`
`1
`
`/
`
`1st NON-VOLATILE
`MEMORY
`
`(4)
`
`KEY (8) I
`
`2nd NON-VOLATILE
`MEMORY
`
`(5)
`
`~9
`
`LICENCE RECORDS (10)
`
`(11)
`
`(12)
`
`I
`
`•
`
`VOLATILE MEMORY (6)
`/16
`I 0 ~13
`/15
`101 0
`
`LICENSE PROGRAM
`I 0
`I 0
`
`~__) 4
`
`I
`
`1(2)
`
`0(3)
`
`-
`
`I
`
`LICENSE BUREAU
`
`(7)
`
`FIG.1
`
`Apple Inc. Exhibit 1002 Page 1
`
`
`
`'.
`
`-A
`
`!
`~I
`
`=~-i
`
`~~:
`
`~~:~
`
`-'-:'7-~~;:
`
`:
`
`:=
`
`.'
`
`~I!
`~I
`
`2/2
`
`1
`SELECTING ~
`
`7
`
`I
`
`8
`1
`SETTING UP L/
`
`VERIFYING
`
`J
`
`-
`
`,
`ACTING J
`
`9
`
`a
`
`FIG.2
`
`Apple Inc. Exhibit 1002 Page 2
`
`
`
`. 1.
`
`lVlethod of Restricting Software Operation within A License Limitation
`
`=
`
`':;':"~
`
`FIELD OF THE INVENTION
`
`This invention relates to a method and syst~m of identifying and
`
`restricting an unauthorized software program's operation.
`
`BACKGROUND OF THE INVENTION
`TL ~ .
`sm.lA '~umerous methods have been
`res~tingofunauthorized software progr
`been primarily motivated by the gr
`
`a for
`, operation. These methods have
`
`the identifying and
`
`proliferation of illegally copied
`
`software, which is engulfmg the mar
`
`!place. This illegal copying represents
`
`billions of dollars in lost profits to c .mmercial software developers.
`
`10 '\ ,\' - :' - 'Software based products have been developed to validate authorized
`
`softWare usage by writing. a license signature onto the computer's volatile
`
`memory (e.g. hard disk). These, products may be appropriate for restricting
`
`honest software users, but they are very vulnerable to attack at the hands of
`
`skilled system's programmers (e.g. "hackers"). These license signatures are
`
`also subject to the physical instabilities of their volatile memory media.
`15
`~'7»t~ardware base products
`autho~zed software usage by ac
`parallel port of the P..
`ese units are expensive,
`
`n developed to validate
`
`mg a dongle that is coupled e.g. to the·
`
`e for software that may be sold by downloading (e.g. over
`
`20
`
`inconvenient, and not
`
`Apple Inc. Exhibit 1002 Page 3
`
`
`
`·2·
`
`There is accordingly a need in the art to provide for a system and
`
`method that substantially reduce or overcome the drawbacks of hitherto
`
`known solutions.
`
`5 SUMMARY OF THE INVENTION·
`
`The present
`
`invention relates to a method of restricting software
`
`operation within a license limitation. This method strongly relies on the use of
`
`a key and of a record, which have been written into the non-volatile memory
`
`of a computer.
`
`10
`
`For a better understanding of the underlying concept of the invention,
`
`there follows a specific non-limiting example. Thus, consider a conventional
`
`·:::~
`
`computer having a conventional BIOS module in which a key was embedded
`
`at
`
`the RaNI section thereof, during manufacture. The key constitutes,
`
`effectively, a unique identification code for the host computer. It is important
`
`15
`
`to note that the key is stored in a non-volatile portion of the BIOS, i.e. it
`
`cannot be removed or modified.
`
`Further, according to the invention, each application program that is to
`
`. be licensed to run on the specified computer,. is associated w~th a license
`
`record; that consists of author name, program name and number of licensed
`
`20
`
`users (for network). The license record may be held in either encrypted or
`
`explicit form.
`
`Now,
`
`there commences an initial
`
`license establishment procedure,
`
`where a verification structure is set in the BIOS so as to indicate that the
`
`specified program is licensed to run on the specified computer. This is
`
`25
`
`implemented by encrypting the license record (or portion thereof) using said
`
`key (or portion thereof) exclusively or in conjunction with other identification
`
`information) as an encryption key. The resulting encrypted license record is
`stored in another (second) non-volatile section of the BIOS, e.g. E2pROM (or
`
`Apple Inc. Exhibit 1002 Page 4
`
`
`
`-.
`
`-3-
`
`the ROM). It should be noted that unlike the first non-volatile section, the data
`
`in the second non-volatile memory may optionally be erased or modified
`(using E2pROM manipulation commands), so as to enable to add, modify or
`remove licenses. The actual format of the license may include a string of
`
`5
`
`terms that correspond to a license registration entry (e.g. lookup table entry or
`
`entries) at a license registration bureau (which will be further described as part
`
`ofthe preferred embodiment of the present invention).
`
`Having placed the encrypted license record in the second non-volatile
`the E2pROM),
`commenced. Thus, when a program is loaded into the memory of the
`
`the process of verifying a license may be
`
`memory (e.g.
`
`computer, a so called license verifier application, that is a priori running in the
`
`computer, accesses the program under question,
`
`retrieves therefrom the
`
`license record, encrypts the record. utilizing the specified unique key (as
`
`retrieved from the ROM section of the BIOS) and compares the so encrypted
`record to the encrypted records that reside in the- E2PROM. In the case of
`match, the program is verified to run on the computer. If on the other hand the
`sought encrypted data record is not found in the E2PROM database,
`means
`that
`the program under question is not properly licensed and
`
`this
`
`appropriate application define action is invoked (e.g. informing to the user on
`
`10
`
`15
`
`:~
`
`~=::::
`
`===:.:
`
`~
`
`.~d=
`.z=
`~§
`
`.. ~~-
`..
`..
`~~!
`
`";
`
`=f::::
`~§
`-==:.
`
`~
`
`:"7:~~~
`
`til
`
`c-
`
`'"
`
`20
`
`the unlicensed status, halting the operation ofthe program under question etc.)
`
`Those versed in the art will readily appreciate that any attempt to run a
`
`.program at an unlicensed site will be immediately detected. Consider, for
`
`example, that a given application, say Lotus 123, is verified to run on a given
`
`computer having a first identification code (k1) stored in the ROM portion of
`
`25
`
`the BIOS thereof. This obviously requires that the license record (LR) of the
`
`application after having been encrypted using k 1 giving rise to (LR)kl is stored
`in the E2PROM ofthe first computer.
`
`Suppose now that a hacker attempts to run the specified application in
`
`a second computer having a second identification code (k2) stored in the
`
`Apple Inc. Exhibit 1002 Page 5
`
`
`
`..
`
`-4 -
`
`ROM portion of the BIOS thereof. All or a portion the database contents
`(including of course (LR)kI ) that reside in the E2pROM portion in the fIrst
`
`computer may be copied in a known per se means to the second computer. It
`
`is important to note that the hacker is unable to modify the key in the ROM of
`
`5
`
`the second computer to Kl, since, as recalled, the contents of the ROM is
`
`established during manufacture and is practically invariable.
`
`Now, when the application under question is executed in the second
`
`computer, the license verifIer retrieves said LR from the application and, as
`
`explained above, encrypts it using the key as retrieved from the ROM of the
`
`10
`
`i.e k2 giving rise to encrypted license record (LR)k2.
`second computer,
`Obviously, the value (LR)k2 does not reside in the E 2pROM database section
`of the second computer (since it was not legitimately licensed) and therefore
`
`the specified application is invalidated. It goes without saying that the data
`
`copied from the fIrst
`
`(legitimate) computer
`
`is
`
`rendered useless,
`
`since
`
`15
`
`comparing (LR)k2 with the copied value (LR)kl
`
`results, of course,
`
`in
`
`mismatch.
`
`The example above is given for clarity of explanation only and is by no
`
`means binding.
`
`In its broadest aspect, the invention provides for a method of restricting
`
`20
`
`software operation within a license limitation including; for a computer
`
`having a fIrst non-volatile memory area, a second non-volatile memory area,
`
`and a volatile memory area; the steps of: selecting a program residing in the
`
`volatile memory, setting up a verifIcation structure in the non-volatile
`
`memories, verifying the program· using the structure, and acting on the
`
`25
`
`program according to the verification.
`
`An important advantage in utilizing non-volatile memory such as that
`
`residing in the BIOS is that
`
`the required level of system programming
`
`expertise that is necessary to intercept or modify commands, interacting with
`
`the BIOS, is substantially higher than those needed for tampering with data
`
`Apple Inc. Exhibit 1002 Page 6
`
`
`
`-5-
`
`residing in volatile memory such as hard disk. Furthermore, there is a much
`
`higher cost to the programmer, if his tampering is unsuccessful, i.e. if data
`
`residing in the BIOS (which is necessary for the computer's operability) is
`
`inadvertently changed by the hacker. This is too high of a risk for the ordinary
`
`5
`
`software hacker to pay. Note that various recognized means for hindering the
`
`professional-like hacker may also be utilized (e.g. anti-debuggers, etc.) in
`
`conjunction with the present invention.
`
`In the context of the present invention, a "computer" relates to a digital
`
`data processor. These processors are found in personal computers, or on one
`
`10
`
`or more processing cards in multi-processor machines. Today, a processor
`
`normally includes a fITst non-volatile memory, a second non-volatile memory,
`
`and data linkage access to a volatile memory. There are also processors
`
`having only one non-volatile memory or having more than two non-volatile
`
`memories; all of which should be considered logically as relating to having a
`
`-
`
`15
`
`frrst and a second non-volatile memory areas. There are also computational
`
`environments where the volatile memory is distributed into numerous
`
`physical components, using a bus, LAN, etc.; all of which should logically be
`
`considered as being a volatile memory area.
`
`-_.
`
`.~..::
`
`~§
`
`::::.~
`
`~~.!..~:
`
`~
`
`";'r~
`
`'3
`p:=
`f~:::=
`
`C =
`
`=
`.=::.
`
`::....::..-:
`
`According to the preferred embodiment of the present invention, there
`
`20
`
`is further provided a license authentication bureau which can participate in
`
`either or both of:
`
`(i) establishing the license record in the second non-volatile memory;
`
`and
`
`(ii) verifying if the key and license record in the non-volatile
`
`25 memory(s) is compatible with the license record information as extracted
`
`from the application under question.
`
`The bureau is a telecommunications accessible processor where
`functions such as formattmg, encrypting, and verifying may be performed.
`Performing these or other
`functions at
`the bureau helps to limit
`the
`
`Apple Inc. Exhibit 1002 Page 7
`
`
`
`••
`
`-6-
`
`••
`
`understanding of potential software hackers; since they can not observe how
`
`these functions are constructed. Additional security may also be achieved by
`
`forcing users of the bureau to register, collecting costs for connection to the
`
`bureau, logging transactions at the bureau, etc.
`
`5
`
`According to one example of using the bureau, setting up a verification
`
`structure further includes the steps of: establishing, between the computer and
`
`the bureau, a two-way data-communications linkage; transferring, from the
`
`•
`
`computer to the bureau, a request':'for-license including an identification' of the
`computer and the license-record's contents from the sel~cted program;
`forming an encrypted license-record at the bureau by encrypting parts of the
`
`<
`
`10
`
`request-for-license using part of the identification as the encryption key; and
`
`transferring, from the bureau to the computer, the encrypted license-record.
`
`=~
`
`According to another example of using the bureau, verifying the
`
`program further includes the steps of: establishing, between the computer and
`
`15
`
`the bureau, a two-way data-communications linkage; transferring, from the
`
`computer
`
`to the bureau, a request-for-license-verification including an
`
`identification of the computer, the encrypted license-record for the selected
`
`program
`
`from.
`
`the
`
`second
`
`non-volatile
`
`memory,
`
`and
`
`the
`
`licensed'-software-program's license-record contents; enabling the comparing
`
`20
`
`at the bureau; and transferring, from the bureau to the computer, the result of
`
`the comparing.
`
`The actual key that serves for
`
`identifying the computer' may be
`
`composed of the pseudo-unique key exclusively, or, if desired, in combination
`
`with information, e.g. information related to the registration of the user such
`
`25
`
`as e.g. place, telephon'e number, user name, license number, etc. In the context
`
`of the present invention, a "pseudo-unique" key may relate to a bit string
`
`which uniquely identifies each first non-volatile memory. Alternately the
`
`"pseudo-unique" key may relate to a random bit string (or to an assigned bit
`
`string) of sufficient length such that: there is an acceptably low probability of
`
`1
`
`Apple Inc. Exhibit 1002 Page 8
`
`
`
`, -
`F
`
`..
`
`-7-
`
`••
`
`a successful unauthorized transfer of licensed software between two
`
`computers, where the first volatile memories of these two computers have the
`same key.
`
`It should be noted that the license bureau might maintain a registry of
`
`5 keys and of licensed programs that have been registered at the bureau in
`
`association with these keys. This registry may be used to help facilitate the
`
`formalization of procedures for the transfer of ownership of licensed software
`
`from use on one computer to use on another computer.
`
`Constructing the key in the manner specified may hinder the hacker in
`
`10
`
`cracking the proposed encryption scheme of the invention, in particular when
`
`the establishment of the license record or the verification thereof is performed
`
`in the bureau. Those versed in the art will readily appreciate that the invention
`
`is by no means bound by the data, the algorithms, or the manner of operation
`
`of the bureau. It should be noted that the tasks of establishing and/or verifYing
`
`15
`
`a license record may be shared between the bureau and the computer, done
`
`exclusively at
`
`the computer, or done exclusively at
`
`the bureau. The
`
`pseudo-unique key length needs to be long enough to hinder encryption attack
`
`schemes. The establishing of the key may be done at any time from the
`
`non-volatile memory's manufacture until an attempted use of an established
`
`20
`
`license-record in the non-volatile memory. The key is used for encryption or
`
`decryption operations associated with license-records.
`
`In principle,
`
`the
`
`manufacturer ofthe licensed-software-program may specifY the license-record
`
`format and therefore different formats may, if desired, be used for respective
`
`applications..
`
`25
`
`According to the preferred embodiment of the present invention, the
`
`pseudo-unique key is a unique-identification bit string that is written onto the
`
`frrst non-volatile memory by the manufacturer ofthe is memory media.
`
`According to one, non-limiting, preferred embodiment of the present
`
`invention, the first non-volatile memory area is a ROM section of a BIOS; the
`
`Apple Inc. Exhibit 1002 Page 9
`
`
`
`..
`
`-8-
`
`••
`
`second non-volatile memory area is a E2PROM section of a BIOS; and the
`volatile memory is a RAM e.g. hard disk and/or internal memory of the
`
`computer.
`
`The present invention also relates to a non-volatile memory media
`
`5 used as a BIOS of a computer, for· restricting software operation within a
`
`license limitation, wherein a pseudo-unique key is established.
`
`~
`
`According to the preferred embodiment of the non-volatile memory
`
`media of the present invention, the pseudo-unique key is established in a
`
`ROM. section of the BIOS.
`
`10
`
`BRIEF DESCRIPTION OF THE DRAWINGS:
`
`.In order to understand the invention and to see how it may be carried
`
`out in practice,· a preferred embodiment will now be described, by way of
`
`non-limiting example only, with reference to the accompanying drawings, in
`
`15 which:
`
`Fig. 1 is a schematic diagram of a computer and a license bureau; and
`
`Fig. 2 is a generalized flow chart of the sequence of operations
`
`perfonned according to one embodiment of the invention.
`
`20 DETAILED DESCRIPTION OF A PREFERRED EMBODIMENT
`
`A schematic diagram of a computer and a license bureau is shown in
`
`Figure 1. Thus, a computer processor (1) is associated with input operations
`
`(2) and with. output· operations (3). This computer (proc·essor) internally
`
`contams a first non-volatile memory area (4) (e.g. the ROM section of the
`25 BIOS), a second non-volatile memory area (5) (e.g. the E2pROM section of
`the BIOS), and a volatile memory area (6) (e.g. the internal RAM memory of
`
`the computer).
`
`Apple Inc. Exhibit 1002 Page 10
`
`
`
`~ '
`
`.,. "'1'
`: '
`
`:';
`
`..
`
`·9-
`
`••
`
`The computer processor is in temporary telecommunications linkage
`
`with a license bureau (7).
`
`The first non-volatile memory includes a pseudo-random identification
`
`key (8), which exclusively or in combination with other information (e.g. user
`
`5 name), is sufficient to uniquely differentiate this first non-volatile memory
`
`from all other first non-volatile memories. As specified before, said key
`
`constitutes unique identification of the computer.
`}t\t7 !{~ The second non-volatile memory includes a li
`folthe containing of at least one encrypted . ense-record (e.g. three records
`
`se-record-area (9) e.g.
`
`10
`
`10-12). The volatile memory acco
`
`odates a license program (16) having
`
`license record fields (13-15)
`
`pended thereto. Byway of example said fields
`
`stand for Application
`
`e (e.g. Lotus 123), Vendor name (Lotus inc.), and
`
`no of licensed co es (1 for stand alone usage, > 1 for number of licensed users
`
`for a netwo
`application).
`151ft>.~~ose versed in the art will readi
`appreciafe that the license record is
`not necessarily bound to continuos fi ds. In fact, the various license content
`
`components of the data record rna be embedded in various locations in the
`
`application. Any component may If desired, be encrypted.
`
`Each one of the encrypted license records (10-12) is obtained by
`
`20 .encrypting the corresponding license record as extracted from program 16,
`
`utilizing for encryption the identification key (8).
`
`In
`
`a
`
`typical,
`
`yet
`
`not
`
`exclusive,
`
`sequence of operation,
`
`a
`
`transaction/request is sent, by the computer to the bureau. This transaction
`
`includes the key (8), the encrypted license-records (10-12), contents from the
`
`25
`
`license program used·in forming a license record (e.g. fields 13-15), and other
`
`items of information as desired.
`-M, tJS'/ The bureau forms the propose
`license-record from the contents,
`e£crypts
`(utilizing predetermined
`cryption algorithm)
`the so formed
`
`license-record using the key (8),
`
`d compares the so formed encrypted
`
`Apple Inc. Exhibit 1002 Page 11
`
`
`
`·10·
`
`license-record with the license-records (1 -12). The bureau generates an
`
`overlay according to the result of the comparison indication successful
`
`comparison, non-critical failure comp . on and critical failure comparison.
`
`The bureau returns the overlay which will direct the computer in
`
`5
`
`subsequent operation. Thus, a success overlay will allow the license program
`
`to operate. A non-critical
`
`failure overlay will ask for additional user
`
`interactions. A critical failure overlay will cause permanent disruption to the
`
`computer's BIOS operations. Thus, software operation of the program is
`
`methodologically according to a license limitation restdction.
`
`10
`
`Those versed in the art will readily appreciate that the implementation
`
`as described with reference to Fig. 1 is by no means binding. Thus, by way of
`
`non-limiting example, the bureau, instead of being external entity may form
`
`part ofthe computer.
`
`Attention is now directed to Fig. 2, showing a generalized flow chart
`
`15 of the sequence of operations performed according to one embodiment of the
`
`invention.
`
`Thus, selecting (17) a program includes the step of: establishing a
`
`licensed-software-program in the volatile memory of the computer wherein
`
`the
`
`licensed-software-program includes
`
`contents
`
`used
`
`to
`
`form a
`
`20
`
`license-record. These contents, be they· centralize or decentralized, may
`
`include terms,
`
`identifications, specifications, or limitations related to the
`
`manufacturer of a software product, the distributor of a software product, the
`
`purchaser of a software product, a licensor, a licensee,
`
`items of computer
`
`hardware or components thereof, or to other terms and conditions related to
`
`25
`
`the aforesaid.
`
`Setting up (18)
`
`the verification structure includes the steps of:
`
`establishing or certifying the existence of a pseudo-unique key in the first
`
`non-volatile memory area; and establishing at
`
`least one license-record
`
`location in the first or the second nonvolatile memory area.
`
`\
`
`\
`
`Apple Inc. Exhibit 1002 Page 12
`
`
`
`-11-
`
`Establishing a license-record includes
`
`the steps of:
`
`fonning a
`
`license-record by encrypting of the contents used to form a license-record
`
`with other predetermined data contents, using the key; and establishing the
`
`encrypted license-record in one of the at least one established license-record
`
`5
`
`locations (e.g. 10-12 in Figure 1).
`
`Verifying (19) the program includes the steps of: encrypting the
`
`licensed-software-program's
`
`license-record contents
`
`from the
`
`volatile
`
`memory area or decrypting the license-record in the fITst or the second
`
`non-volatile memory area, using the key; and comparing the encrypted
`
`10
`
`licensed-software-program's
`
`license-record contents with the encrypted
`
`license-record in the fIrst or the second non-volatile memory area, or
`
`comparing the licensed-software-program's license-record contents with the
`
`decrypted license-record in the fIrst or the second non-volatile memory area.
`
`Acting (20) on the. program includes the step of:
`
`restricting the
`
`15 program's operation with predetermined limitations if the comparing yields
`
`non-unity or insufficiency. In this conteXt: "non-unity" relates to being unequal
`
`with respect to a specifIc equation (e.g. A=B+1); and "insufficiency" relates
`
`to being outside of a relational bound (e.g. A>B+1). "Restricting the
`
`program's operation with predetermined limitations" may include actions
`
`20
`
`such as· erasing the software in volatile memory, warning the license
`
`applicant/user, placing a fme on the applicant/user through the billing service
`
`charges collected at the license bureau (if applicable), or scrambling sections
`
`of the BIOS of the computer (or offunctions interacting therewith).
`
`The present invention has been· described with a certain .degree of
`
`25
`
`particularity but
`
`it should be understood that various modifications and
`
`alterations may be made without departing from the scope or spirit of the
`
`invention as defined by the following claimst
`
`\d
`
`Apple Inc. Exhibit 1002 Page 13
`
`
`
`)
`
`"
`
`4(,-,>
`
`<.
`
`.
`
`0;;/
`
`-12 -
`
`'5U/JA~S:A method of restricting softw e operation within a license
`limi/ti:~ comprising; for a computer hay.· g a first non-volatile memory area,
`tl a volatile memory area; the steps of:
`a second non-volatile memory area,
`
`5
`
`selecting a program residing in th volatile memory, setting up a verification
`
`emories, verifying the program using the
`structure in the non-volatile
`structure, and acting on the V ogram according to the verification.
`2. A method according to claim 1, further comprising the step of:
`
`establishing a license authentication bureau.
`lOJh ~~3. A method according to claim 2, where'
`
`5UU\""'stru/ture further comprising the steps of: establi
`
`setting up a verification
`
`ing, between the computer
`
`and the bureau, a two-way data-communicatio s linkage; transferring, from
`
`the computer to the bureau, a request-for-licens
`
`including an identification of
`
`the computer and the license-record's conte ts from the selected program;
`
`15
`
`forming an encrypted license-record at the
`
`eau ,by encrypting parts of the
`
`request-for-license using part of the identification as the encryption key; and
`
`transferring, from the bureau to the compu r, the encrypted license-record,
`
`4. A method according to cla'
`
`2, wherein verifying the program
`
`further' comprising the steps of: establi
`
`ing, between the computer and the
`
`20 bureau, a two-way data-communica ons linkage;
`
`transferring,
`
`from the
`
`computer
`
`to the bureau, a reque -for-license-verification including an
`
`identification of the computer, the ncrypted license-record for the selected
`
`program 'from
`
`the
`
`non-volatile
`
`memory,
`
`and
`
`the
`
`licensed-software-program's lice
`
`e-record contents; enabling the comparing
`
`,25
`
`at the bureau; and' transferring,
`
`om the bureau to the computer, the result of
`
`the comparing.
`
`5. A method accordin to claim 3 wherein the identification of the
`
`computer includes the pseud -unique key.
`
`Apple Inc. Exhibit 1002 Page 14
`
`
`
`••---
`
`·13·
`
`6. A method according to cla"
`
`1 wherein selecting a program
`
`includes the step of: establishing a lice
`
`ed-software-program in the volatile
`
`memory of the computer wherein sai
`
`licensed-software-program includes
`
`contents used to form a license-record.
`
`5
`
`7. A method according to cla·
`
`I wherein setting up the verification
`
`structure includes the steps of: establ"shing or certifying the existence of a
`
`pseudo-unique key in the first non-vo atile memory area; and establishing at
`leas~he license-record location in th first or the second nonvolatile memory
`
`ar~.
`
`10
`
`8. A method according to claim 6 wherein establishing a license-record
`
`includes the steps of: forming a license-record by encrypting of the contents
`
`used to form a license-record with other predetermined data contents, using
`
`the key; and establishing the encrypted license-record in one of the at least
`
`one established license-record locations.
`
`15 iJ37 9. A method according to claim" 1 wher"in verifYing the program
`5J]J ~/udes
`
`the
`
`steps
`
`of:
`
`encrypting
`
`the
`
`icensed-software-program's
`
`license-record contents from the volatile me ory area or decrypting the
`
`license-record in the first or the second non-v atile memory area, using the
`
`key; and comparing the encrypted licensed-so
`
`are-program's license-record
`
`20
`
`contents. with the encrypted license-recor
`
`in the fIrst or
`
`the second
`
`non-volatile memory area, or comparing
`
`e licensed:-software-program's
`
`license-record contents with the decrypte
`
`license-record in the fIrst or the
`
`second non-volatile memory area.
`
`10. A method according to clai
`
`1 wherein acting on the program
`
`25
`
`includes the step of: restricting the pro am's operation with predetermined
`
`limitations if the comparing yields non unity or insufficiency"
`
`11. A method according to
`
`laim 1 wherein the fIrst non-volatile
`
`memory area is a ROM section ofa
`
`Apple Inc. Exhibit 1002 Page 15
`
`
`
`-t..
`
`-14 -
`
`12. A method according to clai.·mm~~herein the second non-volatile
`memory area is a E2pROM section ofyB'iOS.
`
`I(r. A method according to claim 1 wherein the volatile memory is a
`
`RAM.
`
`5
`
`restricting so
`
`pseudo-uniqu
`
`15. A
`
`volatile memory media used as a BIOS of a computer, for
`
`a
`
`license .limitation, wherein a
`
`emory media according to claim 14 wherein the
`
`tablished in a ROM section ofthe BIOS.
`
`:--:=
`
`\5
`
`Apple Inc. Exhibit 1002 Page 16
`
`
`
`-15·
`
`ABSTRACT
`
`A method of restricting software operation within a license limitation
`
`that is applicable for a computer having a first non-volatile memory are~ a
`
`5
`
`second non-volatile memory area, and a volatile memory area. The method
`
`includes the steps of, selecting a program residing in the volatile memory,
`
`setting up a verification structure in the non-volatile memories, verifYing the
`
`program using the structure, and acting on the program according to the
`
`verification.
`
`10
`
`Apple Inc. Exhibit 1002 Page 17