METHOD FOR PROTECTING SOFTWARE

METHODE DE PROTECTION DE LOGICIELS

English Abstract

For safe-guarding that a software package produced by a
manufacturer can be used only by someone acquiring it
together with an individual device ((g1;gz) of the same
manufacturer and for inhibiting the device owner to acquire
further devices of the same type without assuming the
obligation of also having to acquire the software package
which is necessary for each further device, the following
software protecting method is disclosed: The software (sw)
is installed in a computer (pc) of the owner. Each device
(g1;gz) is assigned by the manufacturer an individual
identification word (iw1;iwz) which differs from the respective
identification words of all the other devices. This word is
stored in a nonvolatile memory (m1;mz) of the device. By
means of a processor (pz), a key word (kw1;kwz) is formed
by the manufacturer from the identification word (iw1;iwz)
using an encryption algorithm and the key word is stored in
the memory (m1;mz) of the device. The identification words
are listed, together with the associated key word, in a
database (dbb) of the device owner and in a database (dbh)
of the software manufacturer. Whenever one of the devices
is started up the software checks, whether the identification
word stored in its memory is present in the owner database
and, if so, whether the key word associated with this
identification word is present in the owner database,
if the identification word is not present therein, whether
a correct key word is stored in the device memory. If so,
the software stores the key word and the associated
identification word in the owner database and enables the
electronic control of the device. If not so, the software
creates an error list of those identification words with
which an incorrect key word is associated and does not
enable the electronic control of the device.

French Abstract

L'invention est une méthode de protection de logiciels servant à garantir qu'un progiciel produit par un constructeur donné ne puisse être utilisé par quelqu'un qui en aurait fait l'acquisition avec un dispositif particulier (g1;gz) du même constructeur, et à empêcher le propriétaire de ce dispositif d'acquérir d'autres dispositifs du même type sans faire l'acquisition du progiciel pour chacun de ces autres dispositifs. Dans cette méthode, le logiciel (sw) est installé sur l'ordinateur (PC) du propriétaire. Le constructeur attribue à chaque dispositif (g1;gz) un mot d'identification particulier (iw1;iwz). Ce mot est conservé dans une mémoire non volatile (m1;mz) incorporée au dispositif. En utilisant un processeur (pz), le constructeur forme un mot clé (kw1;kwz) à partir du mot d'identification (iw1;iwz) en se servant d'un algorithme de chiffrement et ce mot clé est stocké dans la mémoire (m1;mz) du dispositif. Les mots d'identification sont listés avec les mots clés connexes dans une base de données (dbb) du propriétaire du dispositif et dans une base de données (dbh) du constructeur du logiciel. Quand l'un des dispositifs est mis en fonction, le logiciel vérifie si le mot d'identification stocké dans sa mémoire se trouve dans la base de données du propriétaire et, si tel est le cas, si le mot clé connexe est présent dans cette même base de données; si le mot clé connexe ne s'y trouve pas, le logiciel vérifie si le mot clé approprié se trouve dans la mémoire du dispositif. Si tel est le cas, le logiciel stocke ce mot clé et le mot d'identification connexe dans la base de données du propriétaire et valide le contrôleur électronique du dispositif. Si le mot clé ne se trouve pas dans la mémoire, le logiciel dresse la liste des mots d'identification auxquels un mot clé incorrect est associé et ne valide pas le contrôleur électronique du dispositif.

Claims

1. A method for protecting software originating from a
manufacturer against unauthorized use, which software
can be used on the basis of an individual use licence
granted by the manufacturer, for an electronic control
of an individual example of devices of an owner which
are of the same type and which originate from the
manufacturer,
is installed in a computer of the owner and
serves to process data which originate from the devices,
which method comprises the following steps:
each device is assigned by the manufacturer an
individual identification word which differs from the
respective identification words of all the other
devices;
the respective identification word is stored in a
nonvolatile memory of the respective device;
by means of a processor, a key word is formed by the
manufacturer from the respective identification word
using an encryption algorithm, which is known only to
him, and the key word is stored in the memory of the
respective device;
the identification words are listed, together with the
respective associated key word, in a database of the
owner of the devices, and in a database of the
manufacturer of the software and of the devices;
whenever one of the devices is started up the software
checks,
whether the identification word stored in the memory
of this device is present in the database of the
owner,

11
if this is the case, whether the key word associated
with this identification word is present in the
database of the owner,
if, on the other hand, the identification word is not
present in the database of the owner or if the key
word present in the database of the owner is incorrect,
whether a correct key word is stored in the memory of
the device;
if this is the case, the software stores the key word,
together with its associated identification word, in the
database of the owner and enables the electronic control
of the device and the processing of the data;
on the other hand, if this is not the case, the software
creates an error list of those identification words with
which an incorrect key word is associated and does not
enable the electronic control of the device and the
processing of the data.
2. A method as claimed in claim 1 wherein a use licence
word is incorporated into the key word.
3. A method as claimed in claim 1 wherein a serial and/or
parallel interface is provided between the devices and the
computer.
4. A method as claimed in claim 1 wherein a manually
controlled data transfer from the devices into an auxiliary
device is provided between the devices and the computer.

Description

CA 02221829 1998-01-21
1 WT 8 US
Method for protecting software
FIELD OF THE lNvk~llON
The invention relates to a method for protecting software,
originating from a manufacturer, against unauthorized use.
BA~.ROUND OF 'lH~ lNV~ ON
US Patent 5,502,831 describes a method for protecting iden-
tical receiving devices (therein referred to as communica-
tion units), originating from a manufacturer, of a communi-
cation system against unauthorized modification, said re-
ceiving devices comprising a plurality of electronic sub-
units (therein referred to as operational platforms), for
example boards with printed circuits or carrier modules
supporting the entire circuitry (therein referred to ~
assembly modules supporting the circuitry) which themselves
contain subsoftware necessary for the functioning of said
receiving devices, for example for a digital signal proces-
sor or for an encryption/decryption processor, which method
comprises the following steps:
Each electronics subunit and each item of partial soft-
ware is assigned by the manufacturer a separate subunit
identification word (therein referred to as unit plat-
form identification code) and a separate partial soft-
ware identification word (therein referred to as serial
number of software program),
an electronic identification word (therein referred to
as communication unit's hardware identification code) is
formed from the subunit identification words of a re-

CA 02221829 1998-01-21
ceiving device, a software identification word (therein
referred to as communication unit's software identifi-
cation code) is formed from the partial software of same
receiving device, and a device identification word
(therein referred to as assembly code for the
communication unit identification code) is formed from
the electronic identification word and the software
identification word, and these words are stored in a
nonvolatile memory of the receiving device,
the device identification words are continuously
transmitted to a database of the manufacturer of the
receiving devices and listed there, and
each modification of a receiving device is detected
owing to the device identification word which has been
changed as a result of the modification.
Therefore, this method, in contrast with the method of the
invention, is merely concerned with the detection and sig-
nalling of unauthorized manipulation of receiving devices
of the communication system, the encryption/decryption
processor being clearly not included in the protection
against unauthorized modifications.
SUMMARY OF THF lNv~llON
In contrast to the above, an object of the invention is
that it should be possible for software, that is to say a
so-called software package, produced by a manufacturer, to
be used by someone acquiring it only together with that
device of the same manufacturer together with which, or for
which, it has been acquired. Therefore and in addition, it
should be impossible for the owner of the device and of the
software package to acquire further devices of the same
type without assuming the obligation of also having to

CA 02221829 1998-01-21
-
acquire the software package which is necessary for each
further device.
The invention starts from the basic idea that this obli-
gation can only be implemented if the system imposes it
automatically, and the invention achieves this in that a
software package which is compatible with a device which
has been acquired is not operational together with another
device, but only becomes so when a further use licence has
been acquired.
Thus, the invention consists in a method for protecting
software originating from a manufacturer against unautho-
rized use, which software
can be used on the basis of an individual use licence
granted by the manufacturer, for an electronic control
of an individual example of devices of an owner which
are of the same type and which originate from the manu-
facturer,
is installed in a computer of the owner and
serves to process data which originate from the devices,
which method comprises the following steps:
each device is assigned by the manufacturer an
individual identification word which differs from the
respective identification words of all the other
devices;
the respective identification word is stored in a
nonvolatile memory of the respective device;
by means of a processor, a key word is formed by the
manufacturer from the respective identification word
using an encryption algorithm, which is known only to
him, and the key word is stored in the memory of the
respective device;
the identification words are listed, together with the
respective associated key word, in a database of the

CA 02221829 1998-01-21
owner of the devices, and in a database of the
manufacturer of the software and of the devices;
whenever one of the devices is started up the software
checks,
whether the identification word stored in the memory
of this device is present in the database of the
owner,
if this is the case, whether the key word associated
with this identification word is present in the
database of the owner,
if, on the other hand, the identification word is not
present in the database of the owner or if the key
word present in the database of the owner is incor-
rect, whether a correct key word is stored in the
memory of the device;
if this is the case, the software stores the key word,
together with its associated identification word, in the
database of the owner and enables the electronic control
of the device and the processing of the data;
on the other hand, if this is not the case, the software
creates an error list of those identification words with
which an incorrect key word is associated and does not
enable the electronic control of the device and the
processing of the data.
According to a development of the invention, a use licence
word is incorporated into the key word.
According to one preferred embodiment of the invention, a
serial and/or parallel interface is provided between the
devices and the computer.
According to another preferred embodiment of the invention,
a manually controlled data transfer from the devices into

CA 02221829 1998-01-21
an auxiliary device is provided between the devices and the
computer.
BRIFF DFSCRIPTION OF TH~ DRAWING
The invention is explained now in greater detail with re-
ference to the Figure in the drawing which shows, in the
manner of a block diagram, the interaction between indi-
vidual components when the method of the invention isproceeding.
DFTAILED DFSCRIPTION OF THF DRAWING
In the Figure, a first device g1 and a last device gz of
any number of devices which are of the same kind, in part-
icular identical, for example measuring devices or record-
ing devices, are illustrated. The devices originate from
the same manufacturer and are positioned for use at the
same owner.
To the delivery of the device also belongs a software sw,
which the manufacturer of the devices has created in its
entirety himself or has tailored to the use together with
the devices by processing standards software. The software
sw runs on a computer pc of the owner of the devices and
serves, inter alia, to control them electronically.
Within the scope of this control, the software permits for
example an exchange of data d between the devices and the
computer pc. The data d are generated by each device on the
basis of any measurements, for example a measurement of
pressure, pH value, temperature, flow rate or gases etc.

CA 02221829 1998-01-21
The interaction of the computer pc with the devices can
take place for example via a serial and/or a parallel
interface ss, that is to say a permanent line connection
which is illustrated in the Figure by unbroken double
arrows.
Another possibility for the data connection between the
devices and the computer pc is also illustrated in the
Figure, but by means of double arrows indicated by broken
lines: the data d are read into an auxiliary device hh from
the devices in situ by manual activation, using a data
carrier which can be written to and read, for example a
cassette recorder. Then, the auxiliary device hh is brought
to the location of the computer pc and the data d are read
into it there via a suitable connection.
The data d can be further processed by the computer pc
using the software sw to display the measured values.
The manufacturer of the devices and of the in-house-
produced software sw has an interest in "his" software
being used only in return for payment, therefore in
ensuring that it can only be used with that device together
with which and for which it has been acquired by the owner
of the device.
An undesired, and thus from the point of view of the manu-
facturer, unauthorized use of the software sw thus occurs
even if the owner of one or more devices which have already
been acquired, for example a device which has been acquired
at a later time, were to be capable of being used by copy-
ing the software of a device which has already been acquir-
ed.

CA 02221829 1998-01-21
The manufacturer of the devices and of the associated soft-
ware sw is therefore compelled to provide each individual
software package associated with a device with a type of
individual use licence. It is therefore necessary to link
the individual device and the software "associated" with it
to one another in such a way that only these two entities
are capable of working together.
This is achieved in accordance with the method of the in-
vention as follows: The manufacturer assigns each device
g1~ g2 an individual identification word iw1, iwz such that
all the identification words differ from one another. Each
device-specific identification word iw1, iwz is stored in a
nonvolatile memory m1, mz of the respective device g1, gz.
In addition, a key word kw1, kwz is formed by the manu-
facturer from the respective identification word iw1, iwz
by means of a processor pz using an encryption algorithm
known only to him, to be kept secret and, therefore, not be
disclosed here. The key word kw1, kwz is likewise stored in
the associated memory m1, mz of the respective device g1,
gz
As an example, an identification word iw1 and an identi-
fication word iwz may read in decimal representation:
iw1 = 123456; iwz = 234561. The respective key words kw1,
kwz could then read: kw1 = 132537495116;
kwz = 253749511671. The latter are generated by inserting
the sum of two adjacent ciphers between them.
According to a development of the invention it is also
possible to include a use licence word in the key word kw1,
kwz. This "incorporation" permits various types or degrees
of use licences, which are oriented for example according
to the complexity of the data processing of the software

CA 02221829 1998-01-21
sw, to be granted. If such gradation is not necessary, the
actual key word formed by means of the encryption algorithm
constitutes the use licence.
Any algorithm which is customary in digital encryption
technology and which for example can be found in subclass
G09C of the International Patent Classification may be used
as the encryption algorithm.
The identification words are also listed, together with the
respective associated use licence word, in a database dbb
of the owner of the devices and in a database dbh of the
manufacturer of the software and of the devices. The data-
base dbb of the owner of the devices is represented sepa-
rately in the Figure, but is of course a subunit of thecomputer pc.
Since the database dbb of the owner of the devices and the
database dbh of the manufacturer of the software and of the
devices are databases independent from another, no data
connection is shown in the Figure.
Whenever one of the devices is started up, the software sw
then checks whether the identification word iw1, iwz stored
in the memory m1, mz of this device g1, gz is present in
the database dbb of the owner. If this is the case, the
software sw subsequently checks whether the key word kw1,
kwz associated with this identification word is present in
the database dbb.
If, on the other hand, the identification word iw1, iwz is
not present in the database dbb or if the key word present
therein is incorrect, the software sw subsequently checks
whether a key word kw1, kwz is stored in the memory m1, mz
of the device. If this is the case, the software sw stores

CA 02221829 1998-01-21
the key word kw1, kwz, together with its associated iden-
tification word iw1, iwz, in the database dbb of the owner
and only now enables the electronic control of the device
and the processing of the data.
If, on the other hand, it is not the case that a key word
kw1, kwz is stored in the memory m1, mz of the device, the
software sw creates an error list fl of those identifica-
tion words iwx, iwy with which in each case an incorrect
key word is associated, and the software sw does not enable
the electronic control of the device and the processing of
the data.
The error list fl thus informs the owner of the devices for
which devices he still has to acquire a use licence. The
error list fl is again a sununit of the computer pc. It can
be conveyed to the manufacturer of the devices in a suit-
able form for ordering the missing use licences.
The error list fl is of use even in the case of partial or
complete data loss of the identification words and the key
words on the part of the owner. In this case, the manu-
facturer of the software sw determines, by comparing the
error list fl with the content of his database dbh, for
which devices use licences had already been acquired, and
grants them anew to the owner of the devices, but free of
charge, for example.

Representative Drawing