throbber
United States Patent [19]
`Chandra et al.
`
`[11] Patent Number:
`[45] Date of Patent:
`
`4,817,140
`Mar.28, 1989
`
`[54] SOFIW ARE PROTECTION SYSTEM USING
`A SINGLE-KEY CRYPI'OSYSTEM, A
`HARDWARE-BASED AUTHORIZATION
`SYSTEM AND A SECURE COPROCESSOR
`
`[75]
`
`Inventors: Ashileshwari N. Chandra, Mahopac;
`Liam D. Comerford, Carmel; Steve R.
`White, New York, all of N.Y.
`
`[73] Assignee:· International Business Machines
`Corp., Armonk, N.Y.
`
`[21] Appl. No.: 927,629
`
`[22] Filed:
`
`Nov. 5, 1986
`
`Int. Cl.4 ............................................... H04L 9/00 1
`[51]
`[52] u.s. Cl ............................................ 380/4; 380/25'
`[58] Field of Search .................... 364/200, 900; 380/4,
`380/25, 23
`
`[56]
`
`References Cited
`U.S. PATENT DOCUMENTS
`3,996,449 12/1976 Attanasio ....................... 235/61.7 R
`4,104,721 8/1978 Markstein ........................... 364/20<r
`4,120,030 10/1978 Johnstone ........................... 364/200
`4,168,396 9/1979 Best ....................................... 178/22
`4,183,085 1/1980 Roberts ............................... 364/200
`4,246,638 1/1981 Thomas ............................... 364/200
`4,278,837 7/1981 Best .................................. 178/22.09
`4,433,207 2/1984 Best .................................. 178/22.09
`4,442,484 4/1984 Childs, Jr ............................ 364/200
`4,446,519 5/1984 Thomas ............................... 364/300
`4,458,315 7/1984 Uchenick ............................ 364/200
`4,462,078 7/1984 Ross .................................... 364/300
`4,465,901 8/1984 Best .. ; ............................... 178/22.08
`4,471,163 9/1984 Donald et al. ...................... 364/200
`4,471,216 9/1984 Herve .................................. 235/380
`4,513,174 4/1985 Herman ............................ 178/22.08
`4,523,271 6/1985 Levien ................................. 364/200
`4,525,599 6/1985 Curran et al ........................ 364/200
`4,558,176 12/1985 Arnold et al ..................... 178/22.08
`4,562,305 12/1985 Gaffney, Jr ...................... 178/22.08
`4,562,306 12/1985 Chou ................................ 178/22.08
`
`OTHER PUBLICATIONS
`Best, Preventing Software Piracy with Crypto-Micro(cid:173)
`processors, IEEE, 1980.
`(List continued on next page.)
`
`[57]
`ABSTRACI'
`The invention provides a software asset protection
`mechanism which is based on the separation of the .
`software to be protected from the right to execute that
`software. Protected software can only be executed on
`composite computing systems in which a physically and
`· logically secure coprocessor is associated with a host
`, computer. The software to be protected is broken down
`: into a protected (encrypted) portion and an (optional)
`unprotected or plain text portion. The software is dis-
`. tributed by any conventional software distribution
`. mechanism (for example a floppy disk) including the
`files already identified along with an encrypted soft(cid:173)
`ware decryption key. The coprocessor is capable or·
`decrypting the software decryption key so it can there(cid:173)
`after decrypt the software, for execution purposes.
`However, the coprocessor will not perform these func(cid:173)
`tions unless and until the user's right to execute is evi(cid:173)
`denced by presentation of a physically secure token.
`The physically secure token provides to the coproces(cid:173)
`sor token data in plain text form (the physical security
`of the plain text token data is provided by the cartridge
`within which token data is stored). The physical prop(cid:173)
`erties of that cartridge taken together with the corre(cid:173)
`spondence between the token data provided by the
`cartridge and the encrypted token data evidence the
`user's right to execute. While the coprocessor can,
`1 thereafter, decrypt and execute the protected portion of
`the software, access to that software is denied the user
`by the physical and logical features of the coprocessor.
`Other properties of the cartridge (specifically a destruc(cid:173)
`tive read property) ensure that the act of transferring
`token data to the coprocessor obliterates that data from
`the cartridge so it cannot be revised. Further, the proto(cid:173)
`col for the coprocessor/cartridge exchange is arranged
`so that observation of even the entire exchange pro(cid:173)
`vides inadequate information with which to simulate or
`spoof the effect of an authentic, unused cartridge.
`
`(List continued on next page.)
`
`35 Claims, 8 Drawing Sheets
`
`APPLE EXHIBIT 1068
`APPLE v. PMC
`IPR2016-00755
`Page 1
`
`

`

`4,817,140
`
`Page 2
`
`U.S. PATENT DOCUMENTS
`4,577,289 3/1986 Comerford .......................... 364/900
`4,598,288 7/1986 Yarbrough ..................... 340/825.34
`4,599,489 7/1986 Cargile ............................. 178/22.08
`4,609,777 9/1986 Cargile ............................. 178/22.08
`4,609,985 9/1986 Dozier ................................. 364/200
`4,621,321 11/1986 Boebert et at ...................... 364/200
`4,621,334 11/1986 Garcia ................................. 364/550
`4,633,388 12/1986 Chiu .................................... 364/200
`4,644,493 2/1987 Chandra et at ..................... 364/900
`4,652,990 3/1987 Pallen et at ......................... 364/200
`OTHER PUBLICATIONS
`Everett, "Padlock", Computer Bulletin, Mar. 1985, pp.
`16-17 + Padlock Public Key Software Protection Sys(cid:173)
`tem.
`Goldschmitt, "Thou Shall Not Dupe", Computer(cid:173)
`world, Jan. 28, 1985.
`Herzberg, "Public Protection of Software", Lecture
`Notes in Computer Science, vol. 218, 1986 (Proc.
`Crypto 85), pp. 158-178.
`
`Kent, Protecting Externally Supplied Software in Small
`Computers, Phd. thesis, M.I.T., Sep. 1980.
`Lipson, "Little Black Box 'Blocks' Illicit Software
`Copying", Stamford Advocate, Sep. 14, 1986, pp.
`El-E2.
`Maude, "Hardware Protection Against Software Pi(cid:173)
`racy", Communications of the ACM, vol. 27, No. 9,
`Sep. 1984, pp. 950-959.
`Purdy, "A Software Protection Scheme", IEEE, 1982.
`Simmons, "How to (Selectively) Broadcast a Secret",
`IEEE, 1985.
`Winslow, "For Software Firms, Questions is How to
`Cope with Piracy", Wall Street Journal, Apr. 12, 1985.
`
`Primary Examiner-Gareth D. Shaw
`Assistant Examiner-John G. Mills
`Attorney, Agent, or Firm-Pollock, Vande Sande &
`Priddy
`
`APPLE EXHIBIT 1068
`APPLE v. PMC
`IPR2016-00755
`Page 2
`
`

`

`,-------------------------------------------------------------,
`I L---- 15
`155
`i FIG .1
`
`150
`
`154
`
`I
`
`I
`I
`I
`
`CPU
`
`RAM
`
`ROM
`
`REAL
`TIME
`CLOCK
`
`NON-VOLA TILE
`RAM
`
`110 1
`PC1RTS •
`
`I
`
`:
`I
`
`I
`I
`I
`I
`I
`I
`I
`I
`
`-------------------------------------------------------------·
`--------------------------------------------------------------.
`1 I I
`i 1 1 1 1
`t
`! I
`I I
`I I
`I I
`I TERMINAL
`CONTROL
`
`I
`
`I
`
`CPU
`
`I
`
`I
`
`RAM
`
`I
`
`I
`
`ROM
`
`I
`
`I I
`
`DISC
`CONTROL
`
`I. 1
`
`I I
`1/0
`PORTS
`
`4
`
`HOST
`
`9
`
`19
`
`~10
`-------------------------------------------------------------J
`
`~ r;n
`~
`Ft a
`~
`
`N
`._.O!:J
`,.....
`\0
`Of:;
`\0
`
`~
`
`7J1 ::r
`~ ,.....
`~
`Of:;
`
`..&;;..
`-...
`QO
`~
`-.)
`-...
`~
`~
`
`APPLE EXHIBIT 1068
`APPLE v. PMC
`IPR2016-00755
`Page 3
`
`

`

`FIG. 2
`
`SELECT
`
`DATA
`OUT
`
`CONNECTOR
`23
`
`CLOCK
`
`DATA IN
`2
`DATA IN
`1
`
`EXTERNAL
`POWER
`
`EXTERNAL
`GROUND
`
`0
`
`~---------------------------------------------------~
`I
`
`/20
`
`I
`
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`
`I
`
`\ I
`
`'\;
`
`MULl IPLEXER
`22
`
`C2
`
`04
`
`03
`----------------~--------i]---------;r-------'
`r.--.
`25
`1
`1
`1
`1
`~- _j-.._ 26
`
`I
`
`I
`
`~
`[f1
`
`~ .......... g
`
`~
`
`~
`
`N
`YJ
`~
`\C
`00
`\C
`
`~ sa
`N a
`
`00
`
`~Ji;;,..
`00
`~
`......,J
`~
`~
`
`~
`
`APPLE EXHIBIT 1068
`APPLE v. PMC
`IPR2016-00755
`Page 4
`
`

`

`SOFTWARE VENDOR - -
`PART 1-
`A. SOFTWARE<::"
`PART 2
`
`8. DECRYPTION
`KEY
`C. TOKEN DATA
`
`FIG.3
`
`FIG.4
`
`l
`
`f1
`J SOfTWARE VENDOR ENCRYPTION
`I HARDWARf VENDOR ENCRYPTION I
`
`f2)
`
`DISTRIBUTABLE SOFTWARE PRODUCT
`
`B.
`
`ENCRYPTED DECRYPTION KEY
`
`A. PART 1
`
`PLAIN TEXT SOFTWARE {PART 1)
`
`A. PART 2
`
`ENCRYPTED SOFTWARE {PART 2)
`
`c.
`
`ENCRYPTED TOKEN DATA
`
`~
`rJ1 .
`EcsK(AK) ~
`a_
`fiLE l
`~ .........
`
`ENCRYPTED SOfTWARE DECRYPTION KEY
`
`PLAIN TEXT SOfTWARE
`
`ENCRYPTED SOfTWARE EAK(SOfTWARE)
`-
`ENCRYPTED TOKEN DATA EAK(TOKEN DATA)
`
`r-}
`
`fILE 2
`
`,_- fILE 3
`
`~
`
`__ oo
`N
`
`""""' \0
`00
`\0
`
`~
`
`~
`~ a
`
`00
`
`,.&;;.
`-...
`00
`~
`-l
`-...
`~
`~
`
`APPLE EXHIBIT 1068
`APPLE v. PMC
`IPR2016-00755
`Page 5
`
`

`

`,--
`
`COMPOSITE COMPUTING
`SYSTEM
`
`HOST
`·CV
`!
`
`COPROCESSOR
`
`PERMANENT
`MEMORY
`
`TEMPORARY
`MEMORY
`
`FIG. 5
`
`-l
`
`35
`_..)
`
`\
`I
`
`DATA & PROGRAM
`FILES
`
`FILE 1 £ CSK (AK)
`
`FILE 2 PLAIN TEXT SOFTWARE
`
`FILE 2 EAK
`
`(SOFTWARE)
`
`)•
`
`FILE 3 EAK
`
`(TOKEN DATA)
`
`I
`
`I
`
`5
`
`/_
`
`J
`
`~ 0
`0 CD
`-I
`/
`
`15 p
`
`~5
`
`15 T
`
`L
`
`__c_20_
`~-TOKEN CARTRIDGE
`
`1 -1 A
`
`~
`
`L__
`
`~
`SOFTWARE DISTRIBUTION
`~
`PACKAGE
`r - - - - - - - - , ~
`q6
`45-1
`I
`I
`
`I
`
`...,.. Ia
`~
`N s-o I ~
`
`I
`I
`I
`~I
`:-l
`I ~
`11/2 TOKEN DATA I I
`jl ~~~ 00
`I
`_ __j J ~,_
`~ I L __ -
`-~
`_j
`--.)
`....
`~
`~
`
`APPLE EXHIBIT 1068
`APPLE v. PMC
`IPR2016-00755
`Page 6
`
`

`

`,--
`
`COMPOSITE COMPUTING
`SYSTEM
`
`FIG.6
`
`-,
`
`~
`~
`~
`,-- - - - - - --46--, a
`~
`I ~
`45-1
`I
`I
`
`SOFTWARE DISTRIBUTION
`PACKAGE
`
`OAT A & PROGRAM
`FILES
`
`FILE 1 EcSK (AK)
`
`FILE 2 PLAIN TEXT SOFTWARE
`
`!
`
`N
`SA
`1-A
`~ \C)
`
`35
`_.)
`
`HOST
`(])
`l
`
`COPROCESSOR
`
`PERMANENT
`MEMORY
`
`5
`
`'
`
`-
`
`- -
`
`~5
`
`L_
`
`TEMPORARY
`MEMORY
`
`5
`~
`
`I
`_j
`
`\_
`
`\_
`
`I
`
`I
`
`FILE 2 EAK
`
`(SOFTWARE)
`
`FILE 3 EA K (TOKEN OAT A)
`
`20
`
`fMPTY RfGISTfR
`
`1 r
`I
`__ _L_~ ~
`I
`I I :;;;
`I
`EMPTY RfGISTfRJ l I
`I I
`....
`IL ____ _jj
`
`t_ _
`
`-
`
`....
`00
`~
`.........
`....
`~
`~
`
`APPLE EXHIBIT 1068
`APPLE v. PMC
`IPR2016-00755
`Page 7
`
`

`

`uu:::,
`::lt.KVILt.
`IN HOST
`
`H5)
`
`NO
`..----
`
`LOR
`REQUESTED
`?
`
`H6)
`
`NO
`
`-
`
`EXIT
`YES
`REQUESTED 1 -
`?
`
`H7....--
`
`END
`
`I
`
`NO
`-
`
`YES
`
`I
`
`SEND LOR
`REQUEST TO
`COPROCESSOR
`1
`~
`NO
`SERVICE
`-
`COPROCESSOR
`SUPPORT REQUESTS ~HB
`~
`COPROCESSOR
`FINISHED
`?
`
`I START SUPPORT I
`
`PROGRAM
`
`NO
`
`ARE
`REQUESTED
`?
`
`~---""" H l
`YES
`
`rH2
`SEND ARE REQUEST
`TO COPROCESSOR
`
`I
`
`~
`
`(H 3
`
`YES
`
`"'-- H4
`
`I SERVICE COPROCESSOR
`SUPPORTS REQUESTS
`!
`COPROCESSOR
`FINISHED
`?
`
`YES
`
`NOTIFY
`CORRESPONDING
`PROGRAM IN HOST
`
`1--
`
`HJO
`
`~
`V1
`~ ........
`~ f'l"'t-.
`
`~
`
`N
`~
`~
`\C
`QO
`\C
`
`rJ1 go
`~
`0'\
`~
`QO
`
`.a;;.
`....
`00
`~
`---.l
`....
`~
`..&;;...
`Q
`
`APPLE EXHIBIT 1068
`APPLE v. PMC
`IPR2016-00755
`Page 8
`
`

`

`U.S. Patent Mar. 28,1989
`
`Sheet 7 of8
`
`4,817,140
`
`FIG. 8
`
`START
`ARE
`PROGRAM
`~
`REQUEST EcsK(AK)
`FROM HOST CD
`1
`DECRYPT EcsK(AK)
`WITH CSK TO GET AK
`
`Cl ~
`
`c
`2-
`
`C3
`
`C4
`
`-
`
`~
`REQUEST EAK(TOKEN DATA)
`FROM HOST CD
`~
`- DECRYPT EAK(TOKEN DATA)
`WITH AK TO GET TOKEN
`DATA
`~
`GENERATE
`''RANDOM,,
`NUMBER
`l
`
`c
`5-
`
`C6......-
`
`!
`USE TOKEN DATA AND RANDOM
`NUMBER TO SIMULATE TOKEN
`RESPONSE GENERATION
`PROCESS TO GET
`EXPECTED TOKEN RESPONSE
`~
`C7-- REQUEST HOST QUERY TOKEN
`WITH RANDOM NUMBER (I)
`~
`REQUEST HOST SUPPLY(i)
`TOKEN RESPONSE
`4
`~
`COMPARE TOKEN RESPONSE
`WITH EXPECTED RESPONSE
`~
`C!O YES t- RESPONSES ~
`EQUIVALENT
`?
`
`C8
`
`C9
`
`!
`CH
`MOVE AK
`INTO
`PERMINANT STORAGE CD I--CI3
`1
`REQUEST HOST
`INFORM USER
`OF SUCCESSFUL MATCH AND
`STORAGE Of INDEX OF KS
`FILE 2 PLAIN TEXT SOFTWARE
`-.
`I END l
`
`f--CI4
`
`t
`
`REQUEST HOST INFORU
`USER OF MISMATCH
`l
`I END l
`
`APPLE EXHIBIT 1068
`APPLE v. PMC
`IPR2016-00755
`Page 9
`
`

`

`FIG. 9A
`
`FIG.98
`
`APPLICATION
`HOST
`
`IN
`
`IN
`APPLICATION
`COPROCESSOR
`Cl5
`
`HH
`
`H 13
`
`Hl4
`
`WAIT FOR NOTIFICATION
`fROM DOS SERVICE
`
`EXECUTE
`APPLICATION USING
`CODE EXECUTING
`IN COPROCESSOR
`AS NEEDED
`
`REQUEST LOCATION Of
`AK FROM HOST
`
`Cl6
`
`GET COPY OF AK fROM fc\5 I C 17
`PERMANENT STORAGE
`\2J --
`
`1
`
`REQUEST fiLE 2 EAK (SOFTWARE)
`@
`fROM HOST
`
`Cl8
`
`DfCRYPT EAK (SOfTWARE)
`WITH AK TO GET SOfTWARE ®
`
`Cl9
`
`C20
`
`c 2 ~
`
`~
`VJ
`~ ~
`rD a
`
`~
`
`N
`._.CIO
`)ooooO
`1,0
`C10
`1,0
`
`(FJ
`g'
`~
`C10
`~
`C10
`
`.a;;.
`-..
`00
`1-l
`.....:)
`-..
`1-l
`
`.a;;. =
`
`APPLE EXHIBIT 1068
`APPLE v. PMC
`IPR2016-00755
`Page 10
`
`

`

`SOFfW ARE PROTECTION SYSTEM USING A
`SINGLE-KEY CRYPTOSYSTEM, A
`HARDWARE-BASED AUTHORIZATION SYSTEM
`AND A SECURE COPROCESSOR
`
`CROSS-REFERENCE TO CO-PENDING
`APPLICATIONS Reference is made to the following 20
`co-pending applications, assigned to the assignee of this
`application:
`U.S. patent application Ser. No. 927,309, filed Nov. 5,
`1986; U.S. patent application Ser. No. 927,306, filed
`Nov. 5, 1986; U.S. patent application Ser. No. 927,298, 25
`filed Nov. 5, 1986; U.S. patent application Ser. No.
`927,286, filed Nov. 5, 1986; U.S. patent application Ser.
`No. 927,297, filed Nov. 5, 1986; and U.S. patent applica(cid:173)
`tion Ser. No. 927,299, filed Nov. 5, 1986.
`
`BACKGROUND ART
`
`1
`
`4,817,140
`
`DESCRIPTION
`TECHNICAL FIELD
`The invention is in the field of data processing and is 10
`specifically directed to a software copy protection
`mechanism. In particular a mechanism is provided
`which restricts software; distributed on magnetic disk
`or other medium, to use on any computer which is
`associated with a specified, physically secure coproces· 15
`sor where the mechanism does not interfere with the
`user creation of "backup" copies, but the protection is
`not compromised by any such "backup" copies.
`
`2
`Best suggests that each copy of a program be custom(cid:173)
`ized so that it is only executable on a single micro(cid:173)
`processor, i.e. in a single, physically unique micro(cid:173)
`processor. This protection appears breakable by discov-
`5 ering the key needed to decrypt the software and by
`other cryptanalytic techniques. However, as a practical
`technique for protecting software, it is unusable. A
`software vendor must sell each copy of his software
`(which has been customized), along with the micro(cid:173)
`processor which has been customized to run the associ(cid:173)
`ated software. The only alternative is for the vendor to
`identify which microprocessor the user owns so that the
`software can be customized for it. To the extent that the
`software vendor allows the software to be run on a class
`of microprocessors (say all 80286), then the protection
`is lost, for duplicates of the software will freely run on
`all microprocessors of the class.
`The referenced U.S. Pat. No. 4,644,493 describes a
`method for recording data on magnetic media in such a
`way that the act of reading the data alters it. Such "read
`once" magnetic recordings cannot be created by con(cid:173)
`ventional disk drives so they cannot be copied by con(cid:173)
`ventional personal computers systems. As described in
`the referenced application a computer is associated with
`a physically and logically secure coprocessor and soft(cid:173)
`ware as distributed on the magnetic media includes at
`least a significant section or portion which is encrypted.
`The magnetic media also includes an encrypted decryp-
`30 tion key which must be used by the coprocessor to
`decrypt the encrypted portion of the software. The act
`of transferring the encrypted decryption key from the
`magnetic media to the secure coprocessor is linked to
`A good description of the background art to the
`the mechanism which alters the data. This assures that,
`invention is provided in the applicants co-pending U.S.
`in the absence of extraordinary measures, the encrypted
`Pat. No. 4,644,493, filed Sept. 14, 1984.
`In addition to the prior art identified in the referenced 35 decryption key is not transferable once the magnetic
`applica!ion, Uchenick U.S. Pat. ~o. 4,458,315.sugg~sts medium has been read. This prevents the creation of
`a secunty pr?Ce~ur~ for pr~tectmg software m which
`copies of the distribution medium which can be em-
`!he soft~are 1s dtstnbuted w1th a key number (first key
`played on other computers, subverting the copy protec-
`information). In order for the software to be run o~ a 40 tion mechanism. Once the coprocessor has access to the
`co~put~~· the compu!er must.ha~e access to a devu;:e
`encrypted decryption key, it can decrypt this key. In
`stotnng sefond ker ~rma!~n ri ~e srogr~ r l the course of executing the software the encrypted
`~o pro~er Y execu e
`ess . e rrs ~ secon
`ey
`portion is decrypted by the coprocessor. This ensures
`informatiOn bears some specified relatton. The patent
`th t th
`ft

`tabl b t
`t
`th
`however does not describe use of a transaction token
`a
`e s~ . ware IS execu
`e, u preven s
`e user
`which forms an important component of the present 45 ~rom obtaining access to the complete software package
`m decrypted f~rm.
`.
`.
`.
`invention, nor is there any apparent impediment to
`. ~e mecharusm d~scnbed m the referenced apphca-
`deter a pirate from merely altering the software so it can
`t~on 1s extremely resistant to atta~k because the decryp-
`execute without this comparison step nor does the pa-
`tion key and the protected f~actton of the software are
`tent describe how the computer obtains access to the
`"record key information" in such a way that that access 50 never exposed to the us7r m unencryp!e~ form. The
`cannot be duplicated or forged.
`ow~er of the software 1s ~owed unlimited backup
`Jones Futurex, Inc. describe a software protection
`coptes, but these backup COJ?les are useless on any other
`product which employs a decryption board which
`personal. computer (one whtch does ~ot have acces~ to
`stores a decryption key in "write only" mode. This
`the spectfic copro:essor alrea~y stonng the d~crypt1on
`product comes in fixed key and variable key models. 55 ke~). The protectiOn system 1S open to any software
`The fixed key model would require the software vendor
`wnter for us~ and ~y hardwar~ producer for ~~ufac-
`to personalize each different software copy to a differ-
`ture because 1t requrres no shanng of confidential mfor-
`ent key. While the variable key product might not have
`mation (key information) between the involved parties
`this failing, the product description does not describe
`and its methods may be disclosed publicly without com-
`how the variable key can be loaded except to say this is 60 promising its security.
`However the read once magnetic recording has two
`accomplished by "an remote communications proces-
`sor". Such a scheme for distributing decryption keys is
`vulnerabilities in a copy protection system. First it is
`inconsistent with the distribution methods in common
`always possible (although costly) to examine the mag-
`use. This drawback does not characterize the system
`netic medium and produce a device which will forge its
`taught by this disclosure.
`65 behavior to a computer system. Second, a detennined
`Best, in U.S. Pat. Nos. 4,168,396; 4,278,837 and
`pirate may be able to build an apparatus which will
`4,465,901, describes a program protection mechanism
`restore the pre-read state of the "read once" recorded
`which makes use of enciphered programs. However,
`data that has been used to authorize the acceptance of a
`
`APPLE EXHIBIT 1068
`APPLE v. PMC
`IPR2016-00755
`Page 11
`
`

`

`4,817,140
`
`3
`decryption key by a system. The re-initialized medium
`could then be used to illicitly "authorize" a second
`system.
`The method, as described in the referenced applica(cid:173)
`tion requires use of a public key crypto system. This 5
`architectural restriction limits the flexibility of the sys(cid:173)
`tem. In addition the system described in the referenced
`application requires the use of a bus slot which may not
`be available on some systems or may be too valuable to
`a user. This is necessary to allow the coprocessor to 10
`observe the host processor bus operations so that it may
`assure itself that the appearance of the read once mag(cid:173)
`netic recording is not being simulated by a program on
`the host computer.
`The present invention overcomes the above noted 15
`disadvantages in that it firstly does not require a dedi(cid:173)
`cated bus slot for a physically secure coprocessor, it
`does not rely on public key crypto systems nor does it
`rely on read once magnetic media. In these respects it is
`both more versatile and more resistant to attempted 20
`piracy than the earlier system.
`The present invention is based on the recognition that
`today's software distribution techniques distribute to
`the user, in addition to the software itself, the right to
`execute that software. That is, more particularly, when 25
`software is sold to the typical user, the user acquires not
`only the software itself but the right to use it. However,
`he can, with a typical personal computer, duplicate the
`software and distribute it along with the (implied) right
`to use it to others. The invention seeks to separate the 30
`software, from the right to use it. Further, it seeks to
`place the means of creating these Rights-to-Execute in
`the hands of the software authors or their representa(cid:173)
`tives. It also seeks to do these things with no perturba- ·
`tion to the existing or planned channels of software 35
`distribution and minimum change to the means by
`which software is prepared for distribution. As will be
`described below, in accordance with the present inven(cid:173)
`tion, the typical software purchaser may still duplicate
`at will the software he has received from the vendor. 40
`However, he cannot duplicate the right to use the soft(cid:173)
`ware; in fact he receives a single right to use the soft(cid:173)
`ware. To become effective, that right to use must be
`installed in a suitable coprocessor, and it is only when
`the right to use is installed on the suitable coprocessor 45
`(which is associated with the host computer on which
`the user intends to run the software) that the software
`becomes executable. Other copies of the software that
`the user might make are not executable on any other
`host computer (even if such other host computer is 50
`associated with another suitable coprocessor).
`In accordance with the present invention software
`can be distributed on magnetic media (such as tape or
`floppy disk) or by other means (telephone lines, cable or
`broadcast transmission). The software is partitioned 55
`into an encrypted portion P e and an unencrypted (clear
`text) portion Pc. The choice of the partitioning is made
`by the software vendor with the understanding that
`only the encrypted portion will be protected from pi(cid:173)
`racy. The encrypted portion, Pe, of the software will be 60
`decrypted and executed by a physically and logically
`secure coprocessor if the coprocessor possesses the
`decryption key which embodies the right to execute.
`The protected part of the software is, thus, never ex(cid:173)
`posed in plaintext form and never executed by unautho- 65
`rized systems. The coprocessor may be attached to the
`user's personal computer either on the system bus or
`through a 1/0 or other communication port.
`
`4
`In order to be effective, and decrypt the encrypted
`portion of the protected software, the coprocessor must
`be provided with the decryption key (Right-Right-to(cid:173)
`Execute or RTE, also referred to as AK or Application
`Key) needed to render the encrypted portion of soft(cid:173)
`ware executable. The key (RTE or AK) must be trans(cid:173)
`ferred to the software owner's coprocessor in such a
`way that the transfer mechanism cannot be reused or
`reproduced by a user and thus grant key transfer to
`other personal computers. This is accomplished by asso(cid:173)
`ciating the effective transfer of the decryption key into
`the non-volatile memory of the coprocessor with a
`transaction token, e.g. the presence of the transaction
`token is required to effectively transfer the decryption
`key to the coprocessor. The token is very resistant to
`forgery for reasons which are described below and its
`information content is destroyed during the transfer
`transaction. The token has information content which is
`known to the coprocessor because it is identified in an
`encrypted ftle. This ftle is called the Encrypted Token
`Description or ETD. This identification is authenti(cid:173)
`cated to the coprocessor by the fact that it is encrypted
`with the same key (AK) which the software vendor has
`used to encrypt the protected portion of the software.
`The ETD may be distributed to the user by placing it in
`a dedicated register in the token, by recording it on the
`distribution medium, or by distributing it by other
`means.
`The software vendor supplied key (AK) is made
`available to the coprocessor by supplying it, in en(cid:173)
`crypted form, with the program via the software distri(cid:173)
`bution medium or other means as described in the case
`of the ETD. In the general case, the key used to encrypt
`the AK is selected from a list of Coprocessor Supervi(cid:173)
`sor Keys (CSKs) which is stored in all coprocessors
`supplied by a given vendor.
`The function of encrypting the software vendor's
`decryption key with one of these stored encryption keys
`is a service provided by the coprocessor so that the
`store of keys (CSKs) need never be exposed to the
`software vendor. The coprocessor which the software
`vendor uses to encrypt the software vendor's keys may
`be precisely the same type of coprocessor as the user
`employs to decrypt and run the software. Alternatively,
`special processors may be sold for this purpose or stan(cid:173)
`dard processors may be enabled to perform this func(cid:173)
`tion by an encrypted message from the hardware manu(cid:173)
`facturer. These options may be useful in giving flexibil(cid:173)
`ity to the marketer of such devices.
`For the same reason the software vendor's decryp(cid:173)
`tion keys (such as AK) are never exposed to the soft(cid:173)
`ware user, the hardware vendor's encryption keys
`(CSK) are never exposed to the software vendor. This
`system thus has the property that no information need
`be shared between hardware and software manufactur(cid:173)
`ers in order to use the protection provided. In addition,
`a single encryption system such as DES may be used for
`all cryptographic functions.
`In accordance with the invention, in order to access
`the transfer token, the coprocessor is provided with a
`data path which allows communication with a hard(cid:173)
`ware sub-system such as a cartridge. This data path may
`utilize a connection to the cartridge supplied by either
`the host (such as a PC) or the coprocessor. The car(cid:173)
`tridge contains an electronic memory with properties
`that change (in a manner to be described) in response to
`whether the memory is being read from or written to.
`This cartridge sub-system must be extremely difficult to
`
`APPLE EXHIBIT 1068
`APPLE v. PMC
`IPR2016-00755
`Page 12
`
`

`

`4,817,140
`
`25
`
`5
`6
`The first time the user attempts to employ the pro-
`copy in the sense that a substitute is very unlikely to be
`created by a user which can fool a coprocessor into
`tected software, he couples the physically and logically
`accepting it as verification of the user's right to store a
`secure coprocessor to the computer system in which the
`protected software is to be run and also couples the
`given decryption key (AK) in the user's coprocessor.
`Since the connection to the sub-system is physically
`hardware cartridge containing the transfer token to the
`computer system.
`exposed, the transaction which uses this connection as
`On the fust running of the software the encrypted
`its communications medium must be forgery-resistant.
`software key EAK is transferred to the coprocessor and
`To be forgery-resistant, each transaction must be
`effectively unique and verifmble by the coprocessor.
`is decrypted by the coprocessor using the required CSK
`The technique by which this security is obtained is 10 to obtain AK. For reasons which are explained below,
`described below.
`this transfer is temporary, the coprocessor will reject
`the transfer if the conditions described below are not
`The sub-system which is used to verify the right of a
`user to a particular decryption key is referred to as a
`met. A verifiable· portion of the contents of the hard-
`transfer token. The necessary functions can be imple-
`ware cartridge, i.e., the transfer token, is also trans-
`mented using programs executed by a micro-processor 15 ferred to the coprocessor using a forgery-resistant que-
`or by using a dedicated hardware system. Inasmuch as
`ry /response protocol; this process alters or destroys the
`the most economical implementation of a transfer token
`contents of the hardware cartridge. The information
`will be a dedicated hardware system, this is the version
`revealed to an observer of the query and the response is
`that is described.
`insufficient to allow a forger to construct a correct
`The transfer token hardware and its information con- 20 response to another coprocessor query. The transfer
`token can be "refilled" with information by a software
`tent must be kept physically secure to avoid its access
`by the user through means which bypass the forgery
`author, but the refilled transfer token will only autho-
`prevention feature. One implementation of this physical
`rize a coprocessor to accept an AK from that author.
`security is described in co-pending application Ser. No.
`The physically and logically secure coprocessor deter-
`927,309, filed Nov. 5, 1986 the disclosure of which is
`mines whether or not the transfer token is effective by
`incorporated by this reference. The same technique
`determining whether or not it corresponds to an ex-
`may be employed to render the coprocessor itself physi-
`pected transfer token. Assuming the transfer token is
`cally secure and to protect its memory contents from its
`found acceptable, the coprocessor then stores the soft-
`exposure to a user. Since tokens can be implemented as 30 ware decryption key AKin its permanent memory. At
`a single, continuously powered, integrated circuit chip,
`this point the transfer is effective so that the coproces-
`no additional physical security is needed. If the physical
`sor can use AK to decrypt and run protected software.
`security of a token were broken, then no cryptographic
`Once the software decryption key AK is stored in the
`keys would be revealed and only the single associated
`permanent memory of the coprocessor, the protected
`software package could be redistributed.
`35 software can be executed. The plaintext portion of the
`Thus, in accordance with the invention, software to
`protected software is executed by the user computer
`be protected is partitioned into a plain text portion and
`system. The encrypted portion (the protected portion)
`an encrypted portion; the encryption key (AK) used to
`of the software is decrypted upon loading by the co-
`encrypt the software is known only to the software
`processor. The logical and physical security of the co-
`vendor. The protected software provided to the user is 40 processor memory prevents the user from having access
`associated with the software decryption key, in en-
`to plaintext or executable form of the protected soft-
`crypted form (EAK). The software decryption key
`ware.
`(AK) is encrypted with the hardware vendor's encryp-
`On each subsequent use of the protected software the
`tion key (CSK) which is not known to the software
`software decryption key AK now stored in the perma-
`vendor. This encryption is a service performed by such 45 nent memory of the coprocessor is used to decrypt the
`coprocessors. The software and encrypted decryption
`encrypted portions thereof. The user can make as many
`key (EAK) may be associated with information describ-
`"backup" copies of the software as he desires; however
`ing a transfer token (TOKEN DATA) by encrypting
`without access to a logically and physically secure co-
`that description under AK. The correspondence be-
`processor storing
`the decryption key AK, any
`tween the content of the token and the token data (after so "backup" copies of the software are unusable since the
`decryption under AK) indicates to the coprocessor that
`encrypted portion of the software cannot be decrypted.
`that particular AK may be stored for future use. The
`Accordingly, the invention provides a method of
`authorized user is provided with a token, which in a
`restricting use of software to an authorized computer
`preferred embodiment is implemented in the form of a
`comprising the steps of:
`hardware cartridge. The transfer token is physically 55
`distributing said software in a form in which at least
`and logically secure, so that a sufficient fraction of its
`a significant portion is encrypted,
`information contents is not available to the user. The
`providing a coprocessor in association with a paten-
`transfer token, or the hardware cartridge incorporating
`tially authorized processor, which coprocessor has a
`the transfer token has a read once feature whereby the
`memory

This document is available on Docket Alarm but you must sign up to view it.


Or .

Accessing this document will incur an additional charge of $.

After purchase, you can access this document again without charge.

Accept $ Charge
throbber

Still Working On It

This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.

Give it another minute or two to complete, and then try the refresh button.

throbber

A few More Minutes ... Still Working

It can take up to 5 minutes for us to download a document if the court servers are running slowly.

Thank you for your continued patience.

This document could not be displayed.

We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.

Your account does not support viewing this document.

You need a Paid Account to view this document. Click here to change your account type.

Your account does not support viewing this document.

Set your membership status to view this document.

With a Docket Alarm membership, you'll get a whole lot more, including:

  • Up-to-date information for this case.
  • Email alerts whenever there is an update.
  • Full text search for other cases.
  • Get email alerts whenever a new case matches your search.

Become a Member

One Moment Please

The filing “” is large (MB) and is being downloaded.

Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.

Your document is on its way!

If you do not receive the document in five minutes, contact support at support@docketalarm.com.

Sealed Document

We are unable to display this document, it may be under a court ordered seal.

If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.


Access Government Site

We are redirecting you
to a mobile optimized page.





Document Unreadable or Corrupt

Refresh this Document
Go to the Docket

We are unable to display this document.

Refresh this Document
Go to the Docket