Note: Descriptions are shown in the official language in which they were submitted.
CA 02308755 2000-04-19
WO 99121094 PCT/US98/2Z062 _
1
RECONFIGURABLE SECURE HARDWARE APPARATUS..
AND METHOD OF OPERATION
TECHNICAL FIELD OF THE TNVFNTT(~N
This invention relates generally to the field of
computer hardware apparatus configuration and more
specifically to a system and method of programming
and reprogramming a computer hardware apparatus
utilizing an encryption key system.
,0
1
BACKGROUND OF THE NVEIVTTTnm
Computer systems today incorporate and interface
with a growing number of other devices. Ascertaining
with a measure of accuracy that the interface
15 established is between an authorized party or device
is often desirable to ensure proper use of computer
hardware, software and data.
Solutions have been developed to ensure that
data transferred between persons utilizing a computer
20 is only available to authorized parties. One such
method of ensuring proper authorization is public key
cryptography. Public key cryptography utilizes an
encryption key set consisting of two keys. Generally
available software can encrypt computer files using
25 either of the keys, such that the computer files are
inoperable and unreadable until decrypted. Generally
available software can similarly decrypt such
encrypted files as long as a user can provide the
appropriate complement to the key used to encrypt the
30 files.
SUBSTITUTE SHEET (RULE 26y
CA 02308755 2000-04-19
WO 99/21094 PCT/US98/22062
2
Each key in the encryption/decryption key set
' can be used to encrypt data and its complement key
can be used to decrypt data. However, it can be very
difficult and very time consuming to determine one
key in the set from knowledge of the other. This
fact allows a user to make one key of the set public
so that others can use this "public key" to encrypt
messages prior to sending them to the user. The user
keeps the complement, or "private key", secret so
that only the user has the means to decrypt messages
sent by someone using the public key.
Conversely, a user may use the private key to
encrypt a message to be sent to another person. The
message can only be decrypted if the recipient has
access to the public key. In this way, the recipient
can be assured that the author of the message was the
holder of the private key. Additionally, if the
sender of the message has disclosed the public key to
only a small set of recipients, the sender of the
message can be reasonably assured that only the
intended recipients can decrypt the message, provided
that care is taken to limit access to the decryption
key.
Software providers can use this same encryption
technology to control access to software. programs.
By encrypting files with one key, and providing the
other key on a limited basis, software providers can
prevent unauthorized use or copying of their product.
The above solutions, however, only address
controlling access to data or a set of software
objects. They fail to address security issues
SU9ST1TUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99/21094 PCT/US98/22062
3
surrounding computer peripherals and their
interfaces.
One such peripheral is a Personal Computer
Memory Card International Association (PCMCIA) card.
These computer cards meet the minimum compliance
requirements of the PCMCIA standard (which is hereby
incorporated by reference). PCMCIA cards are
typically used to add functionality or memory to a
personal, portable, or desktop computer ;i.e., host
10 computer), as described in the PCMCIA Standard. Many
types cf PCMCIA cards are available, including
input/output (I/O) PCMCIA cards that transfer data
between a host computer system and an I/O bus, and
data acquisition PCMCIA cards. Typically, data
15 acquisition cards receive and digitize analog
information from sensors and temporarily store the
information before transferring it to the host
computer.
A typical PCMCIA card includes a standard PCMCIA
20 connector connected to a PCMCIA interface circuit
through a standard PCMCIA bus. The PCMCIA interface
circuit operates according to the standard PCMCIA
protocol to send data to and receive data from a host
computer. The typical PCMCIA card also may include a
25 PCMCIA card controller that sends data to and
receives data from the PCMCIA interface circuit and
controls the operation of the functional hardware on
the card. For example, if the PCMCIA card is a
memory card, then the functional hardware is memory
30 (e.g., a bank of random access memory (RAM) chips or
SU8ST1TUTE SHE~T (PULE 26)
CA 02308755 2000-04-19
WO 99/21094 PCTIUS98/22062 _
4
a hard disk drive) and the PCMCIA card controller
controls reading and writing to the memory.
PCMCIA card controllers and interface circuits
can be implemented as hardwired logic or as
5 programmable logic (e. g., one or more field
programmable gate arrays (FPGAs). The programmable
architecture of FPGAs is provided through
programmable logic blocks interconnected by a
hierarchy of routing resources. The devices are
10 customized by loading programming data into internal
static rnem~ry cells. FPGA programming data are
design-specific data that define the functional
operation of the FPGA's internal blocks and their
interconnections. Typically, when a PCMCIA card,
15 having the PCMCIA card controller and interface
circuit implemented in an FPGA(s), is inserted in an
operating (i.e., powered) host computer or is
inserted in a powered down host computer that is then
powered-up, the FPGA is programmed with FPGA
20 programming data stored in non-volatile memory (e. g.,
EPROM, EEPROM, Flash memory, etc.) on the PCMCIA
card. However, the memory required to store the FPGA
programming data generally consumes a measurable area
of the PCMCIA card which could be used to provide
25 other functions within the PCMCIA card.
Additionally, since these cards are highly
pilferable, security protocols should be established
to ensure authorized use and programming of these
configurable computer hardware devices, especially if
30 the device is intended to be used for and contains
key information used to protect data or data access.
SUBSTITUTE SHEET' (RULE 26)
CA 02308755 2000-04-19
WO 99/21094 PCT/US98/22062 _
5
Thus there is a need for an improved system and
method of ensuring authorized and secure uselof a
computer hardware apparatus.
There is also a need for an improved system of
5 ensuring authorized and secure programming of
configurable computer hardware apparatus.
Additionally, there is a need for an improved
system of ensuring authorized and secure programming
of re-configurable computer hardware apparatus.
10 There is also need for an improved system of
ensuring authorized and secure communication between
re-configurable computer hardware appara~us and host
computer systems.
Moreover, there is a need for a system of
15 preventing unauthorized execution of software
programs on unauthorized hardware apparatus.
There is also a need for a system that fulf ills
each of the described needs together in a single
system solution.
SUBSTITUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99121094 PCTIUS98/22062 _
6
SUMMARY OF INVENTION
The present invention provides a system and
method for reconfiguring a secure hardware apparatus
in a data-link system, wherein a data link system,
5 comprises a plurality of objects which exchange data,
that substantially eliminates or reduces
disadvantages and problems associated with previously
developed systems and methods for reconfiguring
hardware apparatus.
More specifically, the present invention
provides a system and method of ensuring that a
hardware apparatus in a data-link system can be
operated cr.ly by an authorized user. The method
comprises the steps of assigning a unique number,
15 possibly a serial number, to the hardware apparatus,
generating at least one key or key set for the
hardware apparatus which is based on the unique
serial number of the hardware apparatus, distributing
to an authorized user at least one data string from
which the key set for the hardware apparatus can be
derived to functionally enable the hardware
apparatus, and inputting the data string into the
hardware apparatus to either disable at least one
level of functionality of the hardware apparatus if
25 an incorrect key set is derived from the data string,
or to enable at least one level of functionality of
the hardware apparatus if a correct key set is
derived from the data string.
Additional embodiments of the reconfigurable
30 secure hardware apparatus of the present invention
provide a method and system to ensure that the
SUBSTITUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99/21094 PCT/US98/22062
7
hardware apparatus can be utilized only by an
authorized computer system or group of computer
systems and a method and system for ensuring that the
reconfigurable secure hardware apparatus can be
5 programmed only by an authorized user utilizing an
authorized host computer system.
A further embodiment of the present invention
ensures that neither the reconfigurable secure
hardware apparatus nor the host computer system will
.0 alone have sufficient information to allow a person
who has obtained access to only one of either of the
host computer system or the reconfigurable secure
hardware apparatus to successfully operate the
reconfigurable secure hardware apparatus with another
15 unauthorized computer system.
In a still further embodiment of the present
invention, a portion of an encrypted code is recorded
in a memory location within the reconfiaurable secure
hardware apparatus and another portion cf the
20 encrypted code is recorded in the host computer.
This prevents an unauthorized person who obtains
access to either the reconfigurable secure hardware
apparatus or the host computer database, from
discovering more than a portion of the correlating
25 relationship between an account number and the
related personal serial number. The present
invention also provides for the use of a changeable
personal encryption key stored in a memory location.
A further embodiment of the present invention can
30 store multiple keys, one for each key set encompassed
by the present invention. The storage takes place in
SUBSTITUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99/21094 PCT/US98/22062 _
8
an extension of the standard CIS (Card Information
Structure) storage space of the PC-card.
Accordingly, it is an object of this invention
to substantially improve the security protocols of a
5 computer hardware apparatus. A technical advantage
of the present invention is that it provides a
personal identity verification method wherein only
part of the information necessary to correlate an
account number to characteristic information is
10 available at any one accessible place within the
terminal. system.
Another technical advantage of the present
invention is that it can store an encrypted typed in
password for apparatus operation authorization for
15 the entire device key sets, or additional passwords
for individual key sets, that may be chosen by the
user.
A still further technical advantage of the
present invention is the combination of the ability
20 to prevent softcaare piracy and the ability to allow
secure user communication via accelerated encryption
in a single device.
SUBSTTTUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99/21094 PCTIUS98/22062 _
9
BRIEF DESCRIPTION OF THE D~,B, TW_NCS
A more complete understanding of the present
invention and advantages thereof may be acquired by
referring to the following description taken in
5 conjunction with the accompanying drawings in which
like referAnce numbers indicate like features and
wherein:
FIGURE 1 is a system overview of one embodiment
of the reconfigurable secure hardware apparatus of
the present invention;
FIGURE 2 is a flow diagram of a method of
assigning manufacturing key sets;
FIGURE 3 is « flow diagram of a user
registration process according to one embodiment of
the present invention;
FIGURE 4 is a flow diagram of a method of
registration of software to enable the ~ase of the
reconfigurable secure hardware apparatus of the
present invention for piracy protection;
FIGURE 5 is a description of a method of machine
registration;
FIGURE 6 is a flow diagram of a QARD plug-in
procedure according to one embodiment of the present
invention;
25 FIGURE 7 is a description of a method of
password protection according to one embodiment of
the present invention; and
FIGURE 8 is diagram illustrating an embodiment
of the reconfigurable secure hardware apparatus of
the present invention.
SUBSTITUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99121094 PCT/US98/22062
IO
FIGURE 9 is a diagram illustrating a functional
block of the reconfigurable computer hardware
apparatus.
SUBSTITUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99/21094 PCT/US98l22062
11
DETAILED DESCRIPTION OF THE INVE,NTTON _
Several embodiments of the present =nvention are
described in detail below and in the FIGUREs, =ike
numerals being used to refer to like and
5 corresponding parts of the various drawings.
However, ~,. should be understood that various
changes, substitutions and alterations can be made
hereto without departing from the spirit and scope of
the inventicn.
.0 The present invention can be implemented using
detachable cards teat are operable to be used on
various c~mputi.~.g devices. For example, a detachable
card could be used on a personal computer through a
PCMCIA slot. The following description refers to
i5 detachable cards used for personal computers
(hereafter called "PC-Cards"), but the present
invention can be applied to other types of computing
devices as well.
One example of a PC-Card that could implement
20 the present invention is a reconfiaurabie secure
hardware apparatus, or Reconfigurable-Computing (RC)
card, such as those designed by QUICKFLEX INC., of
Austin, Texas. Quick Qard Technology (QQT? is
comprised of a family of several PC-Card products
25 that allow different software applications to define
the hardware within the PC-Card specific for each
application at the time that it is executed. These
RC PC-Cards are nicknamed "QUICK QARDS" or "QARDS"
and can be used for a variety of standard or custom
30 interfaces, as well as for hardware accelerating
software applications. Applications that can benefit
SUBSTITUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99/21094 PCTIUS98/22061 -
12
from QQT include personal digital assistant
interfaces, PC interfaces, industrial, emulation,
video, audio, encryption, computer games, etc.
The security features of the reconfigurable
5 secure hardware apparatus of the present invention
described herein can be used for access or piracy
protection of third-party software. This third-party
software may be comprised of configuration files of
hardware apparatus for use within the PC-Cards, or
i0 may be aeneral software not targeted to use the
reconfigurable computing aspects of the PC-Cards.
The securit~~ features of the present invention can be
implemented as a security system that can be adapted
to other types of implementations beyond the QQT
15 products.
Protection of files containing documents, data,
executable code, interpretive code or other
intellectual property or information which must be
protected is achievable using the described security
20 features of the present invention. Protection can be
achieved by the use of various sets of public keys.
Half of each of the public key sets are stored in the
PC-card, which is detachable and thus physically
protectable, and half can be stored on the host
25 computer system. Additional security levels of
flexible software defined adaptable
encryption/decryption algorithms and flexible
reconfigurable hardware implementable
encryption/decryption algorithms can be implemented
30 within the reconfigurable computing PC-card that
allow for customization of the security features.
SUBSTtTUTE SHEET (RULE 2B)
CA 02308755 2000-04-19
WO 99121094 PCTIUS98/22062 -
I3
For purposes of a complete understanding of
the scope of the present invention, although
reference is made to encryption/decryption
algorithms, it should be clear that these are
algorithms that are implemented in the reconfigurable
computing functional circuits described more
completely below for the purpose of hardware
accelerating said algorithms. This may be separate
from 'check word' algorithms implemented for the
10 purpose of enabling the different levels of security.
The later is used to enable the present invention to
perform the final functionality of the reconfigurable
computing platform for the device.
FIGURE 1 shows a system overview of one
15 embodiment of the present invention that provides
protections for information in any form, whether to
be kept internal or to be shipped externally, for
individual users, groups of users and organizations.
FIGURE 1 demonstrates how Quick Qards 1, when used
20 with Anti-Piracy Software 3 and/or Communications &
Data Security software 5, result in a Secure Qard
system 7. This Secure Qard system 7 can be further
used with encryption/decryption key management and
authentication software 9 to form an overall Quick
25 Secure system 11.
FIGURE 2 is a flow diagram for a method of
assigning unique manufacturing key sets 30 to
individual hardware apparatuses 34. Manufacturing
key sets 30 can be used to ensure authorized feature
30 enablement of the various features offered by Quick
Secure system 11 of FIGURE 1. At step 14 of
SUBSTTtUTE SHEET (RUtE 26)
CA 02308755 2000-04-19
WO 99/21094 PCT/US98/22062
14
FIGURE 4, a unique manufacturing serial number 32 is
assigned to each hardware apparatus 34 at
manufacture. Unique manufacturing serial number 32
is programmed into the CIS non-volitile memory at
manufacturing. The seed value for generating
manufacturing key set 30 can be based on unique
manufacturing serial number 32 or can be derived by a
variety of other methods or algorithms. Step 15 of
FIGURE 2 corresponds to manufacturing key set 30
being generated from unique manufacturing serial
number 32. Manufacturing key set 30 is the first of
the multiple key sets used by the reconfigurable
secure hardware apparatus of the present invention
and may be referred to as level-zero key set (LOKS)
36 as shown in step 16. Manufacturing key set 30 can
be generated and programmed into hardware apparatus
34 at the time it is manufactured. LOKS 36 comprises
an encryption key (LOEK) 38 and decryption key (LODK)
40.
20 At step 18 of FIGURE 2 the unique manufacturing
serial number 32 and the LODK 40 for a group of
manufactured hardware apparatuses can be stored in
step 18 in list file 42 for future use. Step 20
creates a registry data file 43 which comprises
unique manufacturing serial number 32 and LOEK 38.
Registry data file 43 complements list file 42 in
that LODK 40 and LOEK 38 must both be used to enable
hardware apparatus 34. Registry data file 43 should
be stored in a remote location from hardware
30 apparatus 34 to be accessed by the end user at a
later time. This remote location may include a
SUBSTITUTE SHEET (RULE 28)
CA 02308755 2000-04-19
WO 99/21094 PCT/US98122062
remote host computer system 86 as shown in step -50 of
FIGURE 3 which may be accessed via a communication
path such as the Internet.
It should be noted that a list of serial numbers
5 and key list for programming into the hardware
apparatus could just as easily be generated in
advance and given to the manufacturer so that
generation of the information is no done on the site
of a contract manufacturer who has no need for
0 knowledge cf the information that is not to be
programmed into the physical hardware apparatus. At
step 22, each hardware apparatus 34 is assigned a
unique barcode 45 for manufacturing tracking
purposes. Barcode 45 may be incorporated into list
1S file 42 and made to correspond to a particular unique
serial number 32 and LODK 40 combination. Barcode 45
will ensure that the correct manufacturing serial
number 32 and LODK 40 pair are programmed into
hardware apparatus 34 during testing of hardware
apparatus 34 in step 24. Following testing, hardware
apparatus 34 can be packaged in step 26 with a
certificate 46 containing the unique manufacturing
serial number 32, LODK 40 and barcode 45. This will
allow a hardware apparatus 34 designer to ensure that
25 a hardware apparatus 34 registered after purchase was
authorized for manufacture by the designer to prevent
manufacture of copies of the design by an
unauthorized manufacturing house. In step 28 the
product is shipped.
30 During product registration and enablement,
which can occur by mail, e-mail, or other electronic
SUBSTITUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99/Z1094 PCT/US98/22062
16
means, unique manufacturing serial number 32 and LOEK
38 (or the manufacturing encryption public key of the
set) can be given back to the card designer. This
allows the registration information to be checked
5 against registry data file 43 (which comprises a list
of approved manufactured PC-Cards) for validity.
Also, a card designer can ascertain if a given PC-
Card has been previously registered to insure that no
un-authorized PC-Card copies with copies of the CIS
.0 are being manufactured, as each PC-Card should have a
unique code.
FIGURE 3 illustrates one potential registration
process for the present invention. In step SO a
communication data patr. is established between a
15 local computer system 84 and a host computer system
86 wherein hardware apparatus 34 is installed in the
local computer system 84. The communication data
path may take the form of an Internet connection to a
"QUICKFLEX" website. A software object operating
20 within host computer system 86 may offer the user a
variety of options concerning hardware apparatus 34
wherein the user can select to register the hardware
apparatus 34 with the designer in step 52.
Step 54 of FIGURE 3 corresponds to a
25 registration process that can require the user to
supply registration information 88 comprising name,
email address, information regarding where the
hardware apparatus 34 was purchased, and the like.
This will allow tracing back to the source of
30 unauthorized hardware apparatus 34 manufacturing.
Most importantly, the user will be prompted to supply
SUBSTITUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99/21094 PCT/US98I22062 _
17
either a certificate number which corresponds to.
barcode 45 of FIGURE 2 or to unique manufacturing
serial number 32 and LODK 40.
In step 56 a check is performed to determine if
5 hardware apparatus 34 support software 90 is
installed on local computer system 84. 3ased on the
results of this check a decision is made in step 58
to either download and install the necessary software
support 90 at step 60 or to proceed to step 62. Step
10 62 provides for establishing a secure link 92 between
hardware apparatus 34 and host computer system 86 i~
software 90 is present on local computer system 84.
Secure ?ink 92 provides for the transfer of unique
manufacturing serial number 32 and LODK 40 from a
15 programmed memory location within hardware apparatus
34 to host computer system 86.
At step 64 of FIGURE 3 the user is required to
manually enter barcode 45 or the unique manufacturing
serial number 32 and LODK 40 pair. At step 66, a
20 verification is performed on manually entered barcode
45 or unique manufacturing serial number 32 and LODK
40 pair against a copy of unique manufacturing serial
number 32 and LODK 40 transferred from a programmed
memory location within hardware apparatus 34. If the
25 verification fails the user is prompted with an error
message at steep 68 to return to registration data
entry process step 54. If the verification is
successful, additional verifications are made in step
70 to verify that unique manufacturing serial number
30 32 is contained within registry data file 43 and in
step 72 to verify that hardware apparatus 34 has not
SUBSTITUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99/21094 PCTIITS98/22062 _
18
been previously registered. Any problems associated
.
with these verifications force the user ~o contact
the designers concerning the registration error as
shown in step 74 so that the problem can be
identified and resolved.
Registry data file 45 is updated in step 76 of
FIGURE 3 to include the information associated with
unique manufacturing serial number provided in step
54. To further prevent misappropriation or
10 unauthorized use of hardware apparatus 34, step 78
generates a new LCKS 36 comprising a new LODK 40 and
a new LOEK 33. At step 80, a secure link is again
established between hardware apparatus 34 and host
computer system 86 allowing host computer system 86
to reprogram new LODK 40 into a memory location of
hardware apparatus 34. A new LOEK 38 is also
downloaded to the user that can be recorded on
certificate 46 or programmed directly into a memory
location of hardware apparatus 34. Registry data
file 43 is also updated with the new LOKS 36 in step
82.
An important technical advantage associated with
the present invention allows a software vendor to
prevent unauthorized use of its proprietary software.
Software or configuration file vendors or authors can
use the LOKS 36 encryption key for providing an
access code for licensing or allowing their
Intellectual Property (IP) contained in virtual
hardware objects for the RC system to be accessed by
30 one and only one Secure Qard user. They may also
limit the time span in which their IP is accessible
SUBSTITUTE SHEET (RULE 28)
CA 02308755 2000-04-19
WO 99/21094 PCTIUS98/22062
19
or limit the number of times their IP is accessible
to the user with other security provisicns. Vendors
can also use an on-line card designer's public key
listing of users, provided that users allow this at
S registration time, to verify that a given user is
registered for utilizing the secure authorization
code.
FIGURE 4 is a flow diagram of a method of
registration of software to enable the ~~;se of the
i0 current inventicn for software piracy protection.
The user establishes a communication path in step 90
via the Internet or other means between local
computer syrstem 84 containing hardware apparatus 34
and a vendor (host) computer system 86. In step 92,
15 the user is prompted by software vendor computer
system 86 to select an option allowing the user to
register a software application 434. Step 94
requires the user to supply registration information
120 which may be comprised of name, emaii address,
20 information regarding where software application 434
was purchased, the unique software registration
number 124 and the like to vendor computer system 86.
Vendor computer system 86 can access unique
manufacturing serial number 32 of hardware apparatus
25 34 directly from a memory location within hardware
apparatus 34 as shown in step 96. In step 98, vendor
computer system 86 establishes a communication path
to software registry database 122. Software registry
database 122 may be contained in a third computer
30 system 424 and can comprise a website, such as
QUICKFLEX INC.'s registry website. At step 102,
SUBSTITUTE SHEET tRULE 26)
CA 02308755 2000-04-19
WO 99121094 PCT/ITS981Z2062 _
20
unique software registration number 124 ~.s submitted
to the third computer system 424 software registry
database 122.
In step 104 unique software registration number
5 124 is compared to the entries in software registry
database 122 to determine if it is a valid unique
software registration number 124. If unique software
registration number 124 is not valid, an error
message will be generated at step 106 that is echoed
10 by ;rendor computer system 86 to the user in step 108.
If unique software registration number '_24 is valid,
vendor computer system 86 can supply a software
authorization code 326 in step 110 to be sent to
third computer system 424.
15 At step 112, third computer system 424 generates
a software run code 128 for hardware apparatus 34.
Software run code 128 is transmitted to vendor
computer system 86 which echoes it to hardware
apparatus 34. Software run code 128 can allow the
20 vendor software to be installed on the ocal computer
system or the vendor software can verify the presence
of software run code 128 on hardware apparatus 34
before executing the vendor software. Both the
authorized installation of the vendor software on a
25 given local computer system 32 and the authorized
execution of the vendor software are thus ensured.
At step 116, a counter 750 counts upward by one
for each software run code 128 sent to vendor
computer system 86 to account for possible royalty
30 payments. In step 118, software vendor computer
SUBSTITUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99/21094 PCT/US9$/22062
21
system 86 sets a license in place for the user to use
the software.
An important technical advantage associated with
the present invention allows hardware apparatus 34 to
5 be operated not only by a specific user but also only
on a specific local computer system 84. vocal
computer system 84 may comprise a group of individual
computers. FIGURE 5 is a method of ensuring that
hardware apparatus 34 is utilized only by authorized
10 local computer systems 84. FIGURE 5 uses the QUICK
QARD system of FIGURE 1 for illustrative purposes,
but any secure hardware apparatus, reccnfigurable or
not, of the present invention can be used instead.
Support software 90 of hardware apparatus 34 is
15 installed and executed on the local computer system
84. A communication path is established between
hardware apparatus 34 and local computer system 84.
A verification is made to determine if hardware
apparatus 34 is password protected. If so, a valid
20 password must be supplied before proceeding. Support
software.90 will verify if unique manufacturing
serial number 32 of hardware apparatus 34 is in a
registry list 130 maintained on local computer system
84. If unique manufacturing serial number 32 of
25 hardware apparatus 34 is not in registry list 130,
the user must register hardware apparatus 34. The
list of authorized host ID's permutated with the
unique serial number or key set information could
also be stored within the EEPROM memory of the
30 apparatus for allowing apparatus enabling on a
SU8ST1TUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99/21094 PCT/IJS98I22062
22
particular machine as well. In this case the host IE
must be registered with the apparatus.
One such registration method is described in
FIGURE 5. Both software and hardware must be
5 installed and registered for each computer in local
computer system 84. This feature allows a PC-Card to
be locked for use on one or a group of r-,achines.
Registration with a card designer can insure that if
a LOEK 3B certificate or a password is forgotten or
10 lost, the PC-Card can be reprogrammed to erase the
password and create a new manufacturing LOKS 36 for
the PC-Card, or to program a recoverable SN & Keyset
on the registered user's request. This -insures that
no encrypted data may be compromised.
15 Memory space in the CIS memory device can be
made available for the purpose of holding an
encrypted password defined by the user. In such
fashion, the present invention can insure that the
PC-Card is only used by that user. This memory space
20 can be left cleared at test (all zero's; and can be
enabled for password protection if the purchaser
decides to activate that feature. Users may define
any password they wish and the entry can then be
encrypted using the LOEK 38 that resides on the
25 machine during the initial setup of the. PC-Card after
purchase. When password checks are made, the
encrypted password programmed into the PC-Card can be
decrypted using LODK 40 and can be checked against
the typed in value.
30 PC-Cards implementing the current invention can
also be configured to only execute on a specific
SUBSTITUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99/21094 PCT/US98I22062 _
23
machine or group of machines with the use of _
passwords, thus making the PC-Card hardware of little
use in the event it is stolen. FIGURE 5 provides a
detailed description of one method of machine
registration.
FIGURE 6 is a flow diagram of a QARD plug-in
procedure according to one embodiment oz the present
invention. Ir. step 150, hardware apparatus 34 is
installed in a local computer system 84. A check is
10 performed in step 152 to determine the presence in
local computer system 84 of the necessary support
software 90. If support software 90 is not present,
the QARD plug-ir. procedure terminates and the support
software 90 must be installed before resuming with
the QARD plug-in procedure.
Hardware apparatus 34 may be protected by a
password and step 154 tests to determine if password
protection is enabled. If password protection is
enabled, the password must be provided -n step 156.
20 At step I58 the provided password is encrypted using
LOEK 38. If the provided password matches the
password stored in a memory location on hardware
apparatus 34, then at step 160 the plug in procedure
is allowed to proceed. Furthermore, hardware
25 apparatus 34 may be protected by a verification step,
to verify authorization by local computer system 84,
requiring the input of a match to unique serial
number 174 provided by local computer system 84 (such
as by a hard disk drive serial number). Hardware
30 apparatus 34's use is not permitted unless the unique
serial number 174 inputted at step 162 matches the
SUHSTiTUTE SHEET tRULE 26)
CA 02308755 2000-04-19
WO 99/21094 PCT1US98/22062
24
unique serial number 174 stored in local computer
system 84. Step 164 determines if the inputted
serial :umber 174 is a match. If it is, than the
QARD plug-in procedure is complete.
5 Unique serial number 174 is generated during the
user registration process as described above for
FIGURE 3. It can be stored either in hardware
apparatus 34 memory or in local computer system 84
memory. If unique serial number 174 does not match
w0 at step 164, then the user registration process of
FIGURE 3 must be performed in steps 168-172 of FIGURE
5 to complete the QARD plug in procedure.
FIGURE 7 is a description of a method of
password protection according to one embodiment of
15 the present invention which additionally is
illustrated as part of the flow diagram presented in
FIGURE 6. Steps 1S4-160 of FIGURE 6 correspond to
this method of password protection.
FIGURE 8 illustrates another embodiment of the
20 reconfigurable secure hardware apparatus of the
present invention. Reconfigurable hardware apparatus
100 interfaces with a host computer system 200 or
with another hardware apparatus. Reconfigurable
hardware apparatus 100 may be divided into three
25 modules, a configuration control module 300, a
configuration status module 400 and a functional
module 500. Host computer system 200 interfaces with
reconfigurable hardware apparatus 100 by way of data
input/output bus 202. Input/output bus 202 is shown
30 accessing four control data registers, 304a, 304b,
304c and 304d, inside configuration control module
suesr~u~ sHeFr ~AUC.s 2s~
CA 02308755 2000-04-19
WO 99121094 PCTIUS98/22062
300 and two status data registers, 306a and 306b_,
inside configuration status module 400. Control data
registers 304a-304d provide a temporary storage
location for data transmitted or received from data
5 input/output bus 202. While this embodiment of the
reconfigurable secure hardware apparatus of the
present invention has been described with four data
registers, it can have more or less registers, as
needed.
.0 Code Generator (CG) 310 accepts input data from
data register 304b to generate a check data word.
The check data word generated by CG 310 can be LOKS
36. Multiple generated check words can be generated
for different security features for enabling the
15 separate security features of the invention. Since
the features described are security related, a
process or algorithm for generating the check data
words should be kept as a trade secret for an
organization producing reconfigurable hardware
20 apparatus 100. The process chosen should yield as
output check data words that are not easily
determined from the input data to the process, which
could be comprised of manufacturing serial number 32,
and should have properties that output a pseudo-
25 random sequence that is sufficient in length to not
easily be guessed by trial and error.
The embodiment of the reconfigurable secure
hardware apparatus of the present invention described
herein is only one of many possible implementations
30 and is provided for illustrative purposes only. The
focus of this embodiment of the present invention is
SUBSTITUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99/21094 PCT/CTS98/22062
26
the way in which CG 310 is used to realize the
security features described. The check data words
outputted by CG 310 can be checked with code
comparator (CC) 312 against an input check value
5 stored in data registers 304c and 304d, which
together comprise the Code Check Register (CCR) 314.
The input check value stored in CCR 314 can be
comprised oz LOEK 38 and LODK 40 and can also be user
inputted. CCR 314 can be a register having a length
20 equal to the iengLh of the CG 310 check data word
output and can be written to allow an authorization
check of the reconfigurable hardware apparatus 100
feature being used. Longer check data words may
require multiple CCRs 314 if they extend beyond the
15 host computer system 200 data bus width. The values
written to CCR 314 may be provided in several
different manners depending on what feature of
reconfigurable hardware apparatus 100 is being
authorized.
20 CC 312 performs a bit-by-bit check of the CG 310
check data word output and the entered CCR 314 value
to determine if the feature authorization check
passes or fails. If the feature authorization check
passes, CC 312 generates a high digital bit output (a
25 digital "1") and forwards it to configuration and
control gates 318, which is comprised of a plurality
of "AND" logic gates 700 corresponding to the
plurality of features of reconfigurable hardware
apparatus 100. These features include, but are not
30 limited to, product enable check 319, HDD ID enable
SU6ST~TUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99121094 PCT/US98/22062 _
27
Check 320, Flash write enable 322, password enable
324 and Configuration File Vendor Enable 326.
Control register 316 receives an input from host
computer system 200 through data registers 304a and
304b to select one or more of the features of
reconfigurable hardware apparatus 100. Based on the
input received from data registers 304a and 304b,
control register 316 will generate a high digital bit
output (""'; as an input for the selected features
10 and a low digital bit output ("0"? as an input for
alI the other features. The AND gates 700 for the
selected features will therefore have two high
digital b=t inputs and will output a high digital bit
as an input to their corresponding pull-down
15 resistors 350 in configuration status module 400,
thereby allowing access to the corresponding feature
in functionality circuit 500 as directed by host
computer system 200. The pull down resistors are
necessary _~ it is possible that the Security Login
20 Module 300 disappears due to the module being
implemented within the FPGA of the RC hardware
apparatus 100.
In this manner, configuration status module 400
can be instructed to reprogram and enable the various
25 features of functionality circuit 500 depending on
which features are so selected. Functional Module
500 may receive virtual hardware objects for
performing applications specific tasks within the
reconfigurable computing hardware apparatus FPGA.
30 Additionally, status data registers 306a and 306b can
interface with host computer system 200 through data
SUBSTITUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99/21094 PCT/US981Z2062
28
input/output bus 202 to communicate the configuration
of functionality circuit 500 to host computer system
200.
Representative input check value sources for the
5 various features of reconfigurable secure hardware
apparatus 100 for the various embodiments of the
present invention are shown in the following table:
Security Feature: CCR 14 Source:
Product Operation finable 1 portion cf Product
Enable Cert=~icate Code
(After 1st authorization,
the code is programmed
into FLASH memory of the
hardware apparatus for
automated driver access)
New Machine Operation 2nd portion of Product
Registration Enable Cert'_yicate Code
(never programmed into
FLASH memorr of t he
hardware apparatus, always
required to be typed in)
Machine Operation Enable Read by driver from a list
of HDD codes entered in
FLASH memory of the
hardware apparatus and
each checked until a match
is found or the list is
exhausted. The HDD ID's
are obtainable by reading
this list, as the values
are the results of CG's of
SUBSTITUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99121094 PCT/US98/22062
29
previously authoriz~d~
machines.
Password Operation Enable
Read by the driver from
the FLASH attribute memory
and programmed into the
CCR. The password is not
obtainable =rpm looking at
the CG result of the
password.
Anti-Piracy Operation Written by application
Enable (this feature may software program
contain. a vendor defined
specific CG different from
what is used in QQT
features)
FIGURE 9 provides a functional block diagram 400
of the reconfigurable computing hardware apparatus
used to illustrate the reconfigurable computing
5 operations that the present invention makes possible.
EEPROM 410 provides CIS memory, key memory, and
password storage functions. Programmable Logic Device
420, which may be an application specific integrated
circuit provides interface/configuration/and status
10 register functions. In addition, the security feature
circuit (block 300, FIGURE 8), which may be within
FPGA 420 or within PLD configuration register 430,
provides the necessary implementation for these
functions. Field programmable gate array 420
SUBSTITUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99/21094 PCTIUS98I22062
implements security feature circuit functions of the
present embodiment. Either a programmable logic
device or field programmable gate array 420 may make
possible the reconfigurable computing functional
5 circuits. Virtual hardware objects 500 of FIGURE 8,
attentively, may also provide Chese functions. Host
bus interface socket 440 includes a 68-pin PCMCIA
connector. Other components of FIGURE 9, including
the various generic items such as oscillators 450,
10 expansion connectors 460 and 470, RAM 480, or other
features provide the ability to apply the
reconfigurable computing to a desired application.
The _o~liowina paragraphs provide a descr~.ption
of several additional features and terms fcr the
15 different embodiments of the reconfigurable secure
hardware apparatus of the present invention and their
operation.
20 Level -One :Cey set . ; ~~ x. ~ ~ ~Jser Publ~ c KPv
A L1KS space can be provided for a user to
generate and define a key set specific for that user
which is not registered with the card designer and is
kept secret by the user. The L1KS can be stored just
25 like LOKS 36. Password space for a level-one
password (L1PW) can also be allocated in the CIS and
can execute in the same manner as the level-zero
password (LOPW) .
The LIKS can be generated by the user and thus
30 there are no guarantees that the code is unique. The
bit length can be long enough, however, to insure
SU6STtTUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99/Z1094 PCT/US98/22062
31
that it is improbable that the key set is in use by
,
another user. The bit length of this ke~r can differ
in length from LOKS 36. The user public key _s a
secure key set and may be changed by the user over
time.
This key is useful when the information is
intended only for the user. Even so, however, a
further advantage of the present invention is that
several PC-Cards may be programmed with the same LiKS
10 for project sharing access. The key set for the
group could be common to all PC-Cards used by the
group. An example of usage of this key is for
encrypting and decrypting information regardi:.g a
common project where access is required by multiple
15 project members. Members of the group may be local
or remote and may securely exchange data utilizing
this key.
Additional Key sets
The present invention contemplates that the
number of key sets can be expanded beyond the two
sets defined in the above sections.
File Header Information
This section describes how one embodiment of the
present invention uses header information of an
encrypted file which utilizes the security features
of the present invention.
SUBSTITUTE SHEET (RULE 2B)
CA 02308755 2000-04-19
WO 99/21094 PCT/US98/22062
32
A file header can contain the following -_
information in addition to the normal file header
information normally found in files for a particular
operating system. The present embodiment could wrap
this additional header information around the
information indicated.
The following is a description of an embodiment
of the present invention implemented USING a QQT card
of QUICKFLEX INC. with two encryption levels.
QQTSL: (0,1) Quick PC-Card Technology
Security Level 0 or 1
KIND Kind of file
AN The name of the encryption
algorithm used in encrypting
the file.
LnEK Level-n Encryption Key used
for encrypting the file
EMD Encrypted Message Data
EFD Encrypted File Data
OOTSL ( 1 or 1 ) : QUICK P~'-Ca;r~ Technology SP,~ur
Level 0 or 1:
This information can indicate the security level
of the key used for the encryption process. QQTSLO
and QQTSL1 correspond to the LOKS and L1KS,
respectively, used in the PC-Card.
KIND: Kind of File
This information indicates one of the following
kinds of files:
SUHST1TUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99/Z1094 PGT/US98/22062 _
33
QQT: model Quick PC-Card Technology
configuration file for
specified PC-Card model.
EXE: type Executable file for defined
type of machine and operating
system.
OTHER Other kind of file.
The QQT PCMCIA driver during a configuration
load can automatically decrypt QQT files using the
.. specified algorithm. During the load process by an
application program, information in the file for a
window message can be displayed indicating
information the author wishes to be displayed and the
user must respond to the window to continue
10 execution. Notices such as "QQT Module: name ~.s the
property of Company XYZ and may not be sold or
distributed without the prior written consent of
Company XYZ". This enables the author to freely
distribute hardware apparatuses for PC-Cards,
15 allowing possible developers who may be interested in
licensing the hardware apparatuss the ability to
evaluate the work prior to agreeing to license rights
to the work. Encrypted configuration files may be
encrypted for use only with certain PC-Cards to
20 protect against mass unauthorized distribution of the
intellectual property. Generation of unique
encrypted hardware apparatuss for target evaluation
PC-Cards can be done automatically and transparently
through a web site. The requesting party can be
SUBSTtTUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99/21094 PCT/US98I22062 _
34
required to have a PC-Card and register the PC-Card
at the site in order to build an encrypted
configuration file of the hardware apparatus for
evaluation purposes.
5
AN: Algorithm Name
Encryption algorithms used to encrypt or decrypt
files can be changed over time. Groups of users or a
software vendor may develop their own custom
10 algorithm. Algorithms may be executed as software or
as hardware within a RC PC-Card, provided the RC PC-
Card has enough gate capacity to execute the defined
algorithm in hardware. For example, the QQT driver
has a default algorithm built into it that is
15 executed in software as data is passed through the
PC-Card for configuration file protection purposes.
Algorithms utilizing run time authorization
codes, date expiration codes, or other access limits
may utilize additional external information other
20 than that found in the encrypted file Lhat needs to
be supplied by the source of the encrypted data for
access.
suesTiru~ sHFF-r tRU~ Zs~
CA 02308755 2000-04-19
WO 99121094 PCT/US98/22062
Level i 0 or 1 ) En ryt~t i ~~n K
This information is the Public Key encryption
Key used for encrypting the file. This key can be
originally supplied by a receiver and made public.
5 The key length can be derived from the QQT SECURE
FILE indication on the first line. It is included in
the file so that an easy and fast determination of
the target destination for the data can be verified.
i0 FMD: ~'ncr;.Tpted Message Data
The EMD contains information regarding the
contents o= the file that may be decrypted and looked
at quicklfT without decrypting the entire EFD. For
example, the EMD for a QQT configuration file is
15 displayed in a window whenever the file is loaded.
Certain algorithms may also utilize the ~MD to
transmit an additional encrypted key for decr~~pting
the EFD with a non -public key algorithm. In other
words, the security system may use public key to
20 secretly transmit a separate secure key.
OFD: Encry~ted Fi1_e Data
The EFD contains the encrypted file data
including original operating system header
25 information.
Purchased Autho_r,_'zat,_'ons of Software
An additional technical advantage the present
invention is to allow flexibility for software
30 distributors. For example, the software distributor
could freely distribute software or provide the
SUBSTITUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99/21094 PCTNS98/22062
35
software in a freely downloadable format to the_
public, but in order for the software to be executed,
a valid authorization code must be present. The
software vendor could create an authorization code
5 that corresponds to a specific PC-Card encompassing
the present invention. Just as configuration files
for the PC-Cards can be obtained via a web page,
authorization codes to run software can be purchased
via a web page. Each user would need only one PC-
~0 Card to allow authorization of running any software
utilizing r_he piracy aspects of the invention. Each
software vendor may also define their own algorithms
for protecting their software using the PC-Cards. A
machine could run the software as long as the
15 authorization codes for the particular QARD used in
this system is present to validate the execution of
the software. A further embodiment of the invention
would allow a database of authorized QARD users to be
made available to software vendors.
20 A further embodiment of the invention cculd use
RC aspects of a PC-Card in order to allow the user to
define hardware encryption / decryption algorithms
that could be changed over time.
Although the present invention has been
25 described in detail herein with reference to the
illustrative embodiments, it should be unders~ood
that the description is by way of example only and is
not to be construed in a limiting sense. It is to be
further understood, therefore, that numerous changes
30 in the details of the embodiments of the invention
and additional embodiments of the invention will be
SU6STITUTE SHEET (RULE 26)
CA 02308755 2000-04-19
WO 99/21094 PCTNS98/22062
37
apparent to, and may be made by, persons of ordinary
skill in the art having reference to this
descriFtion. It is contemplated that all such
changes and additional embodiments are within the
5 spirit and true scope of the invention as claimed
below.
SUBSTITUTE SHEET (RULE 28)
