WO1996018951A1 - Methods and apparatus for protection of executable programs, libraries and data - Google Patents

Methods and apparatus for protection of executable programs, libraries and data Download PDF

Info

Publication number
WO1996018951A1
WO1996018951A1 PCT/AU1995/000836 AU9500836W WO9618951A1 WO 1996018951 A1 WO1996018951 A1 WO 1996018951A1 AU 9500836 W AU9500836 W AU 9500836W WO 9618951 A1 WO9618951 A1 WO 9618951A1
Authority
WO
WIPO (PCT)
Prior art keywords
program
execution
installation
encrypted
original executable
Prior art date
Application number
PCT/AU1995/000836
Other languages
French (fr)
Inventor
Alexander Atkinson Dunn
Original Assignee
Alexander Atkinson Dunn
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alexander Atkinson Dunn filed Critical Alexander Atkinson Dunn
Priority to AU42497/96A priority Critical patent/AU695468B2/en
Publication of WO1996018951A1 publication Critical patent/WO1996018951A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/125Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code

Definitions

  • This invention relates to the protection of computer programs. It is particularly, but not exclusively, concerned with protecting executable programs, dynamic link libraries and data included in computer programs from unauthorised use or copying thereof.
  • Modern computer software is frequently supplied in a form which can readily be copied.
  • the absence of means of protection has hitherto had a major effect on software development and its distribution. It is therefore desirable to provide a means of protecting software whereby the software may be executed in a particular target computer environment in such a manner that it cannot be propagated to further computer environments.
  • a method of protecting a computer program from copying comprising the steps of: encrypting an original executable program to produce an encrypted version of said original executable program; compiling an execution program for producing a decrypted image of the original executable program from said encrypted version of the original executable program; providing installation means for installing the execution program and said encrypted version of the original executable program into a target environment, wherein the execution program includes at least one section of said encrypted version of the original executable program and the decrypted image of the original executable program can only be run in a target environment which has been installed with said execution program by said installation means.
  • the execution program may include an entire encrypted version of the original executable program, but more conveniently the execution program incorporates only an encrypted section of the original executable program, with remaining sections of the original executable program being distributed to a user. In the latter case, since at least one section of the original executable program is included in the execution program, an unauthorised person who only obtains access to the remaining sections is prevented from reconstructing the original executable program.
  • the remaining program sections may be unencrypted, but preferably they are partially or wholly encrypted for greater security.
  • the installation means preferably includes an installation program which interacts with or incorporates part or all of the execution program whereby the installation program is arranged to create a modified execution program capable of reconstructing an image of the original executable file from the encrypted program section or sections.
  • the installation program may be arranged to be self-destructive or to be destroyed while it is run once to create the modified execution program.
  • the installation means may include a distribution program configured to install the installation program and execution program in a target computer environment.
  • the installation means, execution program and encrypted executable program may be distributed to users by any convenient means, for example either individually or collectively on data storage media such as disks, read-only memory, CD-roms, or by transmission media such as by satellite or radio-transmission or fibre optic cable.
  • the execution program, the installation program and/or the distribution program may include configuration data relating to the target environment in which the execution program is to be run and/or to the media used to distribute the programs to users.
  • the present invention therefore provides a versatile system in which the distribution of executable programs to users can be controlled with the installation means being tailored to the target environment in which the executable program is to be run and/or to the source environment for supplying the programs to users.
  • apparatus for manufacturing encrypted software comprising encryption means to encrypt an original executable program to produce an encrypted version of the original executable program; execution program compilation means to compile an execution program for decrypting said encrypted version of the original executable program; installation program compilation means to compile an installation program for installing the execution program and said encrypted version of the original executable program in a target computer environment; wherein the installation program is arranged to interact with the execution program in such a manner that the execution program is not able to decrypt said encrypted version of the original executable program to produce a useful decrypted image of the original program unless the installation program has been run in the target computer environment.
  • the apparatus for manufacturing the encrypted software comprises a computer which includes encryption compilation means to produce an encryption program for encrypting data from the original program to produce one or more encrypted program sections. At least one of said encrypted program sections may be input to the execution program compilation means to be included in the execution program. In one form of the invention, the entire encrypted version of the original executable program may be input to the execution program compilation means to be included in the execution program. Alternatively, one or more of encrypted program sections may be included in the execution program with at least one further program section being stored in a file of program sections.
  • the encryption program compilation means preferably uses random or pseudo-random data produced by a random data generator in order to encrypt the program sections. As used herein, the term "encryption" encompasses within its scope encoding, expansion or compression such that subsequent decoding, compression or expansion is required to produce the executable decrypted image of the original program.
  • the encryption program compilation means may also use configuration data from a configuration data file relating to the specific media source used to distribute the software, to the target computer environment in which the section or sections of the encrypted executable program are to be installed and/or relating to the particular application of the original executable program.
  • the encryption program compilation means therefore produces an executable encryption program which is specific to the application of the original program and/or its intended environment, and when the encryption program is run, it produces an output specific to the application.
  • the installation program compiler and/or the execution program compiler may also make use of random data or pseudo-random data produced by the random data generator and/or configuration data to produce the installation and execution programs respectively.
  • the encryption program compilation means is preferably adapted to update the configuration data when it produces said at least one encrypted program section.
  • the execution program compilation means may be adapted to update the configuration data when it compiles the execution program.
  • the execution program compiler and the installation program compiler can therefore make use of information created by the encryption program in order to create an execution program and an installation program respectively, each of which is unique to the particular application of the original program.
  • the output of the execution program compilation means is preferably used as input to the installation program compilation means so that the execution program or an encrypted version thereof may be incorporated within the installation program.
  • the apparatus preferably also includes distribution program compilation means to compile a distribution program for installing the installation program and execution program in the target computer environment.
  • the distribution program compilation means may make use of configuration data, preferably after it has been updated by the encryption, execution and installation programs, in order to create a distribution program which is unique to the particular application of the original program.
  • the installation and execution programs and, when provided, the files of encrypted program sections are made available for distribution to an end user for installation on the target computer, but the encryption program remains with the manufacturer and is not intended to be distributed to the user.
  • the installation program and the distribution program may be distributed to the user separately from each other and from the file of encrypted program sections.
  • the installation program, the execution program and, when provided, the file of encrypted program sections may be supplied to the user together, for instance on a common program storage means such as an installation disk, or by any convenient kind of transmission media.
  • a self-destructive installation program which is adapted to interact with an execution program to enable the execution program to read at least one encrypted program section of an original executable program to produce a decrypted image of the original program for utilization in a target computer environment, wherein the installation program is arranged to destroy itself while it is run once. After the installation program has been run and destroyed itself, it can no longer be propagated elsewhere. Furthermore, the file of encrypted program sections and the execution program are protected from being copied to, and used in, other computer environments since the execution program requires the installation program to enable it to produce a useful decrypted image of the original program.
  • At least one section of the encrypted original executable program and any related routines upon which it depends for satisfactory operation may be arranged to be internally self-destructive or to be destroyed or modified by the execution program while it is run in the target environment.
  • an execution program for decrypting encrypted program sections of an original executable program wherein the execution program is arranged to execute the decrypted image of the original program under an alias name.
  • the reconstructed original executable program under the alias name may be arranged to be destroyed by the execution program or may itself be self-destructive providing security against the decrypted image of the original program and its execution program being copied and used in another computer environment.
  • the execution program When the execution program is run in the user environment it rebuilds the original executable program by decrypting and re-assembling its various component sections. In this manner viruses which are added to any component will be excluded from the reconstruction and non-genuine components will result in failure to execute.
  • the execution program When the execution program is arranged to process program sections of the original program, it may modify, save or temporarily destroy some or all of those sections, for subsequent reinstatement.
  • This controlled execution of the decrypted image of the original program helps to provide protection from infections, such as viruses, which do not appear when the program sections are re-instated.
  • Figure 1 is a schematic block diagram of computing apparatus for manufacturing encrypted software in accordance with the invention
  • Figure 2 is a schematic flow chart showing the apparatus and procedures for the installation and use of the encrypted software
  • Figure 3 is a block diagram of a process for generating pseudo-random data which may be used in the apparatus of Figure 1 ;
  • Figure 4 is a block diagram of a data conversion process for converting binary data to text format which may be used in the apparatus of Figure 1 ;
  • Figures 4a and 4b are block diagrams showing similar data conversion routines which may be used in the apparatus of Figure 1 ;
  • Figure 5 is a block diagram of the process used to compile the programs in the apparatus of Figure 1 ;
  • Figure 6 is a block diagram showing how the encryption program is run to produce encrypted program sections
  • Figure 7 is a block diagram showing the process used to run the installation program in a target computer
  • Figure 8 is a block diagram showing the process used to run the execution program in the target computer
  • Figure 9 is a block diagram similar to that of Figure 1 showing a modified embodiment of apparatus in accordance with the invention
  • Figure 10 is a flow chart similar to that of Figure 2 showing the apparatus and procedure used for installing encrypted software produced by the apparatus of Figure 9.
  • the apparatus for manufacturing encrypted software shown in Figure 1 comprises a manufacturing computer 10 which includes a random data generator 30 for generating random or pseudo-random data 32 from an original file 31 of random date, encryption means 40 for encrypting an original executable file into at least one encrypted program section 45 (SPECIFIC.XEN) and, optionally, one or more further program sections 46 (SPECIFIC.XEX), an installation program compiler 50 for compiling an installation program 51 (INSTALL.EXE), an execution program compiler 60 for compiling an execution program 61 (EXECUTE.EXE), and a distribution program compiler 80 for compiling a distribution program 81 (MEDIA.EXE).
  • SPECIFIC.XEN encrypted program section 45
  • SPECIFIC.XEX further program sections 46
  • an installation program compiler 50 for compiling an installation program 51
  • an execution program compiler 60 for compiling an execution program 61
  • EXECUTE.EXE EXECUTE.EXE
  • MEDIA.EXE MEDIA.EXE
  • the further program section or program sections 46 may be unencrypted, or they may be partially or wholly encrypted depending upon the level of security required.
  • the encryption means 40 includes an assembly level encryption compiler 42 provided with a source text 41 of an encrypt program and which uses random or pseudo-random data 32 from the random data generator 30 and configuration data from a configuration data file 22 to compile an encryption program 44 (ENCRYPT.EXE).
  • the configuration data file 22 used by the encryption compiler 42 to generate the encryption program 44 includes information preferably prepared in advance and relating specifically to the original file of binary data to be protected, to the source media to be used for the distribution of the programs and to a target computer environment in which the programs 61 (EXECUTE.EXE), 51 (INSTALL.EXE) and, optionally, 46 (SPECIFIC.XEX) are intended to be installed.
  • the configuration data may include the full path to the source program or library to be protected, the source path, the target path, an alias format, a selection table of environment factors to be checked on the distribution source and target computer environment and a strategy table for the processing input files of various sizes.
  • the strategy table can determine whether or not it is necessary to generate the further encrypted program sections 46 (SPECIFIC.XEX).
  • the encryption program 44 is arranged to encrypt the original executable program 12 into the first encrypted program section 45 (SPECIFIC.XEN) and, when required, further partly or wholly encrypted program section or sections 46 (SPECIFIC.XEX) which may be stored in files 48.
  • the encryption program may operate directly upon the original executable program 12 to convert the encrypted program sections 46 (SPECIFIC.XEX) to binary format which may then be stored in files 48.
  • the manufacturing computer 10 may include a data converter for converting the encrypted program sections 46 (SPECIFIC.XEX) to binary text format.
  • the encryption program compiler 42 is able to update the configuration data file 22 with, for example, check total or sample encrypted code values for the files it has encrypted.
  • the encryption compiler 42 can make use of random data 32, or pseudo ⁇ random data 34 converted to text format generated in advance by the random data generator 30.
  • the random data generator 30 may generate pseudo-random data 34 from a file of random data 31 and the pseudo ⁇ random data may be stored in one or more files 36 or 18, possibly after passing at least some of the data through a data filter 38, before it is input to the encryption compiler 42.
  • a data converter 20 may be used to convert the files 36 of binary data to files 18 of random or pseudo-random data in text format. Referring to Figure 4A and Figure 6, the first encrypted program section 45
  • SPECIFIC.XEN produced by the encryption program 44 may be processed by a data conversion program 20A (CONVSPEC.EXE) (similar to the data converter 20) to produce a binary image 18A (SPECIFIC.RTN) in text format, which may be stored in a file 47 before being used as input to the execution program compiler 60 (Fig. 5).
  • SPECIFIC.RTN binary image 18A
  • Fig. 5 the strategy table in the configuration data file 22 determines that further encrypted program sections 46 will be required, they may also be processed by a data converter (not shown) similar to that of Figure 4A to produce encrypted program sections of binary data which can be stored in files 48 for subsequent distribution to a user, for instance by distribution media 70, such as an installation disk or by transmission media.
  • the execution program compiler 60 may also comprise an assembly level compiler provided with a source text 62 for the execute program, and having as input at least the first encrypted binary program section 18A (SPECIFIC.RTN) in text format, configuration data from file 22 and random (or pseudo-random) data 32 in text format.
  • the configuration data 22 provided as input to the execution program compiler 60 may include path and alias or "skeleton" names which can be used when the program is executed in the target environment.
  • the execution program compiler 60 preferably provides that successful execution of the execution program 61 (EXECUTE.EXE) is dependent on strict compliance therewith.
  • the manufacturing computer 10 is thus able to create an execution program 61 which is unique to the particular application for the original executable file making use of information created by the encryption program 44 (ENCRYPT.EXE).
  • the execution program 61 is then used as input to the installation program compiler 50 after being converted into text format 18B (SPECIFIC. RTX) by a data conversion program 20B (CONVEXEQ.EXE).
  • the installation program compiler 50 may comprise an assembly level compiler provided with a source text 52 for the install program, and having as inputs the converted execution program in text format 18B, configuration data from file 22, and random (or pseudo-random) data in text format 32.
  • the configuration data 22 which is input to the installation program compiler 50 may include an environment factor selection table that can determine which properties of the target environment have to be checked for propagation protection. Alternatively, the table may indicate that external proprietary routines are to be executed and results returned.
  • the configuration data file 22 is also adapted to receive information from the encryption program compiler 42, the execution program compiler 60 and the installation program compiler 50.
  • the file 22 of configuration data can be updated by the encryption program compiler 42 with data about the encryption program when the encryption program has been compiled, the updated configuration data being used by the execution program compiler 60 to compile the execution program 61.
  • the execution program compiler 60 can update the configuration data file 22 with data about the execution program 61 which can then be used by the installation program compiler 50 in compiling the installation program 51.
  • the configuration data file 22 can be updated by the installation program compiler 50 with information about the installation program 51 which can be used by the distribution program compiler 80 in compiling the distribution program 81 (MEDIA.EXE)
  • the distribution program compiler 80 may comprise an assembly level compiler provided with a source text 82 for the distribution program (MEDIA.EXE), and having as inputs configuration data from file 22, and random (or pseudo-random) data 32.
  • the distribution program, compiled last in the sequence of compilations with configuration data 22 as input is thereby provided with additional information useful to decide on alternative courses of action for distributing the software from the source to the target environment.
  • the data conversion programs 20A CONVSPEC.EXE and 20B CONVEXEQ.EXE may involve an element of data conversion or encryption in addition to their function to produce binary data in text format suitable to be read by a computer compiler.
  • the source code for the compiler programs which make use of the configuration data may direct that only selected parts of the configuration data will be embodied in the output compilation, and conversely may direct that selected parts of the configuration data may be updated as a result of the compilation.
  • the strategy table in the configuration data file 22 is somewhat similar to an object in computer terminology in that it contains both addresses of functions and data.
  • the data which may be returned into the strategy table in the process of compilation may be information such as computed check sums or parts of encryption keys to be passed on to subsequent compilations in the sequence. Encryption keys can thus be incremental, originating say from media identification, program serial identification and feedback information introduced into the configuration data during earlier compilations.
  • the distribution program 82 (MEDIA.EXE) being the last in the compilation sequence can be aware of and make use of all that precedes it.
  • the encrypted software consisting of the installation program 51 (INSTALL.EXE), the distribution program 81 (MEDIA.EXE) and the file or files 46 of encrypted program sections (SPECIFIC.XEX) may be transferred to an installation disk 70 or other file storage means for supply to a distributor or user.
  • the encryption program (ENCRYPT.EXE) remains with the manufacturer and is not intended to be distributed to the user.
  • the encrypted software on the distribution media 70 can be installed and used in a target environment of an installing agent or user by following the procedures illustrated with reference to Figures 2, 7 and 8.
  • the distribution program 81 (MEDIA.EXE), is run to transfer the installation program 51 (INSTALL.EXE) and the file or files 48 (if present) of encrypted program sections (SPECIFIC.XEX) from the distribution media 70 to the target environment.
  • the program 81 (MEDIA.EXE) may convert or revise the installation program 51 (INSTALL.EXE) to make it dependent on features of the target environment for successful subsequent operation.
  • the program 81 In accordance with one installation procedure, the program 81
  • MEDIA.EXE can read the distribution media 70, copy or transfer the relevant files to the target environment, run the install program 51 (INSTALL.EXE) leaving a modified execution program 71 (EXECUTE.EXE) in the target environment. The end user can then run the modified execution program 71 (EXECUTE.EXE) to reconstruct an image 74 of the original executable program and run the application.
  • the modified installation program 51 may itself be encrypted by these disclosed methods or by external means.
  • the resultant encrypted version 151 of the install program may be copied to a master disk which may, for example be distributed to an installer.
  • the distribution program 81 can sense that the correct version of the installation program is present in the environment and proceed with the installation.
  • the manufacturer of the encrypted software can control the distribution of the software, and propagation of the encrypted software is substantially reduced.
  • further protection may also be provided by arranging one or more of the installation program 51 (INSTALL.EXE), the modified execution program 71 and the distribution program 81 (MEDIA.EXE) to be self-destroying, run once programs, as illustrated in Figures 2 and 7.
  • the installation program 51 INHTALL.EXE
  • the modified execution program 71 and the distribution program 81 (MEDIA.EXE)
  • MEDIA.EXE distribution program 81
  • the modified execution program 71 (EXECUTE.EXE) includes first decryption means 72 to, decrypt and restore a first section of the original executable program internally within itself, second decryption means 73 to decrypt and restore other sections of the original program externally, and reconstruction means 74 to concatenate the decrypted sections and rebuild the image of the original executable program.
  • the execution program includes alias assignment means 75 for loading and executing the restored image of the original executable under an alias name.
  • the alias program may be arranged to be self destructive when run once, or the execution program (EXECUTE.EXE) may include means 78 arranged to destroy the alias program when run.
  • the names and extensions given to files of all kinds in these descriptions are for illustrative purposes only, the configuration file 22 determines the actual names which will be used for each particular application. The ability to use such covert alias names provides further protection from targeted viruses.
  • Executable programs such as those designated with a suffix .EXE are often supported by other routines which they depend upon for their operation. References to such executable programs should be taken to include such supporting routines and their data.
  • the execution program may also include means 76 for destroying program sections and input data, and reconstruction means 77 capable of rebuilding and reinstating destroyed sections.
  • the execution program may have the ability to recognise a different course of action for dynamic link library files.
  • the execution program can support parameters when run in the target environment. These may be passed to the alias program which the execution program executes under its control.
  • the installation program (INSTALL.EXE) and the execution program
  • EXECUTE.EXE are preferably constructed such that they run through to completion whether or not they produce useful output. They are preferably arranged such that no error messages, which may be helpful in revealing the programs are generated.
  • the encryption program 44 (ENCRYPT.EXE) is preferably arranged to encrypt the program sections of the original executable program such that there are no vacant buffer areas or sequences of identical data in the unencrypted source files for INSTALL.EXE and EXECUTE.EXE, these being filled with random or pseudo-random data generated by the random data generator 10, 30. Encryption of the sections of programs may be overlapping, and to more then one level of depth.
  • the present invention provides a method of and apparatus for manufacturing encrypted software in which protection of an original executable program from copying is substantially increased and in which the encrypted software has increased protection from viruses and intruders.
  • the protection system may appear complex, this occurs in the manufacturing process which can readily be automated and in practise the user will be unaware that the original application software is protected. Dependant on the level of protection required, not all steps of the manufacturing sequence may be required during a production run.
  • Figures 9 and 10 are similar to Figures 1 and 2 respectively and corresponding reference numerals have been applied to corresponding parts.
  • Figure 10 differs from Figure 1 in that the execution file 61 is not used as input to the installation program compiler 50, and Figure 10 differs from Figure 2 in that when the installation program 51 and the execution program 61 are installed in the target environment the installation program 51 (INSTALL.EXE) is arranged to read the execution program 61 (EXECUTE.EXE) and interact with it to produce the modified execution program 71.
  • INSTALL.EXE installation program 51
  • EXECUTE.EXE EXECUTE.EXE

Abstract

A method of, and apparatus for, protecting a computer program from copying or propagation to other computer environments is provided in which an original executable program is encrypted by an encryption program compiler (42) into one or more encrypted program sections (45, 46), an execution program (61) for producing a decrypted image of the original executable program is compiled by an execution program compiler (60), an installation program (51) arranged to interact with the execution program (61) is compiled by an installation program compiler (50), and the arrangement is such that the execution program (61) includes at least one encrypted section (45) of the original executable program whereby the decrypted image of the original executable program can only be run in a target environment which has been installed with the execution program (61) and the installation program (51). The apparatus may also include a distribution program compiler (80) to compile a distribution program (81) for installing the installation program and execution program in the target computer environment. When the execution program is run in the target environment it rebuilds the original executable program in a controlled manner which helps to provide protection from viruses. The program compilers (40, 50, 60 and 80) may make use of random or pseudo-random data from a random data generator (30) and configuration data (22) with the installation, execution and distribution programs being tailored to particular target environments and/or to the source environment. Further features of the invention include the use of self-destructive programs and alias names for further security.

Description

METHODS AND APPARATUS FOR PROTECTION OF EXECUTABLE PROGRAMS, LIBRARIES AND DATA
This invention relates to the protection of computer programs. It is particularly, but not exclusively, concerned with protecting executable programs, dynamic link libraries and data included in computer programs from unauthorised use or copying thereof.
Modern computer software is frequently supplied in a form which can readily be copied. The absence of means of protection has hitherto had a major effect on software development and its distribution. It is therefore desirable to provide a means of protecting software whereby the software may be executed in a particular target computer environment in such a manner that it cannot be propagated to further computer environments.
It is also desirable to provide a method of, and apparatus for, manufacturing computer programs which enables the programs to be distributed with an acceptable level of security.
It is further desirable to provide a system for protecting computer programs in which the propagation of viruses is substantially reduced.
According to a first aspect of the invention, there is provided a method of protecting a computer program from copying comprising the steps of: encrypting an original executable program to produce an encrypted version of said original executable program; compiling an execution program for producing a decrypted image of the original executable program from said encrypted version of the original executable program; providing installation means for installing the execution program and said encrypted version of the original executable program into a target environment, wherein the execution program includes at least one section of said encrypted version of the original executable program and the decrypted image of the original executable program can only be run in a target environment which has been installed with said execution program by said installation means.
For some applications, the execution program may include an entire encrypted version of the original executable program, but more conveniently the execution program incorporates only an encrypted section of the original executable program, with remaining sections of the original executable program being distributed to a user. In the latter case, since at least one section of the original executable program is included in the execution program, an unauthorised person who only obtains access to the remaining sections is prevented from reconstructing the original executable program. The remaining program sections may be unencrypted, but preferably they are partially or wholly encrypted for greater security. The installation means preferably includes an installation program which interacts with or incorporates part or all of the execution program whereby the installation program is arranged to create a modified execution program capable of reconstructing an image of the original executable file from the encrypted program section or sections. For further security, the installation program may be arranged to be self-destructive or to be destroyed while it is run once to create the modified execution program.
The installation means may include a distribution program configured to install the installation program and execution program in a target computer environment. The installation means, execution program and encrypted executable program may be distributed to users by any convenient means, for example either individually or collectively on data storage media such as disks, read-only memory, CD-roms, or by transmission media such as by satellite or radio-transmission or fibre optic cable. The execution program, the installation program and/or the distribution program may include configuration data relating to the target environment in which the execution program is to be run and/or to the media used to distribute the programs to users. The present invention therefore provides a versatile system in which the distribution of executable programs to users can be controlled with the installation means being tailored to the target environment in which the executable program is to be run and/or to the source environment for supplying the programs to users.
According to a second aspect of the invention, there is provided apparatus for manufacturing encrypted software comprising encryption means to encrypt an original executable program to produce an encrypted version of the original executable program; execution program compilation means to compile an execution program for decrypting said encrypted version of the original executable program; installation program compilation means to compile an installation program for installing the execution program and said encrypted version of the original executable program in a target computer environment; wherein the installation program is arranged to interact with the execution program in such a manner that the execution program is not able to decrypt said encrypted version of the original executable program to produce a useful decrypted image of the original program unless the installation program has been run in the target computer environment. Preferably, the apparatus for manufacturing the encrypted software comprises a computer which includes encryption compilation means to produce an encryption program for encrypting data from the original program to produce one or more encrypted program sections. At least one of said encrypted program sections may be input to the execution program compilation means to be included in the execution program. In one form of the invention, the entire encrypted version of the original executable program may be input to the execution program compilation means to be included in the execution program. Alternatively, one or more of encrypted program sections may be included in the execution program with at least one further program section being stored in a file of program sections. The encryption program compilation means preferably uses random or pseudo-random data produced by a random data generator in order to encrypt the program sections. As used herein, the term "encryption" encompasses within its scope encoding, expansion or compression such that subsequent decoding, compression or expansion is required to produce the executable decrypted image of the original program.
The encryption program compilation means may also use configuration data from a configuration data file relating to the specific media source used to distribute the software, to the target computer environment in which the section or sections of the encrypted executable program are to be installed and/or relating to the particular application of the original executable program. The encryption program compilation means therefore produces an executable encryption program which is specific to the application of the original program and/or its intended environment, and when the encryption program is run, it produces an output specific to the application. The installation program compiler and/or the execution program compiler may also make use of random data or pseudo-random data produced by the random data generator and/or configuration data to produce the installation and execution programs respectively.
The encryption program compilation means is preferably adapted to update the configuration data when it produces said at least one encrypted program section. Similarly, the execution program compilation means may be adapted to update the configuration data when it compiles the execution program. The execution program compiler and the installation program compiler can therefore make use of information created by the encryption program in order to create an execution program and an installation program respectively, each of which is unique to the particular application of the original program. The output of the execution program compilation means is preferably used as input to the installation program compilation means so that the execution program or an encrypted version thereof may be incorporated within the installation program.
The apparatus preferably also includes distribution program compilation means to compile a distribution program for installing the installation program and execution program in the target computer environment. The distribution program compilation means may make use of configuration data, preferably after it has been updated by the encryption, execution and installation programs, in order to create a distribution program which is unique to the particular application of the original program.
The installation and execution programs and, when provided, the files of encrypted program sections are made available for distribution to an end user for installation on the target computer, but the encryption program remains with the manufacturer and is not intended to be distributed to the user. The installation program and the distribution program may be distributed to the user separately from each other and from the file of encrypted program sections. Alternatively, the installation program, the execution program and, when provided, the file of encrypted program sections may be supplied to the user together, for instance on a common program storage means such as an installation disk, or by any convenient kind of transmission media. According to a further important aspect of the invention, there is provided a self-destructive installation program, which is adapted to interact with an execution program to enable the execution program to read at least one encrypted program section of an original executable program to produce a decrypted image of the original program for utilization in a target computer environment, wherein the installation program is arranged to destroy itself while it is run once. After the installation program has been run and destroyed itself, it can no longer be propagated elsewhere. Furthermore, the file of encrypted program sections and the execution program are protected from being copied to, and used in, other computer environments since the execution program requires the installation program to enable it to produce a useful decrypted image of the original program. Also, at least one section of the encrypted original executable program and any related routines upon which it depends for satisfactory operation may be arranged to be internally self-destructive or to be destroyed or modified by the execution program while it is run in the target environment. In accordance with another desirable feature of the invention, there is provided an execution program for decrypting encrypted program sections of an original executable program wherein the execution program is arranged to execute the decrypted image of the original program under an alias name. The reconstructed original executable program under the alias name may be arranged to be destroyed by the execution program or may itself be self-destructive providing security against the decrypted image of the original program and its execution program being copied and used in another computer environment.
When the execution program is run in the user environment it rebuilds the original executable program by decrypting and re-assembling its various component sections. In this manner viruses which are added to any component will be excluded from the reconstruction and non-genuine components will result in failure to execute.
When the execution program is arranged to process program sections of the original program, it may modify, save or temporarily destroy some or all of those sections, for subsequent reinstatement. This controlled execution of the decrypted image of the original program helps to provide protection from infections, such as viruses, which do not appear when the program sections are re-instated.
A preferred embodiment of the present invention, will now be described, by way of example only, with reference to the accompanying drawings, in which: Figure 1 is a schematic block diagram of computing apparatus for manufacturing encrypted software in accordance with the invention;
Figure 2 is a schematic flow chart showing the apparatus and procedures for the installation and use of the encrypted software;
Figure 3 is a block diagram of a process for generating pseudo-random data which may be used in the apparatus of Figure 1 ; Figure 4 is a block diagram of a data conversion process for converting binary data to text format which may be used in the apparatus of Figure 1 ;
Figures 4a and 4b are block diagrams showing similar data conversion routines which may be used in the apparatus of Figure 1 ;
Figure 5 is a block diagram of the process used to compile the programs in the apparatus of Figure 1 ;
Figure 6 is a block diagram showing how the encryption program is run to produce encrypted program sections;
Figure 7 is a block diagram showing the process used to run the installation program in a target computer; Figure 8 is a block diagram showing the process used to run the execution program in the target computer; Figure 9 is a block diagram similar to that of Figure 1 showing a modified embodiment of apparatus in accordance with the invention;
Figure 10 is a flow chart similar to that of Figure 2 showing the apparatus and procedure used for installing encrypted software produced by the apparatus of Figure 9.
The apparatus for manufacturing encrypted software shown in Figure 1 comprises a manufacturing computer 10 which includes a random data generator 30 for generating random or pseudo-random data 32 from an original file 31 of random date, encryption means 40 for encrypting an original executable file into at least one encrypted program section 45 (SPECIFIC.XEN) and, optionally, one or more further program sections 46 (SPECIFIC.XEX), an installation program compiler 50 for compiling an installation program 51 (INSTALL.EXE), an execution program compiler 60 for compiling an execution program 61 (EXECUTE.EXE), and a distribution program compiler 80 for compiling a distribution program 81 (MEDIA.EXE). The further program section or program sections 46 (SPECIFIC.XEX) may be unencrypted, or they may be partially or wholly encrypted depending upon the level of security required. For the sake of convenience, the following description will refer to encrypted program sections 46 (SPECIFIC.XEX). As shown more particularly in Figure 5, the encryption means 40 includes an assembly level encryption compiler 42 provided with a source text 41 of an encrypt program and which uses random or pseudo-random data 32 from the random data generator 30 and configuration data from a configuration data file 22 to compile an encryption program 44 (ENCRYPT.EXE). The configuration data file 22 used by the encryption compiler 42 to generate the encryption program 44 includes information preferably prepared in advance and relating specifically to the original file of binary data to be protected, to the source media to be used for the distribution of the programs and to a target computer environment in which the programs 61 (EXECUTE.EXE), 51 (INSTALL.EXE) and, optionally, 46 (SPECIFIC.XEX) are intended to be installed. For instance, the configuration data may include the full path to the source program or library to be protected, the source path, the target path, an alias format, a selection table of environment factors to be checked on the distribution source and target computer environment and a strategy table for the processing input files of various sizes. The strategy table can determine whether or not it is necessary to generate the further encrypted program sections 46 (SPECIFIC.XEX).
As shown in Figure 6, the encryption program 44 is arranged to encrypt the original executable program 12 into the first encrypted program section 45 (SPECIFIC.XEN) and, when required, further partly or wholly encrypted program section or sections 46 (SPECIFIC.XEX) which may be stored in files 48. The encryption program may operate directly upon the original executable program 12 to convert the encrypted program sections 46 (SPECIFIC.XEX) to binary format which may then be stored in files 48. Alternatively, the manufacturing computer 10 may include a data converter for converting the encrypted program sections 46 (SPECIFIC.XEX) to binary text format. The encryption program compiler 42 is able to update the configuration data file 22 with, for example, check total or sample encrypted code values for the files it has encrypted.
The encryption compiler 42 can make use of random data 32, or pseudo¬ random data 34 converted to text format generated in advance by the random data generator 30. As shown in Figures 3 and 4, the random data generator 30 may generate pseudo-random data 34 from a file of random data 31 and the pseudo¬ random data may be stored in one or more files 36 or 18, possibly after passing at least some of the data through a data filter 38, before it is input to the encryption compiler 42. A data converter 20 may be used to convert the files 36 of binary data to files 18 of random or pseudo-random data in text format. Referring to Figure 4A and Figure 6, the first encrypted program section 45
(SPECIFIC.XEN) produced by the encryption program 44 may be processed by a data conversion program 20A (CONVSPEC.EXE) (similar to the data converter 20) to produce a binary image 18A (SPECIFIC.RTN) in text format, which may be stored in a file 47 before being used as input to the execution program compiler 60 (Fig. 5). If the strategy table in the configuration data file 22 determines that further encrypted program sections 46 will be required, they may also be processed by a data converter (not shown) similar to that of Figure 4A to produce encrypted program sections of binary data which can be stored in files 48 for subsequent distribution to a user, for instance by distribution media 70, such as an installation disk or by transmission media. Referring to Figure 5 of the drawings, the execution program compiler 60 may also comprise an assembly level compiler provided with a source text 62 for the execute program, and having as input at least the first encrypted binary program section 18A (SPECIFIC.RTN) in text format, configuration data from file 22 and random (or pseudo-random) data 32 in text format. The configuration data 22 provided as input to the execution program compiler 60 may include path and alias or "skeleton" names which can be used when the program is executed in the target environment. The execution program compiler 60 preferably provides that successful execution of the execution program 61 (EXECUTE.EXE) is dependent on strict compliance therewith. By the use of configuration data 22, the manufacturing computer 10 is thus able to create an execution program 61 which is unique to the particular application for the original executable file making use of information created by the encryption program 44 (ENCRYPT.EXE). The execution program 61 is then used as input to the installation program compiler 50 after being converted into text format 18B (SPECIFIC. RTX) by a data conversion program 20B (CONVEXEQ.EXE).
Referring also to Figure 5, the installation program compiler 50 may comprise an assembly level compiler provided with a source text 52 for the install program, and having as inputs the converted execution program in text format 18B, configuration data from file 22, and random (or pseudo-random) data in text format 32. The configuration data 22 which is input to the installation program compiler 50 may include an environment factor selection table that can determine which properties of the target environment have to be checked for propagation protection. Alternatively, the table may indicate that external proprietary routines are to be executed and results returned. The configuration data file 22 is also adapted to receive information from the encryption program compiler 42, the execution program compiler 60 and the installation program compiler 50. Thus, the file 22 of configuration data can be updated by the encryption program compiler 42 with data about the encryption program when the encryption program has been compiled, the updated configuration data being used by the execution program compiler 60 to compile the execution program 61. Similarly, the execution program compiler 60 can update the configuration data file 22 with data about the execution program 61 which can then be used by the installation program compiler 50 in compiling the installation program 51. Likewise, the configuration data file 22 can be updated by the installation program compiler 50 with information about the installation program 51 which can be used by the distribution program compiler 80 in compiling the distribution program 81 (MEDIA.EXE)
Referring to Figure 5 the distribution program compiler 80 may comprise an assembly level compiler provided with a source text 82 for the distribution program (MEDIA.EXE), and having as inputs configuration data from file 22, and random (or pseudo-random) data 32. The distribution program, compiled last in the sequence of compilations with configuration data 22 as input is thereby provided with additional information useful to decide on alternative courses of action for distributing the software from the source to the target environment.
The data conversion programs 20A CONVSPEC.EXE and 20B CONVEXEQ.EXE may involve an element of data conversion or encryption in addition to their function to produce binary data in text format suitable to be read by a computer compiler.
The source code for the compiler programs which make use of the configuration data may direct that only selected parts of the configuration data will be embodied in the output compilation, and conversely may direct that selected parts of the configuration data may be updated as a result of the compilation.
The strategy table in the configuration data file 22 is somewhat similar to an object in computer terminology in that it contains both addresses of functions and data. The data which may be returned into the strategy table in the process of compilation may be information such as computed check sums or parts of encryption keys to be passed on to subsequent compilations in the sequence. Encryption keys can thus be incremental, originating say from media identification, program serial identification and feedback information introduced into the configuration data during earlier compilations. The distribution program 82 (MEDIA.EXE) being the last in the compilation sequence can be aware of and make use of all that precedes it.
The encrypted software consisting of the installation program 51 (INSTALL.EXE), the distribution program 81 (MEDIA.EXE) and the file or files 46 of encrypted program sections (SPECIFIC.XEX) may be transferred to an installation disk 70 or other file storage means for supply to a distributor or user. The encryption program (ENCRYPT.EXE) remains with the manufacturer and is not intended to be distributed to the user.
The encrypted software on the distribution media 70 can be installed and used in a target environment of an installing agent or user by following the procedures illustrated with reference to Figures 2, 7 and 8. The distribution program 81 (MEDIA.EXE), is run to transfer the installation program 51 (INSTALL.EXE) and the file or files 48 (if present) of encrypted program sections (SPECIFIC.XEX) from the distribution media 70 to the target environment. The program 81 (MEDIA.EXE) may convert or revise the installation program 51 (INSTALL.EXE) to make it dependent on features of the target environment for successful subsequent operation.
In accordance with one installation procedure, the program 81
(MEDIA.EXE) can read the distribution media 70, copy or transfer the relevant files to the target environment, run the install program 51 (INSTALL.EXE) leaving a modified execution program 71 (EXECUTE.EXE) in the target environment. The end user can then run the modified execution program 71 (EXECUTE.EXE) to reconstruct an image 74 of the original executable program and run the application.
In another installation procedure, for additional protection the modified installation program 51 (INSTALL.EXE) may itself be encrypted by these disclosed methods or by external means. The resultant encrypted version 151 of the install program may be copied to a master disk which may, for example be distributed to an installer. When the installer decrypts the installation routine to the target environment the distribution program 81 (MEDIA.EXE) can sense that the correct version of the installation program is present in the environment and proceed with the installation.
In this manner, the manufacturer of the encrypted software can control the distribution of the software, and propagation of the encrypted software is substantially reduced.
In accordance with another advantageous feature of the invention, further protection may also be provided by arranging one or more of the installation program 51 (INSTALL.EXE), the modified execution program 71 and the distribution program 81 (MEDIA.EXE) to be self-destroying, run once programs, as illustrated in Figures 2 and 7. For example, while the installation program 51 (INSTALL.EXE) is run in the target environment it may be arranged to destroy itself while modifying the execution program 61 (EXECUTE.EXE) to produce the modified execution program 71. Subsequent copying of the installation program 51 (INSTALL.EXE), which is required to enable the execution program to decrypt and restore the original program sections and rebuild the original executable program, is therefore prevented.
Referring more specifically to Figure 8, the modified execution program 71 (EXECUTE.EXE) includes first decryption means 72 to, decrypt and restore a first section of the original executable program internally within itself, second decryption means 73 to decrypt and restore other sections of the original program externally, and reconstruction means 74 to concatenate the decrypted sections and rebuild the image of the original executable program.
In accordance with a further advantageous feature of the invention, the execution program (EXECUTE.EXE) includes alias assignment means 75 for loading and executing the restored image of the original executable under an alias name. The alias program may be arranged to be self destructive when run once, or the execution program (EXECUTE.EXE) may include means 78 arranged to destroy the alias program when run. The names and extensions given to files of all kinds in these descriptions are for illustrative purposes only, the configuration file 22 determines the actual names which will be used for each particular application. The ability to use such covert alias names provides further protection from targeted viruses. Executable programs such as those designated with a suffix .EXE are often supported by other routines which they depend upon for their operation. References to such executable programs should be taken to include such supporting routines and their data.
The execution program (EXECUTE.EXE) may also include means 76 for destroying program sections and input data, and reconstruction means 77 capable of rebuilding and reinstating destroyed sections. The execution program may have the ability to recognise a different course of action for dynamic link library files. The execution program can support parameters when run in the target environment. These may be passed to the alias program which the execution program executes under its control.
The installation program (INSTALL.EXE) and the execution program
(EXECUTE.EXE) are preferably constructed such that they run through to completion whether or not they produce useful output. They are preferably arranged such that no error messages, which may be helpful in revealing the programs are generated. The encryption program 44 (ENCRYPT.EXE) is preferably arranged to encrypt the program sections of the original executable program such that there are no vacant buffer areas or sequences of identical data in the unencrypted source files for INSTALL.EXE and EXECUTE.EXE, these being filled with random or pseudo-random data generated by the random data generator 10, 30. Encryption of the sections of programs may be overlapping, and to more then one level of depth.
Whilst no encryption system can be said to be completely secure from decryption and copying, the present invention provides a method of and apparatus for manufacturing encrypted software in which protection of an original executable program from copying is substantially increased and in which the encrypted software has increased protection from viruses and intruders. Furthermore whilst the protection system may appear complex, this occurs in the manufacturing process which can readily be automated and in practise the user will be unaware that the original application software is protected. Dependant on the level of protection required, not all steps of the manufacturing sequence may be required during a production run.
It will be appreciated that various modifications and alterations to the system described above with reference to Figures 1 to 8 of the drawings may be made without departing from the scope or spirit of the invention. For instance, a common assembly level compiler in the manufacturing computer may be used to compile the encryption program (ENCRYPT.EXE), the installation program (INSTALL.EXE) and the execution program (EXECUTE.EXE). Also, instead of being incorporated wholly within the installation program 51, the execution program 61 may be transferred to the target environment separately from the installation program 51 as illustrated in the modified embodiment of Figures 9 and 10.
Figures 9 and 10 are similar to Figures 1 and 2 respectively and corresponding reference numerals have been applied to corresponding parts. Figure 10 differs from Figure 1 in that the execution file 61 is not used as input to the installation program compiler 50, and Figure 10 differs from Figure 2 in that when the installation program 51 and the execution program 61 are installed in the target environment the installation program 51 (INSTALL.EXE) is arranged to read the execution program 61 (EXECUTE.EXE) and interact with it to produce the modified execution program 71.

Claims

Claims:
1. A method of protecting a computer program from copying comprising the steps of: encrypting an original executable program to produce an encrypted version of said original executable program; compiling an execution program for producing a decrypted image of the original executable program from said encrypted version of the original executable program; providing installation means for installing the execution program and said encrypted version of the original executable program into a target environment, wherein the execution program includes at least one section of said encrypted version of the original executable program and the decrypted image of the original executable program can only be run in a target environment which has been installed with said execution program by said installation means.
2. A method according to claim 1 wherein the execution program includes an entire encrypted version of the original executable program.
3. A method according to claim 1 wherein the execution program includes only an encrypted section of the original executable program, and remaining sections of the original executable program are distributed to a user.
4. A method according to claim 3 wherein the remaining program sections are partially or wholly encrypted.
5. A method according to any one of the preceding claims wherein the installation means includes an installation program which interacts with or incorporates part or all of the execution program whereby the installation program is arranged to create a modified execution program capable of reconstructing an image of the original executable file from the encrypted program section or sections.
6. A method according to claim 5 wherein the installation program is arranged to be self-destructive or to be destroyed while it is run once to create the modified execution program.
7. A method according to any one of the preceding claims wherein at least one section of the encrypted original executable program is arranged to be self-destructive or to be destroyed or modified by the execution program while it is run in the target computer environment.
8. A method according to any one of the preceding claims wherein the installation means includes a distribution program configured to install the installation program and execution program in a target computer environment.
9. A method according to claim 8 wherein the execution program, the installation program and/or the distribution program may include configuration data relating to the target environment in which the execution program is to be run and/or relating to the source environment used to distribute the programs to users.
10. A method according to any one of the preceding claims further comprising the step of using random or pseudo-random data to encrypt the original executable program.
11. A method according to claim 5 or claim 6 wherein random or pseudo- random data is used in the production of the installation program.
12. A method according to claim 8 or claim 9 wherein random or pseudo random data is used in the production of the distribution program.
13. A method according to any one of the preceding claims wherein the execution program is arranged to execute the decrypted image of the original program under an alias name.
14. A method according to claim 13 wherein the reconstructed original executable program under the alias name is arranged to be destroyed by the execution program or is self-destructive providing security against the decrypted image of the original program and its execution program being copied and used in another computer environment.
15. A method according to any one of the preceding claims wherein the execution program is arranged to rebuild the original executable program by decrypting and re-assembling encrypted program sections of the original executable program.
16. A method according to claim 15 wherein the execution program is arranged to modify, save or temporarily destroy at least one of said encrypted program sections, for subsequent reinstatement, when processing the encrypted program sections.
17. Apparatus for manufacturing encrypted software comprising: encryption means to encrypt an original executable program to produce an encrypted version of the original executable program; execution program compilation means to compile an execution program for decrypting said encrypted version of the original executable program; installation program compilation means to compile an installation program for installing the execution program and said encrypted version of the original executable program in a target computer environment; wherein the installation program is arranged to interact with the execution program in such a manner that the execution program is not able to decrypt said encrypted version of the original executable program to produce a useful decrypted image of the original program unless the installation program has been run in the target computer environment.
18. Apparatus according to claim 17 comprising a computer including encryption compilation means to produce an encryption program for encrypting data from the original program to produce a plurality of encrypted program sections.
19. Apparatus according to claim 18 wherein at least one of said encrypted program sections is input to the execution program compilation means to be included in the execution program.
20. Apparatus according to any one of claims 17 to 19 wherein the entire encrypted version of the original executable program is input to the execution program compilation means for inclusion in the execution program.
21. Apparatus according to claim 17 wherein at least one encrypted program section is stored in a file of program sections instead of being input to the execution program compilation means.
22. Apparatus according to any one of claims 17 to 21 further comprising a random data generator for generating random or pseudo-random data.
23. Apparatus according to claim 22 wherein the encryption program compilation means uses random or pseudo-random data produced by said random data generator to encrypt the original executable program.
24. Apparatus according to claim 22 or claim 23 wherein the installation program compilation means uses random data or pseudo-random data produced by said random data generator when producing the installation program.
25. Apparatus according to any one of claims 22 to 24 wherein the execution program compiler uses random or pseudo-random data produced by said random data generator when producing the execution program.
26. Apparatus according to any one of claims 17 to 25 further comprising data storage means including a configuration data file relating to one or more of the following: the specific media source used to distribute the software; the target computer environment in which the section or sections of the encrypted executable program are to be installed; and/or the particular application of the original executable program.
27. Apparatus according to claim 26 wherein the encryption program compilation means uses configuration data from said configuration data file when encrypting said original executable program.
28. Apparatus according to claim 26 or claim 27 wherein the installation program compilation means uses configuration data from said configuration data file when producing the installation program.
29. Apparatus according to any one of claims 26 to 28 wherein the execution program compilation means uses configuration data from said configuration data file when producing the execution program.
30. Apparatus according to claim 27 wherein the encryption program compilation means is adapted to update the configuration data when it produces said at least one encrypted program section.
31. Apparatus according to claim 29 wherein the executed program compilation means is adapted to update the configuration data when it compiles the execution program.
32. Apparatus according to any one of claims 17 to 31 wherein the output of the execution program compilation means is used as input to the installation program compilation means so that the execution program or an encrypted version thereof can be incorporated within the installation program.
33. Apparatus according to any one of claims 17 to 32 further comprising distribution program compilation means to compile a distribution program for installing the installation program and execution program in the target computer environment.
34. Apparatus according to claim 33 as appended to any one of claims 26 to 31 wherein the distribution program compilation means uses configuration data from said configuration data file in order to create a distribution file which is unique to the particular application of the original executable program.
35. A self-destructive installation program adapted to interact with an execution program to enable the execution program to read at least one encrypted program section of an original executable program to produce a decrypted image of the original program for utilisation in a target computer environment, wherein the installation program is arranged to destroy itself while it is run once.
36. An execution program for decrypting encrypted program sections of an original executable program wherein the execution program is arranged to execute the decrypted image of the original executable program under an alias name.
PCT/AU1995/000836 1994-12-13 1995-12-11 Methods and apparatus for protection of executable programs, libraries and data WO1996018951A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU42497/96A AU695468B2 (en) 1994-12-13 1995-12-11 Methods and apparatus for protection of executable programs, libraries and data

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AUPN0025A AUPN002594A0 (en) 1994-12-13 1994-12-13 Improvements in software for the protection of executable programs, libraries and their data
AUPN0025 1994-12-13

Publications (1)

Publication Number Publication Date
WO1996018951A1 true WO1996018951A1 (en) 1996-06-20

Family

ID=3784532

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU1995/000836 WO1996018951A1 (en) 1994-12-13 1995-12-11 Methods and apparatus for protection of executable programs, libraries and data

Country Status (2)

Country Link
AU (1) AUPN002594A0 (en)
WO (1) WO1996018951A1 (en)

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2762111A1 (en) * 1997-04-09 1998-10-16 Telediffusion Fse Protection of computer file against illicit copying and use
WO2000011551A1 (en) * 1998-08-19 2000-03-02 Siemens Aktiengesellschaft Method, array and set of several arrays for protecting several programs and/or files from unauthorized access by a process
EP1000400A1 (en) * 1997-06-17 2000-05-17 Purdue Pharma LP Self-destructing document and e-mail messaging system
WO2000036526A1 (en) * 1998-12-16 2000-06-22 Kent Ridge Digital Labs A method of processing digital material
DE19932769A1 (en) * 1999-07-14 2001-03-08 Roellgen Bernd Cryptographic method that can be changed during runtime
US6453304B1 (en) * 1997-12-15 2002-09-17 Hitachi, Ltd. Digital information recording apparatus for recording digital information
US7098908B2 (en) 2000-10-30 2006-08-29 Landmark Graphics Corporation System and method for analyzing and imaging three-dimensional volume data sets
WO2007017856A1 (en) * 2005-08-06 2007-02-15 Secured Dimensions Ltd. Method for preventing software reverse engineering, unauthorized modification, and runtime data interception
EP2357585A3 (en) * 2010-02-12 2013-01-02 Samsung Electronics Co., Ltd. User terminal, server and controlling method thereof
CN110036279A (en) * 2016-12-06 2019-07-19 三菱电机株式会社 Check device and inspection method

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2146149A (en) * 1983-07-19 1985-04-11 Software Distribution Network Secure copy method and device for stored programs
US4999806A (en) * 1987-09-04 1991-03-12 Fred Chernow Software distribution system
US5182770A (en) * 1991-04-19 1993-01-26 Geza Medveczky System and apparatus for protecting computer software
US5343527A (en) * 1993-10-27 1994-08-30 International Business Machines Corporation Hybrid encryption method and system for protecting reusable software components
AU1485695A (en) * 1994-04-25 1995-11-02 International Business Machines Corporation Method and apparatus for enabling trial period use of software products: method and apparatus for allowing a try-and-buy user interaction
EP0679978A1 (en) * 1994-04-25 1995-11-02 International Business Machines Corporation Method and apparatus enabling software trial using a decryption stub

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2146149A (en) * 1983-07-19 1985-04-11 Software Distribution Network Secure copy method and device for stored programs
US4999806A (en) * 1987-09-04 1991-03-12 Fred Chernow Software distribution system
US5182770A (en) * 1991-04-19 1993-01-26 Geza Medveczky System and apparatus for protecting computer software
US5343527A (en) * 1993-10-27 1994-08-30 International Business Machines Corporation Hybrid encryption method and system for protecting reusable software components
AU1485695A (en) * 1994-04-25 1995-11-02 International Business Machines Corporation Method and apparatus for enabling trial period use of software products: method and apparatus for allowing a try-and-buy user interaction
EP0679978A1 (en) * 1994-04-25 1995-11-02 International Business Machines Corporation Method and apparatus enabling software trial using a decryption stub

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2762111A1 (en) * 1997-04-09 1998-10-16 Telediffusion Fse Protection of computer file against illicit copying and use
EP1000400A1 (en) * 1997-06-17 2000-05-17 Purdue Pharma LP Self-destructing document and e-mail messaging system
EP1000400A4 (en) * 1997-06-17 2005-04-06 Purdue Pharma Lp Self-destructing document and e-mail messaging system
US6453304B1 (en) * 1997-12-15 2002-09-17 Hitachi, Ltd. Digital information recording apparatus for recording digital information
US6898578B2 (en) 1997-12-15 2005-05-24 Hitachi, Ltd. Recording apparatus for recording digital information
US7120763B1 (en) 1998-08-19 2006-10-10 Siemens Aktiengesellschaft Method, array and set of several arrays for protecting several programs and/or files from unauthorized access by a process
WO2000011551A1 (en) * 1998-08-19 2000-03-02 Siemens Aktiengesellschaft Method, array and set of several arrays for protecting several programs and/or files from unauthorized access by a process
WO2000036526A1 (en) * 1998-12-16 2000-06-22 Kent Ridge Digital Labs A method of processing digital material
DE19932769A1 (en) * 1999-07-14 2001-03-08 Roellgen Bernd Cryptographic method that can be changed during runtime
US7098908B2 (en) 2000-10-30 2006-08-29 Landmark Graphics Corporation System and method for analyzing and imaging three-dimensional volume data sets
WO2007017856A1 (en) * 2005-08-06 2007-02-15 Secured Dimensions Ltd. Method for preventing software reverse engineering, unauthorized modification, and runtime data interception
US8352929B2 (en) 2005-08-06 2013-01-08 Microsoft Corporation Method for preventing software reverse engineering, unauthorized modification, and runtime data interception
US8938727B2 (en) 2005-08-06 2015-01-20 Microsoft Corporation Method for preventing software reverse engineering, unauthorized modification, and runtime data interception
EP2357585A3 (en) * 2010-02-12 2013-01-02 Samsung Electronics Co., Ltd. User terminal, server and controlling method thereof
US9547757B2 (en) 2010-02-12 2017-01-17 Samsung Electronics Co., Ltd User terminal, server and controlling method thereof
CN110036279A (en) * 2016-12-06 2019-07-19 三菱电机株式会社 Check device and inspection method

Also Published As

Publication number Publication date
AUPN002594A0 (en) 1995-01-12

Similar Documents

Publication Publication Date Title
US6643775B1 (en) Use of code obfuscation to inhibit generation of non-use-restricted versions of copy protected software applications
JP4688805B2 (en) Processor control with code obfuscation and emulation
US6334189B1 (en) Use of pseudocode to protect software from unauthorized use
US6141698A (en) Method and system for injecting new code into existing application code
US8806428B1 (en) Deploying and distributing of applications and software components
US7188241B2 (en) Protecting software from unauthorized use by applying machine-dependent modifications to code modules
CA2415334C (en) System for persistently encrypting critical software data to control operation of an executable software program
JP5460699B2 (en) System and method for generating a white-box implementation of a software application
US8352929B2 (en) Method for preventing software reverse engineering, unauthorized modification, and runtime data interception
JP4770425B2 (en) Program, method and apparatus for creating protected execution program
EP1943607B1 (en) Program executable image encryption
US5530752A (en) Systems and methods for protecting software from unlicensed copying and use
US6694435B2 (en) Method of obfuscating computer instruction streams
US6820200B2 (en) Information processing apparatus and method and recording medium
WO1999063707A1 (en) Method of controlling usage of software components
JP2001134337A (en) Deciphering compiler
WO1996018951A1 (en) Methods and apparatus for protection of executable programs, libraries and data
JP2006318464A (en) Method for creating unique identification for copying of executable code, and its management
JP2006318465A (en) Method for creating unique identification for copying of executable code, and its management
JP2002132364A (en) Method for protecting program from internal analysis, computer readable recording medium and program distribution method
AU695468B2 (en) Methods and apparatus for protection of executable programs, libraries and data
JP4147472B2 (en) Computer program editing system and method
KR100348027B1 (en) Modification prevention system of program cooperated with operating system and compiler and method thereof
EP1280148A2 (en) Compilation technique and data distribution system using the same
KR20200017120A (en) Method and system for protecting code using code spraying

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU BB BG BR BY CA CH CN CZ DE DK EE ES FI GB GE HU IS JP KE KG KP KR KZ LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK TJ TM TT UA UG US UZ VN

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): KE LS MW SD SZ UG AT BE CH DE DK ES FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase