`Chandra et al.
`
`[11] Patent Number:
`[45] Date of Patent:
`
`4,817,140
`Mar.28, 1989
`
`[54] SOFIW ARE PROTECTION SYSTEM USING
`A SINGLE-KEY CRYPI'OSYSTEM, A
`HARDWARE-BASED AUTHORIZATION
`SYSTEM AND A SECURE COPROCESSOR
`
`[75]
`
`Inventors: Ashileshwari N. Chandra, Mahopac;
`Liam D. Comerford, Carmel; Steve R.
`White, New York, all of N.Y.
`
`[73] Assignee:· International Business Machines
`Corp., Armonk, N.Y.
`
`[21] Appl. No.: 927,629
`
`[22] Filed:
`
`Nov. 5, 1986
`
`Int. C1.4 ............................................... H04L 9/00 1
`[51]
`[52] u.s. Cl ............................................ 380/4; 380/25'
`[58] Field of Search .................... 364/200, 900; 380/4,
`380/25, 23
`
`[56]
`
`References Cited
`U.S. PATENT DOCUMENTS
`3,996,449 12/1976 Attanasio ....................... 235/61.7 R
`4,104,721 8/1978 Markstein ........................... 364/20<r
`4,120,030 10/1978 Johnstone ........................... 364/200
`4,168,396 9/1979 Best ....................................... 178/22
`4,183,085 1/1980 Roberts ............................... 364/200
`4,246,638 1/1981 Thomas ............................... 364/200
`4,278,837 7/1981 Best .................................. 178/22.09
`4,433,207 2/1984 Best .................................. 178/22.09
`4,442,484 4/1984 Childs, Jr ............................ 364/200
`4,446,519 5/1984 Thomas ............................... 364/300
`4,458,315 7/1984 Uchenick ............................ 364/200
`4,462,078 7/1984 Ross .................................... 364/300
`4,465,901 8/1984 Best .. ; ............................... 178/22.08
`4,471,163 9/1984 Donald et al. ...................... 364/200
`4,471,216 9/1984 Herve .................................. 235/380
`4,513,174 4/1985 Herman ............................ 178/22.08
`4,523,271 6/1985 Levien ................................. 364/200
`4,525,599 6/1985 Curran et al ........................ 364/200
`4,558,176 12/1985 Arnold et al ..................... 178/22.08
`4,562,305 12/1985 Gaffney, Jr ...................... 178/22.08
`4,562,306 12/1985 Chou ................................ 178/22.08
`
`OTHER PUBLICATIONS
`Best, Preventing Software Piracy with Crypto-Micro(cid:173)
`processors, IEEE, 1980.
`(List continued on next page.)
`
`ABSTRACI'
`[57]
`The invention provides a software asset protection
`mechanism which is based on the separation of the .
`software to be protected from the right to execute that
`software. Protected software can only be executed on
`composite computing systems in which a physically and
`· logically secure coprocessor is associated with a host
`, computer. The software to be protected is broken down
`: into a protected (encrypted) portion and an (optional)
`unprotected or plain text portion. The software is dis-
`. tributed by any conventional software distribution
`. mechanism (for example a floppy disk) including the
`files already identified along with an encrypted soft(cid:173)
`ware decryption key. The coprocessor is capable or·
`decrypting the software decryption key so it can there(cid:173)
`after decrypt the software, for execution purposes.
`However, the coprocessor will not perform these func(cid:173)
`tions unless and until the user's right to execute is evi(cid:173)
`denced by presentation of a physically secure token.
`The physically secure token provides to the coproces(cid:173)
`sor token data in plain text form (the physical security
`of the plain text token data is provided by the cartridge
`within which token data is stored). The physical prop(cid:173)
`erties of that cartridge taken together with the corre(cid:173)
`spondence between the token data provided by the
`cartridge and the encrypted token data evidence the
`user's right to execute. While the coprocessor can,
`1 thereafter, decrypt and execute the protected portion of
`the software, access to that software is denied the user
`by the physical and logical features of the coprocessor.
`Other properties of the cartridge (specifically a destruc(cid:173)
`tive read property) ensure that the act of transferring
`token data to the coprocessor obliterates that data from
`the cartridge so it cannot be revised. Further, the proto(cid:173)
`col for the coprocessor/cartridge exchange is arranged
`so that observation of even the entire exchange pro(cid:173)
`vides inadequate information with which to simulate or
`spoof the effect of an authentic, unused cartridge.
`
`(List continued on next page.)
`
`35 Claims, 8 Drawing Sheets
`
`
`
`APPLE EX. 1041
`Page 1
`
`
`
`4,817,140
`
`Page 2
`
`U.S. PATENT DOCUMENTS
`4,577,289 3/1986 Comerford .......................... 364/900
`4,598,288 7/1986 Yarbrough ..................... 340/825.34
`4,599,489 7/1986 Cargile ............................. 178/22.08
`4,609,777 9/1986 Cargile ............................. 178/22.08
`4,609,985 9/1986 Dozier ................................. 364/200
`4,621,321 11/1986 Boebert et al .•........•....•.••... 364/200
`4,621,334 11/1986 Garcia ................................. 364/550
`4,633,388 12/1986 Chiu .................................... 364/200
`4,644,493 2/1987 Chandra et al ..................... 364/900
`4,652,990 3/1987 Pallen et al ......................... 364/200
`OTHER PUBLICATIONS
`Everett, "Padlock", Computer Bulletin, Mar. 1985, pp.
`16-17 + Padlock Public Key Software Protection Sys(cid:173)
`tem.
`Goldschmitt, "Thou Shall Not Dupe", Computer(cid:173)
`world, Jan. 28, 1985.
`Herzberg, "Public Protection of Software", Lecture
`Notes in Computer Science, vol. 218, 1986 (Proc.
`Crypto 85), pp. 158-178.
`
`Kent, Protecting Externally Supplied Software in Small
`Computers, Phd. thesis, M.I.T., Sep. 1980.
`Lipson, "Little Black Box 'Blocks' Illicit Software
`Copying", Stamford Advocate, Sep. 14, 1986, pp.
`E1-E2.
`Maude, "Hardware Protection Against Software Pi(cid:173)
`racy", Communications of the ACM, vol. 27, No. 9,
`Sep. 1984, pp. 950-959.
`Purdy, "A Software Protection Scheme", IEEE, 1982.
`Simmons, "How to (Selectively) Broadcast a Secret",
`IEEE, 1985.
`Winslow, "For Software Firms, Questions is How to
`Cope with Piracy", Wall Street Journal, Apr. 12, 1985.
`
`Primary Examiner-Gareth D. Shaw
`Assistant Examiner-John G. Mills
`Attorney, Agent, or Firm-Pollock, Vande Sande &
`Priddy
`
`
`
`APPLE EX. 1041
`Page 2
`
`
`
`,-------------------------------------------------------------,
`I . L---- 15
`155
`i FIG .1
`
`150
`
`154
`
`I
`
`I
`I
`I
`I
`I
`
`CPU
`
`RAM
`
`ROM
`
`REAL
`TIME
`CLOCK
`
`NON-VOLATILE
`RAM
`
`1/0
`PC1RTS
`
`_____________________________________________________________ :
`
`I
`I
`I
`I
`I
`I
`I
`
`DISC
`CONTROL
`
`1/0
`PC1RTS
`
`19
`
`9
`
`4
`
`HOST
`
`_____________________________________________________________ J~ 10
`
`
`
`APPLE EX. 1041
`Page 3
`
`
`
`FIG. 2
`
`:
`
`~--------------
`
`/ 20
`
`{214 Yo Ol
`DATA H
`
`l 02
`
`(2l
`
`LATCH
`t
`
`-
`
`SELECT ~
`
`DATA
`OUT
`
`,...
`
`CONNECTOR
`23
`-
`
`CLOCK
`
`,....
`
`,....
`
`,....
`
`DATA IN
`2
`DATA IN
`1
`EXTERNAL n.
`POWER
`EXTERNAL r-...
`GROUND ~
`-
`
`I
`I
`I
`I
`I
`I
`I
`I
`I
`
`I
`I
`I
`I
`
`I
`I
`I
`I
`
`~
`
`/"'\.
`
`\
`
`\
`
`27
`
`MULl IPLEXE R
`22
`
`C2
`
`041
`
`031
`-- ---------~~-~--------;r------
`"~I{'
`~-
`
`25
`
`_j-.._ 26
`
`-•
`
`•
`
`0
`
`REGIS ~ E R ~
`{CELL CELL1
`121 122
`REG I~ TER 2 Cl
`{CELL CELLI
`221 222
`
`•
`
`0
`
`/120
`
`o 1CELL
`12n
`
`• TCELL
`22n
`
`\220
`
`-------------------------------------~ I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`
`
`
`APPLE EX. 1041
`Page 4
`
`
`
`ENCRYPTED SOfTWARE DECRYPTION KEY 1--
`
`PLAIN TEXT SOfTWARE }
`
`ENCRYPTED SOfTWARE EAK(SOfTWARE)
`-
`ENCRYPTED TOKEN DATA EAK(TOKEN DATA) r--- fILE 3
`
`FIG.3
`
`FIG.4
`
`f1 'j
`SOFTWARE VENDOR ENCRYPTION
`
`I HARDWARf VENDOR ENCRYPTION n-
`
`f2)
`
`SOfTWARE VENDOR
`PART 1-
`A. SOFTWARE<(
`PART 2
`
`8. DECRYPTION
`KEY
`C. TOKEN DATA
`
`DISTRIBUTABLE SOFTWARE PRODUCT
`
`B.
`
`ENCRYPTED DECRYPTION KEY
`
`r--
`
`A. PART 1
`
`PLAIN TEXT SOFTWARE {PART 1)
`
`A. PART 2
`
`ENCRYPTED SOFTWARE {PART 2)
`
`c.
`
`ENCRYPTED TOKEN DATA
`
`
`
`APPLE EX. 1041
`Page 5
`
`
`
`FIG. 5
`
`-l
`
`35
`_.)
`
`l
`
`2
`
`r-- - - - -q6--, ~
`45_,
`DATA & PROGRAM
`FILES
`I
`I
`I
`
`SOFTWARE DISTRIBUTION
`PACKAGE
`
`(
`
`Ia
`
`FILE 1 £ CSK (AK)
`
`FILE 2 PLAIN TEXT SOFTWARE
`
`FILE 2 EAK
`
`(SOFTWARE)
`
`FILE 3 EAK
`
`(TOKEN DATA)
`
`,--
`
`COMPOSITE COMPUTING
`SYSTEM
`
`HOST cv
`!
`
`COPROCESSOR
`
`PERMANENT
`MEMORY
`
`TEMPORARY
`MEMORY
`
`L
`
`L
`
`5
`
`/_
`
`J
`
`/
`15 p
`
`/
`
`~ 0
`0 CD
`-,
`)
`
`/
`15 T
`
`~
`I ~
`1/1 TOKEN DATA J I I ""
`I I
`I
`~ I L ____ _jj .,..r;;..
`_j
`
`L__
`
`~
`
`_ 00
`~
`.,.
`--.)
`~
`~
`
`
`
`APPLE EX. 1041
`Page 6
`
`
`
`SOFTWARE DISTRIBUTION
`PACKAGE
`
`(
`
`OAT A & PROGRAM
`fiLES
`
`FILE 1 EcSK (AK)
`
`~
`,-- - - - - - --46--, a
`~
`I ~
`45-1
`I
`I
`J I
`
`,--
`
`COMPOSITE COMPUTING
`SYSTEM
`
`FIG.6
`
`-,
`
`L
`
`L
`
`HOST
`(])
`l
`
`COPROCESSOR
`
`35
`_.)
`
`7
`
`8
`
`PERMANENT
`MEMORY
`
`5
`
`TEMPORARY
`MEMORY
`
`5
`~
`
`~
`
`I
`_j
`
`J
`
`FILE 2 PLAIN TEXT SOFTWARE
`
`FILE 2 EAK
`
`(SOFTWARE)
`
`FILE 3 EA K (TOKEN DATA)
`
`
`
`APPLE EX. 1041
`Page 7
`
`
`
`FIG.7
`DOS SERVICE
`IN HOST
`
`I START SUPPORT I
`
`PROGRAM
`
`REQUESTED n
`
`H5)
`
`LOR
`?
`
`NO
`
`r - -
`
`H6)
`
`NO
`
`-
`
`EXIT
`REQUESTED
`?
`
`YES
`
`-
`
`H7....--
`
`END
`
`I
`
`NO
`.._
`
`NO
`
`ARE
`REQUESTED
`?
`
`~Hl
`YES
`
`YES
`
`rH2
`SEND ARE REQUEST
`TO COPROCESSOR
`
`SEND LOR
`REQUEST TO
`COPROCESSOR
`1
`I
`NO
`SERVICE
`. . _
`COPROCESSOR
`SUPPORT REQUESTS "HB
`~
`COPROCESSOR
`FINISHED
`?
`
`I
`I SERVICE COPROCESSOR
`SUPPORTS REQUESTS
`~
`COPROCESSOR
`FINISHED
`?
`
`(H 3
`
`YES
`
`'-H4
`
`YES
`
`NOTIFY
`CORRESPONDING
`PROGRAM IN HOST
`\ HJO
`
`
`
`APPLE EX. 1041
`Page 8
`
`
`
`U.S. Patent Mar. 28,1989
`
`Sheet 7 of8
`
`4,817,140
`
`FIG. 8
`
`Cl ~
`
`c
`2-
`
`START
`ARE
`PROGRAM
`+
`REQUEST EcsK(AK)
`FROM HOST CD
`+
`DECRYPT EcsK(AK)
`WITH CSK TO GET AK
`+
`- REQUEST EAK(TOKEN DATA)
`FROM HOST CD
`+
`- DECRYPT EAK(TOKEN DATA)
`WITH AK TO GET TOKEN
`DATA
`+
`GENERATE
`''RANDOM,,
`NUMBER
`I
`
`C3
`
`C4
`
`c
`5-
`
`!
`USE TOKEN DATA AND RANDOM
`NUMBER TO SIMULATE TOKEN
`RESPONSE GENERATION
`PROCESS TO GET
`EXPECTED TOKEN RESPONSE
`
`C6_.........f-
`
`l
`C7-- REQUEST HOST QUERY TOKEN
`WITH RANDOM NUMBER Cl)
`+
`REQUEST HOST SUPPLY(i)
`TOKEN RESPONSE
`4
`+
`COMPARE TOKEN RESPONSE
`WITH EXPECTED RESPONSE
`+
`ClOVES f- RESPONSES
`EQUIVALENT
`?
`
`CB
`
`C9
`
`r-1!Q_
`
`1
`CH
`MOVE AK
`INTO
`PERMINANT STORAGE ® I--CI3
`+
`REQUEST HOST
`INFORM USER
`OF SUCCESSFUL MATCH AND
`STORAGE Of INDEX OF KS
`FILE 2 PLAIN TEXT SOFTWARE
`•
`I
`I END
`
`~CI4
`
`~
`REQUEST HOST INFORU
`USER OF MISMATCH
`+
`I
`I END
`
`
`
`APPLE EX. 1041
`Page 9
`
`
`
`FIG.98 APPLICATION IN
`COPROCESSOR
`Cl5
`
`REQUEST LOCATION Of
`AK FROM HOST
`
`C 16
`
`REQUEST FILE 2 EAK (SOFTWARE)
`@
`fROM HOST
`
`CIB
`
`FIG. 9A
`
`APPLICATION IN
`HOST
`START
`APPLICATION (j)
`PROGRAM
`
`SEND LOR ORDER
`TO DOS WITH
`INDEX Of AK
`
`WAIT FOR NOTIFICA TJON
`FROM DOS SERVICE
`
`EXECUTE
`APPLICATION USING
`CODE EXECUTING
`IN COPROCESSOR
`AS NEEDED
`
`HH
`
`_Hi2
`
`H 13
`
`Hl4
`
`
`
`APPLE EX. 1041
`Page 10
`
`
`
`SOFTWARE PROTECTION SYSTEM USING A
`SINGLE-KEY CRYPTOSYSTEM, A
`HARDWARE-BASED AUTHORIZATION SYSTEM
`AND A SECURE COPROCESSOR
`
`DESCRIPTION
`TECHNICAL FIELD
`The invention is in the field of data processing and is
`specifically directed to a software copy protection
`mechanism. In particular a mechanism is provided
`which restricts software; distributed on magnetic disk
`or other medium, to use on any computer which is
`associated with a specified, physically secure coproces·
`sor where the mechanism does not interfere with the
`user creation of "backup" copies, but the protection is
`not compromised by any such "backup" copies.
`CROSS-REFERENCE TO CO-PENDING
`APPLICATIONS Reference is made to the following 20
`co-pending applications, assigned to the assignee of this
`application:
`U.S. patent application Ser. No. 927,309, filed Nov. 5,
`1986; U.S. patent application Ser. No. 927,306, filed
`Nov. 5, 1986; U.S. patent application Ser. No. 927,298, 25
`filed Nov. 5, 1986; U.S. patent application Ser. No.
`927,286, filed Nov. 5, 1986; U.S. patent application Ser.
`No. 927,297, filed Nov. 5, 1986; and U.S. patent applica(cid:173)
`tion Ser. No. 927,299, filed Nov. 5, 1986.
`
`BACKGROUND ART
`A good description of the background art to the
`invention is provided in the applicants co-pending U.S.
`Pat. No. 4,644,493, filed Sept. 14, 1984.
`In addition to the prior art identified in the referenced 35
`application, Uchenick U.S. Pat. No. 4,458,315 suggests
`a security procedure for protecting software. in which
`the software is distributed with a key number (first key
`information). In order for the software to be run on a
`computer, the computer must have access to a device 40
`storing "second key information". The program will
`not properly execute unless the first and second key
`information bears some specified relation. The patent
`however does not describe use of a transaction token
`which forms an important component of the present 45
`invention, nor is there any apparent impediment to
`deter a pirate from merely altering the software so it can
`execute without this comparison step nor does the pa(cid:173)
`tent describe how the computer obtains access to the
`"record key information" in such a way that that access 50
`cannot be duplicated or forged.
`Jones Futurex, Inc. describe a software protection
`product which employs a decryption board which
`stores a decryption key in "write only" mode. This
`product comes in fixed key and variable key models. 55
`The fixed key model would require the software vendor
`to personalize each different software copy to a differ(cid:173)
`ent key. While the variable key product might not have
`this failing, the product description does not describe
`how the variable key can be loaded except to say this is 60
`accomplished by "an remote communications proces(cid:173)
`sor". Such a scheme for distributing decryption keys is
`inconsistent with the distribution methods in common
`use. This drawback does not characterize the system
`taught by this disclosure.
`Best, in U.S. Pat. Nos. 4,168,396; 4,278,837 and
`4,465,901, describes a program protection mechanism
`which makes use of enciphered programs. However,
`
`1
`
`4,817,140
`
`2
`Best suggests that each copy of a program be custom(cid:173)
`ized so that it is only executable on a single micro(cid:173)
`processor, i.e. in a single, physically unique micro(cid:173)
`processor. This protection appears breakable by discov-
`5 ering the key needed to decrypt the software and by
`other cryptanalytic techniques. However, as a practical
`technique for protecting software, it is unusable. A
`software vendor must sell each copy of his software
`(which has been customized), along with the micro-
`to processor which has been customized to run the associ(cid:173)
`ated software. The only alternative is for the vendor to
`identify which microprocessor the user owns so that the
`software can be customized for it. To the extent that the
`software vendor allows the software to be run on a class
`15 of microprocessors (say all 80286), then the protection
`is lost, for duplicates of the software will freely run on
`all microprocessors of the class.
`The referenced U.S. Pat. No. 4,644,493 describes a
`method for recording data on magnetic media in such a
`way that the act of reading the data alters it. Such "read
`once" magnetic recordings cannot be created by con(cid:173)
`ventional disk drives so they cannot be copied by con(cid:173)
`ventional personal computers systems. As described in
`the referenced application a computer is associated with
`a physically and logically secure coprocessor and soft(cid:173)
`ware as distributed on the magnetic media includes at
`least a significant section or portion which is encrypted.
`The magnetic media also includes an encrypted decryp-
`30 tion key which must be used by the coprocessor to
`decrypt the encrypted portion of the software. The act
`of transferring the encrypted decryption key from the
`magnetic media to the secure coprocessor is linked to
`the mechanism which alters the data. This assures that,
`in the absence of extraordinary measures, the encrypted
`decryption key is not transferable once the magnetic
`medium has been read. This prevents the creation of
`copies of the distribution medium which can be em(cid:173)
`ployed on other computers, subverting the copy protec-
`tion mechanism. Once the coprocessor has access to the
`encrypted decryption key, it can decrypt this key. In
`the course of executing the software the encrypted
`portion is decrypted by the coprocessor. This ensures
`that the software is executable, but prevents the user
`from obtaining access to the complete software package
`in decrypted form.
`The mechanism described in the referenced applica-
`tion is extremely resistant to attack because the decryp(cid:173)
`tion key and the protected fraction of the software are
`never exposed to the user in unencrypted form. The
`owner of the software is allowed unlimited backup
`copies, but these backup copies are useless on any other
`personal computer (one which does not have access to
`the specific coprocessor already storing the decryption
`key). The protection system is open to any software
`writer for use and any hardware producer for manufac-
`ture because it requires no sharing of confidential infor(cid:173)
`mation (key information) between the involved parties
`and its methods may be disclosed publicly without com(cid:173)
`promising its security.
`However the read once magnetic recording has two
`vulnerabilities in a copy protection system. First it is
`always possible (although costly) to examine the mag(cid:173)
`netic medium and produce a device which will forge its
`behavior to a computer system. Second, a determined
`pirate may be able to build an apparatus which will
`restore the pre-read state of the "read once" recorded
`data that has been used to authorize the acceptance of a
`
`65
`
`
`
`APPLE EX. 1041
`Page 11
`
`
`
`4,817,140
`
`3
`decryption key by a system. The re-initialized medium
`could then be used to illicitly "authorize" a second
`system.
`The method, as described in the referenced applica(cid:173)
`tion requires use of a public key crypto system. This 5
`architectural restriction limits the flexibility of the sys(cid:173)
`tem. In addition the system described in the referenced
`application requires the use of a bus slot which may not
`be available on some systems or may be too valuable to
`a user. This is necessary to allow the coprocessor to 10
`observe the host processor bus operations so that it may
`assure itself that the appearance of the read once mag(cid:173)
`netic recording is not being simulated by a program on
`the host computer.
`The present invention overcomes the above noted 15
`disadvantages in that it firstly does not require a dedi(cid:173)
`cated bus slot for a physically secure coprocessor, it
`does not rely on public key crypto systems nor does it
`rely on read once magnetic media. In these respects it is
`both more versatile and more resistant to attempted 20
`piracy than the earlier system.
`The present invention is based on the recognition that
`today's software distribution techniques distribute to
`the user, in addition to the software itself, the right to
`execute that software. That is, more particularly, when 25
`software is sold to the typical user, the user acquires not
`only the software itself but the right to use it. However,
`he can, with a typical personal computer, duplicate the
`software and distribute it along with the (implied) right
`to use it to others. The invention seeks to separate the 30
`software, from the right to use it. Further, it seeks to
`place the means of creating these Rights-to-Execute in
`the hands of the software authors or their representa(cid:173)
`tives. It also seeks to do these things with no perturba- ·
`tion to the existing or planned channels of software 35
`distribution and minimum change to the means by
`which software is prepared for distribution. As will be
`described below, in accordance with the present inven(cid:173)
`tion, the typical software purchaser may still duplicate
`at will the software he has received from the vendor. 40
`However, he cannot duplicate the right to use the soft(cid:173)
`ware; in fact he receives a single right to use the soft(cid:173)
`ware. To become effective, that right to use must be
`installed in a suitable coprocessor, and it is only when
`the right to use is installed on the suitable coprocessor 45
`(which is associated with the host computer on which
`the user intends to run the software) that the software
`becomes executable. Other copies of the software that
`the user might make are not executable on any other
`host computer (even if such other host computer is 50
`associated with another suitable coprocessor).
`In accordance with the present invention software
`can be distributed on magnetic media (such as tape or
`floppy disk) or by other means (telephone lines, cable or
`broadcast transmission). The software is partitioned 55
`into an encrypted portion P e and an unencrypted (clear
`text) portion Pc. The choice of the partitioning is made
`by the software vendor with the understanding that
`only the encrypted portion will be protected from pi(cid:173)
`racy. The encrypted portion, Pe, of the software will be 60
`decrypted and executed by a physically and logically
`secure coprocessor if the coprocessor possesses the
`decryption key which embodies the right to execute.
`The protected part of the software is, thus, never ex(cid:173)
`posed in plaintext form and never executed by unautho- 65
`rized systems. The coprocessor may be attached to the
`user's personal computer either on the system bus or
`through a 1/0 or other communication port.
`
`4
`In order to be effective, and decrypt the encrypted
`portion of the protected software, the coprocessor must
`be provided with the decryption key (Right-Right-to(cid:173)
`Execute or RTE, also referred to as AK or Application
`Key) needed to render the encrypted portion of soft(cid:173)
`ware executable. The key (RTE or AK) must be trans(cid:173)
`ferred to the software owner's coprocessor in such a
`way that the transfer mechanism cannot be reused or
`reproduced by a user and thus grant key transfer to
`other personal computers. This is accomplished by asso(cid:173)
`ciating the effective transfer of the decryption key into
`the non-volatile memory of the coprocessor with a
`transaction token, e.g. the presence of the transaction
`token is required to effectively transfer the decryption
`key to the coprocessor. The token is very resistant to
`forgery for reasons which are described below and its
`information content is destroyed during the transfer
`transaction. The token has information content which is
`known to the coprocessor because it is identified in an
`encrypted ftle. This ftle is called the Encrypted Token
`Description or ETD. This identification is authenti(cid:173)
`cated to the coprocessor by the fact that it is encrypted
`with the same key (AK) which the software vendor has
`used to encrypt the protected portion of the software.
`The ETD may be distributed to the user by placing it in
`a dedicated register in the token, by recording it on the
`distribution medium, or by distributing it by other
`means.
`The software vendor supplied key (AK) is made
`available to the coprocessor by supplying it, in en(cid:173)
`crypted form, with the program via the software distri(cid:173)
`bution medium or other means as described in the case
`of the ETD. In the general case, the key used to encrypt
`the AK is selected from a list of Coprocessor Supervi(cid:173)
`sor Keys (CSKs) which is stored in all coprocessors
`supplied by a given vendor.
`The function of encrypting the software vendor's
`decryption key with one of these stored encryption keys
`is a service provided by the coprocessor so that the
`store of keys (CSKs) need never be exposed to the
`software vendor. The coprocessor which the software
`vendor uses to encrypt the software vendor's keys may
`be precisely the same type of coprocessor as the user
`employs to decrypt and run the software. Alternatively,
`special processors may be sold for this purpose or stan(cid:173)
`dard processors may be enabled to perform this func(cid:173)
`tion by an encrypted message from the hardware manu(cid:173)
`facturer. These options may be useful in giving flexibil(cid:173)
`ity to the marketer of such devices.
`For the same reason the software vendor's decryp(cid:173)
`tion keys (such as AK) are never exposed to the soft(cid:173)
`ware user, the hardware vendor's encryption keys
`(CSK) are never exposed to the software vendor. This
`system thus has the property that no information need
`be shared between hardware and software manufactur(cid:173)
`ers in order to use the protection provided. In addition,
`a single encryption system such as DES may be used for
`all cryptographic functions.
`In accordance with the invention, in order to access
`the transfer token, the coprocessor is provided with a
`data path which allows communication with a hard(cid:173)
`ware sub-system such as a cartridge. This data path may
`utilize a connection to the cartridge supplied by either
`the host (such as a PC) or the coprocessor. The car(cid:173)
`tridge contains an electronic memory with properties
`that change (in a manner to be described) in response to
`whether the memory is being read from or written to.
`This cartridge sub-system must be extremely difficult to
`
`
`
`APPLE EX. 1041
`Page 12
`
`
`
`4,817,140
`
`25
`
`6
`5
`The first time the user attempts to employ the pro-
`copy in the sense that a substitute is very unlikely to be
`created by a user which can fool a coprocessor into
`tected software, he couples the physically and logically
`accepting it as verification of the user's right to store a
`secure coprocessor to the computer system in which the
`protected software is to be run and also couples the
`given decryption key (AK) in the user's coprocessor.
`Since the connection to the sub-system is physically
`hardware cartridge containing the transfer token to the
`computer system.
`exposed, the transaction which uses this connection as
`On the fust running of the software the encrypted
`its communications medium must be forgery-resistant.
`software key EAK is transferred to the coprocessor and
`To be forgery-resistant, each transaction must be
`effectively unique and verifiable by the coprocessor.
`is decrypted by the coprocessor using the required CSK
`The technique by which this security is obtained is 10 to obtain AK. For reasons which are explained below,
`described below.
`this transfer is temporary, the coprocessor will reject
`the transfer if the conditions described below are not
`The sub-system which is used to verify the right of a
`user to a particular decryption key is referred to as a
`met. A verifiable· portion of the contents of the hard-
`transfer token. The necessary functions can be imple-
`ware cartridge, i.e., the transfer token, is also trans-
`mented using programs executed by a micro-processor 15 ferred to the coprocessor using a forgery-resistant que-
`or by using a dedicated hardware system. Inasmuch as
`ry /response protocol; this process alters or destroys the
`the most economical implementation of a transfer token
`contents of the hardware cartridge. The information
`will be a dedicated hardware system, this is the version
`revealed to an observer of the query and the response is
`that is described.
`insufficient to allow a forger to construct a correct
`The transfer token hardware and its information con- 20 response to another coprocessor query. The transfer
`tent must be kept physically secure to avoid its access
`token can be "refilled" with information by a software
`by the user through means which bypass the forgery
`author, but the refilled transfer token will only autho-
`prevention feature. One implementation of this physical
`rize a coprocessor to accept an AK from that author.
`security is described in co-pending application Ser. No.
`The physically and logically secure coprocessor deter-
`927,309, filed Nov. 5, 1986 the disclosure of which is
`mines whether or not the transfer token is effective by
`incorporated by this reference. The same technique
`determining whether or not it corresponds to an ex-
`may be employed to render the coprocessor itself physi-
`pected transfer token. Assuming the transfer token is
`cally secure and to protect its memory contents from its
`found acceptable, the coprocessor then stores the soft-
`exposure to a user. Since tokens can be implemented as 30 ware decryption key AKin its permanent memory. At
`a single, continuously powered, integrated circuit chip,
`this point the transfer is effective so that the coproces-
`no additional physical security is needed. If the physical
`sor can use AK to decrypt and run protected software.
`security of a token were broken, then no cryptographic
`Once the software decryption key AK is stored in the
`keys would be revealed and only the single associated
`permanent memory of the coprocessor, the protected
`software package could be redistributed.
`35 software can be executed. The plaintext portion of the
`Thus, in accordance with the invention, software to
`protected software is executed by the user computer
`be protected is partitioned into a plain text portion and
`system. The encrypted portion (the protected portion)
`an encrypted portion; the encryption key (AK) used to
`of the software is decrypted upon loading by the co-
`encrypt the software is known only to the software
`processor. The logical and physical security of the co-
`vendor. The protected software provided to the user is 40 processor memory prevents the user from having access
`associated with the software decryption key, in en-
`to plaintext or executable form of the protected soft-
`crypted form (EAK). The software decryption key
`ware.
`(AK) is encrypted with the hardware vendor's encryp-
`On each subsequent use of the protected software the
`tion key (CSK) which is not known to the software
`software decryption key AK now stored in the perma-
`vendor. This encryption is a service performed by such 45 nent memory of the coprocessor is used to decrypt the
`coprocessors. The software and encrypted decryption
`encrypted portions thereof. The user can make as many
`key (EAK) may be associated with information describ-
`"backup" copies of the software as he desires; however
`ing a transfer token (TOKEN DATA) by encrypting
`without access to a logically and physically secure co-
`that description under AK. The correspondence be-
`processor storing
`the decryption key AK, any
`tween the content of the token and the token data (after so "backup" copies of the software are unusable since the
`decryption under AK) indicates to the coprocessor that
`encrypted portion of the software cannot be decrypted.
`that particular AK may be stored for future use. The
`Accordingly, the invention provides a method of
`authorized user is provided with a token, which in a
`restricting use of software to an authorized computer
`preferred embodiment is implemented in the form of a
`comprising the steps of:
`hardware cartridge. The transfer token is physically 55
`distributing said software in a form in which at least
`and logically secure, so that a sufficient fraction of its
`a significant portion is encrypted,
`information contents is not available to the user. The
`providing a coprocessor in association with a poten-
`transfer token, or the hardware cartridge incorporating
`tially authorized processor, which coprocessor has a
`the transfer token has a read once feature whereby the
`memory space secured against external access for stor-
`flrst time the hardware cartridge is read the contents are 60 ing decrypted software and operating instructions,
`altered so that the authorization which the hardware
`coupling said software to said processor, coupling a
`cartridge represents cannot be effectively reused by the
`distinct right-to-execute to said coprocessor and storing
`user. The user is also provided with a physically and
`said distinct right-to-execute in said secure memory of
`logically secure coprocessor. The physically and logi-
`said coprocessor,
`cally secure coprocessor has in permanent memory the 65
`in the presence of said distinct right-to-execute, de-
`hardware vendor's decryption key(s) CSKl, CSK2, etc.
`crypting and storing said significant portion of said
`The data descriptive of the token will typically be trans-
`software in said coprocessor for the period needed to
`ferred with the software.
`execute such software as needed by the user, and
`
`
`
`APPLE EX. 1041
`Page 13
`
`
`
`4,817,140
`
`7
`8
`can be used to select a bit from the first or the second
`- executing said stored software portion in said co-
`portion. A