[go: up one dir, main page]

WO1999018490A1 - Method and apparatus for digital data security - Google Patents

Method and apparatus for digital data security Download PDF

Info

Publication number
WO1999018490A1
WO1999018490A1 PCT/GB1998/002957 GB9802957W WO9918490A1 WO 1999018490 A1 WO1999018490 A1 WO 1999018490A1 GB 9802957 W GB9802957 W GB 9802957W WO 9918490 A1 WO9918490 A1 WO 9918490A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
user
machine
algorithm
loaded
Prior art date
Application number
PCT/GB1998/002957
Other languages
French (fr)
Inventor
Angus Lamberton Jamieson
Original Assignee
I.P.R. Co. (21) Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by I.P.R. Co. (21) Limited filed Critical I.P.R. Co. (21) Limited
Priority to AU92750/98A priority Critical patent/AU9275098A/en
Publication of WO1999018490A1 publication Critical patent/WO1999018490A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress

Definitions

  • This invention relates to protecting digitally encoded data from unauthorised use.
  • the invention is particularly, but not exclusively, concerned with ensuring that computer software can be used on only one machine and cannot be copied in a usable form for use on multiple machines .
  • a method of preventing unauthorised use of digital data in which said data is loaded on a carrier medium together with a predetermined algorithm, the carrier medium is supplied to a user together with a separate device in which the same predetermined algorithm is encoded, and when the data is first loaded on a user machine a data item associated with that machine is identified and twice modified by use of the algorithm, once within the user machine and once within the separate device.
  • the data when the data is first loaded in a user machine at least one data item unique to that machine is encrypted to form a first number, the first number is displayed on a screen, the
  • the user keys the first number into the external device wherein it is decrypted and transformed via the algorithm to provide a second number which is displayed to the user, and the user then enters the second number in the user machine wherein it is subsequently retained.
  • the user machine locates said unique data item(s) and encrypts it to form said first number, and compares the first number now generated with the stored second number via the predetermined algorithm to authorise or deny use.
  • the data may include software enabling the data to be deinstalled from that user machine by a process including deletion of the algorithm from that machine.
  • a device for use in the foregoing method includes data entry means, calculating means including embedded data defining said algorithm, and data output means, whereby entry of said first number leads to the outputting of said second number .
  • the data entry means is a keyboard
  • the data output means is a display
  • the device is a self-contained, readily portable (preferably credit card sized) unit.
  • Fig 1 is a flow chart illustrating the method of operation of one embodiment of the invention.
  • Fig 2 is a front view of a card for use in the method .
  • computer software is supplied to a purchaser on a suitable medium such as a floppy disk in the usual way and this is packaged together with a card 10 which will be described in further detail below.
  • the software as supplied includes the security routines which will now be described with reference to Fig 1.
  • UDI unique data identifier
  • the UDI is encrypted by a simple routine to form a first number.
  • the first number is a seven digit number in which some positions are random numbers which are ignored in the further steps to be described, and other positions are the UDI modified by adding or subtracting predefined numbers.
  • the card 10 is a credit card sized calculator having a keyboard 12 and a display 14.
  • the card 10 contains a conventional chip which has a predefined mathematical algorithm burned in during manufacture. The user keys in the seven digit number which is processed via the algorithm, with the random numbers being ignored, to produce a second number, preferably in the form of five digit number.
  • the card 10 may be provided with OK and clear keys. This allows the user to compare the number which he has keyed in with the seven digit number on the computer screen before pressing the OK key.
  • the card 10 is preferably set up in such a way that the user may make only a limited number of entries, for example three.
  • the software loaded in the computer contains the same algorithm and therefore can translate the second number via the algorithm into the format of the first number and check that these correspond.
  • the second, five digit number is retained as part of the software thereafter and each time the software is run the seven digit number is generated and compared via the algorithm of the stored five digit number.
  • the effect of this arrangement is that the software can be copied freely from one machine to another but will only ever run on the machine on which it was first installed.
  • the invention relies upon the use of an algorithm which is resident in the software and is also resident in an external device such as the card 10, and on the use of the algorithm to manipulate some numerical value which is unique (or nearly so) to a . specific machine.
  • the card could become disabled after use and have to be thrown away or returned to the supplier.
  • more sophisticated arrangements are possible. For example, it would be possible to make use of similar process steps to deinstall the software from the machine on which it was first loaded and reinstalled on another machine, with the algorithm hidden in the card being used to authorise the deinstallation.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

A method for preventing unauthorised multiple use of software or the like makes use of a predetermined algorithm which is provided both within the software and within an external device to run an authorisation routine which includes using the algorithm to transform an item of data unique to the particular machine on which the software was first loaded.

Description

"Method and Apparatus for Digital Data Security"
This invention relates to protecting digitally encoded data from unauthorised use. The invention is particularly, but not exclusively, concerned with ensuring that computer software can be used on only one machine and cannot be copied in a usable form for use on multiple machines .
According to the present invention there is provided a method of preventing unauthorised use of digital data, in which said data is loaded on a carrier medium together with a predetermined algorithm, the carrier medium is supplied to a user together with a separate device in which the same predetermined algorithm is encoded, and when the data is first loaded on a user machine a data item associated with that machine is identified and twice modified by use of the algorithm, once within the user machine and once within the separate device.
In a preferred form of the method, when the data is first loaded in a user machine at least one data item unique to that machine is encrypted to form a first number, the first number is displayed on a screen, the
user keys the first number into the external device wherein it is decrypted and transformed via the algorithm to provide a second number which is displayed to the user, and the user then enters the second number in the user machine wherein it is subsequently retained.
Preferably, when the data is subsequently to be used, the user machine locates said unique data item(s) and encrypts it to form said first number, and compares the first number now generated with the stored second number via the predetermined algorithm to authorise or deny use.
The data may include software enabling the data to be deinstalled from that user machine by a process including deletion of the algorithm from that machine.
From another aspect of the invention, a device for use in the foregoing method includes data entry means, calculating means including embedded data defining said algorithm, and data output means, whereby entry of said first number leads to the outputting of said second number .
In a preferred form of the device, the data entry means is a keyboard, the data output means is a display, and the device is a self-contained, readily portable (preferably credit card sized) unit.
An embodiment of the invention will now be described with reference to the accompanying drawings in which
Fig 1 is a flow chart illustrating the method of operation of one embodiment of the invention; and Fig 2 is a front view of a card for use in the method .
In the method of this embodiment, computer software is supplied to a purchaser on a suitable medium such as a floppy disk in the usual way and this is packaged together with a card 10 which will be described in further detail below. The software as supplied includes the security routines which will now be described with reference to Fig 1.
When the software is first loaded on a computer, it searches that computer for a pre-defined item or items of data which is/are permanent and either unique to that computer or unlikely to be commonly occurring in the population of computers . This item or combination of items of data will be referred to hereinafter as a "unique data identifier" (UDI). This UDI may preferably be one or more data items available on the hard disk such as the hard disk date, but other items are equally usable such as an identifier code on a network card.
Once the UDI has been found, it is encrypted by a simple routine to form a first number. In this preferred embodiment the first number is a seven digit number in which some positions are random numbers which are ignored in the further steps to be described, and other positions are the UDI modified by adding or subtracting predefined numbers.
The seven digit number is then displayed on the computer screen and the user is requested to enter this number on the card 10. Referring to Fig 2, the card 10 is a credit card sized calculator having a keyboard 12 and a display 14. The card 10 contains a conventional chip which has a predefined mathematical algorithm burned in during manufacture. The user keys in the seven digit number which is processed via the algorithm, with the random numbers being ignored, to produce a second number, preferably in the form of five digit number.
Before leaving Fig 2, it should be noted that the card 10 may be provided with OK and clear keys. This allows the user to compare the number which he has keyed in with the seven digit number on the computer screen before pressing the OK key. The card 10 is preferably set up in such a way that the user may make only a limited number of entries, for example three.
Once the second, five digit number is displayed on the card 10 the user enters this in the computer via a keyboard. The software loaded in the computer contains the same algorithm and therefore can translate the second number via the algorithm into the format of the first number and check that these correspond.
The second, five digit number is retained as part of the software thereafter and each time the software is run the seven digit number is generated and compared via the algorithm of the stored five digit number. The effect of this arrangement is that the software can be copied freely from one machine to another but will only ever run on the machine on which it was first installed.
It will be seen that the invention relies upon the use of an algorithm which is resident in the software and is also resident in an external device such as the card 10, and on the use of the algorithm to manipulate some numerical value which is unique (or nearly so) to a . specific machine. The card could become disabled after use and have to be thrown away or returned to the supplier. However more sophisticated arrangements are possible. For example, it would be possible to make use of similar process steps to deinstall the software from the machine on which it was first loaded and reinstalled on another machine, with the algorithm hidden in the card being used to authorise the deinstallation.
Although described with particular reference to computer software loaded into a computer, the invention is applicable to other forms of digital data. It could for instance be used with CD-ROMs purchased for information rather than software.

Claims

1. A method of preventing unauthorised use of digital data, in which said data is loaded on a carrier medium together with a predetermined algorithm, the carrier medium is supplied to a user together with a separate device in which the same predetermined algorithm is encoded, and when the data is first loaded on a user machine a data item associated with that machine is identified and twice modified by use of the algorithm, once within the user machine and once within the separate device.
2. A method according to claim 1, in which when the data is first loaded in a user machine at least one data item unique to that machine is encrypted to form a first number, the first number is displayed on a screen, the user keys the first number into the external device wherein it is decrypted and transformed via the algorithm to provide a second number which is displayed to the user, and the user then enters the second number in the user machine wherein it is subsequently retained.
3. A method according to claim 2, in which, when the data is subsequently to be used, the user machine locates said unique data item(s) and encrypts it to form said first number, and compares the first number now generated with the stored second number via the predetermined algorithm to authorise or deny use.
4. A method according to claim 2 or claim 3, in which the data includes software enabling the data to be deinstalled from that user machine by a process including deletion of the algorithm from that machine.
5. A device for use in the method of any of the foregoing claims, the device including data entry means, calculating means including embedded data defining said algorithm, and data output means, whereby entry of said first number leads to the outputting of said second number.
6. A device according to claim 5, in which the data entry means is a keyboard and the data output means is a display.
7. A device according to claim 6, the device being a self-contained, readily portable (preferably credit card sized) unit.
PCT/GB1998/002957 1997-10-04 1998-10-05 Method and apparatus for digital data security WO1999018490A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU92750/98A AU9275098A (en) 1997-10-04 1998-10-05 Method and apparatus for digital data security

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GBGB9721053.8A GB9721053D0 (en) 1997-10-04 1997-10-04 Software guardcard
GB9721053.8 1997-10-04

Publications (1)

Publication Number Publication Date
WO1999018490A1 true WO1999018490A1 (en) 1999-04-15

Family

ID=10820037

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB1998/002957 WO1999018490A1 (en) 1997-10-04 1998-10-05 Method and apparatus for digital data security

Country Status (3)

Country Link
AU (1) AU9275098A (en)
GB (1) GB9721053D0 (en)
WO (1) WO1999018490A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2003036442A3 (en) * 2001-10-26 2004-03-18 Koninkl Philips Electronics Nv Method for binding a software data domain to specific hardware
WO2008034900A1 (en) * 2006-09-21 2008-03-27 Boesgaard Soerensen Hans Marti Fabrication of computer executable program files from source code
US8468351B2 (en) 2006-12-15 2013-06-18 Codesealer Aps Digital data authentication
US9471910B2 (en) 1999-10-25 2016-10-18 Smartflash, LLC Data storage and access systems

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0302710A2 (en) * 1987-08-05 1989-02-08 International Business Machines Corporation A method of controlling the use of computer programs
FR2654234A1 (en) * 1989-11-03 1991-05-10 Gremillet Dominique Device and method for producing hardware or software, dynamic and random locks associated with dynamic and intelligent keys
US5259029A (en) * 1990-05-16 1993-11-02 Duncan Jr F Jeff Decoding device for computer software protection

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0302710A2 (en) * 1987-08-05 1989-02-08 International Business Machines Corporation A method of controlling the use of computer programs
FR2654234A1 (en) * 1989-11-03 1991-05-10 Gremillet Dominique Device and method for producing hardware or software, dynamic and random locks associated with dynamic and intelligent keys
US5259029A (en) * 1990-05-16 1993-11-02 Duncan Jr F Jeff Decoding device for computer software protection

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9471910B2 (en) 1999-10-25 2016-10-18 Smartflash, LLC Data storage and access systems
WO2003036442A3 (en) * 2001-10-26 2004-03-18 Koninkl Philips Electronics Nv Method for binding a software data domain to specific hardware
WO2008034900A1 (en) * 2006-09-21 2008-03-27 Boesgaard Soerensen Hans Marti Fabrication of computer executable program files from source code
US8468351B2 (en) 2006-12-15 2013-06-18 Codesealer Aps Digital data authentication
US8949607B2 (en) 2006-12-15 2015-02-03 Codesealer Aps Digital data authentication

Also Published As

Publication number Publication date
AU9275098A (en) 1999-04-27
GB9721053D0 (en) 1997-12-03

Similar Documents

Publication Publication Date Title
US5689560A (en) Method and apparatus for enabling trial period use of software products: method and apparatus for allowing a try-and-buy user interaction
EP0679977B1 (en) Method and apparatus enabling software trial allowing the distribution of software objects
CA2143874C (en) Method and apparatus for enabling trial period use of software products: method and apparatus for utilizing a decryption stub
US5757908A (en) Method and apparatus for enabling trial period use of software products: method and apparatus for utilizing an encryption header
US5757907A (en) Method and apparatus for enabling trial period use of software products: method and apparatus for generating a machine-dependent identification
JP3243331B2 (en) Method for creating layered medium for software management, apparatus for creating layered medium for software management, and layered medium for software management
US5103476A (en) Secure system for activating personal computer software at remote locations
US5553139A (en) Method and apparatus for electronic license distribution
EP0636962A3 (en) Method of software distribution protection
WO2000075760A1 (en) Method and system for preventing the unauthorized use of software
JPH10240520A (en) Method and system for using individual information as key at the time of distributing information
KR19990029307A (en) Method and system for controlling access to services provided electronically
JP2002116839A (en) Method for protecting computer software and/or computer readable data and device for the same
JPH08335182A (en) File protection system, software usage system using the file protection system, and recording medium used in the software usage system
US20060112019A1 (en) System and method of authenticating licensed computer programs
US20060212649A1 (en) License table for software protection
JP2001175468A (en) Method and device for controlling use of software
US5710817A (en) Method and device for preventing unauthorized access to a computer system
WO1999018490A1 (en) Method and apparatus for digital data security
US20040010470A1 (en) Anti-piracy system for software and digital entertainment
EP0624267B1 (en) Method and device for preventing unauthorised access to a computer system
US6992563B1 (en) Method for protecting devices, specially car radios, against theft
JP2009003700A (en) Program for permitting prescribed processing of application
JP3289656B2 (en) Program execution control method
JPH08129486A (en) Method for protecting software copyright

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

WWE Wipo information: entry into national phase

Ref document number: 1998945422

Country of ref document: EP

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
NENP Non-entry into the national phase

Ref country code: KR

WWW Wipo information: withdrawn in national office

Ref document number: 1998945422

Country of ref document: EP

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: CA