PCT
`
`WORLD INTELLECTUAL PROPERTY ORGANIZATION
`International Bureau
`
`
`
`INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT)
`
`(51) International Patent Classification 3 :
`H04L 9/00, G01F 1/00
`G06K 5/00, G06F 13/06
`
`(11) International Publication Number:
`
`wo 85/ 02310
`
`(43) International Publication Date:
`
`23 May 1985 (23.05.85)
`
`(81) Designated States: BE (European patent), DE (Euro-
`pean patent), FR (European patent), JP, SE (Euro-
`pean patent).
`
`Published
`
`1
`
`‘1-
`
`(21) International Application Number:
`
`PCT/US84/01856
`
`(22) International Filing Date: 14 November 1984 (14.11.84)
`
`(31) Priority Application Number:
`
`551,125
`
`(32) Priority Date:
`
`'
`
`(33) Priority Country:
`
`14 November 1983 (14.11.83)
`US
`
`(71) Applicant: SOFTNET, INCORPORATED [US/US]; 53
`Dean Road, Weston, MA 02193 (US).
`
`; 53 Dean Road, Wes-
`(72) Inventors: HANSCHE, Lance, E.
`ton, MA 02193 (US). COLVIN, Neil, J.
`;
`l Knoll-
`wood Street, North Easton, MA 02356 (US).
`
`(74) Agent: HENNESSEY, Gilbert, H.; Kenway & Jenney,
`60 State Street, Boston, MA 02109 (US).
`
`
`
`With international search report.
`INSTALLATION
`
`(54) Title: SOFTWARE DISTRIBUTION SYSTEM
`
`(57) Abstract
`
`A system for distributing copies of computer sof-
`tware provides inherent protection against unauthorized
`copy of the software. The software distribution system
`includes three computers: a host (10), a software protec-
`tion computer (12) and an end-user computer (14). The
`host computer (10) is under the control of the vendor,
`and the software protection computer (12) and the end-
`user computer (14) are located at the customer installa-
`tion. The software is encrypted in the host computer (10)
`and then transferred to and stored in the end-user com-
`puter (14) after it is registered in the software protection
`computer (12). The transferred software is encrypted us-
`ing a unique encryption key. Each copy of a software
`package generated by the host computer (10) is a unique
`encrypted version of that software package. When this
`unique encrypted version of the’software package is run
`on the end user’s computer (14) and encounters an en-
`crypted portion of itself, it will suspend normal execu-
`tion and transfer the encrypted portion to the software
`protection computer (12). This computer (12) will then
`decrypt the encrypted portions of the code and return
`the decrypted portion of the code to the end-user com-
`puter (14) where that code is itself executed or allows ex-
`ecution of the program of which it is a part to continue.
`
`
`
`S-YSTEM BLOCK DIAGRAM
`
`VENDOR
`INSTALLATION
`
`CUSTOMER
`
`Apple Exhibit 1011 Page 00001
`
`Apple Exhibit 1011 Page 00001
`
`

`

`
`
`FOR HE PURPOSES 0F INFORlllAHON ONLY
`
`Codes used to identify States party to the PCT on the front pages ofpamphlets publishing international appli-
`cations under the PCT.
`
`United States.of America
`
`Austria
`Australia
`Barbados
`Belgium
`Bulgaria
`Brazil
`Central African Republic
`Congo
`Switzerland
`Cameroon
`Germany, Federal Republic of
`Denmark
`Finland
`France
`
`AT
`AU
`BB
`BE
`BG
`BR
`CF
`CG
`CH
`CM
`DE
`DK
`FI
`FR
`
`GA Gabon
`GB United Kingdom
`
`Democratic People’s Republic
`of Korea
`Republic of Korea
`Liechtenstein
`Sri Lanka
`Luxembourg
`Monaco
`Madagascar
`Mali
`
`MR Mailritania
`MW Malawi
`Netherlands
`NL
`N0
`Norway
`R0
`Romania
`SD
`Sudan
`Sweden
`SE
`SN
`Senegal
`Soviet Union
`SU
`TD
`Chad
`TG
`Togo
`US
`
`Page 00002
`
`Page 00002
`
`

`

`WO 85/02310.
`
`PCT/USS4/01856
`
`“k
`
`A
`
`_1_
`
`SOFTWARE DISTRIBUTION SYSTEM
`
`BACKGROUND OF THE INVENTION
`
`This invention relates to electronic software
`
`distribution and more particularly to a software distribution
`system in which the distributed software is protected against
`
`copying.
`
`Over the past few years,
`the‘growth of the software
`industry has been enormous, and as more and more-peOple purchase
`
`the industry is expected to continue to grow
`personal computers,
`rapidly.
`For the most part, purchased software changes hands
`.from a mail order or retail vendor to a customer-in scne physical
`
`form such as a tape, disk or even a printed listing of code.
`
`Such physical distribution has resulted in a number of problems
`with respect to both the node of distribution and customer
`
`servicing as well as with the rights of the creators and
`publishers of the software which is sold.. Principal among the
`problems is that a large percentage of the software which is sold
`ends up being illegally copied. Frequently, a purchaser of
`
`software will "lend" his copy of the software to a friend who
`
`makes a copy for himself. The most obvious result of this
`
`unauthorized copying is that the profits of the creator and
`publisher of the software (who probably have a copyright in the
`
`software) are greatly reduced.
`To make up for these lost
`profits,
`the price of the software is maintained at a high level.
`
`This sustained high price unfortunately produces an even greater
`
`incentive to illegally copy.
`
`Copyright protection, which does provide the creator
`
`A)
`
`and publisher of software with legal recourse against the person
`making the unauthorized copies has,
`in fact, afforded little or
`
`no relief from the problem of copied software. As the copies are
`
`often made by individuals for their own use,
`
`large—scale policing
`
`
`
`PageOOOO3
`
`Page 00003
`
`

`

`WO 85/02310.
`
`PCT/U884/01856
`
`-2—
`
`of such copying is virtually impossible. On rare occasions, a
`
`copier having a large copy resale operation can be caught, but by
`
`the time he is caught, many unprotected copies usually already
`
`have been distributed.
`
`Furthermore,
`
`the advent of software
`
`rental shops has further limited the copyright owner's ability to
`
`protect his rights in the software he owns.
`
`W?
`
`‘“
`
`Another problem frequently encountered with software
`
`sold over the counter is the need to later distribute revised
`
`copies to add new features or to fix errors or "bugs" present in
`
`the software. These bugs appear despite rather substantial
`
`testing that is performed before a software package is put on the
`
`market. These bugs are particularly prevalent in software which
`has recently entered the market.
`In order to correct any errors
`which do appear in the software, a software publisher must recall
`
`the disk or tape which contains the faulty software. The problem
`
`with correcting errors in this manner is that the software is out
`
`of the hands of the purchaser for a number of days, if not weeks,
`while the exchange and correction take place. Finally,
`the
`
`cumbersome nature of this system discourages the user's updating
`
`of his software which often leaves a bad impression of the
`
`software publisher's products in the field.
`
`In order to combat the illegal copying of software,
`
`the
`
`software industry has taken a number of precautions. The various
`
`approaches fall under three categories: media protection against
`
`copying, use of read—only nedia and processor serialization.
`
`Media protection against copying.refers to making some
`
`unique version of the medium containing the software. One type
`
`of media protection involves the use of variable—pattern
`
`120
`
`“
`
`diskettes. Variable-pattern diskettes, however, do not offer a
`
`practical solution to the software copying problem since these
`
`diskettes depend on a soft format diskette drive and they are
`
`
` AJV
`Page00004
`
`Page 00004
`
`

`

`W0 85/023 10.
`
`PCT/USB4/01856
`
`_3...
`
`vulnerable to memory copy if the entire program is loaded at
`once. Furthermore, such variable-pattern diskettes can only be
`
`A
`
`used in a small percentage of the drives currently on the market.
`
`Therefore,
`
`the software distributed on such diskettes can only
`
`be offered to a rather small percentage of the market. Finally,
`
`physical alteration of the media, usually by forcing hard errors
`
`on the media checked for by the software itself, has been used.
`
`This method fails in that hardware checks in the software can be
`
`located and neutralized in the software itself.
`
`Another type of media protection against copying
`
`Such a
`involves the use of an operating system override.
`protection scheme depends on a rather unique operating system
`which prevents copying of diskettes. The use of an operating
`
`system override, however, has not proven to be the answer to the
`
`problem either since the altered operating system must be
`
`tailored to the particular controller chip of the computer on
`
`which it is operating, and the operating system override cannot
`
`support use with standard operating systems currently on the
`
`market.
`
`In addition, any operating systen override is vulnerable
`
`to an algorithmic solution or "cracking". One variation on the
`
`operating system override scheme has the software employ features
`
`of the hardware, circumventing the operating system,
`
`to check
`
`areas on the storage media which the operating system cannot
`
`reach. This method can also be defeated by being neutralized in
`
`the software itself.
`
`A third type of media protection against copying
`
`involves the use of segmented programs in conjunction with
`
`variable—pattern diskettes and/or an operating system override.
`
`The use of such segmented programs of necessity requires some
`
`type of a segment loader to read in the various segments when
`
`required. This results in very slow response Eran a computer
`utilizing such segmented programs.
`'Furthermore, any loader
`
`
`
`Page 00005
`
`

`

`WO 85/02310
`
`PCT/U584/01856
`
`-4—
`
`routine for reading in segmented programs is vulnerable to
`
`algorithmic solution.
`
`In addition to the problems stated above,
`
`these media protection devices have generally been perceived as
`
`being user-unfriendly, and since it is not possible to make a
`
`legitimate backup copy, such protection schemes are not in wide
`use.
`
`M
`
`Another possible solution to the problem of software
`
`copying involves the use of read-only media to store the
`
`software. Among the read—only type media which may be used are
`
`ROMS and laser cards. The problem with the use of such read-only
`
`media is that any software update can only be done by replacing
`
`the media itself, and therefore any software update becomes
`
`rather expensive. Moreover,
`
`there is no legitimate backup for
`
`any media failure since a backup copy cannot be created.
`
`Finally, with the use of read-only media, added expenses are
`
`incurred by the user, since a particular type of reader for that
`
`media must be purchased at great expense to the user (with the
`
`exception of ROMS) with that user gaining no significantr
`additional value.
`
`The third type of protection, processor serialization,
`
`has also not proven to be a very effective means of protecting
`.software. The reason for the ineffectiveness of this mode of
`
`protection is_that processor serialization requires either the
`
`compliance of all computer manufacturers or publisher-supplied
`
`hardware which comes with the software package to provide the
`
`serialization.
`
`In addition, this protection technique adds no
`
`value to the computer to compensate for the cost, and there is no
`
`benefit to the manufacturer for complying with a processor
`
`serialization scheme. Finally, since serialization involves a
`
`f)
`
`passive device, it is easy to defeat the serial number check in
`
`the software itself.
`
`
`
`Page00006
`
`Page 00006
`
`

`

`WO 85/02310
`
`PCT/U584/01856
`
`A
`
`A!
`
`-5—
`
`In light of the problems encountered with the
`
`above-described currently existing protection schemes, it appears
`
`that illegal sales or copying cannot be stopped altogether; it
`
`can only be made more difficult. The ultimate goal of any
`
`protection scheme therefore is to make the cost of cracking the
`
`protection scheme comparable to or preferably greater than the.
`
`cost of purchasing the software.
`
`In order to make cracking costs
`
`greater than the purchase price of the software,
`
`the protection
`
`scheme must not employ an algorithmic approach which can be
`
`easily solved.
`
`In addition, any add-on hardware must be of a low
`
`cost nature, and must be compatible with the machines of a
`
`majority of the major crnputer manufacturers.
`
`Therefore, it is a principal object of the present
`
`invention to provide a software distribution system which can
`
`,protect software Eran being copied.
`
`Another object of the present invention is to provide a
`
`software distribution system in which software is encrypted using
`a virtually indecipherable encryption key.
`7
`
`Still another object of the present invention is to
`
`provide a software distribution system in which each copy of the
`
`distributed software is protected by a unique encryption key.
`
`Yet another object of the present invention is to
`
`provide a software distribution system in which each copy of a
`
`program is organized in a unique pattern to frustate comparison.
`
`A further object of the present invention is to create
`
`a software distribution system in which revisions in software can
`
`be easily distributed.
`
`SUMMARY OF THE INVENTION
`
`These and other objects of the invention are achieved
`
`
`
`Page00007
`
`Page 00007
`
`

`

`W0 85/023 10.
`
`PCT/USB4/01856
`
`._6..
`
`by an electronic software distribution system in which
`
`distributed program copies are uniquely associated with specific
`
`hardware to which the end user's computer must be connected. A
`
`'4”)
`
`central computer facility cperated, for example, by a software
`
`vendor, contains storage capacity for a library of available
`
`programs. Auxiliary Software Protection Processors" (SPP) are
`issued to the users. Each SPP is electrically connected to the
`
`user's computer and electronically interconnected with the
`
`central facility, for example, via a modemrinterfaced phone link.
`
`Each SPP is equipped with a unique number code referred to as the
`
`package encryption key (PEK) which is recorded at the central
`
`facility. The PEK can be factory loaded or down-loaded (via the
`
`communications link) to the SPP fron the central facility. The
`
`software distribution system of the present invention embodies
`
`two distinct unique operations:'
`
`(1)
`
`software preparation and
`
`delivery and (2) software execution in the user's computer.
`
`In the preparation/delivery phase, when a user orders
`
`software from the central facility,
`
`the facility first looks up
`
`the PEK for that user's SPP and selects an available registration
`
`index number (RIN) which will be unique for that user‘s copy of
`
`the software package. The central facility then prepares the
`
`unique user copy of the ordered program by encrypting passages of
`
`the program selected by the central facility in a manner such
`
`that a given algorithm operating on a key specified by a
`
`combination of the PEK and RIN and an encrypted passsage will
`
`yield the original unencrypted version (“plaintext”) of such
`
`passage. The encrypted version of the ordered program (which is
`
`encrypted only in a subset of its parts or modules)
`is then
`transmitted to the user along with a control block containing the
`
`RIM. The control block is stripped off and the RIN stored in the
`
`user's SPP while the transmitted program copy (with its encrypted
`
`passages)
`
`is stored in the user's computer system on
`
`user-selected media.
`
`V"
`
`T)
`
`
`
`Page 00008
`
`

`

`WO 85/023107
`
`PCT/USS4/01856
`
`-7-
`
`In the software execution phase of operation when the
`
`user desires to run the program,
`
`the initial instructions in the
`
`A
`
`program check the specific RIN in the SPP associated with that
`
`program copy.
`
`If the RIN is okay, normal execution proceeds
`
`until an encrypted passage is encountered. The user's computer
`
`then executes a call to the SPP in which the encrypted passage is
`
`decrypted algorithmically in the SPP by use of the key specified
`by the PEK and RIN. The decrypted passage is returned to the
`
`If the passage is properly decrypted, normal
`user's computer.
`program execution resumes until another encrypted passage is
`
`encountered.
`
`In the preferred embodiment,
`
`these passages may
`
`actually be software instructions as well as data.
`
`Time—limited authorization is implemented by means of a
`
`real—time clock or counter embedded in the-SPP which, for
`example, erases or alters the software-specific RIN after a trial
`
`period or rental term. Since the unique user copy of the
`
`selected software cannot run properly unless an SPP with the
`
`correct PEK and RIN is engaged with the user's computer system,
`
`the software package would therefore be disabled.
`
`These and other features and objects of the present
`
`invention will be more fully understood from the following
`
`detailed description which should be read in light of the
`
`accompanying drawings.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`Fig. l is a system block diagram showing the various
`components involved in the transmission of information in the.
`
`system of the present invention.
`
`A
`
`Fig. 2 is a block diagram showing the communication
`
`interaction of the various components of the system at the user's
`location.
`
`
`
`
`BUREA CI
`CM?!
`61;], WHO
`ii”
`
`
`NH.
`
`Page00009
`
`Page 00009
`
`

`

`WO 85/02310
`
`PCT/US84/01856
`
`WU
`
`5 W
`
`)
`
`-8-
`
`1
`
`I
`
`Fig. 3 is a circuit diagram of the software protection
`processor of Fig. 2.
`
`
`DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT
`
`The_software distribution system of the present
`
`invention provides a means for a vendor to sell software to a
`
`vendee while providing protection against copying that software.
`
`As shown in Fig. l, the software distribution system of the
`
`present invention includes three computers — a host computer
`
`called the Software Encryption Computer (SEC) 10, a software
`
`protection computer designated the Software Protection Processor"
`(SPP) 12 and the End-User Computer (EUC) 14. Of these computers,
`
`the SEC 10 is owned and operated by the vendor while the SPP 12
`
`and the EUC 14 are cwned by the custaner and located at a
`
`custcner-installation.- The software which is purchased by the
`
`customer is transmitted from the SEC through a communication
`
`system such as phone lines, a local area network or a cable
`
`the software is received by
`In the preferred embodiment,
`system.
`the SPP 12 which transfers the software to the EUC 14 for
`
`storage. When the software is transmitted over phone lines, a
`
`modem 16 at the vendor installation and a modem 18 at the
`
`customer installation are required for sending and receiving the
`software.
`
`The word "encrypt" is used in this application to
`
`indicate a process of taking original code and disguising it so
`
`that it is unintelligible. On the other hand,
`
`the word "decrypt"
`
`is used in this application to describe the reverse process,
`
`namely transforming disguised, unintelligible code back to its
`original form or "plaintext" in the vernacular of cryptography.
`
`The SEC 10 is a central computer facility located at a
`
`vendor site or operated under the control of the vendor. The SEC
`
`10 maintains a library of software available for distribution.
`
`
`
`Page00010
`
`Page 00010
`
`

`

`WO 85/023107
`
`PCT/U884/01856
`
`-9—
`
`Each time a software sale is made,
`
`the SEC 12 encrypts the copy
`
`:3
`
`of the software before transmitting it to the vendee or user.
`
`Each copy of software is encrypted in a unique fashion. This is
`
`true even if two copies of the same piece of software are
`
`Vtransmitted to the same user.
`
`Once the copy of software has been encrypted in
`
`preparation for sale,
`
`the copy of the software is transmitted by
`
`the SEC 10 via the vendor modem 16 to the vendee modem 18 which
`
`is connected to the SPP 12. The SPP 12 is a self-contained
`
`decryption computer capable of retaining unique control
`
`information for each software package purchased by a customer.
`The SPP 12 has two major functions. The first of these is to
`
`confirm the customer's validity and to register control
`
`information for any software package sold to that customer. The
`second is to decrypt any encrypted portions of software received.
`from the EUC 14 which permits that software program to continue
`
`operation in the EUC 14. Hence, unless the SPP 12 is engaged,
`
`software distributed by the distribution system will not operate
`
`in the EUC 14. Although the SPP 12 has been described as
`
`ccnnmnicating with the SEC 10 through a nodem 18,
`
`the SPP 12 may
`
`also contain or interface with communication devices such as a
`
`local area network or a cable system. The SPP 12 may also be
`contained within the user's EUC 14 as well.
`
`The third computer in the preferred embodiment of the
`
`present invention,
`
`the EUC 14,
`
`is a customer owned or operated
`
`computer. This computer may be a home computer, personal
`
`computer, small business computer or a large main frame computer.
`
`All software purchased by a customer is designed for operation on
`
`his particular EUC 14.
`
`In operation, before any software may be sold,
`
`the
`
`customer must purchase a modem/SPP unit and its associated
`
`
`
`Page00011
`
`Page 00011
`
`

`

`W0 85/023 10.
`
`PCT/USB4/01856
`
`-10..
`
`communication software in order to make use of the software
`
`distribution system of the present invention. Each SPP 12 has
`
`its own unique Package Encryption Key (PEK). The purchased
`
`modem/SPP unit is then connected to the customer's EUC l4, and it
`is simply left in place until the customer wants to purchase
`
`software.
`
`In the preferred embodiment of the system of the
`
`present invention,
`
`the custcmer wishing to purchase software
`
`connects his Hodem/SPP with the system's SEC 10 via telephone.
`
`The modem/SPP 12 passes its unique identification code
`
`(prefereably in encrypted fonn)
`
`to the SEC 10 to confirm the
`
`identification and the legitimate status of the custoner. The
`
`SEC 10 then generates lists of available software packages along
`
`with prices and terms of sale. These prices and terms of sale
`
`(usually credit card authorization) must be agreed upon before a
`
`transaction actually occurs. Once the customer has met the terms
`
`of the sale,
`
`the SEC 10 creates a unique copy of the specified
`
`software package, and this package, which also contains encrypted
`
`security control information,
`
`is transmitted through the
`
`customer's modem/SPP into his EUC 14. The preparation of the
`
`unique copy is accomplished by encrypting selected passages of
`
`the software. First,
`
`the SEC looks up the unique PEK for the
`
`user's SPP. Next,
`
`the SEC selects an available Registration
`
`Index Number
`
`(RIN) specific to the user's software copy.
`
`Passages are encrypted in a manner such that they can be
`
`decrypted by the SPP using its PEK modified by the
`
`package—specific RIN.
`
`When the EUC 14 begins to receive a unique copy of a
`
`the EUC 14 sends the control
`specific software package,
`information block which arrives first to the SPP 12 for
`
`registration.
`
`Included in this control information is the
`
`1';
`
`encrypted Registration Index Number
`
`(RIN) which is decrypted by
`
`the SPP 12 and stored in its Hemory. After the control
`
`information has been decrypted by the SPP 12,
`
`the remainder of
`
`
`
`Page00012
`
`Page 00012
`
`

`

`W0 85/023 10.
`
`PCT/USB4/01856
`
`1)
`
`-11—
`
`the transmission,
`
`the encrypted software package itself,
`
`is then
`
`passed through the SPP 12 to the customer's EUC 14 for storage on
`
`user-selected Hedia.
`
`Each time the customer runs software
`
`purchased from the SEC 10, his SPP 12 must also be connected and
`
`that SPP 12 must he the same SPP 12 which was used when
`
`purchasing the Software initially.
`
`If either of these conditions
`
`is not met,
`
`then the software will not operate on the EUC 14
`
`because the PEK and the RIN for decrypting any particular
`
`software package are only stored in the SPP 12 which was used for
`
`purchasing that software.
`
`The two phases of operation are summarized in the
`
`following Tables I and II.
`
`TABLE 1’
`
`Software Preparation and Delivery Phase
`
`1. User with modem/SPP calls SEC.
`
`2.
`
`SEC verifies SPP identification number.
`
`3. User selects software from menu.
`
`4.
`
`SEC looks up PEK for user's SPP.
`
`5.
`
`SEC selects available RIN for user selected
`
`software.
`
`6.
`
`SEC encrypts selected passages of software
`in a manner such that they can be decrypted by
`
`SPP by algorithmically combining encrypted
`
`passage with key generated by modifying PEK
`with RIN.
`
`
`
`Page 00013
`
`

`

`W0 85/023 10.
`
`PCT/USS4JOI856
`
`-1 2..
`
`SEC transmits control block with encrypted version
`
`of RIN, followed by software with encrypted
`
`passages.
`
`EUC passes control block to SPP.
`
`SPP decrypts and stores RIN in its memory.
`
`10.
`
`EUC stores software with encrypted passages
`
`on disk or other media.
`
`TABLE II
`
`Software Execution Phase
`
`EUC loads program off disk or other media.
`
`Initial module of software tests decryption
`
`by sending data to SPP.
`
`SPP looks up corresponding RIN and decrypts data
`
`with key formed by modifying PEK with that RIN.
`
`Software tests returned data and halts execution
`
`if data are incorrect.
`
`Normal program execution until encrypted
`
`passage encountered.
`
`At encrypted passage, software jumps to a
`
`decryption module which transfers data or
`
`instructions to SPP and gets decrypted data
`or instructions in return.
`
`7.
`
`Resume normal execution until next encrypted
`
`passage.
`
`'8)
`
`Q1
`
` ti
`
`Page00014
`
`Page 00014
`
`

`

`WO 85/02310.
`
`PCT/US84/01856
`
`-13...
`
`The Software Protection Processor“ (SPP) 12 is the
`
`heart of the software distribution system of the present
`
`invention since it is the SPP 12 which provides intelligible code
`
`(1
`
`to the EUC 14. As shown in Figs. 2 and 3, non—volatile
`
`read/write Hemory 22 is provided in the SPP 12 for storing a
`
`valid software list. This non-volatile read/write nemory may be
`
`implemented in an electrically erasable programmable read only
`
`memory (EEPROM) so that the list can be updated with each
`
`The EEPROM 22 will also include a publicly accessible
`purchase.
`serial number and the PEK.
`In the preferred embodiment, a
`
`clock/timer 24 is also included in the SPP 12 to implement
`
`time-limited authorization so that software can be used on a
`
`trial or approval basis or rented for a certain predetermined
`
`allotted time. The clock/timer 24 is provided with a battery
`
`By using such a clock/timer 24 the current time will be
`backup.
`updated with every connection to the SEC 10.
`If there is no
`battery backup and power to the clock/timer 24 is lost, it is
`necessary to reconnect to the SEC 10 before any rented software
`
`can be run.
`
`In addition to the non-volatile read/write memory
`
`the SPP 12 will also include a non-volatile
`mentioned above,
`read—only memory (ROM) 26 for storing the SPP's operating
`program.
`An illustrative operating prcgram in Z—80 assembly
`language is given in Microfiche Appendix Part I.
`If it is
`desired to provide for later update of the SPP'S cperating
`program, however,
`then an EEPRCM can be substituted for the ROM
`
`26 which contains the operating prcgram.
`
`The SPP 12 also includes a 2—80 microprocessor 28 which
`
`controls the functioning of the SPP 12. This micrOprocessor 28
`
`will communicate with both the SEC 10 through modem 16 and with
`
`the EUC 14. Appropriate communication interfaces 30, 32 (Fig. 2)
`are provided between the microprocessor 28 and modem 18 and
`
`between the microprocessor 28 and the EUC 14, respectively.
`
`These ccmmunication interfaces include a dual asynchronous
`
`
`
`PageOOOlS
`
`Page 00015
`
`

`

`W0 85/02310.
`
`PCT/U384/01856
`
`-14-
`
`receiver transmitter (DART) 34. The DART 34 ccnmunicates with
`
`the EUC l4 and the SEC 10 through lines 36 connected between the
`
`EUC l4 and the SPP 12 and through lines 38 connected between the
`
`W;
`
`SEC 10 and the SPP 12. The DART 34 is linked to the
`
`microprocessor 28.
`
`Input/output addresses are decoded by,circuit
`
`40. A baud rate generator 41 is also included for appropriately
`
`matching the nodems 16 (Fig. l) and 18.
`
`The microprocessor 28 preferably includes its own
`
`working random access memory (RAM) and it has the ability to
`
`execute a program out of either EEPROM.
`
`RAM 42 is provided as
`
`working storage for microprocessor 28. This RAM 42, as well as
`
`EEPROMS 22, 26 are linked to the microprocessor 28. Memory
`Q
`
`addresses are decoded by circuit 44.
`
`Clock circuts 46, 48 drive microprocessor 28 as well as
`
`the baud rate generator 41. A lOmSec delay circuit 50 is also
`
`connected to the microprocessor 28 which introduces a delay
`
`whenever a write operation is directed to EEPROM 22.
`
`In the preferred embodiment,
`
`the modem 18 is included
`
`in a "black box" with the SPP. This modem 18 takes data from the
`
`microprocessor 28 and transmits it over phone lines, and the
`
`modem 18 receives data transmitted over the phone line and passes
`
`it on to the microprocessor 28. While all of the above elements
`
`of the SPP 12 have been described as individual components, most,
`
`if not all, of these functions may be implemented on a single
`
`chip or small number of single chip microcomputers.
`
`Another aspect of the present invention which requires
`
`special consideration is the Package Encryption Key (PEK) which
`
`'01
`
`is created for each customer and his SPP by the SEC 10. This key
`
`will be rather large, preferably on the order of 256 bits.
`
`Some
`
`or all of the bits of the PEK will be used to perform one or more
`
` A.)
`
`00016
`
`Page 00016
`
`

`

`WO 85/0231().
`
`PCT/US84J01856
`
`-15_
`
`operations on a section of the code having a corresponding number
`of bits.
`
`the SEC 10
`For example, if a key of 256 bits is used,
`‘
`will select portions of the program to be encrypted which also
`have 256 bits. An operation, such as exclusive ORing (EOR)
`the -
`two 256 bit codes,
`is then performed and the resulting 256 bits
`is inserted into the program at the position from.which the
`selected 256 bits were removed.
`It is this encrypted version of
`
`In order to
`the software package which is sent to a customer.
`decrypt this code,
`the SPP 12 will perform a reverse operation
`using the 256 bit key and the encrypted 256 bits.
`In the case
`where the original operation was an EOR,
`the reverse operation is
`also an EOR. The specific key which is assigned to each customer
`will be stored in the SEC 10 and this key will be used by the SEC
`10 when creating each encrypted version of software.
`
`The valid software list which is maintained by the SPP
`
`12 in EEPROM 22 includes an RIN for each entry into the valid
`
`software table. This RIN points to a location in the PEK.
`
`For
`
`in the valid software table
`example, if a one byte RIN (0-255)
`for a specific software package is 108,
`then the program's
`encryption will be performed using a key which begins at the
`108th bit of the customer's PEK.
`In one embodiment, as each
`
`to the EUC 14, it will be given the next
`program is sent
`consecutive available RIN for the PEK.
`In other words,
`
`the first
`
`program in the valid program table will be given a one byte RIN
`of 1 into the PEK,
`the second program sent to the SPP's valid
`
`software list will be assigned an RIN of 2 for the PEK and so on.
`
`The assigned keys will remain the same size since the ends of the
`PEK are simply "wrapped around" so that the new end of the PEK is
`the bit immediately preceding the beginning bit of the PEK.
`
`To summarize,
`
`the actual encryption key is a function
`
`of the user-specific PEK and the software-specific RIN.
`
`The RIN,
`
`u)
`
`
`‘ .
`2:??—
`1; .1
`.9)
`
`
`
`
`Page00017
`
`Page 00017
`
`

`

`W0 85/023 10
`
`PCT/U884/01856
`
`-15-
`
`in this embodiment, simply designates a starting location in the
`
`PEK. Other Heans of combining RIM and PEK to obtain the
`
`software-specific encryption key are possible.
`
`W)
`
`Besides encrypting software with a unique PEK/RlN key,
`
`the software distribution system of the present invention will
`
`provide additional safeguards against copying. For example,
`
`since most programs are constructed from small,
`
`interrelated
`
`modules, portions of each nodule may be separately encrypted by
`
`the SEC 10. These modules may then be linked together by a
`
`linkage editor which basically keeps a list of the beginning and
`
`end addresses of all modules.
`
`When an end of a module is
`
`reached, a jump connand to the beginning of the next appropriate'
`
`module may then be put into effect.
`
`In this manner, all the
`
`In fact, once such modules are
`modules are tied together.
`linked in this fashion,
`the individual nodules lose their
`
`identity and the program appears to be monolithic. Therefore,
`
`to
`
`the software
`further complicate any attempt to copy software,
`distribution system of the present invention may scramble the
`order of the nodules on a randan or other basis.
`In this way,
`
`any person gaining access to two copies of the same encrypted
`
`software package sold by the SEC 10 will not be able to locate
`
`the sites of encryption by simple COmparison.
`
`A concrete example of program encryption and module
`
`randomization is presented in Part II of the microfiche appendix.
`
`Five sample modules are incorporated in a program called "MAINl".
`
`The program is designed to run on a MSDOS system such as that
`
`used on the IBM PC. The unencrypted object code for the program
`
`is stated in hexadecimal digits on pages 1—13 of Part II of the
`
`microfiche appendix. To prepare this software for delivery, a
`
`W)
`
`special "security control nodule" (pages 17-19)
`
`is added to
`
`handle all calls to the SPP. The security control nodule acts
`
`like a subroutine. Actually, this subroutine engages the
`
`Page00018
`
`Page 00018
`
`

`

`W0 85/023 10,
`
`PCT/U8