WO2001095073A1 - A method relating to copy protection - Google Patents

A method relating to copy protection Download PDF

Info

Publication number
WO2001095073A1
WO2001095073A1 PCT/SE2001/001310 SE0101310W WO0195073A1 WO 2001095073 A1 WO2001095073 A1 WO 2001095073A1 SE 0101310 W SE0101310 W SE 0101310W WO 0195073 A1 WO0195073 A1 WO 0195073A1
Authority
WO
WIPO (PCT)
Prior art keywords
computer
data
readable data
computer readable
hardware
Prior art date
Application number
PCT/SE2001/001310
Other languages
French (fr)
Inventor
Stefan Mankefors
Original Assignee
Forskarpatent I Väst Ab
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Forskarpatent I Väst Ab filed Critical Forskarpatent I Väst Ab
Priority to AU2001274723A priority Critical patent/AU2001274723A1/en
Publication of WO2001095073A1 publication Critical patent/WO2001095073A1/en

Links

Classifications

    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/00166Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving measures which result in a restriction to authorised contents recorded on or reproduced from a record carrier, e.g. music or software
    • GPHYSICS
    • G11INFORMATION STORAGE
    • G11BINFORMATION STORAGE BASED ON RELATIVE MOVEMENT BETWEEN RECORD CARRIER AND TRANSDUCER
    • G11B20/00Signal processing not specific to the method of recording or reproducing; Circuits therefor
    • G11B20/00086Circuits for prevention of unauthorised reproduction or copying, e.g. piracy
    • G11B20/0021Circuits for prevention of unauthorised reproduction or copying, e.g. piracy involving encryption or decryption of contents recorded on or reproduced from a record carrier

Definitions

  • the present invention relates to a method and arrangement for protecting a set of data, such as a computer program arranged on a computer readable media, from unauthorised access and duplication
  • the present invention relates to a method of preventing unauthorised reproduction of a first set of computer readable data, said computer being provided with a second set of computer readable data provided as Operating System instruction and data set and the method comprising a step of generating a set of control data.
  • the arrangement also relates to a method for distribution of the protection related means and protected software.
  • Company or organisation-based protection a system operator (sysop) or a person having a similar function takes care of the licences and has control over the installed programs.
  • this type of protection is limited to the company/organisation and presumes careful management of the network and licences corresponding to the installed programs.
  • this type of management is usually limited to the UNIX systems and rarely found within the PC or Macintosh-based networks.
  • Such networks comprise of many standalone computers with very little insight from the sysop. In such a premise, it is primarily the internal rules (preferably with respect to copyright legislation), which police and prevent illegal and unauthorised copying of the software. Nevertheless, it is important to distinguish the legally acquired programs of the employers from the employees' private downloaded and/or copied ones.
  • Software-based protection a program executes different types of control, which can result in elimination of unauthorised execution. Unlike above described protection types, the software-based protection is non-invasive and accompanies the distributed software in a natural way, without a need for additional or special equipment. Furthermore, it cannot be dismissed without extra efforts and through change or upgrade of storage means or the like.
  • the software-based protection is independent of the storage medium, administration and user. At the same time the software-based protection does not encroach on the personal integrity of the users. It is also the most common way of protection.
  • the software protection is realised in the form of serial numbers, locking code, code keys etc., without which it is not possible to start a program or it provides for a limited try and buy period. A copy of the installation program without correct key is unusable. This solution is common and is used by, e.g. Microsoft ® for Windows ® , MS Office ® etc.
  • the software in an initial phase controls the legitimacy of the user by asking for a code, usually in the form of a serial number, a code key, a colour code etc., which is compared to an internally stored code. If the code is correct, the software can be used. To provide a user- friendly way and avoid unnecessary interruptions and inquiries for the code, the procedure is usually used only once.
  • More advanced software-based protection methods compare the code with a hardware-based serial number, e.g. a serial number of the network card, the size of hard disk or the like to control whether the installed software has been moved or not. If the program has been moved, it cannot be run. In some cases, the software communicates the serial number towards the outside world if the computer is connected, e.g. to Internet. If the program finds a copy of itself registered somewhere else, it stops running.
  • a hardware-based serial number e.g. a serial number of the network card, the size of hard disk or the like
  • the code key and the installation program are portable and can be installed anywhere. Usually, the code key and the program can be duplicated and distributed.
  • connection link preferably a permanent one, which excludes the home/home office users without (permanent) connection possibilities. It is also possible to manipulate the scripts, communication related system files or simply interrupt the Internet connection.
  • the initiation control which searches for a proof that the code key has been used, normally uses one or several indicator "flags". It is possible to copy the flag file together with the corresponding program, which then can be distributed. In this case, it does not matter if a unique code key, e.g. the serial number of a hardware device, is used as long as the flag file is copied (and maybe manipulated) and distributed. There is no difference between the copied flag file and the original flag file. From the program's point of view, it will be considered a legitimate copy if intact flag files are found. Thus, due to the problems with the flag files, the control of the original hardware (serial number) is less important.
  • US 5,199,066 discloses a method and system for protecting a software program recorded within a storage medium for use with or transmission to computer or processor-based hardware It comprises inputting a hardware code uniquely associated with the particular hardware and inputting a first software code uniquely associated with the particular embodiment of the software. A first predetermined operation is performed upon the hardware code and the first software code to produce an intermediate code. A unique activation code obtained from the software supplier is inputted and a second predetermined operation is performed upon the intermediate code and the activation code to produce a second intermediate code. The second intermediate code is compared to a second software code uniquely associated with the particular embodiment of the software and stored in a hidden location within the software. The use of the software is enabled only if the second intermediate code and the second software code are identical.
  • EP 598 587 relates to a method for locking software programs to a particular disk, comprising the steps of creating several files, one with a fixed name and at least one other file having a random name, saving the head, cylinder and sector information for each of the files in the corresponding file along with use count information, saving the names of all the files in the first file with the fixed name, and encrypting all the files.
  • This program locking method permits the distribution of trial copies of software programs and limits the risk that the program will be copied or used more than the permitted number of times.
  • US 5,745,568 presents a method of securing CD-ROM data for exclusive retrieval by a specified computer system and includes the steps of ordering a computer system designating a selected hardware configuration and selected software components and procuring the selected hardware.
  • a hardware identifier is then associated to the selected hardware.
  • the method further includes the step of producing a compact disc read-only memory (CD-ROM) containing software program files corresponding to the selected software components. This step includes the sub steps of encrypting the software program files using the hardware identifier as an encryption key and writing the encrypted software program files to the CD- ROM.
  • the CD-ROM securing method also includes the step of installing the software programs on the selected hardware including the sub steps of retrieving the hardware identifier associated to the selected hardware, decrypting the software program files using the hardware identifier as a decryption key and installing the decrypted software program files on the hardware.
  • the international application WO 98/43169 relates to a secure data storage system comprising a secured data file, a secured system file, and a data file application.
  • the secured data file may have a verification system operable to allow access to the secured data file only upon receipt of a unique identifier matching a stored, unique identifier.
  • the data file application may be operable to communicate the unique identifier to the secured data file to access the data file in a secured session.
  • the secured system file may be linked to the data file application to establish access privileges during the secured session.
  • US 5,509,070 discloses a method and apparatus of encouraging distribution, registration, and purchase of free copyable software and other digital information, which is accessed on a User's System via a Programmer's Program.
  • Software tools which can be incorporated into a Programmer's Program, allow the User to access Advanced Features of the Programmer's Program only in the presence of a valid Password, which is unique to a particular Target ID generated on an ID-Target such as the User's system. Advanced features will thus re-lock if the Password is copied to another ID-target. If a valid Password is not present, the User is invited to obtain one, and provided with the means of doing so, and of installing that
  • the present invention also provides Programmers with means to invoke business operations as well as computational operations with their programs, and thus to automatically obtain payment from Users who elect to obtain passwords.
  • a computer software security system for restricting execution of a computer program to a particular machine including means for storing a Machine Identification Code (MIC) in the program and means for determining the presence of the MIC in the means for storing during execution of the program is described in US 4,688,169.
  • a machine identification code unique to the machine is retrieved and compared with the MIC in the program. The system prevents further execution of the program unless both codes are present and match.
  • the MIC is stored in the Operating System (OS) file of the computer.
  • OS Operating System
  • the security system according to this embodiment is implemented inside the OS, thus having an area reserved for storing the MIC within the OS. This makes the system less secure.
  • the security system is not flexible, as it requires modification of the OS to implement the security system program. It does not allow using separate software, i.e. an application not integrated with the OS, which is the intention of the present invention.
  • To boot a computer is to load an operating system into the computer's main memory or RAM (Random Access Memory). Once the operating system is loaded (and, for example, on a PC, the initial Windows ® or Mac ® desktop is displayed), it is ready for users to run application programs.
  • RAM Random Access Memory
  • boot On larger computers (including mainframes), the equivalent term for "boot” is “Initial Program Load (IPL)” and for “reboot” is “re-IPL.”
  • IPL Initial Program Load
  • re-IPL re-IPL
  • Boot is also used as a noun for the act of booting, as in “a system boot.” The booting of an operating system works by loading a very small program into the computer and then giving that program control so that it in turn loads the entire operating system.
  • Booting or loading an operating system is different from installing it, which is generally an initial one-time activity.
  • an operating system is installed, it is set up so that when the computer is turned on, the system is automatically booted as well.
  • the operating system is set up to boot (load into RAM) automatically in this sequence:
  • BIOS Basic Input-Output System
  • ROM read-only memory
  • BIOS first does a "power-on self test” (POST) to make sure all the computer's components are operational. Then the BIOS's boot program looks for the special boot programs that will actually load the operating system onto the hard disk.
  • POST power-on self test
  • BIOS may look to drive A at a specific place where operating system boot files are located. If the operating system is MS-DOS, for example, it will find two files named IO.SYS and MSDOS.SYS. If there is a diskette in drive "A" but it is not a system disk, BIOS will send a message that drive A doesn't contain a system disk. If there is no diskette in drive A (which is the most common case), BIOS looks for the system files at a specific place on the hard drive.
  • BIOS next looks at the first sector (a 512-byte area) and copies information from it into specific locations in RAM. This information is known as the boot record or Master Boot Record.
  • the boot record contains a program that BIOS now branches to, giving the boot record control of the computer.
  • the boot record loads the initial system file (for example, for DOS systems, IO.SYS) into RAM from the diskette or hard disk.
  • initial system file for example, for DOS systems, IO.SYS
  • the initial file (for example, IO.SYS, which includes a program called SYSINIT) then loads the rest of the operating system into RAM. (At this point, the boot record is no longer needed and can be overlaid by other data.)
  • the initial file (for example, SYSINIT) loads a system file (for example MSDOS.SYS) that knows how to work with the BIOS.
  • a system file for example MSDOS.SYS
  • One of the first operating system files that is loaded is a system configuration file (for DOS, it is called CONFIG.SYS).
  • Information in the configuration file tells the loading program which specific operating system files need to be loaded (for example, specific device drivers).
  • Another special file that is loaded is one that tells which specific applications or commands the user wants to have included or performed as part of the boot process.
  • this file is named AUTOEXEC.BAT.
  • Windows it is called WIN.INI.
  • the operating system is given control of the computer and performs requested initial commands and then waits for the first interactive user input.
  • the main object of the present invention is to provide an effective method, which obstructs and makes unauthorised copying of a set of data or software very difficult, preferably impossible.
  • the object of the present invention is to provide an application, which is not part of the Operating System of a computer but can be installed on the computer, e.g. as a third party application, but uses the data set constituting the Operating System for providing the necessary security.
  • the set of control data is generated by means of a third set of computer readable data set being separate from said second set of computer readable data set, and that said second set of computer readable data is manipulated by inserting said set of control data within a portion of said second set of computer readable data when installing said first set of computer readable data.
  • Said set of control data is generated with respect to information about the hardware portion of said computer.
  • generating said set of control data with respect to a set of data received from a provider of said first set of computer readable data. The set of data received from the provider is non-recurrent.
  • the hardware related information comprises one or several of a component identity, program execution time, program installation time, number of files on a hard disk of said computer, size of hard disk and/or pointer device position.
  • Further step comprises a control sequence in which in a first step a set of control data is generated, and in a second step, said set of control data is compared with said data stored within said portion of said second set of computer readable data being part of said operating system.
  • the invention also relates to a method of preventing unauthorised reproduction of a set of computer readable data, said computer being provided with an Operating System.
  • the method comprises the steps of: a) providing an instruction set being separate from said operating system, b) a first control, including a computer hardware control for acquiring hardware-based information, c) comparing said acquired information with previously stored information, d) in case that the hardware information is not changed, acquiring a hardware-based configuration e) generating at least one unique location for a security resource within a portion of said
  • the Operating System based on a hardware identity and/or hardware configuration, f) controlling the presence of said resource and, in case the resource is present, performing a self consistency inspection, g) in case of a positive inspection result, generating a new unique location, h) performing a search for controlling pre-installations in this new unique location and performing a self-consistency, and i) in case of self-consistency, processing said set of computer readable data.
  • the computer hardware control comprises acquiring a serial or part number of a machine part.
  • the hardware identifier is used to initialise a random-number generator, which generates one or several random locations within said Operating System file, based on the input information. The locations are always the same as long as the initialising numbers are the same.
  • the resource includes a flag and a correctly stored address of the flags or identity.
  • the self-consistency inspection includes inspection of time of installation of program and/or additional random numbers. Security is achieved as the location is unique both with respect to the hardware based information and also the program installation time.
  • it is firstly controlled whether a first resource is present, and if it does not, a first resource is installed and installation mode is initiated. If a first resource exists, it is controlled whether the method is in an installation mode and if the self-consistency exists and, if the result is negative, processing of said set of computer readable data is stopped.
  • an operator is asked for a code key obtained from a supplier of said set of data. If a correct code key is entered and being consistent, the control is approved and said set of computer-readable data is processed.
  • the invention also refers to a method for purchasing and securing software in a system comprising a costumer computer, a server, a database and a key server.
  • the method comprises: purchasing or downloading by a customer software, installing said software on said customer computer and registering said software in said database, registering said software having a unique code, using a copy protection system, which is also installed on said customer computer substantially frequently accessing the database, and communicating by said installed software with the database for unlocking said software.
  • the invention relates to an article of manufacture comprising: a computer- usable medium having a computer-readable program code and means embodied therein for preventing unauthorised reproduction of a first set of computer readable data, said computer being provided with a second set of computer readable data provided as Operating System instruction and data set and the method comprising a step of generating a set of control data, wherein said set of control data is generated by means of a third set of computer readable data set being separate from said second set of computer readable data set, and said second set of computer readable data being manipulated by inserting said set of control data within a portion of said second set of computer readable data when installing said first set of computer readable data.
  • the invention relates a computer data signal embodied in a carrier wave comprising a first set of computer-readable set of data, for preventing unauthorised reproduction of a first set of computer readable data, said computer being provided with a second set of computer readable data provided as Operating System instruction and data set and the method comprising a step of generating a set of control data, wherein said set of control data is generated by means of a third set of computer readable data set being separate from said second set of computer readable data set, and said second set of computer readable data is manipulated by inserting said set of control data within a portion of said second set of computer readable data when installing said first set of computer readable data.
  • the invention in a computer provided with an operative system, relates to a computer program product for use with an executable computer program, said computer program product comprising: an instruction set for preventing unauthorised reproduction of a first set of computer readable data, said computer being provided with a second set of computer readable data provided as Operating System instruction and data set and the method comprising a step of generating a set of control data, wherein said set of control data is generated by means of a third set of computer readable data set being separate from said second set of computer readable data set, and said second set of computer readable data is manipulated by inserting said set of control data within a portion of said second set of computer readable data when installing said first set of computer readable data.
  • the invention also relates to a system for managing a security code distribution for preventing unauthorised reproduction of a first set of computer-readable data, the system being established as a partnership, each partner being one of a plurality of users of said set of computer-readable data, or distributors and/or developers of the same, comprising: (a) a computer processor means for processing data;
  • second means for generating an instruction set to be delivered to at least one of said distributors and/or developers for integration with said first set of computer- readable data, said instruction set being provided for generating control data for preventing unauthorised reproduction of said first set of computer-readable data
  • third means for storing said instruction set on said storage medium
  • fourth means for making said instruction set on said storage medium available for distribution to one of said distributors and/or developers on demand.
  • the instruction set is a compiled program code and the instruction set integrated with said first set of computer-readable data on a computer is modified with respect to hardware information and requiring a first code key from said system in return for an identity code.
  • the identity code comprises one or several of hardware identity, installation-based information or a unique identifier.
  • the system provides a key of a first type when installing a first set of data, which allows installation of the program.
  • the system provides said developer/distributor with a key of second type, which allows producing and/or distributing keys of first type specific for the instruction set of the developer/distributor.
  • the invention also relates to a computer unit comprising memory unit, input/output units and a mass storage unit, on which an operating system file is provided for controlling functions of said computer unit, and programs for running application on said computer unit. It further comprises a set of instruction codes for preventing unauthorised reproduction of at least one of said programs running application on said computer unit, through generating a set of control data, and storing said set of control data within a portion of a second set of computer- readable data being part of said operating system of said computer, when installing said first set of computer-readable data.
  • Fig. 1 is a block diagram showing a system according to the invention
  • FIGs. 2 and 3 are flowcharts showing the main steps of a possible method according to the invention
  • Fig. 4 is a block diagram showing a part of a security distribution mechanism, according to a first example in accordance with the present invention.
  • Fig. 5 is a block diagram showing a part of a security distribution mechanism, according to a second example in accordance with the present invention.
  • a controlling mechanism for controlling the hardware identity or related information of the computer or unique information based on hardware identity, such as an internal card, processor or other component identity, hard disk size, installation time or date, number of files on the hard disk and/or mouse pointer position etc., for verifying that the software runs on the correct computer,
  • the concept of the present invention includes a combination of different control methods, of which two are partly known and one is novel and not employed before.
  • non-recurrent codes i.e. codes that can be used only once for a transaction, a connection or the like, thus, providing a very secure and non-forcible code.
  • non-recurrent codes i.e. codes that can be used only once for a transaction, a connection or the like.
  • this is not a very user-friendly and optimal way and will probably intimidate him.
  • the technique of non-recurrent codes can be used during the installation process of a software package.
  • the term "non- recurrent" relates to a unique code that can be obtained only once. Consequently, the nonrecurrent codes will guarantee that the user can install the software only once.
  • a unique nonrecurrent code key can be included in the software package when it is purchased or downloaded from a site on the Internet, BBS or the like. It is of course possible to obtain a number of unique non-recurrent code keys for several installations. It means that the code key will not be included in the program installation and must be obtained separately.
  • the non-recurrent code key combined with hardware (identity) control provides very strong protection.
  • the user can be provided with specific information to complete a non-recurrent code and not until after that will the user be provided with the code key.
  • the hardware information may comprise a serial or identity number of a network card, a graphic card, an installation location of the operative system or other system-related programs, an assigned EP number of the specific computer etc., or a combination of the above.
  • the identity numbers can be encrypted for further security.
  • One embodiment of the system 10, according to the invention illustrated in Fig. 1, and applied on a PC or similar computer unit 11 involves: * means 12 for obtaining hardware-based information from one or several parts of the computer unit 11 ;
  • the flags are saved in a file, which can be a part of the program itself or placed at another location on the hard disk or a storage arrangement , which is "difficult" to find.
  • a new method is suggested, which involves storage of the flags (control information or an identification code) within the only continuous program in a computer, i.e. the Operating System file(s). It means that, instead of generating and storing one or several flags in special files, the flags are inserted inside one or several existing Operating System files, by manipulating the existing system files.
  • the invention is realised as an application, which is not part of the existing Operating System, but as a program installed on the computer. *
  • a hardware check is performed 205, e.g. by acquiring a serial or part number of a network card or the like.
  • hardware based configuration is acquired, 215.
  • One or more unique locations are then generated, 220, for security resources (flags) within an Operating System file, based on the hardware identity and hardware configuration.
  • the hardware identifier is used to initialise a random-number generator. The generator in turn generates one or several random locations within the system file, based on the input information, e.g. as the random generator seed. These locations are always the same as long as the initialising numbers are the same.
  • step 225 if both resources do not exist, it is firstly controlled whether the first resource is present 275. If it does not exist, a first resource is installed and installation mode is initiated 280. However, if the first resource exists, it is determined 285 whether it is the installation mode and self-consistency, which is correct. If the result is negative, the check fails 290 and the program is stopped 270. If the second resource exists but not the first one, it is assumed that the preferences are changed and the program will not run. Nevertheless, if it is the installation mode, the user is asked 295 for a code key obtained from the supplier. If the code key is entered and it is consistent 300 and 305, the control is approved 310 and the program is allowed to execute 265. The installation mode is executed only once
  • the above procedure may carry out a control that the generated addresses of the system file are not occupied, and if so, new addresses are generated and controlled.
  • a call to a system command such as, e.g. AddResource () is used to insert the flags.
  • AddResource a system command
  • adding data to the system files is a normal procedure for many programmes during installation and execution, the modification of the system files is not concerned to create any problems, e.g. for programmes checking for virus.
  • These types of programs have options for controlling the size or date of the files and normally indicate such changes.
  • the invention does not prevent uninstallation or reinstallation of the protected software. It is possible to uninstall the flags and thereby obtain a new code key, for example when moving the software to a new computer.
  • the method comprises the steps of:
  • a Copy Protection Deliverer (CPD) 40 can establish a "code key center".
  • the CPD operation consists of delivering 400 a "lock cylinder", which includes a compiled program code to the software suppliers 41.
  • the "cylinder” 42 is a mechanism, i.e. a security shell to be attached to or integrated with the software (package) 43 to be sold.
  • the "cylinder” can be integrated into all programs or selected ones and have different security levels.
  • a user 44 installs software provided with a cylinder on a computer 45
  • the "cylinder" is modified with respect to the hardware information and the user is asked 401, 402 for a first key from CPD, in return for a series number or the like and hardware, installation-based information etc.
  • the CPD provides 403 a key, e.g. using a server that produces a key of a first type and returns it to the user, which allows installation of the program.
  • the CPD can provide 404 the software manufacturer/distributor with a key of a second type, which allows producing and distributing 405 keys of the first type specific for the manufacturer's/distributor's "cylinder".
  • CPD has a general key, which allows producing keys of the first and second type (or other types) based on this key and prevents redoubling of keys (of the second type), i.e. a Key Generating Key, based on or with the help of which, all other keys are generated. Through this procedure a track record can be generated that keeps track of the number of distributed cylinders and/or keys.
  • the program (including the cylinder) is uninstalled.
  • the software may produce a new installation code key or the user is asked for a correct code key to remove/move the program.
  • the code key may be obtained directly from the supplier or a number of code keys can be obtained when purchasing the program. This operation removes the key of first type and a new one is generated when the program is reinstalled. It is not possible to have two functional copies and one key.
  • the system 50 comprises a costumer computer 51, a server 52, a database 53 and a key server 54.
  • a customer downloads software from a download site or buys it in a local store.
  • the customer installs this software on computer 51 and registers 501 the software on a site 52 or within an installation program.
  • a database 53 the software (which has a unique code) is registered 502. It is possible to conduct a credit check (55) or the seller of the product already has issued a license key.
  • the Copy Protection System, CPS which is also installed on the customer's computer 51 frequently 'polls' 504 the database.
  • the installed software communicates 503 with the database so that it can be unlocked. The above-mentioned communication is performed in 3 steps.
  • Step 1 Poll the database to see if it is ok to unlock the software.
  • Step 2 The database sends an OK
  • Step 3 The CPS sends 504 an OK JUNLOCKED back to the database.
  • teachings of the present invention can be applied to other types of data than executable program data, such as music, film, textual data, books, newspapers etc.

Abstract

The present invention relates to a method of preventing unauthorised reproduction of a first set of computer readable data, said computer being provided with a second set of computer readable data provided as Operating System instruction and data set and the method comprising a step of generating a set of control data. The set of control data is generated by means of a third set of computer readable data set being separate from said second set of computer readable data set, and that said second set of computer readable data is manipulated by inserting said set of control data within a portion of said second set of computer readable data when installing said first set of computer readable data.

Description

TITLE
A METHOD RELATING TO COPY PROTECTION
TECHNICAL FIELD OF THE INVENTION
The present invention relates to a method and arrangement for protecting a set of data, such as a computer program arranged on a computer readable media, from unauthorised access and duplication
More particularly, the present invention relates to a method of preventing unauthorised reproduction of a first set of computer readable data, said computer being provided with a second set of computer readable data provided as Operating System instruction and data set and the method comprising a step of generating a set of control data.
The arrangement also relates to a method for distribution of the protection related means and protected software.
BACKGROUND OF THE INVENTION AND DESCRIPTION OF THE RELATED ART
The software industry loses large amounts of income each day due to unauthorised copy and distribution of software, so-called software piracy. According to BS A (Business Software Alliance) more than 38% of all software in use is illegally copied, worldwide. In 1998, piracy cost the software industry $11 billion in lost revenues. That translates into fewer jobs, less innovations, and higher costs for consumers. Software piracy costs US businesses $4.5 million in fines and legal fees in 1998, in the US alone, software piracy cost 109,000 jobs in 1998 and by 2008, piracy is expected to cost an additional 175,700 jobs (www.nopirecy . com) .
To prevent software piracy, presently several methods are suggested. These methods can be divided into three sections:
• Company or organisation-based protection: a system operator (sysop) or a person having a similar function takes care of the licences and has control over the installed programs. For natural reasons, this type of protection is limited to the company/organisation and presumes careful management of the network and licences corresponding to the installed programs. However, this type of management is usually limited to the UNIX systems and rarely found within the PC or Macintosh-based networks. Such networks comprise of many standalone computers with very little insight from the sysop. In such a premise, it is primarily the internal rules (preferably with respect to copyright legislation), which police and prevent illegal and unauthorised copying of the software. Nevertheless, it is important to distinguish the legally acquired programs of the employers from the employees' private downloaded and/or copied ones. The private use of the employee's software for example at home is a major problem, as the employees instead of buying the programs make private copies and installations. One factor that has contributed to this problem is easy access to CD-recording devices, which allow in a simple way mass storage and copying of the programs. • Different types of hardware-based protection: which are special devices connected to the computer. These devices must be installed to enable a program to run. This type of protection can be considered as "waterproof '. The CD-ROM player of the middle 90 's was one type of hardware-based protection, which necessitated use of CD-ROM for running certain types of programs, such as computer games, CAD programs etc. However, this opportunity was lost when CD-recorders (burners) were introduced at low and reasonable prices for the public. However, a hardware lock, which affected the function of the mouse and keyboard connected to the computer during the execution of a program, was introduced some years ago. It was connected to the computer whenever the program was running. Nevertheless, this solution was doomed to fail, as it was not flexible enough.
• Software-based protection: a program executes different types of control, which can result in elimination of unauthorised execution. Unlike above described protection types, the software-based protection is non-invasive and accompanies the distributed software in a natural way, without a need for additional or special equipment. Furthermore, it cannot be dismissed without extra efforts and through change or upgrade of storage means or the like. The software-based protection is independent of the storage medium, administration and user. At the same time the software-based protection does not encroach on the personal integrity of the users. It is also the most common way of protection. The software protection is realised in the form of serial numbers, locking code, code keys etc., without which it is not possible to start a program or it provides for a limited try and buy period. A copy of the installation program without correct key is unusable. This solution is common and is used by, e.g. Microsoft® for Windows®, MS Office® etc.
For better understanding of the strengths and weaknesses of the presently available software- based protection, it is necessary to study the involved mechanism. The most common is that the software in an initial phase controls the legitimacy of the user by asking for a code, usually in the form of a serial number, a code key, a colour code etc., which is compared to an internally stored code. If the code is correct, the software can be used. To provide a user- friendly way and avoid unnecessary interruptions and inquiries for the code, the procedure is usually used only once.
More advanced software-based protection methods compare the code with a hardware-based serial number, e.g. a serial number of the network card, the size of hard disk or the like to control whether the installed software has been moved or not. If the program has been moved, it cannot be run. In some cases, the software communicates the serial number towards the outside world if the computer is connected, e.g. to Internet. If the program finds a copy of itself registered somewhere else, it stops running.
In many cases, however, besides the first control of the code key, no further controls are carried out. Further drawbacks are:
* The code key and the installation program are portable and can be installed anywhere. Usually, the code key and the program can be duplicated and distributed.
* The control over the Internet demands a connection link, preferably a permanent one, which excludes the home/home office users without (permanent) connection possibilities. It is also possible to manipulate the scripts, communication related system files or simply interrupt the Internet connection.
* The initiation control, which searches for a proof that the code key has been used, normally uses one or several indicator "flags". It is possible to copy the flag file together with the corresponding program, which then can be distributed. In this case, it does not matter if a unique code key, e.g. the serial number of a hardware device, is used as long as the flag file is copied (and maybe manipulated) and distributed. There is no difference between the copied flag file and the original flag file. From the program's point of view, it will be considered a legitimate copy if intact flag files are found. Thus, due to the problems with the flag files, the control of the original hardware (serial number) is less important. There are also many ways to bypass the flag files or just "clone" the program and corresponding flag files and then run the program. There is no need for a "genuine" installation of the program, provided that the flag files are found, which is considered to be a simple operation, specially with all the help one can find on the Internet.
There are several patent documents disclosing different types of copy protection:
US 5,199,066 discloses a method and system for protecting a software program recorded within a storage medium for use with or transmission to computer or processor-based hardware It comprises inputting a hardware code uniquely associated with the particular hardware and inputting a first software code uniquely associated with the particular embodiment of the software. A first predetermined operation is performed upon the hardware code and the first software code to produce an intermediate code. A unique activation code obtained from the software supplier is inputted and a second predetermined operation is performed upon the intermediate code and the activation code to produce a second intermediate code. The second intermediate code is compared to a second software code uniquely associated with the particular embodiment of the software and stored in a hidden location within the software. The use of the software is enabled only if the second intermediate code and the second software code are identical.
EP 598 587 relates to a method for locking software programs to a particular disk, comprising the steps of creating several files, one with a fixed name and at least one other file having a random name, saving the head, cylinder and sector information for each of the files in the corresponding file along with use count information, saving the names of all the files in the first file with the fixed name, and encrypting all the files. This program locking method permits the distribution of trial copies of software programs and limits the risk that the program will be copied or used more than the permitted number of times. US 5,745,568 presents a method of securing CD-ROM data for exclusive retrieval by a specified computer system and includes the steps of ordering a computer system designating a selected hardware configuration and selected software components and procuring the selected hardware. A hardware identifier is then associated to the selected hardware. The method further includes the step of producing a compact disc read-only memory (CD-ROM) containing software program files corresponding to the selected software components. This step includes the sub steps of encrypting the software program files using the hardware identifier as an encryption key and writing the encrypted software program files to the CD- ROM. The CD-ROM securing method also includes the step of installing the software programs on the selected hardware including the sub steps of retrieving the hardware identifier associated to the selected hardware, decrypting the software program files using the hardware identifier as a decryption key and installing the decrypted software program files on the hardware.
The international application WO 98/43169 relates to a secure data storage system comprising a secured data file, a secured system file, and a data file application. The secured data file may have a verification system operable to allow access to the secured data file only upon receipt of a unique identifier matching a stored, unique identifier. The data file application may be operable to communicate the unique identifier to the secured data file to access the data file in a secured session. The secured system file may be linked to the data file application to establish access privileges during the secured session.
US 5,509,070 discloses a method and apparatus of encouraging distribution, registration, and purchase of free copyable software and other digital information, which is accessed on a User's System via a Programmer's Program. Software tools, which can be incorporated into a Programmer's Program, allow the User to access Advanced Features of the Programmer's Program only in the presence of a valid Password, which is unique to a particular Target ID generated on an ID-Target such as the User's system. Advanced features will thus re-lock if the Password is copied to another ID-target. If a valid Password is not present, the User is invited to obtain one, and provided with the means of doing so, and of installing that
Password in a place accessible to the User's System on subsequent occasions. The present invention also provides Programmers with means to invoke business operations as well as computational operations with their programs, and thus to automatically obtain payment from Users who elect to obtain passwords.
A computer software security system for restricting execution of a computer program to a particular machine, including means for storing a Machine Identification Code (MIC) in the program and means for determining the presence of the MIC in the means for storing during execution of the program is described in US 4,688,169. A machine identification code unique to the machine is retrieved and compared with the MIC in the program. The system prevents further execution of the program unless both codes are present and match. According to this patent, in one embodiment the MIC is stored in the Operating System (OS) file of the computer. However, as it appears from the description and the claims, the security system according to this embodiment is implemented inside the OS, thus having an area reserved for storing the MIC within the OS. This makes the system less secure. Moreover, the security system is not flexible, as it requires modification of the OS to implement the security system program. It does not allow using separate software, i.e. an application not integrated with the OS, which is the intention of the present invention.
Obviously, none of above-described methods provide an ideal protection, as the solutions are bulky for the user or the systems can easily be forced.
Definitions:
To boot a computer is to load an operating system into the computer's main memory or RAM (Random Access Memory). Once the operating system is loaded (and, for example, on a PC, the initial Windows® or Mac® desktop is displayed), it is ready for users to run application programs.
On larger computers (including mainframes), the equivalent term for "boot" is "Initial Program Load (IPL)" and for "reboot" is "re-IPL." Boot is also used as a noun for the act of booting, as in "a system boot." The booting of an operating system works by loading a very small program into the computer and then giving that program control so that it in turn loads the entire operating system.
Booting or loading an operating system is different from installing it, which is generally an initial one-time activity. Typically, when an operating system is installed, it is set up so that when the computer is turned on, the system is automatically booted as well.
Usually, the operating system is set up to boot (load into RAM) automatically in this sequence:
As soon as the computer is turned on, the Basic Input-Output System (BIOS) of the system's read-only memory (ROM) chip is started and takes charge. BIOS is already loaded because it is built-in to the ROM chip and, unlike RAM, ROM contents do not become erased when the computer is turned off.
BIOS first does a "power-on self test" (POST) to make sure all the computer's components are operational. Then the BIOS's boot program looks for the special boot programs that will actually load the operating system onto the hard disk.
First, it may look to drive A at a specific place where operating system boot files are located. If the operating system is MS-DOS, for example, it will find two files named IO.SYS and MSDOS.SYS. If there is a diskette in drive "A" but it is not a system disk, BIOS will send a message that drive A doesn't contain a system disk. If there is no diskette in drive A (which is the most common case), BIOS looks for the system files at a specific place on the hard drive.
Having identified the drive where boot files are located, BIOS next looks at the first sector (a 512-byte area) and copies information from it into specific locations in RAM. This information is known as the boot record or Master Boot Record.
It then loads the boot record into a specific place (hexadecimal address 7C00) in RAM. The boot record contains a program that BIOS now branches to, giving the boot record control of the computer.
The boot record loads the initial system file (for example, for DOS systems, IO.SYS) into RAM from the diskette or hard disk.
The initial file (for example, IO.SYS, which includes a program called SYSINIT) then loads the rest of the operating system into RAM. (At this point, the boot record is no longer needed and can be overlaid by other data.)
The initial file (for example, SYSINIT) loads a system file (for example MSDOS.SYS) that knows how to work with the BIOS.
One of the first operating system files that is loaded is a system configuration file (for DOS, it is called CONFIG.SYS). Information in the configuration file tells the loading program which specific operating system files need to be loaded (for example, specific device drivers).
Another special file that is loaded is one that tells which specific applications or commands the user wants to have included or performed as part of the boot process. In DOS, this file is named AUTOEXEC.BAT. In Windows, it is called WIN.INI.
Once all operating system files have been loaded, the operating system is given control of the computer and performs requested initial commands and then waits for the first interactive user input.
SUMMARY OF THE INVENTION
The main object of the present invention is to provide an effective method, which obstructs and makes unauthorised copying of a set of data or software very difficult, preferably impossible.
Furthermore, the object of the present invention is to provide an application, which is not part of the Operating System of a computer but can be installed on the computer, e.g. as a third party application, but uses the data set constituting the Operating System for providing the necessary security.
It is a further object of the invention to provide a system for program manufacturers and retailers to achieve a simple but very efficient copy protecting system. Accordingly, in the initially mentioned method, the set of control data is generated by means of a third set of computer readable data set being separate from said second set of computer readable data set, and that said second set of computer readable data is manipulated by inserting said set of control data within a portion of said second set of computer readable data when installing said first set of computer readable data. Said set of control data is generated with respect to information about the hardware portion of said computer. Preferably, generating said set of control data with respect to a set of data received from a provider of said first set of computer readable data. The set of data received from the provider is non-recurrent. The hardware related information comprises one or several of a component identity, program execution time, program installation time, number of files on a hard disk of said computer, size of hard disk and/or pointer device position. Further step comprises a control sequence in which in a first step a set of control data is generated, and in a second step, said set of control data is compared with said data stored within said portion of said second set of computer readable data being part of said operating system.
The invention also relates to a method of preventing unauthorised reproduction of a set of computer readable data, said computer being provided with an Operating System. The method comprises the steps of: a) providing an instruction set being separate from said operating system, b) a first control, including a computer hardware control for acquiring hardware-based information, c) comparing said acquired information with previously stored information, d) in case that the hardware information is not changed, acquiring a hardware-based configuration e) generating at least one unique location for a security resource within a portion of said
Operating System, based on a hardware identity and/or hardware configuration, f) controlling the presence of said resource and, in case the resource is present, performing a self consistency inspection, g) in case of a positive inspection result, generating a new unique location, h) performing a search for controlling pre-installations in this new unique location and performing a self-consistency, and i) in case of self-consistency, processing said set of computer readable data. Preferably, the computer hardware control comprises acquiring a serial or part number of a machine part. The hardware identifier is used to initialise a random-number generator, which generates one or several random locations within said Operating System file, based on the input information. The locations are always the same as long as the initialising numbers are the same. The resource includes a flag and a correctly stored address of the flags or identity. The self-consistency inspection includes inspection of time of installation of program and/or additional random numbers. Security is achieved as the location is unique both with respect to the hardware based information and also the program installation time. In absence of a resource, it is firstly controlled whether a first resource is present, and if it does not, a first resource is installed and installation mode is initiated. If a first resource exists, it is controlled whether the method is in an installation mode and if the self-consistency exists and, if the result is negative, processing of said set of computer readable data is stopped. In case of operation in installation mode, an operator is asked for a code key obtained from a supplier of said set of data. If a correct code key is entered and being consistent, the control is approved and said set of computer-readable data is processed.
The invention also refers to a method for purchasing and securing software in a system comprising a costumer computer, a server, a database and a key server. The method comprises: purchasing or downloading by a customer software, installing said software on said customer computer and registering said software in said database, registering said software having a unique code, using a copy protection system, which is also installed on said customer computer substantially frequently accessing the database, and communicating by said installed software with the database for unlocking said software.
hi one aspect the invention relates to an article of manufacture comprising: a computer- usable medium having a computer-readable program code and means embodied therein for preventing unauthorised reproduction of a first set of computer readable data, said computer being provided with a second set of computer readable data provided as Operating System instruction and data set and the method comprising a step of generating a set of control data, wherein said set of control data is generated by means of a third set of computer readable data set being separate from said second set of computer readable data set, and said second set of computer readable data being manipulated by inserting said set of control data within a portion of said second set of computer readable data when installing said first set of computer readable data.
According to another aspect the invention relates a computer data signal embodied in a carrier wave comprising a first set of computer-readable set of data, for preventing unauthorised reproduction of a first set of computer readable data, said computer being provided with a second set of computer readable data provided as Operating System instruction and data set and the method comprising a step of generating a set of control data, wherein said set of control data is generated by means of a third set of computer readable data set being separate from said second set of computer readable data set, and said second set of computer readable data is manipulated by inserting said set of control data within a portion of said second set of computer readable data when installing said first set of computer readable data.
According to yet another aspect, in a computer provided with an operative system, the invention relates to a computer program product for use with an executable computer program, said computer program product comprising: an instruction set for preventing unauthorised reproduction of a first set of computer readable data, said computer being provided with a second set of computer readable data provided as Operating System instruction and data set and the method comprising a step of generating a set of control data, wherein said set of control data is generated by means of a third set of computer readable data set being separate from said second set of computer readable data set, and said second set of computer readable data is manipulated by inserting said set of control data within a portion of said second set of computer readable data when installing said first set of computer readable data.
The invention also relates to a system for managing a security code distribution for preventing unauthorised reproduction of a first set of computer-readable data, the system being established as a partnership, each partner being one of a plurality of users of said set of computer-readable data, or distributors and/or developers of the same, comprising: (a) a computer processor means for processing data;
(b) storage means for storing data on a storage medium;
(c) first means for initializing the storage medium;
(d) second means for generating an instruction set to be delivered to at least one of said distributors and/or developers for integration with said first set of computer- readable data, said instruction set being provided for generating control data for preventing unauthorised reproduction of said first set of computer-readable data, (e) third means for storing said instruction set on said storage medium, and (f) fourth means for making said instruction set on said storage medium available for distribution to one of said distributors and/or developers on demand.
The instruction set is a compiled program code and the instruction set integrated with said first set of computer-readable data on a computer is modified with respect to hardware information and requiring a first code key from said system in return for an identity code. The identity code comprises one or several of hardware identity, installation-based information or a unique identifier. The system provides a key of a first type when installing a first set of data, which allows installation of the program. The system provides said developer/distributor with a key of second type, which allows producing and/or distributing keys of first type specific for the instruction set of the developer/distributor.
The invention also relates to a computer unit comprising memory unit, input/output units and a mass storage unit, on which an operating system file is provided for controlling functions of said computer unit, and programs for running application on said computer unit. It further comprises a set of instruction codes for preventing unauthorised reproduction of at least one of said programs running application on said computer unit, through generating a set of control data, and storing said set of control data within a portion of a second set of computer- readable data being part of said operating system of said computer, when installing said first set of computer-readable data.
BRIEF DESCRIPTION OF THE DRAWINGS
hi the following, the invention will be further described in a non-limiting way with reference to the accompanying drawings in which:
Fig. 1 is a block diagram showing a system according to the invention,
Figs. 2 and 3 are flowcharts showing the main steps of a possible method according to the invention, Fig. 4 is a block diagram showing a part of a security distribution mechanism, according to a first example in accordance with the present invention, and
Fig. 5 is a block diagram showing a part of a security distribution mechanism, according to a second example in accordance with the present invention.
DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS
The basic idea behind the present invention can be summarised by the fact that satisfactory protection is obtained if the software licenses are tied to a computer unit on which the software is intended to run and not to the user/buyer. For this reason the protection method suggested by the invention comprises the steps of:
* a controlling mechanism for controlling the hardware identity or related information of the computer or unique information based on hardware identity, such as an internal card, processor or other component identity, hard disk size, installation time or date, number of files on the hard disk and/or mouse pointer position etc., for verifying that the software runs on the correct computer,
* a unique protection for each sold software license, i.e. each installed software has a unique way of protection identification dedicated to it, preventing distribution of information about "hacking" and unauthorised accessing methods, and
* generating invisible and/or copy protected information on each individual computer.
Thus, the concept of the present invention includes a combination of different control methods, of which two are partly known and one is novel and not employed before.
Presently, a common approach in bank transactions using information technology is to use non-recurrent codes, i.e. codes that can be used only once for a transaction, a connection or the like, thus, providing a very secure and non-forcible code. However, for a user of, for example, a word-processing program, this is not a very user-friendly and optimal way and will probably intimidate him. Nevertheless, the technique of non-recurrent codes can be used during the installation process of a software package. In the following, the term "non- recurrent" relates to a unique code that can be obtained only once. Consequently, the nonrecurrent codes will guarantee that the user can install the software only once. A unique nonrecurrent code key can be included in the software package when it is purchased or downloaded from a site on the Internet, BBS or the like. It is of course possible to obtain a number of unique non-recurrent code keys for several installations. It means that the code key will not be included in the program installation and must be obtained separately.
The non-recurrent code key combined with hardware (identity) control provides very strong protection. During the installation of the program, the user can be provided with specific information to complete a non-recurrent code and not until after that will the user be provided with the code key. Thereby, it is possible to guarantee that the code key cannot be used for installation of the software on another computer. The hardware information may comprise a serial or identity number of a network card, a graphic card, an installation location of the operative system or other system-related programs, an assigned EP number of the specific computer etc., or a combination of the above. Preferably, the identity numbers can be encrypted for further security.
Implementation of this solution has been unsuccessful and bulky, as the problems relating to the encryption of the information or flag file(s) have remained unsolved. According to the invention, this problem is solved by using a new approach, which involves protection of the "verification flags" themselves, which is discussed in the following.
One embodiment of the system 10, according to the invention illustrated in Fig. 1, and applied on a PC or similar computer unit 11 involves: * means 12 for obtaining hardware-based information from one or several parts of the computer unit 11 ;
* means for accessing a unique code key from the software supplier, based on the hardware information together with a non-recurrent key 13 obtained from the user, i.e. the installed software becomes tied to the hardware at installation time, preferably the time of first execution of the program can be included in the code generation; and
* a verification routine, which makes it possible to save control information (flags) on a special location 14 accessible from the computer 11. Thus, the storage and verification of the flags, which certifies the authorised use of the program, is one of the most crucial parts of the invention. In the following, the term "flag" is used for all types of data that are stored on the computer and used as verification information.
In current applications, the flags are saved in a file, which can be a part of the program itself or placed at another location on the hard disk or a storage arrangement , which is "difficult" to find. According to the invention, a new method is suggested, which involves storage of the flags (control information or an identification code) within the only continuous program in a computer, i.e. the Operating System file(s). It means that, instead of generating and storing one or several flags in special files, the flags are inserted inside one or several existing Operating System files, by manipulating the existing system files. It should be noted that the invention is realised as an application, which is not part of the existing Operating System, but as a program installed on the computer. *
Because of the size of modern system files and innumerable additions, finding flags of related information is very difficult. In the Macintosh® operative system, MacOS, for example, there are approximately 10 addressing possibilities within a system file. The same is true for Windows®. It is also possible to change the address, position or the appearance of the flags in relation to the hardware-based information. However, the flags are contained in the system file. The advantage is obvious, finding information consisting of, e.g. 10 bytes within a 10 MB file is much more difficult than finding a file within for example ten thousand files. Moreover, changes, additions, modifications and manipulations of the system file involve great risks, which can end in a system failure or affect the correct function of the computer etc., which is not the case if a non-system file is manipulated. Also, a search for the flags in the system file will probably result in malfunction of the computer.
In addition, the solution based on the hardware specific flags makes it impossible to clone the entire system. It is not enough to copy and distribute the flags rather, they must be correct flags, which means that the system file of the computer running the copied program must also be copied or manipulated. A copied system file cannot be installed on other computers and a manipulated system file will certainly affect the computer operation. One example of a verification procedure according to the invention is realised in the flowchart of Figs. 2 and 3, detailing a non-limiting embodiment. The procedure starts with a control 200. The only input to the security routine can be a single Boolean variable. If this is given the value 'true', the security is accepted, if not the security has failed or there is a malfunction, then the main program shuts down. Then a hardware check is performed 205, e.g. by acquiring a serial or part number of a network card or the like. Following the control 210, if the hardware information is not changed, hardware based configuration is acquired, 215. One or more unique locations are then generated, 220, for security resources (flags) within an Operating System file, based on the hardware identity and hardware configuration. The hardware identifier is used to initialise a random-number generator. The generator in turn generates one or several random locations within the system file, based on the input information, e.g. as the random generator seed. These locations are always the same as long as the initialising numbers are the same.
Then a check is made 235 to determine whether both resources exist or not, i.e. the flags and the stored correct address of the flags or identity. If both resources exist, a self-consistency inspection is performed 225, which can include time of installation of program and additional random numbers. If the result of the inspection is positive 240, a new unique location can be generated 250 based on, for example the time of installation. Note that this location can be unique not only with respect to the machine, but also, e.g. the installation time. Then a search is carried out 255 for controlling pre-installations in this new unique location and whether it is self-consistent 260. If it is self-consistent, the program can be executed 265 (Fig. 3).
If the results of steps 210, 240, 255 and 260 are negative, the execution of the program is stopped, 270 (Fig. 3). In step 225, if both resources do not exist, it is firstly controlled whether the first resource is present 275. If it does not exist, a first resource is installed and installation mode is initiated 280. However, if the first resource exists, it is determined 285 whether it is the installation mode and self-consistency, which is correct. If the result is negative, the check fails 290 and the program is stopped 270. If the second resource exists but not the first one, it is assumed that the preferences are changed and the program will not run. Nevertheless, if it is the installation mode, the user is asked 295 for a code key obtained from the supplier. If the code key is entered and it is consistent 300 and 305, the control is approved 310 and the program is allowed to execute 265. The installation mode is executed only once
To avoid over- writing of information in the system files, the above procedure may carry out a control that the generated addresses of the system file are not occupied, and if so, new addresses are generated and controlled. In MacOS, for example, a call to a system command, such as, e.g. AddResource () is used to insert the flags. As adding data to the system files is a normal procedure for many programmes during installation and execution, the modification of the system files is not concerned to create any problems, e.g. for programmes checking for virus. These types of programs have options for controlling the size or date of the files and normally indicate such changes.
The invention does not prevent uninstallation or reinstallation of the protected software. It is possible to uninstall the flags and thereby obtain a new code key, for example when moving the software to a new computer. The method comprises the steps of:
* Obtaining hardware specific information when the software is installed in the new computer,
* when uninstalling the software from the old computer, which results in the deletion of the flags, a new non-recurrent code is generated in the old computer and entered by the user into the new computer, whereby a new code key for the new computer is generated,
* it is also possible (but not necessary) to install "uninstall flags" in the old computer.
Since the flags are deleted in the old computer, it is not possible to run the program on it and consequently no unauthorised copying is done.
The invention also provides for a method of distributing code keys through a new procedure. A Copy Protection Deliverer (CPD) 40 can establish a "code key center". Among others, the CPD operation consists of delivering 400 a "lock cylinder", which includes a compiled program code to the software suppliers 41. The "cylinder" 42 is a mechanism, i.e. a security shell to be attached to or integrated with the software (package) 43 to be sold. The "cylinder" can be integrated into all programs or selected ones and have different security levels. When a user 44 installs software provided with a cylinder on a computer 45, the "cylinder" is modified with respect to the hardware information and the user is asked 401, 402 for a first key from CPD, in return for a series number or the like and hardware, installation-based information etc. The CPD provides 403 a key, e.g. using a server that produces a key of a first type and returns it to the user, which allows installation of the program.
Additionally, the CPD can provide 404 the software manufacturer/distributor with a key of a second type, which allows producing and distributing 405 keys of the first type specific for the manufacturer's/distributor's "cylinder". CPD has a general key, which allows producing keys of the first and second type (or other types) based on this key and prevents redoubling of keys (of the second type), i.e. a Key Generating Key, based on or with the help of which, all other keys are generated. Through this procedure a track record can be generated that keeps track of the number of distributed cylinders and/or keys.
When the user wants to upgrade his computer or move the program to another computer, the program (including the cylinder) is uninstalled. Upon uninstallation, the software may produce a new installation code key or the user is asked for a correct code key to remove/move the program. The code key may be obtained directly from the supplier or a number of code keys can be obtained when purchasing the program. This operation removes the key of first type and a new one is generated when the program is reinstalled. It is not possible to have two functional copies and one key.
Another system for purchasing and securing software is illustrated in Fig. 5. The system 50 comprises a costumer computer 51, a server 52, a database 53 and a key server 54.
According to this example, a customer downloads software from a download site or buys it in a local store. The customer installs this software on computer 51 and registers 501 the software on a site 52 or within an installation program. In a database 53 the software (which has a unique code) is registered 502. It is possible to conduct a credit check (55) or the seller of the product already has issued a license key. The Copy Protection System, CPS, which is also installed on the customer's computer 51 frequently 'polls' 504 the database. The installed software communicates 503 with the database so that it can be unlocked. The above-mentioned communication is performed in 3 steps. Step 1: Poll the database to see if it is ok to unlock the software. Step 2: The database sends an OK Step 3 : The CPS sends 504 an OK JUNLOCKED back to the database.
Clearly, the teachings of the present invention can be applied to other types of data than executable program data, such as music, film, textual data, books, newspapers etc.
The invention is not limited the described embodiments. It can be varied in a number of ways without departing from the scope of the appended claims and the arrangement and the method can be implemented in various ways depending on application, functional units, needs and requirements etc.

Claims

1. A method of preventing unauthorised reproduction of a first set of computer readable data, said computer being provided with a second set of computer readable data provided as Operating System instruction and data set and the method comprising a step of generating a set of control data, characterised in that said set of control data is generated by means of a third set of computer readable data set being separate from said second set of computer readable data set, and that said second set of computer readable data is manipulated by inserting said set of control data within a portion of said second set of computer readable data when installing said first set of computer readable data.
2. The method of claim 1, characterised in that said set of control data is generated with respect to information about the hardware portion of said computer.
3. The method of claim 1 or 2, characterised by generating said set of control data with respect to a set of data received from a provider of said first set of computer readable data.
4. The method of claim 3, characterised in that said set of data received from the provider is non-recurrent.
5. The method of claim 2 or 3, characterised in that said hardware related information comprises one or several of a component identity, program execution time, program installation time, number of files on a hard disk of said computer, size of hard disk and/or pointer device position.
6. The method according to any of the preceding claims, - characterised by further comprising a control sequence in which in a first step a set of control data is generated, and in a second step, said set of control data is compared with said data stored within said portion of said second set of computer readable data being part of said operating system.
7. A method of preventing unauthorised reproduction of a set of computer readable data, said computer being provided with an Operating System, characterised in that said method comprises the steps of:
j) providing an instruction set being separate from said operating system, k) a first control (200), including a computer hardware confrol (205) for acquiring hardware-based information,
1) comparing said acquired information with previously stored information, m) in case that the hardware information is not changed, acquiring a hardware-based configuration (215) n) generating at least one unique location (220) for a security resource within a portion of said Operating System, based on a hardware identity and/or hardware configuration, o) controlling the presence of said resource and, in case the resource is present, performing a self consistency inspection (225), p) in case of a positive inspection result (240), generating a new unique location (250), q) performing a search (255) for controlling pre-installations in this new unique location and performing a self-consistency (260), and r) in case of self-consistency, processing said set of computer readable data (265).
8. The method according to claim 7, characterised in that said computer hardware control (205) comprises acquiring a serial or part number of a machine part.
9. The method according to claim 7, characterised in that the hardware identifier is used to initialise a random-number generator, which generates one or several random locations within said Operating System file, based on the input information.
10. The method according to claim 9, characterised in that said locations are always the same as long as the initialising numbers are the same.
11. The method according to claim 7, characterised in that said resource includes a flag and a correctly stored address of the flags or identity.
12. The method according to claim 7, characterised in that said self-consistency inspection (225) includes inspection of time of installation of program and/or additional random numbers.
13. The method according to claim 7, characterised in that the location is unique both with respect to the hardware based information and also the program installation time.
14. The method according to claim 7, characterised in that in absence of a resource, it is firstly controlled whether a first resource is present (275), and if it does not, a first resource is installed and installation mode is initiated (280).
15. The method according to claim 7, characterised in that if a first resource exists, it is controlled (285) whether the method is in an installation mode and if the self consistency exists and, if the result is negative, processing of said set of computer readable data is stopped (270).
16. The method according to claim 7, characterised in that in case of operation in installation mode, an operator is asked (295) for a code key obtained from a supplier of said set of data.
17. The method according to claim 16, characterised in that if a correct code key is entered and being consistent (300), the confrol is approved (310) and said set of computer-readable data is processed.
18. A method for purchasing and securing software in a system (50) comprising a costumer computer (51), a server (52), a database (53) and a key server (54), characterised by purchasing or downloading by a customer software, installing said software on said customer computer (51) and registering (501) said software in said database (53), registering said software having a unique code - using a copy protection system, which is also installed on said customer computer (51) substantially frequently 'polling' (504) the database, and communicating (503) by said installed software with the database for unlocking said software.
19. An article of manufacture comprising: a computer-usable medium having a computer-readable program code and means embodied therein for preventing unauthorised reproduction of a first set of computer readable data, said computer being provided with a second set of computer readable data provided as Operating System instruction and data set and the method comprising a step of generating a set of control data, wherein said set of control data is generated by means of a third set of computer readable data set being separate from said second set of computer readable data set, and said second set of computer readable data being manipulated by inserting said set of confrol data within a portion of said second set of computer readable data when installing said first set of computer readable data.
20. A computer data signal embodied in a carrier wave comprising a first set of computer- readable set of data, for preventing unauthorised reproduction of a first set of computer readable data, said computer being provided with a second set of computer readable data provided as Operating System instruction and data set and the method comprising a step of generating a set of confrol data, wherein said set of control data is generated by means of a third set of computer readable data set being separate from said second set of computer readable data set, and said second set of computer readable data is manipulated by inserting said set of control data within a portion of said second set of computer readable data when installing said first set of computer readable data.
21. In a computer provided with an operative system, a computer program product for use with an executable computer program, said computer program product comprising: an instruction set for preventing unauthorised reproduction of a first set of computer readable data, said computer being provided with a second set of computer readable data provided as Operating System instruction and data set and the method comprising a step of generating a set of control data, wherein said set of confrol data is generated by means of a third set of computer readable data set being separate from said second set of computer readable data set, and said second set of computer readable data is manipulated by inserting said set of control data within a portion of said second set of computer readable data when installing said first set of computer readable data.
22. A system for managing a security code distribution for preventing unauthorised reproduction of a first set of computer-readable data, the system being established as a partnership, each partner being one of a plurality of users of said set of computer-readable data, or distributors and/or developers of the same, comprising:
(a) a computer processor means for processing data;
(b) storage means for storing data on a storage medium; (c) first means for initializing the storage medium;
(g) second means for generating an instruction set to be delivered to at least one of said distributors and/or developers for integration with said first set of computer- readable data, said instruction set being provided for generating control data for preventing unauthorised reproduction of said first set of computer-readable data, (h) third means for storing said instruction set on said storage medium, and
(i) fourth means for making said instruction set on said storage medium available for distribution to one of said distributors and/or developers on demand.
23. The system according to claim 21, wherein said instruction set is a compiled program code.
24. The system according to claim 21, wherein said instruction set integrated with said first set of computer-readable data on a computer (45) is modified with respect to hardware information and requiring a first code key from said system in return for an identity code.
25. The system according to claim 23, wherein said identity code comprises one or several of hardware identity, installation-based information or a unique identifier.
26. The system according to claim 21, wherein it provides a key of a first type when installing a first set of data, which allows installation of the program.
27. The system according to any of claims 21-25, wherein it provides said developer/distributor with a key of second type, which allows producing and/or distributing keys of first type specific for the instruction set of the developer/distributor.
28. A computer unit comprising memory unit, input/output units and a mass storage unit, on which an operating system file is provided for controlling functions of said computer unit, and programs for running application on said computer unit, characterised in that it further comprises a set of instruction codes for preventing unauthorised reproduction of at least one of said programs running application on said computer unit, through generating a set of control data, and storing said set of control data within a portion of a second set of computer-readable data being part of said operating system of said computer, when installing said first set of computer-readable data.
PCT/SE2001/001310 2000-06-08 2001-06-08 A method relating to copy protection WO2001095073A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2001274723A AU2001274723A1 (en) 2000-06-08 2001-06-08 A method relating to copy protection

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SE0002185A SE0002185D0 (en) 2000-06-08 2000-06-08 A method related to copy protection
SE0002185-7 2000-06-08

Publications (1)

Publication Number Publication Date
WO2001095073A1 true WO2001095073A1 (en) 2001-12-13

Family

ID=20280054

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2001/001310 WO2001095073A1 (en) 2000-06-08 2001-06-08 A method relating to copy protection

Country Status (3)

Country Link
AU (1) AU2001274723A1 (en)
SE (1) SE0002185D0 (en)
WO (1) WO2001095073A1 (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4688169A (en) * 1985-05-30 1987-08-18 Joshi Bhagirath S Computer software security system
US5745568A (en) * 1995-09-15 1998-04-28 Dell Usa, L.P. Method of securing CD-ROM data for retrieval by one machine
US6067622A (en) * 1996-01-02 2000-05-23 Moore; Steven Jerome Software security system using remove function to restrict unauthorized duplicating and installation of an application program
US6134659A (en) * 1998-01-07 2000-10-17 Sprong; Katherine A. Controlled usage software

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4688169A (en) * 1985-05-30 1987-08-18 Joshi Bhagirath S Computer software security system
US5745568A (en) * 1995-09-15 1998-04-28 Dell Usa, L.P. Method of securing CD-ROM data for retrieval by one machine
US6067622A (en) * 1996-01-02 2000-05-23 Moore; Steven Jerome Software security system using remove function to restrict unauthorized duplicating and installation of an application program
US6134659A (en) * 1998-01-07 2000-10-17 Sprong; Katherine A. Controlled usage software

Also Published As

Publication number Publication date
AU2001274723A1 (en) 2001-12-17
SE0002185D0 (en) 2000-06-08

Similar Documents

Publication Publication Date Title
US20020010863A1 (en) Method for protecting software
CA2187014C (en) Method and apparatus for electronic license distribution
US5490216A (en) System for software registration
US6363486B1 (en) Method of controlling usage of software components
EP1243998B1 (en) A technique for license management and online software license enforcement
US7752139B2 (en) Method and system for managing software licenses and reducing unauthorized use of software
CA1292791C (en) Hardware assist for protecting pc software
US6044469A (en) Software publisher or distributor configurable software security mechanism
EP1443381B1 (en) System and method for secure software activation with volume licenses
US6006190A (en) Computer implemented method and a computer system for enforcing software licenses
US20020116632A1 (en) Tamper-resistant computer system
US20020128975A1 (en) Method and apparatus for uniquely and securely loading software to an individual computer
JP2003330560A (en) Method and medium for software application protection using digital rights management (drm) system
JP2003500722A (en) Information protection method and device
US6665797B1 (en) Protection of software again against unauthorized use
US7197144B1 (en) Method and apparatus to authenticate a user's system to prevent unauthorized use of software products distributed to users
WO2001095073A1 (en) A method relating to copy protection
AU765841B2 (en) Software for restricting other software to be used by the rightful user only and method therefor
CA2335298A1 (en) Bait software
JP2004295388A (en) Method for installing and protecting software
WO1999035582A1 (en) A computer software activation system and a method of authenticating computer software
WO2000075758A1 (en) Protection against unauthorized use of software products

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AG AL AM AT AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ CZ DE DE DK DK DM DZ EC EE EE ES FI FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ PL PT RO RU SD SE SG SI SK SK SL TJ TM TR TT TZ UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP