(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT)
`
`(19) World Intellectual Property Organization
`International Bureau
`
`(43) International Publication Date
`27 September 2007 (27.09.2007)
`
`(51) International Patent Classification:
`G06F 21/22 (2006.01)
`
`MP
`PCT
`
`(21) International Application Number:
`PCT /IB2007/050796
`
`(22) International Filing Date:
`
`9 March 2007 (09.03.2007)
`
`(25) Filing Language:
`(26) Publication Language:
`
`English
`English
`
`(30) Priority Data:
`17 March 2006 (17.03.2006) EP
`06111353.6
`(71) Applicant (for all designated States except US): KONIN-
`KLUKE PHILIPS ELECTRONICS N.V. [NL/NL];
`Groenewoudseweg 1, NL-5621 BA Eindhoven (NL).
`(72) Inventors; and
`(75) Inventors/Applicants (for US only): MICHIELS, Wil-
`helmus,P., A., J. [NL/NL]; c/o Prof. Holstlaan 6, NL-5656
`A A Eindhoven (NL). ESSER, Norbert, C. [US/US]; c/o
`Prof. Holstlaan 6, NL-5656 AA Eindhoven (NL). GORIS-
`SEN, Paulus, M., H., M., A. [NL/NL]; c/o Prof. Holstlaan
`6, NL-5656 AA Eindhoven (NL).
`(74) Agents: GROENENDAAL, Antonius, W., M. et al.;
`Prof. Holstlaan 6, NL-5656 AA Eindhoven (NL).
`
`(54) Title: PROTECTION OF SOFTWARE FROM PIRACY
`
`(10) International Publication Number
`WO 2007/107905 A2
`(81) Designated States (unless otherwise indicated, for every
`kind of national protection available)-. AE, AG, AL, AM,
`AT, AU, AZ, BA, BB, BG, BR, BW, BY, BZ, CA, CH, CN,
`CO, CR, CU, CZ, DE, DK, DM, DZ, EC, EE, EG, ES, EI,
`GB, GD, GE, GH, GM, GT, HN, HR, HU, ID, IL, IN, IS,
`JP, KE, KG, KM, KN, KP, KR, KZ, LA, LC, LK, LR, LS,
`LT, LU, LY, MA, MD, MG, MK, MN, MW, MX, MY, MZ,
`NA, NG, NI, NO, NZ, OM, PG, PH, PL, PT, RO, RS, RU,
`SC, SD, SE, SG, SK, SL, SM, SV, SY, TJ, TM, TN, TR,
`TT, TZ, UA, UG, US, UZ, VC, VN, ZA, ZM, ZW.
`(84) Designated States (unless otherwise indicated, for every
`kind of regional protection available): ARIPO (BW, GH,
`GM, KE, LS, MW, MZ, NA, SD, SL, SZ, TZ, UG, ZM,
`ZW), Eurasian (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM),
`European (AT, BE, BG, CH, CY, CZ, DE, DK, EE, ES, EI,
`ER, GB, GR, HU, IE, IS, IT, LT, LU, LV, MC, MT, NL, PL,
`PT, RO, SE, SI, SK, TR), OAPI (BF, BJ, CF, CG, CI, CM,
`GA, GN, GQ, GW, ML, MR, NE, SN, TD, TG).
`Declaration under Rule 4.17:
`as to applicant's entitlement to apply for and be granted a
`patent (Rule 4.17(ii))
`Published:
`without international search report and to be republished
`upon receipt of that report
`
`[Continued on next page]
`
`REGISTRATION SERVER
`40
`
`AUTHORISATION
`UNIT
`
`42
`
`PRODUCT ID
`
`TERMINAL ID
`
`— 44
`
`-45
`
`13 1 r > u?
`
`I
`
`PROCESSOR
`I
`
`MEMORY/STORAGE 14
`1 2!
`
`PROGRAM 16
`
`UPDATE REQUEST
`(+ AUTHORISATION DATA)
`
`32
`^
`
`APPLICATION 18
`
`i 20-
`
`BLOCKADE #1
`
`tl
`
`IT s;
`P KJ
`
`30
`
`PROGRAM UPDATE
`
`BLOCKADE #N
`
`tN
`
`| PRODUCT ID]—
`
`jtERMINAL IDj-
`
`--23
`
`-24
`
`34
`
`48
`
`PROGRAM
`UPDATES
`
`10
`
`IT)
`O
`
`o\ r-o
`
`(57) Abstract: A method of protecting a computer program (16) running on a computer apparatus (10) from piracy. The computer
`program (16) includes a code module (18) which performs an application and code which defines a plurality of blockades (20). Each
`blockade is associated with a parameter which determines activation of the blockade. Once activated, each blockade changes the
`functionality of the application compared to that pertaining prior to activation of the blockade. Blockades activate at different times.
`Each blockade requires at least one program update to be executed to deactivate that blockade. Updates can be installed manually or
`automatically. Preferably, the computer program is authorised as being a genuine copy of the program before receiving a program
`update.
`
`APPLE EXHIBIT 1004
`Page 1 of 27
`
`

`

`WO 2007/107905 A2
`
`For two-letter codes and other abbreviations, refer to the "Guid­
`ance Notes on Codes and Abbreviations" appearing at the begin­
`ning of each regular issue of the PCT Gazette.
`
`APPLE EXHIBIT 1004
`Page 2 of 27
`
`

`

`WO 2007/107905
`
`PCT/IB2007/050796
`
`Protection of software from piracy
`
`1
`
`This invention relates to protection of software products.
`
`5
`
`10
`
`15
`
`20
`
`25
`
`The computer industry loses a significant amount of money to software piracy.
`In software piracy a so-called 'pirate' obtains a piece of software, copies the software, and
`then distributes illegal copies of the software for profit. Where software includes some form
`of copy protection, a pirate may take steps to remove, or disable, the copy protection before
`making illegal copies and distributing them.
`Various forms of security measures are known which attempt to protect
`software from piracy. In client-server systems it is possible to arrange for part of the
`software code to be executed by a client and part of the software code to be executed by a
`secure remote server. In this type of system checks can regularly occur between the client
`and server and in the event of a security concern with a particular client, the server can stop
`executing code for that client. While this is a secure solution it has a disadvantage of
`requiring the software supplier to provide processing capability at the server for each
`software user.
`
`A majority of software is executed in a stand-alone manner by terminals.
`Although the terminal which executes the software can have access to an external network,
`such as the Internet, the terminal does not require a continuous connection to a remote server
`for the software to function. It is this kind of set up where it is most difficult to protect
`software.
`
`It is known to provide software which requires a user to enter a security 'key'
`(typically a code supplied with the product) at the time of installing software. The software
`product is only unlocked when the correct key is given. However, this can be bypassed by
`ensuring that any illegal copies of a software product are accompanied with this key. An
`additional security measure is to ask a user to register their product with a registration
`authority. A user can register their product by sending details by mail, phone, fax or, more
`typically, by allowing their terminal to electronically exchange data with a remote server.
`The registration process sends a key which uniquely identifies the copy of the installed
`
`APPLE EXHIBIT 1004
`Page 3 of 27
`
`

`

`WO 2007/107905
`
`PCT/IB2007/050796
`
`2
`product, in an attempt to prevent multiple registrations of the same software product installed
`on different terminals. The registration process may also collect details of the hardware
`configuration at the terminal where the software has been installed. US 6,243,468 describes
`a system of this kind. Registration is often not compulsory, and so it is still possible to use
`pirate software without registration.
`It is known to provide software on a trial basis with a time-dependent
`blockade. After using the program for a particular time (e.g. operating the program ten
`times), the user is required to purchase a key to continue using the product. If the correct key
`is not provided, the program is rendered unusable. US 5,014,234 describes software of this
`kind.
`
`In spite of these various security measures, software piracy remains a
`significant problem to the software industry.
`The present invention seeks to discourage software piracy.
`
`5
`
`10
`
`15
`
`Accordingly, a first aspect of the present invention provides a method of
`protecting a computer program running on a computer apparatus from piracy comprising, at
`the computer apparatus:
`executing at least one code module of the computer program to perform an
`
`20
`
`application;
`
`25
`
`30
`
`executing code of the computer program which defines a plurality of
`blockades, each blockade being associated with a parameter which determines activation of
`the blockade, wherein each blockade, once activated, is arranged to change the functionality
`of the application compared to that pertaining prior to activation of the blockade, and wherein
`activation of a first blockade is arranged to occur at a different time to that of a second
`blockade;
`
`receiving a program update, and
`executing the program update to deactivate one of the blockades,
`wherein each blockade requires at least one program update to be executed to deactivate that
`blockade.
`
`Providing a plurality of blockades which activate at different times forces the
`computer apparatus which executes the program to install program updates at different points
`in time to deactivate the blockades and continue using the software. Preferably a blockade,
`once activated, is arranged to stop the application from operating, or to cause the application
`
`APPLE EXHIBIT 1004
`Page 4 of 27
`
`

`

`WO 2007/107905
`
`PCT/IB2007/050796
`
`3
`to operate with reduced or incorrect functionality compared to that pertaining prior to
`activation of the blockade.
`Pirates are discouraged from distributing illegal software as users of
`illegitimate software continue to be dependent on the pirate for updates. This increases the
`operating costs of the pirate and, because the pirate has to keep in contact with the customers,
`it increases the risk of the pirate being discovered. If a pirate chooses not to support users of
`the pirate software, the pirate copies of the software will terminate, or operate with reduced
`or incorrect functionality, when the first blockade is reached.
`In addition to deactivating a blockade, the program updates can include code
`to fix a breach of a security mechanism which may have occurred since release of the
`computer program. Program updates can additionally, or alternatively, include code to
`implement additional blockades and code to fix other bugs which have been discovered in the
`program. By incorporating the blockades, a user is required to install a program update if
`they are to continue using the program with at least the functionality pertaining originally.
`The program updates can be installed manually by a user or, more preferably,
`the updates can be installed automatically before a blockade becomes active. This can occur
`as a background process which does not interrupt the normal operation of the program. The
`updates can be retrieved by a user or automatically by the program. In all cases, it is
`preferred that the copy of the computer program is verified as being an authorised copy
`before a blockade is deactivated.
`A program update can be installed before the activation time of a blockade.
`This will have the effect of deactivating the blockade and will ensure that the effects which
`are scheduled to occur at the time of activation (application stops operating; application
`operates with reduced or incorrect functionality) do not occur. However, it is preferred that
`the update can only be installed during a limited window of time preceding the activation
`time of the blockade. This prevents pirates from supplying a copy of the program with
`updates already installed to deactivate the blockades.
`Legitimate users do not need to be inconvenienced by the blockades as the
`software can automatically contact the server to deactivate the blockade at an appropriate
`time.
`
`Preferably, the code which implements the blockades is buried within the code
`module (or modules) of the application to prevent the blockade code from being readily
`identified and altered.
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`APPLE EXHIBIT 1004
`Page 5 of 27
`
`

`

`WO 2007/107905
`
`PCT/IB2007/050796
`
`5
`
`4
`The time at which each blockade becomes active can be linked to an absolute
`time and date, a relative time compared to an event (e.g. 30 days after program first installed)
`or usage of the program (e.g. after 20 uses). Time and date can be supplied by a secure clock
`local to the terminal which executes the software (e.g. Microsoft™ secure clock) or a secure
`clock provided by a remote server.
`Another aspect of the present invention provides a computer program for
`execution by a computer apparatus comprising:
`at least one code module to perform an application on the computer apparatus;
`code which defines a plurality of blockades, each blockade being associated
`10 with a parameter which determines activation of the blockade, wherein each blockade, once
`activated, is arranged to change the functionality of the application compared to that
`pertaining prior to activation of the blockade, and wherein activation of a first blockade is
`arranged to occur at a different time to that of a second blockade;
`and wherein each blockade requires at least one program update to be executed
`to deactivate that blockade.
`The computer program can be distributed electronically, such as by a user
`downloading the program from a server, or on physical media such as optical disks or
`memory chips.
`Another aspect of the present invention provides a method of generating a
`computer program of the above type.
`A further aspect of the present invention provides a method of protecting a
`computer program running on a computer apparatus from piracy, the computer program
`comprising at least one code module to perform an application and code which defines a
`plurality of blockades, each blockade being associated with a parameter which determines
`activation of the blockade, wherein each blockade, once activated, is arranged to change the
`functionality of the application compared to that pertaining prior to activation of the
`blockade, with activation of a first blockade being arranged to occur at a different time to that
`of a second blockade, the method comprising, at a service provider:
`maintaining a store of information identifying registered copies of the
`computer program;
`receiving a request from the computer apparatus for a program update, the
`request including information which identifies the copy of the program or the identity of the
`computer apparatus;
`
`15
`
`20
`
`25
`
`30
`
`APPLE EXHIBIT 1004
`Page 6 of 27
`
`

`

`WO 2007/107905
`
`PCT/IB2007/050796
`
`5
`verifying that the computer apparatus is authorised to use the copy of the
`computer program; and,
`if the computer apparatus is authorised to use the copy of the computer
`program, sending the program update to the computer apparatus to deactivate the blockade.
`A further aspect of the present invention provides a method of protecting a
`computer program running on a computer apparatus from piracy, the computer program
`comprising at least one code module to perform an application and code which defines a
`plurality of blockades, each blockade being associated with a parameter which determines
`activation of the blockade, wherein each blockade, once activated, is arranged to change the
`functionality of the application compared to that pertaining prior to activation of the
`blockade, with activation of a first blockade being arranged to occur at a different time to that
`of a second blockade, the method comprising, at a service provider:
`maintaining a store of information identifying registered copies of the
`computer program and, for each registered copy, times at which blockades will be activated;
`and,
`
`sending a program update to a computer apparatus before the time at which a
`blockade will become activated on that computer apparatus.
`Still further aspects of the invention provide a system for protecting a
`computer program from piracy and a computer apparatus and a server for performing the
`above recited methods.
`
`Embodiments of the present invention will now be described, by way of
`example only, with reference to the accompanying drawings, in which:-
`Figure 1 shows a system in accordance with an embodiment of the present
`
`invention;
`
`Figure 2 shows a time line illustrating the use of blockades which become
`active at different points in time;
`Figure 3 shows the time line of Figure 2 after a first blockade has been
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`removed;
`
`Figure 1; and,
`
`Figure 1.
`
`Figure 4 shows a first embodiment of a method performed by the system of
`
`Figure 5 shows a second embodiment of a method performed by the system of
`
`APPLE EXHIBIT 1004
`Page 7 of 27
`
`

`

`WO 2007/107905
`
`PCT/IB2007/050796
`
`6
`
`5
`
`10
`
`15
`
`Figure 1 schematically shows a computer apparatus in the form of a user
`terminal 10. Terminal 10 can communicate via a network 30 (e.g. the Internet) with a
`registration server 40. As will be explained more fully below, the communication between
`terminal 10 and server 40 does not need to be continuous. The main components of terminal
`10 relevant to the invention are shown. These include a processor 12 and memory/storage
`14. Processor 12 connects to a communications interface 15 and hardware/software elements
`such as a clock 13. Typically, the memory/storage 14 will comprise solid state memory and
`additional storage in the form of hard disk storage, optical disc storage etc. as will be well
`understood by a skilled person. Memory/storage 14 is shown as storing a program 16 which
`includes a code module 18 for performing an application and code 20 for implementing a
`number (N) of blockades. In addition, a Product ID 23 and a Terminal ID 24 can be stored.
`Figure 1 shows a terminal 10 after a software product has been installed on the terminal.
`Initially, a user will obtain a software product and install the product onto the terminal 10.
`The software product can be distributed on a program carrier (e.g. optical disc or memory
`chip) or can be downloaded to the terminal 10 from a network server (e.g. server 40 or
`another server) in response to a user purchasing the product. The software product will
`include some form of installation program which causes the various elements of the program
`16 to be installed on terminal 10. The application 18 can provide any function to terminal 10,
`examples being an office application (word processing, spreadsheet, database, diary), image
`or multimedia editing or authoring, desktop publishing and a game.
`The program runs in a stand alone manner in that the terminal 10 locally
`executes all of the code necessary to implement the application. In the preferred embodiment
`25 where program updates are received from a server, only an occasional network connection to
`the server is required to receive the program updates.
`For ease of explanation, blockades 20 are shown as separate code blocks.
`However, these are preferably obfuscated (hidden) by various techniques, such as concealing
`the code to implement blockades among other code modules (such as code modules of the
`application 18) to prevent a pirate from removing or altering the blockades. Each blockade
`20 is code that prevents the application 18 from working properly once a particular condition,
`or set of conditions, is satisfied. When first installed, there is a set of blockades which are
`shown here as an arbitrary number N. Initially, the entire set of blockades can be inactive.
`During the lifetime of the program 16 the blockades 20 are activated, one by one. Figure 2
`
`20
`
`30
`
`APPLE EXHIBIT 1004
`Page 8 of 27
`
`

`

`WO 2007/107905
`
`PCT/IB2007/050796
`
`(II)
`
`7
`illustrates the effect of the blockades on a time line. The time line starts at time tO where the
`software product is first installed on terminal 10. Each blockade activates at a different point
`in time, with blockade #1 being activated at time tl, blockade #2 being activated at time t2,
`and so on. For each blockade 20, there are two main features:
`(I)
`a criterion (or criteria) which determines when the blockade should be activated;
`and,
`how the blockade should prevent the application 18 from working properly when
`the blockade is activated.
`It is desirable that each blockade should be activated based on some time-related criterion.
`Some examples are:
`absolute time, e.g. code for blockade #n stores the value "activation_date=
`dd:mm:yyyy" where dd = day, mm=month and yyyy=year. This can additionally
`include a time. The program 16 monitors the actual value of the date (and time) and
`when the actual date/time equals, or exceeds, the date/time stored in the blockade,
`the blockade is activated. The actual time can be provided by a secure clock
`function (e.g. clock 13 in Figure 1) to prevent tampering. One such secure clock
`function is that formulated by Microsoft™ which requires a client device to
`synchronise a local secure clock with a time provider over the Internet or on a
`separate computer.
`relative time measured from some event, e.g. code for blockade #n stores the value
`"activation_time= hours :mins" where hours = elapsed number of hours and mins =
`elapsed number of minutes from an event such as the time of installing the program
`(time tO in Figure 2). The program 16 monitors the elapsed time from the event and
`when the elapsed time equals, or exceeds, the time value stored in the blockade, the
`blockade is activated. As above, the time can be obtained from a secure clock.
`Other possible other events are: time when a particular part of the program is
`executed; time when a particular computation has a prespecified outcome,
`number of times the program has been executed, e.g. code for blockade #n stores the
`value "activate after number of executions = bb". The program 16 monitors the
`number of times that the program is executed, starting from the installation, and
`when the number of executions equals, or exceeds, the stored
`"activate after number of executions" value the blockade is activated. The
`running count of the number of executions is stored securely at the terminal to
`prevent tampering. One way of securely storing the running count is to store the
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`APPLE EXHIBIT 1004
`Page 9 of 27
`
`

`

`WO 2007/107905
`
`PCT/IB2007/050796
`
`5
`
`20
`
`8
`running count as part of files containing data that is crucial to the proper functioning
`of the application. If these files are then obfuscated or encrypted, the values cannot
`easily be changed or removed.
`Further examples of criteria are: amount of free space on the hard disk;
`number of files written by the application; amount of input given to the software program.
`As an illustration, consider a word processing application. For this application the number of
`words that are written by the user can be counted and used as a criterion on which to activate
`a blockade. For instance, activating a blockade if 100,000 words have been written.
`Activation of a blockade can be made dependent on just one criterion or on a
`10 Boolean combination of two or more criteria, e.g. activate blockade #n if actual date >
`activation date OR elapsed time > activation time. The Boolean expression can include
`more complex combinations of criteria using AND, OR, NOT operators and Boolean syntax.
`To minimise disruption to legitimate users, it is preferred that the blockades
`should not interrupt normal operation of the application 18. Section 80 of Figure 2 shows, in
`15 more detail, events around the activation of blockade #1 at tl. A window 71 precedes the
`activation time tl of the blockade. During window 71 terminal 10 should have at least one
`opportunity to install an update to deactivate the blockade. If updates are to be made by a
`user manually installing an update from a disk, then at time 70 program 16 causes a prompt
`to be presented to a user notifying the user that a blockade is about to be activated and to
`install the required update. A service provider (e.g. the manufacturer of the computer
`program) supplies a program update in advance of the activation time of the blockade. The
`user has the duration of the window 71 (which may be minutes, hours or days) to install the
`update and deactivate the blockade. More preferably, the updates are made by contacting a
`remote server 40. During window 71 an update request (32, Figure 1) is sent from terminal
`10 to server 40. This request 32 should preferably include data which can be used, by server
`40, to verify that terminal 10 is authorised to maintain at least the present pertaining
`functionality of application 18 and should receive an update. If the terminal is authorised,
`authorisation unit 42 authorises that an update 48 should be sent from store 47 to the terminal
`10 (34, Figure 1). It is appreciated that a terminal need not have access to a network
`connection at all times. Window 71 is chosen to be sufficiently long to allow a terminal to
`have an opportunity to contact server 40. Terminals 10 can either send a first update request
`32 at the beginning of time window 71 or at a random time within the time window 71. The
`feature of sending an update request at a random time can be useful where the blockade
`activation time tl is an absolute time which is shared by a large number of copies of a
`
`25
`
`30
`
`APPLE EXHIBIT 1004
`Page 10 of 27
`
`

`

`WO 2007/107905
`
`PCT/IB2007/050796
`
`9
`particular software product. This avoids server 40 being overwhelmed by receiving a large
`number of update requests. If a terminal is unsuccessful in reaching server 40 with a first
`update request, it can make subsequent requests. Figure 2 shows a number of attempts 72, 73
`to reach server 40 within window 71.
`It is preferred that the process of contacting a server, receiving an update and
`installing the update is performed in the background, transparently to the user of the terminal
`10. If a terminal has not had an opportunity to send an update request during window 71, e.g.
`because the terminal has not had access to a network connection within that time, then it can
`be advantageous to postpone the activation of the blockade by a further window 75. During
`this window 75, terminal 10 can make a request and receive an update. In this case it is
`preferred that program 16 should cause a prompt to be displayed on terminal 10 when time tl
`is reached to request a user to connect their terminal 10 to a network. It will be appreciated
`that in Figure 2 windows 71, 75 will each be defined as a time period. However, more
`generally,, the windows 71, 75 are dimensioned according to the units of the criterion used
`for the next blockade. For example, where the criterion is absolute or elapsed time, the
`window can be set in units of time. Where the criterion is the number of times the program
`has been executed then the window can also be dimensioned in terms of a particular number
`of times the program is executed. For example, if the blockade should be activated after 20
`executions of the program, the start of window 71 can occur after 17 executions of the
`program.
`
`Once it has been decided that a blockade should be activated, there are many
`ways in which this can occur. Some measures can cause the program 16 to immediately
`abort and to be unusable while others can cause the program to continue operating with
`reduced functionality or incorrect behaviours. Some strategies of implementing a blockade
`are:
`
`use of guards (if... then ... else ...), such that the control flow takes the wrong path
`when the trigger criterion is met. By making the guard part of a computation, the
`dependency of the guard on the measure can be made implicit and therefore harder to
`identify.
`using the measure to index an array, a blockade can be obtained by causing an array
`overflow in the case that the measure exceeds some value. As an example, suppose
`an array is initialised with a range of 0..n. Then the expression a[current_year] gives
`an array overflow if and only if current_year>n. Hence, by setting n=2006, the
`blockade is activated at January 1, 2007.
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`APPLE EXHIBIT 1004
`Page 11 of 27
`
`

`

`WO 2007/107905
`
`PCT/IB2007/050796
`
`10
`
`-
`
`the program can only derive a valid cryptographic key K in the case that the trigger
`criterion has not exceeded some given value B. The key can be used for
`authentication or for decrypting content. The program does not specify K, but K+X
`for some value X. The real key K is computed by first computing the value X and
`then subtracting this value from K+X. The computation is then made dependent on
`the trigger criterion in the sense that X is only computed correctly if the trigger
`criterion has not exceeded some given value B.
`When a blockade is deactivated, the program update that is installed corrects
`the code of the blockade such that the blockade will not occur. For example, in the case of
`the (if... ..then....else) condition, where the program only operates correctly if a variable
`meets a certain condition, the code can be changed to either remove the (if.. .then.. .else)
`condition or to set the value of the variable such that the 'else' option (which would normally
`cause the program to operate incorrectly) is not followed.
`Preferably a software program contains blockades which are implemented in a
`plurality of different ways, such as the three different ways described above. In that case,
`each separate blockade need not necessarily be very strong by itself. Many weaker but
`different blockades also lead to a strong defence.
`For all blockades it is desirable to obfuscate the code that implements them.
`Many software obfuscation techniques are known in the literature to transform program code
`into illegible code. Obfuscation techniques, per se, are known to the skilled person and do
`not need to be described in any further detail. Examples of obfuscation techniques are given
`in the papers: C. Collberg and C. Thomborson. "Watermarking, tamper proofing,
`obfuscation- Tools for software protection", IEEE Transactions on Software Engineering,
`vol. 28, no. 6, 2002 and J.R. Nickerson, S.T. Chow, H.J. Johnson, and Y. Gu. "The encoder
`solution to implementing tamper resistant software". Proceedings of the CERT/IEEE
`Information Survivability Workshop, Vancouver, 2001.
`The blockades incorporated in a computer program can work in one of two
`ways. In a first way, once a blockade is activated it remains activated and cannot be
`deactivated at a later date, regardless of whether a program update is installed. A user will be
`forced to reinstall the entire software package. In a second way, once a blockade is activated
`it can be deactivated at a later date providing the correct program update is installed. This is
`preferable as there can be good reasons why a user is not able to install updates at the
`required times.
`
`5
`
`10
`
`15
`
`20
`
`25
`
`30
`
`APPLE EXHIBIT 1004
`Page 12 of 27
`
`

`

`WO 2007/107905
`
`PCT/IB2007/050796
`
`11
`The above process causes a terminal to install updates at a number of points in
`time to deactivate blockades. This process can have other benefits to the safe working of the
`program 16 as the update which a user installs can also fix bugs or other issues which the
`software provider is aware of as well as deactivating a specific blockade. The update can
`also fix breaks in other software protection mechanisms which the program 16 has been
`provided with. A user has no choice but to install the update in order to continue using the
`program. An update can also install code for one or more further blockades which each have
`an activation criterion and an effect on the program if they are activated. Figure 3 shows the
`blockades present after a user has installed an update to deactivate blockade #1. This update
`installed new blockades #1A, #2A with respective activation times tlA, t2A. The newly
`installed blockades #1 A, #2A can use the same way of preventing operation/reducing
`functionality as the other blockades or can use a different method. The ability to use a
`different method is particularly useful where hackers have cracked some of the methods used
`by the existing blockades. There is also the added advantage that a hacker has less
`opportunity to circumvent the newly included blockades.
`Figure 4 summarises a first embodiment of the overall method of protecting a
`computer program, showing the steps performed at a computer apparatus 10 and at a
`registration server 40. Initially, at step 101, a user installs a copy of the computer program on
`computer apparatus 10 and registers the copy of the program with registration server 40. As
`described above, and also with reference to Figures 1 and 2, each copy of the software
`product can include a Product ID 23 which uniquely identifies that copy of the product. At
`step 101 this product ID 23 is sent to registration server 40 and stored as an item 44 in store
`43. It can also be desirable to register some identifier of the hardware 10 on which the
`program 16 is installed. This is shown as a terminal ID 24 which may be obtained from the
`computer apparatus 10 and stored locally (and securely) within program 16. The terminal ID
`can be an actual code which uniquely identifies the terminal hardware 10 or it can be
`compiled based on a number of properties of the hardware which, when combined, form a
`unique identifier. At step 102 the