each
`As is known, diskettes are widely used to transport
`generated by the programming modality in response to
`application programming into personal computers. In
`the SID and a CPUIDfromarespective one ofa plural-
`this regard, software forming an application program is
`ity of authorized CPUs operating in the computer sys-
`written onto a diskette, which is transported to and
`tem. Thesite licensing embodimentalso includes provi-
`inserted in the disk driver of a personal computer. The
`sion in the programming modality for using the check
`application program on the diskette is transferred in
`numbers in the check storage area to prevent execution
`wholeorin part from the diskette to the primary mem-
`or copying of the software by an unauthorized CPU.
`ory of the personal computer whereit is used to execute
`The primary object of the summarized invention is
`an application for the user of the computer. For exam-
`therefore to provide efficient, yet effective protection
`ple, a word processing program on the diskette 12 can
`of mass-distributed, diskette-carried software from use
`be loaded through the disk driver 18 into the primary
`or copying by unauthorized personal computing sys-
`memory (not shown) of the personal computer 10,
`tems.
`where it can support the production and processing of
`Another objective is to utilize encryption to effect
`documents created by the user of the PC 10. Another
`controlled access to software on a diskette by a single
`generic application program distributed on diskettes
`authorized computer.
`and enjoying wide popularity is the “spreadsheet” pro-
`These and other objects and attendant advantages of
`gram.
`this invention will become more apparent when the
`The sequencesof instructions which make up applica-
`following description of the preferred embodimentsis
`tion (and other) programsare referred to characteristi-
`
`DESCRIPTION OF THE PREFERRED
`EMBODIMENTS
`
`40
`
`4,866,769
`
`60
`
`65
`
`7
`
`
`
`5
`cally as “software.” In this regard, the term “software”
`refers to any series of instruction steps carried in code
`form on a diskette, which is entered into a personal
`computer for execution thereupon. The term “diskette-
`distributed software” refers to programs which are
`made available for the mass market on diskettes for use
`in personal computers.
`The software on the diskette 12 is represented by the
`program 20. In the program 20, there resides an IN-
`STALL module 21, an INITIALIZE module 22, and
`the main body of an application program 24. In addi-
`tion, the program 20 has a COPY PROTECT module
`26. When the diskette 12 is first entered into the PC 10
`for the initial use of the application 24, the structure of
`the program 20 requires a user to adapt the program to
`the particular configuration of the PC 10. In this regard,
`the INSTALL module 21 is first invoked to enter data
`into a parameter list (not shown) regarding various
`structural or functional features of the PC 10. For exam-
`ple, the application 24 may have the capability to echo
`keystrokes by providing a cursor positioning command.
`In execution of the INSTALL module 21, the cursor
`positioning function would be entered into the parame-
`ter list, if available on the PC 10. Other parameterlist
`data acquired by the INSTALL module 21 could in-
`clude, for example, CRT terminal type and I/O port
`addresses. Additionally, the INSTALL module 21 may
`acquire a list of service options available in the applica-
`tion 24 and selected by the user. For example, thefirst-
`time user of a complex application program mayselect
`an error correction dialog to be invoked by the applica-
`tion program whenever the user invokes an incorrect
`commandorfunction or attempts an improper response
`to a program prompt. The INSTALL module can be
`invoked by a user at any timeto alter the parameterlist
`should the configuration of the personal computersys-
`tem be altered. Furthermore, software on a single dis-
`kette in the disk driver of a central resource such as a
`file server or minicomputer can beinstalled in any one
`of a plurality of personal computers connected to the
`central resource.
`The INITIALIZE module 22 is called to establish
`the initial session connectivity between the application
`program 24 and operating system 16 whenever the
`diskette 12 is inserted into the driver 18 for execution of
`the application program 24. The INITIALIZE module
`22 may include interaction with the user, but certainly
`involves interaction with the operating system 16 for
`the purpose of transferring the application program 24
`in whole or in part into the primary memory of the PC
`10 andsetting initial constant values. Once the applica-
`tion program 24 is installed and initialized, it can be
`executed on the PC 10. The COPY PROTECTmodule
`26 is invoked automatically in response to detection of
`conditions assumed to indicate unpermitted copying.
`Wheninvoked, the COPY PROTECT module 26 oper-
`ates in the modeselected by the distributor of the soft-
`ware to protect the application program 24 from unper-
`mitted copying.
`In the practice of the invention, the software 20 fur-
`ther includes a source identification (SID) 28, a check
`number storage location (CHKSTOR) 30, and an en-
`cryption module (ENCRYPT) 32. In this regard, the
`SID 28is a unique code associated with and identifying
`the source of the diskette-distributed software 20. The
`SID is either selected by or assigned to a software ven-
`dor who wishesto protect his software from illegal use
`or copying. The SID 28 is written onto the diskette 12
`
`15
`
`20
`
`25
`
`40
`
`45
`
`55
`
`60
`
`65
`
`4,866,769
`
`6
`in an addressable location known to the ENCRYPT
`routine. CHKSTOR30 is a storage area whose location
`is known to both the INSTALL and ENCRYPT mod-
`ules, and whichis either blankorinitialized with a ven-
`dor-installed code interpreted by the INSTALL mod-
`ule 21 to mean that CHKSTOR 30 is empty. The EN-
`CRYPT module 32 is a process, callable by the IN-
`STALL and INITIALIZE modules 21 and 22 and
`embodying any known encryption process which can
`perform encryption of the SID and a CPUIDdescribed
`below.
`;
`Also necessary to the practice of the invention is the
`provision of a CPU identification (CPUID) 36 in the
`personal computer 10. The CPUID 36is a special word
`stored in the read only memory (ROM)ofthe personal
`computer 10. In the preferred embodiment, the word
`consisis of 64 bits which serve to uniquely identify the
`personal computer 10. The word has the format shown
`in FIG.6. Thefirst 16 bits of the CPUID form a validity
`flag appropriate for indicating whether the CPUID
`meets predetermined validity conditions established by
`the manufacturer. In order to avoid the need for stan-
`dardization, the remaining 48 bits of the CPUID 36are
`chosen at random;thus, the probability of two personal
`computers having the same CPUID is vanishingly
`small. It is further asserted that the CPUID is located in
`a standard location whose address is the same from one
`personal computer to the next. Last, the address of the
`CPUID 36 is known to the ENCRYPT module 32.It is
`contemplated that the CPUID would be generated,
`placed in ROM,andinstalled in the PC 10 by the manu-
`facturer of the PC.
`Asspecified, the ENCRYPT module 32 is a process
`automatically called by the INSTALL and INITIAL-
`IZE modules during their executions. FIG. 2 symboli-
`cally illustrates the ENCRYPT module 32 being per-
`formed by the CPU 14. When executed, the ENCRYPT
`module obtains the CPUID 36 from its addressable
`location in the PC 10 and obtains the SID 28 from its
`addressable location on the diskette 12. When obtaining
`the CPUID, the ENCRYPT module employs a conven-
`tional validity checking modality to ascertain whether
`the CPUID meets the pre-established validity require-
`ments. In the discussion following, it is presumed that
`the CPUIDis valid; if not, the evasion and/or protec-
`tion features described below can be implemented. The
`SID 28 is obtained by a standard READfunction in the
`PC 10. The CPUID 36 and SID 28 are subjected to the
`encryption algorithm embodied in the ENCRYPT
`module 32 to produce a check number, or code (CHK).
`If the ENCRYPT module 32is called by the INSTALL.
`module 21,the positive exit is taken from the decision 40
`and the WRITEfunction 42is called to write CHK into
`the first available spot in the CHKSTORsector 30 of
`the disk 12. In FIG. 2, a check numberis entered in
`location 44 of CHKSTOR30. Alternatively,if the EN-
`CRYPT module 32 is called by the INITIALIZErou-
`tine 22, the READ function 38 is invoked to obtain
`CHK from location 44 on the disk 12 whenceit is pro-
`vided to a COMPAREfunction 46 embedded in the
`ENCRYPT module 32. In addition, the check number
`generated by the ENCRYPT module 32,
`instead of
`being written to CHKSTORonthediskette 12,is also
`provided to the COMPAREfunction 46. The COM-
`PAREfunction 46 is a conventional procedure used to
`determine whether the check number generated by the
`ENCRYPT module 32is identical with CHK 44.If the
`output of the ENCRYPTfunction 32 does not compare
`
`8
`
`
`
`4,866,769
`
`7
`with the check number 44, the output of the COM-
`PAREfunction 46 indicates such a disparity and is used
`to invoke the COPY PROTECT module 26 or an
`EVASION step built
`into the INSTALL and INI-
`TIALIZE modules.
`Referring now to FIGS. 3-5 and Tables I-III, the
`operation ofthe invention and its method embodiment
`will be explained. The method is executable during the
`three major phases of software operationlisted in Table
`I. Thus, the method is invoked by the INSTALL mod-
`ule 21 whenthe diskette 12 is loaded into the PC 10 for
`establishing or changing global operating parameters of
`the PC. The method is also operated whenever the
`diskette 12 is inserted into the disk driver 18 for execu-
`tion of the APPLICATION module 24 or whenever
`the diskette 12 is inserted into the disk driver 18 for the
`purpose of copying the software 20 to anotherdiskette
`through invocation of the COPY command of the PC
`10.
`
`TABLEI
`TNSTALL
`EXECUTE APPLICATION
`COPY
`
`TABLEi
`INSTALL PROCEDURE
`DO INSTALL
`DO ENCRYPT
`IF CHKSTOR NOTINITIALIZED,
`THEN, WRITE CHK TO CHKSTOR
`GO TO CONTINUE INSTALL
`ELSE
`IF MCF AND CHKSTORIS NOT FULL,
`THEN,
`IF CHK EQUALS A CHK IN CHKSTOR
`GO TO CONTINUE INSTALL
`ELSE
`WRITE CHK IN CHKSTOR
`GO TO CONTINUE INSTALL
`END
`ELSE,
`IF CHKSTORIS FULL
`THEN,
`EVADE EXECUTION
`ELSE,
`IF CHK DOES NOT EQUAL CHK
`IN CHKSTOR
`THEN
`EVADE EXECUTION
`ELSE
`GO TO CONTINUEINSTALL
`END
`CONTINUE INSTALL
`END—————————
`
`TABLEIll
`EXECUTE APPLICATION
`DO INITIALIZE
`DO ENCRYPT
`IF CHK DOES NOT EQUAL CHK,
`THEN, EVADE EXECUTING
`ELSE CONTINUEINITIALIZE
`END
`CALL APPLICATION
`ENDey
`
`Asshown in FIG. 3 and Table II, when the software
`20 is initially installed in the PC 10, the INSTALL
`module is called to establish the parameters in configu-
`ration of the PC 10 that are determinative of the mode
`of execution of the APPLICATION 24. During the
`performance of the INSTALLprocess, the ENCRYPT
`module 32 is called, the CPUID 36 and SID 28 are
`
`8
`obtained and encrypted, and a CHKNOis generated.If
`nothing has been written to CHKSTOR,the generated
`CHKNOis written to CHKSTOR and the INSTALL
`process is continued. Otherwise, if the CHKSTORis
`not full and if a multicheck flag (MCF) 46 is set, it is
`assumed that the vendor contemplates the sale of the
`right to use the software at a site where a plurality of
`CPU’s will access it. In this case, with CHKSTOR
`initialized and MCFset, the generated CHK is com-
`pared against the CHK’s already in CHKSTOR.If a
`matchis found,the installation process is continued, the
`assumption being that the authorized CPUis alteringits
`installation parameters. Otherwise,
`the nonmatched
`CHKNO is written to CHKSTOR.
`If, however,
`CHKSTORis full, it is assumed that the number of
`CPU’s contemplated to be covered by the license have
`qualified, in which case an exit EVADE EXECUTION
`is taken,
`Onthe other hand,if the diskette 12 is intended only
`for use with a single CPU, the generated CHKNOis
`compared against the CHKNO and CHKSTOR.If the
`numbers do not match, then the EVADE EXECU-
`TIONexit is taken. Otherwise, if the numbers match,
`installation is continued, the assumption being that the
`software is being reinstalled in the authorized CPU.
`The EVADE EXECUTIONcanbe any of a number
`of commands,jumps, or routines that will thwart execu-
`tion of the APPLICATION24.Inits simplest form, the
`evasive action can include simply jumpingto the end of
`the APPLICATION24. Alternatively, the installation
`process can be altered by a routine which destroys or
`alters data while being processed by the I/O procedures
`in the APPLICATION 24, so that the user will obtain
`gibberish.
`Oncethe software 20 has been installed on the PC 10,
`it is assumed that the software 20 will not invoke the
`INSTALL procedure unless prompted by the user.
`After installation, each time the diskette 12 is inserted
`into the driver 18 for execution of the APPLICATION
`process 24, the INITIALIZEprocedure22 is automati-
`cally invoked in orderto establish connectivity between
`the software 20 and the DOS 16 necessary for execu-
`tion. In the INITIALIZEprocedure, the routine illus-
`trated in FIG. 4 and Table III is encountered.First, the
`CPUID36 and SID 28 are subjected to the encryption
`modality of ENCRYPT 32 to generate a check number.
`Then, CHKSTOR30 is scanned to determine whether
`the check number generated by the ENCRYPTprocess
`32 matches a check number in CHKSTOR 30.Ifnot,
`the EVADE EXECUTIONexit is called, otherwise,
`INITIALIZE is completed and the application 24 is
`executed.
`As shown in FIG. 5, whenever the diskette 12 is
`subjected to a COPY commadd by a personal com-
`puter, the ENCRYPT process 32is called to generate a
`check number from the CPUIDofthe copying personal
`computer and the SID on the disk. If the generated
`CHKNOdoesnot match one in CHKSTOR 30, COPY
`PROTECT26 is invoked, otherwise, COPY is exe-
`cuted, which results in copying of the software 20,
`including CHKSTOR30. Thus, the software protection
`schemeofthe invention will reside in the software cop-
`ied onto another diskette. Alternatively, the inventor
`contemplates that a COPY commandcan be executed
`without encryption in comparison of check numbers,
`since the protection schemeofthe invention wouldstill
`be embeddedin the copied software. Thus, if the soft-
`
`—_ 5
`
`20
`
`25
`
`30
`
`35
`
`45
`
`30
`
`35
`
`60
`
`65
`
`9
`
`
`
`4,866,769
`
`25
`
`45
`
`9
`10
`ware copy was intended to be run on a personal com-
`tion process 72 which is the inverse of the encryption
`puter having a CPUID different from the CPUID 36,
`process 56. The decryption process 72 can be included
`either the INSTALLprocess or the INITIALIZEpro-
`in the software on the diskette 58. The FCPUID 74 of
`cess wouldstill be effective in protecting the software
`the field CPU 70 and a public-key 76, which is knownto
`20 by preventing its use on an unauthorized PC,thatis,
`the operator of the CPU 70, are fed to the decryption
`one whose CPUID does not match the CPUID 36. In
`process which operates conventionally to decrypt the
`this case, of course, execution will never proceed fur-
`orders in encrypted form on the diskette 58. If the
`ther than INSTALLor INITIALIZE.
`FCPUID of the CPU 70 matches the FCPUID used to
`As disclosed thus far, the invention as operated ac-
`encrypt the orders on the diskette 58, the decryption
`cording to Tables II and III and FIGS.3-8is useful for
`process will produce a clear text of the command post
`automatically authorizing use or replication of the dis-
`orders. Otherwise, either no action is taken to decrypt
`kette-borne software 20 on an authorized computing
`the software, or protective action to destroy oralter the
`system, such as the PC 10 identified by the CPUID 36.
`software is undertaken. In this manner, orders can be
`In the case where a software vendor would lease soft-
`transmitted using a relatively simple and straightfor-
`ware onasite lease basis with a predetermined number
`ward scheme to protect the orders by a first level of
`of unidentified CPUs authorized to use the software, the
`encryption in which a known password or key and a
`capacity of CHKSTOR 30 to store more than one
`secret password (the FCPUID)are provided to unlock
`check number permits the diskette 12 to be installed in,
`access to the orders only in the eventthat the recipient
`for example, a file server (not shown in FIG. 1) that
`of the physical embodiment of the orders (the diskette)
`connects to a plurality of CPUs. In this case, each time
`can generate a key or password identical with the one
`on the diskette.
`a CPU with a CPUIDis installed in the computing
`system including a file server with the diskette 12 init,
`It should be evident that the embodiments of the
`an INSTALLroutinesimilar to that of FIG. 3 would be
`invention do not preventillegal use on copying by a
`employed to not only make entries into the program
`knowledgeab