Purpose: Invalidity Analysis


Patent: US7162735B2
Filed: 2000-07-18
Issued: 2007-01-09
Patent Holder: (Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp
Inventor(s): John Aram Safa

Title: Digital data protection arrangement

Abstract: When software is initially loaded to RAM 20 , an engine 30 A is installed at the beginning of an otherwise empty area of RAM 20 . When the protected application is called, the engine first creates a series of steps (FIG. 3 D), including a CALL command to a protection block 38 . On reaching the call 36 , the protection block 38 is executed, to complete various security checks. If these are successful, step 2 is created and written over the call 36 so that execution of steps 2 and 3 can continue as normal. Consequently, the protected software (steps 1, 2 and 3 ) is not exposed to scrutiny unless the security checks have successfully been completed.



Disclaimer: The promise of Apex Standards Pseudo Claim Charting (PCC) [ Request Form ] is not to replace expert opinion but to provide due diligence and transparency prior to high precision charting. PCC conducts aggressive mapping (based on Broadest Reasonable, Ordinary or Customary Interpretation and Multilingual Translation) between a target patent's claim elements and other documents (potential technical standard specification or prior arts in the same or across different jurisdictions), therefore allowing for a top-down, apriori evaluation, with which, stakeholders can assess standard essentiality (potential strengths) or invalidity (potential weaknesses) quickly and effectively before making complex, high-value decisions. PCC is designed to relieve initial burden of proof via an exhaustive listing of contextual semantic mapping as potential building blocks towards a litigation-ready work product. Stakeholders may then use the mapping to modify upon shortlisted PCC or identify other relevant materials in order to formulate strategy and achieve further purposes.

Click on references to view corresponding claim charts.


Non-Patent Literature        WIPO Prior Art        EP Prior Art        US Prior Art        CN Prior Art        JP Prior Art        KR Prior Art

GroundReferencesOwner of the ReferenceTitleSemantic MappingChallenged Claims
1234567891011121314151617181920212223242526272829303233343637383940
1

SECURITY AND WATERMARKING OF MULTIMEDIA CONTENTS. 3657: 472-483 1999

(Gilmont, 1999)		Université catholique de LouvainAn Architecture Of Security Management Unit For Safe Hosting Of Multiple Agents Computer software, computer software hardware support, smart card
executable code, executable conversion code security level
XXXXXXXXXXXXXXX
2

IEEE TRANSACTIONS ON INFORMATION THEORY. 44 (5): 1897-1905 SEP 1998

(Boneh, 1998)		Stanford University, Princeton UniversityCollusion-secure Fingerprinting For Digital Data processing means printing solution
digital data digital data
XXXXXXXXXXXX
3

IEEE TRANSACTIONS ON IMAGE PROCESSING. 6 (12): 1673-1687 DEC 1997

(Cox, 1997)		Massachusetts Institute of Technology, Intertrust STAR Lab, NEC Research InstituteSecure Spread Spectrum Watermarking For Multimedia digital data, digital protection digital conversion
security code, converting code watermark detector
embedding location digital watermark
XXXXXXXXXXXXXXXXXXXXXX
4

ADVANCES IN CRYPTOLOGY - EUROCRYPT 96. 1070: 84-95 1996

(Pfitzmann, 1996)		Universität HildesheimAsymmetric Fingerprinting respective target block illegal copying
digital data digital data
XXXXXXXXXXXX
5

ADVANCES IN CRYPTOLOGY - CRYPTO 95. 963: 452-465 1995

(Boneh, 1995)		Princeton UniversityCollusion-secure Fingerprinting For Digital Data processing means printing solution
digital data digital data
XXXXXXXXXXXX
6

IEE PROCEEDINGS-E COMPUTERS AND DIGITAL TECHNIQUES. 139 (2): 139-143 MAR 1992

(Harn, 1992)		University of MissouriINTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL security code user authentication, public key
respective target, respective call instruction different modules
computer system computer system
XXXXXXXXXXXXXXXXXX
7

GB2330932A

(Alan E Beelitz, 1999)		(Original Assignee) Dell USA LP     

(Current Assignee) Dell USA LP 		Method and system for preventing unauthorized access to a computer program security code unauthorized access
Computer software computer program
computer system computer system
XXXXXXXXXXXXXXXXXX
8

US6052780A

(John J. Glover, 2000)		(Original Assignee) Open Security Solutions LLC     

(Current Assignee) RPX Corp ; Open Security Solutions LLC 		Computer system and process for accessing an encrypted and self-decrypting digital information product while restricting access to decrypted digital information executable instructions, executable instruction memory location
executable form, Computer software program product
computer system computer system, readable data
data file data file
XXXXXXXXXXXXXXXXXXX
9

US5995623A

(Kenji Kawano, 1999)		(Original Assignee) Fuji Xerox Co Ltd     

(Current Assignee) Fuji Xerox Co Ltd 		Information processing apparatus with a software protecting function processing means processing means
conversion key encrypting data, function value
CRC algorithm encryption unit
digital protection said selection
XXXXXX
10

US6006328A

(Christopher Nathan Drake, 1999)		(Original Assignee) Christopher N. Drake     Computer software authentication, protection, and security system subsequent execution computer operating system
conversion key, respective conversion key cryptographic process
embedding location watermark information
memory means other input device
processing means visual resolution
Computer software, executable form computer program, program product
executable code, executable instructions executable code, child processes
second item object movement
computer system computer system
executable conversion operation code
remaining call instructions stack pointer
first part moving parts
XXXXXXXXXXXXXXXXXXXXXXXXX
11

EP0768601A1

(Takayuki Hirotani, 1997)		(Original Assignee) Casio Computer Co Ltd     

(Current Assignee) Casio Computer Co Ltd 		Device for executing enciphered program Computer software inputting means
memory means memory means
XXXX
12

EP0727746A2

(Ryota C/O Fujitsu Limited Akiyama, 1996)		(Original Assignee) Fujitsu Ltd     

(Current Assignee) Fujitsu Ltd 		Method and system for encoding and decoding software memory location specified number
security code key information
digital protection said selection
XXXXXXXXXXX
13

US5081675A

(Kitti Kittirutsunetorn, 1992)		(Original Assignee) Kitti Kittirutsunetorn     System for protection of software in memory against unauthorized use digital protection stored information
memory means different address
memory location, decryption instructions memory location, accessible memory
executable conversion address signals
computer system computer system
data file second address
Computer software address space
relocation code said memory
XXXXXXXXXXXXXXXXXXXXX
14

US4888802A

(Henry G. Cooney, 1989)		(Original Assignee) NCR Corp     

(Current Assignee) NCR Corp 		System and method for providing for secure encryptor key management executable instruction, call instruction executing instructions
conversion key, respective conversion key encryption keys
second part first area
XXXXXXXXXXX
15

GB2140592A

(Cecil Herts Kaplinsky, 1984)		(Original Assignee) Koninklijke Philips NV     

(Current Assignee) Koninklijke Philips NV 		Memory unit comprising a memory and a protection unit digital data, digital protection Data processing system
executable conversion address signals
data file second address
one order command signal
data carrier chip surface
relocation code said memory
XXXXXXXXXXXXXXXXX
16

US4847902A

(Bradford E. Hampson, 1989)		(Original Assignee) Prime Computer Inc     

(Current Assignee) Bankers Trust Co 		Digital computer system for executing encrypted programs call instructions received instruction
computer system comprising memory said instructions
processing means processing means
computer system computer system
memory means memory means
relocation code said memory
XXXXXXXXXXXXXX
17

US4525599A

(Kevin G. Curran, 1985)		(Original Assignee) General Computer Corp     

(Current Assignee) GCC Technologies Inc 		Software protection methods and apparatus computer software computer software
Computer software computer program
computer system computer system
conversion key visual format
respective call instruction reset signal
relocation code said memory
XXXXXXXXXXXXXXXXX
18

WO9964973A1

(Christian Sven Collberg, 1999)		(Original Assignee) Auckland Uniservices Limited     Software watermarking techniques Computer software computer program
executable code, executable conversion code executable code, prime factor
XXXXXXXXXXXX
19

WO9912350A1

(Mary M. Guido, 1999)		(Original Assignee) Guido Mary M; Guido Margaret A     Method and apparatus for transmitting motion picture cinematic information for viewing in movie theaters Computer software second computer
first part first inverse
security code security code
XXXXXXXXXXXX
20

US5956710A

(Yuval Yarom, 1999)		(Original Assignee) Memco Software Ltd     

(Current Assignee) CA Software Israel Ltd 		Apparatus for and method of providing user exits on an operating system platform Computer software associated data
data file coupled thereto
memory means, memory location writing data
relocation code said memory
XXXXXXXXX
21

WO9901815A1

(Christian Sven Collberg, 1999)		(Original Assignee) Intertrust, Incorporated     Obfuscation techniques for enhancing software security Computer software computer program
relocation code more source
XXXXXX
22

WO9837481A1

(Edwin J. Hall, 1998)		(Original Assignee) Intertrust Technologies Corp.     Techniques for defining, using and manipulating rights management data structures memory means electronic appliance
executable form presented object
second part following steps
XXXXXXXX
23

US6044155A

(Matthew W. Thomlinson, 2000)		(Original Assignee) Microsoft Corp     

(Current Assignee) Microsoft Technology Licensing LLC 		Method and system for securely archiving core data secrets security code unauthorized access
call instructions, remaining call instructions authenticated user
second part following steps
respective call, respective call instruction current user
second item data items
XXXXXXXXXXX
24

US5991399A

(Gary L. Graunke, 1999)		(Original Assignee) Intel Corp     

(Current Assignee) Honeyman Cipher Solutions LLC 		Method for securely distributing a conditional use private key to a trusted entity on a remote system computer software machine readable medium
Computer software readable instructions
processor means processing unit
XXXXX
25

US5970145A

(Charles E. McManis, 1999)		(Original Assignee) Sun Microsystems Inc     

(Current Assignee) Sun Microsystems Inc 		System and method for protecting use of dynamically linked executable modules executable form, Computer software program product
computer system computer system
security means operable to detect corruption procedure calls
XXXXXXXXXXXXXX
26

US6085249A

(Wu Wang, 2000)		(Original Assignee) Pictra Inc     

(Current Assignee) KDL Scan Designs LLC ; Deep River Systems LLC ; Hanger Solutions LLC 		Method and apparatuses for transferring data for multiple applications through a single communication link in response to authentication information executable code executable code
Computer software client computer
XXXXXXXXXX
27

US5966541A

(Anant Agarwal, 1999)		(Original Assignee) Incert Software Corp     

(Current Assignee) NortonLifeLock Inc ; Incert Software Corp 		Test protection, and repair through binary-code augmentation digital data control point
respective call, call instructions phone number
data carrier n value
XXXXXXXXXXXX
28

US6078909A

(James Irwin Knutson, 2000)		(Original Assignee) International Business Machines Corp     

(Current Assignee) Google LLC 		Method and apparatus for licensing computer programs using a DSA signature Computer software, executable form computer program, program product
computer system computer system
security code public key
XXXXXXXXXXXXXXXXXXXXXX
29

US6070239A

(Charles E. McManis, 2000)		(Original Assignee) Sun Microsystems Inc     

(Current Assignee) Sun Microsystems Inc 		System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources Computer software, executable form computer program, program product
computer system computer system
decryption instructions security logic
XXXXXXXXXXXXXXX
30

US5933498A

(Paul B. Schneck, 1999)		(Original Assignee) MRJ Inc     

(Current Assignee) Hanger Solutions LLC 		System for controlling access and distribution of digital property CRC algorithm tamper detection
computer system computer system
digital data digital data
security code user access
XXXXXXXXXXXXXXXXXXXXX
31

US6003117A

(Mark Leonard Buer, 1999)		(Original Assignee) Philips Semiconductors Inc     

(Current Assignee) III Holdings 6 LLC 		Secure memory management unit which utilizes a system processor to perform page swapping respective target, computer system monitoring data
second part following steps
XXXXXXXXXX
32

JP2980576B2

(茂 兼本, 1999)		(Original Assignee) 株式会社東芝     物理乱数発生装置及び方法並びに物理乱数記録媒体 executable conversion, respective conversion 変換手段
decryption instructions 暗号化
XXXXXX
33

US5949885A

(F. Thomson Leighton, 1999)		(Original Assignee) Leighton; F. Thomson     Method for protecting content using watermarking executable conversion, executable conversion code predetermined extent
remaining call instructions method operative
respective target block subsequent time
data carrier given number
security means, security code illicit use
XXXXXXXXXXXXXXXXXXXX
34

WO9808323A1

(Jeffrey Hoffstein, 1998)		(Original Assignee) Ntru Cryptosystems, Inc.     Public key cryptosystem method and apparatus data carrier generating elements
digital protection arrangement identity matrix
one order said element
computer software, computer system mod p
XXXXXXXXXXXX
35

US5825890A

(Taher Elgamal, 1998)		(Original Assignee) Netscape Communications Corp     

(Current Assignee) Facebook Inc 		Secure socket layer application program apparatus and method Computer software, executable form computer program, program product
security code public key
data carrier containing software ion layer
XXXXXXXXXXXXXXXXXXXX
36

US6026235A

(Steven T. Shaughnessy, 2000)		(Original Assignee) Borland Software Corp     

(Current Assignee) Borland Software Corp 		System and methods for monitoring functions in natively compiled software programs respective conversion development system
call instructions, respective call call instructions, return address
comprising processing means operable to execute code function call
XXXX
37

WO9743761A2

(Victor H. Shear, 1997)		(Original Assignee) Intertrust Technologies Corp.     Cryptographic methods, apparatus and systems for storage media electronic rights management in closed and connected appliances conversion key, respective conversion key cryptographic keys
digital protection stored information
security code decryption engine
second part following steps
processor means processing unit
subsequent execution defining rules
target block digital camera
relocation code writing device
memory means high capacity
XXXXXXXXXXXXXXXXXXXX
38

US5815714A

(Avadhani Shridhar, 1998)		(Original Assignee) Hitachi America Ltd     

(Current Assignee) Hitachi America Ltd 		Embedded debug commands in a source file executable code, executable instructions disabling execution, object code
security means, processing means different language
computer system computer system
XXXXXXXXXXXXXXXXXXXXXXXXXX
39

WO9736239A1

(Sherman Lee, 1997)		(Original Assignee) Advanced Micro Devices, Inc.     Method and apparatus for encrypting and decrypting microprocessor serial numbers computer system computer system
processor means processing unit
relocation code said memory
XXXXXXXXXXXXX
40

US6059840A

(Cliff N. Click, 2000)		(Original Assignee) Motorola Solutions Inc     

(Current Assignee) NXP USA Inc 		Automatic scheduling of instructions to reduce code size executable form, Computer software program product
computer system computer system
first part fourth set
XXXXXXXXXXXXXX
41

US6044157A

(Yasushi Uesaka, 2000)		(Original Assignee) Panasonic Corp     

(Current Assignee) Panasonic Intellectual Property Corp 		Microprocessor suitable for reproducing AV data while protecting the AV data from illegal copy and image information processing system using the microprocessor call instruction call instruction
executable instructions, executable instruction memory location
first part control program
digital data digital data
relocation code said memory
XXXXXXXXXXXXXXXXXXXX
42

US6049875A

(Kaoru Suzuki, 2000)		(Original Assignee) Toshiba Corp     

(Current Assignee) Toshiba Corp 		Security apparatus and method Computer software readable instructions
conversion key security method
XXXX
43

US5933640A

(Jeremy Dion, 1999)		(Original Assignee) Digital Equipment Corp     

(Current Assignee) Hewlett Packard Enterprise Development LP 		Method for analyzing and presenting test execution flows of programs processor means control instructions
executable code executable code
security means operable to detect corruption procedure calls
XXXXXXXXXXX
44

US6044220A

(Mauricio Breternitz, 2000)		(Original Assignee) Motorola Solutions Inc     

(Current Assignee) NXP USA Inc 		Method and apparatus for operating a data processor to execute software written using a foreign instruction set computer software machine readable medium
Computer software readable instructions
processor means processing unit
XXXXX
45

US6029145A

(Robert Barritz, 2000)		(Original Assignee) Isogon Corp     

(Current Assignee) International Business Machines Corp 		Software license verification process and apparatus call instruction ordering information
computer system computer system
executable instructions main storage
relocation code said memory
XXXXXXXXXXXXXXX
46

US5963642A

(Benjamin D. Goldstein, 1999)		(Original Assignee) Goldstein; Benjamin D.     

(Current Assignee) LONG CORNER SECURITY LLC 		Method and apparatus for secure storage of data call instructions, decryption instructions performing operations
respective conversion obtaining data
executable form, executable conversion base command
XXXXXXXXXX
47

US6011908A

(Malcolm J. Wing, 2000)		(Original Assignee) Transmeta Inc     

(Current Assignee) Hanger Solutions LLC 		Gated store buffer for an advanced microprocessor executable instructions, call instructions first instruction
respective conversion, respective target logic circuitry
call instruction holding data
XXXXXXXXXXX
48

WO9733216A1

(Harold Joseph Johnson, 1997)		(Original Assignee) Northern Telecom Limited     Encoding technique for software and hardware start point predetermined points
digital data, data file determined order
digital protection arrangement comprising steps
second part following steps
executable code, executable conversion code security level
respective call, digital protection use one
XXXXXXXXXXXXXXXXXXX
49

US6064738A

(Jiri Fridrich, 2000)		(Original Assignee) Research Foundation of State University of New York     

(Current Assignee) Research Foundation of State University of New York 		Method for encrypting and decrypting data using chaotic maps conversion key encrypting data
memory means original value
digital data, digital data arrangement said elements
digital protection arrangement other element
first part said sub
XXXXXXXXXXXXXXX
50

EP0774714A2

(Partha P. Tirumalai, 1997)		(Original Assignee) Sun Microsystems Inc     

(Current Assignee) Sun Microsystems Inc 		Method and apparatus for instruction scheduling in an optimizing compiler for minimizing overhead instructions executable instructions executable instructions
processor means said first portion, processing unit
Computer software, executable form computer program, program product
computer system computer system
conversion code, comprising processing means operable to execute code clock cycle
computer memory device containing computer software, data carrier containing software back end
XXXXXXXXXXXXXXXX
51

US6023506A

(Ichiro Ote, 2000)		(Original Assignee) Hitachi Ltd     

(Current Assignee) Hitachi Ltd 		Data encryption control apparatus and method Computer software computer program
detects corruption encrypted files
security code user access
data file data file
XXXXXXXXXXXX
52

US6038320A

(Phillip R. Miller, 2000)		(Original Assignee) Intel Corp     

(Current Assignee) Mineral Lassen LLC 		Computer security key computer system computer system
processor means processing unit
XXXXXXXXX
53

US5892900A

(Karl L. Ginter, 1999)		(Original Assignee) Intertrust Technologies Corp     

(Current Assignee) Intertrust Technologies Corp 		Systems and methods for secure transaction management and electronic rights protection respective target block, respective target synchronization circuit, more operation
security code unauthorized access, decryption engine
digital data arrangement comprising executable code different security
digital protection control circuitry, said selection
processing means transmits signals
memory means, computer system comprising memory bus interface, interrupt signal
data file, one order Ethernet network, said signals
conversion key, respective conversion key encryption keys, certain portion
second item remote device
call instruction time values
XXXXXXXXXXXXXXXXXXXXXXXX
54

US5943422A

(David M. Van Wie, 1999)		(Original Assignee) Intertrust Technologies Corp     

(Current Assignee) Intertrust Technologies Corp 		Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels executable instructions, executable conversion information comprises information
memory means electronic appliance
processor means, security means said first portion, removable memory
memory location specified number
second part following steps
digital protection said selection
first part said organ
digital data said time
XXXXXXXXXXXXXXXXX
55

US6075862A

(Hideki Yoshida, 2000)		(Original Assignee) Toshiba Corp     

(Current Assignee) Toshiba Corp 		Decryption key management scheme for software distribution system processing means rolling operation
Computer software second computer
XXX
56

WO9706637A1

(Vincenzo Gulla', 1997)		(Original Assignee) SIP - SOCIETA' ITALIANA PER L'ESERCIZIO DELLE TELECOMINICAZIONI P.A. doing business as TELECOM ITALIA S.P.A.     High definition tv motion picture distribution network processing means following operations
target block, respective target block electric signal
call instruction received signal
processor means control unit
XXXXXXXXX
57

US5970143A

(Bruce Schneier, 1999)		(Original Assignee) Walker Asset Management LP     

(Current Assignee) Inventor Holdings LLC 		Remote-auditing of computer generated outcomes, authenticated billing and access control, and software metering system using cryptographic and other protocols conversion key, respective conversion key cryptographic process
security means, security code identity information, key information
Computer software computer program
one order metering means
second item remote device
XXXXXXXXXXXXXXXX
58

US6031992A

(Robert F. Cmelik, 2000)		(Original Assignee) Transmeta Inc     

(Current Assignee) Intellectual Ventures Holding 81 LLC 		Combining hardware and software to provide an improved microprocessor executable instruction, call instruction executing instructions
computer software application programs
executable instructions, call instructions first instruction, additional steps
XXXXXXXXXXXXXXX
59

US5794230A

(Peter H. Horadan, 1998)		(Original Assignee) Microsoft Corp     

(Current Assignee) Microsoft Technology Licensing LLC 		Method and system for creating and searching directories on a server computer system computer system
relocation code said memory
XXXXXXXXXXXX
60

US5892899A

(David Aucsmith, 1999)		(Original Assignee) Intel Corp     

(Current Assignee) Intel Corp 		Tamper resistant methods and apparatus computer software, computer memory device machine readable storage medium, second application
executable instructions, decryption instructions fourth programming, third programming
memory means second pluralities
protection software system integrity
comprising processing means operable to execute code function call
XXXXXXXXXXXXXXX
61

US5754647A

(Jerry Hsu, 1998)		(Original Assignee) United Microelectronics Corp     

(Current Assignee) United Microelectronics Corp 		Software protection apparatus and the method of protection utilizing read-write memory means having inconsistent input and output data digital protection arrangement output control means
security code unauthorized access
call instructions, decryption instructions received software
computer software providing output
respective call instruction reset signal
memory means memory means
XXXXXXXXXXXXXXXXX
62

US6088452A

(Harold Joseph Johnson, 2000)		(Original Assignee) Northern Telecom Ltd     

(Current Assignee) Nortel Networks Ltd 		Encoding technique for software and hardware computer software machine readable medium
start point predetermined points
digital data, data file determined order
digital protection arrangement comprising steps
second part following steps
executable code, executable conversion code security level
respective call, digital protection use one
XXXXXXXXXXXXXXXXXXXXX
63

US5790664A

(Christopher D. Coley, 1998)		(Original Assignee) Network Engr Software Inc     

(Current Assignee) GraphOn Corp 		Automated system for management of licensed software computer memory device, computer memory device containing computer software management system
second part following steps
Computer software client computer
computer system computer system
computer software lower level
XXXXXXXXXXX
64

US5708709A

(John R. Rose, 1998)		(Original Assignee) Sun Microsystems Inc     

(Current Assignee) Oracle America Inc 		System and method for managing try-and-buy usage of application programs computer system distributed computer system
computer memory device, computer memory device containing computer software management system
Computer software client computer
security code public key
XXXXXXXXXXXXXXXXXXX
65

US6067575A

(Charles E. McManis, 2000)		(Original Assignee) Sun Microsystems Inc     

(Current Assignee) Oracle America Inc 		System and method for generating trusted, architecture specific, compiled versions of architecture neutral programs Computer software, executable form computer program, program product
conversion key, respective conversion key encryption keys
computer system computer system
XXXXXXXXXX
66

EP0715246A1

(Mark J. Stefik, 1996)		(Original Assignee) Xerox Corp     

(Current Assignee) Contentguard Holdings Inc 		System for controlling the distribution and use of composite digital works processing means, one order said second part, said first part
digital data digital data
XXXXXXXXXXXX
67

EP0715247A1

(Mark J. Stefik, 1996)		(Original Assignee) Xerox Corp     

(Current Assignee) Contentguard Holdings Inc 		System for controlling the distribution and use of digital works using digital tickets one order said predetermined number
executable code, executable form particular instance
processing means processing means
XXXXXXXXXXXXXX
68

US5638445A

(Jeffrey F. Spelman, 1997)		(Original Assignee) Microsoft Corp     

(Current Assignee) Microsoft Technology Licensing LLC 		Blind encryption computer system comprising memory, computer memory device containing computer software first private key, first public key
CRC algorithm mod N
XXX
69

US5721781A

(Vinay Deo, 1998)		(Original Assignee) Microsoft Corp     

(Current Assignee) Microsoft Technology Licensing LLC 		Authentication system and method for smart card transactions executable instructions executable instructions
digital data arrangement comprising executable code different security
digital data, respective call multiple security
call instructions additional steps
second part following steps
memory means monetary value
security code public key
XXXXXXXXXXXXXXXX
70

US5745879A

(Robert M. Wyman, 1998)		(Original Assignee) Digital Equipment Corp     

(Current Assignee) Hewlett Packard Development Co LP 		Method and system for managing execution of licensed programs computer system distributed computer system
executable conversion computing environment
respective call, respective call instruction application context
Computer software computer program
subsequent execution end time
XXXXXXXXXXXXXX
71

US5671412A

(Matt Christiano, 1997)		(Original Assignee) Globetrotter Software Inc     

(Current Assignee) Flexera Software LLC 		License management system for software applications computer memory device, computer memory device containing computer software management system
digital protection arrangement comprising steps
XX
72

US5673315A

(Timothy J. Wolf, 1997)		(Original Assignee) International Business Machines Corp     

(Current Assignee) International Business Machines Corp 		Method and system for software asset usage detection and management subsequent execution computer operating system
computer memory device, computer memory device containing computer software management system
computer software computer software
relocation code said memory
first part said sub
respective target block d line
XXXXXXXXXXX
73

US5592549A

(Robert Nagel, 1997)		(Original Assignee) Infosafe Systems Inc     

(Current Assignee) HARMONY LOGIC SYSTEMS LLC 		Method and apparatus for retrieving selected information from a secure information source conversion key decryption device
respective conversion, respective conversion key retrieval device
memory means, start point control device
XXXXXX
74

US5671275A

(Hiroshi Ezuriko, 1997)		(Original Assignee) NEC Corp     

(Current Assignee) NEC Corp 		Protection of software programs stored in read-only memory from unauthorized access security code unauthorized access
executable conversion address signals
XXXXXXXXXXX
75

JPH08305558A

(Takayuki Hiroya, 1996)		(Original Assignee) Casio Comput Co Ltd; カシオ計算機株式会社     暗号化プログラム演算装置 conversion code, converting code の読出し
subsequent execution 実行時
computer memory device 書込み
decryption instructions 暗号化
XXXXXXXX
76

US5675645A

(Edward L. Schwartz, 1997)		(Original Assignee) Ricoh Co Ltd; Ricoh Americas Corp     

(Current Assignee) Ricoh Co Ltd ; Ricoh Americas Corp 		Method and apparatus for securing executable programs against copying conversion code branch instructions
executable instructions, executable instruction memory location
computer system computer system
target block locking means
XXXXXXXXXXXXXXXXXX
77

EP0679979A1

(Thomas Edward Cooper, 1995)		(Original Assignee) International Business Machines Corp     

(Current Assignee) International Business Machines Corp 		Method and apparatus enabling software trial with a try-and-buy user interaction decryption instructions accessible memory
memory location access key
XXXX
78

EP0679977A1

(Thomas Edward Cooper, 1995)		(Original Assignee) International Business Machines Corp     

(Current Assignee) International Business Machines Corp 		Method and apparatus enabling software trial allowing the distribution of software objects computer system computer system
detects corruption encrypted files
XXXXXXXXXX
79

EP0679978A1

(Thomas Edward Cooper, 1995)		(Original Assignee) International Business Machines Corp     

(Current Assignee) International Business Machines Corp 		Method and apparatus enabling software trial using a decryption stub decryption instructions accessible memory
executable code executable code
memory means memory means
XXXXXXXXXXXXX
80

US5696823A

(Matthew A. Blaze, 1997)		(Original Assignee) Nokia of America Corp     

(Current Assignee) Nokia of America Corp 		High-bandwidth encryption system with low-bandwidth cryptographic modules conversion key encrypting data
first part said sub
XXXX
81

US5625692A

(Amir Herzberg, 1997)		(Original Assignee) International Business Machines Corp     

(Current Assignee) International Business Machines Corp 		Method and system for a public key cryptosystem having proactive, robust, and recoverable distributed threshold secret sharing processing means, one order said second part, said first part
second part second parts
security means secret value
security code public key
first part said sub
XXXXXXXXXXXXXXXX
82

US5532920A

(Thomas V. Hartrick, 1996)		(Original Assignee) International Business Machines Corp     

(Current Assignee) International Business Machines Corp 		Data processing system and method to enforce payment of royalties when copying softcopy books first part document identity
digital protection arrangement comprising steps
memory means memory means
relocation code said memory
security code public key
XXXXXXXXXXXXX
83

US5654746A

(Jay C. McMullan, 1997)		(Original Assignee) Scientific Atlanta LLC     

(Current Assignee) Cisco Technology Inc 		Secure authorization and control method and apparatus for a game delivery service memory location remote locations
decryption instructions program content
digital data, digital protection said signal
relocation code said memory
XXXXXXXXXXXXXXXXXX
84

US5629980A

(Mark J. Stefik, 1997)		(Original Assignee) Xerox Corp     

(Current Assignee) Contentguard Holdings Inc 		System for controlling the distribution and use of digital works conversion key audio playback
security means first session
computer software storing code
memory means memory means
relocation code said memory
XXXXXXXXXXXXX
85

US5638443A

(Mark J. Stefik, 1997)		(Original Assignee) Xerox Corp     

(Current Assignee) ContentGuard Holdings Inc 		System for controlling the distribution and use of composite digital works processing means, one order said second part, said first part
conversion key audio playback
digital data digital data
XXXXXXXXXXXXXX
86

US5615061A

(Jitendra K. Singh, 1997)		(Original Assignee) HP Inc     

(Current Assignee) HTC Corp 		Method of preventng software piracy by uniquely identifying the specific magnetic storage device the software is stored on computer system computer system
security means magnetic read
XXXXXXXXXXX
87

US5473692A

(Derek L. Davis, 1995)		(Original Assignee) Intel Corp     

(Current Assignee) Intel Corp ; Parker Hannifin Corp 		Roving software license for a hardware agent detects corruption cryptographic algorithm
security means authentication device
processor means, computer system processing unit, bus interface
relocation code said memory
security code public key
XXXXXXXXXXXXXXXXXXXXXX
88

US5557346A

(Steven B. Lipner, 1996)		(Original Assignee) Trusted Information Systems Inc     

(Current Assignee) McAfee LLC 		System and method for key escrow encryption processing means, one order said second part, said first part
Computer software, executable form computer program, program product
second part following steps
security means first session
call instructions combining i
security code public key
XXXXXXXXXXXXXXXXXXXX
89

US5511123A

(Carlisle M. Adams, 1996)		(Original Assignee) Northern Telecom Ltd     

(Current Assignee) Entrust Ltd 		Symmetric cryptographic system for data encryption data carrier containing software first transformation
digital protection arrangement comprising steps
XXXXXX
90

US5497423A

(Atsuko Miyaji, 1996)		(Original Assignee) Panasonic Corp     

(Current Assignee) Panasonic Corp 		Method of implementing elliptic curve cryptosystems in digital signatures or verification and privacy communication executable code, executable conversion code prime factor
security code public key
XXXXXXXXXXXXXXXXXX
91

US5524072A

(Isaac Labaton, 1996)		(Original Assignee) Enco Tone Ltd     

(Current Assignee) ENCO-TONE Ltd ; Enco Tone Ltd 		Methods and apparatus for data encryption and transmission remaining call instructions natural logarithmic function
conversion key confidential information
memory means writing circuit
XXXXXX
92

US5557675A

(Donald Schupak, 1996)		(Original Assignee) Schupak; Donald     Computer controlled audio-visual system data carrier containing software respective plurality
second part receiving audio
processor means processing unit
XXXXXXX
93

US5394469A

(Robert Nagel, 1995)		(Original Assignee) Infosafe Systems Inc     

(Current Assignee) HARMONY LOGIC SYSTEMS LLC 		Method and apparatus for retrieving secure information from mass storage media computer system computer system
data file second address
processor means control unit
relocation code said memory
XXXXXXXXXXXXXX
94

US5553143A

(Cliff D. Ross, 1996)		(Original Assignee) Micro Focus Software Inc     

(Current Assignee) RPX Corp 		Method and apparatus for electronic licensing processor means said first portion
second part following steps
Computer software second computer
relocation code said memory
XXXXXXXX
95

US5509074A

(Abhijit K. Choudhury, 1996)		(Original Assignee) AT&T Corp     

(Current Assignee) AT&T Corp 		Method of protecting electronically published materials using cryptographic protocols one order unique identification
computer system computer system
XXXXXXXXX
96

US5473687A

(Thomas H. Lipscomb, 1995)		(Original Assignee) Infosafe Systems Inc     

(Current Assignee) HARMONY LOGIC SYSTEMS LLC 		Method for retrieving secure information from a database digital protection stored information
executable conversion removable storage
XXX
97

US5625690A

(Alan D. Michel, 1997)		(Original Assignee) Nokia of America Corp     

(Current Assignee) AT&T Corp ; Nokia of America Corp 		Software pay per use system computer software computer software
Computer software computer program
executable instructions, executable instruction memory location
processor means processor means
respective call, call instructions phone number
relocation code said memory
XXXXXXXXXXXXXXXX
98

US5473690A

(Georges Grimonprez, 1995)		(Original Assignee) Gemplus Card International SA     

(Current Assignee) Gemplus SA 		Secured method for loading a plurality of applications into a microprocessor memory card executable instructions memory allocation
relocation code said memory
XXXXX
99

WO9407204A1

(Ric Bailier Richardson, 1994)		(Original Assignee) Uniloc (Singapore) Private Limited; Uniloc Corporation Pty Limited     System for software registration subsequent execution computer operating system, subsequent execution
security means security means
decryption instructions Digital data
XXXXXXXXX
100

US5544246A

(Richard Mandelbaum, 1996)		(Original Assignee) AT&T Corp     

(Current Assignee) AT&T Corp ; Nokia of America Corp 		Smartcard adapted for a plurality of service providers and for remote installation of same processing means, one order said second part
conversion key, respective conversion key encryption keys, random sequence
relocation code said memory
XXXXXXXXX
101

EP0583140A1

(Robert Charles Hartman, 1994)		(Original Assignee) International Business Machines Corp     

(Current Assignee) International Business Machines Corp 		System for seamless processing of encrypted and non-encrypted data and instructions conversion key encrypting data
security code public key
XXXXXXXXXXXX
102

US5416840A

(David A. Cane, 1995)		(Original Assignee) Phoenix Technologies Ltd     

(Current Assignee) Kinglite Holdings Inc 		Software catalog encoding method and system security code unauthorized access
conversion key decryption device
Computer software computer program
converting code third storage
XXXXXXXXXXXXXX
103

JPH06112937A

(Jr Robert C Hartman, 1994)		(Original Assignee) Internatl Business Mach Corp <Ibm>; インターナショナル・ビジネス・マシーンズ・コーポレイション     データ処理システム及び方法 executable instructions, computer memory device プロセッサ, の命令
one order システム
respective target の処理
XXXXXXXXXXXXX
104

US5325433A

(Naoya Torii, 1994)		(Original Assignee) Fujitsu Ltd     

(Current Assignee) Fujitsu Ltd 		Encryption communication system decryption instructions encryption processing
processing means processing means
Computer software second computer
security code key information
processor means control unit
XXXXXXXXXXXXXXX
105

US5933497A

(Robert Carl Beetcher, 1999)		(Original Assignee) International Business Machines Corp     

(Current Assignee) International Business Machines Corp 		Apparatus and method for controlling access to software embedding location separate locations
executable form, Computer software program product
XXXXXXXX
106

US5509070A

(Jonathan Schull, 1996)		(Original Assignee) SoftLock Services Inc     

(Current Assignee) ST PATENT HOLDINGS LLC ; SL Patent Holdings LLC 		Method for encouraging purchase of executable and non-executable software decryption instructions hardware changes
first part said three
XXXXX
107

US5579222A

(Jeffrey E. Bains, 1996)		(Original Assignee) Intergraph Corp     

(Current Assignee) Uniloc Luxembourg SA 		Distributed license administration system using a local policy server to communicate with a license server and control execution of computer programs executable instruction include instructions
memory means when load
XXXX
108

WO9311480A1

(Jeffrey E. Bains, 1993)		(Original Assignee) Intergraph Corporation     System and method for network license administration executable instruction include instructions
memory means when load
XXXX
109

US5287408A

(Peter R. Samson, 1994)		(Original Assignee) Autodesk Inc     

(Current Assignee) Autodesk Inc 		Apparatus and method for serializing and validating copies of computer software computer system computer system
relocation code error signal
XXXXXXXXXXXX
110

US5361359A

(Homayoon Tajalli, 1994)		(Original Assignee) Trusted Information Systems Inc     

(Current Assignee) McAfee LLC 		System and method for controlling the use of a computer computer software application programs
call instructions user mode
XXXXX
111

US5357573A

(Kenn D. Walters, 1994)		(Original Assignee) Intelligent Solution Services GmbH     

(Current Assignee) Intelligent Solution Services GmbH 		Memory card computer software application programs
computer system computer system
memory means, start point control device
XXXXXXXXXXX
112

US5276311A

(Hartmut Hennige, 1994)		(Original Assignee) Hartmut Hennige     

(Current Assignee) E-PASS TECHNOLOGIES Inc 		Method and device for simplifying the use of a plurality of credit cards, or the like first part selective operation
processing means processing means
digital protection said selection
data carrier data carrier
computer system, computer system comprising memory stored data
XXXXXXXXXX
113

US5410703A

(Rickard Nilsson, 1995)		(Original Assignee) Telefonaktiebolaget LM Ericsson AB     

(Current Assignee) Telefonaktiebolaget LM Ericsson AB 		System for changing software during computer operation protection software second software application
computer software second application
executable instructions software module
computer system comprising memory first means
XXXXX
114

US5359659A

(Doren Rosenthal, 1994)		(Original Assignee) Doren Rosenthal     Method for securing software against corruption by computer viruses CRC algorithm cyclic redundancy check
respective call system comprising one
computer system computer system
memory location more storage
XXXXXXXXXXX
115

US5166886A

(Charles E. Molnar, 1992)		(Original Assignee) Molnar Charles E; Backus Alan L     System to demonstrate and sell computer programs processor means memory cartridge
Computer software one computer
second item way media
XXX
116

US5220606A

(Harold Greenberg, 1993)		(Original Assignee) Harold Greenberg     Cryptographic system and method call instructions additional steps
conversion code said converter
decryption instructions, converting code encoded form
computer software, computer system mod p
XXXXXXX
117

US5222133A

(Wayne W. Chou, 1993)		(Original Assignee) Wayne W. Chou; Richard Erett     

(Current Assignee) SafeNet Inc 		Method of protecting computer software from unauthorized execution using multiple keys computer software computer software
Computer software hardware devices
XXXX
118

US5140634A

(Louis C. Guillou, 1992)		(Original Assignee) US Philips Corp     

(Current Assignee) SA TELEDIFFUSION DE FRANCE 10 RUE D'ORADOUR-SUR-GHANE ; Orange SA ; US Philips Corp 		Method and apparatus for authenticating accreditations and for authenticating and signing messages digital protection authentication operation
processing means following operations, processing means
second part following steps
executable code, executable conversion code prime factor
memory means, memory location smart card
XXXXXXXXXXXX
119

US5414850A

(Douglas L. Whiting, 1995)		(Original Assignee) Stac Electronics Inc     

(Current Assignee) HI/FN Inc 		System for transparently compressing data files in a computer system processor means said first portion
computer system computer system
data file more files, data file
XXXXXXXXXX
120

JPH0520197A

(Katsuaki Takagi, 1993)		(Original Assignee) Hitachi Ltd; 株式会社日立製作所     記憶管理システム及びマイクロプロセツサ Computer software, computer software ハードウェア, プロセッサ
one order システム
XXXXXXXXXXXXXXXXX
121

US5182770A

(Geza Medveczky, 1993)		(Original Assignee) Geza Medveczky; Kelvin Lunsford     

(Current Assignee) Nationsbank of Texas NA 		System and apparatus for protecting computer software computer software application programs, dedicated processor
security code unauthorized access, public key
Computer software computer program
processor means, security means processor means, key system
data carrier n value
XXXXXXXXXXXXXXXXXXXXX
122

US5222134A

(David P. Waite, 1993)		(Original Assignee) Tau Systems Corp     

(Current Assignee) BETANET LLC 		Secure system for activating personal computer software at remote locations CRC algorithm cyclic redundancy check
computer memory device, computer system electronic data
first part control program
XXXXXXXXXXX
123

US5148534A

(Laim D. Comerford, 1992)		(Original Assignee) International Business Machines Corp     

(Current Assignee) Cisco Technology Inc 		Hardware cartridge representing verifiable, use-once authorization respective conversion corresponding pairs
digital protection stored information, said selection
computer memory device, computer memory device containing computer software storage elements
computer software data subsets
one order said signals
computer system comprising memory first means
respective call later time
first part said sub
XXXXXXXX
124

US5191611A

(Gerald S. Lang, 1993)		(Original Assignee) Lang Gerald S     

(Current Assignee) LANRALD DATA MGMT NV LLC 		Method and apparatus for protecting material on storage media and for transferring material on storage media to various recipients computer system computer system
Computer software one computer
memory location more storage
security code user access
XXXXXXXXXXXXXXXX
125

US5491804A

(Chester A. Heath, 1996)		(Original Assignee) International Business Machines Corp     

(Current Assignee) International Business Machines Corp 		Method and apparatus for automatic initialization of pluggable option cards relocation code source information
digital protection arrangement, digital data protection arrangement system parameter
executable instructions, executable instruction memory location
Computer software address space
computer system comprising memory first means
XXXXXXXXXXXXXXXXXXX
126

US5050213A

(Victor H. Shear, 1991)		(Original Assignee) Electronic Publishing Resources Inc     

(Current Assignee) Electronic Publishing Resources Inc 		Database usage metering and protection system and method relocation code identifying portions
executable form communicating means, restricting means
security code unauthorized access, user access
processor means processor means
one order metering means, said signals
computer system, computer system comprising memory stored data, reading device
digital data digital data
memory means memory means
XXXXXXXXXXXXXXXXXXXXXXXXXX
127

US5027396A

(Dale T. Platteter, 1991)		(Original Assignee) Xerox Corp     

(Current Assignee) Xerox Corp 		Execution protection for floppy disks start point starting position
executable conversion image processing
memory means, memory location writing data
relocation code error signal
data file data file
XXXXXXXX
128

US5123045A

(Rafail Ostrovsky, 1992)		(Original Assignee) Massachusetts Institute of Technology     

(Current Assignee) Massachusetts Institute of Technology 		Comprehensive software protection system embedding location physical memory locations
conversion key function value
Computer software address space
XXXXXX
129

US5109413A

(Liam D. Comerford, 1992)		(Original Assignee) International Business Machines Corp     

(Current Assignee) International Business Machines Corp 		Manipulating rights-to-execute in connection with a software copy protection mechanism second item second processors
second part following steps
security code key information
data file data file
XXXXXXXXXXXX
130

US5155680A

(John D. Wiedemer, 1992)		(Original Assignee) Signal Security Technology     

(Current Assignee) Signal Security Technology 		Billing system for computing software executable conversion commencing operation
Computer software, computer software computer means, hardware key
processor means memory circuit
memory means memory means
XXXXXXX
131

US5199066A

(Andrew J. Logan, 1993)		(Original Assignee) Special Effects Software Inc     

(Current Assignee) LOGAN ANDREW J PO BOX 314 HAVERFORD PA 19041 ; SPECIAL EFFECTS SOFTWARE Inc A CORP OF ; Special Effects Software Inc 		Method and apparatus for protecting software Computer software, computer software particular hardware, computer means
digital protection stored information
XXXXX
132

US5155837A

(Cheng-Chung Liu, 1992)		(Original Assignee) Telcordia Technologies Inc     

(Current Assignee) TTI Inventions B LLC 		Methods and apparatus for software retrofitting call instructions application processor
computer software application programs
processor means processing unit
XXXXXX
133

US5023907A

(Herrick J. Johnson, 1991)		(Original Assignee) Apollo Computer Inc     

(Current Assignee) HP Inc ; Apollo Computer Inc 		Network license server Computer software computer program
digital data, digital protection said signal
first part said sub
XXXXXXXXXXXXX
134

US5155847A

(Donald L. Kirouac, 1992)		(Original Assignee) Minicom Data Corp     

(Current Assignee) Dot Assets No 9 LLC 		Method and apparatus for updating software at remote locations respective target different times
Computer software first version, one computer
XXX
135

US4959861A

(Edward L. Howlette, 1990)		(Original Assignee) Howlette Edward L     Security system for computer software computer system computer system
one order command signal
digital data, digital protection said signal
security code user access
relocation code said memory
XXXXXXXXXXXXXXXXXXXXX
136

US5113518A

(Robert T. Durst, 1992)		(Original Assignee) Pitney Bowes Inc     

(Current Assignee) Pitney Bowes Inc 		Method and system for preventing unauthorized use of software one order said predetermined number
CRC algorithm cyclic redundancy check
memory means, memory location writing data
second item elapsed time
relocation code said memory
digital data said time
conversion code bit data
data carrier n value
XXXXXXXXXXXXXXXXXXX
137

US4888800A

(Alan D. Marshall, 1989)		(Original Assignee) HP Inc     

(Current Assignee) HP Inc 		Secure messaging systems memory location backup information
Computer software associated data
XXX
138

US4916637A

(LindaMay P. Allen, 1990)		(Original Assignee) International Business Machines Corp     

(Current Assignee) International Business Machines Corp 		Customized instruction generator computer software specified component, media components
computer system computer system
memory means memory means
respective target block d line
XXXXXXXXXXXX
139

US4864616A

(Eugene W. Pond, 1989)		(Original Assignee) Micronyx Inc     

(Current Assignee) MICRONYX Inc 1901 N CENTRAL EXPRESSWAY SUITE 400 RICHARDSON TEXAS 75080 ; Micronyx Inc 		Cryptographic labeling of electronically stored data Computer software second computer
conversion key encrypting data
computer system, computer system comprising memory stored data
data file data file
first part said sub
XXXXXXXXXXXXX
140

US4817140A

(Ashileshwari N. Chandra, 1989)		(Original Assignee) International Business Machines Corp     

(Current Assignee) International Business Machines Corp 		Software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocessor second part following steps
one order first relation
XX
141

US4827508A

(Victor H. Shear, 1989)		(Original Assignee) Personal Library Software Inc     

(Current Assignee) Electronic Publishing Resources Inc 		Database usage metering and protection system and method memory means non-volatile memory device, memory means
digital protection, digital data arrangement electronic monitoring, stored information
relocation code identifying portions, source information
executable instruction textual information
computer system, computer system comprising memory communicating means, stored data
second item signal processor
processor means calculating step
second part following steps
one order metering means
XXXXXXXXXXXXXXXXXXX
142

US5021997A

(Kent C. Archie, 1991)		(Original Assignee) Nokia Bell Labs     

(Current Assignee) Nokia Bell Labs ; AT&T Information Systems Inc ; AT&T Corp 		Test automation system executable conversion adding information
data carrier containing software database records
XXXXXXX
143

US4888798A

(Lester D. Earnest, 1989)		(Original Assignee) Oms Inc     

(Current Assignee) QMS Inc A DE CORP ; Oms Inc 		Modular software security respective target, respective target block more operation
one order said element
XX
144

US4685055A

(Richard B. Thomas, 1987)		(Original Assignee) CORBAN INTERNATIONAL Ltd A CORP OF ANGUILLA     

(Current Assignee) CORBAN INTERNATIONAL Ltd A CORP OF ANGUILLA 		Method and system for controlling use of protected software computer software computer software
security means working memory
XXXXX
145

US4688169A

(Bhagirath S. Joshi, 1987)		(Original Assignee) Joshi Bhagirath S     Computer software security system computer software computer software
processor means memory circuit
relocation code said memory
XXXXXXXX
146

US4577289A

(Liam D. Comerford, 1986)		(Original Assignee) International Business Machines Corp     

(Current Assignee) International Business Machines Corp 		Hardware key-on-disk system for copy-protecting magnetic storage media converting code third storage
Computer software, computer software hardware key
XXXXX
147

US4573119A

(Thomas O. Westheimer, 1986)		(Original Assignee) Westheimer Thomas O; Hipson Peter D     Computer software protection system security code unauthorized access
executable instructions, call instructions memory boundary, first way
second item encoding scheme
first part control program, said sub
computer system computer system
processor means processing unit
memory means, memory location writing data
data carrier n value
converting code ring C
XXXXXXXXXXXXXXXXXX
148

GB2119978A

(Hendrik Vrielink, 1983)		(Original Assignee) Koninklijke Philips NV     

(Current Assignee) Koninklijke Philips NV 		Device for protection against the unauthorized reading of program words stored in a memory digital protection said selection
computer system comprising memory first means
X
149

US4558176A

(Mark G. Arnold, 1985)		(Original Assignee) Arnold Mark G; Winkel Mark D     Computer systems to inhibit unauthorized copying, unauthorized usage, and automated cracking of protected software call instruction call instruction
computer system computer system
respective call, respective target return address
XXXXXXXXXXXXX
150

US4593353A

(Andrew Pickholtz, 1986)		(Original Assignee) TELECOMMUNICATIONS ASSOC Inc     

(Current Assignee) Rainbow Technologies Inc 		Software protection method and apparatus computer software computer software
processing means processing means
respective conversion key random sequence
XXXXX
151

US4471163A

(Thomas C. Donald, 1984)		(Original Assignee) Donald Thomas C; Donald Henry W     

(Current Assignee) CHRONOGUARD LLC ; DONALD LYNN DUTY & DONALD THOMAS CLAUDE AS TRUSTEES OF CHRONOGUARD TRUST ; DONALD LYNN DUTY AS TRUSTEE OF DUTY TRUST ; DONALD SARAH HOLLIS ; DONALD THOMAS CHRISTOPHER 		Software protection system processing means processing means
target block locking means
first part said series
relocation code said memory
digital data said time
XXXXXXXXXXXXXXXXXXX
152

US4433207A

(Robert M. Best, 1984)		(Original Assignee) Best Robert M     

(Current Assignee) Dallas Semiconductor Corp 		Cryptographic decoder for computer programs executable instructions next sequential instruction
Computer software computer program
processor means processor means
converting code digital words
computer system comprising memory program key
XXXXXX




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		SECURITY AND WATERMARKING OF MULTIMEDIA CONTENTS. 3657: 472-483 1999

Publication Year: 1999

An Architecture Of Security Management Unit For Safe Hosting Of Multiple Agents

Université catholique de Louvain

Gilmont, Legat, Quisquater, Wong, Delp
US7162735B2
CLAIM 1 . Computer software (hardware support, smart card) operable to provide protection for a second item of computer software (hardware support, smart card) , the protection software (hardware support, smart card) comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code (security level) which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		An Architecture Of Security Management Unit For Safe Hosting Of Multiple Agents . In such growing areas as remote applications in large public networks , electronic commerce , digital signature , intellectual property and copyright protection , and even operating system extensibility , the hardware security level (executable code, executable conversion code) offered by existing processors is insufficient . They lack protection mechanisms that prevent the user from tampering critical data owned by those applications . Some devices make exception , but have not enough processing power nor enough memory to stand up to such applications (e . g . smart card (Computer software, computer software, protection software, memory location, computer memory device containing computer software, memory means) s) . This paper proposes an architecture of secure processor , in which the classical memory management unit is extended into a new security management unit . It allows ciphered code execution and ciphered data processing . An internal permanent memory can store cipher keys and critical data for several client agents simultaneously . The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility . The result is a secure processor that has hardware support (Computer software, computer software, protection software, memory location, computer memory device containing computer software, memory means) for extensible multitask operating systems , and can be used for both general applications and critical applications needing strong protection . The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance , and do not require it to be modified .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (hardware support, smart card) in accordance with claim 1 . 		An Architecture Of Security Management Unit For Safe Hosting Of Multiple Agents . In such growing areas as remote applications in large public networks , electronic commerce , digital signature , intellectual property and copyright protection , and even operating system extensibility , the hardware security level offered by existing processors is insufficient . They lack protection mechanisms that prevent the user from tampering critical data owned by those applications . Some devices make exception , but have not enough processing power nor enough memory to stand up to such applications (e . g . smart card (Computer software, computer software, protection software, memory location, computer memory device containing computer software, memory means) s) . This paper proposes an architecture of secure processor , in which the classical memory management unit is extended into a new security management unit . It allows ciphered code execution and ciphered data processing . An internal permanent memory can store cipher keys and critical data for several client agents simultaneously . The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility . The result is a secure processor that has hardware support (Computer software, computer software, protection software, memory location, computer memory device containing computer software, memory means) for extensible multitask operating systems , and can be used for both general applications and critical applications needing strong protection . The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance , and do not require it to be modified .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (hardware support, smart card) protected by means of computer software in accordance with claim 1 . 		An Architecture Of Security Management Unit For Safe Hosting Of Multiple Agents . In such growing areas as remote applications in large public networks , electronic commerce , digital signature , intellectual property and copyright protection , and even operating system extensibility , the hardware security level offered by existing processors is insufficient . They lack protection mechanisms that prevent the user from tampering critical data owned by those applications . Some devices make exception , but have not enough processing power nor enough memory to stand up to such applications (e . g . smart card (Computer software, computer software, protection software, memory location, computer memory device containing computer software, memory means) s) . This paper proposes an architecture of secure processor , in which the classical memory management unit is extended into a new security management unit . It allows ciphered code execution and ciphered data processing . An internal permanent memory can store cipher keys and critical data for several client agents simultaneously . The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility . The result is a secure processor that has hardware support (Computer software, computer software, protection software, memory location, computer memory device containing computer software, memory means) for extensible multitask operating systems , and can be used for both general applications and critical applications needing strong protection . The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance , and do not require it to be modified .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code (security level) , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		An Architecture Of Security Management Unit For Safe Hosting Of Multiple Agents . In such growing areas as remote applications in large public networks , electronic commerce , digital signature , intellectual property and copyright protection , and even operating system extensibility , the hardware security level (executable code, executable conversion code) offered by existing processors is insufficient . They lack protection mechanisms that prevent the user from tampering critical data owned by those applications . Some devices make exception , but have not enough processing power nor enough memory to stand up to such applications (e . g . smart cards) . This paper proposes an architecture of secure processor , in which the classical memory management unit is extended into a new security management unit . It allows ciphered code execution and ciphered data processing . An internal permanent memory can store cipher keys and critical data for several client agents simultaneously . The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility . The result is a secure processor that has hardware support for extensible multitask operating systems , and can be used for both general applications and critical applications needing strong protection . The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance , and do not require it to be modified .

US7162735B2
CLAIM 5 . A computer system comprising memory means (hardware support, smart card) containing a digital protection arrangement according to claim 4 . 		An Architecture Of Security Management Unit For Safe Hosting Of Multiple Agents . In such growing areas as remote applications in large public networks , electronic commerce , digital signature , intellectual property and copyright protection , and even operating system extensibility , the hardware security level offered by existing processors is insufficient . They lack protection mechanisms that prevent the user from tampering critical data owned by those applications . Some devices make exception , but have not enough processing power nor enough memory to stand up to such applications (e . g . smart card (Computer software, computer software, protection software, memory location, computer memory device containing computer software, memory means) s) . This paper proposes an architecture of secure processor , in which the classical memory management unit is extended into a new security management unit . It allows ciphered code execution and ciphered data processing . An internal permanent memory can store cipher keys and critical data for several client agents simultaneously . The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility . The result is a secure processor that has hardware support (Computer software, computer software, protection software, memory location, computer memory device containing computer software, memory means) for extensible multitask operating systems , and can be used for both general applications and critical applications needing strong protection . The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance , and do not require it to be modified .

US7162735B2
CLAIM 7 . Computer software (hardware support, smart card) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		An Architecture Of Security Management Unit For Safe Hosting Of Multiple Agents . In such growing areas as remote applications in large public networks , electronic commerce , digital signature , intellectual property and copyright protection , and even operating system extensibility , the hardware security level offered by existing processors is insufficient . They lack protection mechanisms that prevent the user from tampering critical data owned by those applications . Some devices make exception , but have not enough processing power nor enough memory to stand up to such applications (e . g . smart card (Computer software, computer software, protection software, memory location, computer memory device containing computer software, memory means) s) . This paper proposes an architecture of secure processor , in which the classical memory management unit is extended into a new security management unit . It allows ciphered code execution and ciphered data processing . An internal permanent memory can store cipher keys and critical data for several client agents simultaneously . The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility . The result is a secure processor that has hardware support (Computer software, computer software, protection software, memory location, computer memory device containing computer software, memory means) for extensible multitask operating systems , and can be used for both general applications and critical applications needing strong protection . The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance , and do not require it to be modified .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code (security level) operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		An Architecture Of Security Management Unit For Safe Hosting Of Multiple Agents . In such growing areas as remote applications in large public networks , electronic commerce , digital signature , intellectual property and copyright protection , and even operating system extensibility , the hardware security level (executable code, executable conversion code) offered by existing processors is insufficient . They lack protection mechanisms that prevent the user from tampering critical data owned by those applications . Some devices make exception , but have not enough processing power nor enough memory to stand up to such applications (e . g . smart cards) . This paper proposes an architecture of secure processor , in which the classical memory management unit is extended into a new security management unit . It allows ciphered code execution and ciphered data processing . An internal permanent memory can store cipher keys and critical data for several client agents simultaneously . The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility . The result is a secure processor that has hardware support for extensible multitask operating systems , and can be used for both general applications and critical applications needing strong protection . The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance , and do not require it to be modified .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code (security level) stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		An Architecture Of Security Management Unit For Safe Hosting Of Multiple Agents . In such growing areas as remote applications in large public networks , electronic commerce , digital signature , intellectual property and copyright protection , and even operating system extensibility , the hardware security level (executable code, executable conversion code) offered by existing processors is insufficient . They lack protection mechanisms that prevent the user from tampering critical data owned by those applications . Some devices make exception , but have not enough processing power nor enough memory to stand up to such applications (e . g . smart cards) . This paper proposes an architecture of secure processor , in which the classical memory management unit is extended into a new security management unit . It allows ciphered code execution and ciphered data processing . An internal permanent memory can store cipher keys and critical data for several client agents simultaneously . The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility . The result is a secure processor that has hardware support for extensible multitask operating systems , and can be used for both general applications and critical applications needing strong protection . The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance , and do not require it to be modified .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code (security level) and/or a data file . 		An Architecture Of Security Management Unit For Safe Hosting Of Multiple Agents . In such growing areas as remote applications in large public networks , electronic commerce , digital signature , intellectual property and copyright protection , and even operating system extensibility , the hardware security level (executable code, executable conversion code) offered by existing processors is insufficient . They lack protection mechanisms that prevent the user from tampering critical data owned by those applications . Some devices make exception , but have not enough processing power nor enough memory to stand up to such applications (e . g . smart cards) . This paper proposes an architecture of secure processor , in which the classical memory management unit is extended into a new security management unit . It allows ciphered code execution and ciphered data processing . An internal permanent memory can store cipher keys and critical data for several client agents simultaneously . The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility . The result is a secure processor that has hardware support for extensible multitask operating systems , and can be used for both general applications and critical applications needing strong protection . The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance , and do not require it to be modified .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (hardware support, smart card) storing the protected data , decryption instructions and conversion code with a start point at a memory location (hardware support, smart card) indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code (security level) to be executed when seeking to access the protected data . 		An Architecture Of Security Management Unit For Safe Hosting Of Multiple Agents . In such growing areas as remote applications in large public networks , electronic commerce , digital signature , intellectual property and copyright protection , and even operating system extensibility , the hardware security level (executable code, executable conversion code) offered by existing processors is insufficient . They lack protection mechanisms that prevent the user from tampering critical data owned by those applications . Some devices make exception , but have not enough processing power nor enough memory to stand up to such applications (e . g . smart card (Computer software, computer software, protection software, memory location, computer memory device containing computer software, memory means) s) . This paper proposes an architecture of secure processor , in which the classical memory management unit is extended into a new security management unit . It allows ciphered code execution and ciphered data processing . An internal permanent memory can store cipher keys and critical data for several client agents simultaneously . The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility . The result is a secure processor that has hardware support (Computer software, computer software, protection software, memory location, computer memory device containing computer software, memory means) for extensible multitask operating systems , and can be used for both general applications and critical applications needing strong protection . The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance , and do not require it to be modified .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code (security level) executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		An Architecture Of Security Management Unit For Safe Hosting Of Multiple Agents . In such growing areas as remote applications in large public networks , electronic commerce , digital signature , intellectual property and copyright protection , and even operating system extensibility , the hardware security level (executable code, executable conversion code) offered by existing processors is insufficient . They lack protection mechanisms that prevent the user from tampering critical data owned by those applications . Some devices make exception , but have not enough processing power nor enough memory to stand up to such applications (e . g . smart cards) . This paper proposes an architecture of secure processor , in which the classical memory management unit is extended into a new security management unit . It allows ciphered code execution and ciphered data processing . An internal permanent memory can store cipher keys and critical data for several client agents simultaneously . The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility . The result is a secure processor that has hardware support for extensible multitask operating systems , and can be used for both general applications and critical applications needing strong protection . The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance , and do not require it to be modified .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code (security level) is executable to create the steps on each occasion that the executable instruction is to be executed . 		An Architecture Of Security Management Unit For Safe Hosting Of Multiple Agents . In such growing areas as remote applications in large public networks , electronic commerce , digital signature , intellectual property and copyright protection , and even operating system extensibility , the hardware security level (executable code, executable conversion code) offered by existing processors is insufficient . They lack protection mechanisms that prevent the user from tampering critical data owned by those applications . Some devices make exception , but have not enough processing power nor enough memory to stand up to such applications (e . g . smart cards) . This paper proposes an architecture of secure processor , in which the classical memory management unit is extended into a new security management unit . It allows ciphered code execution and ciphered data processing . An internal permanent memory can store cipher keys and critical data for several client agents simultaneously . The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility . The result is a secure processor that has hardware support for extensible multitask operating systems , and can be used for both general applications and critical applications needing strong protection . The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance , and do not require it to be modified .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code (security level) executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		An Architecture Of Security Management Unit For Safe Hosting Of Multiple Agents . In such growing areas as remote applications in large public networks , electronic commerce , digital signature , intellectual property and copyright protection , and even operating system extensibility , the hardware security level (executable code, executable conversion code) offered by existing processors is insufficient . They lack protection mechanisms that prevent the user from tampering critical data owned by those applications . Some devices make exception , but have not enough processing power nor enough memory to stand up to such applications (e . g . smart cards) . This paper proposes an architecture of secure processor , in which the classical memory management unit is extended into a new security management unit . It allows ciphered code execution and ciphered data processing . An internal permanent memory can store cipher keys and critical data for several client agents simultaneously . The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility . The result is a secure processor that has hardware support for extensible multitask operating systems , and can be used for both general applications and critical applications needing strong protection . The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance , and do not require it to be modified .

US7162735B2
CLAIM 36 . The arrangement of claim 34 , wherein the executable code (security level) is executable to create corrupt data in addition to each part of protected code . 		An Architecture Of Security Management Unit For Safe Hosting Of Multiple Agents . In such growing areas as remote applications in large public networks , electronic commerce , digital signature , intellectual property and copyright protection , and even operating system extensibility , the hardware security level (executable code, executable conversion code) offered by existing processors is insufficient . They lack protection mechanisms that prevent the user from tampering critical data owned by those applications . Some devices make exception , but have not enough processing power nor enough memory to stand up to such applications (e . g . smart cards) . This paper proposes an architecture of secure processor , in which the classical memory management unit is extended into a new security management unit . It allows ciphered code execution and ciphered data processing . An internal permanent memory can store cipher keys and critical data for several client agents simultaneously . The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility . The result is a secure processor that has hardware support for extensible multitask operating systems , and can be used for both general applications and critical applications needing strong protection . The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance , and do not require it to be modified .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code (security level) and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		An Architecture Of Security Management Unit For Safe Hosting Of Multiple Agents . In such growing areas as remote applications in large public networks , electronic commerce , digital signature , intellectual property and copyright protection , and even operating system extensibility , the hardware security level (executable code, executable conversion code) offered by existing processors is insufficient . They lack protection mechanisms that prevent the user from tampering critical data owned by those applications . Some devices make exception , but have not enough processing power nor enough memory to stand up to such applications (e . g . smart cards) . This paper proposes an architecture of secure processor , in which the classical memory management unit is extended into a new security management unit . It allows ciphered code execution and ciphered data processing . An internal permanent memory can store cipher keys and critical data for several client agents simultaneously . The ordinary supervisor privilege scheme is replaced by a privilege inheritance mechanism that is more suited to operating system extensibility . The result is a secure processor that has hardware support for extensible multitask operating systems , and can be used for both general applications and critical applications needing strong protection . The security management unit and the internal permanent memory can be added to an existing CPU core without loss of performance , and do not require it to be modified .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		IEEE TRANSACTIONS ON INFORMATION THEORY. 44 (5): 1897-1905 SEP 1998

Publication Year: 1998

Collusion-secure Fingerprinting For Digital Data

Stanford University, Princeton University

Boneh, Shaw
US7162735B2
CLAIM 4 . A digital data (digital data) arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) , e . g . , software , documents , music , and video . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : for digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 4 . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) , e . g . , software , documents , music , and video . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : for digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 4 . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) , e . g . , software , documents , music , and video . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : for digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 18 . A digital data (digital data) arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) , e . g . , software , documents , music , and video . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : for digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (printing solution) operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data , e . g . , software , documents , music , and video . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : for digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution (processing means) which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 18 . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) , e . g . , software , documents , music , and video . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : for digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 29 . A digital data (digital data) arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) , e . g . , software , documents , music , and video . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : for digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 29 . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) , e . g . , software , documents , music , and video . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : for digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 34 . A digital data (digital data) arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) , e . g . , software , documents , music , and video . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : for digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 34 . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) , e . g . , software , documents , music , and video . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : for digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 38 . A digital data (digital data) arrangement comprising protected code , security code and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) , e . g . , software , documents , music , and video . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : for digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 38 . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) , e . g . , software , documents , music , and video . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : for digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		IEEE TRANSACTIONS ON IMAGE PROCESSING. 6 (12): 1673-1687 DEC 1997

Publication Year: 1997

Secure Spread Spectrum Watermarking For Multimedia

Massachusetts Institute of Technology, Intertrust STAR Lab, NEC Research Institute

Cox, Kilian, Leighton, Shamoon
US7162735B2
CLAIM 4 . A digital data (digital conversion) arrangement comprising protected code and security code (watermark detector) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermarking that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d .) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion (digital data, digital protection) , requantization , etc .) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector (security code, converting code) unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 5 . A computer system comprising memory means containing a digital protection (digital conversion) arrangement according to claim 4 . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermarking that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion (digital data, digital protection) , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital conversion) protection arrangement in accordance with claim 4 . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermarking that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion (digital data, digital protection) , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system , is operable as a digital data (digital conversion) protection arrangement in accordance with claim 4 . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermarking that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion (digital data, digital protection) , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (watermark detector) , when executed , is operable to detect corruption of the protected code . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermarking that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector (security code, converting code) unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (watermark detector) is operable to delete the protected code in the event that any corruption is detected . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermarking that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector (security code, converting code) unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (watermark detector) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermarking that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector (security code, converting code) unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (watermark detector) is embedded within the protected code . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermarking that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector (security code, converting code) unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (watermark detector) is embedded at locations which are unused by the protected code . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermarking that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector (security code, converting code) unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 13 . The arrangement of claim 12 , wherein at least one embedding location (digital watermark) is identified when the protected code is executed , the security means is written to the embedding location . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermark (embedding location) ing that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 14 . The arrangement of claim 13 , wherein an embedding location (digital watermark) is identified by decompiling the protected code , and analyzing the decompiled code . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermark (embedding location) ing that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (watermark detector) and to modify the call instruction to refer to the new location . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermarking that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector (security code, converting code) unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 18 . A digital data (digital conversion) arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermarking that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion (digital data, digital protection) , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 25 . The arrangement of claim 18 , wherein the or each algorithm for converting code (watermark detector) is a CRC algorithm . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermarking that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector (security code, converting code) unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital conversion) protection arrangement in accordance with claim 18 . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermarking that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion (digital data, digital protection) , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 29 . A digital data (digital conversion) arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermarking that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion (digital data, digital protection) , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital conversion) protection arrangement in accordance with claim 29 . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermarking that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion (digital data, digital protection) , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 34 . A digital data (digital conversion) arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermarking that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion (digital data, digital protection) , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital conversion) protection arrangement in accordance with claim 34 . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermarking that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion (digital data, digital protection) , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 38 . A digital data (digital conversion) arrangement comprising protected code , security code (watermark detector) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermarking that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion (digital data, digital protection) , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector (security code, converting code) unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (watermark detector) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermarking that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector (security code, converting code) unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital conversion) protection arrangement in accordance with claim 38 . 		Secure Spread Spectrum Watermarking For Multimedia . This paper presents a secure (tamper-resistant) algorithm for watermarking images , and a methodology for digital watermarking that may be generalized to audio , video , and multimedia data , We advocate that a watermark should be constructed as an independent and identically distributed (i . i . d . ) Gaussian random vector that is imperceptibly inserted in a spread-spectrum-like fashion into the perceptually most significant spectral components of the data , We argue that insertion of a watermark under this regime makes the watermark robust to signal processing operations (such as lossy compression , filtering , digital-analog and analog-digital conversion (digital data, digital protection) , requantization , etc . ) , and common geometric transformations (such as cropping , scaling , translation , and rotation) provided that the original image is available and that it can be succesfully registered against the transformed watermarked image , In these cases , the watermark detector unambiguously identifies the owner , Further , the use of Gaussian noise , ensures strong resilience to multiple-document , or collusional , attacks . Experimental results are provided to support these claims , along with an exposition of pending open problems .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		ADVANCES IN CRYPTOLOGY - EUROCRYPT 96. 1070: 84-95 1996

Publication Year: 1996

Asymmetric Fingerprinting

Universität Hildesheim

Pfitzmann, Schunter, Maurer
US7162735B2
CLAIM 4 . A digital data (digital data) arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		Asymmetric Fingerprinting . Fingerprinting schemes deter people from illegal copying of digital data (digital data) by enabling the merchant of the data to identify the original buyer of a copy that was redistributed illegally . All known fingerprinting schemes are symmetric in the following sense : Both the buyer and the merchant know the fingerprinted copy . Thus , when the merchant finds this copy somewhere , there is no proof that it was the buyer who put it there , and not the merchant . We introduce asymmetric fingerprinting , where only the buyer knows the fingerprinted copy , and the merchant , upon finding it somewhere , can find out and prove to third parties whose copy it was . We present a detailed definition of this concept and constructions . The first construction is based on a quite general symmetric fingerprinting scheme and general cryptographic primitives ;
it is provably secure if all these underlying schemes are . We also present more specific and more efficient constructions .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 4 . 		Asymmetric Fingerprinting . Fingerprinting schemes deter people from illegal copying of digital data (digital data) by enabling the merchant of the data to identify the original buyer of a copy that was redistributed illegally . All known fingerprinting schemes are symmetric in the following sense : Both the buyer and the merchant know the fingerprinted copy . Thus , when the merchant finds this copy somewhere , there is no proof that it was the buyer who put it there , and not the merchant . We introduce asymmetric fingerprinting , where only the buyer knows the fingerprinted copy , and the merchant , upon finding it somewhere , can find out and prove to third parties whose copy it was . We present a detailed definition of this concept and constructions . The first construction is based on a quite general symmetric fingerprinting scheme and general cryptographic primitives ;
it is provably secure if all these underlying schemes are . We also present more specific and more efficient constructions .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 4 . 		Asymmetric Fingerprinting . Fingerprinting schemes deter people from illegal copying of digital data (digital data) by enabling the merchant of the data to identify the original buyer of a copy that was redistributed illegally . All known fingerprinting schemes are symmetric in the following sense : Both the buyer and the merchant know the fingerprinted copy . Thus , when the merchant finds this copy somewhere , there is no proof that it was the buyer who put it there , and not the merchant . We introduce asymmetric fingerprinting , where only the buyer knows the fingerprinted copy , and the merchant , upon finding it somewhere , can find out and prove to third parties whose copy it was . We present a detailed definition of this concept and constructions . The first construction is based on a quite general symmetric fingerprinting scheme and general cryptographic primitives ;
it is provably secure if all these underlying schemes are . We also present more specific and more efficient constructions .

US7162735B2
CLAIM 18 . A digital data (digital data) arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		Asymmetric Fingerprinting . Fingerprinting schemes deter people from illegal copying of digital data (digital data) by enabling the merchant of the data to identify the original buyer of a copy that was redistributed illegally . All known fingerprinting schemes are symmetric in the following sense : Both the buyer and the merchant know the fingerprinted copy . Thus , when the merchant finds this copy somewhere , there is no proof that it was the buyer who put it there , and not the merchant . We introduce asymmetric fingerprinting , where only the buyer knows the fingerprinted copy , and the merchant , upon finding it somewhere , can find out and prove to third parties whose copy it was . We present a detailed definition of this concept and constructions . The first construction is based on a quite general symmetric fingerprinting scheme and general cryptographic primitives ;
it is provably secure if all these underlying schemes are . We also present more specific and more efficient constructions .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key derived from a respective target block (illegal copying) . 		Asymmetric Fingerprinting . Fingerprinting schemes deter people from illegal copying (respective target block) of digital data by enabling the merchant of the data to identify the original buyer of a copy that was redistributed illegally . All known fingerprinting schemes are symmetric in the following sense : Both the buyer and the merchant know the fingerprinted copy . Thus , when the merchant finds this copy somewhere , there is no proof that it was the buyer who put it there , and not the merchant . We introduce asymmetric fingerprinting , where only the buyer knows the fingerprinted copy , and the merchant , upon finding it somewhere , can find out and prove to third parties whose copy it was . We present a detailed definition of this concept and constructions . The first construction is based on a quite general symmetric fingerprinting scheme and general cryptographic primitives ;
it is provably secure if all these underlying schemes are . We also present more specific and more efficient constructions .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 18 . 		Asymmetric Fingerprinting . Fingerprinting schemes deter people from illegal copying of digital data (digital data) by enabling the merchant of the data to identify the original buyer of a copy that was redistributed illegally . All known fingerprinting schemes are symmetric in the following sense : Both the buyer and the merchant know the fingerprinted copy . Thus , when the merchant finds this copy somewhere , there is no proof that it was the buyer who put it there , and not the merchant . We introduce asymmetric fingerprinting , where only the buyer knows the fingerprinted copy , and the merchant , upon finding it somewhere , can find out and prove to third parties whose copy it was . We present a detailed definition of this concept and constructions . The first construction is based on a quite general symmetric fingerprinting scheme and general cryptographic primitives ;
it is provably secure if all these underlying schemes are . We also present more specific and more efficient constructions .

US7162735B2
CLAIM 29 . A digital data (digital data) arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		Asymmetric Fingerprinting . Fingerprinting schemes deter people from illegal copying of digital data (digital data) by enabling the merchant of the data to identify the original buyer of a copy that was redistributed illegally . All known fingerprinting schemes are symmetric in the following sense : Both the buyer and the merchant know the fingerprinted copy . Thus , when the merchant finds this copy somewhere , there is no proof that it was the buyer who put it there , and not the merchant . We introduce asymmetric fingerprinting , where only the buyer knows the fingerprinted copy , and the merchant , upon finding it somewhere , can find out and prove to third parties whose copy it was . We present a detailed definition of this concept and constructions . The first construction is based on a quite general symmetric fingerprinting scheme and general cryptographic primitives ;
it is provably secure if all these underlying schemes are . We also present more specific and more efficient constructions .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 29 . 		Asymmetric Fingerprinting . Fingerprinting schemes deter people from illegal copying of digital data (digital data) by enabling the merchant of the data to identify the original buyer of a copy that was redistributed illegally . All known fingerprinting schemes are symmetric in the following sense : Both the buyer and the merchant know the fingerprinted copy . Thus , when the merchant finds this copy somewhere , there is no proof that it was the buyer who put it there , and not the merchant . We introduce asymmetric fingerprinting , where only the buyer knows the fingerprinted copy , and the merchant , upon finding it somewhere , can find out and prove to third parties whose copy it was . We present a detailed definition of this concept and constructions . The first construction is based on a quite general symmetric fingerprinting scheme and general cryptographic primitives ;
it is provably secure if all these underlying schemes are . We also present more specific and more efficient constructions .

US7162735B2
CLAIM 34 . A digital data (digital data) arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		Asymmetric Fingerprinting . Fingerprinting schemes deter people from illegal copying of digital data (digital data) by enabling the merchant of the data to identify the original buyer of a copy that was redistributed illegally . All known fingerprinting schemes are symmetric in the following sense : Both the buyer and the merchant know the fingerprinted copy . Thus , when the merchant finds this copy somewhere , there is no proof that it was the buyer who put it there , and not the merchant . We introduce asymmetric fingerprinting , where only the buyer knows the fingerprinted copy , and the merchant , upon finding it somewhere , can find out and prove to third parties whose copy it was . We present a detailed definition of this concept and constructions . The first construction is based on a quite general symmetric fingerprinting scheme and general cryptographic primitives ;
it is provably secure if all these underlying schemes are . We also present more specific and more efficient constructions .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 34 . 		Asymmetric Fingerprinting . Fingerprinting schemes deter people from illegal copying of digital data (digital data) by enabling the merchant of the data to identify the original buyer of a copy that was redistributed illegally . All known fingerprinting schemes are symmetric in the following sense : Both the buyer and the merchant know the fingerprinted copy . Thus , when the merchant finds this copy somewhere , there is no proof that it was the buyer who put it there , and not the merchant . We introduce asymmetric fingerprinting , where only the buyer knows the fingerprinted copy , and the merchant , upon finding it somewhere , can find out and prove to third parties whose copy it was . We present a detailed definition of this concept and constructions . The first construction is based on a quite general symmetric fingerprinting scheme and general cryptographic primitives ;
it is provably secure if all these underlying schemes are . We also present more specific and more efficient constructions .

US7162735B2
CLAIM 38 . A digital data (digital data) arrangement comprising protected code , security code and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		Asymmetric Fingerprinting . Fingerprinting schemes deter people from illegal copying of digital data (digital data) by enabling the merchant of the data to identify the original buyer of a copy that was redistributed illegally . All known fingerprinting schemes are symmetric in the following sense : Both the buyer and the merchant know the fingerprinted copy . Thus , when the merchant finds this copy somewhere , there is no proof that it was the buyer who put it there , and not the merchant . We introduce asymmetric fingerprinting , where only the buyer knows the fingerprinted copy , and the merchant , upon finding it somewhere , can find out and prove to third parties whose copy it was . We present a detailed definition of this concept and constructions . The first construction is based on a quite general symmetric fingerprinting scheme and general cryptographic primitives ;
it is provably secure if all these underlying schemes are . We also present more specific and more efficient constructions .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 38 . 		Asymmetric Fingerprinting . Fingerprinting schemes deter people from illegal copying of digital data (digital data) by enabling the merchant of the data to identify the original buyer of a copy that was redistributed illegally . All known fingerprinting schemes are symmetric in the following sense : Both the buyer and the merchant know the fingerprinted copy . Thus , when the merchant finds this copy somewhere , there is no proof that it was the buyer who put it there , and not the merchant . We introduce asymmetric fingerprinting , where only the buyer knows the fingerprinted copy , and the merchant , upon finding it somewhere , can find out and prove to third parties whose copy it was . We present a detailed definition of this concept and constructions . The first construction is based on a quite general symmetric fingerprinting scheme and general cryptographic primitives ;
it is provably secure if all these underlying schemes are . We also present more specific and more efficient constructions .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		ADVANCES IN CRYPTOLOGY - CRYPTO 95. 963: 452-465 1995

Publication Year: 1995

Collusion-secure Fingerprinting For Digital Data

Princeton University

Boneh, Shaw, Coppersmith
US7162735B2
CLAIM 4 . A digital data (digital data) arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) (e . g . , software , documents , and images) . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : For digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 4 . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) (e . g . , software , documents , and images) . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : For digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 4 . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) (e . g . , software , documents , and images) . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : For digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 18 . A digital data (digital data) arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) (e . g . , software , documents , and images) . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : For digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (printing solution) operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (e . g . , software , documents , and images) . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : For digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution (processing means) which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 18 . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) (e . g . , software , documents , and images) . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : For digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 29 . A digital data (digital data) arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) (e . g . , software , documents , and images) . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : For digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 29 . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) (e . g . , software , documents , and images) . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : For digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 34 . A digital data (digital data) arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) (e . g . , software , documents , and images) . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : For digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 34 . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) (e . g . , software , documents , and images) . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : For digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 38 . A digital data (digital data) arrangement comprising protected code , security code and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) (e . g . , software , documents , and images) . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : For digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 38 . 		Collusion-secure Fingerprinting For Digital Data . This paper discusses methods for assigning codewords for the purpose of fingerprinting digital data (digital data) (e . g . , software , documents , and images) . Fingerprinting consists of uniquely marking and registering each copy of the data . This marking allows a distributor to detect any unauthorized copy and trace it back to the user . This threat of detection will deter users from releasing unauthorized copies . A problem arises when users collude : For digital data , two different fingerprinted objects can be compared and the differences between them detected . Hence , a set of users can collude to detect the location of the fingerprint . They can then alter the fingerprint to mask their identities . We present a general fingerprinting solution which is secure in the context of collusion . In addition , we discuss methods for distributing fingerprinted data .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		IEE PROCEEDINGS-E COMPUTERS AND DIGITAL TECHNIQUES. 139 (2): 139-143 MAR 1992

Publication Year: 1992

INTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL

University of Missouri

Harn, Lin
US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		INTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL . User authentication and access control are both necessary mechanisms for data protection in a computer system (computer system) . Traditionally , they are implemented in different modules . In this paper , a new solution is presented to provide user authentication and access control in a single module to avoid any possible security breach between these two protection mechanisms . The secret information required for the whole system is minimised and the difficulty of password comprising increased to improve system security . More importantly , with time complexity of implementation almost equivalent to that found in the normal public key based password authentication schemes and limited extra storage space , both user authentication and access control can be achieved at the same time .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (user authentication, public key) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction (different modules) with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		INTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL . User authentication and access control are both necessary mechanisms for data protection in a computer system . Traditionally , they are implemented in different modules (respective target, respective call instruction, respective target block) . In this paper , a new solution is presented to provide user authentication (security code) and access control in a single module to avoid any possible security breach between these two protection mechanisms . The secret information required for the whole system is minimised and the difficulty of password comprising increased to improve system security . More importantly , with time complexity of implementation almost equivalent to that found in the normal public key (security code) based password authentication schemes and limited extra storage space , both user authentication and access control can be achieved at the same time .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		INTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL . User authentication and access control are both necessary mechanisms for data protection in a computer system (computer system) . Traditionally , they are implemented in different modules . In this paper , a new solution is presented to provide user authentication and access control in a single module to avoid any possible security breach between these two protection mechanisms . The secret information required for the whole system is minimised and the difficulty of password comprising increased to improve system security . More importantly , with time complexity of implementation almost equivalent to that found in the normal public key based password authentication schemes and limited extra storage space , both user authentication and access control can be achieved at the same time .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		INTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL . User authentication and access control are both necessary mechanisms for data protection in a computer system (computer system) . Traditionally , they are implemented in different modules . In this paper , a new solution is presented to provide user authentication and access control in a single module to avoid any possible security breach between these two protection mechanisms . The secret information required for the whole system is minimised and the difficulty of password comprising increased to improve system security . More importantly , with time complexity of implementation almost equivalent to that found in the normal public key based password authentication schemes and limited extra storage space , both user authentication and access control can be achieved at the same time .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		INTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL . User authentication and access control are both necessary mechanisms for data protection in a computer system (computer system) . Traditionally , they are implemented in different modules . In this paper , a new solution is presented to provide user authentication and access control in a single module to avoid any possible security breach between these two protection mechanisms . The secret information required for the whole system is minimised and the difficulty of password comprising increased to improve system security . More importantly , with time complexity of implementation almost equivalent to that found in the normal public key based password authentication schemes and limited extra storage space , both user authentication and access control can be achieved at the same time .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (user authentication, public key) , when executed , is operable to detect corruption of the protected code . 		INTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL . User authentication and access control are both necessary mechanisms for data protection in a computer system . Traditionally , they are implemented in different modules . In this paper , a new solution is presented to provide user authentication (security code) and access control in a single module to avoid any possible security breach between these two protection mechanisms . The secret information required for the whole system is minimised and the difficulty of password comprising increased to improve system security . More importantly , with time complexity of implementation almost equivalent to that found in the normal public key (security code) based password authentication schemes and limited extra storage space , both user authentication and access control can be achieved at the same time .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (user authentication, public key) is operable to delete the protected code in the event that any corruption is detected . 		INTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL . User authentication and access control are both necessary mechanisms for data protection in a computer system . Traditionally , they are implemented in different modules . In this paper , a new solution is presented to provide user authentication (security code) and access control in a single module to avoid any possible security breach between these two protection mechanisms . The secret information required for the whole system is minimised and the difficulty of password comprising increased to improve system security . More importantly , with time complexity of implementation almost equivalent to that found in the normal public key (security code) based password authentication schemes and limited extra storage space , both user authentication and access control can be achieved at the same time .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (user authentication, public key) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		INTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL . User authentication and access control are both necessary mechanisms for data protection in a computer system . Traditionally , they are implemented in different modules . In this paper , a new solution is presented to provide user authentication (security code) and access control in a single module to avoid any possible security breach between these two protection mechanisms . The secret information required for the whole system is minimised and the difficulty of password comprising increased to improve system security . More importantly , with time complexity of implementation almost equivalent to that found in the normal public key (security code) based password authentication schemes and limited extra storage space , both user authentication and access control can be achieved at the same time .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (user authentication, public key) is embedded within the protected code . 		INTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL . User authentication and access control are both necessary mechanisms for data protection in a computer system . Traditionally , they are implemented in different modules . In this paper , a new solution is presented to provide user authentication (security code) and access control in a single module to avoid any possible security breach between these two protection mechanisms . The secret information required for the whole system is minimised and the difficulty of password comprising increased to improve system security . More importantly , with time complexity of implementation almost equivalent to that found in the normal public key (security code) based password authentication schemes and limited extra storage space , both user authentication and access control can be achieved at the same time .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (user authentication, public key) is embedded at locations which are unused by the protected code . 		INTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL . User authentication and access control are both necessary mechanisms for data protection in a computer system . Traditionally , they are implemented in different modules . In this paper , a new solution is presented to provide user authentication (security code) and access control in a single module to avoid any possible security breach between these two protection mechanisms . The secret information required for the whole system is minimised and the difficulty of password comprising increased to improve system security . More importantly , with time complexity of implementation almost equivalent to that found in the normal public key (security code) based password authentication schemes and limited extra storage space , both user authentication and access control can be achieved at the same time .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (user authentication, public key) and to modify the call instruction to refer to the new location . 		INTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL . User authentication and access control are both necessary mechanisms for data protection in a computer system . Traditionally , they are implemented in different modules . In this paper , a new solution is presented to provide user authentication (security code) and access control in a single module to avoid any possible security breach between these two protection mechanisms . The secret information required for the whole system is minimised and the difficulty of password comprising increased to improve system security . More importantly , with time complexity of implementation almost equivalent to that found in the normal public key (security code) based password authentication schemes and limited extra storage space , both user authentication and access control can be achieved at the same time .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key derived from a respective target (different modules) block . 		INTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL . User authentication and access control are both necessary mechanisms for data protection in a computer system . Traditionally , they are implemented in different modules (respective target, respective call instruction, respective target block) . In this paper , a new solution is presented to provide user authentication and access control in a single module to avoid any possible security breach between these two protection mechanisms . The secret information required for the whole system is minimised and the difficulty of password comprising increased to improve system security . More importantly , with time complexity of implementation almost equivalent to that found in the normal public key based password authentication schemes and limited extra storage space , both user authentication and access control can be achieved at the same time .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		INTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL . User authentication and access control are both necessary mechanisms for data protection in a computer system (computer system) . Traditionally , they are implemented in different modules . In this paper , a new solution is presented to provide user authentication and access control in a single module to avoid any possible security breach between these two protection mechanisms . The secret information required for the whole system is minimised and the difficulty of password comprising increased to improve system security . More importantly , with time complexity of implementation almost equivalent to that found in the normal public key based password authentication schemes and limited extra storage space , both user authentication and access control can be achieved at the same time .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		INTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL . User authentication and access control are both necessary mechanisms for data protection in a computer system (computer system) . Traditionally , they are implemented in different modules . In this paper , a new solution is presented to provide user authentication and access control in a single module to avoid any possible security breach between these two protection mechanisms . The secret information required for the whole system is minimised and the difficulty of password comprising increased to improve system security . More importantly , with time complexity of implementation almost equivalent to that found in the normal public key based password authentication schemes and limited extra storage space , both user authentication and access control can be achieved at the same time .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		INTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL . User authentication and access control are both necessary mechanisms for data protection in a computer system (computer system) . Traditionally , they are implemented in different modules . In this paper , a new solution is presented to provide user authentication and access control in a single module to avoid any possible security breach between these two protection mechanisms . The secret information required for the whole system is minimised and the difficulty of password comprising increased to improve system security . More importantly , with time complexity of implementation almost equivalent to that found in the normal public key based password authentication schemes and limited extra storage space , both user authentication and access control can be achieved at the same time .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (user authentication, public key) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		INTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL . User authentication and access control are both necessary mechanisms for data protection in a computer system . Traditionally , they are implemented in different modules . In this paper , a new solution is presented to provide user authentication (security code) and access control in a single module to avoid any possible security breach between these two protection mechanisms . The secret information required for the whole system is minimised and the difficulty of password comprising increased to improve system security . More importantly , with time complexity of implementation almost equivalent to that found in the normal public key (security code) based password authentication schemes and limited extra storage space , both user authentication and access control can be achieved at the same time .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (user authentication, public key) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		INTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL . User authentication and access control are both necessary mechanisms for data protection in a computer system . Traditionally , they are implemented in different modules . In this paper , a new solution is presented to provide user authentication (security code) and access control in a single module to avoid any possible security breach between these two protection mechanisms . The secret information required for the whole system is minimised and the difficulty of password comprising increased to improve system security . More importantly , with time complexity of implementation almost equivalent to that found in the normal public key (security code) based password authentication schemes and limited extra storage space , both user authentication and access control can be achieved at the same time .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		INTEGRATION OF USER AUTHENTICATION AND ACCESS-CONTROL . User authentication and access control are both necessary mechanisms for data protection in a computer system (computer system) . Traditionally , they are implemented in different modules . In this paper , a new solution is presented to provide user authentication and access control in a single module to avoid any possible security breach between these two protection mechanisms . The secret information required for the whole system is minimised and the difficulty of password comprising increased to improve system security . More importantly , with time complexity of implementation almost equivalent to that found in the normal public key based password authentication schemes and limited extra storage space , both user authentication and access control can be achieved at the same time .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		GB2330932A

Filed: 1998-10-02     Issued: 1999-05-05

Method and system for preventing unauthorized access to a computer program

(Original Assignee) Dell USA LP     (Current Assignee) Dell USA LP

Alan E Beelitz
US7162735B2
CLAIM 1 . Computer software (computer program) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		GB2330932A
CLAIM 22 . A method of preventing unauthorized access to a computer program (Computer software) substantially as described with respect to any one of the accompanying drawings .

US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		GB2330932A
CLAIM 23 . A computer system (computer system) substantially as described with respect to any one of the accompanying drawings .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (unauthorized access) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		GB2330932A
CLAIM 22 . A method of preventing unauthorized access (security code) to a computer program substantially as described with respect to any one of the accompanying drawings .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		GB2330932A
CLAIM 23 . A computer system (computer system) substantially as described with respect to any one of the accompanying drawings .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		GB2330932A
CLAIM 23 . A computer system (computer system) substantially as described with respect to any one of the accompanying drawings .

US7162735B2
CLAIM 7 . Computer software (computer program) which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		GB2330932A
CLAIM 22 . A method of preventing unauthorized access to a computer program (Computer software) substantially as described with respect to any one of the accompanying drawings .

GB2330932A
CLAIM 23 . A computer system (computer system) substantially as described with respect to any one of the accompanying drawings .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (unauthorized access) , when executed , is operable to detect corruption of the protected code . 		GB2330932A
CLAIM 22 . A method of preventing unauthorized access (security code) to a computer program substantially as described with respect to any one of the accompanying drawings .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (unauthorized access) is operable to delete the protected code in the event that any corruption is detected . 		GB2330932A
CLAIM 22 . A method of preventing unauthorized access (security code) to a computer program substantially as described with respect to any one of the accompanying drawings .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (unauthorized access) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		GB2330932A
CLAIM 22 . A method of preventing unauthorized access (security code) to a computer program substantially as described with respect to any one of the accompanying drawings .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (unauthorized access) is embedded within the protected code . 		GB2330932A
CLAIM 22 . A method of preventing unauthorized access (security code) to a computer program substantially as described with respect to any one of the accompanying drawings .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (unauthorized access) is embedded at locations which are unused by the protected code . 		GB2330932A
CLAIM 22 . A method of preventing unauthorized access (security code) to a computer program substantially as described with respect to any one of the accompanying drawings .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (unauthorized access) and to modify the call instruction to refer to the new location . 		GB2330932A
CLAIM 22 . A method of preventing unauthorized access (security code) to a computer program substantially as described with respect to any one of the accompanying drawings .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		GB2330932A
CLAIM 23 . A computer system (computer system) substantially as described with respect to any one of the accompanying drawings .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		GB2330932A
CLAIM 23 . A computer system (computer system) substantially as described with respect to any one of the accompanying drawings .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		GB2330932A
CLAIM 23 . A computer system (computer system) substantially as described with respect to any one of the accompanying drawings .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (unauthorized access) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		GB2330932A
CLAIM 22 . A method of preventing unauthorized access (security code) to a computer program substantially as described with respect to any one of the accompanying drawings .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (unauthorized access) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		GB2330932A
CLAIM 22 . A method of preventing unauthorized access (security code) to a computer program substantially as described with respect to any one of the accompanying drawings .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		GB2330932A
CLAIM 23 . A computer system (computer system) substantially as described with respect to any one of the accompanying drawings .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6052780A

Filed: 1997-07-03     Issued: 2000-04-18

Computer system and process for accessing an encrypted and self-decrypting digital information product while restricting access to decrypted digital information

(Original Assignee) Open Security Solutions LLC     (Current Assignee) RPX Corp ; Open Security Solutions LLC

John J. Glover
US7162735B2
CLAIM 1 . Computer software (program product) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form (program product) by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US6052780A
CLAIM 4 . A computer program product (executable form, Computer software, Computer software operable to provide protection) comprising : a computer readable medium having computer program code defining first executable computer program code and encrypted computer program code stored thereon wherein the first executable computer program code , when read , loaded and executed through an operating system of a computer executes as a first process having a protected memory area , wherein the first process authorizes decryption and decrypts the encrypted computer program code into second executable computer program code and stores the second executable computer program code in the protected memory area ;
and wherein the first process causes loading and execution of the second executable computer program code in the protected memory area .

US7162735B2
CLAIM 3 . A computer system (computer system, readable data) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US6052780A
CLAIM 7 . A computer system (computer system) comprising : a processor for executing computer program code ;
a main memory connected to the processor for storing digital information including executable computer program code at memory locations addressed by the processor ;
and an operating system defined by executable computer program code stored in the memory and executed by the processor and having a command which when executed by the processor defines means for creating a fit process in response to a request specifying a process identifier and a memory location in the main memory , wherein the process identifier indicates a second process making the request and the memory location stores executable computer program code which when executed defines the first process .

US6052780A
CLAIM 21 . A process for providing access to encrypted digital information while maintaining protection against copying of corresponding decrypted digital information , wherein the encrypted digital information is associated with executable computer program code for decrypting the digital information , the process comprising : receiving computer-readable data (computer system) defining the executable computer program code and the encrypted digital information ;
executing the executable computer program code such that the executable computer program code has a protected memory area ;
authorizing decryption ;
and decrypting the encrypted digital information and storing the decrypted digital information in the protected memory area .

US7162735B2
CLAIM 5 . A computer system (computer system, readable data) comprising memory means containing a digital protection arrangement according to claim 4 . 		US6052780A
CLAIM 7 . A computer system (computer system) comprising : a processor for executing computer program code ;
a main memory connected to the processor for storing digital information including executable computer program code at memory locations addressed by the processor ;
and an operating system defined by executable computer program code stored in the memory and executed by the processor and having a command which when executed by the processor defines means for creating a fit process in response to a request specifying a process identifier and a memory location in the main memory , wherein the process identifier indicates a second process making the request and the memory location stores executable computer program code which when executed defines the first process .

US6052780A
CLAIM 21 . A process for providing access to encrypted digital information while maintaining protection against copying of corresponding decrypted digital information , wherein the encrypted digital information is associated with executable computer program code for decrypting the digital information , the process comprising : receiving computer-readable data (computer system) defining the executable computer program code and the encrypted digital information ;
executing the executable computer program code such that the executable computer program code has a protected memory area ;
authorizing decryption ;
and decrypting the encrypted digital information and storing the decrypted digital information in the protected memory area .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system, readable data) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6052780A
CLAIM 7 . A computer system (computer system) comprising : a processor for executing computer program code ;
a main memory connected to the processor for storing digital information including executable computer program code at memory locations addressed by the processor ;
and an operating system defined by executable computer program code stored in the memory and executed by the processor and having a command which when executed by the processor defines means for creating a fit process in response to a request specifying a process identifier and a memory location in the main memory , wherein the process identifier indicates a second process making the request and the memory location stores executable computer program code which when executed defines the first process .

US6052780A
CLAIM 21 . A process for providing access to encrypted digital information while maintaining protection against copying of corresponding decrypted digital information , wherein the encrypted digital information is associated with executable computer program code for decrypting the digital information , the process comprising : receiving computer-readable data (computer system) defining the executable computer program code and the encrypted digital information ;
executing the executable computer program code such that the executable computer program code has a protected memory area ;
authorizing decryption ;
and decrypting the encrypted digital information and storing the decrypted digital information in the protected memory area .

US7162735B2
CLAIM 7 . Computer software (program product) which , when installed on a computer system (computer system, readable data) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6052780A
CLAIM 4 . A computer program product (executable form, Computer software, Computer software operable to provide protection) comprising : a computer readable medium having computer program code defining first executable computer program code and encrypted computer program code stored thereon wherein the first executable computer program code , when read , loaded and executed through an operating system of a computer executes as a first process having a protected memory area , wherein the first process authorizes decryption and decrypts the encrypted computer program code into second executable computer program code and stores the second executable computer program code in the protected memory area ;
and wherein the first process causes loading and execution of the second executable computer program code in the protected memory area .

US6052780A
CLAIM 7 . A computer system (computer system) comprising : a processor for executing computer program code ;
a main memory connected to the processor for storing digital information including executable computer program code at memory locations addressed by the processor ;
and an operating system defined by executable computer program code stored in the memory and executed by the processor and having a command which when executed by the processor defines means for creating a fit process in response to a request specifying a process identifier and a memory location in the main memory , wherein the process identifier indicates a second process making the request and the memory location stores executable computer program code which when executed defines the first process .

US6052780A
CLAIM 21 . A process for providing access to encrypted digital information while maintaining protection against copying of corresponding decrypted digital information , wherein the encrypted digital information is associated with executable computer program code for decrypting the digital information , the process comprising : receiving computer-readable data (computer system) defining the executable computer program code and the encrypted digital information ;
executing the executable computer program code such that the executable computer program code has a protected memory area ;
authorizing decryption ;
and decrypting the encrypted digital information and storing the decrypted digital information in the protected memory area .

US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (memory location) for decryption . 		US6052780A
CLAIM 7 . A computer system comprising : a processor for executing computer program code ;
a main memory connected to the processor for storing digital information including executable computer program code at memory location (executable instructions, executable instruction, decryption instructions, memory location) s addressed by the processor ;
and an operating system defined by executable computer program code stored in the memory and executed by the processor and having a command which when executed by the processor defines means for creating a fit process in response to a request specifying a process identifier and a memory location in the main memory , wherein the process identifier indicates a second process making the request and the memory location stores executable computer program code which when executed defines the first process .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (memory location) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form (program product) by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US6052780A
CLAIM 4 . A computer program product (executable form, Computer software, Computer software operable to provide protection) comprising : a computer readable medium having computer program code defining first executable computer program code and encrypted computer program code stored thereon wherein the first executable computer program code , when read , loaded and executed through an operating system of a computer executes as a first process having a protected memory area , wherein the first process authorizes decryption and decrypts the encrypted computer program code into second executable computer program code and stores the second executable computer program code in the protected memory area ;
and wherein the first process causes loading and execution of the second executable computer program code in the protected memory area .

US6052780A
CLAIM 7 . A computer system comprising : a processor for executing computer program code ;
a main memory connected to the processor for storing digital information including executable computer program code at memory location (executable instructions, executable instruction, decryption instructions, memory location) s addressed by the processor ;
and an operating system defined by executable computer program code stored in the memory and executed by the processor and having a command which when executed by the processor defines means for creating a fit process in response to a request specifying a process identifier and a memory location in the main memory , wherein the process identifier indicates a second process making the request and the memory location stores executable computer program code which when executed defines the first process .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (memory location) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form (program product) . 		US6052780A
CLAIM 4 . A computer program product (executable form, Computer software, Computer software operable to provide protection) comprising : a computer readable medium having computer program code defining first executable computer program code and encrypted computer program code stored thereon wherein the first executable computer program code , when read , loaded and executed through an operating system of a computer executes as a first process having a protected memory area , wherein the first process authorizes decryption and decrypts the encrypted computer program code into second executable computer program code and stores the second executable computer program code in the protected memory area ;
and wherein the first process causes loading and execution of the second executable computer program code in the protected memory area .

US6052780A
CLAIM 7 . A computer system comprising : a processor for executing computer program code ;
a main memory connected to the processor for storing digital information including executable computer program code at memory location (executable instructions, executable instruction, decryption instructions, memory location) s addressed by the processor ;
and an operating system defined by executable computer program code stored in the memory and executed by the processor and having a command which when executed by the processor defines means for creating a fit process in response to a request specifying a process identifier and a memory location in the main memory , wherein the process identifier indicates a second process making the request and the memory location stores executable computer program code which when executed defines the first process .

US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form (program product) for subsequent execution . 		US6052780A
CLAIM 4 . A computer program product (executable form, Computer software, Computer software operable to provide protection) comprising : a computer readable medium having computer program code defining first executable computer program code and encrypted computer program code stored thereon wherein the first executable computer program code , when read , loaded and executed through an operating system of a computer executes as a first process having a protected memory area , wherein the first process authorizes decryption and decrypts the encrypted computer program code into second executable computer program code and stores the second executable computer program code in the protected memory area ;
and wherein the first process causes loading and execution of the second executable computer program code in the protected memory area .

US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form (program product) for subsequent execution . 		US6052780A
CLAIM 4 . A computer program product (executable form, Computer software, Computer software operable to provide protection) comprising : a computer readable medium having computer program code defining first executable computer program code and encrypted computer program code stored thereon wherein the first executable computer program code , when read , loaded and executed through an operating system of a computer executes as a first process having a protected memory area , wherein the first process authorizes decryption and decrypts the encrypted computer program code into second executable computer program code and stores the second executable computer program code in the protected memory area ;
and wherein the first process causes loading and execution of the second executable computer program code in the protected memory area .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (memory location) . 		US6052780A
CLAIM 7 . A computer system comprising : a processor for executing computer program code ;
a main memory connected to the processor for storing digital information including executable computer program code at memory location (executable instructions, executable instruction, decryption instructions, memory location) s addressed by the processor ;
and an operating system defined by executable computer program code stored in the memory and executed by the processor and having a command which when executed by the processor defines means for creating a fit process in response to a request specifying a process identifier and a memory location in the main memory , wherein the process identifier indicates a second process making the request and the memory location stores executable computer program code which when executed defines the first process .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code and/or a data file (data file) . 		US6052780A
CLAIM 5 . The computer program product of claim 4 , wherein the encrypted computer program code and the first executable computer program code are stored in a single data file (data file) accessible through the operating system .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions (memory location) and conversion code with a start point at a memory location (memory location) indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US6052780A
CLAIM 7 . A computer system comprising : a processor for executing computer program code ;
a main memory connected to the processor for storing digital information including executable computer program code at memory location (executable instructions, executable instruction, decryption instructions, memory location) s addressed by the processor ;
and an operating system defined by executable computer program code stored in the memory and executed by the processor and having a command which when executed by the processor defines means for creating a fit process in response to a request specifying a process identifier and a memory location in the main memory , wherein the process identifier indicates a second process making the request and the memory location stores executable computer program code which when executed defines the first process .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system, readable data) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US6052780A
CLAIM 7 . A computer system (computer system) comprising : a processor for executing computer program code ;
a main memory connected to the processor for storing digital information including executable computer program code at memory locations addressed by the processor ;
and an operating system defined by executable computer program code stored in the memory and executed by the processor and having a command which when executed by the processor defines means for creating a fit process in response to a request specifying a process identifier and a memory location in the main memory , wherein the process identifier indicates a second process making the request and the memory location stores executable computer program code which when executed defines the first process .

US6052780A
CLAIM 21 . A process for providing access to encrypted digital information while maintaining protection against copying of corresponding decrypted digital information , wherein the encrypted digital information is associated with executable computer program code for decrypting the digital information , the process comprising : receiving computer-readable data (computer system) defining the executable computer program code and the encrypted digital information ;
executing the executable computer program code such that the executable computer program code has a protected memory area ;
authorizing decryption ;
and decrypting the encrypted digital information and storing the decrypted digital information in the protected memory area .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction (memory location) which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US6052780A
CLAIM 7 . A computer system comprising : a processor for executing computer program code ;
a main memory connected to the processor for storing digital information including executable computer program code at memory location (executable instructions, executable instruction, decryption instructions, memory location) s addressed by the processor ;
and an operating system defined by executable computer program code stored in the memory and executed by the processor and having a command which when executed by the processor defines means for creating a fit process in response to a request specifying a process identifier and a memory location in the main memory , wherein the process identifier indicates a second process making the request and the memory location stores executable computer program code which when executed defines the first process .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system, readable data) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US6052780A
CLAIM 7 . A computer system (computer system) comprising : a processor for executing computer program code ;
a main memory connected to the processor for storing digital information including executable computer program code at memory locations addressed by the processor ;
and an operating system defined by executable computer program code stored in the memory and executed by the processor and having a command which when executed by the processor defines means for creating a fit process in response to a request specifying a process identifier and a memory location in the main memory , wherein the process identifier indicates a second process making the request and the memory location stores executable computer program code which when executed defines the first process .

US6052780A
CLAIM 21 . A process for providing access to encrypted digital information while maintaining protection against copying of corresponding decrypted digital information , wherein the encrypted digital information is associated with executable computer program code for decrypting the digital information , the process comprising : receiving computer-readable data (computer system) defining the executable computer program code and the encrypted digital information ;
executing the executable computer program code such that the executable computer program code has a protected memory area ;
authorizing decryption ;
and decrypting the encrypted digital information and storing the decrypted digital information in the protected memory area .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code is executable to create the steps on each occasion that the executable instruction (memory location) is to be executed . 		US6052780A
CLAIM 7 . A computer system comprising : a processor for executing computer program code ;
a main memory connected to the processor for storing digital information including executable computer program code at memory location (executable instructions, executable instruction, decryption instructions, memory location) s addressed by the processor ;
and an operating system defined by executable computer program code stored in the memory and executed by the processor and having a command which when executed by the processor defines means for creating a fit process in response to a request specifying a process identifier and a memory location in the main memory , wherein the process identifier indicates a second process making the request and the memory location stores executable computer program code which when executed defines the first process .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system, readable data) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US6052780A
CLAIM 7 . A computer system (computer system) comprising : a processor for executing computer program code ;
a main memory connected to the processor for storing digital information including executable computer program code at memory locations addressed by the processor ;
and an operating system defined by executable computer program code stored in the memory and executed by the processor and having a command which when executed by the processor defines means for creating a fit process in response to a request specifying a process identifier and a memory location in the main memory , wherein the process identifier indicates a second process making the request and the memory location stores executable computer program code which when executed defines the first process .

US6052780A
CLAIM 21 . A process for providing access to encrypted digital information while maintaining protection against copying of corresponding decrypted digital information , wherein the encrypted digital information is associated with executable computer program code for decrypting the digital information , the process comprising : receiving computer-readable data (computer system) defining the executable computer program code and the encrypted digital information ;
executing the executable computer program code such that the executable computer program code has a protected memory area ;
authorizing decryption ;
and decrypting the encrypted digital information and storing the decrypted digital information in the protected memory area .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system, readable data) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US6052780A
CLAIM 7 . A computer system (computer system) comprising : a processor for executing computer program code ;
a main memory connected to the processor for storing digital information including executable computer program code at memory locations addressed by the processor ;
and an operating system defined by executable computer program code stored in the memory and executed by the processor and having a command which when executed by the processor defines means for creating a fit process in response to a request specifying a process identifier and a memory location in the main memory , wherein the process identifier indicates a second process making the request and the memory location stores executable computer program code which when executed defines the first process .

US6052780A
CLAIM 21 . A process for providing access to encrypted digital information while maintaining protection against copying of corresponding decrypted digital information , wherein the encrypted digital information is associated with executable computer program code for decrypting the digital information , the process comprising : receiving computer-readable data (computer system) defining the executable computer program code and the encrypted digital information ;
executing the executable computer program code such that the executable computer program code has a protected memory area ;
authorizing decryption ;
and decrypting the encrypted digital information and storing the decrypted digital information in the protected memory area .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5995623A

Filed: 1997-01-27     Issued: 1999-11-30

Information processing apparatus with a software protecting function

(Original Assignee) Fuji Xerox Co Ltd     (Current Assignee) Fuji Xerox Co Ltd

Kenji Kawano, Masahiro Taguchi, Kazuo Saito
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key (encrypting data, function value) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5995623A
CLAIM 8 . An information processing apparatus comprising : determination means for determining an encryption method specified by a combination of an encryption key and an encryption algorithm ;
encryption means for encrypting data (conversion key) to be encrypted by utilizing said encryption method determined by said determination means and generating encrypted data ;
and location means for locating identification data showing said encryption method used for encryption of said encrypted data in intermixed positions in said encrypted data .

US5995623A
CLAIM 23 . An information processing apparatus having an encryption unit and a decryption unit performing encryption of data and decryption of encrypted data respectively , comprising : encryption method selection means for selecting an encryption method specified by a combination of an encryption key and an encryption algorithm ;
encryption means for encrypting data to be encrypted by utilizing said encryption method selected by said selection means to generate encrypted data ;
first computation means for inputting said encrypted data encrypted by said encryption means into a hash function and computing a hash function value (conversion key) ;
hash table for registering a set of values of said hash function corresponding to decryption keys ;
decryption method storing means for storing a decryption method specified by a combination of the decryption key and a decryption algorithm in correspondence with said hash function value computed by said first computation means ;
storing means for storing said encrypted data encrypted by said encryption means ;
second computation means for inputting said encrypted data stored in said storing means into a hash function and computing a hash function value ;
decryption method selection means for selecting a decryption method corresponding to said hash function value computed by said second computation means from said decryption method storing means ;
decryption means for decrypting said encrypted data by utilizing said decryption method selected by said decryption method selection means ;
and information processing means for processing said data decrypted by said decryption means .

US7162735B2
CLAIM 5 . A computer system comprising memory means containing a digital protection (said selection) arrangement according to claim 4 . 		US5995623A
CLAIM 4 . An information processing apparatus having an encryption unit for encrypting inputted data , comprising : selection means for selecting an encryption method specified by a combination of an encryption key and an encryption algorithm ;
encryption means for encrypting said inputted data by utilizing said encryption method selected by said selection (digital protection) means and generating encrypted data ;
computing means for inputting said encrypted data encrypted by said encryption means to a hash function and computing a value of said hash function ;
decryption method storing means for storing a decryption method for decrypting said encrypted data , which is specified by a combination of a decryption key and a decryption algorithm corresponding to a value of said hash function obtained by said computing means ;
and hash table for registering a set of values of said hash function corresponding to decryption keys .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key (encrypting data, function value) from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5995623A
CLAIM 8 . An information processing apparatus comprising : determination means for determining an encryption method specified by a combination of an encryption key and an encryption algorithm ;
encryption means for encrypting data (conversion key) to be encrypted by utilizing said encryption method determined by said determination means and generating encrypted data ;
and location means for locating identification data showing said encryption method used for encryption of said encrypted data in intermixed positions in said encrypted data .

US5995623A
CLAIM 23 . An information processing apparatus having an encryption unit and a decryption unit performing encryption of data and decryption of encrypted data respectively , comprising : encryption method selection means for selecting an encryption method specified by a combination of an encryption key and an encryption algorithm ;
encryption means for encrypting data to be encrypted by utilizing said encryption method selected by said selection means to generate encrypted data ;
first computation means for inputting said encrypted data encrypted by said encryption means into a hash function and computing a hash function value (conversion key) ;
hash table for registering a set of values of said hash function corresponding to decryption keys ;
decryption method storing means for storing a decryption method specified by a combination of the decryption key and a decryption algorithm in correspondence with said hash function value computed by said first computation means ;
storing means for storing said encrypted data encrypted by said encryption means ;
second computation means for inputting said encrypted data stored in said storing means into a hash function and computing a hash function value ;
decryption method selection means for selecting a decryption method corresponding to said hash function value computed by said second computation means from said decryption method storing means ;
decryption means for decrypting said encrypted data by utilizing said decryption method selected by said decryption method selection means ;
and information processing means for processing said data decrypted by said decryption means .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (encrypting data, function value) derived from a respective target block . 		US5995623A
CLAIM 8 . An information processing apparatus comprising : determination means for determining an encryption method specified by a combination of an encryption key and an encryption algorithm ;
encryption means for encrypting data (conversion key) to be encrypted by utilizing said encryption method determined by said determination means and generating encrypted data ;
and location means for locating identification data showing said encryption method used for encryption of said encrypted data in intermixed positions in said encrypted data .

US5995623A
CLAIM 23 . An information processing apparatus having an encryption unit and a decryption unit performing encryption of data and decryption of encrypted data respectively , comprising : encryption method selection means for selecting an encryption method specified by a combination of an encryption key and an encryption algorithm ;
encryption means for encrypting data to be encrypted by utilizing said encryption method selected by said selection means to generate encrypted data ;
first computation means for inputting said encrypted data encrypted by said encryption means into a hash function and computing a hash function value (conversion key) ;
hash table for registering a set of values of said hash function corresponding to decryption keys ;
decryption method storing means for storing a decryption method specified by a combination of the decryption key and a decryption algorithm in correspondence with said hash function value computed by said first computation means ;
storing means for storing said encrypted data encrypted by said encryption means ;
second computation means for inputting said encrypted data stored in said storing means into a hash function and computing a hash function value ;
decryption method selection means for selecting a decryption method corresponding to said hash function value computed by said second computation means from said decryption method storing means ;
decryption means for decrypting said encrypted data by utilizing said decryption method selected by said decryption method selection means ;
and information processing means for processing said data decrypted by said decryption means .

US7162735B2
CLAIM 25 . The arrangement of claim 18 , wherein the or each algorithm for converting code is a CRC algorithm (encryption unit) . 		US5995623A
CLAIM 4 . An information processing apparatus having an encryption unit (CRC algorithm) for encrypting inputted data , comprising : selection means for selecting an encryption method specified by a combination of an encryption key and an encryption algorithm ;
encryption means for encrypting said inputted data by utilizing said encryption method selected by said selection means and generating encrypted data ;
computing means for inputting said encrypted data encrypted by said encryption means to a hash function and computing a value of said hash function ;
decryption method storing means for storing a decryption method for decrypting said encrypted data , which is specified by a combination of a decryption key and a decryption algorithm corresponding to a value of said hash function obtained by said computing means ;
and hash table for registering a set of values of said hash function corresponding to decryption keys .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (processing means) operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US5995623A
CLAIM 20 . An information processing apparatus having an encryption unit and a decryption unit executing encryption of data and decryption of encrypted data , respectively , comprising : separating means for separating inputted data into identification data and data to be encrypted ;
encryption method determination means for determining an encryption method specified by a combination of an encryption key and an encryption algorithm in accordance with said identification data separated by said separating means ;
encryption means for encrypting said data to be encrypted by utilizing said encryption method determined by said encryption method determination means and generating encrypted data having the number of bits same as that of said data to be encrypted ;
location means for locating said identification data showing said encryption method used for encryption of said encrypted data in a predetermined position in said encrypted data ;
storing means for storing said encrypted data in which said identification data is located by said location means ;
separating means for separating said encryption data , in which said identification data is located by said location means , stored in said storing means into identification data and said encrypted data ;
decryption method determination means for determining a decryption method specified by a combination of a decryption key and a decryption algorithm corresponding to said encryption method in accordance with said identification data separated by said separating means ;
decryption means for decrypting said encrypted data to the number of bits same as that of said encrypted data by utilizing said decryption method determined by said decryption method determination means ;
second location means for locating said identification data showing said decryption means determined by said decryption means determination means in a predetermined position in said data decrypted by said decryption means ;
and information processing means (processing means) for processing said data decrypted by said decryption means .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6006328A

Filed: 1996-07-12     Issued: 1999-12-21

Computer software authentication, protection, and security system

(Original Assignee) Christopher N. Drake     

Christopher Nathan Drake
US7162735B2
CLAIM 1 . Computer software (computer program, program product) operable to provide protection for a second item (object movement) of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code (executable code, child processes) which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form (computer program, program product) by means of an algorithm which requires at least one conversion key (cryptographic process) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US6006328A
CLAIM 1 . A computer system having software having input routines with enhanced security features for entry of ID-Data comprising : a processor ;
and a memory , wherein said software stored in said memory when executed by said processor comprises : anti-spy techniques within said input routines which prevent or hamper eavesdropping ;
detect tampering of said software which , upon detection of tampering , either disallow the subsequent entry of ID-Data into said input routines , or which invalidate said ID-Data in order to disallow current and subsequent access to that which said ID-Data would have otherwise allowed ;
and further comprising at least one of the following code contained in said software : code to automatically scan memory of said software one or more times before or during execution of said software to detect tampering ;
code to store or communicate details of detected tampering for later examination , said details including all or part of said tampered software , or other information available to said tampered software from said computer system ;
and code to prevent , or detect and subsequently prevent tracing , or misleading code debuggers and the execution of tracing by utilizing debugger trap facilities for the normal operation of said security-enhanced software , or monitoring system timers or timing-sensitive instructions or monitoring CPU stack contents or monitoring system buffers to detect the activity of code debuggers , or disabling facilities such as , the keyboard , serial ports , printer ports , mouse , screen or system interrupts in order to hamper code debuggers , or testing that the disabled status is still true of said facilities to detect code debuggers , or utilizing system interrupts which would ordinarily be used by code debuggers for the custom purposes of said security-enhanced software , or utilizing CPU instruction caches together with self-modifying code to mislead code debuggers , or scanning or interrogating the operating system or executable-load-process to detect code debugger instructions or environments , characterized in that the program optionally includes a process or multiple processes which are resident or child processes (executable code, executable instructions) of said security-enhanced software which execute during system interrupts of after the parent process has terminated in order to hamper tracing .

US6006328A
CLAIM 8 . A method as claimed in claim 6 wherein : the ease by which faithful replication of said audiovisual component is substantially reduced by inclusion in said audiovisual component the techniques of on screen shadow rendering and/or spot or flood scene fighting effects and/or scene or object shading and/or transparent or translucent objects and/or shiny , reflective , or mirrored objects and/or real-time animation roughly obeying real world gravitational effects and/or single-image-random-dot stereogram bitmaps or backdrops and/or partial scene masking effects and/or full or partial scene distortion or diffraction effects and/or animated objects designed to resist simple hidden-surface removal techniques and/or animated bitmaps and/or audible echo effects and/or differing audio voice effects and/or differing audio volume and/or differing audio tones or pitches ;
wherein , said audiovisual component is optionally immediately recognisable to human beings and includes information which identifies to the user the application to which said audiovisual component belongs ;
wherein , the ease by which faithful replication of said audiovisual component may optionally be further reduced by inclusion in said audiovisual components animation object movement (second item) timing such that at near regular and frequent intervals regularities occur which are obviously recognisable to users of said entry process ;
and preferably , wherein , said entry process including said audiovisual component utilises a substantial portion of the computational resources of said computer system ;
and , wherein , said entry process code responsible for said audiovisual component is coded in the assembly language of the computer system preferably wherein recording said audiovisual component by said computer system is disabled .

US6006328A
CLAIM 11 . A method as claimed in claim 4 wherein said ID-Data or said input information is encrypted by a cryptographic process (conversion key, respective conversion key) or hashed immediately upon entry and a plain text equivalent is not stored by said computer system ;
and/or , wherein disablement of one or more interrupt instructions (or equivalent CPU devices) is utilised to protect said cryptographic or said hash process of said ID-Data to hamper the recovery of said ID-Data by processes other than said entry process .

US6006328A
CLAIM 14 . A method as claimed in claim 4 wherein said input routines or said secure entry process authenticates itself using (a) executable code (executable code, executable instructions) checksums of RAM or other images of its own executable code and/or data , (b) and/or comparison of memory with other stored copies of said executable code , (c) and/or decryption of said entry process (d) and/or detection of executable tampering by examination of the executable' ;
s environment (e) and/or comparison of executable size with expected values (f) and/or by attempting to read past the end of the executable file to determine that the size is correct ;
parts (a) through (f) occurring either upon initial load or during or after execution one or more times or continually during execution .

US6006328A
CLAIM 17 . A computer program (Computer software, executable form, Computer software operable to provide protection) product for requiring the entry of ID-data for access thereto , said program characterized by having an enhanced security structure or features to prevent ID-data eavesdropping or theft or to ensure authenticity , having : a computer readable storage medium for holding codes ;
and further comprising one or more of the following : code for preventing ID-data eavesdropping , by communicating directly with input hardware of a computer ;
code for preventing disassembly thereof , said code for preventing disassembly comprising obfuscating inserts , dummy instructions or executable encryption ;
code for preventing tampering therewith , said code to prevent tampering comprising : code for reading its own image including external or internal memory images or calculating check data associated therewith ;
and code for comparing said read image or calculated check-data with an authentic image or check-data to prevent execution-tracing , and code for disabling interrupts or for performing timing-sensitive instructions between interrupts ;
or , code for ensuring authenticity , by providing an audio or video feedback to an output device to be viewed or heard by an operator .

US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US6006328A
CLAIM 1 . A computer system (computer system) having software having input routines with enhanced security features for entry of ID-Data comprising : a processor ;
and a memory , wherein said software stored in said memory when executed by said processor comprises : anti-spy techniques within said input routines which prevent or hamper eavesdropping ;
detect tampering of said software which , upon detection of tampering , either disallow the subsequent entry of ID-Data into said input routines , or which invalidate said ID-Data in order to disallow current and subsequent access to that which said ID-Data would have otherwise allowed ;
and further comprising at least one of the following code contained in said software : code to automatically scan memory of said software one or more times before or during execution of said software to detect tampering ;
code to store or communicate details of detected tampering for later examination , said details including all or part of said tampered software , or other information available to said tampered software from said computer system ;
and code to prevent , or detect and subsequently prevent tracing , or misleading code debuggers and the execution of tracing by utilizing debugger trap facilities for the normal operation of said security-enhanced software , or monitoring system timers or timing-sensitive instructions or monitoring CPU stack contents or monitoring system buffers to detect the activity of code debuggers , or disabling facilities such as , the keyboard , serial ports , printer ports , mouse , screen or system interrupts in order to hamper code debuggers , or testing that the disabled status is still true of said facilities to detect code debuggers , or utilizing system interrupts which would ordinarily be used by code debuggers for the custom purposes of said security-enhanced software , or utilizing CPU instruction caches together with self-modifying code to mislead code debuggers , or scanning or interrogating the operating system or executable-load-process to detect code debugger instructions or environments , characterized in that the program optionally includes a process or multiple processes which are resident or child processes of said security-enhanced software which execute during system interrupts of after the parent process has terminated in order to hamper tracing .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code (executable code, child processes) , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US6006328A
CLAIM 1 . A computer system having software having input routines with enhanced security features for entry of ID-Data comprising : a processor ;
and a memory , wherein said software stored in said memory when executed by said processor comprises : anti-spy techniques within said input routines which prevent or hamper eavesdropping ;
detect tampering of said software which , upon detection of tampering , either disallow the subsequent entry of ID-Data into said input routines , or which invalidate said ID-Data in order to disallow current and subsequent access to that which said ID-Data would have otherwise allowed ;
and further comprising at least one of the following code contained in said software : code to automatically scan memory of said software one or more times before or during execution of said software to detect tampering ;
code to store or communicate details of detected tampering for later examination , said details including all or part of said tampered software , or other information available to said tampered software from said computer system ;
and code to prevent , or detect and subsequently prevent tracing , or misleading code debuggers and the execution of tracing by utilizing debugger trap facilities for the normal operation of said security-enhanced software , or monitoring system timers or timing-sensitive instructions or monitoring CPU stack contents or monitoring system buffers to detect the activity of code debuggers , or disabling facilities such as , the keyboard , serial ports , printer ports , mouse , screen or system interrupts in order to hamper code debuggers , or testing that the disabled status is still true of said facilities to detect code debuggers , or utilizing system interrupts which would ordinarily be used by code debuggers for the custom purposes of said security-enhanced software , or utilizing CPU instruction caches together with self-modifying code to mislead code debuggers , or scanning or interrogating the operating system or executable-load-process to detect code debugger instructions or environments , characterized in that the program optionally includes a process or multiple processes which are resident or child processes (executable code, executable instructions) of said security-enhanced software which execute during system interrupts of after the parent process has terminated in order to hamper tracing .

US6006328A
CLAIM 14 . A method as claimed in claim 4 wherein said input routines or said secure entry process authenticates itself using (a) executable code (executable code, executable instructions) checksums of RAM or other images of its own executable code and/or data , (b) and/or comparison of memory with other stored copies of said executable code , (c) and/or decryption of said entry process (d) and/or detection of executable tampering by examination of the executable' ;
s environment (e) and/or comparison of executable size with expected values (f) and/or by attempting to read past the end of the executable file to determine that the size is correct ;
parts (a) through (f) occurring either upon initial load or during or after execution one or more times or continually during execution .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means (other input device) containing a digital protection arrangement according to claim 4 . 		US6006328A
CLAIM 1 . A computer system (computer system) having software having input routines with enhanced security features for entry of ID-Data comprising : a processor ;
and a memory , wherein said software stored in said memory when executed by said processor comprises : anti-spy techniques within said input routines which prevent or hamper eavesdropping ;
detect tampering of said software which , upon detection of tampering , either disallow the subsequent entry of ID-Data into said input routines , or which invalidate said ID-Data in order to disallow current and subsequent access to that which said ID-Data would have otherwise allowed ;
and further comprising at least one of the following code contained in said software : code to automatically scan memory of said software one or more times before or during execution of said software to detect tampering ;
code to store or communicate details of detected tampering for later examination , said details including all or part of said tampered software , or other information available to said tampered software from said computer system ;
and code to prevent , or detect and subsequently prevent tracing , or misleading code debuggers and the execution of tracing by utilizing debugger trap facilities for the normal operation of said security-enhanced software , or monitoring system timers or timing-sensitive instructions or monitoring CPU stack contents or monitoring system buffers to detect the activity of code debuggers , or disabling facilities such as , the keyboard , serial ports , printer ports , mouse , screen or system interrupts in order to hamper code debuggers , or testing that the disabled status is still true of said facilities to detect code debuggers , or utilizing system interrupts which would ordinarily be used by code debuggers for the custom purposes of said security-enhanced software , or utilizing CPU instruction caches together with self-modifying code to mislead code debuggers , or scanning or interrogating the operating system or executable-load-process to detect code debugger instructions or environments , characterized in that the program optionally includes a process or multiple processes which are resident or child processes of said security-enhanced software which execute during system interrupts of after the parent process has terminated in order to hamper tracing .

US6006328A
CLAIM 15 . A method as claimed in claim 4 wherein said input routines or said secure entry process : makes use of system interrupts to monitor itself in order to detect alternation of itself ;
incorporates means by which to notify and/or transmit authentication failure details to a third person or process should said self authentication fail , records a log of the usage and/or details of the user of said input routines or said secure entry process ;
incorporates warning s within the executable image indicating that examination and/or tampering is prohibited ;
stores loading and/or decryption routines are stored within the executable image in such a way as they initially replace other entry process routines and upon successful decryption and/or authentication , said other entry process routines are replaced ;
hampers executable-code tracing through control-flow changes in debug environments or through disabling one or more system interrupts and/or disabling the keyboard and/or disabling the mouse or other input device (memory means) s and/or making use of the program stack pointer to discern existence of a debug environment and/or utilising debug interrupts for program code operation and/or self-modification of executable code and/or examination of CPU flag registers and/or verification of disabled interrupts still-disabled state and/or verification of disabled keyboards still-disabled state and/or loading additional executable code into memory during execution ;
includes obfuscating assembly language dummy operation codes or instruction prefixes inserted after one or more unconditional branches to hamper executable disassembly and/or decompilation and/or reverse engineering ;
becomes securely activated by its activation process and/or a host or server computer using a challenge/response activation protocol or using public or private key cryptographic methods ;
and/or becomes stored outside of said computer system memory in encrypted form and/or where said entry process employs techniques to hinder executable-code tracing and/or executable-code disassembly or disclosure or decompilation and/or executable-code tampering and/or executable-code hot-patching and/or reverse-engineering and/or pre , in , or post-execution executable-code recording , copying , eavesdropping or retrieval and/or theft of said input information from keyboard hardware or software or drivers .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6006328A
CLAIM 1 . A computer system (computer system) having software having input routines with enhanced security features for entry of ID-Data comprising : a processor ;
and a memory , wherein said software stored in said memory when executed by said processor comprises : anti-spy techniques within said input routines which prevent or hamper eavesdropping ;
detect tampering of said software which , upon detection of tampering , either disallow the subsequent entry of ID-Data into said input routines , or which invalidate said ID-Data in order to disallow current and subsequent access to that which said ID-Data would have otherwise allowed ;
and further comprising at least one of the following code contained in said software : code to automatically scan memory of said software one or more times before or during execution of said software to detect tampering ;
code to store or communicate details of detected tampering for later examination , said details including all or part of said tampered software , or other information available to said tampered software from said computer system ;
and code to prevent , or detect and subsequently prevent tracing , or misleading code debuggers and the execution of tracing by utilizing debugger trap facilities for the normal operation of said security-enhanced software , or monitoring system timers or timing-sensitive instructions or monitoring CPU stack contents or monitoring system buffers to detect the activity of code debuggers , or disabling facilities such as , the keyboard , serial ports , printer ports , mouse , screen or system interrupts in order to hamper code debuggers , or testing that the disabled status is still true of said facilities to detect code debuggers , or utilizing system interrupts which would ordinarily be used by code debuggers for the custom purposes of said security-enhanced software , or utilizing CPU instruction caches together with self-modifying code to mislead code debuggers , or scanning or interrogating the operating system or executable-load-process to detect code debugger instructions or environments , characterized in that the program optionally includes a process or multiple processes which are resident or child processes of said security-enhanced software which execute during system interrupts of after the parent process has terminated in order to hamper tracing .

US7162735B2
CLAIM 7 . Computer software (computer program, program product) which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6006328A
CLAIM 1 . A computer system (computer system) having software having input routines with enhanced security features for entry of ID-Data comprising : a processor ;
and a memory , wherein said software stored in said memory when executed by said processor comprises : anti-spy techniques within said input routines which prevent or hamper eavesdropping ;
detect tampering of said software which , upon detection of tampering , either disallow the subsequent entry of ID-Data into said input routines , or which invalidate said ID-Data in order to disallow current and subsequent access to that which said ID-Data would have otherwise allowed ;
and further comprising at least one of the following code contained in said software : code to automatically scan memory of said software one or more times before or during execution of said software to detect tampering ;
code to store or communicate details of detected tampering for later examination , said details including all or part of said tampered software , or other information available to said tampered software from said computer system ;
and code to prevent , or detect and subsequently prevent tracing , or misleading code debuggers and the execution of tracing by utilizing debugger trap facilities for the normal operation of said security-enhanced software , or monitoring system timers or timing-sensitive instructions or monitoring CPU stack contents or monitoring system buffers to detect the activity of code debuggers , or disabling facilities such as , the keyboard , serial ports , printer ports , mouse , screen or system interrupts in order to hamper code debuggers , or testing that the disabled status is still true of said facilities to detect code debuggers , or utilizing system interrupts which would ordinarily be used by code debuggers for the custom purposes of said security-enhanced software , or utilizing CPU instruction caches together with self-modifying code to mislead code debuggers , or scanning or interrogating the operating system or executable-load-process to detect code debugger instructions or environments , characterized in that the program optionally includes a process or multiple processes which are resident or child processes of said security-enhanced software which execute during system interrupts of after the parent process has terminated in order to hamper tracing .

US6006328A
CLAIM 17 . A computer program (Computer software, executable form, Computer software operable to provide protection) product for requiring the entry of ID-data for access thereto , said program characterized by having an enhanced security structure or features to prevent ID-data eavesdropping or theft or to ensure authenticity , having : a computer readable storage medium for holding codes ;
and further comprising one or more of the following : code for preventing ID-data eavesdropping , by communicating directly with input hardware of a computer ;
code for preventing disassembly thereof , said code for preventing disassembly comprising obfuscating inserts , dummy instructions or executable encryption ;
code for preventing tampering therewith , said code to prevent tampering comprising : code for reading its own image including external or internal memory images or calculating check data associated therewith ;
and code for comparing said read image or calculated check-data with an authentic image or check-data to prevent execution-tracing , and code for disabling interrupts or for performing timing-sensitive instructions between interrupts ;
or , code for ensuring authenticity , by providing an audio or video feedback to an output device to be viewed or heard by an operator .

US7162735B2
CLAIM 13 . The arrangement of claim 12 , wherein at least one embedding location (watermark information) is identified when the protected code is executed , the security means is written to the embedding location . 		US6006328A
CLAIM 16 . A method as claimed in claim 4 wherein said audiovisual component contains watermark information (embedding location) incorporated into the scene to allow close inspection of said audiovisual component to distinguish between the genuine process and a close replica .

US7162735B2
CLAIM 14 . The arrangement of claim 13 , wherein an embedding location (watermark information) is identified by decompiling the protected code , and analyzing the decompiled code . 		US6006328A
CLAIM 16 . A method as claimed in claim 4 wherein said audiovisual component contains watermark information (embedding location) incorporated into the scene to allow close inspection of said audiovisual component to distinguish between the genuine process and a close replica .

US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (executable code, child processes) for decryption . 		US6006328A
CLAIM 1 . A computer system having software having input routines with enhanced security features for entry of ID-Data comprising : a processor ;
and a memory , wherein said software stored in said memory when executed by said processor comprises : anti-spy techniques within said input routines which prevent or hamper eavesdropping ;
detect tampering of said software which , upon detection of tampering , either disallow the subsequent entry of ID-Data into said input routines , or which invalidate said ID-Data in order to disallow current and subsequent access to that which said ID-Data would have otherwise allowed ;
and further comprising at least one of the following code contained in said software : code to automatically scan memory of said software one or more times before or during execution of said software to detect tampering ;
code to store or communicate details of detected tampering for later examination , said details including all or part of said tampered software , or other information available to said tampered software from said computer system ;
and code to prevent , or detect and subsequently prevent tracing , or misleading code debuggers and the execution of tracing by utilizing debugger trap facilities for the normal operation of said security-enhanced software , or monitoring system timers or timing-sensitive instructions or monitoring CPU stack contents or monitoring system buffers to detect the activity of code debuggers , or disabling facilities such as , the keyboard , serial ports , printer ports , mouse , screen or system interrupts in order to hamper code debuggers , or testing that the disabled status is still true of said facilities to detect code debuggers , or utilizing system interrupts which would ordinarily be used by code debuggers for the custom purposes of said security-enhanced software , or utilizing CPU instruction caches together with self-modifying code to mislead code debuggers , or scanning or interrogating the operating system or executable-load-process to detect code debugger instructions or environments , characterized in that the program optionally includes a process or multiple processes which are resident or child processes (executable code, executable instructions) of said security-enhanced software which execute during system interrupts of after the parent process has terminated in order to hamper tracing .

US6006328A
CLAIM 14 . A method as claimed in claim 4 wherein said input routines or said secure entry process authenticates itself using (a) executable code (executable code, executable instructions) checksums of RAM or other images of its own executable code and/or data , (b) and/or comparison of memory with other stored copies of said executable code , (c) and/or decryption of said entry process (d) and/or detection of executable tampering by examination of the executable' ;
s environment (e) and/or comparison of executable size with expected values (f) and/or by attempting to read past the end of the executable file to determine that the size is correct ;
parts (a) through (f) occurring either upon initial load or during or after execution one or more times or continually during execution .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion (operation code) code operable to : derive a conversion key (cryptographic process) from a target block of data of the arrangement ;

convert the decryption instructions into an executable form (computer program, program product) by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US6006328A
CLAIM 11 . A method as claimed in claim 4 wherein said ID-Data or said input information is encrypted by a cryptographic process (conversion key, respective conversion key) or hashed immediately upon entry and a plain text equivalent is not stored by said computer system ;
and/or , wherein disablement of one or more interrupt instructions (or equivalent CPU devices) is utilised to protect said cryptographic or said hash process of said ID-Data to hamper the recovery of said ID-Data by processes other than said entry process .

US6006328A
CLAIM 15 . A method as claimed in claim 4 wherein said input routines or said secure entry process : makes use of system interrupts to monitor itself in order to detect alternation of itself ;
incorporates means by which to notify and/or transmit authentication failure details to a third person or process should said self authentication fail , records a log of the usage and/or details of the user of said input routines or said secure entry process ;
incorporates warning s within the executable image indicating that examination and/or tampering is prohibited ;
stores loading and/or decryption routines are stored within the executable image in such a way as they initially replace other entry process routines and upon successful decryption and/or authentication , said other entry process routines are replaced ;
hampers executable-code tracing through control-flow changes in debug environments or through disabling one or more system interrupts and/or disabling the keyboard and/or disabling the mouse or other input devices and/or making use of the program stack pointer to discern existence of a debug environment and/or utilising debug interrupts for program code operation and/or self-modification of executable code and/or examination of CPU flag registers and/or verification of disabled interrupts still-disabled state and/or verification of disabled keyboards still-disabled state and/or loading additional executable code into memory during execution ;
includes obfuscating assembly language dummy operation code (executable conversion) s or instruction prefixes inserted after one or more unconditional branches to hamper executable disassembly and/or decompilation and/or reverse engineering ;
becomes securely activated by its activation process and/or a host or server computer using a challenge/response activation protocol or using public or private key cryptographic methods ;
and/or becomes stored outside of said computer system memory in encrypted form and/or where said entry process employs techniques to hinder executable-code tracing and/or executable-code disassembly or disclosure or decompilation and/or executable-code tampering and/or executable-code hot-patching and/or reverse-engineering and/or pre , in , or post-execution executable-code recording , copying , eavesdropping or retrieval and/or theft of said input information from keyboard hardware or software or drivers .

US6006328A
CLAIM 17 . A computer program (Computer software, executable form, Computer software operable to provide protection) product for requiring the entry of ID-data for access thereto , said program characterized by having an enhanced security structure or features to prevent ID-data eavesdropping or theft or to ensure authenticity , having : a computer readable storage medium for holding codes ;
and further comprising one or more of the following : code for preventing ID-data eavesdropping , by communicating directly with input hardware of a computer ;
code for preventing disassembly thereof , said code for preventing disassembly comprising obfuscating inserts , dummy instructions or executable encryption ;
code for preventing tampering therewith , said code to prevent tampering comprising : code for reading its own image including external or internal memory images or calculating check data associated therewith ;
and code for comparing said read image or calculated check-data with an authentic image or check-data to prevent execution-tracing , and code for disabling interrupts or for performing timing-sensitive instructions between interrupts ;
or , code for ensuring authenticity , by providing an audio or video feedback to an output device to be viewed or heard by an operator .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code (executable code, child processes) stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form (computer program, program product) . 		US6006328A
CLAIM 1 . A computer system having software having input routines with enhanced security features for entry of ID-Data comprising : a processor ;
and a memory , wherein said software stored in said memory when executed by said processor comprises : anti-spy techniques within said input routines which prevent or hamper eavesdropping ;
detect tampering of said software which , upon detection of tampering , either disallow the subsequent entry of ID-Data into said input routines , or which invalidate said ID-Data in order to disallow current and subsequent access to that which said ID-Data would have otherwise allowed ;
and further comprising at least one of the following code contained in said software : code to automatically scan memory of said software one or more times before or during execution of said software to detect tampering ;
code to store or communicate details of detected tampering for later examination , said details including all or part of said tampered software , or other information available to said tampered software from said computer system ;
and code to prevent , or detect and subsequently prevent tracing , or misleading code debuggers and the execution of tracing by utilizing debugger trap facilities for the normal operation of said security-enhanced software , or monitoring system timers or timing-sensitive instructions or monitoring CPU stack contents or monitoring system buffers to detect the activity of code debuggers , or disabling facilities such as , the keyboard , serial ports , printer ports , mouse , screen or system interrupts in order to hamper code debuggers , or testing that the disabled status is still true of said facilities to detect code debuggers , or utilizing system interrupts which would ordinarily be used by code debuggers for the custom purposes of said security-enhanced software , or utilizing CPU instruction caches together with self-modifying code to mislead code debuggers , or scanning or interrogating the operating system or executable-load-process to detect code debugger instructions or environments , characterized in that the program optionally includes a process or multiple processes which are resident or child processes (executable code, executable instructions) of said security-enhanced software which execute during system interrupts of after the parent process has terminated in order to hamper tracing .

US6006328A
CLAIM 14 . A method as claimed in claim 4 wherein said input routines or said secure entry process authenticates itself using (a) executable code (executable code, executable instructions) checksums of RAM or other images of its own executable code and/or data , (b) and/or comparison of memory with other stored copies of said executable code , (c) and/or decryption of said entry process (d) and/or detection of executable tampering by examination of the executable' ;
s environment (e) and/or comparison of executable size with expected values (f) and/or by attempting to read past the end of the executable file to determine that the size is correct ;
parts (a) through (f) occurring either upon initial load or during or after execution one or more times or continually during execution .

US6006328A
CLAIM 17 . A computer program (Computer software, executable form, Computer software operable to provide protection) product for requiring the entry of ID-data for access thereto , said program characterized by having an enhanced security structure or features to prevent ID-data eavesdropping or theft or to ensure authenticity , having : a computer readable storage medium for holding codes ;
and further comprising one or more of the following : code for preventing ID-data eavesdropping , by communicating directly with input hardware of a computer ;
code for preventing disassembly thereof , said code for preventing disassembly comprising obfuscating inserts , dummy instructions or executable encryption ;
code for preventing tampering therewith , said code to prevent tampering comprising : code for reading its own image including external or internal memory images or calculating check data associated therewith ;
and code for comparing said read image or calculated check-data with an authentic image or check-data to prevent execution-tracing , and code for disabling interrupts or for performing timing-sensitive instructions between interrupts ;
or , code for ensuring authenticity , by providing an audio or video feedback to an output device to be viewed or heard by an operator .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (cryptographic process) derived from a respective target block . 		US6006328A
CLAIM 11 . A method as claimed in claim 4 wherein said ID-Data or said input information is encrypted by a cryptographic process (conversion key, respective conversion key) or hashed immediately upon entry and a plain text equivalent is not stored by said computer system ;
and/or , wherein disablement of one or more interrupt instructions (or equivalent CPU devices) is utilised to protect said cryptographic or said hash process of said ID-Data to hamper the recovery of said ID-Data by processes other than said entry process .

US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form (computer program, program product) for subsequent execution (computer operating system) . 		US6006328A
CLAIM 4 . A method of providing for a secure entry of ID data or input information in a computer system comprising : a . activating a visual display or animation or audio feedback (hereinafter called an audiovisual component) as part of said secure entry of said ID data or said input information so as to substantially hamper cumulation of a secure entry process ;
and b . audio/visual component feedback comprising at least two of : i) at least part of said input information ;
ii) at least part of information based upon some transformation of at least part of the software comprising said audio or visual component or the computer operating system (subsequent execution) upon which said audio or visual component operates .

US6006328A
CLAIM 17 . A computer program (Computer software, executable form, Computer software operable to provide protection) product for requiring the entry of ID-data for access thereto , said program characterized by having an enhanced security structure or features to prevent ID-data eavesdropping or theft or to ensure authenticity , having : a computer readable storage medium for holding codes ;
and further comprising one or more of the following : code for preventing ID-data eavesdropping , by communicating directly with input hardware of a computer ;
code for preventing disassembly thereof , said code for preventing disassembly comprising obfuscating inserts , dummy instructions or executable encryption ;
code for preventing tampering therewith , said code to prevent tampering comprising : code for reading its own image including external or internal memory images or calculating check data associated therewith ;
and code for comparing said read image or calculated check-data with an authentic image or check-data to prevent execution-tracing , and code for disabling interrupts or for performing timing-sensitive instructions between interrupts ;
or , code for ensuring authenticity , by providing an audio or video feedback to an output device to be viewed or heard by an operator .

US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form (computer program, program product) for subsequent execution (computer operating system) . 		US6006328A
CLAIM 4 . A method of providing for a secure entry of ID data or input information in a computer system comprising : a . activating a visual display or animation or audio feedback (hereinafter called an audiovisual component) as part of said secure entry of said ID data or said input information so as to substantially hamper cumulation of a secure entry process ;
and b . audio/visual component feedback comprising at least two of : i) at least part of said input information ;
ii) at least part of information based upon some transformation of at least part of the software comprising said audio or visual component or the computer operating system (subsequent execution) upon which said audio or visual component operates .

US6006328A
CLAIM 17 . A computer program (Computer software, executable form, Computer software operable to provide protection) product for requiring the entry of ID-data for access thereto , said program characterized by having an enhanced security structure or features to prevent ID-data eavesdropping or theft or to ensure authenticity , having : a computer readable storage medium for holding codes ;
and further comprising one or more of the following : code for preventing ID-data eavesdropping , by communicating directly with input hardware of a computer ;
code for preventing disassembly thereof , said code for preventing disassembly comprising obfuscating inserts , dummy instructions or executable encryption ;
code for preventing tampering therewith , said code to prevent tampering comprising : code for reading its own image including external or internal memory images or calculating check data associated therewith ;
and code for comparing said read image or calculated check-data with an authentic image or check-data to prevent execution-tracing , and code for disabling interrupts or for performing timing-sensitive instructions between interrupts ;
or , code for ensuring authenticity , by providing an audio or video feedback to an output device to be viewed or heard by an operator .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code (executable code, child processes) and/or a data file . 		US6006328A
CLAIM 14 . A method as claimed in claim 4 wherein said input routines or said secure entry process authenticates itself using (a) executable code (executable code, executable instructions) checksums of RAM or other images of its own executable code and/or data , (b) and/or comparison of memory with other stored copies of said executable code , (c) and/or decryption of said entry process (d) and/or detection of executable tampering by examination of the executable' ;
s environment (e) and/or comparison of executable size with expected values (f) and/or by attempting to read past the end of the executable file to determine that the size is correct ;
parts (a) through (f) occurring either upon initial load or during or after execution one or more times or continually during execution .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (visual resolution) operable to execute code , and memory means (other input device) storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion (operation code) code to be executed when seeking to access the protected data . 		US6006328A
CLAIM 10 . A method as claimed in claim 4 wherein : said entry process hampers simple recording by utilising the maximum practicable use of audiovisual framerate , and/or audiovisual resolution (processing means) , and/or screen colours ;
and/or , audiovisual design in said audiovisual component on said computer system , and/or said entry process hampers the compression of recorded output from said audiovisual component by utilising high audiovisual entropy and/or by the inclusion of random or other noise in said audiovisual component ;
wherein , said audiovisual component preferably includes continuous output such that the looping of only a subset of said output shall not reproduce a copy largely indistinguishable to said audiovisual component .

US6006328A
CLAIM 15 . A method as claimed in claim 4 wherein said input routines or said secure entry process : makes use of system interrupts to monitor itself in order to detect alternation of itself ;
incorporates means by which to notify and/or transmit authentication failure details to a third person or process should said self authentication fail , records a log of the usage and/or details of the user of said input routines or said secure entry process ;
incorporates warning s within the executable image indicating that examination and/or tampering is prohibited ;
stores loading and/or decryption routines are stored within the executable image in such a way as they initially replace other entry process routines and upon successful decryption and/or authentication , said other entry process routines are replaced ;
hampers executable-code tracing through control-flow changes in debug environments or through disabling one or more system interrupts and/or disabling the keyboard and/or disabling the mouse or other input device (memory means) s and/or making use of the program stack pointer to discern existence of a debug environment and/or utilising debug interrupts for program code operation and/or self-modification of executable code and/or examination of CPU flag registers and/or verification of disabled interrupts still-disabled state and/or verification of disabled keyboards still-disabled state and/or loading additional executable code into memory during execution ;
includes obfuscating assembly language dummy operation code (executable conversion) s or instruction prefixes inserted after one or more unconditional branches to hamper executable disassembly and/or decompilation and/or reverse engineering ;
becomes securely activated by its activation process and/or a host or server computer using a challenge/response activation protocol or using public or private key cryptographic methods ;
and/or becomes stored outside of said computer system memory in encrypted form and/or where said entry process employs techniques to hinder executable-code tracing and/or executable-code disassembly or disclosure or decompilation and/or executable-code tampering and/or executable-code hot-patching and/or reverse-engineering and/or pre , in , or post-execution executable-code recording , copying , eavesdropping or retrieval and/or theft of said input information from keyboard hardware or software or drivers .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US6006328A
CLAIM 4 . A method of providing for a secure entry of ID data or input information in a computer system (computer system) comprising : a . activating a visual display or animation or audio feedback (hereinafter called an audiovisual component) as part of said secure entry of said ID data or said input information so as to substantially hamper cumulation of a secure entry process ;
and b . audio/visual component feedback comprising at least two of : i) at least part of said input information ;
ii) at least part of information based upon some transformation of at least part of the software comprising said audio or visual component or the computer operating system upon which said audio or visual component operates .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code (executable code, child processes) executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US6006328A
CLAIM 14 . A method as claimed in claim 4 wherein said input routines or said secure entry process authenticates itself using (a) executable code (executable code, executable instructions) checksums of RAM or other images of its own executable code and/or data , (b) and/or comparison of memory with other stored copies of said executable code , (c) and/or decryption of said entry process (d) and/or detection of executable tampering by examination of the executable' ;
s environment (e) and/or comparison of executable size with expected values (f) and/or by attempting to read past the end of the executable file to determine that the size is correct ;
parts (a) through (f) occurring either upon initial load or during or after execution one or more times or continually during execution .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US6006328A
CLAIM 4 . A method of providing for a secure entry of ID data or input information in a computer system (computer system) comprising : a . activating a visual display or animation or audio feedback (hereinafter called an audiovisual component) as part of said secure entry of said ID data or said input information so as to substantially hamper cumulation of a secure entry process ;
and b . audio/visual component feedback comprising at least two of : i) at least part of said input information ;
ii) at least part of information based upon some transformation of at least part of the software comprising said audio or visual component or the computer operating system upon which said audio or visual component operates .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code (executable code, child processes) is executable to create the steps on each occasion that the executable instruction is to be executed . 		US6006328A
CLAIM 14 . A method as claimed in claim 4 wherein said input routines or said secure entry process authenticates itself using (a) executable code (executable code, executable instructions) checksums of RAM or other images of its own executable code and/or data , (b) and/or comparison of memory with other stored copies of said executable code , (c) and/or decryption of said entry process (d) and/or detection of executable tampering by examination of the executable' ;
s environment (e) and/or comparison of executable size with expected values (f) and/or by attempting to read past the end of the executable file to determine that the size is correct ;
parts (a) through (f) occurring either upon initial load or during or after execution one or more times or continually during execution .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code (executable code, child processes) executable to create a first part (moving parts) of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US6006328A
CLAIM 6 . A method as claimed in claim 4 wherein said audiovisual component comprises moving parts (first part) and/or includes 2 , 5-dimensional animation or 3-dimensional animation , and/or , said audiovisual component includes a representation of said input information , preferably comprising (a) display of a single graphical object , and/or (b) production of a single audio-feedback sequence , after the entry of all or part of said input information .

US6006328A
CLAIM 14 . A method as claimed in claim 4 wherein said input routines or said secure entry process authenticates itself using (a) executable code (executable code, executable instructions) checksums of RAM or other images of its own executable code and/or data , (b) and/or comparison of memory with other stored copies of said executable code , (c) and/or decryption of said entry process (d) and/or detection of executable tampering by examination of the executable' ;
s environment (e) and/or comparison of executable size with expected values (f) and/or by attempting to read past the end of the executable file to determine that the size is correct ;
parts (a) through (f) occurring either upon initial load or during or after execution one or more times or continually during execution .

US7162735B2
CLAIM 36 . The arrangement of claim 34 , wherein the executable code (executable code, child processes) is executable to create corrupt data in addition to each part of protected code . 		US6006328A
CLAIM 14 . A method as claimed in claim 4 wherein said input routines or said secure entry process authenticates itself using (a) executable code (executable code, executable instructions) checksums of RAM or other images of its own executable code and/or data , (b) and/or comparison of memory with other stored copies of said executable code , (c) and/or decryption of said entry process (d) and/or detection of executable tampering by examination of the executable' ;
s environment (e) and/or comparison of executable size with expected values (f) and/or by attempting to read past the end of the executable file to determine that the size is correct ;
parts (a) through (f) occurring either upon initial load or during or after execution one or more times or continually during execution .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US6006328A
CLAIM 4 . A method of providing for a secure entry of ID data or input information in a computer system (computer system) comprising : a . activating a visual display or animation or audio feedback (hereinafter called an audiovisual component) as part of said secure entry of said ID data or said input information so as to substantially hamper cumulation of a secure entry process ;
and b . audio/visual component feedback comprising at least two of : i) at least part of said input information ;
ii) at least part of information based upon some transformation of at least part of the software comprising said audio or visual component or the computer operating system upon which said audio or visual component operates .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code (executable code, child processes) and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions (stack pointer) to refer to the new location . 		US6006328A
CLAIM 14 . A method as claimed in claim 4 wherein said input routines or said secure entry process authenticates itself using (a) executable code (executable code, executable instructions) checksums of RAM or other images of its own executable code and/or data , (b) and/or comparison of memory with other stored copies of said executable code , (c) and/or decryption of said entry process (d) and/or detection of executable tampering by examination of the executable' ;
s environment (e) and/or comparison of executable size with expected values (f) and/or by attempting to read past the end of the executable file to determine that the size is correct ;
parts (a) through (f) occurring either upon initial load or during or after execution one or more times or continually during execution .

US6006328A
CLAIM 15 . A method as claimed in claim 4 wherein said input routines or said secure entry process : makes use of system interrupts to monitor itself in order to detect alternation of itself ;
incorporates means by which to notify and/or transmit authentication failure details to a third person or process should said self authentication fail , records a log of the usage and/or details of the user of said input routines or said secure entry process ;
incorporates warning s within the executable image indicating that examination and/or tampering is prohibited ;
stores loading and/or decryption routines are stored within the executable image in such a way as they initially replace other entry process routines and upon successful decryption and/or authentication , said other entry process routines are replaced ;
hampers executable-code tracing through control-flow changes in debug environments or through disabling one or more system interrupts and/or disabling the keyboard and/or disabling the mouse or other input devices and/or making use of the program stack pointer (remaining call instructions) to discern existence of a debug environment and/or utilising debug interrupts for program code operation and/or self-modification of executable code and/or examination of CPU flag registers and/or verification of disabled interrupts still-disabled state and/or verification of disabled keyboards still-disabled state and/or loading additional executable code into memory during execution ;
includes obfuscating assembly language dummy operation codes or instruction prefixes inserted after one or more unconditional branches to hamper executable disassembly and/or decompilation and/or reverse engineering ;
becomes securely activated by its activation process and/or a host or server computer using a challenge/response activation protocol or using public or private key cryptographic methods ;
and/or becomes stored outside of said computer system memory in encrypted form and/or where said entry process employs techniques to hinder executable-code tracing and/or executable-code disassembly or disclosure or decompilation and/or executable-code tampering and/or executable-code hot-patching and/or reverse-engineering and/or pre , in , or post-execution executable-code recording , copying , eavesdropping or retrieval and/or theft of said input information from keyboard hardware or software or drivers .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US6006328A
CLAIM 4 . A method of providing for a secure entry of ID data or input information in a computer system (computer system) comprising : a . activating a visual display or animation or audio feedback (hereinafter called an audiovisual component) as part of said secure entry of said ID data or said input information so as to substantially hamper cumulation of a secure entry process ;
and b . audio/visual component feedback comprising at least two of : i) at least part of said input information ;
ii) at least part of information based upon some transformation of at least part of the software comprising said audio or visual component or the computer operating system upon which said audio or visual component operates .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		EP0768601A1

Filed: 1996-04-18     Issued: 1997-04-16

Device for executing enciphered program

(Original Assignee) Casio Computer Co Ltd     (Current Assignee) Casio Computer Co Ltd

Takayuki Hirotani
US7162735B2
CLAIM 1 . Computer software (inputting means) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		EP0768601A1
CLAIM 5 The encrypted program executing apparatus according to claim 1 , which further comprises : means for inputting a program ;
third memory means for storing a specific information of the apparatus , and in which    when said inputting means (Computer software) inputs a program including a password calculation program which is encrypted , said CPU decrypts the password calculation program , stores the decrypted password calculation program in said second memory means , calculates the password based on the specific information using the decrypted password calculation program , and compares the calculated password and a password input by a user .

US7162735B2
CLAIM 5 . A computer system comprising memory means (memory means) containing a digital protection arrangement according to claim 4 . 		EP0768601A1
CLAIM 1 An encrypted program executing apparatus for executing an encrypted program at least a part of which is encrypted , the apparatus comprising : first memory means (memory means) for storing a decrypting program ;
means for decrypting the encrypted program by using the decrypting program stored in said first memory means ;
second memory means for storing a program decrypted by said decrypting means ;
and means for inhibiting the decrypted program stored in said second memory means from being read out .

US7162735B2
CLAIM 7 . Computer software (inputting means) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		EP0768601A1
CLAIM 5 The encrypted program executing apparatus according to claim 1 , which further comprises : means for inputting a program ;
third memory means for storing a specific information of the apparatus , and in which    when said inputting means (Computer software) inputs a program including a password calculation program which is encrypted , said CPU decrypts the password calculation program , stores the decrypted password calculation program in said second memory means , calculates the password based on the specific information using the decrypted password calculation program , and compares the calculated password and a password input by a user .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (memory means) storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		EP0768601A1
CLAIM 1 An encrypted program executing apparatus for executing an encrypted program at least a part of which is encrypted , the apparatus comprising : first memory means (memory means) for storing a decrypting program ;
means for decrypting the encrypted program by using the decrypting program stored in said first memory means ;
second memory means for storing a program decrypted by said decrypting means ;
and means for inhibiting the decrypted program stored in said second memory means from being read out .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		EP0727746A2

Filed: 1996-02-13     Issued: 1996-08-21

Method and system for encoding and decoding software

(Original Assignee) Fujitsu Ltd     (Current Assignee) Fujitsu Ltd

Ryota C/O Fujitsu Limited Akiyama, Makoto C/O Fujitsu Limited Yoshioka
US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (key information) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		EP0727746A2
CLAIM 2 The software encoding and decoding method as claimed in claim 1 , wherein said software decoding step further includes a step for decoding said encoded software with the information of said combination of the algorithms and key information (security code) of the algorithms .

US7162735B2
CLAIM 5 . A computer system comprising memory means containing a digital protection (said selection) arrangement according to claim 4 . 		EP0727746A2
CLAIM 3 A software encoding system comprising :    software provision means for providing software ;
   basic algorithm provision means for providing a plurality of algorithms ;
   selection means for selecting at least two basic algorithms from the plurality of algorithms provided by said algorithm provision means ;
   encoding execution means for encoding software read out from said software provision means by using said at least two basic algorithms selectively combined with said selection (digital protection) means ;
and    output means for outputting encoded software outputted from the encoding execution means .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (key information) , when executed , is operable to detect corruption of the protected code . 		EP0727746A2
CLAIM 2 The software encoding and decoding method as claimed in claim 1 , wherein said software decoding step further includes a step for decoding said encoded software with the information of said combination of the algorithms and key information (security code) of the algorithms .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (key information) is operable to delete the protected code in the event that any corruption is detected . 		EP0727746A2
CLAIM 2 The software encoding and decoding method as claimed in claim 1 , wherein said software decoding step further includes a step for decoding said encoded software with the information of said combination of the algorithms and key information (security code) of the algorithms .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (key information) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		EP0727746A2
CLAIM 2 The software encoding and decoding method as claimed in claim 1 , wherein said software decoding step further includes a step for decoding said encoded software with the information of said combination of the algorithms and key information (security code) of the algorithms .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (key information) is embedded within the protected code . 		EP0727746A2
CLAIM 2 The software encoding and decoding method as claimed in claim 1 , wherein said software decoding step further includes a step for decoding said encoded software with the information of said combination of the algorithms and key information (security code) of the algorithms .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (key information) is embedded at locations which are unused by the protected code . 		EP0727746A2
CLAIM 2 The software encoding and decoding method as claimed in claim 1 , wherein said software decoding step further includes a step for decoding said encoded software with the information of said combination of the algorithms and key information (security code) of the algorithms .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (key information) and to modify the call instruction to refer to the new location . 		EP0727746A2
CLAIM 2 The software encoding and decoding method as claimed in claim 1 , wherein said software decoding step further includes a step for decoding said encoded software with the information of said combination of the algorithms and key information (security code) of the algorithms .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location (specified number) indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		EP0727746A2
CLAIM 5 The software encoding apparatus as claimed in claim 3 , wherein said encoding execution means divides a read-out software into bit groups of a predetermined number , each bit group having specified number (memory location) of bits , performs encoding processing in a parallel fashion for each of said bit group of bits with said at least two basic algorithms that is selectively combined with said selection means , and combines said bit groups that has been combined .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (key information) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		EP0727746A2
CLAIM 2 The software encoding and decoding method as claimed in claim 1 , wherein said software decoding step further includes a step for decoding said encoded software with the information of said combination of the algorithms and key information (security code) of the algorithms .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (key information) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		EP0727746A2
CLAIM 2 The software encoding and decoding method as claimed in claim 1 , wherein said software decoding step further includes a step for decoding said encoded software with the information of said combination of the algorithms and key information (security code) of the algorithms .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5081675A

Filed: 1989-11-13     Issued: 1992-01-14

System for protection of software in memory against unauthorized use

(Original Assignee) Kitti Kittirutsunetorn     

Kitti Kittirutsunetorn
US7162735B2
CLAIM 1 . Computer software (address space) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5081675A
CLAIM 5 . The data protection system of claim 4 wherein an address space (Computer software) defined by the memory locations of the first memory means is divided into a plurality of address spans , and wherein protected datawords stored in a first of the memory spans are scrambled in accordance with a first address scrambling algorithm and wherein datawords stored in a second of the memory spans are scrambled in accordance with a different , second address scrambling algorithm .

US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US5081675A
CLAIM 16 . A computer system (computer system) structured to discourage unauthorized use of software stored therein , the system comprising : a data processing unit ;
a system bus operatively coupled to the data processing unit for opening carrying address signals generated by the data processing unit , data signals produced or used by the data processing unit and cipher-key signals generated by the data processing unit ;
address scrambling means operatively coupled to the system bus to receive the address signals and cipher-key signals of the system bus for scrambling the address signals of the system bus in accordance with one of a plurality of predefined scrambling algorithms selected by a cipher-key signal received over the system bus to thereby produce corresponding scrambled-address signals ;
and dataword storing means operatively coupled to the address scrambling means to receive the scrambled-address signals produced by the scrambling means and to output data signals representing datawords stored in locations of the dataword storing means as indicated by the received scrambled-address signals , wherein the dataword storing means stores key-generating datawords which are used by the data processing unit to generate the cipher-key signals and file-specified datawords which are used by the data processing unit to carry out operations specified by a source file , the file-specified datawords being distributed among the locations of the storing means such that one or more appropriate cipher-key signals must be generated by the data processing unit to select an appropriate one or more of the predefined scrambling algorithms if the operations specified by the source file are to be appropriately carried out .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means (different address) containing a digital protection (stored information) arrangement according to claim 4 . 		US5081675A
CLAIM 1 . A method for protecting datawords within a source-file from unauthorized use after information representative of such datawords is stored in a randomly addressable memory unit having accessible and number data storing locations , the method comprising the steps of : defining a first sequence in which information pieces representative of two or more datawords of the source-file are to be accessed by a prescribed data processing unit ;
storing said information pieces which are representative of the source-file datawords in the numbered locations of the memory unit according to a second sequence such that the numbered locations of the memory unit need to be addressed in a sequence different from the predefined first sequence if the stored information (digital protection) pieces are to be accessed by the data processing unit according to the first sequence ;
storing key-generating data in the memory unit for generating descrambling key signals ;
and providing descramble means , coupled to the memory unit and responsive to the descrambling key signals , for addressing the numbered locations of the memory unit so as to enable the data processing unit to access the information pieces from the memory unit in accordance with the first sequence .

US5081675A
CLAIM 13 . The data protection system of claim 4 wherein the address scrambling means is programmable on the fly such that a different address (memory means) scrambling algorithm may be selected by applying a new key word to the key input port of the address scrambling means .

US5081675A
CLAIM 16 . A computer system (computer system) structured to discourage unauthorized use of software stored therein , the system comprising : a data processing unit ;
a system bus operatively coupled to the data processing unit for opening carrying address signals generated by the data processing unit , data signals produced or used by the data processing unit and cipher-key signals generated by the data processing unit ;
address scrambling means operatively coupled to the system bus to receive the address signals and cipher-key signals of the system bus for scrambling the address signals of the system bus in accordance with one of a plurality of predefined scrambling algorithms selected by a cipher-key signal received over the system bus to thereby produce corresponding scrambled-address signals ;
and dataword storing means operatively coupled to the address scrambling means to receive the scrambled-address signals produced by the scrambling means and to output data signals representing datawords stored in locations of the dataword storing means as indicated by the received scrambled-address signals , wherein the dataword storing means stores key-generating datawords which are used by the data processing unit to generate the cipher-key signals and file-specified datawords which are used by the data processing unit to carry out operations specified by a source file , the file-specified datawords being distributed among the locations of the storing means such that one or more appropriate cipher-key signals must be generated by the data processing unit to select an appropriate one or more of the predefined scrambling algorithms if the operations specified by the source file are to be appropriately carried out .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5081675A
CLAIM 16 . A computer system (computer system) structured to discourage unauthorized use of software stored therein , the system comprising : a data processing unit ;
a system bus operatively coupled to the data processing unit for opening carrying address signals generated by the data processing unit , data signals produced or used by the data processing unit and cipher-key signals generated by the data processing unit ;
address scrambling means operatively coupled to the system bus to receive the address signals and cipher-key signals of the system bus for scrambling the address signals of the system bus in accordance with one of a plurality of predefined scrambling algorithms selected by a cipher-key signal received over the system bus to thereby produce corresponding scrambled-address signals ;
and dataword storing means operatively coupled to the address scrambling means to receive the scrambled-address signals produced by the scrambling means and to output data signals representing datawords stored in locations of the dataword storing means as indicated by the received scrambled-address signals , wherein the dataword storing means stores key-generating datawords which are used by the data processing unit to generate the cipher-key signals and file-specified datawords which are used by the data processing unit to carry out operations specified by a source file , the file-specified datawords being distributed among the locations of the storing means such that one or more appropriate cipher-key signals must be generated by the data processing unit to select an appropriate one or more of the predefined scrambling algorithms if the operations specified by the source file are to be appropriately carried out .

US7162735B2
CLAIM 7 . Computer software (address space) which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5081675A
CLAIM 5 . The data protection system of claim 4 wherein an address space (Computer software) defined by the memory locations of the first memory means is divided into a plurality of address spans , and wherein protected datawords stored in a first of the memory spans are scrambled in accordance with a first address scrambling algorithm and wherein datawords stored in a second of the memory spans are scrambled in accordance with a different , second address scrambling algorithm .

US5081675A
CLAIM 16 . A computer system (computer system) structured to discourage unauthorized use of software stored therein , the system comprising : a data processing unit ;
a system bus operatively coupled to the data processing unit for opening carrying address signals generated by the data processing unit , data signals produced or used by the data processing unit and cipher-key signals generated by the data processing unit ;
address scrambling means operatively coupled to the system bus to receive the address signals and cipher-key signals of the system bus for scrambling the address signals of the system bus in accordance with one of a plurality of predefined scrambling algorithms selected by a cipher-key signal received over the system bus to thereby produce corresponding scrambled-address signals ;
and dataword storing means operatively coupled to the address scrambling means to receive the scrambled-address signals produced by the scrambling means and to output data signals representing datawords stored in locations of the dataword storing means as indicated by the received scrambled-address signals , wherein the dataword storing means stores key-generating datawords which are used by the data processing unit to generate the cipher-key signals and file-specified datawords which are used by the data processing unit to carry out operations specified by a source file , the file-specified datawords being distributed among the locations of the storing means such that one or more appropriate cipher-key signals must be generated by the data processing unit to select an appropriate one or more of the predefined scrambling algorithms if the operations specified by the source file are to be appropriately carried out .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		US5081675A
CLAIM 3 . The method of claim 1 further comprising the step of securely housing said descramble means and said memory (relocation code) unit in a security housing such that descrambled address signals transmitted from the descramble means to the memory unit are not accessible outside the security housing .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US5081675A
CLAIM 3 . The method of claim 1 further comprising the step of securely housing said descramble means and said memory (relocation code) unit in a security housing such that descrambled address signals transmitted from the descramble means to the memory unit are not accessible outside the security housing .

US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (memory location, accessible memory) for decryption . 		US5081675A
CLAIM 4 . A data protection system comprising : (a) first memory means , having addressable memory location (memory location, decryption instructions, executable instructions, executable instruction) s , an address port and a data port , the first memory means being for storing protected datawords in the addressable memory locations where each protected dataword is associated with a source-file address different from a storage address defining the location in the first memory means where the protected dataword is stored . the address port of said first memory means being provided for receiving a storage address signal and the data port being provided for outputting a dataword signal representing a dataword stored in the addressable memory location designated by the storage address signal received at the address port ;
(b) data requesting means for supplying a data-request signal representative of the source-file address of a desired dataword ;
and (c) address scrambling means , coupled to the data requesting means the address port of the first memory means , for scrambling in accordance with one of a plurality of address scrambling algorithms the data-request signal supplied by the data requesting means to thereby produce and apply to the address port of the first memory means a scrambled storage address signal which is either representative or not representative of the storage address of the dataword associated with the source-file address represented by the data-request signal ;
where the address scrambling means has a key input port for receiving a key work which designates one of the plurality of address scrambling algorithms which may be carried out by the address scrambling means as the one to be carried out , where an appropriate key word is required for selecting the one address scrambling algorithm which will convert a data-request signal representative of the source-file address into a scrambled storage address signal representative of the storage address of the dataword desired by the data requesting means , and where said first memory means stores information representative of at least one appropriate key .

US5081675A
CLAIM 20 . A method for protecting information in a source file from unauthorized use after data representing the source file is stored in a content-accessible memory (memory location, decryption instructions, executable instructions, executable instruction) unit , the memory comprising : partitioning the source file into a plurality of segments each to be scrambled by a different scrambling algorithm ;
storing the data representing each segment in locations of the memory unit according to the different scrambling algorithms ;
and storing descramble keys in said memory unit .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (memory location, accessible memory) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion (address signals) code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5081675A
CLAIM 3 . The method of claim 1 further comprising the step of securely housing said descramble means and said memory unit in a security housing such that descrambled address signals (executable conversion) transmitted from the descramble means to the memory unit are not accessible outside the security housing .

US5081675A
CLAIM 4 . A data protection system comprising : (a) first memory means , having addressable memory location (memory location, decryption instructions, executable instructions, executable instruction) s , an address port and a data port , the first memory means being for storing protected datawords in the addressable memory locations where each protected dataword is associated with a source-file address different from a storage address defining the location in the first memory means where the protected dataword is stored . the address port of said first memory means being provided for receiving a storage address signal and the data port being provided for outputting a dataword signal representing a dataword stored in the addressable memory location designated by the storage address signal received at the address port ;
(b) data requesting means for supplying a data-request signal representative of the source-file address of a desired dataword ;
and (c) address scrambling means , coupled to the data requesting means the address port of the first memory means , for scrambling in accordance with one of a plurality of address scrambling algorithms the data-request signal supplied by the data requesting means to thereby produce and apply to the address port of the first memory means a scrambled storage address signal which is either representative or not representative of the storage address of the dataword associated with the source-file address represented by the data-request signal ;
where the address scrambling means has a key input port for receiving a key work which designates one of the plurality of address scrambling algorithms which may be carried out by the address scrambling means as the one to be carried out , where an appropriate key word is required for selecting the one address scrambling algorithm which will convert a data-request signal representative of the source-file address into a scrambled storage address signal representative of the storage address of the dataword desired by the data requesting means , and where said first memory means stores information representative of at least one appropriate key .

US5081675A
CLAIM 20 . A method for protecting information in a source file from unauthorized use after data representing the source file is stored in a content-accessible memory (memory location, decryption instructions, executable instructions, executable instruction) unit , the memory comprising : partitioning the source file into a plurality of segments each to be scrambled by a different scrambling algorithm ;
storing the data representing each segment in locations of the memory unit according to the different scrambling algorithms ;
and storing descramble keys in said memory unit .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (memory location, accessible memory) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		US5081675A
CLAIM 4 . A data protection system comprising : (a) first memory means , having addressable memory location (memory location, decryption instructions, executable instructions, executable instruction) s , an address port and a data port , the first memory means being for storing protected datawords in the addressable memory locations where each protected dataword is associated with a source-file address different from a storage address defining the location in the first memory means where the protected dataword is stored . the address port of said first memory means being provided for receiving a storage address signal and the data port being provided for outputting a dataword signal representing a dataword stored in the addressable memory location designated by the storage address signal received at the address port ;
(b) data requesting means for supplying a data-request signal representative of the source-file address of a desired dataword ;
and (c) address scrambling means , coupled to the data requesting means the address port of the first memory means , for scrambling in accordance with one of a plurality of address scrambling algorithms the data-request signal supplied by the data requesting means to thereby produce and apply to the address port of the first memory means a scrambled storage address signal which is either representative or not representative of the storage address of the dataword associated with the source-file address represented by the data-request signal ;
where the address scrambling means has a key input port for receiving a key work which designates one of the plurality of address scrambling algorithms which may be carried out by the address scrambling means as the one to be carried out , where an appropriate key word is required for selecting the one address scrambling algorithm which will convert a data-request signal representative of the source-file address into a scrambled storage address signal representative of the storage address of the dataword desired by the data requesting means , and where said first memory means stores information representative of at least one appropriate key .

US5081675A
CLAIM 20 . A method for protecting information in a source file from unauthorized use after data representing the source file is stored in a content-accessible memory (memory location, decryption instructions, executable instructions, executable instruction) unit , the memory comprising : partitioning the source file into a plurality of segments each to be scrambled by a different scrambling algorithm ;
storing the data representing each segment in locations of the memory unit according to the different scrambling algorithms ;
and storing descramble keys in said memory unit .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (memory location, accessible memory) . 		US5081675A
CLAIM 4 . A data protection system comprising : (a) first memory means , having addressable memory location (memory location, decryption instructions, executable instructions, executable instruction) s , an address port and a data port , the first memory means being for storing protected datawords in the addressable memory locations where each protected dataword is associated with a source-file address different from a storage address defining the location in the first memory means where the protected dataword is stored . the address port of said first memory means being provided for receiving a storage address signal and the data port being provided for outputting a dataword signal representing a dataword stored in the addressable memory location designated by the storage address signal received at the address port ;
(b) data requesting means for supplying a data-request signal representative of the source-file address of a desired dataword ;
and (c) address scrambling means , coupled to the data requesting means the address port of the first memory means , for scrambling in accordance with one of a plurality of address scrambling algorithms the data-request signal supplied by the data requesting means to thereby produce and apply to the address port of the first memory means a scrambled storage address signal which is either representative or not representative of the storage address of the dataword associated with the source-file address represented by the data-request signal ;
where the address scrambling means has a key input port for receiving a key work which designates one of the plurality of address scrambling algorithms which may be carried out by the address scrambling means as the one to be carried out , where an appropriate key word is required for selecting the one address scrambling algorithm which will convert a data-request signal representative of the source-file address into a scrambled storage address signal representative of the storage address of the dataword desired by the data requesting means , and where said first memory means stores information representative of at least one appropriate key .

US5081675A
CLAIM 20 . A method for protecting information in a source file from unauthorized use after data representing the source file is stored in a content-accessible memory (memory location, decryption instructions, executable instructions, executable instruction) unit , the memory comprising : partitioning the source file into a plurality of segments each to be scrambled by a different scrambling algorithm ;
storing the data representing each segment in locations of the memory unit according to the different scrambling algorithms ;
and storing descramble keys in said memory unit .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code and/or a data file (second address) . 		US5081675A
CLAIM 5 . The data protection system of claim 4 wherein an address space defined by the memory locations of the first memory means is divided into a plurality of address spans , and wherein protected datawords stored in a first of the memory spans are scrambled in accordance with a first address scrambling algorithm and wherein datawords stored in a second of the memory spans are scrambled in accordance with a different , second address (data file) scrambling algorithm .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (different address) storing the protected data , decryption instructions (memory location, accessible memory) and conversion code with a start point at a memory location (memory location, accessible memory) indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion (address signals) code to be executed when seeking to access the protected data . 		US5081675A
CLAIM 3 . The method of claim 1 further comprising the step of securely housing said descramble means and said memory unit in a security housing such that descrambled address signals (executable conversion) transmitted from the descramble means to the memory unit are not accessible outside the security housing .

US5081675A
CLAIM 4 . A data protection system comprising : (a) first memory means , having addressable memory location (memory location, decryption instructions, executable instructions, executable instruction) s , an address port and a data port , the first memory means being for storing protected datawords in the addressable memory locations where each protected dataword is associated with a source-file address different from a storage address defining the location in the first memory means where the protected dataword is stored . the address port of said first memory means being provided for receiving a storage address signal and the data port being provided for outputting a dataword signal representing a dataword stored in the addressable memory location designated by the storage address signal received at the address port ;
(b) data requesting means for supplying a data-request signal representative of the source-file address of a desired dataword ;
and (c) address scrambling means , coupled to the data requesting means the address port of the first memory means , for scrambling in accordance with one of a plurality of address scrambling algorithms the data-request signal supplied by the data requesting means to thereby produce and apply to the address port of the first memory means a scrambled storage address signal which is either representative or not representative of the storage address of the dataword associated with the source-file address represented by the data-request signal ;
where the address scrambling means has a key input port for receiving a key work which designates one of the plurality of address scrambling algorithms which may be carried out by the address scrambling means as the one to be carried out , where an appropriate key word is required for selecting the one address scrambling algorithm which will convert a data-request signal representative of the source-file address into a scrambled storage address signal representative of the storage address of the dataword desired by the data requesting means , and where said first memory means stores information representative of at least one appropriate key .

US5081675A
CLAIM 13 . The data protection system of claim 4 wherein the address scrambling means is programmable on the fly such that a different address (memory means) scrambling algorithm may be selected by applying a new key word to the key input port of the address scrambling means .

US5081675A
CLAIM 20 . A method for protecting information in a source file from unauthorized use after data representing the source file is stored in a content-accessible memory (memory location, decryption instructions, executable instructions, executable instruction) unit , the memory comprising : partitioning the source file into a plurality of segments each to be scrambled by a different scrambling algorithm ;
storing the data representing each segment in locations of the memory unit according to the different scrambling algorithms ;
and storing descramble keys in said memory unit .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5081675A
CLAIM 16 . A computer system (computer system) structured to discourage unauthorized use of software stored therein , the system comprising : a data processing unit ;
a system bus operatively coupled to the data processing unit for opening carrying address signals generated by the data processing unit , data signals produced or used by the data processing unit and cipher-key signals generated by the data processing unit ;
address scrambling means operatively coupled to the system bus to receive the address signals and cipher-key signals of the system bus for scrambling the address signals of the system bus in accordance with one of a plurality of predefined scrambling algorithms selected by a cipher-key signal received over the system bus to thereby produce corresponding scrambled-address signals ;
and dataword storing means operatively coupled to the address scrambling means to receive the scrambled-address signals produced by the scrambling means and to output data signals representing datawords stored in locations of the dataword storing means as indicated by the received scrambled-address signals , wherein the dataword storing means stores key-generating datawords which are used by the data processing unit to generate the cipher-key signals and file-specified datawords which are used by the data processing unit to carry out operations specified by a source file , the file-specified datawords being distributed among the locations of the storing means such that one or more appropriate cipher-key signals must be generated by the data processing unit to select an appropriate one or more of the predefined scrambling algorithms if the operations specified by the source file are to be appropriately carried out .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction (memory location, accessible memory) which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5081675A
CLAIM 4 . A data protection system comprising : (a) first memory means , having addressable memory location (memory location, decryption instructions, executable instructions, executable instruction) s , an address port and a data port , the first memory means being for storing protected datawords in the addressable memory locations where each protected dataword is associated with a source-file address different from a storage address defining the location in the first memory means where the protected dataword is stored . the address port of said first memory means being provided for receiving a storage address signal and the data port being provided for outputting a dataword signal representing a dataword stored in the addressable memory location designated by the storage address signal received at the address port ;
(b) data requesting means for supplying a data-request signal representative of the source-file address of a desired dataword ;
and (c) address scrambling means , coupled to the data requesting means the address port of the first memory means , for scrambling in accordance with one of a plurality of address scrambling algorithms the data-request signal supplied by the data requesting means to thereby produce and apply to the address port of the first memory means a scrambled storage address signal which is either representative or not representative of the storage address of the dataword associated with the source-file address represented by the data-request signal ;
where the address scrambling means has a key input port for receiving a key work which designates one of the plurality of address scrambling algorithms which may be carried out by the address scrambling means as the one to be carried out , where an appropriate key word is required for selecting the one address scrambling algorithm which will convert a data-request signal representative of the source-file address into a scrambled storage address signal representative of the storage address of the dataword desired by the data requesting means , and where said first memory means stores information representative of at least one appropriate key .

US5081675A
CLAIM 20 . A method for protecting information in a source file from unauthorized use after data representing the source file is stored in a content-accessible memory (memory location, decryption instructions, executable instructions, executable instruction) unit , the memory comprising : partitioning the source file into a plurality of segments each to be scrambled by a different scrambling algorithm ;
storing the data representing each segment in locations of the memory unit according to the different scrambling algorithms ;
and storing descramble keys in said memory unit .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5081675A
CLAIM 16 . A computer system (computer system) structured to discourage unauthorized use of software stored therein , the system comprising : a data processing unit ;
a system bus operatively coupled to the data processing unit for opening carrying address signals generated by the data processing unit , data signals produced or used by the data processing unit and cipher-key signals generated by the data processing unit ;
address scrambling means operatively coupled to the system bus to receive the address signals and cipher-key signals of the system bus for scrambling the address signals of the system bus in accordance with one of a plurality of predefined scrambling algorithms selected by a cipher-key signal received over the system bus to thereby produce corresponding scrambled-address signals ;
and dataword storing means operatively coupled to the address scrambling means to receive the scrambled-address signals produced by the scrambling means and to output data signals representing datawords stored in locations of the dataword storing means as indicated by the received scrambled-address signals , wherein the dataword storing means stores key-generating datawords which are used by the data processing unit to generate the cipher-key signals and file-specified datawords which are used by the data processing unit to carry out operations specified by a source file , the file-specified datawords being distributed among the locations of the storing means such that one or more appropriate cipher-key signals must be generated by the data processing unit to select an appropriate one or more of the predefined scrambling algorithms if the operations specified by the source file are to be appropriately carried out .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code is executable to create the steps on each occasion that the executable instruction (memory location, accessible memory) is to be executed . 		US5081675A
CLAIM 4 . A data protection system comprising : (a) first memory means , having addressable memory location (memory location, decryption instructions, executable instructions, executable instruction) s , an address port and a data port , the first memory means being for storing protected datawords in the addressable memory locations where each protected dataword is associated with a source-file address different from a storage address defining the location in the first memory means where the protected dataword is stored . the address port of said first memory means being provided for receiving a storage address signal and the data port being provided for outputting a dataword signal representing a dataword stored in the addressable memory location designated by the storage address signal received at the address port ;
(b) data requesting means for supplying a data-request signal representative of the source-file address of a desired dataword ;
and (c) address scrambling means , coupled to the data requesting means the address port of the first memory means , for scrambling in accordance with one of a plurality of address scrambling algorithms the data-request signal supplied by the data requesting means to thereby produce and apply to the address port of the first memory means a scrambled storage address signal which is either representative or not representative of the storage address of the dataword associated with the source-file address represented by the data-request signal ;
where the address scrambling means has a key input port for receiving a key work which designates one of the plurality of address scrambling algorithms which may be carried out by the address scrambling means as the one to be carried out , where an appropriate key word is required for selecting the one address scrambling algorithm which will convert a data-request signal representative of the source-file address into a scrambled storage address signal representative of the storage address of the dataword desired by the data requesting means , and where said first memory means stores information representative of at least one appropriate key .

US5081675A
CLAIM 20 . A method for protecting information in a source file from unauthorized use after data representing the source file is stored in a content-accessible memory (memory location, decryption instructions, executable instructions, executable instruction) unit , the memory comprising : partitioning the source file into a plurality of segments each to be scrambled by a different scrambling algorithm ;
storing the data representing each segment in locations of the memory unit according to the different scrambling algorithms ;
and storing descramble keys in said memory unit .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5081675A
CLAIM 16 . A computer system (computer system) structured to discourage unauthorized use of software stored therein , the system comprising : a data processing unit ;
a system bus operatively coupled to the data processing unit for opening carrying address signals generated by the data processing unit , data signals produced or used by the data processing unit and cipher-key signals generated by the data processing unit ;
address scrambling means operatively coupled to the system bus to receive the address signals and cipher-key signals of the system bus for scrambling the address signals of the system bus in accordance with one of a plurality of predefined scrambling algorithms selected by a cipher-key signal received over the system bus to thereby produce corresponding scrambled-address signals ;
and dataword storing means operatively coupled to the address scrambling means to receive the scrambled-address signals produced by the scrambling means and to output data signals representing datawords stored in locations of the dataword storing means as indicated by the received scrambled-address signals , wherein the dataword storing means stores key-generating datawords which are used by the data processing unit to generate the cipher-key signals and file-specified datawords which are used by the data processing unit to carry out operations specified by a source file , the file-specified datawords being distributed among the locations of the storing means such that one or more appropriate cipher-key signals must be generated by the data processing unit to select an appropriate one or more of the predefined scrambling algorithms if the operations specified by the source file are to be appropriately carried out .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5081675A
CLAIM 3 . The method of claim 1 further comprising the step of securely housing said descramble means and said memory (relocation code) unit in a security housing such that descrambled address signals transmitted from the descramble means to the memory unit are not accessible outside the security housing .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5081675A
CLAIM 3 . The method of claim 1 further comprising the step of securely housing said descramble means and said memory (relocation code) unit in a security housing such that descrambled address signals transmitted from the descramble means to the memory unit are not accessible outside the security housing .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5081675A
CLAIM 16 . A computer system (computer system) structured to discourage unauthorized use of software stored therein , the system comprising : a data processing unit ;
a system bus operatively coupled to the data processing unit for opening carrying address signals generated by the data processing unit , data signals produced or used by the data processing unit and cipher-key signals generated by the data processing unit ;
address scrambling means operatively coupled to the system bus to receive the address signals and cipher-key signals of the system bus for scrambling the address signals of the system bus in accordance with one of a plurality of predefined scrambling algorithms selected by a cipher-key signal received over the system bus to thereby produce corresponding scrambled-address signals ;
and dataword storing means operatively coupled to the address scrambling means to receive the scrambled-address signals produced by the scrambling means and to output data signals representing datawords stored in locations of the dataword storing means as indicated by the received scrambled-address signals , wherein the dataword storing means stores key-generating datawords which are used by the data processing unit to generate the cipher-key signals and file-specified datawords which are used by the data processing unit to carry out operations specified by a source file , the file-specified datawords being distributed among the locations of the storing means such that one or more appropriate cipher-key signals must be generated by the data processing unit to select an appropriate one or more of the predefined scrambling algorithms if the operations specified by the source file are to be appropriately carried out .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US4888802A

Filed: 1988-06-17     Issued: 1989-12-19

System and method for providing for secure encryptor key management

(Original Assignee) NCR Corp     (Current Assignee) NCR Corp

Henry G. Cooney
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key (encryption keys) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US4888802A
CLAIM 3 . A system for providing secure key management and storage comprising : a host system including a processor for executing instructions ;
an encryption module for encrypting/decrypting data and encryption keys (conversion key, respective conversion key) ;
said encryption module comprising : an enciphering chip having a decrypt key register and a port for entering data therein ;
a static RAM having a first area for storing master keys , a second area for storing working keys , and a third area for storing general purpose data ;
an interface means for controlling the flow of data on said encryption module ;
and a bus directly coupling said port of said enciphering chip with said static RAM and said interface means ;
and said system also including a system bus coupling said processor with said interface means ;
said processor being effective to install said master keys in said first area ;
and said interface means being effective after said processor installs said master keys in said first area to disconnect said second bus from said first bus with regard to accessing said master keys whenever one of said master keys is withdrawn from said first area and transferred to said decrypt key register via said port so as to effectively make said static RAM a write only RAM as far as said processor is concerned and so as to make said master and working keys unavailable to said processor for reading .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction (executing instructions) with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US4888802A
CLAIM 1 . A system for providing secure key management and storage comprising : a host terminal including a processor for executing instructions (executable instruction, call instruction) ;
an encryption module for encrypting/decrypting data ;
and a first bus for coupling said encryption module with said host terminal ;
said encryption module comprising : a data ciphering chip for encrypting/decrypting data ;
storing means including a static RAM for storing at least a key therein ;
a second bus for directly coupling said storing means with said data ciphering chip for transferring key to said ciphering chip for use thereby and for transferring said key back to said static RAM ;
interface means for coupling said second bus with said first bus ;
said processor being effective to install said key in said static RAM of said storing means ;
and said interface means having means for uncoupling said second bus from said first bus with regard to accessing said key whenever said key is to appear on said second bus after being installed in said storing means by said processor so as to effectively make said RAM a hardware extension of said data ciphering chip and so as to make said key unavailable to said host terminal for reading said key .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction (executing instructions) and the security code , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US4888802A
CLAIM 1 . A system for providing secure key management and storage comprising : a host terminal including a processor for executing instructions (executable instruction, call instruction) ;
an encryption module for encrypting/decrypting data ;
and a first bus for coupling said encryption module with said host terminal ;
said encryption module comprising : a data ciphering chip for encrypting/decrypting data ;
storing means including a static RAM for storing at least a key therein ;
a second bus for directly coupling said storing means with said data ciphering chip for transferring key to said ciphering chip for use thereby and for transferring said key back to said static RAM ;
interface means for coupling said second bus with said first bus ;
said processor being effective to install said key in said static RAM of said storing means ;
and said interface means having means for uncoupling said second bus from said first bus with regard to accessing said key whenever said key is to appear on said second bus after being installed in said storing means by said processor so as to effectively make said RAM a hardware extension of said data ciphering chip and so as to make said key unavailable to said host terminal for reading said key .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code and to modify the call instruction (executing instructions) to refer to the new location . 		US4888802A
CLAIM 1 . A system for providing secure key management and storage comprising : a host terminal including a processor for executing instructions (executable instruction, call instruction) ;
an encryption module for encrypting/decrypting data ;
and a first bus for coupling said encryption module with said host terminal ;
said encryption module comprising : a data ciphering chip for encrypting/decrypting data ;
storing means including a static RAM for storing at least a key therein ;
a second bus for directly coupling said storing means with said data ciphering chip for transferring key to said ciphering chip for use thereby and for transferring said key back to said static RAM ;
interface means for coupling said second bus with said first bus ;
said processor being effective to install said key in said static RAM of said storing means ;
and said interface means having means for uncoupling said second bus from said first bus with regard to accessing said key whenever said key is to appear on said second bus after being installed in said storing means by said processor so as to effectively make said RAM a hardware extension of said data ciphering chip and so as to make said key unavailable to said host terminal for reading said key .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key (encryption keys) from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US4888802A
CLAIM 3 . A system for providing secure key management and storage comprising : a host system including a processor for executing instructions ;
an encryption module for encrypting/decrypting data and encryption keys (conversion key, respective conversion key) ;
said encryption module comprising : an enciphering chip having a decrypt key register and a port for entering data therein ;
a static RAM having a first area for storing master keys , a second area for storing working keys , and a third area for storing general purpose data ;
an interface means for controlling the flow of data on said encryption module ;
and a bus directly coupling said port of said enciphering chip with said static RAM and said interface means ;
and said system also including a system bus coupling said processor with said interface means ;
said processor being effective to install said master keys in said first area ;
and said interface means being effective after said processor installs said master keys in said first area to disconnect said second bus from said first bus with regard to accessing said master keys whenever one of said master keys is withdrawn from said first area and transferred to said decrypt key register via said port so as to effectively make said static RAM a write only RAM as far as said processor is concerned and so as to make said master and working keys unavailable to said processor for reading .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (encryption keys) derived from a respective target block . 		US4888802A
CLAIM 3 . A system for providing secure key management and storage comprising : a host system including a processor for executing instructions ;
an encryption module for encrypting/decrypting data and encryption keys (conversion key, respective conversion key) ;
said encryption module comprising : an enciphering chip having a decrypt key register and a port for entering data therein ;
a static RAM having a first area for storing master keys , a second area for storing working keys , and a third area for storing general purpose data ;
an interface means for controlling the flow of data on said encryption module ;
and a bus directly coupling said port of said enciphering chip with said static RAM and said interface means ;
and said system also including a system bus coupling said processor with said interface means ;
said processor being effective to install said master keys in said first area ;
and said interface means being effective after said processor installs said master keys in said first area to disconnect said second bus from said first bus with regard to accessing said master keys whenever one of said master keys is withdrawn from said first area and transferred to said decrypt key register via said port so as to effectively make said static RAM a write only RAM as far as said processor is concerned and so as to make said master and working keys unavailable to said processor for reading .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction (executing instructions) which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US4888802A
CLAIM 1 . A system for providing secure key management and storage comprising : a host terminal including a processor for executing instructions (executable instruction, call instruction) ;
an encryption module for encrypting/decrypting data ;
and a first bus for coupling said encryption module with said host terminal ;
said encryption module comprising : a data ciphering chip for encrypting/decrypting data ;
storing means including a static RAM for storing at least a key therein ;
a second bus for directly coupling said storing means with said data ciphering chip for transferring key to said ciphering chip for use thereby and for transferring said key back to said static RAM ;
interface means for coupling said second bus with said first bus ;
said processor being effective to install said key in said static RAM of said storing means ;
and said interface means having means for uncoupling said second bus from said first bus with regard to accessing said key whenever said key is to appear on said second bus after being installed in said storing means by said processor so as to effectively make said RAM a hardware extension of said data ciphering chip and so as to make said key unavailable to said host terminal for reading said key .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code is executable to create the steps on each occasion that the executable instruction (executing instructions) is to be executed . 		US4888802A
CLAIM 1 . A system for providing secure key management and storage comprising : a host terminal including a processor for executing instructions (executable instruction, call instruction) ;
an encryption module for encrypting/decrypting data ;
and a first bus for coupling said encryption module with said host terminal ;
said encryption module comprising : a data ciphering chip for encrypting/decrypting data ;
storing means including a static RAM for storing at least a key therein ;
a second bus for directly coupling said storing means with said data ciphering chip for transferring key to said ciphering chip for use thereby and for transferring said key back to said static RAM ;
interface means for coupling said second bus with said first bus ;
said processor being effective to install said key in said static RAM of said storing means ;
and said interface means having means for uncoupling said second bus from said first bus with regard to accessing said key whenever said key is to appear on said second bus after being installed in said storing means by said processor so as to effectively make said RAM a hardware extension of said data ciphering chip and so as to make said key unavailable to said host terminal for reading said key .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part (first area) of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US4888802A
CLAIM 3 . A system for providing secure key management and storage comprising : a host system including a processor for executing instructions ;
an encryption module for encrypting/decrypting data and encryption keys ;
said encryption module comprising : an enciphering chip having a decrypt key register and a port for entering data therein ;
a static RAM having a first area (second part) for storing master keys , a second area for storing working keys , and a third area for storing general purpose data ;
an interface means for controlling the flow of data on said encryption module ;
and a bus directly coupling said port of said enciphering chip with said static RAM and said interface means ;
and said system also including a system bus coupling said processor with said interface means ;
said processor being effective to install said master keys in said first area ;
and said interface means being effective after said processor installs said master keys in said first area to disconnect said second bus from said first bus with regard to accessing said master keys whenever one of said master keys is withdrawn from said first area and transferred to said decrypt key register via said port so as to effectively make said static RAM a write only RAM as far as said processor is concerned and so as to make said master and working keys unavailable to said processor for reading .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code , wherein : the protected code comprises at least one call instruction (executing instructions) to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US4888802A
CLAIM 1 . A system for providing secure key management and storage comprising : a host terminal including a processor for executing instructions (executable instruction, call instruction) ;
an encryption module for encrypting/decrypting data ;
and a first bus for coupling said encryption module with said host terminal ;
said encryption module comprising : a data ciphering chip for encrypting/decrypting data ;
storing means including a static RAM for storing at least a key therein ;
a second bus for directly coupling said storing means with said data ciphering chip for transferring key to said ciphering chip for use thereby and for transferring said key back to said static RAM ;
interface means for coupling said second bus with said first bus ;
said processor being effective to install said key in said static RAM of said storing means ;
and said interface means having means for uncoupling said second bus from said first bus with regard to accessing said key whenever said key is to appear on said second bus after being installed in said storing means by said processor so as to effectively make said RAM a hardware extension of said data ciphering chip and so as to make said key unavailable to said host terminal for reading said key .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction (executing instructions) , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US4888802A
CLAIM 1 . A system for providing secure key management and storage comprising : a host terminal including a processor for executing instructions (executable instruction, call instruction) ;
an encryption module for encrypting/decrypting data ;
and a first bus for coupling said encryption module with said host terminal ;
said encryption module comprising : a data ciphering chip for encrypting/decrypting data ;
storing means including a static RAM for storing at least a key therein ;
a second bus for directly coupling said storing means with said data ciphering chip for transferring key to said ciphering chip for use thereby and for transferring said key back to said static RAM ;
interface means for coupling said second bus with said first bus ;
said processor being effective to install said key in said static RAM of said storing means ;
and said interface means having means for uncoupling said second bus from said first bus with regard to accessing said key whenever said key is to appear on said second bus after being installed in said storing means by said processor so as to effectively make said RAM a hardware extension of said data ciphering chip and so as to make said key unavailable to said host terminal for reading said key .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		GB2140592A

Filed: 1984-04-26     Issued: 1984-11-28

Memory unit comprising a memory and a protection unit

(Original Assignee) Koninklijke Philips NV     (Current Assignee) Koninklijke Philips NV

Cecil Herts Kaplinsky
US7162735B2
CLAIM 4 . A digital data (Data processing system) arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		GB2140592A
CLAIM 1 . Data processing system (digital data, digital protection, digital data protection arrangement, digital data arrangement comprising executable code) comprising a data processor and a memory unitwhich comprises a protection unit and a memory for the storage of at least one program comprising a plurality of program words , said memory having a portforthe exchange of information words , each information word comprises a program word and his respective address word , said protection unit comprises : : - recognition means having a first input connected to said port and being provided for recognizing out ofthe flux of information words at said port those which belong to a predetermined group wherein the information words have a program word which comprises an address part for addressing a further program word , said recognition means being further provided for generating a command signal thereupon ;
-first modification means , having a second input connected to said port and a third input connected to said recognition means for receiving said command signal , said first modification means being provided for applying under control of said command signal a first modification operation on a received program word , said first modification means being connected to a first data output of said memory unit ;
said data processor comprises : - a data input connected to said first data output for receiving data signals -a program counter which is settable under control of received data signals ;
- a first address output connected to a first address input ofthe memory unit for supplying address signals in a sequence determined by said program counter ;
characterized in that , said first modification operation being applied on the address part of said program word upon which the command signal was generated , said protection unitfurther comprises second modification means , having a fourth input connected to said first address input and a second address output connected with said port , said second modification means being provided for applying a second modification operation upon a received address signal in order to compensate for the first modification operation .

US7162735B2
CLAIM 5 . A computer system comprising memory means containing a digital protection (Data processing system) arrangement according to claim 4 . 		GB2140592A
CLAIM 1 . Data processing system (digital data, digital protection, digital data protection arrangement, digital data arrangement comprising executable code) comprising a data processor and a memory unitwhich comprises a protection unit and a memory for the storage of at least one program comprising a plurality of program words , said memory having a portforthe exchange of information words , each information word comprises a program word and his respective address word , said protection unit comprises : : - recognition means having a first input connected to said port and being provided for recognizing out ofthe flux of information words at said port those which belong to a predetermined group wherein the information words have a program word which comprises an address part for addressing a further program word , said recognition means being further provided for generating a command signal thereupon ;
-first modification means , having a second input connected to said port and a third input connected to said recognition means for receiving said command signal , said first modification means being provided for applying under control of said command signal a first modification operation on a received program word , said first modification means being connected to a first data output of said memory unit ;
said data processor comprises : - a data input connected to said first data output for receiving data signals -a program counter which is settable under control of received data signals ;
- a first address output connected to a first address input ofthe memory unit for supplying address signals in a sequence determined by said program counter ;
characterized in that , said first modification operation being applied on the address part of said program word upon which the command signal was generated , said protection unitfurther comprises second modification means , having a fourth input connected to said first address input and a second address output connected with said port , said second modification means being provided for applying a second modification operation upon a received address signal in order to compensate for the first modification operation .

US7162735B2
CLAIM 6 . A data carrier (chip surface) containing software which , when installed on a computer system , is operable as a digital data (Data processing system) protection arrangement in accordance with claim 4 . 		GB2140592A
CLAIM 1 . Data processing system (digital data, digital protection, digital data protection arrangement, digital data arrangement comprising executable code) comprising a data processor and a memory unitwhich comprises a protection unit and a memory for the storage of at least one program comprising a plurality of program words , said memory having a portforthe exchange of information words , each information word comprises a program word and his respective address word , said protection unit comprises : : - recognition means having a first input connected to said port and being provided for recognizing out ofthe flux of information words at said port those which belong to a predetermined group wherein the information words have a program word which comprises an address part for addressing a further program word , said recognition means being further provided for generating a command signal thereupon ;
-first modification means , having a second input connected to said port and a third input connected to said recognition means for receiving said command signal , said first modification means being provided for applying under control of said command signal a first modification operation on a received program word , said first modification means being connected to a first data output of said memory unit ;
said data processor comprises : - a data input connected to said first data output for receiving data signals -a program counter which is settable under control of received data signals ;
- a first address output connected to a first address input ofthe memory unit for supplying address signals in a sequence determined by said program counter ;
characterized in that , said first modification operation being applied on the address part of said program word upon which the command signal was generated , said protection unitfurther comprises second modification means , having a fourth input connected to said first address input and a second address output connected with said port , said second modification means being provided for applying a second modification operation upon a received address signal in order to compensate for the first modification operation .

GB2140592A
CLAIM 14 . A memory unit as claimed in Claim 12 , characterized in that the memory unit is constructed using an integrated circuit technique , and that the memory and the protection unit are integrated on the same chip surface (data carrier) .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system , is operable as a digital data (Data processing system) protection arrangement in accordance with claim 4 . 		GB2140592A
CLAIM 1 . Data processing system (digital data, digital protection, digital data protection arrangement, digital data arrangement comprising executable code) comprising a data processor and a memory unitwhich comprises a protection unit and a memory for the storage of at least one program comprising a plurality of program words , said memory having a portforthe exchange of information words , each information word comprises a program word and his respective address word , said protection unit comprises : : - recognition means having a first input connected to said port and being provided for recognizing out ofthe flux of information words at said port those which belong to a predetermined group wherein the information words have a program word which comprises an address part for addressing a further program word , said recognition means being further provided for generating a command signal thereupon ;
-first modification means , having a second input connected to said port and a third input connected to said recognition means for receiving said command signal , said first modification means being provided for applying under control of said command signal a first modification operation on a received program word , said first modification means being connected to a first data output of said memory unit ;
said data processor comprises : - a data input connected to said first data output for receiving data signals -a program counter which is settable under control of received data signals ;
- a first address output connected to a first address input ofthe memory unit for supplying address signals in a sequence determined by said program counter ;
characterized in that , said first modification operation being applied on the address part of said program word upon which the command signal was generated , said protection unitfurther comprises second modification means , having a fourth input connected to said first address input and a second address output connected with said port , said second modification means being provided for applying a second modification operation upon a received address signal in order to compensate for the first modification operation .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		GB2140592A
CLAIM 1 . Data processing system comprising a data processor and a memory unitwhich comprises a protection unit and a memory for the storage of at least one program comprising a plurality of program words , said memory (relocation code) having a portforthe exchange of information words , each information word comprises a program word and his respective address word , said protection unit comprises : : - recognition means having a first input connected to said port and being provided for recognizing out ofthe flux of information words at said port those which belong to a predetermined group wherein the information words have a program word which comprises an address part for addressing a further program word , said recognition means being further provided for generating a command signal thereupon ;
-first modification means , having a second input connected to said port and a third input connected to said recognition means for receiving said command signal , said first modification means being provided for applying under control of said command signal a first modification operation on a received program word , said first modification means being connected to a first data output of said memory unit ;
said data processor comprises : - a data input connected to said first data output for receiving data signals -a program counter which is settable under control of received data signals ;
- a first address output connected to a first address input ofthe memory unit for supplying address signals in a sequence determined by said program counter ;
characterized in that , said first modification operation being applied on the address part of said program word upon which the command signal was generated , said protection unitfurther comprises second modification means , having a fourth input connected to said first address input and a second address output connected with said port , said second modification means being provided for applying a second modification operation upon a received address signal in order to compensate for the first modification operation .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		GB2140592A
CLAIM 1 . Data processing system comprising a data processor and a memory unitwhich comprises a protection unit and a memory for the storage of at least one program comprising a plurality of program words , said memory (relocation code) having a portforthe exchange of information words , each information word comprises a program word and his respective address word , said protection unit comprises : : - recognition means having a first input connected to said port and being provided for recognizing out ofthe flux of information words at said port those which belong to a predetermined group wherein the information words have a program word which comprises an address part for addressing a further program word , said recognition means being further provided for generating a command signal thereupon ;
-first modification means , having a second input connected to said port and a third input connected to said recognition means for receiving said command signal , said first modification means being provided for applying under control of said command signal a first modification operation on a received program word , said first modification means being connected to a first data output of said memory unit ;
said data processor comprises : - a data input connected to said first data output for receiving data signals -a program counter which is settable under control of received data signals ;
- a first address output connected to a first address input ofthe memory unit for supplying address signals in a sequence determined by said program counter ;
characterized in that , said first modification operation being applied on the address part of said program word upon which the command signal was generated , said protection unitfurther comprises second modification means , having a fourth input connected to said first address input and a second address output connected with said port , said second modification means being provided for applying a second modification operation upon a received address signal in order to compensate for the first modification operation .

US7162735B2
CLAIM 18 . A digital data (Data processing system) arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion (address signals) code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		GB2140592A
CLAIM 1 . Data processing system (digital data, digital protection, digital data protection arrangement, digital data arrangement comprising executable code) comprising a data processor and a memory unitwhich comprises a protection unit and a memory for the storage of at least one program comprising a plurality of program words , said memory having a portforthe exchange of information words , each information word comprises a program word and his respective address word , said protection unit comprises : : - recognition means having a first input connected to said port and being provided for recognizing out ofthe flux of information words at said port those which belong to a predetermined group wherein the information words have a program word which comprises an address part for addressing a further program word , said recognition means being further provided for generating a command signal thereupon ;
-first modification means , having a second input connected to said port and a third input connected to said recognition means for receiving said command signal , said first modification means being provided for applying under control of said command signal a first modification operation on a received program word , said first modification means being connected to a first data output of said memory unit ;
said data processor comprises : - a data input connected to said first data output for receiving data signals -a program counter which is settable under control of received data signals ;
- a first address output connected to a first address input ofthe memory unit for supplying address signals (executable conversion) in a sequence determined by said program counter ;
characterized in that , said first modification operation being applied on the address part of said program word upon which the command signal was generated , said protection unitfurther comprises second modification means , having a fourth input connected to said first address input and a second address output connected with said port , said second modification means being provided for applying a second modification operation upon a received address signal in order to compensate for the first modification operation .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code and/or a data file (second address) . 		GB2140592A
CLAIM 1 . Data processing system comprising a data processor and a memory unitwhich comprises a protection unit and a memory for the storage of at least one program comprising a plurality of program words , said memory having a portforthe exchange of information words , each information word comprises a program word and his respective address word , said protection unit comprises : : - recognition means having a first input connected to said port and being provided for recognizing out ofthe flux of information words at said port those which belong to a predetermined group wherein the information words have a program word which comprises an address part for addressing a further program word , said recognition means being further provided for generating a command signal thereupon ;
-first modification means , having a second input connected to said port and a third input connected to said recognition means for receiving said command signal , said first modification means being provided for applying under control of said command signal a first modification operation on a received program word , said first modification means being connected to a first data output of said memory unit ;
said data processor comprises : - a data input connected to said first data output for receiving data signals -a program counter which is settable under control of received data signals ;
- a first address output connected to a first address input ofthe memory unit for supplying address signals in a sequence determined by said program counter ;
characterized in that , said first modification operation being applied on the address part of said program word upon which the command signal was generated , said protection unitfurther comprises second modification means , having a fourth input connected to said first address input and a second address (data file) output connected with said port , said second modification means being provided for applying a second modification operation upon a received address signal in order to compensate for the first modification operation .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion (address signals) code to be executed when seeking to access the protected data . 		GB2140592A
CLAIM 1 . Data processing system comprising a data processor and a memory unitwhich comprises a protection unit and a memory for the storage of at least one program comprising a plurality of program words , said memory having a portforthe exchange of information words , each information word comprises a program word and his respective address word , said protection unit comprises : : - recognition means having a first input connected to said port and being provided for recognizing out ofthe flux of information words at said port those which belong to a predetermined group wherein the information words have a program word which comprises an address part for addressing a further program word , said recognition means being further provided for generating a command signal thereupon ;
-first modification means , having a second input connected to said port and a third input connected to said recognition means for receiving said command signal , said first modification means being provided for applying under control of said command signal a first modification operation on a received program word , said first modification means being connected to a first data output of said memory unit ;
said data processor comprises : - a data input connected to said first data output for receiving data signals -a program counter which is settable under control of received data signals ;
- a first address output connected to a first address input ofthe memory unit for supplying address signals (executable conversion) in a sequence determined by said program counter ;
characterized in that , said first modification operation being applied on the address part of said program word upon which the command signal was generated , said protection unitfurther comprises second modification means , having a fourth input connected to said first address input and a second address output connected with said port , said second modification means being provided for applying a second modification operation upon a received address signal in order to compensate for the first modification operation .

US7162735B2
CLAIM 28 . A data carrier (chip surface) containing software which , when installed on a computer system , is operable as a digital data (Data processing system) protection arrangement in accordance with claim 18 . 		GB2140592A
CLAIM 1 . Data processing system (digital data, digital protection, digital data protection arrangement, digital data arrangement comprising executable code) comprising a data processor and a memory unitwhich comprises a protection unit and a memory for the storage of at least one program comprising a plurality of program words , said memory having a portforthe exchange of information words , each information word comprises a program word and his respective address word , said protection unit comprises : : - recognition means having a first input connected to said port and being provided for recognizing out ofthe flux of information words at said port those which belong to a predetermined group wherein the information words have a program word which comprises an address part for addressing a further program word , said recognition means being further provided for generating a command signal thereupon ;
-first modification means , having a second input connected to said port and a third input connected to said recognition means for receiving said command signal , said first modification means being provided for applying under control of said command signal a first modification operation on a received program word , said first modification means being connected to a first data output of said memory unit ;
said data processor comprises : - a data input connected to said first data output for receiving data signals -a program counter which is settable under control of received data signals ;
- a first address output connected to a first address input ofthe memory unit for supplying address signals in a sequence determined by said program counter ;
characterized in that , said first modification operation being applied on the address part of said program word upon which the command signal was generated , said protection unitfurther comprises second modification means , having a fourth input connected to said first address input and a second address output connected with said port , said second modification means being provided for applying a second modification operation upon a received address signal in order to compensate for the first modification operation .

GB2140592A
CLAIM 14 . A memory unit as claimed in Claim 12 , characterized in that the memory unit is constructed using an integrated circuit technique , and that the memory and the protection unit are integrated on the same chip surface (data carrier) .

US7162735B2
CLAIM 29 . A digital data (Data processing system) arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order (command signal) to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		GB2140592A
CLAIM 1 . Data processing system (digital data, digital protection, digital data protection arrangement, digital data arrangement comprising executable code) comprising a data processor and a memory unitwhich comprises a protection unit and a memory for the storage of at least one program comprising a plurality of program words , said memory having a portforthe exchange of information words , each information word comprises a program word and his respective address word , said protection unit comprises : : - recognition means having a first input connected to said port and being provided for recognizing out ofthe flux of information words at said port those which belong to a predetermined group wherein the information words have a program word which comprises an address part for addressing a further program word , said recognition means being further provided for generating a command signal (one order) thereupon ;
-first modification means , having a second input connected to said port and a third input connected to said recognition means for receiving said command signal , said first modification means being provided for applying under control of said command signal a first modification operation on a received program word , said first modification means being connected to a first data output of said memory unit ;
said data processor comprises : - a data input connected to said first data output for receiving data signals -a program counter which is settable under control of received data signals ;
- a first address output connected to a first address input ofthe memory unit for supplying address signals in a sequence determined by said program counter ;
characterized in that , said first modification operation being applied on the address part of said program word upon which the command signal was generated , said protection unitfurther comprises second modification means , having a fourth input connected to said first address input and a second address output connected with said port , said second modification means being provided for applying a second modification operation upon a received address signal in order to compensate for the first modification operation .

US7162735B2
CLAIM 30 . A data carrier (chip surface) containing software which , when installed on a computer system , is operable as a digital data (Data processing system) protection arrangement in accordance with claim 29 . 		GB2140592A
CLAIM 1 . Data processing system (digital data, digital protection, digital data protection arrangement, digital data arrangement comprising executable code) comprising a data processor and a memory unitwhich comprises a protection unit and a memory for the storage of at least one program comprising a plurality of program words , said memory having a portforthe exchange of information words , each information word comprises a program word and his respective address word , said protection unit comprises : : - recognition means having a first input connected to said port and being provided for recognizing out ofthe flux of information words at said port those which belong to a predetermined group wherein the information words have a program word which comprises an address part for addressing a further program word , said recognition means being further provided for generating a command signal thereupon ;
-first modification means , having a second input connected to said port and a third input connected to said recognition means for receiving said command signal , said first modification means being provided for applying under control of said command signal a first modification operation on a received program word , said first modification means being connected to a first data output of said memory unit ;
said data processor comprises : - a data input connected to said first data output for receiving data signals -a program counter which is settable under control of received data signals ;
- a first address output connected to a first address input ofthe memory unit for supplying address signals in a sequence determined by said program counter ;
characterized in that , said first modification operation being applied on the address part of said program word upon which the command signal was generated , said protection unitfurther comprises second modification means , having a fourth input connected to said first address input and a second address output connected with said port , said second modification means being provided for applying a second modification operation upon a received address signal in order to compensate for the first modification operation .

GB2140592A
CLAIM 14 . A memory unit as claimed in Claim 12 , characterized in that the memory unit is constructed using an integrated circuit technique , and that the memory and the protection unit are integrated on the same chip surface (data carrier) .

US7162735B2
CLAIM 34 . A digital data (Data processing system) arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		GB2140592A
CLAIM 1 . Data processing system (digital data, digital protection, digital data protection arrangement, digital data arrangement comprising executable code) comprising a data processor and a memory unitwhich comprises a protection unit and a memory for the storage of at least one program comprising a plurality of program words , said memory having a portforthe exchange of information words , each information word comprises a program word and his respective address word , said protection unit comprises : : - recognition means having a first input connected to said port and being provided for recognizing out ofthe flux of information words at said port those which belong to a predetermined group wherein the information words have a program word which comprises an address part for addressing a further program word , said recognition means being further provided for generating a command signal thereupon ;
-first modification means , having a second input connected to said port and a third input connected to said recognition means for receiving said command signal , said first modification means being provided for applying under control of said command signal a first modification operation on a received program word , said first modification means being connected to a first data output of said memory unit ;
said data processor comprises : - a data input connected to said first data output for receiving data signals -a program counter which is settable under control of received data signals ;
- a first address output connected to a first address input ofthe memory unit for supplying address signals in a sequence determined by said program counter ;
characterized in that , said first modification operation being applied on the address part of said program word upon which the command signal was generated , said protection unitfurther comprises second modification means , having a fourth input connected to said first address input and a second address output connected with said port , said second modification means being provided for applying a second modification operation upon a received address signal in order to compensate for the first modification operation .

US7162735B2
CLAIM 37 . A data carrier (chip surface) containing software which , when installed on a computer system , is operable as a digital data (Data processing system) protection arrangement in accordance with claim 34 . 		GB2140592A
CLAIM 1 . Data processing system (digital data, digital protection, digital data protection arrangement, digital data arrangement comprising executable code) comprising a data processor and a memory unitwhich comprises a protection unit and a memory for the storage of at least one program comprising a plurality of program words , said memory having a portforthe exchange of information words , each information word comprises a program word and his respective address word , said protection unit comprises : : - recognition means having a first input connected to said port and being provided for recognizing out ofthe flux of information words at said port those which belong to a predetermined group wherein the information words have a program word which comprises an address part for addressing a further program word , said recognition means being further provided for generating a command signal thereupon ;
-first modification means , having a second input connected to said port and a third input connected to said recognition means for receiving said command signal , said first modification means being provided for applying under control of said command signal a first modification operation on a received program word , said first modification means being connected to a first data output of said memory unit ;
said data processor comprises : - a data input connected to said first data output for receiving data signals -a program counter which is settable under control of received data signals ;
- a first address output connected to a first address input ofthe memory unit for supplying address signals in a sequence determined by said program counter ;
characterized in that , said first modification operation being applied on the address part of said program word upon which the command signal was generated , said protection unitfurther comprises second modification means , having a fourth input connected to said first address input and a second address output connected with said port , said second modification means being provided for applying a second modification operation upon a received address signal in order to compensate for the first modification operation .

GB2140592A
CLAIM 14 . A memory unit as claimed in Claim 12 , characterized in that the memory unit is constructed using an integrated circuit technique , and that the memory and the protection unit are integrated on the same chip surface (data carrier) .

US7162735B2
CLAIM 38 . A digital data (Data processing system) arrangement comprising protected code , security code and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		GB2140592A
CLAIM 1 . Data processing system (digital data, digital protection, digital data protection arrangement, digital data arrangement comprising executable code) comprising a data processor and a memory unitwhich comprises a protection unit and a memory for the storage of at least one program comprising a plurality of program words , said memory (relocation code) having a portforthe exchange of information words , each information word comprises a program word and his respective address word , said protection unit comprises : : - recognition means having a first input connected to said port and being provided for recognizing out ofthe flux of information words at said port those which belong to a predetermined group wherein the information words have a program word which comprises an address part for addressing a further program word , said recognition means being further provided for generating a command signal thereupon ;
-first modification means , having a second input connected to said port and a third input connected to said recognition means for receiving said command signal , said first modification means being provided for applying under control of said command signal a first modification operation on a received program word , said first modification means being connected to a first data output of said memory unit ;
said data processor comprises : - a data input connected to said first data output for receiving data signals -a program counter which is settable under control of received data signals ;
- a first address output connected to a first address input ofthe memory unit for supplying address signals in a sequence determined by said program counter ;
characterized in that , said first modification operation being applied on the address part of said program word upon which the command signal was generated , said protection unitfurther comprises second modification means , having a fourth input connected to said first address input and a second address output connected with said port , said second modification means being provided for applying a second modification operation upon a received address signal in order to compensate for the first modification operation .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		GB2140592A
CLAIM 1 . Data processing system comprising a data processor and a memory unitwhich comprises a protection unit and a memory for the storage of at least one program comprising a plurality of program words , said memory (relocation code) having a portforthe exchange of information words , each information word comprises a program word and his respective address word , said protection unit comprises : : - recognition means having a first input connected to said port and being provided for recognizing out ofthe flux of information words at said port those which belong to a predetermined group wherein the information words have a program word which comprises an address part for addressing a further program word , said recognition means being further provided for generating a command signal thereupon ;
-first modification means , having a second input connected to said port and a third input connected to said recognition means for receiving said command signal , said first modification means being provided for applying under control of said command signal a first modification operation on a received program word , said first modification means being connected to a first data output of said memory unit ;
said data processor comprises : - a data input connected to said first data output for receiving data signals -a program counter which is settable under control of received data signals ;
- a first address output connected to a first address input ofthe memory unit for supplying address signals in a sequence determined by said program counter ;
characterized in that , said first modification operation being applied on the address part of said program word upon which the command signal was generated , said protection unitfurther comprises second modification means , having a fourth input connected to said first address input and a second address output connected with said port , said second modification means being provided for applying a second modification operation upon a received address signal in order to compensate for the first modification operation .

US7162735B2
CLAIM 40 . A data carrier (chip surface) containing software which , when installed on a computer system , is operable as a digital data (Data processing system) protection arrangement in accordance with claim 38 . 		GB2140592A
CLAIM 1 . Data processing system (digital data, digital protection, digital data protection arrangement, digital data arrangement comprising executable code) comprising a data processor and a memory unitwhich comprises a protection unit and a memory for the storage of at least one program comprising a plurality of program words , said memory having a portforthe exchange of information words , each information word comprises a program word and his respective address word , said protection unit comprises : : - recognition means having a first input connected to said port and being provided for recognizing out ofthe flux of information words at said port those which belong to a predetermined group wherein the information words have a program word which comprises an address part for addressing a further program word , said recognition means being further provided for generating a command signal thereupon ;
-first modification means , having a second input connected to said port and a third input connected to said recognition means for receiving said command signal , said first modification means being provided for applying under control of said command signal a first modification operation on a received program word , said first modification means being connected to a first data output of said memory unit ;
said data processor comprises : - a data input connected to said first data output for receiving data signals -a program counter which is settable under control of received data signals ;
- a first address output connected to a first address input ofthe memory unit for supplying address signals in a sequence determined by said program counter ;
characterized in that , said first modification operation being applied on the address part of said program word upon which the command signal was generated , said protection unitfurther comprises second modification means , having a fourth input connected to said first address input and a second address output connected with said port , said second modification means being provided for applying a second modification operation upon a received address signal in order to compensate for the first modification operation .

GB2140592A
CLAIM 14 . A memory unit as claimed in Claim 12 , characterized in that the memory unit is constructed using an integrated circuit technique , and that the memory and the protection unit are integrated on the same chip surface (data carrier) .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US4847902A

Filed: 1984-02-10     Issued: 1989-07-11

Digital computer system for executing encrypted programs

(Original Assignee) Prime Computer Inc     (Current Assignee) Bankers Trust Co

Bradford E. Hampson
US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US4847902A
CLAIM 1 . A digital computer system (computer system) for executing at least one program comprising a set of instructions , at least one of said sets including at least one encrypted instruction , said system comprising : A . main memory means for storing the instructions of said set , B . cache memory including means for storing selected instructions in said set , said selected instructions being
US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions (received instruction) to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US4847902A
CLAIM 1 . selected non-decrypted instructions , that is , instructions , either in plaintext form or in encrypted form , which have not been decrypted ;
or 2 . selected decrypted instructions corresponding to said encrypted instructions in said set , C . decryption means selectively operable when enabled for receiving an encrypted instruction from said memory means , for decrypting said received instruction (call instructions) to generate a corresponding decrypted instruction , and for transferring said decrypted instruction to said cache memory for storage therein , D . central processing means including i . means selectively operable in an execute mode for searching for an instruction in said cache memory , and when said instruction is not resident in said cache memory , for transferring said instructions from said memory means to said decryption means and for enabling said decryption means , and when said decrypted instruction is resident in said cache memory for transferring said instruction from said cache memory to said central processing means and for executing said instruction , and when said corresponding encrypted instruction is resident in said cache memory , for removing said instruction from said cache memory , and for then transferring said instruction from said main memory means to said decryption means and for enabling said decryption means ii . means selectively operable in a fetch mode for searching for an instruction in said cache memory , and when said instruction is resident in said cache memory and said instruction is a decrypted instruction , for transferring said corresponding encrypted instruction from said main memory means to said cache memory and to said central processing means , when said instruction is resident in said cache memory and said instruction is a non-decrypted instruction , for transferring said instruction from said cache memory to said central processing means , and when said instruction is not resident in said cache memory , for transferring said instruction from said main memory means to said cache memory and to said central processing means .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory (said instructions) means containing a digital protection arrangement according to claim 4 . 		US4847902A
CLAIM 1 . A digital computer system (computer system) for executing at least one program comprising a set of instructions , at least one of said sets including at least one encrypted instruction , said system comprising : A . main memory means (memory means) for storing the instructions of said set , B . cache memory including means for storing selected instructions in said set , said selected instructions being

US4847902A
CLAIM 1 . selected non-decrypted instructions , that is , instructions , either in plaintext form or in encrypted form , which have not been decrypted ;
or 2 . selected decrypted instructions corresponding to said encrypted instructions in said set , C . decryption means selectively operable when enabled for receiving an encrypted instruction from said memory means , for decrypting said received instruction to generate a corresponding decrypted instruction , and for transferring said decrypted instruction to said cache memory for storage therein , D . central processing means including i . means selectively operable in an execute mode for searching for an instruction in said cache memory , and when said instruction is not resident in said cache memory , for transferring said instructions (computer system comprising memory) from said memory means to said decryption means and for enabling said decryption means , and when said decrypted instruction is resident in said cache memory for transferring said instruction from said cache memory to said central processing means and for executing said instruction , and when said corresponding encrypted instruction is resident in said cache memory , for removing said instruction from said cache memory , and for then transferring said instruction from said main memory means to said decryption means and for enabling said decryption means ii . means selectively operable in a fetch mode for searching for an instruction in said cache memory , and when said instruction is resident in said cache memory and said instruction is a decrypted instruction , for transferring said corresponding encrypted instruction from said main memory means to said cache memory and to said central processing means , when said instruction is resident in said cache memory and said instruction is a non-decrypted instruction , for transferring said instruction from said cache memory to said central processing means , and when said instruction is not resident in said cache memory , for transferring said instruction from said main memory means to said cache memory and to said central processing means .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US4847902A
CLAIM 1 . A digital computer system (computer system) for executing at least one program comprising a set of instructions , at least one of said sets including at least one encrypted instruction , said system comprising : A . main memory means for storing the instructions of said set , B . cache memory including means for storing selected instructions in said set , said selected instructions being
US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US4847902A
CLAIM 1 . A digital computer system (computer system) for executing at least one program comprising a set of instructions , at least one of said sets including at least one encrypted instruction , said system comprising : A . main memory means for storing the instructions of said set , B . cache memory including means for storing selected instructions in said set , said selected instructions being
US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		US4847902A
CLAIM 1 . selected non-decrypted instructions , that is , instructions , either in plaintext form or in encrypted form , which have not been decrypted ;
or 2 . selected decrypted instructions corresponding to said encrypted instructions in said set , C . decryption means selectively operable when enabled for receiving an encrypted instruction from said memory (relocation code) means , for decrypting said received instruction to generate a corresponding decrypted instruction , and for transferring said decrypted instruction to said cache memory for storage therein , D . central processing means including i . means selectively operable in an execute mode for searching for an instruction in said cache memory , and when said instruction is not resident in said cache memory , for transferring said instructions from said memory means to said decryption means and for enabling said decryption means , and when said decrypted instruction is resident in said cache memory for transferring said instruction from said cache memory to said central processing means and for executing said instruction , and when said corresponding encrypted instruction is resident in said cache memory , for removing said instruction from said cache memory , and for then transferring said instruction from said main memory means to said decryption means and for enabling said decryption means ii . means selectively operable in a fetch mode for searching for an instruction in said cache memory , and when said instruction is resident in said cache memory and said instruction is a decrypted instruction , for transferring said corresponding encrypted instruction from said main memory means to said cache memory and to said central processing means , when said instruction is resident in said cache memory and said instruction is a non-decrypted instruction , for transferring said instruction from said cache memory to said central processing means , and when said instruction is not resident in said cache memory , for transferring said instruction from said main memory means to said cache memory and to said central processing means .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US4847902A
CLAIM 1 . selected non-decrypted instructions , that is , instructions , either in plaintext form or in encrypted form , which have not been decrypted ;
or 2 . selected decrypted instructions corresponding to said encrypted instructions in said set , C . decryption means selectively operable when enabled for receiving an encrypted instruction from said memory (relocation code) means , for decrypting said received instruction to generate a corresponding decrypted instruction , and for transferring said decrypted instruction to said cache memory for storage therein , D . central processing means including i . means selectively operable in an execute mode for searching for an instruction in said cache memory , and when said instruction is not resident in said cache memory , for transferring said instructions from said memory means to said decryption means and for enabling said decryption means , and when said decrypted instruction is resident in said cache memory for transferring said instruction from said cache memory to said central processing means and for executing said instruction , and when said corresponding encrypted instruction is resident in said cache memory , for removing said instruction from said cache memory , and for then transferring said instruction from said main memory means to said decryption means and for enabling said decryption means ii . means selectively operable in a fetch mode for searching for an instruction in said cache memory , and when said instruction is resident in said cache memory and said instruction is a decrypted instruction , for transferring said corresponding encrypted instruction from said main memory means to said cache memory and to said central processing means , when said instruction is resident in said cache memory and said instruction is a non-decrypted instruction , for transferring said instruction from said cache memory to said central processing means , and when said instruction is not resident in said cache memory , for transferring said instruction from said main memory means to said cache memory and to said central processing means .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (processing means) operable to execute code , and memory means (memory means) storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US4847902A
CLAIM 1 . A digital computer system for executing at least one program comprising a set of instructions , at least one of said sets including at least one encrypted instruction , said system comprising : A . main memory means (memory means) for storing the instructions of said set , B . cache memory including means for storing selected instructions in said set , said selected instructions being

US4847902A
CLAIM 1 . selected non-decrypted instructions , that is , instructions , either in plaintext form or in encrypted form , which have not been decrypted ;
or 2 . selected decrypted instructions corresponding to said encrypted instructions in said set , C . decryption means selectively operable when enabled for receiving an encrypted instruction from said memory means , for decrypting said received instruction to generate a corresponding decrypted instruction , and for transferring said decrypted instruction to said cache memory for storage therein , D . central processing means (processing means) including i . means selectively operable in an execute mode for searching for an instruction in said cache memory , and when said instruction is not resident in said cache memory , for transferring said instructions from said memory means to said decryption means and for enabling said decryption means , and when said decrypted instruction is resident in said cache memory for transferring said instruction from said cache memory to said central processing means and for executing said instruction , and when said corresponding encrypted instruction is resident in said cache memory , for removing said instruction from said cache memory , and for then transferring said instruction from said main memory means to said decryption means and for enabling said decryption means ii . means selectively operable in a fetch mode for searching for an instruction in said cache memory , and when said instruction is resident in said cache memory and said instruction is a decrypted instruction , for transferring said corresponding encrypted instruction from said main memory means to said cache memory and to said central processing means , when said instruction is resident in said cache memory and said instruction is a non-decrypted instruction , for transferring said instruction from said cache memory to said central processing means , and when said instruction is not resident in said cache memory , for transferring said instruction from said main memory means to said cache memory and to said central processing means .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US4847902A
CLAIM 1 . A digital computer system (computer system) for executing at least one program comprising a set of instructions , at least one of said sets including at least one encrypted instruction , said system comprising : A . main memory means for storing the instructions of said set , B . cache memory including means for storing selected instructions in said set , said selected instructions being
US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US4847902A
CLAIM 1 . A digital computer system (computer system) for executing at least one program comprising a set of instructions , at least one of said sets including at least one encrypted instruction , said system comprising : A . main memory means for storing the instructions of said set , B . cache memory including means for storing selected instructions in said set , said selected instructions being
US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US4847902A
CLAIM 1 . A digital computer system (computer system) for executing at least one program comprising a set of instructions , at least one of said sets including at least one encrypted instruction , said system comprising : A . main memory means for storing the instructions of said set , B . cache memory including means for storing selected instructions in said set , said selected instructions being
US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US4847902A
CLAIM 1 . selected non-decrypted instructions , that is , instructions , either in plaintext form or in encrypted form , which have not been decrypted ;
or 2 . selected decrypted instructions corresponding to said encrypted instructions in said set , C . decryption means selectively operable when enabled for receiving an encrypted instruction from said memory (relocation code) means , for decrypting said received instruction to generate a corresponding decrypted instruction , and for transferring said decrypted instruction to said cache memory for storage therein , D . central processing means including i . means selectively operable in an execute mode for searching for an instruction in said cache memory , and when said instruction is not resident in said cache memory , for transferring said instructions from said memory means to said decryption means and for enabling said decryption means , and when said decrypted instruction is resident in said cache memory for transferring said instruction from said cache memory to said central processing means and for executing said instruction , and when said corresponding encrypted instruction is resident in said cache memory , for removing said instruction from said cache memory , and for then transferring said instruction from said main memory means to said decryption means and for enabling said decryption means ii . means selectively operable in a fetch mode for searching for an instruction in said cache memory , and when said instruction is resident in said cache memory and said instruction is a decrypted instruction , for transferring said corresponding encrypted instruction from said main memory means to said cache memory and to said central processing means , when said instruction is resident in said cache memory and said instruction is a non-decrypted instruction , for transferring said instruction from said cache memory to said central processing means , and when said instruction is not resident in said cache memory , for transferring said instruction from said main memory means to said cache memory and to said central processing means .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions (received instruction) to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US4847902A
CLAIM 1 . selected non-decrypted instructions , that is , instructions , either in plaintext form or in encrypted form , which have not been decrypted ;
or 2 . selected decrypted instructions corresponding to said encrypted instructions in said set , C . decryption means selectively operable when enabled for receiving an encrypted instruction from said memory (relocation code) means , for decrypting said received instruction (call instructions) to generate a corresponding decrypted instruction , and for transferring said decrypted instruction to said cache memory for storage therein , D . central processing means including i . means selectively operable in an execute mode for searching for an instruction in said cache memory , and when said instruction is not resident in said cache memory , for transferring said instructions from said memory means to said decryption means and for enabling said decryption means , and when said decrypted instruction is resident in said cache memory for transferring said instruction from said cache memory to said central processing means and for executing said instruction , and when said corresponding encrypted instruction is resident in said cache memory , for removing said instruction from said cache memory , and for then transferring said instruction from said main memory means to said decryption means and for enabling said decryption means ii . means selectively operable in a fetch mode for searching for an instruction in said cache memory , and when said instruction is resident in said cache memory and said instruction is a decrypted instruction , for transferring said corresponding encrypted instruction from said main memory means to said cache memory and to said central processing means , when said instruction is resident in said cache memory and said instruction is a non-decrypted instruction , for transferring said instruction from said cache memory to said central processing means , and when said instruction is not resident in said cache memory , for transferring said instruction from said main memory means to said cache memory and to said central processing means .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US4847902A
CLAIM 1 . A digital computer system (computer system) for executing at least one program comprising a set of instructions , at least one of said sets including at least one encrypted instruction , said system comprising : A . main memory means for storing the instructions of said set , B . cache memory including means for storing selected instructions in said set , said selected instructions being



US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US4525599A

Filed: 1982-05-21     Issued: 1985-06-25

Software protection methods and apparatus

(Original Assignee) General Computer Corp     (Current Assignee) GCC Technologies Inc

Kevin G. Curran, Steven E. Golson, Christian S. Rode
US7162735B2
CLAIM 1 . Computer software (computer program) operable to provide protection for a second item of computer software (computer software) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key (visual format) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US4525599A
CLAIM 1 . The method of inhibiting the unauthorized copying of computer software (computer software) comprising the steps of : (a) storing digital program information in preselected address locations of a memory means in an encrypted form according to a first predetermined algorithm ;
(b) providing a computer processor for performing preselected functions only in response to the decrypted program information stored in said memory means ;
(c) coupling the address and data buses of said computer processor to said memory means through an encryption/decryption means selectively operable in a first mode to encrypt/decrypt said program information according to said first predetermined algorithm and in a second mode to prevent the encryption/decryption of said program information according to said first predetermined algorithm ;
(d) monitoring at least one of the address and data buses to detect trap address information , said trap address information being signified by an attempted accessing of the memory means by an operation not occurring during normal execution of the computer program (Computer software) ;
and (e) switching said encryption/decryption means from said first operating mode to said second operating mode if a trap address is detected by said monitoring means .

US4525599A
CLAIM 16 . The method of inhibiting the unauthorized copying of ROM-resident data constituting the audio-visual display information for an electronic video game comprising the steps of : (a) storing the audio-visual display information of said electronic video game in encrypted , digital format in a ROM-memory ;
(b) providing a microprocessor , display monitor and sound system for generating the audio-visual display of said game in response to the decrypted program information stored in said memory means ;
(c) coupling said microprocessor to said ROM-memory through an encryption/decryption means selectively operable in a first mode to encrypt/decrypt said audio-visual display information according to a first predetermined algorithm for presenting said game in decrypted audio-visual format (conversion key) and in a second mode to prevent the encryption/decryption of said display information according to said first predetermined algorithm ;
(d) monitoring the digital program information as communicated between said microprocessor and said ROM-memory for identifying an invalid program event , said invalid program event being characterized by the attempted accessing of the memory means by an operation not occurring during normal execution of the computer program ;
and (e) switching said encryption/decryption means from said first operating mode to said second operating mode in an invalid program event is detected thereby to prevent copying of the encrypted audio-visual information stored in said ROM-memory .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (computer software) in accordance with claim 1 . 		US4525599A
CLAIM 1 . The method of inhibiting the unauthorized copying of computer software (computer software) comprising the steps of : (a) storing digital program information in preselected address locations of a memory means in an encrypted form according to a first predetermined algorithm ;
(b) providing a computer processor for performing preselected functions only in response to the decrypted program information stored in said memory means ;
(c) coupling the address and data buses of said computer processor to said memory means through an encryption/decryption means selectively operable in a first mode to encrypt/decrypt said program information according to said first predetermined algorithm and in a second mode to prevent the encryption/decryption of said program information according to said first predetermined algorithm ;
(d) monitoring at least one of the address and data buses to detect trap address information , said trap address information being signified by an attempted accessing of the memory means by an operation not occurring during normal execution of the computer program ;
and (e) switching said encryption/decryption means from said first operating mode to said second operating mode if a trap address is detected by said monitoring means .

US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software (computer software) protected by means of computer software in accordance with claim 1 . 		US4525599A
CLAIM 1 . The method of inhibiting the unauthorized copying of computer software (computer software) comprising the steps of : (a) storing digital program information in preselected address locations of a memory means in an encrypted form according to a first predetermined algorithm ;
(b) providing a computer processor for performing preselected functions only in response to the decrypted program information stored in said memory means ;
(c) coupling the address and data buses of said computer processor to said memory means through an encryption/decryption means selectively operable in a first mode to encrypt/decrypt said program information according to said first predetermined algorithm and in a second mode to prevent the encryption/decryption of said program information according to said first predetermined algorithm ;
(d) monitoring at least one of the address and data buses to detect trap address information , said trap address information being signified by an attempted accessing of the memory means by an operation not occurring during normal execution of the computer program ;
and (e) switching said encryption/decryption means from said first operating mode to said second operating mode if a trap address is detected by said monitoring means .

US4525599A
CLAIM 3 . The method of claim 1 including the step of designating as trap address information the attempted accessing of certain address locations in said memory means which are not asserted during normal operation of the computer system (computer system) .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction (reset signal) with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US4525599A
CLAIM 6 . The method of claim 1 including the further step of selectively resetting said encryption/decryption means to said first operating mode in response to a predetermined reset signal (respective call instruction) .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US4525599A
CLAIM 3 . The method of claim 1 including the step of designating as trap address information the attempted accessing of certain address locations in said memory means which are not asserted during normal operation of the computer system (computer system) .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US4525599A
CLAIM 3 . The method of claim 1 including the step of designating as trap address information the attempted accessing of certain address locations in said memory means which are not asserted during normal operation of the computer system (computer system) .

US7162735B2
CLAIM 7 . Computer software (computer program) which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US4525599A
CLAIM 1 . The method of inhibiting the unauthorized copying of computer software comprising the steps of : (a) storing digital program information in preselected address locations of a memory means in an encrypted form according to a first predetermined algorithm ;
(b) providing a computer processor for performing preselected functions only in response to the decrypted program information stored in said memory means ;
(c) coupling the address and data buses of said computer processor to said memory means through an encryption/decryption means selectively operable in a first mode to encrypt/decrypt said program information according to said first predetermined algorithm and in a second mode to prevent the encryption/decryption of said program information according to said first predetermined algorithm ;
(d) monitoring at least one of the address and data buses to detect trap address information , said trap address information being signified by an attempted accessing of the memory means by an operation not occurring during normal execution of the computer program (Computer software) ;
and (e) switching said encryption/decryption means from said first operating mode to said second operating mode if a trap address is detected by said monitoring means .

US4525599A
CLAIM 3 . The method of claim 1 including the step of designating as trap address information the attempted accessing of certain address locations in said memory means which are not asserted during normal operation of the computer system (computer system) .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		US4525599A
CLAIM 1 . The method of inhibiting the unauthorized copying of computer software comprising the steps of : (a) storing digital program information in preselected address locations of a memory means in an encrypted form according to a first predetermined algorithm ;
(b) providing a computer processor for performing preselected functions only in response to the decrypted program information stored in said memory (relocation code) means ;
(c) coupling the address and data buses of said computer processor to said memory means through an encryption/decryption means selectively operable in a first mode to encrypt/decrypt said program information according to said first predetermined algorithm and in a second mode to prevent the encryption/decryption of said program information according to said first predetermined algorithm ;
(d) monitoring at least one of the address and data buses to detect trap address information , said trap address information being signified by an attempted accessing of the memory means by an operation not occurring during normal execution of the computer program ;
and (e) switching said encryption/decryption means from said first operating mode to said second operating mode if a trap address is detected by said monitoring means .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US4525599A
CLAIM 1 . The method of inhibiting the unauthorized copying of computer software comprising the steps of : (a) storing digital program information in preselected address locations of a memory means in an encrypted form according to a first predetermined algorithm ;
(b) providing a computer processor for performing preselected functions only in response to the decrypted program information stored in said memory (relocation code) means ;
(c) coupling the address and data buses of said computer processor to said memory means through an encryption/decryption means selectively operable in a first mode to encrypt/decrypt said program information according to said first predetermined algorithm and in a second mode to prevent the encryption/decryption of said program information according to said first predetermined algorithm ;
(d) monitoring at least one of the address and data buses to detect trap address information , said trap address information being signified by an attempted accessing of the memory means by an operation not occurring during normal execution of the computer program ;
and (e) switching said encryption/decryption means from said first operating mode to said second operating mode if a trap address is detected by said monitoring means .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key (visual format) from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US4525599A
CLAIM 16 . The method of inhibiting the unauthorized copying of ROM-resident data constituting the audio-visual display information for an electronic video game comprising the steps of : (a) storing the audio-visual display information of said electronic video game in encrypted , digital format in a ROM-memory ;
(b) providing a microprocessor , display monitor and sound system for generating the audio-visual display of said game in response to the decrypted program information stored in said memory means ;
(c) coupling said microprocessor to said ROM-memory through an encryption/decryption means selectively operable in a first mode to encrypt/decrypt said audio-visual display information according to a first predetermined algorithm for presenting said game in decrypted audio-visual format (conversion key) and in a second mode to prevent the encryption/decryption of said display information according to said first predetermined algorithm ;
(d) monitoring the digital program information as communicated between said microprocessor and said ROM-memory for identifying an invalid program event , said invalid program event being characterized by the attempted accessing of the memory means by an operation not occurring during normal execution of the computer program ;
and (e) switching said encryption/decryption means from said first operating mode to said second operating mode in an invalid program event is detected thereby to prevent copying of the encrypted audio-visual information stored in said ROM-memory .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (visual format) derived from a respective target block . 		US4525599A
CLAIM 16 . The method of inhibiting the unauthorized copying of ROM-resident data constituting the audio-visual display information for an electronic video game comprising the steps of : (a) storing the audio-visual display information of said electronic video game in encrypted , digital format in a ROM-memory ;
(b) providing a microprocessor , display monitor and sound system for generating the audio-visual display of said game in response to the decrypted program information stored in said memory means ;
(c) coupling said microprocessor to said ROM-memory through an encryption/decryption means selectively operable in a first mode to encrypt/decrypt said audio-visual display information according to a first predetermined algorithm for presenting said game in decrypted audio-visual format (conversion key) and in a second mode to prevent the encryption/decryption of said display information according to said first predetermined algorithm ;
(d) monitoring the digital program information as communicated between said microprocessor and said ROM-memory for identifying an invalid program event , said invalid program event being characterized by the attempted accessing of the memory means by an operation not occurring during normal execution of the computer program ;
and (e) switching said encryption/decryption means from said first operating mode to said second operating mode in an invalid program event is detected thereby to prevent copying of the encrypted audio-visual information stored in said ROM-memory .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US4525599A
CLAIM 3 . The method of claim 1 including the step of designating as trap address information the attempted accessing of certain address locations in said memory means which are not asserted during normal operation of the computer system (computer system) .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US4525599A
CLAIM 3 . The method of claim 1 including the step of designating as trap address information the attempted accessing of certain address locations in said memory means which are not asserted during normal operation of the computer system (computer system) .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US4525599A
CLAIM 3 . The method of claim 1 including the step of designating as trap address information the attempted accessing of certain address locations in said memory means which are not asserted during normal operation of the computer system (computer system) .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US4525599A
CLAIM 1 . The method of inhibiting the unauthorized copying of computer software comprising the steps of : (a) storing digital program information in preselected address locations of a memory means in an encrypted form according to a first predetermined algorithm ;
(b) providing a computer processor for performing preselected functions only in response to the decrypted program information stored in said memory (relocation code) means ;
(c) coupling the address and data buses of said computer processor to said memory means through an encryption/decryption means selectively operable in a first mode to encrypt/decrypt said program information according to said first predetermined algorithm and in a second mode to prevent the encryption/decryption of said program information according to said first predetermined algorithm ;
(d) monitoring at least one of the address and data buses to detect trap address information , said trap address information being signified by an attempted accessing of the memory means by an operation not occurring during normal execution of the computer program ;
and (e) switching said encryption/decryption means from said first operating mode to said second operating mode if a trap address is detected by said monitoring means .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US4525599A
CLAIM 1 . The method of inhibiting the unauthorized copying of computer software comprising the steps of : (a) storing digital program information in preselected address locations of a memory means in an encrypted form according to a first predetermined algorithm ;
(b) providing a computer processor for performing preselected functions only in response to the decrypted program information stored in said memory (relocation code) means ;
(c) coupling the address and data buses of said computer processor to said memory means through an encryption/decryption means selectively operable in a first mode to encrypt/decrypt said program information according to said first predetermined algorithm and in a second mode to prevent the encryption/decryption of said program information according to said first predetermined algorithm ;
(d) monitoring at least one of the address and data buses to detect trap address information , said trap address information being signified by an attempted accessing of the memory means by an operation not occurring during normal execution of the computer program ;
and (e) switching said encryption/decryption means from said first operating mode to said second operating mode if a trap address is detected by said monitoring means .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US4525599A
CLAIM 3 . The method of claim 1 including the step of designating as trap address information the attempted accessing of certain address locations in said memory means which are not asserted during normal operation of the computer system (computer system) .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		WO9964973A1

Filed: 1999-06-10     Issued: 1999-12-16

Software watermarking techniques

(Original Assignee) Auckland Uniservices Limited     

Christian Sven Collberg, Clark David Thomborson
US7162735B2
CLAIM 1 . Computer software (computer program) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code (executable code, prime factor) which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		WO9964973A1
CLAIM 22 . A method of watermarking software including the steps of : embedding a watermark in a static string ;
and applying an obfuscation technique whereby this static string is converted into executable code (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) .

WO9964973A1
CLAIM 24 . A method of fingerprinting software as claimed in claim 23 wherein the watermarked programs each of which has a number n with a common prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) p .

WO9964973A1
CLAIM 30 . A computer program (Computer software) med to perform the method as claimed in any one of claims 1 to 27 .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code (executable code, prime factor) , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		WO9964973A1
CLAIM 22 . A method of watermarking software including the steps of : embedding a watermark in a static string ;
and applying an obfuscation technique whereby this static string is converted into executable code (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) .

WO9964973A1
CLAIM 24 . A method of fingerprinting software as claimed in claim 23 wherein the watermarked programs each of which has a number n with a common prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) p .

US7162735B2
CLAIM 7 . Computer software (computer program) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		WO9964973A1
CLAIM 30 . A computer program (Computer software) med to perform the method as claimed in any one of claims 1 to 27 .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code (executable code, prime factor) (executable code, prime factor) operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		WO9964973A1
CLAIM 22 . A method of watermarking software including the steps of : embedding a watermark in a static string ;
and applying an obfuscation technique whereby this static string is converted into executable code (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) .

WO9964973A1
CLAIM 24 . A method of fingerprinting software as claimed in claim 23 wherein the watermarked programs each of which has a number n with a common prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) p .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code (executable code, prime factor) stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code (executable code, prime factor) is operable to convert each block into an executable form . 		WO9964973A1
CLAIM 22 . A method of watermarking software including the steps of : embedding a watermark in a static string ;
and applying an obfuscation technique whereby this static string is converted into executable code (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) .

WO9964973A1
CLAIM 24 . A method of fingerprinting software as claimed in claim 23 wherein the watermarked programs each of which has a number n with a common prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) p .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code (executable code, prime factor) and/or a data file . 		WO9964973A1
CLAIM 22 . A method of watermarking software including the steps of : embedding a watermark in a static string ;
and applying an obfuscation technique whereby this static string is converted into executable code (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) .

WO9964973A1
CLAIM 24 . A method of fingerprinting software as claimed in claim 23 wherein the watermarked programs each of which has a number n with a common prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) p .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code (executable code, prime factor) , and memory means storing the protected data , decryption instructions and conversion code (executable code, prime factor) with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code (executable code, prime factor) to be executed when seeking to access the protected data . 		WO9964973A1
CLAIM 22 . A method of watermarking software including the steps of : embedding a watermark in a static string ;
and applying an obfuscation technique whereby this static string is converted into executable code (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) .

WO9964973A1
CLAIM 24 . A method of fingerprinting software as claimed in claim 23 wherein the watermarked programs each of which has a number n with a common prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) p .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code (executable code, prime factor) executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		WO9964973A1
CLAIM 22 . A method of watermarking software including the steps of : embedding a watermark in a static string ;
and applying an obfuscation technique whereby this static string is converted into executable code (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) .

WO9964973A1
CLAIM 24 . A method of fingerprinting software as claimed in claim 23 wherein the watermarked programs each of which has a number n with a common prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) p .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code (executable code, prime factor) is executable to create the steps on each occasion that the executable instruction is to be executed . 		WO9964973A1
CLAIM 22 . A method of watermarking software including the steps of : embedding a watermark in a static string ;
and applying an obfuscation technique whereby this static string is converted into executable code (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) .

WO9964973A1
CLAIM 24 . A method of fingerprinting software as claimed in claim 23 wherein the watermarked programs each of which has a number n with a common prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) p .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code (executable code, prime factor) executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		WO9964973A1
CLAIM 22 . A method of watermarking software including the steps of : embedding a watermark in a static string ;
and applying an obfuscation technique whereby this static string is converted into executable code (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) .

WO9964973A1
CLAIM 24 . A method of fingerprinting software as claimed in claim 23 wherein the watermarked programs each of which has a number n with a common prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) p .

US7162735B2
CLAIM 36 . The arrangement of claim 34 , wherein the executable code (executable code, prime factor) is executable to create corrupt data in addition to each part of protected code . 		WO9964973A1
CLAIM 22 . A method of watermarking software including the steps of : embedding a watermark in a static string ;
and applying an obfuscation technique whereby this static string is converted into executable code (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) .

WO9964973A1
CLAIM 24 . A method of fingerprinting software as claimed in claim 23 wherein the watermarked programs each of which has a number n with a common prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) p .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code (executable code, prime factor) and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		WO9964973A1
CLAIM 22 . A method of watermarking software including the steps of : embedding a watermark in a static string ;
and applying an obfuscation technique whereby this static string is converted into executable code (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) .

WO9964973A1
CLAIM 24 . A method of fingerprinting software as claimed in claim 23 wherein the watermarked programs each of which has a number n with a common prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) p .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		WO9912350A1

Filed: 1998-09-03     Issued: 1999-03-11

Method and apparatus for transmitting motion picture cinematic information for viewing in movie theaters

(Original Assignee) Guido Mary M; Guido Margaret A     

Mary M. Guido, Margaret A. Guido
US7162735B2
CLAIM 1 . Computer software (second computer) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		WO9912350A1
CLAIM 2 . The system as set forth in claim 1 , further including : a first computer connected to a first digital storage which stores the digital data for modulation onto the first RF carrier ;
a second digital storage which stores the demodulated digital data from the second RF receiver ;
and a second computer (Computer software) connected to the second digital storage for controlling the operations thereof .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (security code) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		WO9912350A1
CLAIM 7 . The system as set forth in claim 3 , wherein : the first computer implements a first scrambling algorithm ;
the second computer implements a first inverse scrambling algorithm ;
one of the first computer and the second computer generates a random security code (security code) key which is utilized in the first scrambling algorithm to scramble the digital data and which is utilized in the first inverse scrambling algorithm to un-scramble the scrambled digital data ;
and the random security code key generated by one of the first computer and the second computer is transmitted to the other of the first computer and the second computer via the communication network .

US7162735B2
CLAIM 7 . Computer software (second computer) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		WO9912350A1
CLAIM 2 . The system as set forth in claim 1 , further including : a first computer connected to a first digital storage which stores the digital data for modulation onto the first RF carrier ;
a second digital storage which stores the demodulated digital data from the second RF receiver ;
and a second computer (Computer software) connected to the second digital storage for controlling the operations thereof .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (security code) , when executed , is operable to detect corruption of the protected code . 		WO9912350A1
CLAIM 7 . The system as set forth in claim 3 , wherein : the first computer implements a first scrambling algorithm ;
the second computer implements a first inverse scrambling algorithm ;
one of the first computer and the second computer generates a random security code (security code) key which is utilized in the first scrambling algorithm to scramble the digital data and which is utilized in the first inverse scrambling algorithm to un-scramble the scrambled digital data ;
and the random security code key generated by one of the first computer and the second computer is transmitted to the other of the first computer and the second computer via the communication network .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (security code) is operable to delete the protected code in the event that any corruption is detected . 		WO9912350A1
CLAIM 7 . The system as set forth in claim 3 , wherein : the first computer implements a first scrambling algorithm ;
the second computer implements a first inverse scrambling algorithm ;
one of the first computer and the second computer generates a random security code (security code) key which is utilized in the first scrambling algorithm to scramble the digital data and which is utilized in the first inverse scrambling algorithm to un-scramble the scrambled digital data ;
and the random security code key generated by one of the first computer and the second computer is transmitted to the other of the first computer and the second computer via the communication network .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (security code) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		WO9912350A1
CLAIM 7 . The system as set forth in claim 3 , wherein : the first computer implements a first scrambling algorithm ;
the second computer implements a first inverse scrambling algorithm ;
one of the first computer and the second computer generates a random security code (security code) key which is utilized in the first scrambling algorithm to scramble the digital data and which is utilized in the first inverse scrambling algorithm to un-scramble the scrambled digital data ;
and the random security code key generated by one of the first computer and the second computer is transmitted to the other of the first computer and the second computer via the communication network .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (security code) is embedded within the protected code . 		WO9912350A1
CLAIM 7 . The system as set forth in claim 3 , wherein : the first computer implements a first scrambling algorithm ;
the second computer implements a first inverse scrambling algorithm ;
one of the first computer and the second computer generates a random security code (security code) key which is utilized in the first scrambling algorithm to scramble the digital data and which is utilized in the first inverse scrambling algorithm to un-scramble the scrambled digital data ;
and the random security code key generated by one of the first computer and the second computer is transmitted to the other of the first computer and the second computer via the communication network .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (security code) is embedded at locations which are unused by the protected code . 		WO9912350A1
CLAIM 7 . The system as set forth in claim 3 , wherein : the first computer implements a first scrambling algorithm ;
the second computer implements a first inverse scrambling algorithm ;
one of the first computer and the second computer generates a random security code (security code) key which is utilized in the first scrambling algorithm to scramble the digital data and which is utilized in the first inverse scrambling algorithm to un-scramble the scrambled digital data ;
and the random security code key generated by one of the first computer and the second computer is transmitted to the other of the first computer and the second computer via the communication network .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (security code) and to modify the call instruction to refer to the new location . 		WO9912350A1
CLAIM 7 . The system as set forth in claim 3 , wherein : the first computer implements a first scrambling algorithm ;
the second computer implements a first inverse scrambling algorithm ;
one of the first computer and the second computer generates a random security code (security code) key which is utilized in the first scrambling algorithm to scramble the digital data and which is utilized in the first inverse scrambling algorithm to un-scramble the scrambled digital data ;
and the random security code key generated by one of the first computer and the second computer is transmitted to the other of the first computer and the second computer via the communication network .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part (first inverse) of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		WO9912350A1
CLAIM 7 . The system as set forth in claim 3 , wherein : the first computer implements a first scrambling algorithm ;
the second computer implements a first inverse (first part) scrambling algorithm ;
one of the first computer and the second computer generates a random security code key which is utilized in the first scrambling algorithm to scramble the digital data and which is utilized in the first inverse scrambling algorithm to un-scramble the scrambled digital data ;
and the random security code key generated by one of the first computer and the second computer is transmitted to the other of the first computer and the second computer via the communication network .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (security code) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		WO9912350A1
CLAIM 7 . The system as set forth in claim 3 , wherein : the first computer implements a first scrambling algorithm ;
the second computer implements a first inverse scrambling algorithm ;
one of the first computer and the second computer generates a random security code (security code) key which is utilized in the first scrambling algorithm to scramble the digital data and which is utilized in the first inverse scrambling algorithm to un-scramble the scrambled digital data ;
and the random security code key generated by one of the first computer and the second computer is transmitted to the other of the first computer and the second computer via the communication network .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (security code) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		WO9912350A1
CLAIM 7 . The system as set forth in claim 3 , wherein : the first computer implements a first scrambling algorithm ;
the second computer implements a first inverse scrambling algorithm ;
one of the first computer and the second computer generates a random security code (security code) key which is utilized in the first scrambling algorithm to scramble the digital data and which is utilized in the first inverse scrambling algorithm to un-scramble the scrambled digital data ;
and the random security code key generated by one of the first computer and the second computer is transmitted to the other of the first computer and the second computer via the communication network .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5956710A

Filed: 1998-07-22     Issued: 1999-09-21

Apparatus for and method of providing user exits on an operating system platform

(Original Assignee) Memco Software Ltd     (Current Assignee) CA Software Israel Ltd

Yuval Yarom
US7162735B2
CLAIM 1 . Computer software (associated data) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5956710A
CLAIM 5 . An apparatus for providing system call security on an operating system platform , comprising : an initializer for replacing a plurality of existing system call entries with a set of alternate system call entries associated with system calls to be hooked ;
a kernel level intercepter for receiving a previously hooked system call , issued from a calling process , and for generating an associated data (Computer software) base query and receiving a corresponding reply , said kernel level intercepter permitting said previously hooked system call to execute if said reply indicates sufficient privileges , said kernel level intercepter sending a return failure value to said calling process if said reply indicates insufficient privileges ;
a database interface coupled to said kernel level intercepter , said database interface for receiving said database query , forming at least one database request based on said query and generating a reply to said kernel level intercepter based on a response from a database engine ;
and said database engine coupled to said database interface , said database engine for receiving said at least one database request , serving as a repository of data and generating said response to said database interface based on the data stored within said repository of data .

US7162735B2
CLAIM 5 . A computer system comprising memory means (writing data) containing a digital protection arrangement according to claim 4 . 		US5956710A
CLAIM 13 . A method of dynamically inserting user supplied code into the kernel portion of an operating system , comprising the steps of : opening and writing data (memory means, memory location) into a communications channel ;
determining the location of a communications channel buffer associated with said communications channel ;
writing bootstrap loader code into said communications channel buffer ;
executing said bootstrap loader code thereby creating a memory buffer within said kernel portion ;
and inserting said user supplied code into said memory buffer .

US7162735B2
CLAIM 7 . Computer software (associated data) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5956710A
CLAIM 5 . An apparatus for providing system call security on an operating system platform , comprising : an initializer for replacing a plurality of existing system call entries with a set of alternate system call entries associated with system calls to be hooked ;
a kernel level intercepter for receiving a previously hooked system call , issued from a calling process , and for generating an associated data (Computer software) base query and receiving a corresponding reply , said kernel level intercepter permitting said previously hooked system call to execute if said reply indicates sufficient privileges , said kernel level intercepter sending a return failure value to said calling process if said reply indicates insufficient privileges ;
a database interface coupled to said kernel level intercepter , said database interface for receiving said database query , forming at least one database request based on said query and generating a reply to said kernel level intercepter based on a response from a database engine ;
and said database engine coupled to said database interface , said database engine for receiving said at least one database request , serving as a repository of data and generating said response to said database interface based on the data stored within said repository of data .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		US5956710A
CLAIM 13 . A method of dynamically inserting user supplied code into the kernel portion of an operating system , comprising the steps of : opening and writing data into a communications channel ;
determining the location of a communications channel buffer associated with said communications channel ;
writing bootstrap loader code into said communications channel buffer ;
executing said bootstrap loader code thereby creating a memory buffer within said kernel portion ;
and inserting said user supplied code into said memory (relocation code) buffer .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US5956710A
CLAIM 13 . A method of dynamically inserting user supplied code into the kernel portion of an operating system , comprising the steps of : opening and writing data into a communications channel ;
determining the location of a communications channel buffer associated with said communications channel ;
writing bootstrap loader code into said communications channel buffer ;
executing said bootstrap loader code thereby creating a memory buffer within said kernel portion ;
and inserting said user supplied code into said memory (relocation code) buffer .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code and/or a data file (coupled thereto) . 		US5956710A
CLAIM 2 . The apparatus of claim 1 , further comprising a database interface coupled to said kernel level intercepter , said database interface for providing an interface to a database engine coupled thereto (data file) .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (writing data) storing the protected data , decryption instructions and conversion code with a start point at a memory location (writing data) indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US5956710A
CLAIM 13 . A method of dynamically inserting user supplied code into the kernel portion of an operating system , comprising the steps of : opening and writing data (memory means, memory location) into a communications channel ;
determining the location of a communications channel buffer associated with said communications channel ;
writing bootstrap loader code into said communications channel buffer ;
executing said bootstrap loader code thereby creating a memory buffer within said kernel portion ;
and inserting said user supplied code into said memory buffer .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5956710A
CLAIM 13 . A method of dynamically inserting user supplied code into the kernel portion of an operating system , comprising the steps of : opening and writing data into a communications channel ;
determining the location of a communications channel buffer associated with said communications channel ;
writing bootstrap loader code into said communications channel buffer ;
executing said bootstrap loader code thereby creating a memory buffer within said kernel portion ;
and inserting said user supplied code into said memory (relocation code) buffer .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5956710A
CLAIM 13 . A method of dynamically inserting user supplied code into the kernel portion of an operating system , comprising the steps of : opening and writing data into a communications channel ;
determining the location of a communications channel buffer associated with said communications channel ;
writing bootstrap loader code into said communications channel buffer ;
executing said bootstrap loader code thereby creating a memory buffer within said kernel portion ;
and inserting said user supplied code into said memory (relocation code) buffer .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		WO9901815A1

Filed: 1998-06-09     Issued: 1999-01-14

Obfuscation techniques for enhancing software security

(Original Assignee) Intertrust, Incorporated     

Christian Sven Collberg, Clark David Thomborson, Douglas Wai Kok Low
US7162735B2
CLAIM 1 . Computer software (computer program) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		WO9901815A1
CLAIM 7 . A computer program (Computer software) embodied on a computer- readable medium for obfuscating code , comprising : logic that selects a subset of the code to obfuscate ;
logic that selects an obfuscating transform to apply ;
and logic that applies the transformation , wherein the transformed code provides weak equivalence to the untransformed code .

US7162735B2
CLAIM 7 . Computer software (computer program) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		WO9901815A1
CLAIM 7 . A computer program (Computer software) embodied on a computer- readable medium for obfuscating code , comprising : logic that selects a subset of the code to obfuscate ;
logic that selects an obfuscating transform to apply ;
and logic that applies the transformation , wherein the transformed code provides weak equivalence to the untransformed code .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (more source) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		WO9901815A1
CLAIM 2 . The computer implemented method of Claim 1 , further comprising : identifying one or more source (relocation code) code input files corresponding to source code for the code of an application to be processed ;
selecting a required level of obfuscation (the potency) ;
selecting a maximum execution time or space penalty (the cost) ;
reading and parsing the input files ;
providing information identifying data types , data structures , and control structures used by the application to be processed ;
selecting and applying obfuscating transformations to source code objects until the required potency has been achieved or the maximum cost has been exceeded ;
and outputting the transformed code of the application .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (more source) is contained within the protected code , to operate repeatedly while the protected code is in use . 		WO9901815A1
CLAIM 2 . The computer implemented method of Claim 1 , further comprising : identifying one or more source (relocation code) code input files corresponding to source code for the code of an application to be processed ;
selecting a required level of obfuscation (the potency) ;
selecting a maximum execution time or space penalty (the cost) ;
reading and parsing the input files ;
providing information identifying data types , data structures , and control structures used by the application to be processed ;
selecting and applying obfuscating transformations to source code objects until the required potency has been achieved or the maximum cost has been exceeded ;
and outputting the transformed code of the application .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code (more source) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		WO9901815A1
CLAIM 2 . The computer implemented method of Claim 1 , further comprising : identifying one or more source (relocation code) code input files corresponding to source code for the code of an application to be processed ;
selecting a required level of obfuscation (the potency) ;
selecting a maximum execution time or space penalty (the cost) ;
reading and parsing the input files ;
providing information identifying data types , data structures , and control structures used by the application to be processed ;
selecting and applying obfuscating transformations to source code objects until the required potency has been achieved or the maximum cost has been exceeded ;
and outputting the transformed code of the application .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (more source) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		WO9901815A1
CLAIM 2 . The computer implemented method of Claim 1 , further comprising : identifying one or more source (relocation code) code input files corresponding to source code for the code of an application to be processed ;
selecting a required level of obfuscation (the potency) ;
selecting a maximum execution time or space penalty (the cost) ;
reading and parsing the input files ;
providing information identifying data types , data structures , and control structures used by the application to be processed ;
selecting and applying obfuscating transformations to source code objects until the required potency has been achieved or the maximum cost has been exceeded ;
and outputting the transformed code of the application .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		WO9837481A1

Filed: 1998-02-25     Issued: 1998-08-27

Techniques for defining, using and manipulating rights management data structures

(Original Assignee) Intertrust Technologies Corp.     

Edwin J. Hall, Victor H. Shear, Luke S. Tomasello, David M. Van Wie, Robert P. Weber, Kim Worsencroft, Xuejun Xu
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form (presented object) by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		WO9837481A1
CLAIM 27 . A method of achieving a degree of compatibility with at least one secure environment comprising : (a) creating a descriptive data structure ;
(b) associating the descriptive data structure with at least one object ;
and (c) presenting the object and associated descriptive data structure to the secure environment ;
and (d) interoperating with the presented object (executable form) at least in part based on the descriptive data structure .

US7162735B2
CLAIM 5 . A computer system comprising memory means (electronic appliance) containing a digital protection arrangement according to claim 4 . 		WO9837481A1
CLAIM 18 . In a rights management data processing architecture of the type including a secure electronic appliance (memory means) that interacts with an application through an interface , a method of interoperating with secure electronic containers comprising the following steps : (a) delivering an abstract data structure representation to the application ;
(b) generating container access requests with the application based at least in part on the abstract data structure representation ;
and (c) accessing the container with the secure electronic appliance at least in part based on the container access requests the container generates .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form (presented object) by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		WO9837481A1
CLAIM 27 . A method of achieving a degree of compatibility with at least one secure environment comprising : (a) creating a descriptive data structure ;
(b) associating the descriptive data structure with at least one object ;
and (c) presenting the object and associated descriptive data structure to the secure environment ;
and (d) interoperating with the presented object (executable form) at least in part based on the descriptive data structure .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form (presented object) . 		WO9837481A1
CLAIM 27 . A method of achieving a degree of compatibility with at least one secure environment comprising : (a) creating a descriptive data structure ;
(b) associating the descriptive data structure with at least one object ;
and (c) presenting the object and associated descriptive data structure to the secure environment ;
and (d) interoperating with the presented object (executable form) at least in part based on the descriptive data structure .

US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form (presented object) for subsequent execution . 		WO9837481A1
CLAIM 27 . A method of achieving a degree of compatibility with at least one secure environment comprising : (a) creating a descriptive data structure ;
(b) associating the descriptive data structure with at least one object ;
and (c) presenting the object and associated descriptive data structure to the secure environment ;
and (d) interoperating with the presented object (executable form) at least in part based on the descriptive data structure .

US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form (presented object) for subsequent execution . 		WO9837481A1
CLAIM 27 . A method of achieving a degree of compatibility with at least one secure environment comprising : (a) creating a descriptive data structure ;
(b) associating the descriptive data structure with at least one object ;
and (c) presenting the object and associated descriptive data structure to the secure environment ;
and (d) interoperating with the presented object (executable form) at least in part based on the descriptive data structure .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (electronic appliance) storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		WO9837481A1
CLAIM 18 . In a rights management data processing architecture of the type including a secure electronic appliance (memory means) that interacts with an application through an interface , a method of interoperating with secure electronic containers comprising the following steps : (a) delivering an abstract data structure representation to the application ;
(b) generating container access requests with the application based at least in part on the abstract data structure representation ;
and (c) accessing the container with the secure electronic appliance at least in part based on the container access requests the container generates .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part (following steps) of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		WO9837481A1
CLAIM 18 . In a rights management data processing architecture of the type including a secure electronic appliance that interacts with an application through an interface , a method of interoperating with secure electronic containers comprising the following steps (second part) : (a) delivering an abstract data structure representation to the application ;
(b) generating container access requests with the application based at least in part on the abstract data structure representation ;
and (c) accessing the container with the secure electronic appliance at least in part based on the container access requests the container generates .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6044155A

Filed: 1997-12-23     Issued: 2000-03-28

Method and system for securely archiving core data secrets

(Original Assignee) Microsoft Corp     (Current Assignee) Microsoft Technology Licensing LLC

Matthew W. Thomlinson, Scott Field, Allan Cooper
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item (data items) of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US6044155A
CLAIM 43 . A system for storing and recovering data items (second item) and for protecting them from unauthorized access , comprising : a network supervisory computer that authenticates users of client computers ;
a client computer that communicates with the network supervisory computer , the client computer being programmed to send a data item to the network supervisory computer ;
the network supervisory computer being programmed to encrypt a data combination comprising the data item and a user identification corresponding to an authenticated current user of the client computer , and to return the encrypted data combination to the client computer ;
the client computer being programmed to store the encrypted data combination and to send the encrypted data combination to the network supervisory computer to recover the data item ;
the network supervisory computer being programmed to decrypt the data combination to obtain the data item and the user identification in response to receiving the encrypted data combination from the client computer , and to return the data item to the client computer only if the user identification corresponds to the currently authenticated user of the client computer .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (unauthorized access) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions (authenticated user) to the security code , and the security code , when executed , replaces a respective call (current user) instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US6044155A
CLAIM 1 . A method of securely storing and recovering data protection keys , comprising the following steps : deriving a client key from a user secret that is supplied by a user during network logon procedures ;
securing user data on a client computer with the client key ;
sending the client key to a network supervisory computer that authenticates network users during user logon procedures ;
encrypting a data combination at the network supervisory computer , the data combination including the client key and a user identification corresponding to a currently authenticated current user (respective call, respective call instruction) of the client computer ;
returning the encrypted data combination to the client computer ;
storing the encrypted data combination at the client computer ;
sending the encrypted data combination to the network supervisory computer in order to recover the client key ;
decrypting the data combination at the network supervisory computer to obtain the client key and the user identification in response to receiving the encrypted data combination from the client computer ;
returning the client key to the client computer only if the obtained user identification corresponds to the currently authenticated user (call instructions, remaining call instructions) of the client computer .

US6044155A
CLAIM 43 . A system for storing and recovering data items and for protecting them from unauthorized access (security code) , comprising : a network supervisory computer that authenticates users of client computers ;
a client computer that communicates with the network supervisory computer , the client computer being programmed to send a data item to the network supervisory computer ;
the network supervisory computer being programmed to encrypt a data combination comprising the data item and a user identification corresponding to an authenticated current user of the client computer , and to return the encrypted data combination to the client computer ;
the client computer being programmed to store the encrypted data combination and to send the encrypted data combination to the network supervisory computer to recover the data item ;
the network supervisory computer being programmed to decrypt the data combination to obtain the data item and the user identification in response to receiving the encrypted data combination from the client computer , and to return the data item to the client computer only if the user identification corresponds to the currently authenticated user of the client computer .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (unauthorized access) , when executed , is operable to detect corruption of the protected code . 		US6044155A
CLAIM 43 . A system for storing and recovering data items and for protecting them from unauthorized access (security code) , comprising : a network supervisory computer that authenticates users of client computers ;
a client computer that communicates with the network supervisory computer , the client computer being programmed to send a data item to the network supervisory computer ;
the network supervisory computer being programmed to encrypt a data combination comprising the data item and a user identification corresponding to an authenticated current user of the client computer , and to return the encrypted data combination to the client computer ;
the client computer being programmed to store the encrypted data combination and to send the encrypted data combination to the network supervisory computer to recover the data item ;
the network supervisory computer being programmed to decrypt the data combination to obtain the data item and the user identification in response to receiving the encrypted data combination from the client computer , and to return the data item to the client computer only if the user identification corresponds to the currently authenticated user of the client computer .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (unauthorized access) is operable to delete the protected code in the event that any corruption is detected . 		US6044155A
CLAIM 43 . A system for storing and recovering data items and for protecting them from unauthorized access (security code) , comprising : a network supervisory computer that authenticates users of client computers ;
a client computer that communicates with the network supervisory computer , the client computer being programmed to send a data item to the network supervisory computer ;
the network supervisory computer being programmed to encrypt a data combination comprising the data item and a user identification corresponding to an authenticated current user of the client computer , and to return the encrypted data combination to the client computer ;
the client computer being programmed to store the encrypted data combination and to send the encrypted data combination to the network supervisory computer to recover the data item ;
the network supervisory computer being programmed to decrypt the data combination to obtain the data item and the user identification in response to receiving the encrypted data combination from the client computer , and to return the data item to the client computer only if the user identification corresponds to the currently authenticated user of the client computer .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (unauthorized access) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US6044155A
CLAIM 43 . A system for storing and recovering data items and for protecting them from unauthorized access (security code) , comprising : a network supervisory computer that authenticates users of client computers ;
a client computer that communicates with the network supervisory computer , the client computer being programmed to send a data item to the network supervisory computer ;
the network supervisory computer being programmed to encrypt a data combination comprising the data item and a user identification corresponding to an authenticated current user of the client computer , and to return the encrypted data combination to the client computer ;
the client computer being programmed to store the encrypted data combination and to send the encrypted data combination to the network supervisory computer to recover the data item ;
the network supervisory computer being programmed to decrypt the data combination to obtain the data item and the user identification in response to receiving the encrypted data combination from the client computer , and to return the data item to the client computer only if the user identification corresponds to the currently authenticated user of the client computer .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (unauthorized access) is embedded within the protected code . 		US6044155A
CLAIM 43 . A system for storing and recovering data items and for protecting them from unauthorized access (security code) , comprising : a network supervisory computer that authenticates users of client computers ;
a client computer that communicates with the network supervisory computer , the client computer being programmed to send a data item to the network supervisory computer ;
the network supervisory computer being programmed to encrypt a data combination comprising the data item and a user identification corresponding to an authenticated current user of the client computer , and to return the encrypted data combination to the client computer ;
the client computer being programmed to store the encrypted data combination and to send the encrypted data combination to the network supervisory computer to recover the data item ;
the network supervisory computer being programmed to decrypt the data combination to obtain the data item and the user identification in response to receiving the encrypted data combination from the client computer , and to return the data item to the client computer only if the user identification corresponds to the currently authenticated user of the client computer .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (unauthorized access) is embedded at locations which are unused by the protected code . 		US6044155A
CLAIM 43 . A system for storing and recovering data items and for protecting them from unauthorized access (security code) , comprising : a network supervisory computer that authenticates users of client computers ;
a client computer that communicates with the network supervisory computer , the client computer being programmed to send a data item to the network supervisory computer ;
the network supervisory computer being programmed to encrypt a data combination comprising the data item and a user identification corresponding to an authenticated current user of the client computer , and to return the encrypted data combination to the client computer ;
the client computer being programmed to store the encrypted data combination and to send the encrypted data combination to the network supervisory computer to recover the data item ;
the network supervisory computer being programmed to decrypt the data combination to obtain the data item and the user identification in response to receiving the encrypted data combination from the client computer , and to return the data item to the client computer only if the user identification corresponds to the currently authenticated user of the client computer .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (unauthorized access) and to modify the call instruction to refer to the new location . 		US6044155A
CLAIM 43 . A system for storing and recovering data items and for protecting them from unauthorized access (security code) , comprising : a network supervisory computer that authenticates users of client computers ;
a client computer that communicates with the network supervisory computer , the client computer being programmed to send a data item to the network supervisory computer ;
the network supervisory computer being programmed to encrypt a data combination comprising the data item and a user identification corresponding to an authenticated current user of the client computer , and to return the encrypted data combination to the client computer ;
the client computer being programmed to store the encrypted data combination and to send the encrypted data combination to the network supervisory computer to recover the data item ;
the network supervisory computer being programmed to decrypt the data combination to obtain the data item and the user identification in response to receiving the encrypted data combination from the client computer , and to return the data item to the client computer only if the user identification corresponds to the currently authenticated user of the client computer .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part (following steps) of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US6044155A
CLAIM 1 . A method of securely storing and recovering data protection keys , comprising the following steps (second part) : deriving a client key from a user secret that is supplied by a user during network logon procedures ;
securing user data on a client computer with the client key ;
sending the client key to a network supervisory computer that authenticates network users during user logon procedures ;
encrypting a data combination at the network supervisory computer , the data combination including the client key and a user identification corresponding to a currently authenticated current user of the client computer ;
returning the encrypted data combination to the client computer ;
storing the encrypted data combination at the client computer ;
sending the encrypted data combination to the network supervisory computer in order to recover the client key ;
decrypting the data combination at the network supervisory computer to obtain the client key and the user identification in response to receiving the encrypted data combination from the client computer ;
returning the client key to the client computer only if the obtained user identification corresponds to the currently authenticated user of the client computer .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (unauthorized access) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US6044155A
CLAIM 43 . A system for storing and recovering data items and for protecting them from unauthorized access (security code) , comprising : a network supervisory computer that authenticates users of client computers ;
a client computer that communicates with the network supervisory computer , the client computer being programmed to send a data item to the network supervisory computer ;
the network supervisory computer being programmed to encrypt a data combination comprising the data item and a user identification corresponding to an authenticated current user of the client computer , and to return the encrypted data combination to the client computer ;
the client computer being programmed to store the encrypted data combination and to send the encrypted data combination to the network supervisory computer to recover the data item ;
the network supervisory computer being programmed to decrypt the data combination to obtain the data item and the user identification in response to receiving the encrypted data combination from the client computer , and to return the data item to the client computer only if the user identification corresponds to the currently authenticated user of the client computer .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions (authenticated user) to the security code (unauthorized access) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US6044155A
CLAIM 1 . A method of securely storing and recovering data protection keys , comprising the following steps : deriving a client key from a user secret that is supplied by a user during network logon procedures ;
securing user data on a client computer with the client key ;
sending the client key to a network supervisory computer that authenticates network users during user logon procedures ;
encrypting a data combination at the network supervisory computer , the data combination including the client key and a user identification corresponding to a currently authenticated current user of the client computer ;
returning the encrypted data combination to the client computer ;
storing the encrypted data combination at the client computer ;
sending the encrypted data combination to the network supervisory computer in order to recover the client key ;
decrypting the data combination at the network supervisory computer to obtain the client key and the user identification in response to receiving the encrypted data combination from the client computer ;
returning the client key to the client computer only if the obtained user identification corresponds to the currently authenticated user (call instructions, remaining call instructions) of the client computer .

US6044155A
CLAIM 43 . A system for storing and recovering data items and for protecting them from unauthorized access (security code) , comprising : a network supervisory computer that authenticates users of client computers ;
a client computer that communicates with the network supervisory computer , the client computer being programmed to send a data item to the network supervisory computer ;
the network supervisory computer being programmed to encrypt a data combination comprising the data item and a user identification corresponding to an authenticated current user of the client computer , and to return the encrypted data combination to the client computer ;
the client computer being programmed to store the encrypted data combination and to send the encrypted data combination to the network supervisory computer to recover the data item ;
the network supervisory computer being programmed to decrypt the data combination to obtain the data item and the user identification in response to receiving the encrypted data combination from the client computer , and to return the data item to the client computer only if the user identification corresponds to the currently authenticated user of the client computer .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5991399A

Filed: 1997-12-18     Issued: 1999-11-23

Method for securely distributing a conditional use private key to a trusted entity on a remote system

(Original Assignee) Intel Corp     (Current Assignee) Honeyman Cipher Solutions LLC

Gary L. Graunke, John Carbajal, Richard L. Maliszewski, Carlos V. Rozas
US7162735B2
CLAIM 1 . Computer software (readable instructions) operable to provide protection for a second item of computer software (machine readable medium) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5991399A
CLAIM 27 . A machine readable medium (computer software) having stored therein a plurality of machine readable instructions (Computer software) for execution by a processing unit , the machine readable instructions for generating an asymmetric key pair having a public key and a private key ;
for encrypting predetermined data with the generated public key ;
for building an executable tamper resistant key module identified for a selected program on a remote system , the executable tamper resistant key module including the generated private key and the encrypted predetermined data ;
and for sending the executable tamper resistant key module to the remote system to verify the authenticity and integrity of the program operating on the remote system and decrypt the encrypted predetermined data when the program is validated .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (machine readable medium) in accordance with claim 1 . 		US5991399A
CLAIM 27 . A machine readable medium (computer software) having stored therein a plurality of machine readable instructions for execution by a processing unit , the machine readable instructions for generating an asymmetric key pair having a public key and a private key ;
for encrypting predetermined data with the generated public key ;
for building an executable tamper resistant key module identified for a selected program on a remote system , the executable tamper resistant key module including the generated private key and the encrypted predetermined data ;
and for sending the executable tamper resistant key module to the remote system to verify the authenticity and integrity of the program operating on the remote system and decrypt the encrypted predetermined data when the program is validated .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (machine readable medium) protected by means of computer software in accordance with claim 1 . 		US5991399A
CLAIM 27 . A machine readable medium (computer software) having stored therein a plurality of machine readable instructions for execution by a processing unit , the machine readable instructions for generating an asymmetric key pair having a public key and a private key ;
for encrypting predetermined data with the generated public key ;
for building an executable tamper resistant key module identified for a selected program on a remote system , the executable tamper resistant key module including the generated private key and the encrypted predetermined data ;
and for sending the executable tamper resistant key module to the remote system to verify the authenticity and integrity of the program operating on the remote system and decrypt the encrypted predetermined data when the program is validated .

US7162735B2
CLAIM 7 . Computer software (readable instructions) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5991399A
CLAIM 27 . A machine readable medium having stored therein a plurality of machine readable instructions (Computer software) for execution by a processing unit , the machine readable instructions for generating an asymmetric key pair having a public key and a private key ;
for encrypting predetermined data with the generated public key ;
for building an executable tamper resistant key module identified for a selected program on a remote system , the executable tamper resistant key module including the generated private key and the encrypted predetermined data ;
and for sending the executable tamper resistant key module to the remote system to verify the authenticity and integrity of the program operating on the remote system and decrypt the encrypted predetermined data when the program is validated .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (processing unit) will cause the executable conversion code to be executed when seeking to access the protected data . 		US5991399A
CLAIM 27 . A machine readable medium having stored therein a plurality of machine readable instructions for execution by a processing unit (processor means) , the machine readable instructions for generating an asymmetric key pair having a public key and a private key ;
for encrypting predetermined data with the generated public key ;
for building an executable tamper resistant key module identified for a selected program on a remote system , the executable tamper resistant key module including the generated private key and the encrypted predetermined data ;
and for sending the executable tamper resistant key module to the remote system to verify the authenticity and integrity of the program operating on the remote system and decrypt the encrypted predetermined data when the program is validated .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5970145A

Filed: 1997-12-17     Issued: 1999-10-19

System and method for protecting use of dynamically linked executable modules

(Original Assignee) Sun Microsystems Inc     (Current Assignee) Sun Microsystems Inc

Charles E. McManis
US7162735B2
CLAIM 1 . Computer software (program product) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form (program product) by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5970145A
CLAIM 7 . A computer program product (executable form, Computer software, Computer software operable to provide protection) comprising a computer readable storage medium and a computer program mechanism embedded therein , wherein the computer program product is for use in conjunction with a computer system having a program module verifier configured to respond to procedure calls to the program module verifier by verifying authenticity of any specified program module and by returning a verification confirmation or denial in response to each such procedure call ;
the computer program mechanism comprising : a program module , including : an executable procedure to be performed in response to a call from another program module ;
a call to the program module verifier for verifying the other module' ;
s authenticity , wherein the call to the program module verifier is logically positioned in the program module so as to be executed prior to completion of execution of the executable procedure ;
and instructions preventing completion of execution of the executable procedure when the call to the program module verifier results in a verification denial being returned by the program module verifier ;
said other program module includes an executable procedure and a digital signature , and the program module verifier verifies authenticity of the other program module by verifying the other program module' ;
s digital signature .

US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US5970145A
CLAIM 1 . A method of operating a computer system (computer system) , comprising the steps of : (A) executing a procedure in a first program module , and while executing the procedure in the first program module making a call from the first program module to a second program module ;
(B) in response to the call from the first program module , executing a procedure in the second program module to generate a result , and prior to generating the result verifying the first program module' ;
s authenticity ;
(C) upon verifying the first program module' ;
s authenticity , completing execution of the procedure in the second program module to generate the result and returning control to the first program module procedure ;
and (D) upon failing to verify the first program module' ;
s authenticity , preventing generation of the result by the procedure in the second program module ;
said first program module includes a first digital signature , and step (B) includes verifying the first program module' ;
s authenticity by verifying the first digital signature .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US5970145A
CLAIM 1 . A method of operating a computer system (computer system) , comprising the steps of : (A) executing a procedure in a first program module , and while executing the procedure in the first program module making a call from the first program module to a second program module ;
(B) in response to the call from the first program module , executing a procedure in the second program module to generate a result , and prior to generating the result verifying the first program module' ;
s authenticity ;
(C) upon verifying the first program module' ;
s authenticity , completing execution of the procedure in the second program module to generate the result and returning control to the first program module procedure ;
and (D) upon failing to verify the first program module' ;
s authenticity , preventing generation of the result by the procedure in the second program module ;
said first program module includes a first digital signature , and step (B) includes verifying the first program module' ;
s authenticity by verifying the first digital signature .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5970145A
CLAIM 1 . A method of operating a computer system (computer system) , comprising the steps of : (A) executing a procedure in a first program module , and while executing the procedure in the first program module making a call from the first program module to a second program module ;
(B) in response to the call from the first program module , executing a procedure in the second program module to generate a result , and prior to generating the result verifying the first program module' ;
s authenticity ;
(C) upon verifying the first program module' ;
s authenticity , completing execution of the procedure in the second program module to generate the result and returning control to the first program module procedure ;
and (D) upon failing to verify the first program module' ;
s authenticity , preventing generation of the result by the procedure in the second program module ;
said first program module includes a first digital signature , and step (B) includes verifying the first program module' ;
s authenticity by verifying the first digital signature .

US7162735B2
CLAIM 7 . Computer software (program product) which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5970145A
CLAIM 1 . A method of operating a computer system (computer system) , comprising the steps of : (A) executing a procedure in a first program module , and while executing the procedure in the first program module making a call from the first program module to a second program module ;
(B) in response to the call from the first program module , executing a procedure in the second program module to generate a result , and prior to generating the result verifying the first program module' ;
s authenticity ;
(C) upon verifying the first program module' ;
s authenticity , completing execution of the procedure in the second program module to generate the result and returning control to the first program module procedure ;
and (D) upon failing to verify the first program module' ;
s authenticity , preventing generation of the result by the procedure in the second program module ;
said first program module includes a first digital signature , and step (B) includes verifying the first program module' ;
s authenticity by verifying the first digital signature .

US5970145A
CLAIM 7 . A computer program product (executable form, Computer software, Computer software operable to provide protection) comprising a computer readable storage medium and a computer program mechanism embedded therein , wherein the computer program product is for use in conjunction with a computer system having a program module verifier configured to respond to procedure calls to the program module verifier by verifying authenticity of any specified program module and by returning a verification confirmation or denial in response to each such procedure call ;
the computer program mechanism comprising : a program module , including : an executable procedure to be performed in response to a call from another program module ;
a call to the program module verifier for verifying the other module' ;
s authenticity , wherein the call to the program module verifier is logically positioned in the program module so as to be executed prior to completion of execution of the executable procedure ;
and instructions preventing completion of execution of the executable procedure when the call to the program module verifier results in a verification denial being returned by the program module verifier ;
said other program module includes an executable procedure and a digital signature , and the program module verifier verifies authenticity of the other program module by verifying the other program module' ;
s digital signature .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form (program product) by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5970145A
CLAIM 7 . A computer program product (executable form, Computer software, Computer software operable to provide protection) comprising a computer readable storage medium and a computer program mechanism embedded therein , wherein the computer program product is for use in conjunction with a computer system having a program module verifier configured to respond to procedure calls to the program module verifier by verifying authenticity of any specified program module and by returning a verification confirmation or denial in response to each such procedure call ;
the computer program mechanism comprising : a program module , including : an executable procedure to be performed in response to a call from another program module ;
a call to the program module verifier for verifying the other module' ;
s authenticity , wherein the call to the program module verifier is logically positioned in the program module so as to be executed prior to completion of execution of the executable procedure ;
and instructions preventing completion of execution of the executable procedure when the call to the program module verifier results in a verification denial being returned by the program module verifier ;
said other program module includes an executable procedure and a digital signature , and the program module verifier verifies authenticity of the other program module by verifying the other program module' ;
s digital signature .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form (program product) . 		US5970145A
CLAIM 7 . A computer program product (executable form, Computer software, Computer software operable to provide protection) comprising a computer readable storage medium and a computer program mechanism embedded therein , wherein the computer program product is for use in conjunction with a computer system having a program module verifier configured to respond to procedure calls to the program module verifier by verifying authenticity of any specified program module and by returning a verification confirmation or denial in response to each such procedure call ;
the computer program mechanism comprising : a program module , including : an executable procedure to be performed in response to a call from another program module ;
a call to the program module verifier for verifying the other module' ;
s authenticity , wherein the call to the program module verifier is logically positioned in the program module so as to be executed prior to completion of execution of the executable procedure ;
and instructions preventing completion of execution of the executable procedure when the call to the program module verifier results in a verification denial being returned by the program module verifier ;
said other program module includes an executable procedure and a digital signature , and the program module verifier verifies authenticity of the other program module by verifying the other program module' ;
s digital signature .

US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form (program product) for subsequent execution . 		US5970145A
CLAIM 7 . A computer program product (executable form, Computer software, Computer software operable to provide protection) comprising a computer readable storage medium and a computer program mechanism embedded therein , wherein the computer program product is for use in conjunction with a computer system having a program module verifier configured to respond to procedure calls to the program module verifier by verifying authenticity of any specified program module and by returning a verification confirmation or denial in response to each such procedure call ;
the computer program mechanism comprising : a program module , including : an executable procedure to be performed in response to a call from another program module ;
a call to the program module verifier for verifying the other module' ;
s authenticity , wherein the call to the program module verifier is logically positioned in the program module so as to be executed prior to completion of execution of the executable procedure ;
and instructions preventing completion of execution of the executable procedure when the call to the program module verifier results in a verification denial being returned by the program module verifier ;
said other program module includes an executable procedure and a digital signature , and the program module verifier verifies authenticity of the other program module by verifying the other program module' ;
s digital signature .

US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form (program product) for subsequent execution . 		US5970145A
CLAIM 7 . A computer program product (executable form, Computer software, Computer software operable to provide protection) comprising a computer readable storage medium and a computer program mechanism embedded therein , wherein the computer program product is for use in conjunction with a computer system having a program module verifier configured to respond to procedure calls to the program module verifier by verifying authenticity of any specified program module and by returning a verification confirmation or denial in response to each such procedure call ;
the computer program mechanism comprising : a program module , including : an executable procedure to be performed in response to a call from another program module ;
a call to the program module verifier for verifying the other module' ;
s authenticity , wherein the call to the program module verifier is logically positioned in the program module so as to be executed prior to completion of execution of the executable procedure ;
and instructions preventing completion of execution of the executable procedure when the call to the program module verifier results in a verification denial being returned by the program module verifier ;
said other program module includes an executable procedure and a digital signature , and the program module verifier verifies authenticity of the other program module by verifying the other program module' ;
s digital signature .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5970145A
CLAIM 1 . A method of operating a computer system (computer system) , comprising the steps of : (A) executing a procedure in a first program module , and while executing the procedure in the first program module making a call from the first program module to a second program module ;
(B) in response to the call from the first program module , executing a procedure in the second program module to generate a result , and prior to generating the result verifying the first program module' ;
s authenticity ;
(C) upon verifying the first program module' ;
s authenticity , completing execution of the procedure in the second program module to generate the result and returning control to the first program module procedure ;
and (D) upon failing to verify the first program module' ;
s authenticity , preventing generation of the result by the procedure in the second program module ;
said first program module includes a first digital signature , and step (B) includes verifying the first program module' ;
s authenticity by verifying the first digital signature .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5970145A
CLAIM 1 . A method of operating a computer system (computer system) , comprising the steps of : (A) executing a procedure in a first program module , and while executing the procedure in the first program module making a call from the first program module to a second program module ;
(B) in response to the call from the first program module , executing a procedure in the second program module to generate a result , and prior to generating the result verifying the first program module' ;
s authenticity ;
(C) upon verifying the first program module' ;
s authenticity , completing execution of the procedure in the second program module to generate the result and returning control to the first program module procedure ;
and (D) upon failing to verify the first program module' ;
s authenticity , preventing generation of the result by the procedure in the second program module ;
said first program module includes a first digital signature , and step (B) includes verifying the first program module' ;
s authenticity by verifying the first digital signature .

US7162735B2
CLAIM 32 . The arrangement of claim 29 , wherein the steps include at least one step which initiates operation of security means operable to detect corruption (procedure calls) of the protected data . 		US5970145A
CLAIM 7 . A computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein , wherein the computer program product is for use in conjunction with a computer system having a program module verifier configured to respond to procedure calls (security means operable to detect corruption) to the program module verifier by verifying authenticity of any specified program module and by returning a verification confirmation or denial in response to each such procedure call ;
the computer program mechanism comprising : a program module , including : an executable procedure to be performed in response to a call from another program module ;
a call to the program module verifier for verifying the other module' ;
s authenticity , wherein the call to the program module verifier is logically positioned in the program module so as to be executed prior to completion of execution of the executable procedure ;
and instructions preventing completion of execution of the executable procedure when the call to the program module verifier results in a verification denial being returned by the program module verifier ;
said other program module includes an executable procedure and a digital signature , and the program module verifier verifies authenticity of the other program module by verifying the other program module' ;
s digital signature .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5970145A
CLAIM 1 . A method of operating a computer system (computer system) , comprising the steps of : (A) executing a procedure in a first program module , and while executing the procedure in the first program module making a call from the first program module to a second program module ;
(B) in response to the call from the first program module , executing a procedure in the second program module to generate a result , and prior to generating the result verifying the first program module' ;
s authenticity ;
(C) upon verifying the first program module' ;
s authenticity , completing execution of the procedure in the second program module to generate the result and returning control to the first program module procedure ;
and (D) upon failing to verify the first program module' ;
s authenticity , preventing generation of the result by the procedure in the second program module ;
said first program module includes a first digital signature , and step (B) includes verifying the first program module' ;
s authenticity by verifying the first digital signature .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5970145A
CLAIM 1 . A method of operating a computer system (computer system) , comprising the steps of : (A) executing a procedure in a first program module , and while executing the procedure in the first program module making a call from the first program module to a second program module ;
(B) in response to the call from the first program module , executing a procedure in the second program module to generate a result , and prior to generating the result verifying the first program module' ;
s authenticity ;
(C) upon verifying the first program module' ;
s authenticity , completing execution of the procedure in the second program module to generate the result and returning control to the first program module procedure ;
and (D) upon failing to verify the first program module' ;
s authenticity , preventing generation of the result by the procedure in the second program module ;
said first program module includes a first digital signature , and step (B) includes verifying the first program module' ;
s authenticity by verifying the first digital signature .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6085249A

Filed: 1997-12-05     Issued: 2000-07-04

Method and apparatuses for transferring data for multiple applications through a single communication link in response to authentication information

(Original Assignee) Pictra Inc     (Current Assignee) KDL Scan Designs LLC ; Deep River Systems LLC ; Hanger Solutions LLC

Wu Wang, Prasad Kongara
US7162735B2
CLAIM 1 . Computer software (client computer) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code (executable code) which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US6085249A
CLAIM 1 . A method comprising : transmitting authentication information from a client computer (Computer software) to a server computer to authorize access to restricted data , wherein transmitting authentication information further includes executing a web browsing application program in the client computer to transmit the authentication information to the server computer ;
transmitting invocation information from the server computer to the client computer in response to the authentication information ;
invoking a first application program in the client computer using the invocation information , said first application program being a different application from said web browsing application program ;
and transmitting the restricted data from the server computer to the first application program in the client computer based on the access authorized by the authentication information .

US6085249A
CLAIM 8 . The method of claim 1 wherein the transmitting of invocation information includes transmitting one or more parameters that identify a portion of executable code (executable code) that is dynamically linked to the web browsing application program , and wherein the invoking a first application program includes executing the portion of executable code to invoke the first application program and to send a message to the first application program to cause the first application program , when executed , to receive the restricted data from the server computer .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code (executable code) , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US6085249A
CLAIM 8 . The method of claim 1 wherein the transmitting of invocation information includes transmitting one or more parameters that identify a portion of executable code (executable code) that is dynamically linked to the web browsing application program , and wherein the invoking a first application program includes executing the portion of executable code to invoke the first application program and to send a message to the first application program to cause the first application program , when executed , to receive the restricted data from the server computer .

US7162735B2
CLAIM 7 . Computer software (client computer) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6085249A
CLAIM 1 . A method comprising : transmitting authentication information from a client computer (Computer software) to a server computer to authorize access to restricted data , wherein transmitting authentication information further includes executing a web browsing application program in the client computer to transmit the authentication information to the server computer ;
transmitting invocation information from the server computer to the client computer in response to the authentication information ;
invoking a first application program in the client computer using the invocation information , said first application program being a different application from said web browsing application program ;
and transmitting the restricted data from the server computer to the first application program in the client computer based on the access authorized by the authentication information .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code (executable code) stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		US6085249A
CLAIM 8 . The method of claim 1 wherein the transmitting of invocation information includes transmitting one or more parameters that identify a portion of executable code (executable code) that is dynamically linked to the web browsing application program , and wherein the invoking a first application program includes executing the portion of executable code to invoke the first application program and to send a message to the first application program to cause the first application program , when executed , to receive the restricted data from the server computer .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code (executable code) and/or a data file . 		US6085249A
CLAIM 8 . The method of claim 1 wherein the transmitting of invocation information includes transmitting one or more parameters that identify a portion of executable code (executable code) that is dynamically linked to the web browsing application program , and wherein the invoking a first application program includes executing the portion of executable code to invoke the first application program and to send a message to the first application program to cause the first application program , when executed , to receive the restricted data from the server computer .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code (executable code) executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US6085249A
CLAIM 8 . The method of claim 1 wherein the transmitting of invocation information includes transmitting one or more parameters that identify a portion of executable code (executable code) that is dynamically linked to the web browsing application program , and wherein the invoking a first application program includes executing the portion of executable code to invoke the first application program and to send a message to the first application program to cause the first application program , when executed , to receive the restricted data from the server computer .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code (executable code) is executable to create the steps on each occasion that the executable instruction is to be executed . 		US6085249A
CLAIM 8 . The method of claim 1 wherein the transmitting of invocation information includes transmitting one or more parameters that identify a portion of executable code (executable code) that is dynamically linked to the web browsing application program , and wherein the invoking a first application program includes executing the portion of executable code to invoke the first application program and to send a message to the first application program to cause the first application program , when executed , to receive the restricted data from the server computer .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code (executable code) executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US6085249A
CLAIM 8 . The method of claim 1 wherein the transmitting of invocation information includes transmitting one or more parameters that identify a portion of executable code (executable code) that is dynamically linked to the web browsing application program , and wherein the invoking a first application program includes executing the portion of executable code to invoke the first application program and to send a message to the first application program to cause the first application program , when executed , to receive the restricted data from the server computer .

US7162735B2
CLAIM 36 . The arrangement of claim 34 , wherein the executable code (executable code) is executable to create corrupt data in addition to each part of protected code . 		US6085249A
CLAIM 8 . The method of claim 1 wherein the transmitting of invocation information includes transmitting one or more parameters that identify a portion of executable code (executable code) that is dynamically linked to the web browsing application program , and wherein the invoking a first application program includes executing the portion of executable code to invoke the first application program and to send a message to the first application program to cause the first application program , when executed , to receive the restricted data from the server computer .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code (executable code) and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US6085249A
CLAIM 8 . The method of claim 1 wherein the transmitting of invocation information includes transmitting one or more parameters that identify a portion of executable code (executable code) that is dynamically linked to the web browsing application program , and wherein the invoking a first application program includes executing the portion of executable code to invoke the first application program and to send a message to the first application program to cause the first application program , when executed , to receive the restricted data from the server computer .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5966541A

Filed: 1997-12-04     Issued: 1999-10-12

Test protection, and repair through binary-code augmentation

(Original Assignee) Incert Software Corp     (Current Assignee) NortonLifeLock Inc ; Incert Software Corp

Anant Agarwal
US7162735B2
CLAIM 4 . A digital data (control point) arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions (phone number) to the security code , and the security code , when executed , replaces a respective call (phone number) instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5966541A
CLAIM 11 . A method as claimed in claim 1 , wherein such method is used to perform telephone number (respective call, call instructions) or area code identification .

US5966541A
CLAIM 24 . A data processing system for testing , protecting , or correcting binary code , comprising : correlation means for identifying control point (digital data) s ;
a control flow representation of the binary code ;
binary software patches ;
means for determining where to install the software patches based on an analysis of the control flow representation ;
and means for rewriting the binary code by installing the binary software patches into the original binary code and by modifying the original binary code to account for code displacements due to the installed binary software patches .

US7162735B2
CLAIM 6 . A data carrier (n value) containing software which , when installed on a computer system , is operable as a digital data (control point) protection arrangement in accordance with claim 4 . 		US5966541A
CLAIM 1 . A method of testing , protecting , or correcting binary code , comprising : generating , from the binary code , a control flow representation of the binary code ;
generating , from the binary code , a data flow representation of the binary code ;
choosing which values or variables to track ;
defining binary software patches ;
determining where to install the software patches based on an analysis of the control flow representation ;
using the data flow representation to track the chosen value (data carrier) s or variables , wherein determining where to install the software patches is further based on an analysis of the data flow representation ;
and rewriting the binary code by installing the binary software patches into the original binary code and further modifying the original binary code to account for the installed binary software patches .

US5966541A
CLAIM 24 . A data processing system for testing , protecting , or correcting binary code , comprising : correlation means for identifying control point (digital data) s ;
a control flow representation of the binary code ;
binary software patches ;
means for determining where to install the software patches based on an analysis of the control flow representation ;
and means for rewriting the binary code by installing the binary software patches into the original binary code and by modifying the original binary code to account for code displacements due to the installed binary software patches .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system , is operable as a digital data (control point) protection arrangement in accordance with claim 4 . 		US5966541A
CLAIM 24 . A data processing system for testing , protecting , or correcting binary code , comprising : correlation means for identifying control point (digital data) s ;
a control flow representation of the binary code ;
binary software patches ;
means for determining where to install the software patches based on an analysis of the control flow representation ;
and means for rewriting the binary code by installing the binary software patches into the original binary code and by modifying the original binary code to account for code displacements due to the installed binary software patches .

US7162735B2
CLAIM 18 . A digital data (control point) arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5966541A
CLAIM 24 . A data processing system for testing , protecting , or correcting binary code , comprising : correlation means for identifying control point (digital data) s ;
a control flow representation of the binary code ;
binary software patches ;
means for determining where to install the software patches based on an analysis of the control flow representation ;
and means for rewriting the binary code by installing the binary software patches into the original binary code and by modifying the original binary code to account for code displacements due to the installed binary software patches .

US7162735B2
CLAIM 28 . A data carrier (n value) containing software which , when installed on a computer system , is operable as a digital data (control point) protection arrangement in accordance with claim 18 . 		US5966541A
CLAIM 1 . A method of testing , protecting , or correcting binary code , comprising : generating , from the binary code , a control flow representation of the binary code ;
generating , from the binary code , a data flow representation of the binary code ;
choosing which values or variables to track ;
defining binary software patches ;
determining where to install the software patches based on an analysis of the control flow representation ;
using the data flow representation to track the chosen value (data carrier) s or variables , wherein determining where to install the software patches is further based on an analysis of the data flow representation ;
and rewriting the binary code by installing the binary software patches into the original binary code and further modifying the original binary code to account for the installed binary software patches .

US5966541A
CLAIM 24 . A data processing system for testing , protecting , or correcting binary code , comprising : correlation means for identifying control point (digital data) s ;
a control flow representation of the binary code ;
binary software patches ;
means for determining where to install the software patches based on an analysis of the control flow representation ;
and means for rewriting the binary code by installing the binary software patches into the original binary code and by modifying the original binary code to account for code displacements due to the installed binary software patches .

US7162735B2
CLAIM 29 . A digital data (control point) arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5966541A
CLAIM 24 . A data processing system for testing , protecting , or correcting binary code , comprising : correlation means for identifying control point (digital data) s ;
a control flow representation of the binary code ;
binary software patches ;
means for determining where to install the software patches based on an analysis of the control flow representation ;
and means for rewriting the binary code by installing the binary software patches into the original binary code and by modifying the original binary code to account for code displacements due to the installed binary software patches .

US7162735B2
CLAIM 30 . A data carrier (n value) containing software which , when installed on a computer system , is operable as a digital data (control point) protection arrangement in accordance with claim 29 . 		US5966541A
CLAIM 1 . A method of testing , protecting , or correcting binary code , comprising : generating , from the binary code , a control flow representation of the binary code ;
generating , from the binary code , a data flow representation of the binary code ;
choosing which values or variables to track ;
defining binary software patches ;
determining where to install the software patches based on an analysis of the control flow representation ;
using the data flow representation to track the chosen value (data carrier) s or variables , wherein determining where to install the software patches is further based on an analysis of the data flow representation ;
and rewriting the binary code by installing the binary software patches into the original binary code and further modifying the original binary code to account for the installed binary software patches .

US5966541A
CLAIM 24 . A data processing system for testing , protecting , or correcting binary code , comprising : correlation means for identifying control point (digital data) s ;
a control flow representation of the binary code ;
binary software patches ;
means for determining where to install the software patches based on an analysis of the control flow representation ;
and means for rewriting the binary code by installing the binary software patches into the original binary code and by modifying the original binary code to account for code displacements due to the installed binary software patches .

US7162735B2
CLAIM 34 . A digital data (control point) arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5966541A
CLAIM 24 . A data processing system for testing , protecting , or correcting binary code , comprising : correlation means for identifying control point (digital data) s ;
a control flow representation of the binary code ;
binary software patches ;
means for determining where to install the software patches based on an analysis of the control flow representation ;
and means for rewriting the binary code by installing the binary software patches into the original binary code and by modifying the original binary code to account for code displacements due to the installed binary software patches .

US7162735B2
CLAIM 37 . A data carrier (n value) containing software which , when installed on a computer system , is operable as a digital data (control point) protection arrangement in accordance with claim 34 . 		US5966541A
CLAIM 1 . A method of testing , protecting , or correcting binary code , comprising : generating , from the binary code , a control flow representation of the binary code ;
generating , from the binary code , a data flow representation of the binary code ;
choosing which values or variables to track ;
defining binary software patches ;
determining where to install the software patches based on an analysis of the control flow representation ;
using the data flow representation to track the chosen value (data carrier) s or variables , wherein determining where to install the software patches is further based on an analysis of the data flow representation ;
and rewriting the binary code by installing the binary software patches into the original binary code and further modifying the original binary code to account for the installed binary software patches .

US5966541A
CLAIM 24 . A data processing system for testing , protecting , or correcting binary code , comprising : correlation means for identifying control point (digital data) s ;
a control flow representation of the binary code ;
binary software patches ;
means for determining where to install the software patches based on an analysis of the control flow representation ;
and means for rewriting the binary code by installing the binary software patches into the original binary code and by modifying the original binary code to account for code displacements due to the installed binary software patches .

US7162735B2
CLAIM 38 . A digital data (control point) arrangement comprising protected code , security code and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5966541A
CLAIM 24 . A data processing system for testing , protecting , or correcting binary code , comprising : correlation means for identifying control point (digital data) s ;
a control flow representation of the binary code ;
binary software patches ;
means for determining where to install the software patches based on an analysis of the control flow representation ;
and means for rewriting the binary code by installing the binary software patches into the original binary code and by modifying the original binary code to account for code displacements due to the installed binary software patches .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions (phone number) to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5966541A
CLAIM 11 . A method as claimed in claim 1 , wherein such method is used to perform telephone number (respective call, call instructions) or area code identification .

US7162735B2
CLAIM 40 . A data carrier (n value) containing software which , when installed on a computer system , is operable as a digital data (control point) protection arrangement in accordance with claim 38 . 		US5966541A
CLAIM 1 . A method of testing , protecting , or correcting binary code , comprising : generating , from the binary code , a control flow representation of the binary code ;
generating , from the binary code , a data flow representation of the binary code ;
choosing which values or variables to track ;
defining binary software patches ;
determining where to install the software patches based on an analysis of the control flow representation ;
using the data flow representation to track the chosen value (data carrier) s or variables , wherein determining where to install the software patches is further based on an analysis of the data flow representation ;
and rewriting the binary code by installing the binary software patches into the original binary code and further modifying the original binary code to account for the installed binary software patches .

US5966541A
CLAIM 24 . A data processing system for testing , protecting , or correcting binary code , comprising : correlation means for identifying control point (digital data) s ;
a control flow representation of the binary code ;
binary software patches ;
means for determining where to install the software patches based on an analysis of the control flow representation ;
and means for rewriting the binary code by installing the binary software patches into the original binary code and by modifying the original binary code to account for code displacements due to the installed binary software patches .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6078909A

Filed: 1997-11-19     Issued: 2000-06-20

Method and apparatus for licensing computer programs using a DSA signature

(Original Assignee) International Business Machines Corp     (Current Assignee) Google LLC

James Irwin Knutson
US7162735B2
CLAIM 1 . Computer software (computer program, program product) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form (computer program, program product) by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US6078909A
CLAIM 11 . A computer program (Computer software, executable form, Computer software operable to provide protection) product having a computer readable medium having computer program logic recorded thereon for licensing software for electronic distributions in a computer system , comprising : computer readable means for generating a pair of keys compatible for use with a digital signature algorithm for a license for a selected electronic distribution in said computer system at a licensor machine ;
computer readable means for generating a digital signature for said license using one of said pair of keys for data and all information related to said license using said digital signature algorithm at said licensor machine ;
computer readable means for transmitting said digital signature directly from said licensor machine to a user for said selected electronic distribution ;
and computer readable means for verifying said license by said user using said digital signature algorithm on said digital signature , data for said license and a different one of said pair of keys without further transmissions to said licensor machine .

US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US6078909A
CLAIM 1 . A method , implemented in a computer system (computer system) , for licensing software for electronic distributions in said computer system , comprising the steps of : generating a pair of keys compatible for use with a digital signature algorithm for a license for a selected electronic distribution in said computer system at a licensor machine ;
generating a digital signature for said license using one of said pair of keys for data and all information related to said license using said digital signature algorithm at said licensor machine ;
transmitting said digital signature directly from said licensor machine to a user for said selected electronic distribution ;
and verifying said license by said user using said digital signature algorithm on said digital signature , data for said license and a different one of said pair of keys without any further transmissions with said licensor machine .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (public key) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US6078909A
CLAIM 2 . The method of claim 1 wherein said step of generating a pair of keys further comprises : distributing said public key (security code) to said user in said electronic distribution ;
and retaining said private key for generation of said digital signature for said license .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US6078909A
CLAIM 1 . A method , implemented in a computer system (computer system) , for licensing software for electronic distributions in said computer system , comprising the steps of : generating a pair of keys compatible for use with a digital signature algorithm for a license for a selected electronic distribution in said computer system at a licensor machine ;
generating a digital signature for said license using one of said pair of keys for data and all information related to said license using said digital signature algorithm at said licensor machine ;
transmitting said digital signature directly from said licensor machine to a user for said selected electronic distribution ;
and verifying said license by said user using said digital signature algorithm on said digital signature , data for said license and a different one of said pair of keys without any further transmissions with said licensor machine .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6078909A
CLAIM 1 . A method , implemented in a computer system (computer system) , for licensing software for electronic distributions in said computer system , comprising the steps of : generating a pair of keys compatible for use with a digital signature algorithm for a license for a selected electronic distribution in said computer system at a licensor machine ;
generating a digital signature for said license using one of said pair of keys for data and all information related to said license using said digital signature algorithm at said licensor machine ;
transmitting said digital signature directly from said licensor machine to a user for said selected electronic distribution ;
and verifying said license by said user using said digital signature algorithm on said digital signature , data for said license and a different one of said pair of keys without any further transmissions with said licensor machine .

US7162735B2
CLAIM 7 . Computer software (computer program, program product) which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6078909A
CLAIM 1 . A method , implemented in a computer system (computer system) , for licensing software for electronic distributions in said computer system , comprising the steps of : generating a pair of keys compatible for use with a digital signature algorithm for a license for a selected electronic distribution in said computer system at a licensor machine ;
generating a digital signature for said license using one of said pair of keys for data and all information related to said license using said digital signature algorithm at said licensor machine ;
transmitting said digital signature directly from said licensor machine to a user for said selected electronic distribution ;
and verifying said license by said user using said digital signature algorithm on said digital signature , data for said license and a different one of said pair of keys without any further transmissions with said licensor machine .

US6078909A
CLAIM 11 . A computer program (Computer software, executable form, Computer software operable to provide protection) product having a computer readable medium having computer program logic recorded thereon for licensing software for electronic distributions in a computer system , comprising : computer readable means for generating a pair of keys compatible for use with a digital signature algorithm for a license for a selected electronic distribution in said computer system at a licensor machine ;
computer readable means for generating a digital signature for said license using one of said pair of keys for data and all information related to said license using said digital signature algorithm at said licensor machine ;
computer readable means for transmitting said digital signature directly from said licensor machine to a user for said selected electronic distribution ;
and computer readable means for verifying said license by said user using said digital signature algorithm on said digital signature , data for said license and a different one of said pair of keys without further transmissions to said licensor machine .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (public key) , when executed , is operable to detect corruption of the protected code . 		US6078909A
CLAIM 2 . The method of claim 1 wherein said step of generating a pair of keys further comprises : distributing said public key (security code) to said user in said electronic distribution ;
and retaining said private key for generation of said digital signature for said license .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (public key) is operable to delete the protected code in the event that any corruption is detected . 		US6078909A
CLAIM 2 . The method of claim 1 wherein said step of generating a pair of keys further comprises : distributing said public key (security code) to said user in said electronic distribution ;
and retaining said private key for generation of said digital signature for said license .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (public key) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US6078909A
CLAIM 2 . The method of claim 1 wherein said step of generating a pair of keys further comprises : distributing said public key (security code) to said user in said electronic distribution ;
and retaining said private key for generation of said digital signature for said license .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (public key) is embedded within the protected code . 		US6078909A
CLAIM 2 . The method of claim 1 wherein said step of generating a pair of keys further comprises : distributing said public key (security code) to said user in said electronic distribution ;
and retaining said private key for generation of said digital signature for said license .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (public key) is embedded at locations which are unused by the protected code . 		US6078909A
CLAIM 2 . The method of claim 1 wherein said step of generating a pair of keys further comprises : distributing said public key (security code) to said user in said electronic distribution ;
and retaining said private key for generation of said digital signature for said license .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (public key) and to modify the call instruction to refer to the new location . 		US6078909A
CLAIM 2 . The method of claim 1 wherein said step of generating a pair of keys further comprises : distributing said public key (security code) to said user in said electronic distribution ;
and retaining said private key for generation of said digital signature for said license .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form (computer program, program product) by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US6078909A
CLAIM 11 . A computer program (Computer software, executable form, Computer software operable to provide protection) product having a computer readable medium having computer program logic recorded thereon for licensing software for electronic distributions in a computer system , comprising : computer readable means for generating a pair of keys compatible for use with a digital signature algorithm for a license for a selected electronic distribution in said computer system at a licensor machine ;
computer readable means for generating a digital signature for said license using one of said pair of keys for data and all information related to said license using said digital signature algorithm at said licensor machine ;
computer readable means for transmitting said digital signature directly from said licensor machine to a user for said selected electronic distribution ;
and computer readable means for verifying said license by said user using said digital signature algorithm on said digital signature , data for said license and a different one of said pair of keys without further transmissions to said licensor machine .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form (computer program, program product) . 		US6078909A
CLAIM 11 . A computer program (Computer software, executable form, Computer software operable to provide protection) product having a computer readable medium having computer program logic recorded thereon for licensing software for electronic distributions in a computer system , comprising : computer readable means for generating a pair of keys compatible for use with a digital signature algorithm for a license for a selected electronic distribution in said computer system at a licensor machine ;
computer readable means for generating a digital signature for said license using one of said pair of keys for data and all information related to said license using said digital signature algorithm at said licensor machine ;
computer readable means for transmitting said digital signature directly from said licensor machine to a user for said selected electronic distribution ;
and computer readable means for verifying said license by said user using said digital signature algorithm on said digital signature , data for said license and a different one of said pair of keys without further transmissions to said licensor machine .

US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form (computer program, program product) for subsequent execution . 		US6078909A
CLAIM 11 . A computer program (Computer software, executable form, Computer software operable to provide protection) product having a computer readable medium having computer program logic recorded thereon for licensing software for electronic distributions in a computer system , comprising : computer readable means for generating a pair of keys compatible for use with a digital signature algorithm for a license for a selected electronic distribution in said computer system at a licensor machine ;
computer readable means for generating a digital signature for said license using one of said pair of keys for data and all information related to said license using said digital signature algorithm at said licensor machine ;
computer readable means for transmitting said digital signature directly from said licensor machine to a user for said selected electronic distribution ;
and computer readable means for verifying said license by said user using said digital signature algorithm on said digital signature , data for said license and a different one of said pair of keys without further transmissions to said licensor machine .

US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form (computer program, program product) for subsequent execution . 		US6078909A
CLAIM 11 . A computer program (Computer software, executable form, Computer software operable to provide protection) product having a computer readable medium having computer program logic recorded thereon for licensing software for electronic distributions in a computer system , comprising : computer readable means for generating a pair of keys compatible for use with a digital signature algorithm for a license for a selected electronic distribution in said computer system at a licensor machine ;
computer readable means for generating a digital signature for said license using one of said pair of keys for data and all information related to said license using said digital signature algorithm at said licensor machine ;
computer readable means for transmitting said digital signature directly from said licensor machine to a user for said selected electronic distribution ;
and computer readable means for verifying said license by said user using said digital signature algorithm on said digital signature , data for said license and a different one of said pair of keys without further transmissions to said licensor machine .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US6078909A
CLAIM 1 . A method , implemented in a computer system (computer system) , for licensing software for electronic distributions in said computer system , comprising the steps of : generating a pair of keys compatible for use with a digital signature algorithm for a license for a selected electronic distribution in said computer system at a licensor machine ;
generating a digital signature for said license using one of said pair of keys for data and all information related to said license using said digital signature algorithm at said licensor machine ;
transmitting said digital signature directly from said licensor machine to a user for said selected electronic distribution ;
and verifying said license by said user using said digital signature algorithm on said digital signature , data for said license and a different one of said pair of keys without any further transmissions with said licensor machine .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US6078909A
CLAIM 1 . A method , implemented in a computer system (computer system) , for licensing software for electronic distributions in said computer system , comprising the steps of : generating a pair of keys compatible for use with a digital signature algorithm for a license for a selected electronic distribution in said computer system at a licensor machine ;
generating a digital signature for said license using one of said pair of keys for data and all information related to said license using said digital signature algorithm at said licensor machine ;
transmitting said digital signature directly from said licensor machine to a user for said selected electronic distribution ;
and verifying said license by said user using said digital signature algorithm on said digital signature , data for said license and a different one of said pair of keys without any further transmissions with said licensor machine .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US6078909A
CLAIM 1 . A method , implemented in a computer system (computer system) , for licensing software for electronic distributions in said computer system , comprising the steps of : generating a pair of keys compatible for use with a digital signature algorithm for a license for a selected electronic distribution in said computer system at a licensor machine ;
generating a digital signature for said license using one of said pair of keys for data and all information related to said license using said digital signature algorithm at said licensor machine ;
transmitting said digital signature directly from said licensor machine to a user for said selected electronic distribution ;
and verifying said license by said user using said digital signature algorithm on said digital signature , data for said license and a different one of said pair of keys without any further transmissions with said licensor machine .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (public key) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US6078909A
CLAIM 2 . The method of claim 1 wherein said step of generating a pair of keys further comprises : distributing said public key (security code) to said user in said electronic distribution ;
and retaining said private key for generation of said digital signature for said license .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (public key) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US6078909A
CLAIM 2 . The method of claim 1 wherein said step of generating a pair of keys further comprises : distributing said public key (security code) to said user in said electronic distribution ;
and retaining said private key for generation of said digital signature for said license .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US6078909A
CLAIM 1 . A method , implemented in a computer system (computer system) , for licensing software for electronic distributions in said computer system , comprising the steps of : generating a pair of keys compatible for use with a digital signature algorithm for a license for a selected electronic distribution in said computer system at a licensor machine ;
generating a digital signature for said license using one of said pair of keys for data and all information related to said license using said digital signature algorithm at said licensor machine ;
transmitting said digital signature directly from said licensor machine to a user for said selected electronic distribution ;
and verifying said license by said user using said digital signature algorithm on said digital signature , data for said license and a different one of said pair of keys without any further transmissions with said licensor machine .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6070239A

Filed: 1997-11-17     Issued: 2000-05-30

System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources

(Original Assignee) Sun Microsystems Inc     (Current Assignee) Sun Microsystems Inc

Charles E. McManis
US7162735B2
CLAIM 1 . Computer software (computer program, program product, address space) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form (computer program, program product, address space) by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US6070239A
CLAIM 1 . A method of operating a computer system , comprising the steps of : accessing trusted and untrusted object classes ;
the object classes each including at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in an architecture neutral language and (B) architecture specific programs written in an architecture specific language ;
when execution of any program in an object class is requested , and the requested object class has not yet been loaded , loading the requested object class into an address space (Computer software, executable form, Computer software operable to provide protection) for execution unless loading of the requested object class is prevented by a security violation , including preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by a digital signature verifier .

US6070239A
CLAIM 7 . A computer program (Computer software, executable form, Computer software operable to provide protection) product for use in conjunction with a computer system , the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein , the computer program mechanism comprising : a program integrity verifier that verifies that programs written in an architecture neutral language satisfy predefined program integrity criteria ;
a digital signature verifier that verifies digital signatures associated with programs ;
and a class loader that loads trusted and untrusted object classes ;
wherein the object classes each include at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in the architecture neutral language and (B) architecture specific programs written in an architecture specific language whose integrity cannot be verified by the program integrity verifier ;
and the class loader loads a specified one of the object classes into an address space for execution when execution of any program in the one object class is requested , the class loader including program security logic for preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by the digital signature verifier .

US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US6070239A
CLAIM 1 . A method of operating a computer system (computer system) , comprising the steps of : accessing trusted and untrusted object classes ;
the object classes each including at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in an architecture neutral language and (B) architecture specific programs written in an architecture specific language ;
when execution of any program in an object class is requested , and the requested object class has not yet been loaded , loading the requested object class into an address space for execution unless loading of the requested object class is prevented by a security violation , including preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by a digital signature verifier .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US6070239A
CLAIM 1 . A method of operating a computer system (computer system) , comprising the steps of : accessing trusted and untrusted object classes ;
the object classes each including at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in an architecture neutral language and (B) architecture specific programs written in an architecture specific language ;
when execution of any program in an object class is requested , and the requested object class has not yet been loaded , loading the requested object class into an address space for execution unless loading of the requested object class is prevented by a security violation , including preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by a digital signature verifier .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6070239A
CLAIM 1 . A method of operating a computer system (computer system) , comprising the steps of : accessing trusted and untrusted object classes ;
the object classes each including at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in an architecture neutral language and (B) architecture specific programs written in an architecture specific language ;
when execution of any program in an object class is requested , and the requested object class has not yet been loaded , loading the requested object class into an address space for execution unless loading of the requested object class is prevented by a security violation , including preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by a digital signature verifier .

US7162735B2
CLAIM 7 . Computer software (computer program, program product, address space) which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6070239A
CLAIM 1 . A method of operating a computer system (computer system) , comprising the steps of : accessing trusted and untrusted object classes ;
the object classes each including at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in an architecture neutral language and (B) architecture specific programs written in an architecture specific language ;
when execution of any program in an object class is requested , and the requested object class has not yet been loaded , loading the requested object class into an address space (Computer software, executable form, Computer software operable to provide protection) for execution unless loading of the requested object class is prevented by a security violation , including preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by a digital signature verifier .

US6070239A
CLAIM 7 . A computer program (Computer software, executable form, Computer software operable to provide protection) product for use in conjunction with a computer system , the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein , the computer program mechanism comprising : a program integrity verifier that verifies that programs written in an architecture neutral language satisfy predefined program integrity criteria ;
a digital signature verifier that verifies digital signatures associated with programs ;
and a class loader that loads trusted and untrusted object classes ;
wherein the object classes each include at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in the architecture neutral language and (B) architecture specific programs written in an architecture specific language whose integrity cannot be verified by the program integrity verifier ;
and the class loader loads a specified one of the object classes into an address space for execution when execution of any program in the one object class is requested , the class loader including program security logic for preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by the digital signature verifier .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (security logic) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form (computer program, program product, address space) by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US6070239A
CLAIM 1 . A method of operating a computer system , comprising the steps of : accessing trusted and untrusted object classes ;
the object classes each including at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in an architecture neutral language and (B) architecture specific programs written in an architecture specific language ;
when execution of any program in an object class is requested , and the requested object class has not yet been loaded , loading the requested object class into an address space (Computer software, executable form, Computer software operable to provide protection) for execution unless loading of the requested object class is prevented by a security violation , including preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by a digital signature verifier .

US6070239A
CLAIM 4 . A computer comprising : a program integrity verifier that verifies that programs written in an architecture neutral language satisfy predefined program integrity criteria ;
a digital signature verifier that verifies digital signatures associated with programs ;
memory for storing trusted and untrusted object classes ;
the object classes each including at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in the architecture neutral language and (B) architecture specific programs written in an architecture specific language whose integrity cannot be verified by the program integrity verifier ;
and a class loader that loads a specified one of the object classes into an address space for execution when execution of any program in the one object class is requested , the class loader including program security logic (decryption instructions) for preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by the digital signature verifier .

US6070239A
CLAIM 7 . A computer program (Computer software, executable form, Computer software operable to provide protection) product for use in conjunction with a computer system , the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein , the computer program mechanism comprising : a program integrity verifier that verifies that programs written in an architecture neutral language satisfy predefined program integrity criteria ;
a digital signature verifier that verifies digital signatures associated with programs ;
and a class loader that loads trusted and untrusted object classes ;
wherein the object classes each include at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in the architecture neutral language and (B) architecture specific programs written in an architecture specific language whose integrity cannot be verified by the program integrity verifier ;
and the class loader loads a specified one of the object classes into an address space for execution when execution of any program in the one object class is requested , the class loader including program security logic for preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by the digital signature verifier .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (security logic) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form (computer program, program product, address space) . 		US6070239A
CLAIM 1 . A method of operating a computer system , comprising the steps of : accessing trusted and untrusted object classes ;
the object classes each including at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in an architecture neutral language and (B) architecture specific programs written in an architecture specific language ;
when execution of any program in an object class is requested , and the requested object class has not yet been loaded , loading the requested object class into an address space (Computer software, executable form, Computer software operable to provide protection) for execution unless loading of the requested object class is prevented by a security violation , including preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by a digital signature verifier .

US6070239A
CLAIM 4 . A computer comprising : a program integrity verifier that verifies that programs written in an architecture neutral language satisfy predefined program integrity criteria ;
a digital signature verifier that verifies digital signatures associated with programs ;
memory for storing trusted and untrusted object classes ;
the object classes each including at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in the architecture neutral language and (B) architecture specific programs written in an architecture specific language whose integrity cannot be verified by the program integrity verifier ;
and a class loader that loads a specified one of the object classes into an address space for execution when execution of any program in the one object class is requested , the class loader including program security logic (decryption instructions) for preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by the digital signature verifier .

US6070239A
CLAIM 7 . A computer program (Computer software, executable form, Computer software operable to provide protection) product for use in conjunction with a computer system , the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein , the computer program mechanism comprising : a program integrity verifier that verifies that programs written in an architecture neutral language satisfy predefined program integrity criteria ;
a digital signature verifier that verifies digital signatures associated with programs ;
and a class loader that loads trusted and untrusted object classes ;
wherein the object classes each include at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in the architecture neutral language and (B) architecture specific programs written in an architecture specific language whose integrity cannot be verified by the program integrity verifier ;
and the class loader loads a specified one of the object classes into an address space for execution when execution of any program in the one object class is requested , the class loader including program security logic for preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by the digital signature verifier .

US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form (computer program, program product, address space) for subsequent execution . 		US6070239A
CLAIM 1 . A method of operating a computer system , comprising the steps of : accessing trusted and untrusted object classes ;
the object classes each including at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in an architecture neutral language and (B) architecture specific programs written in an architecture specific language ;
when execution of any program in an object class is requested , and the requested object class has not yet been loaded , loading the requested object class into an address space (Computer software, executable form, Computer software operable to provide protection) for execution unless loading of the requested object class is prevented by a security violation , including preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by a digital signature verifier .

US6070239A
CLAIM 7 . A computer program (Computer software, executable form, Computer software operable to provide protection) product for use in conjunction with a computer system , the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein , the computer program mechanism comprising : a program integrity verifier that verifies that programs written in an architecture neutral language satisfy predefined program integrity criteria ;
a digital signature verifier that verifies digital signatures associated with programs ;
and a class loader that loads trusted and untrusted object classes ;
wherein the object classes each include at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in the architecture neutral language and (B) architecture specific programs written in an architecture specific language whose integrity cannot be verified by the program integrity verifier ;
and the class loader loads a specified one of the object classes into an address space for execution when execution of any program in the one object class is requested , the class loader including program security logic for preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by the digital signature verifier .

US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form (computer program, program product, address space) for subsequent execution . 		US6070239A
CLAIM 1 . A method of operating a computer system , comprising the steps of : accessing trusted and untrusted object classes ;
the object classes each including at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in an architecture neutral language and (B) architecture specific programs written in an architecture specific language ;
when execution of any program in an object class is requested , and the requested object class has not yet been loaded , loading the requested object class into an address space (Computer software, executable form, Computer software operable to provide protection) for execution unless loading of the requested object class is prevented by a security violation , including preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by a digital signature verifier .

US6070239A
CLAIM 7 . A computer program (Computer software, executable form, Computer software operable to provide protection) product for use in conjunction with a computer system , the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein , the computer program mechanism comprising : a program integrity verifier that verifies that programs written in an architecture neutral language satisfy predefined program integrity criteria ;
a digital signature verifier that verifies digital signatures associated with programs ;
and a class loader that loads trusted and untrusted object classes ;
wherein the object classes each include at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in the architecture neutral language and (B) architecture specific programs written in an architecture specific language whose integrity cannot be verified by the program integrity verifier ;
and the class loader loads a specified one of the object classes into an address space for execution when execution of any program in the one object class is requested , the class loader including program security logic for preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by the digital signature verifier .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (security logic) . 		US6070239A
CLAIM 4 . A computer comprising : a program integrity verifier that verifies that programs written in an architecture neutral language satisfy predefined program integrity criteria ;
a digital signature verifier that verifies digital signatures associated with programs ;
memory for storing trusted and untrusted object classes ;
the object classes each including at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in the architecture neutral language and (B) architecture specific programs written in an architecture specific language whose integrity cannot be verified by the program integrity verifier ;
and a class loader that loads a specified one of the object classes into an address space for execution when execution of any program in the one object class is requested , the class loader including program security logic (decryption instructions) for preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by the digital signature verifier .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions (security logic) and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US6070239A
CLAIM 4 . A computer comprising : a program integrity verifier that verifies that programs written in an architecture neutral language satisfy predefined program integrity criteria ;
a digital signature verifier that verifies digital signatures associated with programs ;
memory for storing trusted and untrusted object classes ;
the object classes each including at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in the architecture neutral language and (B) architecture specific programs written in an architecture specific language whose integrity cannot be verified by the program integrity verifier ;
and a class loader that loads a specified one of the object classes into an address space for execution when execution of any program in the one object class is requested , the class loader including program security logic (decryption instructions) for preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by the digital signature verifier .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US6070239A
CLAIM 1 . A method of operating a computer system (computer system) , comprising the steps of : accessing trusted and untrusted object classes ;
the object classes each including at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in an architecture neutral language and (B) architecture specific programs written in an architecture specific language ;
when execution of any program in an object class is requested , and the requested object class has not yet been loaded , loading the requested object class into an address space for execution unless loading of the requested object class is prevented by a security violation , including preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by a digital signature verifier .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US6070239A
CLAIM 1 . A method of operating a computer system (computer system) , comprising the steps of : accessing trusted and untrusted object classes ;
the object classes each including at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in an architecture neutral language and (B) architecture specific programs written in an architecture specific language ;
when execution of any program in an object class is requested , and the requested object class has not yet been loaded , loading the requested object class into an address space for execution unless loading of the requested object class is prevented by a security violation , including preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by a digital signature verifier .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US6070239A
CLAIM 1 . A method of operating a computer system (computer system) , comprising the steps of : accessing trusted and untrusted object classes ;
the object classes each including at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in an architecture neutral language and (B) architecture specific programs written in an architecture specific language ;
when execution of any program in an object class is requested , and the requested object class has not yet been loaded , loading the requested object class into an address space for execution unless loading of the requested object class is prevented by a security violation , including preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by a digital signature verifier .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US6070239A
CLAIM 1 . A method of operating a computer system (computer system) , comprising the steps of : accessing trusted and untrusted object classes ;
the object classes each including at least one program , each program comprising a program selected from the group consisting of (A) architecture neutral programs written in an architecture neutral language and (B) architecture specific programs written in an architecture specific language ;
when execution of any program in an object class is requested , and the requested object class has not yet been loaded , loading the requested object class into an address space for execution unless loading of the requested object class is prevented by a security violation , including preventing the loading of any requested object class , other than any of the trusted object classes , that includes at least one architecture specific program unless every architecture specific program in the requested object class is associated with a digital signature and the digital signature is successfully verified by a digital signature verifier .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5933498A

Filed: 1997-11-05     Issued: 1999-08-03

System for controlling access and distribution of digital property

(Original Assignee) MRJ Inc     (Current Assignee) Hanger Solutions LLC

Paul B. Schneck, Marshall D. Abrams
US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US5933498A
CLAIM 5 . A method of controlling access to data with a computer system (computer system) having an input/output (i/o) system for transferring data to and from i/o devices , the method comprising : protecting portions of the data ;
openly providing the protected portions of the data ;
and limiting each and every access to the unprotected form of the protected data only in accordance with rules defining access rights to the data as enforced by the i/o system , so that unauthorized access to the protected portions of the data is not to the unprotected form of the protected data .

US7162735B2
CLAIM 4 . A digital data (digital data) arrangement comprising protected code and security code (user access) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5933498A
CLAIM 20 . A method as in any one of claims 1 , 2 , 3 , 4 , 5 and 6 , wherein the rules indicate which users are allowed to access the protected portions of the data , the method further comprising allowing the user access (security code) to the unprotected form of a protected portion of the data only if the rules indicate that the user is allowed to access that portion of the data .

US5933498A
CLAIM 45 . A device for generating an output signal corresponding to data comprising protected data portions and rules defining access rights to the digital data (digital data) , the device comprising : a tamper detecting mechanism ;
means for storing the rules ;
means for accessing the digital data only in accordance with the rules , whereby user access to the unprotected form of the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data , the access being enforced by the tamper detecting mechanism ;
and means for generating the output signal from the accessed data .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US5933498A
CLAIM 5 . A method of controlling access to data with a computer system (computer system) having an input/output (i/o) system for transferring data to and from i/o devices , the method comprising : protecting portions of the data ;
openly providing the protected portions of the data ;
and limiting each and every access to the unprotected form of the protected data only in accordance with rules defining access rights to the data as enforced by the i/o system , so that unauthorized access to the protected portions of the data is not to the unprotected form of the protected data .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data (digital data) protection arrangement in accordance with claim 4 . 		US5933498A
CLAIM 5 . A method of controlling access to data with a computer system (computer system) having an input/output (i/o) system for transferring data to and from i/o devices , the method comprising : protecting portions of the data ;
openly providing the protected portions of the data ;
and limiting each and every access to the unprotected form of the protected data only in accordance with rules defining access rights to the data as enforced by the i/o system , so that unauthorized access to the protected portions of the data is not to the unprotected form of the protected data .

US5933498A
CLAIM 45 . A device for generating an output signal corresponding to data comprising protected data portions and rules defining access rights to the digital data (digital data) , the device comprising : a tamper detecting mechanism ;
means for storing the rules ;
means for accessing the digital data only in accordance with the rules , whereby user access to the unprotected form of the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data , the access being enforced by the tamper detecting mechanism ;
and means for generating the output signal from the accessed data .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data (digital data) protection arrangement in accordance with claim 4 . 		US5933498A
CLAIM 5 . A method of controlling access to data with a computer system (computer system) having an input/output (i/o) system for transferring data to and from i/o devices , the method comprising : protecting portions of the data ;
openly providing the protected portions of the data ;
and limiting each and every access to the unprotected form of the protected data only in accordance with rules defining access rights to the data as enforced by the i/o system , so that unauthorized access to the protected portions of the data is not to the unprotected form of the protected data .

US5933498A
CLAIM 45 . A device for generating an output signal corresponding to data comprising protected data portions and rules defining access rights to the digital data (digital data) , the device comprising : a tamper detecting mechanism ;
means for storing the rules ;
means for accessing the digital data only in accordance with the rules , whereby user access to the unprotected form of the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data , the access being enforced by the tamper detecting mechanism ;
and means for generating the output signal from the accessed data .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (user access) , when executed , is operable to detect corruption of the protected code . 		US5933498A
CLAIM 20 . A method as in any one of claims 1 , 2 , 3 , 4 , 5 and 6 , wherein the rules indicate which users are allowed to access the protected portions of the data , the method further comprising allowing the user access (security code) to the unprotected form of a protected portion of the data only if the rules indicate that the user is allowed to access that portion of the data .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (user access) is operable to delete the protected code in the event that any corruption is detected . 		US5933498A
CLAIM 20 . A method as in any one of claims 1 , 2 , 3 , 4 , 5 and 6 , wherein the rules indicate which users are allowed to access the protected portions of the data , the method further comprising allowing the user access (security code) to the unprotected form of a protected portion of the data only if the rules indicate that the user is allowed to access that portion of the data .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (user access) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US5933498A
CLAIM 20 . A method as in any one of claims 1 , 2 , 3 , 4 , 5 and 6 , wherein the rules indicate which users are allowed to access the protected portions of the data , the method further comprising allowing the user access (security code) to the unprotected form of a protected portion of the data only if the rules indicate that the user is allowed to access that portion of the data .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (user access) is embedded within the protected code . 		US5933498A
CLAIM 20 . A method as in any one of claims 1 , 2 , 3 , 4 , 5 and 6 , wherein the rules indicate which users are allowed to access the protected portions of the data , the method further comprising allowing the user access (security code) to the unprotected form of a protected portion of the data only if the rules indicate that the user is allowed to access that portion of the data .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (user access) is embedded at locations which are unused by the protected code . 		US5933498A
CLAIM 20 . A method as in any one of claims 1 , 2 , 3 , 4 , 5 and 6 , wherein the rules indicate which users are allowed to access the protected portions of the data , the method further comprising allowing the user access (security code) to the unprotected form of a protected portion of the data only if the rules indicate that the user is allowed to access that portion of the data .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (user access) and to modify the call instruction to refer to the new location . 		US5933498A
CLAIM 20 . A method as in any one of claims 1 , 2 , 3 , 4 , 5 and 6 , wherein the rules indicate which users are allowed to access the protected portions of the data , the method further comprising allowing the user access (security code) to the unprotected form of a protected portion of the data only if the rules indicate that the user is allowed to access that portion of the data .

US7162735B2
CLAIM 18 . A digital data (digital data) arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5933498A
CLAIM 45 . A device for generating an output signal corresponding to data comprising protected data portions and rules defining access rights to the digital data (digital data) , the device comprising : a tamper detecting mechanism ;
means for storing the rules ;
means for accessing the digital data only in accordance with the rules , whereby user access to the unprotected form of the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data , the access being enforced by the tamper detecting mechanism ;
and means for generating the output signal from the accessed data .

US7162735B2
CLAIM 25 . The arrangement of claim 18 , wherein the or each algorithm for converting code is a CRC algorithm (tamper detection) . 		US5933498A
CLAIM 1 . A method of distributing data , the method comprising : protecting portions of the data ;
and openly distributing the protected portions of the data , whereby each and every access to the unprotected form of the protected data is limited only in accordance with rules defining access rights to the data as enforced by a mechanism protected by tamper detection (CRC algorithm) , so that unauthorized access to the protected data is not to the unprotected form of the protected data .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data (digital data) protection arrangement in accordance with claim 18 . 		US5933498A
CLAIM 5 . A method of controlling access to data with a computer system (computer system) having an input/output (i/o) system for transferring data to and from i/o devices , the method comprising : protecting portions of the data ;
openly providing the protected portions of the data ;
and limiting each and every access to the unprotected form of the protected data only in accordance with rules defining access rights to the data as enforced by the i/o system , so that unauthorized access to the protected portions of the data is not to the unprotected form of the protected data .

US5933498A
CLAIM 45 . A device for generating an output signal corresponding to data comprising protected data portions and rules defining access rights to the digital data (digital data) , the device comprising : a tamper detecting mechanism ;
means for storing the rules ;
means for accessing the digital data only in accordance with the rules , whereby user access to the unprotected form of the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data , the access being enforced by the tamper detecting mechanism ;
and means for generating the output signal from the accessed data .

US7162735B2
CLAIM 29 . A digital data (digital data) arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5933498A
CLAIM 45 . A device for generating an output signal corresponding to data comprising protected data portions and rules defining access rights to the digital data (digital data) , the device comprising : a tamper detecting mechanism ;
means for storing the rules ;
means for accessing the digital data only in accordance with the rules , whereby user access to the unprotected form of the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data , the access being enforced by the tamper detecting mechanism ;
and means for generating the output signal from the accessed data .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data (digital data) protection arrangement in accordance with claim 29 . 		US5933498A
CLAIM 5 . A method of controlling access to data with a computer system (computer system) having an input/output (i/o) system for transferring data to and from i/o devices , the method comprising : protecting portions of the data ;
openly providing the protected portions of the data ;
and limiting each and every access to the unprotected form of the protected data only in accordance with rules defining access rights to the data as enforced by the i/o system , so that unauthorized access to the protected portions of the data is not to the unprotected form of the protected data .

US5933498A
CLAIM 45 . A device for generating an output signal corresponding to data comprising protected data portions and rules defining access rights to the digital data (digital data) , the device comprising : a tamper detecting mechanism ;
means for storing the rules ;
means for accessing the digital data only in accordance with the rules , whereby user access to the unprotected form of the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data , the access being enforced by the tamper detecting mechanism ;
and means for generating the output signal from the accessed data .

US7162735B2
CLAIM 34 . A digital data (digital data) arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5933498A
CLAIM 45 . A device for generating an output signal corresponding to data comprising protected data portions and rules defining access rights to the digital data (digital data) , the device comprising : a tamper detecting mechanism ;
means for storing the rules ;
means for accessing the digital data only in accordance with the rules , whereby user access to the unprotected form of the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data , the access being enforced by the tamper detecting mechanism ;
and means for generating the output signal from the accessed data .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data (digital data) protection arrangement in accordance with claim 34 . 		US5933498A
CLAIM 5 . A method of controlling access to data with a computer system (computer system) having an input/output (i/o) system for transferring data to and from i/o devices , the method comprising : protecting portions of the data ;
openly providing the protected portions of the data ;
and limiting each and every access to the unprotected form of the protected data only in accordance with rules defining access rights to the data as enforced by the i/o system , so that unauthorized access to the protected portions of the data is not to the unprotected form of the protected data .

US5933498A
CLAIM 45 . A device for generating an output signal corresponding to data comprising protected data portions and rules defining access rights to the digital data (digital data) , the device comprising : a tamper detecting mechanism ;
means for storing the rules ;
means for accessing the digital data only in accordance with the rules , whereby user access to the unprotected form of the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data , the access being enforced by the tamper detecting mechanism ;
and means for generating the output signal from the accessed data .

US7162735B2
CLAIM 38 . A digital data (digital data) arrangement comprising protected code , security code (user access) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5933498A
CLAIM 20 . A method as in any one of claims 1 , 2 , 3 , 4 , 5 and 6 , wherein the rules indicate which users are allowed to access the protected portions of the data , the method further comprising allowing the user access (security code) to the unprotected form of a protected portion of the data only if the rules indicate that the user is allowed to access that portion of the data .

US5933498A
CLAIM 45 . A device for generating an output signal corresponding to data comprising protected data portions and rules defining access rights to the digital data (digital data) , the device comprising : a tamper detecting mechanism ;
means for storing the rules ;
means for accessing the digital data only in accordance with the rules , whereby user access to the unprotected form of the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data , the access being enforced by the tamper detecting mechanism ;
and means for generating the output signal from the accessed data .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (user access) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5933498A
CLAIM 20 . A method as in any one of claims 1 , 2 , 3 , 4 , 5 and 6 , wherein the rules indicate which users are allowed to access the protected portions of the data , the method further comprising allowing the user access (security code) to the unprotected form of a protected portion of the data only if the rules indicate that the user is allowed to access that portion of the data .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data (digital data) protection arrangement in accordance with claim 38 . 		US5933498A
CLAIM 5 . A method of controlling access to data with a computer system (computer system) having an input/output (i/o) system for transferring data to and from i/o devices , the method comprising : protecting portions of the data ;
openly providing the protected portions of the data ;
and limiting each and every access to the unprotected form of the protected data only in accordance with rules defining access rights to the data as enforced by the i/o system , so that unauthorized access to the protected portions of the data is not to the unprotected form of the protected data .

US5933498A
CLAIM 45 . A device for generating an output signal corresponding to data comprising protected data portions and rules defining access rights to the digital data (digital data) , the device comprising : a tamper detecting mechanism ;
means for storing the rules ;
means for accessing the digital data only in accordance with the rules , whereby user access to the unprotected form of the protected data portions is permitted only if the rules indicate that the user is allowed to access the portions of the data , the access being enforced by the tamper detecting mechanism ;
and means for generating the output signal from the accessed data .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6003117A

Filed: 1997-10-08     Issued: 1999-12-14

Secure memory management unit which utilizes a system processor to perform page swapping

(Original Assignee) Philips Semiconductors Inc     (Current Assignee) III Holdings 6 LLC

Mark Leonard Buer, Gregory Clayton Eslinger
US7162735B2
CLAIM 3 . A computer system (monitoring data) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US6003117A
CLAIM 1 . An integrated circuit which accesses encrypted data stored in an external memory , the integrated circuit comprising : a main memory for storing decrypted data ;
a processor which utilizes the decrypted data in the main memory ;
and , a soft secure memory management unit (SMMU) , the soft SMMU monitoring data (respective target, computer system, respective target block) accesses by the processor and signaling the processor when the processor attempts to access first data which is not within the decrypted data in the main memory but is within the encrypted data stored in the external memory ;
wherein when the soft SMMU signals the processor , the processor oversees transfer of the first data from the external memory and oversees decryption of the first data .

US7162735B2
CLAIM 5 . A computer system (monitoring data) comprising memory means containing a digital protection arrangement according to claim 4 . 		US6003117A
CLAIM 1 . An integrated circuit which accesses encrypted data stored in an external memory , the integrated circuit comprising : a main memory for storing decrypted data ;
a processor which utilizes the decrypted data in the main memory ;
and , a soft secure memory management unit (SMMU) , the soft SMMU monitoring data (respective target, computer system, respective target block) accesses by the processor and signaling the processor when the processor attempts to access first data which is not within the decrypted data in the main memory but is within the encrypted data stored in the external memory ;
wherein when the soft SMMU signals the processor , the processor oversees transfer of the first data from the external memory and oversees decryption of the first data .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (monitoring data) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6003117A
CLAIM 1 . An integrated circuit which accesses encrypted data stored in an external memory , the integrated circuit comprising : a main memory for storing decrypted data ;
a processor which utilizes the decrypted data in the main memory ;
and , a soft secure memory management unit (SMMU) , the soft SMMU monitoring data (respective target, computer system, respective target block) accesses by the processor and signaling the processor when the processor attempts to access first data which is not within the decrypted data in the main memory but is within the encrypted data stored in the external memory ;
wherein when the soft SMMU signals the processor , the processor oversees transfer of the first data from the external memory and oversees decryption of the first data .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (monitoring data) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6003117A
CLAIM 1 . An integrated circuit which accesses encrypted data stored in an external memory , the integrated circuit comprising : a main memory for storing decrypted data ;
a processor which utilizes the decrypted data in the main memory ;
and , a soft secure memory management unit (SMMU) , the soft SMMU monitoring data (respective target, computer system, respective target block) accesses by the processor and signaling the processor when the processor attempts to access first data which is not within the decrypted data in the main memory but is within the encrypted data stored in the external memory ;
wherein when the soft SMMU signals the processor , the processor oversees transfer of the first data from the external memory and oversees decryption of the first data .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key derived from a respective target (monitoring data) block . 		US6003117A
CLAIM 1 . An integrated circuit which accesses encrypted data stored in an external memory , the integrated circuit comprising : a main memory for storing decrypted data ;
a processor which utilizes the decrypted data in the main memory ;
and , a soft secure memory management unit (SMMU) , the soft SMMU monitoring data (respective target, computer system, respective target block) accesses by the processor and signaling the processor when the processor attempts to access first data which is not within the decrypted data in the main memory but is within the encrypted data stored in the external memory ;
wherein when the soft SMMU signals the processor , the processor oversees transfer of the first data from the external memory and oversees decryption of the first data .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (monitoring data) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US6003117A
CLAIM 1 . An integrated circuit which accesses encrypted data stored in an external memory , the integrated circuit comprising : a main memory for storing decrypted data ;
a processor which utilizes the decrypted data in the main memory ;
and , a soft secure memory management unit (SMMU) , the soft SMMU monitoring data (respective target, computer system, respective target block) accesses by the processor and signaling the processor when the processor attempts to access first data which is not within the decrypted data in the main memory but is within the encrypted data stored in the external memory ;
wherein when the soft SMMU signals the processor , the processor oversees transfer of the first data from the external memory and oversees decryption of the first data .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (monitoring data) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US6003117A
CLAIM 1 . An integrated circuit which accesses encrypted data stored in an external memory , the integrated circuit comprising : a main memory for storing decrypted data ;
a processor which utilizes the decrypted data in the main memory ;
and , a soft secure memory management unit (SMMU) , the soft SMMU monitoring data (respective target, computer system, respective target block) accesses by the processor and signaling the processor when the processor attempts to access first data which is not within the decrypted data in the main memory but is within the encrypted data stored in the external memory ;
wherein when the soft SMMU signals the processor , the processor oversees transfer of the first data from the external memory and oversees decryption of the first data .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part (following steps) of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US6003117A
CLAIM 11 . A method by which an integrated circuit accesses encrypted data stored in an external memory , the method comprising the following steps (second part) : (a) storing decrypted data in a main memory within the integrated circuit ;
(b) utilizing the decrypted data in the main memory by a processor ;
and , (c) monitoring , by a soft secure memory management unit (SMMU) , data accesses made by the processor ;
(d) signaling the processor by the soft SMMU , when the processor attempts to access first data which is not within the decrypted data in the main memory but is within the encrypted data stored in the external memory ;
and , (e) performing , by the processor , the following substeps when in step (d) the soft SMMU signals the processor , (e . 1) overseeing transfer of the first data from the external memory , and (e . 2) overseeing decryption of the first data .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (monitoring data) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US6003117A
CLAIM 1 . An integrated circuit which accesses encrypted data stored in an external memory , the integrated circuit comprising : a main memory for storing decrypted data ;
a processor which utilizes the decrypted data in the main memory ;
and , a soft secure memory management unit (SMMU) , the soft SMMU monitoring data (respective target, computer system, respective target block) accesses by the processor and signaling the processor when the processor attempts to access first data which is not within the decrypted data in the main memory but is within the encrypted data stored in the external memory ;
wherein when the soft SMMU signals the processor , the processor oversees transfer of the first data from the external memory and oversees decryption of the first data .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (monitoring data) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US6003117A
CLAIM 1 . An integrated circuit which accesses encrypted data stored in an external memory , the integrated circuit comprising : a main memory for storing decrypted data ;
a processor which utilizes the decrypted data in the main memory ;
and , a soft secure memory management unit (SMMU) , the soft SMMU monitoring data (respective target, computer system, respective target block) accesses by the processor and signaling the processor when the processor attempts to access first data which is not within the decrypted data in the main memory but is within the encrypted data stored in the external memory ;
wherein when the soft SMMU signals the processor , the processor oversees transfer of the first data from the external memory and oversees decryption of the first data .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		JP2980576B2

Filed: 1997-09-12     Issued: 1999-11-22

物理乱数発生装置及び方法並びに物理乱数記録媒体

(Original Assignee) 株式会社東芝     

茂 兼本, 徹 小野寺, 茂章 角山
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key (変換手段) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		JP2980576B2
CLAIM 1 【請求項1】 ノイズ信号を出力するノイズ源と、 前記ノイズ信号を交流結合により直流分を除去しつつ増 幅するAC結合増幅手段と、 前記AC結合増幅手段により増幅された増幅ノイズ信号 をA/D変換する,2ビット以上の精度を有 して2ビッ ト以上のビットデータに変換 するA/D変換手段 (executable conversion, respective conversion, conversion key, executable conversion code, conversion code) と、 前記A/D変換手段により変換された 2ビット以上のビ ットデータを微分非直線性を改善するよう加工し、この 加工データに基づいて2ビット以上の乱数データを提供 する加工手段とを備えた ことを特徴とする物理乱数発生 装置。
US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (暗号化) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion (変換手段) code operable to : derive a conversion key (変換手段) from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		JP2980576B2
CLAIM 1 【請求項1】 ノイズ信号を出力するノイズ源と、 前記ノイズ信号を交流結合により直流分を除去しつつ増 幅するAC結合増幅手段と、 前記AC結合増幅手段により増幅された増幅ノイズ信号 をA/D変換する,2ビット以上の精度を有 して2ビッ ト以上のビットデータに変換 するA/D変換手段 (executable conversion, respective conversion, conversion key, executable conversion code, conversion code) と、 前記A/D変換手段により変換された 2ビット以上のビ ットデータを微分非直線性を改善するよう加工し、この 加工データに基づいて2ビット以上の乱数データを提供 する加工手段とを備えた ことを特徴とする物理乱数発生 装置。

JP2980576B2
CLAIM 16 【請求項16】 前記乱数データを用いてデータの暗号 化を行う暗号化 (decryption instructions) 手段を備えたことを特徴とする請求項1 乃至13記載のうち何れか1項記載の物理乱数発生装 置。
US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (暗号化) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code (変換手段) is operable to convert each block into an executable form . 		JP2980576B2
CLAIM 1 【請求項1】 ノイズ信号を出力するノイズ源と、 前記ノイズ信号を交流結合により直流分を除去しつつ増 幅するAC結合増幅手段と、 前記AC結合増幅手段により増幅された増幅ノイズ信号 をA/D変換する,2ビット以上の精度を有 して2ビッ ト以上のビットデータに変換 するA/D変換手段 (executable conversion, respective conversion, conversion key, executable conversion code, conversion code) と、 前記A/D変換手段により変換された 2ビット以上のビ ットデータを微分非直線性を改善するよう加工し、この 加工データに基づいて2ビット以上の乱数データを提供 する加工手段とを備えた ことを特徴とする物理乱数発生 装置。

JP2980576B2
CLAIM 16 【請求項16】 前記乱数データを用いてデータの暗号 化を行う暗号化 (decryption instructions) 手段を備えたことを特徴とする請求項1 乃至13記載のうち何れか1項記載の物理乱数発生装 置。
US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion (変換手段) key derived from a respective target block . 		JP2980576B2
CLAIM 1 【請求項1】 ノイズ信号を出力するノイズ源と、 前記ノイズ信号を交流結合により直流分を除去しつつ増 幅するAC結合増幅手段と、 前記AC結合増幅手段により増幅された増幅ノイズ信号 をA/D変換する,2ビット以上の精度を有 して2ビッ ト以上のビットデータに変換 するA/D変換手段 (executable conversion, respective conversion, conversion key, executable conversion code, conversion code) と、 前記A/D変換手段により変換された 2ビット以上のビ ットデータを微分非直線性を改善するよう加工し、この 加工データに基づいて2ビット以上の乱数データを提供 する加工手段とを備えた ことを特徴とする物理乱数発生 装置。
US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (暗号化) . 		JP2980576B2
CLAIM 16 【請求項16】 前記乱数データを用いてデータの暗号 化を行う暗号化 (decryption instructions) 手段を備えたことを特徴とする請求項1 乃至13記載のうち何れか1項記載の物理乱数発生装 置。
US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions (暗号化) and conversion code (変換手段) with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion (変換手段) code to be executed when seeking to access the protected data . 		JP2980576B2
CLAIM 1 【請求項1】 ノイズ信号を出力するノイズ源と、 前記ノイズ信号を交流結合により直流分を除去しつつ増 幅するAC結合増幅手段と、 前記AC結合増幅手段により増幅された増幅ノイズ信号 をA/D変換する,2ビット以上の精度を有 して2ビッ ト以上のビットデータに変換 するA/D変換手段 (executable conversion, respective conversion, conversion key, executable conversion code, conversion code) と、 前記A/D変換手段により変換された 2ビット以上のビ ットデータを微分非直線性を改善するよう加工し、この 加工データに基づいて2ビット以上の乱数データを提供 する加工手段とを備えた ことを特徴とする物理乱数発生 装置。

JP2980576B2
CLAIM 16 【請求項16】 前記乱数データを用いてデータの暗号 化を行う暗号化 (decryption instructions) 手段を備えたことを特徴とする請求項1 乃至13記載のうち何れか1項記載の物理乱数発生装 置。



US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5949885A

Filed: 1997-08-29     Issued: 1999-09-07

Method for protecting content using watermarking

(Original Assignee) Leighton; F. Thomson     

F. Thomson Leighton
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means (illicit use) operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5949885A
CLAIM 31 . A method of access control for a document , comprising the steps of : generating a first digital string from the document to form a baseline watermark ;
generating a second digital string from given text ;
generating a set of watermarks each having a predetermined relationship to the first and second digital strings ;
and inserting the set of watermarks into the document to protect the document against illicit use (security means, security code) .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (illicit use) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5949885A
CLAIM 31 . A method of access control for a document , comprising the steps of : generating a first digital string from the document to form a baseline watermark ;
generating a second digital string from given text ;
generating a set of watermarks each having a predetermined relationship to the first and second digital strings ;
and inserting the set of watermarks into the document to protect the document against illicit use (security means, security code) .

US7162735B2
CLAIM 6 . A data carrier (given number) containing software which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5949885A
CLAIM 33 . The method as described in claim 32 further including the step of authorizing access to the document if at least a given number (data carrier) of the set of watermarks are present .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (illicit use) , when executed , is operable to detect corruption of the protected code . 		US5949885A
CLAIM 31 . A method of access control for a document , comprising the steps of : generating a first digital string from the document to form a baseline watermark ;
generating a second digital string from given text ;
generating a set of watermarks each having a predetermined relationship to the first and second digital strings ;
and inserting the set of watermarks into the document to protect the document against illicit use (security means, security code) .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (illicit use) is operable to delete the protected code in the event that any corruption is detected . 		US5949885A
CLAIM 31 . A method of access control for a document , comprising the steps of : generating a first digital string from the document to form a baseline watermark ;
generating a second digital string from given text ;
generating a set of watermarks each having a predetermined relationship to the first and second digital strings ;
and inserting the set of watermarks into the document to protect the document against illicit use (security means, security code) .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (illicit use) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US5949885A
CLAIM 31 . A method of access control for a document , comprising the steps of : generating a first digital string from the document to form a baseline watermark ;
generating a second digital string from given text ;
generating a set of watermarks each having a predetermined relationship to the first and second digital strings ;
and inserting the set of watermarks into the document to protect the document against illicit use (security means, security code) .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (illicit use) is embedded within the protected code . 		US5949885A
CLAIM 31 . A method of access control for a document , comprising the steps of : generating a first digital string from the document to form a baseline watermark ;
generating a second digital string from given text ;
generating a set of watermarks each having a predetermined relationship to the first and second digital strings ;
and inserting the set of watermarks into the document to protect the document against illicit use (security means, security code) .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (illicit use) is embedded at locations which are unused by the protected code . 		US5949885A
CLAIM 31 . A method of access control for a document , comprising the steps of : generating a first digital string from the document to form a baseline watermark ;
generating a second digital string from given text ;
generating a set of watermarks each having a predetermined relationship to the first and second digital strings ;
and inserting the set of watermarks into the document to protect the document against illicit use (security means, security code) .

US7162735B2
CLAIM 13 . The arrangement of claim 12 , wherein at least one embedding location is identified when the protected code is executed , the security means (illicit use) is written to the embedding location . 		US5949885A
CLAIM 31 . A method of access control for a document , comprising the steps of : generating a first digital string from the document to form a baseline watermark ;
generating a second digital string from given text ;
generating a set of watermarks each having a predetermined relationship to the first and second digital strings ;
and inserting the set of watermarks into the document to protect the document against illicit use (security means, security code) .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (illicit use) and to modify the call instruction to refer to the new location . 		US5949885A
CLAIM 31 . A method of access control for a document , comprising the steps of : generating a first digital string from the document to form a baseline watermark ;
generating a second digital string from given text ;
generating a set of watermarks each having a predetermined relationship to the first and second digital strings ;
and inserting the set of watermarks into the document to protect the document against illicit use (security means, security code) .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion (predetermined extent) code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5949885A
CLAIM 15 . A method for determining whether an object has a given watermark , comprising the steps of : processing the object to generate a data string ;
correlating the data string with a value that is a function of the given watermark and a second watermark such that information useful in determining the given watermark cannot be obtained from the value ;
and if the data string and the value correlate to a predetermined extent (executable conversion, executable conversion code) , indicating that the object has been watermarked with the given watermark .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key derived from a respective target block (subsequent time) . 		US5949885A
CLAIM 32 . The method as described in claim 31 further including the step of , at a subsequent time (respective target block) , processing the document to determine whether any of the set of watermarks are present .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion (predetermined extent) code to be executed when seeking to access the protected data . 		US5949885A
CLAIM 15 . A method for determining whether an object has a given watermark , comprising the steps of : processing the object to generate a data string ;
correlating the data string with a value that is a function of the given watermark and a second watermark such that information useful in determining the given watermark cannot be obtained from the value ;
and if the data string and the value correlate to a predetermined extent (executable conversion, executable conversion code) , indicating that the object has been watermarked with the given watermark .

US7162735B2
CLAIM 28 . A data carrier (given number) containing software which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5949885A
CLAIM 33 . The method as described in claim 32 further including the step of authorizing access to the document if at least a given number (data carrier) of the set of watermarks are present .

US7162735B2
CLAIM 30 . A data carrier (given number) containing software which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5949885A
CLAIM 33 . The method as described in claim 32 further including the step of authorizing access to the document if at least a given number (data carrier) of the set of watermarks are present .

US7162735B2
CLAIM 32 . The arrangement of claim 29 , wherein the steps include at least one step which initiates operation of security means (illicit use) operable to detect corruption of the protected data . 		US5949885A
CLAIM 31 . A method of access control for a document , comprising the steps of : generating a first digital string from the document to form a baseline watermark ;
generating a second digital string from given text ;
generating a set of watermarks each having a predetermined relationship to the first and second digital strings ;
and inserting the set of watermarks into the document to protect the document against illicit use (security means, security code) .

US7162735B2
CLAIM 37 . A data carrier (given number) containing software which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5949885A
CLAIM 33 . The method as described in claim 32 further including the step of authorizing access to the document if at least a given number (data carrier) of the set of watermarks are present .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (illicit use) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5949885A
CLAIM 31 . A method of access control for a document , comprising the steps of : generating a first digital string from the document to form a baseline watermark ;
generating a second digital string from given text ;
generating a set of watermarks each having a predetermined relationship to the first and second digital strings ;
and inserting the set of watermarks into the document to protect the document against illicit use (security means, security code) .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (illicit use) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions (method operative) to refer to the new location . 		US5949885A
CLAIM 19 . A access protection method operative (remaining call instructions) in a device having means for outputting given content , comprising the steps of : retrieving a derived watermark and a derived signal from the given content ;
generating a digital string from the derived signal using a secure hash function ;
correlating the derived watermark and the digital string ;
and based on a result of the correlating step , taking a given action .

US5949885A
CLAIM 31 . A method of access control for a document , comprising the steps of : generating a first digital string from the document to form a baseline watermark ;
generating a second digital string from given text ;
generating a set of watermarks each having a predetermined relationship to the first and second digital strings ;
and inserting the set of watermarks into the document to protect the document against illicit use (security means, security code) .

US7162735B2
CLAIM 40 . A data carrier (given number) containing software which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5949885A
CLAIM 33 . The method as described in claim 32 further including the step of authorizing access to the document if at least a given number (data carrier) of the set of watermarks are present .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		WO9808323A1

Filed: 1997-08-19     Issued: 1998-02-26

Public key cryptosystem method and apparatus

(Original Assignee) Ntru Cryptosystems, Inc.     

Jeffrey Hoffstein, Jill Pipher, Joseph H. Silverman
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software (mod p) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		WO9808323A1
CLAIM 1 . A method for encoding and decoding a digital message m , comprising the steps of : selecting ideals p and q of a ring R ;
generating elements f and g of the ring R , and generating element F q which is an inverse of f (mod q) , and generating element F p which is an inverse of f (mod p (computer software, computer system, CRC algorithm, computer memory device containing computer software) ) ;
producing a public key that includes h , where h is congruent , mod q , to a product that can be derived using g and producing a private key from which f and F p can be derived ;
producing an encoded message e by encoding the message m using the public key and a random element ø ;
and producing a decoded message by decoding the encoded message e using the private key .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (mod p) in accordance with claim 1 . 		WO9808323A1
CLAIM 1 . A method for encoding and decoding a digital message m , comprising the steps of : selecting ideals p and q of a ring R ;
generating elements f and g of the ring R , and generating element F q which is an inverse of f (mod q) , and generating element F p which is an inverse of f (mod p (computer software, computer system, CRC algorithm, computer memory device containing computer software) ) ;
producing a public key that includes h , where h is congruent , mod q , to a product that can be derived using g and producing a private key from which f and F p can be derived ;
producing an encoded message e by encoding the message m using the public key and a random element ø ;
and producing a decoded message by decoding the encoded message e using the private key .

US7162735B2
CLAIM 3 . A computer system (mod p) containing an item of computer software (mod p) protected by means of computer software in accordance with claim 1 . 		WO9808323A1
CLAIM 1 . A method for encoding and decoding a digital message m , comprising the steps of : selecting ideals p and q of a ring R ;
generating elements f and g of the ring R , and generating element F q which is an inverse of f (mod q) , and generating element F p which is an inverse of f (mod p (computer software, computer system, CRC algorithm, computer memory device containing computer software) ) ;
producing a public key that includes h , where h is congruent , mod q , to a product that can be derived using g and producing a private key from which f and F p can be derived ;
producing an encoded message e by encoding the message m using the public key and a random element ø ;
and producing a decoded message by decoding the encoded message e using the private key .

US7162735B2
CLAIM 5 . A computer system (mod p) comprising memory means containing a digital protection arrangement (identity matrix) according to claim 4 . 		WO9808323A1
CLAIM 1 . A method for encoding and decoding a digital message m , comprising the steps of : selecting ideals p and q of a ring R ;
generating elements f and g of the ring R , and generating element F q which is an inverse of f (mod q) , and generating element F p which is an inverse of f (mod p (computer software, computer system, CRC algorithm, computer memory device containing computer software) ) ;
producing a public key that includes h , where h is congruent , mod q , to a product that can be derived using g and producing a private key from which f and F p can be derived ;
producing an encoded message e by encoding the message m using the public key and a random element ø ;
and producing a decoded message by decoding the encoded message e using the private key .

WO9808323A1
CLAIM 25 . A method for encoding and decoding a digital message , comprising the steps of : selecting relatively prime integers p and q ;
selecting a non-zero integer R e producing K+2 matrices , f , g , w lf w 2 , . . . , w κ from a ring of matrices with integer coefficients , with w 2 =≡ 0 (mod p) for l = 1 , 2 , . . . , K . producing inverse matrices F p , F q , G p and G q , from said ring of matrices where fF p = I (mod p) fF q ≡ I (mod q) gG p = I (mod p) gG q = I (mod q) where I is an identity matrix (digital protection arrangement) ;
producing a public key as a list of K matrices (h 1# h 2 , . . . h κ) where h 1 ≡ F g W . G q (mod q) , l = 1 , 2 , . . . , reproducing a private key as the matrices (f , g , F p , G p) ;
producing an encoded message e by encoding the message m using the private key and random integers ø : , ø 2 , . . . , ø κ as e ≡ ø 1 h 1 +ø 2 h 2 + . . . +ø κ h κ +m (mod q) ;
and producing a decoded message m' ;
by computing a ≡ feg (mod q) and b ≡ a (mod p) and then computing the decoded message m' ;
as m' ;
≡ F p bG p (mod p) .

US7162735B2
CLAIM 6 . A data carrier (generating elements) containing software which , when installed on a computer system (mod p) , is operable as a digital data protection arrangement in accordance with claim 4 . 		WO9808323A1
CLAIM 1 . A method for encoding and decoding a digital message m , comprising the steps of : selecting ideals p and q of a ring R ;
generating elements (data carrier) f and g of the ring R , and generating element F q which is an inverse of f (mod q) , and generating element F p which is an inverse of f (mod p (computer software, computer system, CRC algorithm, computer memory device containing computer software) ) ;
producing a public key that includes h , where h is congruent , mod q , to a product that can be derived using g and producing a private key from which f and F p can be derived ;
producing an encoded message e by encoding the message m using the public key and a random element ø ;
and producing a decoded message by decoding the encoded message e using the private key .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (mod p) , is operable as a digital data protection arrangement in accordance with claim 4 . 		WO9808323A1
CLAIM 1 . A method for encoding and decoding a digital message m , comprising the steps of : selecting ideals p and q of a ring R ;
generating elements f and g of the ring R , and generating element F q which is an inverse of f (mod q) , and generating element F p which is an inverse of f (mod p (computer software, computer system, CRC algorithm, computer memory device containing computer software) ) ;
producing a public key that includes h , where h is congruent , mod q , to a product that can be derived using g and producing a private key from which f and F p can be derived ;
producing an encoded message e by encoding the message m using the public key and a random element ø ;
and producing a decoded message by decoding the encoded message e using the private key .

US7162735B2
CLAIM 25 . The arrangement of claim 18 , wherein the or each algorithm for converting code is a CRC algorithm (mod p) . 		WO9808323A1
CLAIM 1 . A method for encoding and decoding a digital message m , comprising the steps of : selecting ideals p and q of a ring R ;
generating elements f and g of the ring R , and generating element F q which is an inverse of f (mod q) , and generating element F p which is an inverse of f (mod p (computer software, computer system, CRC algorithm, computer memory device containing computer software) ) ;
producing a public key that includes h , where h is congruent , mod q , to a product that can be derived using g and producing a private key from which f and F p can be derived ;
producing an encoded message e by encoding the message m using the public key and a random element ø ;
and producing a decoded message by decoding the encoded message e using the private key .

US7162735B2
CLAIM 28 . A data carrier (generating elements) containing software which , when installed on a computer system (mod p) , is operable as a digital data protection arrangement in accordance with claim 18 . 		WO9808323A1
CLAIM 1 . A method for encoding and decoding a digital message m , comprising the steps of : selecting ideals p and q of a ring R ;
generating elements (data carrier) f and g of the ring R , and generating element F q which is an inverse of f (mod q) , and generating element F p which is an inverse of f (mod p (computer software, computer system, CRC algorithm, computer memory device containing computer software) ) ;
producing a public key that includes h , where h is congruent , mod q , to a product that can be derived using g and producing a private key from which f and F p can be derived ;
producing an encoded message e by encoding the message m using the public key and a random element ø ;
and producing a decoded message by decoding the encoded message e using the private key .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order (said element) to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		WO9808323A1
CLAIM 6 . The method as defined by claim 5 , wherein said element (one order) G q is used in the derivation of said public key and said element G P is part of said private key .

US7162735B2
CLAIM 30 . A data carrier (generating elements) containing software which , when installed on a computer system (mod p) , is operable as a digital data protection arrangement in accordance with claim 29 . 		WO9808323A1
CLAIM 1 . A method for encoding and decoding a digital message m , comprising the steps of : selecting ideals p and q of a ring R ;
generating elements (data carrier) f and g of the ring R , and generating element F q which is an inverse of f (mod q) , and generating element F p which is an inverse of f (mod p (computer software, computer system, CRC algorithm, computer memory device containing computer software) ) ;
producing a public key that includes h , where h is congruent , mod q , to a product that can be derived using g and producing a private key from which f and F p can be derived ;
producing an encoded message e by encoding the message m using the public key and a random element ø ;
and producing a decoded message by decoding the encoded message e using the private key .

US7162735B2
CLAIM 37 . A data carrier (generating elements) containing software which , when installed on a computer system (mod p) , is operable as a digital data protection arrangement in accordance with claim 34 . 		WO9808323A1
CLAIM 1 . A method for encoding and decoding a digital message m , comprising the steps of : selecting ideals p and q of a ring R ;
generating elements (data carrier) f and g of the ring R , and generating element F q which is an inverse of f (mod q) , and generating element F p which is an inverse of f (mod p (computer software, computer system, CRC algorithm, computer memory device containing computer software) ) ;
producing a public key that includes h , where h is congruent , mod q , to a product that can be derived using g and producing a private key from which f and F p can be derived ;
producing an encoded message e by encoding the message m using the public key and a random element ø ;
and producing a decoded message by decoding the encoded message e using the private key .

US7162735B2
CLAIM 40 . A data carrier (generating elements) containing software which , when installed on a computer system (mod p) , is operable as a digital data protection arrangement in accordance with claim 38 . 		WO9808323A1
CLAIM 1 . A method for encoding and decoding a digital message m , comprising the steps of : selecting ideals p and q of a ring R ;
generating elements (data carrier) f and g of the ring R , and generating element F q which is an inverse of f (mod q) , and generating element F p which is an inverse of f (mod p (computer software, computer system, CRC algorithm, computer memory device containing computer software) ) ;
producing a public key that includes h , where h is congruent , mod q , to a product that can be derived using g and producing a private key from which f and F p can be derived ;
producing an encoded message e by encoding the message m using the public key and a random element ø ;
and producing a decoded message by decoding the encoded message e using the private key .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5825890A

Filed: 1997-07-01     Issued: 1998-10-20

Secure socket layer application program apparatus and method

(Original Assignee) Netscape Communications Corp     (Current Assignee) Facebook Inc

Taher Elgamal, Kipp E.B. Hickman
US7162735B2
CLAIM 1 . Computer software (computer program, program product, client computer) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form (computer program, program product, client computer) by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5825890A
CLAIM 1 . A socket application interface computer program (Computer software, executable form, Computer software operable to provide protection) product that interfaces application program code executing in an application layer to transport protocol layer services code , comprising : application program interface code that encrypts information received from the application program code ;
and means for providing the encrypted information to the transport protocol layer services code .

US5825890A
CLAIM 3 . A client security software application for use by a client application executing on a client computer (Computer software, executable form, Computer software operable to provide protection) , for setting up a secure socket connection for secure data transfer between the client computer and a server computer : means for causing the client computer to transmit to the server computer a client-hello message including challenge data and client cipher-specs data , the client cipher-specs data indicating an indication of at least one bulk cipher supported by the client computer ;
means for causing the client computer to receive from the server computer a server-hello message including connection -- identification data , server -- certificate data and server cipher-specs data , wherein the server cipher-specs data includes an indication of a bulk cipher to be used during the secure data transfer .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (public key) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5825890A
CLAIM 6 . A client security software application as in claim 5 , wherein the key exchange encryption algorithm is an RSA public key (security code) exchange encryption algorithm .

US7162735B2
CLAIM 6 . A data carrier containing software (ion layer) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5825890A
CLAIM 1 . A socket application interface computer program product that interfaces application program code executing in an application layer (data carrier containing software) to transport protocol layer services code , comprising : application program interface code that encrypts information received from the application program code ;
and means for providing the encrypted information to the transport protocol layer services code .

US7162735B2
CLAIM 7 . Computer software (computer program, program product, client computer) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5825890A
CLAIM 1 . A socket application interface computer program (Computer software, executable form, Computer software operable to provide protection) product that interfaces application program code executing in an application layer to transport protocol layer services code , comprising : application program interface code that encrypts information received from the application program code ;
and means for providing the encrypted information to the transport protocol layer services code .

US5825890A
CLAIM 3 . A client security software application for use by a client application executing on a client computer (Computer software, executable form, Computer software operable to provide protection) , for setting up a secure socket connection for secure data transfer between the client computer and a server computer : means for causing the client computer to transmit to the server computer a client-hello message including challenge data and client cipher-specs data , the client cipher-specs data indicating an indication of at least one bulk cipher supported by the client computer ;
means for causing the client computer to receive from the server computer a server-hello message including connection -- identification data , server -- certificate data and server cipher-specs data , wherein the server cipher-specs data includes an indication of a bulk cipher to be used during the secure data transfer .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (public key) , when executed , is operable to detect corruption of the protected code . 		US5825890A
CLAIM 6 . A client security software application as in claim 5 , wherein the key exchange encryption algorithm is an RSA public key (security code) exchange encryption algorithm .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (public key) is operable to delete the protected code in the event that any corruption is detected . 		US5825890A
CLAIM 6 . A client security software application as in claim 5 , wherein the key exchange encryption algorithm is an RSA public key (security code) exchange encryption algorithm .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (public key) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US5825890A
CLAIM 6 . A client security software application as in claim 5 , wherein the key exchange encryption algorithm is an RSA public key (security code) exchange encryption algorithm .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (public key) is embedded within the protected code . 		US5825890A
CLAIM 6 . A client security software application as in claim 5 , wherein the key exchange encryption algorithm is an RSA public key (security code) exchange encryption algorithm .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (public key) is embedded at locations which are unused by the protected code . 		US5825890A
CLAIM 6 . A client security software application as in claim 5 , wherein the key exchange encryption algorithm is an RSA public key (security code) exchange encryption algorithm .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (public key) and to modify the call instruction to refer to the new location . 		US5825890A
CLAIM 6 . A client security software application as in claim 5 , wherein the key exchange encryption algorithm is an RSA public key (security code) exchange encryption algorithm .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form (computer program, program product, client computer) by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5825890A
CLAIM 1 . A socket application interface computer program (Computer software, executable form, Computer software operable to provide protection) product that interfaces application program code executing in an application layer to transport protocol layer services code , comprising : application program interface code that encrypts information received from the application program code ;
and means for providing the encrypted information to the transport protocol layer services code .

US5825890A
CLAIM 3 . A client security software application for use by a client application executing on a client computer (Computer software, executable form, Computer software operable to provide protection) , for setting up a secure socket connection for secure data transfer between the client computer and a server computer : means for causing the client computer to transmit to the server computer a client-hello message including challenge data and client cipher-specs data , the client cipher-specs data indicating an indication of at least one bulk cipher supported by the client computer ;
means for causing the client computer to receive from the server computer a server-hello message including connection -- identification data , server -- certificate data and server cipher-specs data , wherein the server cipher-specs data includes an indication of a bulk cipher to be used during the secure data transfer .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form (computer program, program product, client computer) . 		US5825890A
CLAIM 1 . A socket application interface computer program (Computer software, executable form, Computer software operable to provide protection) product that interfaces application program code executing in an application layer to transport protocol layer services code , comprising : application program interface code that encrypts information received from the application program code ;
and means for providing the encrypted information to the transport protocol layer services code .

US5825890A
CLAIM 3 . A client security software application for use by a client application executing on a client computer (Computer software, executable form, Computer software operable to provide protection) , for setting up a secure socket connection for secure data transfer between the client computer and a server computer : means for causing the client computer to transmit to the server computer a client-hello message including challenge data and client cipher-specs data , the client cipher-specs data indicating an indication of at least one bulk cipher supported by the client computer ;
means for causing the client computer to receive from the server computer a server-hello message including connection -- identification data , server -- certificate data and server cipher-specs data , wherein the server cipher-specs data includes an indication of a bulk cipher to be used during the secure data transfer .

US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form (computer program, program product, client computer) for subsequent execution . 		US5825890A
CLAIM 1 . A socket application interface computer program (Computer software, executable form, Computer software operable to provide protection) product that interfaces application program code executing in an application layer to transport protocol layer services code , comprising : application program interface code that encrypts information received from the application program code ;
and means for providing the encrypted information to the transport protocol layer services code .

US5825890A
CLAIM 3 . A client security software application for use by a client application executing on a client computer (Computer software, executable form, Computer software operable to provide protection) , for setting up a secure socket connection for secure data transfer between the client computer and a server computer : means for causing the client computer to transmit to the server computer a client-hello message including challenge data and client cipher-specs data , the client cipher-specs data indicating an indication of at least one bulk cipher supported by the client computer ;
means for causing the client computer to receive from the server computer a server-hello message including connection -- identification data , server -- certificate data and server cipher-specs data , wherein the server cipher-specs data includes an indication of a bulk cipher to be used during the secure data transfer .

US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form (computer program, program product, client computer) for subsequent execution . 		US5825890A
CLAIM 1 . A socket application interface computer program (Computer software, executable form, Computer software operable to provide protection) product that interfaces application program code executing in an application layer to transport protocol layer services code , comprising : application program interface code that encrypts information received from the application program code ;
and means for providing the encrypted information to the transport protocol layer services code .

US5825890A
CLAIM 3 . A client security software application for use by a client application executing on a client computer (Computer software, executable form, Computer software operable to provide protection) , for setting up a secure socket connection for secure data transfer between the client computer and a server computer : means for causing the client computer to transmit to the server computer a client-hello message including challenge data and client cipher-specs data , the client cipher-specs data indicating an indication of at least one bulk cipher supported by the client computer ;
means for causing the client computer to receive from the server computer a server-hello message including connection -- identification data , server -- certificate data and server cipher-specs data , wherein the server cipher-specs data includes an indication of a bulk cipher to be used during the secure data transfer .

US7162735B2
CLAIM 28 . A data carrier containing software (ion layer) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5825890A
CLAIM 1 . A socket application interface computer program product that interfaces application program code executing in an application layer (data carrier containing software) to transport protocol layer services code , comprising : application program interface code that encrypts information received from the application program code ;
and means for providing the encrypted information to the transport protocol layer services code .

US7162735B2
CLAIM 30 . A data carrier containing software (ion layer) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5825890A
CLAIM 1 . A socket application interface computer program product that interfaces application program code executing in an application layer (data carrier containing software) to transport protocol layer services code , comprising : application program interface code that encrypts information received from the application program code ;
and means for providing the encrypted information to the transport protocol layer services code .

US7162735B2
CLAIM 37 . A data carrier containing software (ion layer) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5825890A
CLAIM 1 . A socket application interface computer program product that interfaces application program code executing in an application layer (data carrier containing software) to transport protocol layer services code , comprising : application program interface code that encrypts information received from the application program code ;
and means for providing the encrypted information to the transport protocol layer services code .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (public key) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5825890A
CLAIM 6 . A client security software application as in claim 5 , wherein the key exchange encryption algorithm is an RSA public key (security code) exchange encryption algorithm .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (public key) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5825890A
CLAIM 6 . A client security software application as in claim 5 , wherein the key exchange encryption algorithm is an RSA public key (security code) exchange encryption algorithm .

US7162735B2
CLAIM 40 . A data carrier containing software (ion layer) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5825890A
CLAIM 1 . A socket application interface computer program product that interfaces application program code executing in an application layer (data carrier containing software) to transport protocol layer services code , comprising : application program interface code that encrypts information received from the application program code ;
and means for providing the encrypted information to the transport protocol layer services code .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6026235A

Filed: 1997-05-20     Issued: 2000-02-15

System and methods for monitoring functions in natively compiled software programs

(Original Assignee) Borland Software Corp     (Current Assignee) Borland Software Corp

Steven T. Shaughnessy
US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions (call instructions, return address) to the security code , and the security code , when executed , replaces a respective call (call instructions, return address) instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US6026235A
CLAIM 9 . In a software development system for developing software programs , a method for monitoring functions in natively-compiled software programs , the method comprising : receiving a request to monitor functions of a particular program which has been compiled with debugging information ;
determining names and address locations of functions to be monitored in the particular program ;
building a stub table that has a stub associated with each function to be monitored ;
and scanning the particular program for replacing each call instruction to a function being monitored with a call instruction to a stub associated with the function , so that all calls to a particular function to be monitored are modified to call the stub instead of directly calling the particular function , wherein said step of scanning the particular program for replacing each call instruction to a function being monitored includes : scanning all addresses present in relocation tables of the particular program ;
and disassembling all code of the particular program , for searching for relative call instructions (call instructions, respective call, respective target) .

US6026235A
CLAIM 11 . In a software development system for developing software programs , a method for monitoring functions in natively-compiled software programs , the method comprising : receiving a request to monitor functions of a particular program which has been compiled with debugging information ;
determining names and address locations of functions to be monitored in the particular program ;
building a stub table that has a stub associated with each function to be monitored ;
and scanning the particular program for replacing each call instruction to a function being monitored with a call instruction to a stub associated with the function , so that all calls to a particular function to be monitored are modified to call the stub instead of directly calling the particular function , wherein a return address (call instructions, respective call, respective target) is saved during program execution for each function call which is invoking an associated stub .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion (development system) key derived from a respective target (call instructions, return address) block . 		US6026235A
CLAIM 1 . In a software development system (respective conversion) for developing software programs , a method for monitoring functions in natively-compiled software programs , the method comprising : receiving a request to monitor functions of a particular program which has been compiled with debugging information ;
determining names and address locations of functions to be monitored in the particular program ;
building a stub table that has a stub associated with each function to be monitored ;
and scanning the particular program for replacing each call instruction to a function being monitored with a call instruction to a stub associated with the function , so that all calls to a particular function to be monitored are modified to call the stub instead of directly calling the particular function , wherein each stub in turn calls an entry point into a monitoring routine for monitoring the function associated with the stub .

US6026235A
CLAIM 9 . In a software development system for developing software programs , a method for monitoring functions in natively-compiled software programs , the method comprising : receiving a request to monitor functions of a particular program which has been compiled with debugging information ;
determining names and address locations of functions to be monitored in the particular program ;
building a stub table that has a stub associated with each function to be monitored ;
and scanning the particular program for replacing each call instruction to a function being monitored with a call instruction to a stub associated with the function , so that all calls to a particular function to be monitored are modified to call the stub instead of directly calling the particular function , wherein said step of scanning the particular program for replacing each call instruction to a function being monitored includes : scanning all addresses present in relocation tables of the particular program ;
and disassembling all code of the particular program , for searching for relative call instructions (call instructions, respective call, respective target) .

US6026235A
CLAIM 11 . In a software development system for developing software programs , a method for monitoring functions in natively-compiled software programs , the method comprising : receiving a request to monitor functions of a particular program which has been compiled with debugging information ;
determining names and address locations of functions to be monitored in the particular program ;
building a stub table that has a stub associated with each function to be monitored ;
and scanning the particular program for replacing each call instruction to a function being monitored with a call instruction to a stub associated with the function , so that all calls to a particular function to be monitored are modified to call the stub instead of directly calling the particular function , wherein a return address (call instructions, respective call, respective target) is saved during program execution for each function call which is invoking an associated stub .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code (function call) , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US6026235A
CLAIM 11 . In a software development system for developing software programs , a method for monitoring functions in natively-compiled software programs , the method comprising : receiving a request to monitor functions of a particular program which has been compiled with debugging information ;
determining names and address locations of functions to be monitored in the particular program ;
building a stub table that has a stub associated with each function to be monitored ;
and scanning the particular program for replacing each call instruction to a function being monitored with a call instruction to a stub associated with the function , so that all calls to a particular function to be monitored are modified to call the stub instead of directly calling the particular function , wherein a return address is saved during program execution for each function call (comprising processing means operable to execute code) which is invoking an associated stub .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions (call instructions, return address) to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US6026235A
CLAIM 9 . In a software development system for developing software programs , a method for monitoring functions in natively-compiled software programs , the method comprising : receiving a request to monitor functions of a particular program which has been compiled with debugging information ;
determining names and address locations of functions to be monitored in the particular program ;
building a stub table that has a stub associated with each function to be monitored ;
and scanning the particular program for replacing each call instruction to a function being monitored with a call instruction to a stub associated with the function , so that all calls to a particular function to be monitored are modified to call the stub instead of directly calling the particular function , wherein said step of scanning the particular program for replacing each call instruction to a function being monitored includes : scanning all addresses present in relocation tables of the particular program ;
and disassembling all code of the particular program , for searching for relative call instructions (call instructions, respective call, respective target) .

US6026235A
CLAIM 11 . In a software development system for developing software programs , a method for monitoring functions in natively-compiled software programs , the method comprising : receiving a request to monitor functions of a particular program which has been compiled with debugging information ;
determining names and address locations of functions to be monitored in the particular program ;
building a stub table that has a stub associated with each function to be monitored ;
and scanning the particular program for replacing each call instruction to a function being monitored with a call instruction to a stub associated with the function , so that all calls to a particular function to be monitored are modified to call the stub instead of directly calling the particular function , wherein a return address (call instructions, respective call, respective target) is saved during program execution for each function call which is invoking an associated stub .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		WO9743761A2

Filed: 1997-05-15     Issued: 1997-11-20

Cryptographic methods, apparatus and systems for storage media electronic rights management in closed and connected appliances

(Original Assignee) Intertrust Technologies Corp.     

Victor H. Shear, Olin W. Sibert, David M. Vanwie, Robert P. Weber
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key (cryptographic keys) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block (digital camera) of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		WO9743761A2
CLAIM 42 . A digital camera (target block) for generating at least one image to be written onto a digital versatile disk optical storage medium , characterized in that the camera includes at least one information protecting arrangement that at least in part protects the image so that the information is persistently protected through subsequent processes such as editing , production , writing onto a digital versatile disk , and/or reading from a digital versatile disk .

WO9743761A2
CLAIM 47 . A method as in claim 46 further including the step of using at least one digital property content stored on an optical disk in accordance with the use controls , including the step of using a prescribed secure cryptographic key or set of cryptographic keys (conversion key, respective conversion key) for using rights information .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (decryption engine) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		WO9743761A2
CLAIM 86 . A device as in claim 82 wherein the secure processing unit includes an encryption/decryption engine (security code) .

US7162735B2
CLAIM 5 . A computer system comprising memory means (high capacity) containing a digital protection (stored information) arrangement according to claim 4 . 		WO9743761A2
CLAIM 62 . An arrangement for implementing a rights management system for digital versatile disks according to claim 55 , wherein said optical disk contains a block of stored information (digital protection) comprising encrypted keys used for decryption of said encrypted data structure .

WO9743761A2
CLAIM 112 . A system or process as in any of the preceding claims wherein the phrase " ;
high capacity (memory means) optical disk" ;
is substituted for " ;
digital versatile disk . " ;
US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (decryption engine) , when executed , is operable to detect corruption of the protected code . 		WO9743761A2
CLAIM 86 . A device as in claim 82 wherein the secure processing unit includes an encryption/decryption engine (security code) .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (decryption engine) is operable to delete the protected code in the event that any corruption is detected . 		WO9743761A2
CLAIM 86 . A device as in claim 82 wherein the secure processing unit includes an encryption/decryption engine (security code) .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (decryption engine) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		WO9743761A2
CLAIM 86 . A device as in claim 82 wherein the secure processing unit includes an encryption/decryption engine (security code) .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (decryption engine) is embedded within the protected code . 		WO9743761A2
CLAIM 86 . A device as in claim 82 wherein the secure processing unit includes an encryption/decryption engine (security code) .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (decryption engine) is embedded at locations which are unused by the protected code . 		WO9743761A2
CLAIM 86 . A device as in claim 82 wherein the secure processing unit includes an encryption/decryption engine (security code) .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (writing device) operable to change the location of the security code (decryption engine) and to modify the call instruction to refer to the new location . 		WO9743761A2
CLAIM 81 . An optical disk reading and/or writing device (relocation code) including : at least one secure node capable of watermarking content and/or processing watermarked content ;
and an IEEE 1394-1995 serial bus port .

WO9743761A2
CLAIM 86 . A device as in claim 82 wherein the secure processing unit includes an encryption/decryption engine (security code) .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (writing device) is contained within the protected code , to operate repeatedly while the protected code is in use . 		WO9743761A2
CLAIM 81 . An optical disk reading and/or writing device (relocation code) including : at least one secure node capable of watermarking content and/or processing watermarked content ;
and an IEEE 1394-1995 serial bus port .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key (cryptographic keys) from a target block (digital camera) of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		WO9743761A2
CLAIM 42 . A digital camera (target block) for generating at least one image to be written onto a digital versatile disk optical storage medium , characterized in that the camera includes at least one information protecting arrangement that at least in part protects the image so that the information is persistently protected through subsequent processes such as editing , production , writing onto a digital versatile disk , and/or reading from a digital versatile disk .

WO9743761A2
CLAIM 47 . A method as in claim 46 further including the step of using at least one digital property content stored on an optical disk in accordance with the use controls , including the step of using a prescribed secure cryptographic key or set of cryptographic keys (conversion key, respective conversion key) for using rights information .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (cryptographic keys) derived from a respective target block (digital camera) . 		WO9743761A2
CLAIM 42 . A digital camera (target block) for generating at least one image to be written onto a digital versatile disk optical storage medium , characterized in that the camera includes at least one information protecting arrangement that at least in part protects the image so that the information is persistently protected through subsequent processes such as editing , production , writing onto a digital versatile disk , and/or reading from a digital versatile disk .

WO9743761A2
CLAIM 47 . A method as in claim 46 further including the step of using at least one digital property content stored on an optical disk in accordance with the use controls , including the step of using a prescribed secure cryptographic key or set of cryptographic keys (conversion key, respective conversion key) for using rights information .

US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form for subsequent execution (defining rules) . 		WO9743761A2
CLAIM 114 . A system and/or method for defining rules (subsequent execution) for use in one or more digital versatile disk appliances and/or methods as defined in any of the preceding claims .

US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form for subsequent execution (defining rules) . 		WO9743761A2
CLAIM 114 . A system and/or method for defining rules (subsequent execution) for use in one or more digital versatile disk appliances and/or methods as defined in any of the preceding claims .

US7162735B2
CLAIM 23 . The arrangement of claim 18 , wherein the or each target block (digital camera) is contained within the protected data . 		WO9743761A2
CLAIM 42 . A digital camera (target block) for generating at least one image to be written onto a digital versatile disk optical storage medium , characterized in that the camera includes at least one information protecting arrangement that at least in part protects the image so that the information is persistently protected through subsequent processes such as editing , production , writing onto a digital versatile disk , and/or reading from a digital versatile disk .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block (digital camera) is contained within the decryption instructions . 		WO9743761A2
CLAIM 42 . A digital camera (target block) for generating at least one image to be written onto a digital versatile disk optical storage medium , characterized in that the camera includes at least one information protecting arrangement that at least in part protects the image so that the information is persistently protected through subsequent processes such as editing , production , writing onto a digital versatile disk , and/or reading from a digital versatile disk .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (high capacity) storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (processing unit) will cause the executable conversion code to be executed when seeking to access the protected data . 		WO9743761A2
CLAIM 82 . An optical disk using device comprising : a secure processing unit (processor means) ;
and an IEEE 1394-1995 serial bus port .

WO9743761A2
CLAIM 112 . A system or process as in any of the preceding claims wherein the phrase " ;
high capacity (memory means) optical disk" ;
is substituted for " ;
digital versatile disk . " ;
US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part (following steps) of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		WO9743761A2
CLAIM 7 . In an appliance capable of using digital versatile disks , a method including the following steps (second part) : at least one of (a) reading information from , and (b) writing information to , a digital versatile disk optical storage medium ;
and selecting at least some control information associated with information recorded on the storage medium based at least in part on the class of the appliance and/or the user of the appliance .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (decryption engine) and relocation code (writing device) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		WO9743761A2
CLAIM 81 . An optical disk reading and/or writing device (relocation code) including : at least one secure node capable of watermarking content and/or processing watermarked content ;
and an IEEE 1394-1995 serial bus port .

WO9743761A2
CLAIM 86 . A device as in claim 82 wherein the secure processing unit includes an encryption/decryption engine (security code) .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (decryption engine) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (writing device) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		WO9743761A2
CLAIM 81 . An optical disk reading and/or writing device (relocation code) including : at least one secure node capable of watermarking content and/or processing watermarked content ;
and an IEEE 1394-1995 serial bus port .

WO9743761A2
CLAIM 86 . A device as in claim 82 wherein the secure processing unit includes an encryption/decryption engine (security code) .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5815714A

Filed: 1997-04-21     Issued: 1998-09-29

Embedded debug commands in a source file

(Original Assignee) Hitachi America Ltd     (Current Assignee) Hitachi America Ltd

Avadhani Shridhar, John Simons
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software (disabling execution, object code, d line) , the protection software (disabling execution, object code, d line) comprising security means (different language) operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code (disabling execution, object code, d line) which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form (disabling execution, object code, d line) by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5815714A
CLAIM 1 . In a computer system , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US5815714A
CLAIM 4 . The apparatus of claim 2 wherein said embedded debug commands are written in a different language (security means, processing means) than said source code program .

US5815714A
CLAIM 5 . The apparatus of claim 2 including a command line (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) option for selectively enabling and disabling execution (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) of said embedded debug commands .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (disabling execution, object code, d line) in accordance with claim 1 . 		US5815714A
CLAIM 1 . In a computer system , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US5815714A
CLAIM 5 . The apparatus of claim 2 including a command line (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) option for selectively enabling and disabling execution (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) of said embedded debug commands .

US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software (disabling execution, object code, d line) protected by means of computer software in accordance with claim 1 . 		US5815714A
CLAIM 1 . In a computer system (computer system) , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US5815714A
CLAIM 5 . The apparatus of claim 2 including a command line (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) option for selectively enabling and disabling execution (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) of said embedded debug commands .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code (disabling execution, object code, d line) , the executable code including one or more call instructions (disabling execution, object code, d line) to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5815714A
CLAIM 1 . In a computer system , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US5815714A
CLAIM 5 . The apparatus of claim 2 including a command line (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) option for selectively enabling and disabling execution (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) of said embedded debug commands .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US5815714A
CLAIM 1 . In a computer system (computer system) , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5815714A
CLAIM 1 . In a computer system (computer system) , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5815714A
CLAIM 1 . In a computer system (computer system) , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US7162735B2
CLAIM 13 . The arrangement of claim 12 , wherein at least one embedding location is identified when the protected code is executed , the security means (different language) is written to the embedding location . 		US5815714A
CLAIM 4 . The apparatus of claim 2 wherein said embedded debug commands are written in a different language (security means, processing means) than said source code program .

US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (disabling execution, object code, d line) for decryption . 		US5815714A
CLAIM 1 . In a computer system , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US5815714A
CLAIM 5 . The apparatus of claim 2 including a command line (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) option for selectively enabling and disabling execution (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) of said embedded debug commands .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code (disabling execution, object code, d line) operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form (disabling execution, object code, d line) by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5815714A
CLAIM 1 . In a computer system , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US5815714A
CLAIM 5 . The apparatus of claim 2 including a command line (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) option for selectively enabling and disabling execution (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) of said embedded debug commands .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code (disabling execution, object code, d line) stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form (disabling execution, object code, d line) . 		US5815714A
CLAIM 1 . In a computer system , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US5815714A
CLAIM 5 . The apparatus of claim 2 including a command line (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) option for selectively enabling and disabling execution (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) of said embedded debug commands .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key derived from a respective target (disabling execution, object code, d line) block . 		US5815714A
CLAIM 1 . In a computer system , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US5815714A
CLAIM 5 . The apparatus of claim 2 including a command line (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) option for selectively enabling and disabling execution (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) of said embedded debug commands .

US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form (disabling execution, object code, d line) for subsequent execution . 		US5815714A
CLAIM 1 . In a computer system , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US5815714A
CLAIM 5 . The apparatus of claim 2 including a command line (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) option for selectively enabling and disabling execution (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) of said embedded debug commands .

US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form (disabling execution, object code, d line) for subsequent execution . 		US5815714A
CLAIM 1 . In a computer system , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US5815714A
CLAIM 5 . The apparatus of claim 2 including a command line (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) option for selectively enabling and disabling execution (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) of said embedded debug commands .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code (disabling execution, object code, d line) and/or a data file . 		US5815714A
CLAIM 1 . In a computer system , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US5815714A
CLAIM 5 . The apparatus of claim 2 including a command line (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) option for selectively enabling and disabling execution (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) of said embedded debug commands .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (different language) operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code (disabling execution, object code, d line) to be executed when seeking to access the protected data . 		US5815714A
CLAIM 1 . In a computer system , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US5815714A
CLAIM 4 . The apparatus of claim 2 wherein said embedded debug commands are written in a different language (security means, processing means) than said source code program .

US5815714A
CLAIM 5 . The apparatus of claim 2 including a command line (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) option for selectively enabling and disabling execution (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) of said embedded debug commands .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5815714A
CLAIM 1 . In a computer system (computer system) , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code (disabling execution, object code, d line) executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5815714A
CLAIM 1 . In a computer system , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US5815714A
CLAIM 5 . The apparatus of claim 2 including a command line (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) option for selectively enabling and disabling execution (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) of said embedded debug commands .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5815714A
CLAIM 1 . In a computer system (computer system) , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US7162735B2
CLAIM 32 . The arrangement of claim 29 , wherein the steps include at least one step which initiates operation of security means (different language) operable to detect corruption of the protected data . 		US5815714A
CLAIM 4 . The apparatus of claim 2 wherein said embedded debug commands are written in a different language (security means, processing means) than said source code program .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code (disabling execution, object code, d line) is executable to create the steps on each occasion that the executable instruction is to be executed . 		US5815714A
CLAIM 1 . In a computer system , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US5815714A
CLAIM 5 . The apparatus of claim 2 including a command line (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) option for selectively enabling and disabling execution (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) of said embedded debug commands .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code (disabling execution, object code, d line) executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5815714A
CLAIM 1 . In a computer system , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US5815714A
CLAIM 5 . The apparatus of claim 2 including a command line (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) option for selectively enabling and disabling execution (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) of said embedded debug commands .

US7162735B2
CLAIM 36 . The arrangement of claim 34 , wherein the executable code (disabling execution, object code, d line) is executable to create corrupt data in addition to each part of protected code . 		US5815714A
CLAIM 1 . In a computer system , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US5815714A
CLAIM 5 . The apparatus of claim 2 including a command line (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) option for selectively enabling and disabling execution (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) of said embedded debug commands .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5815714A
CLAIM 1 . In a computer system (computer system) , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions (disabling execution, object code, d line) to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code (disabling execution, object code, d line) and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5815714A
CLAIM 1 . In a computer system , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .

US5815714A
CLAIM 5 . The apparatus of claim 2 including a command line (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) option for selectively enabling and disabling execution (executable code, executable instructions, call instructions, executable conversion code, remaining call instructions, executable form, respective target, computer software, protection software, respective target block) of said embedded debug commands .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5815714A
CLAIM 1 . In a computer system (computer system) , a method for automatically generating a debugger command file having debug commands for execution during source code simulation comprising the steps of : (1) embedding at least one debug command in at least one line of a source program ;
(2) assembling said source program , said assembling step including : (a) extracting said embedded debug commands , (b) generating a break-point command associated with each of said embedded debug commands , (c) creating said command file by writing said break-point commands and associated debug commands into said command file , and (d) generating an object code from said source program ;
and (3) upon modification of said source program , removing said break point commands and associated embedded debug commands from said command file so that during re-assembly of said modified source program , a new command file is automatically created containing new break point commands associated with said embedded debug commands at their new respective locations in said source program .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		WO9736239A1

Filed: 1997-03-28     Issued: 1997-10-02

Method and apparatus for encrypting and decrypting microprocessor serial numbers

(Original Assignee) Advanced Micro Devices, Inc.     

Sherman Lee, James R. Macdonald, Michael T. Wisor
US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		WO9736239A1
CLAIM 1 1 . A method of programming a microprocessor serial number , comprising : 2 providing a first encryption key , a second encryption key , and a serial number to a 3 register in a microprocessor ;
4 accessing said register for said first encryption key , said second encryption key , 5 and said serial number ;
6 encrypting said serial number using said first encryption key to obtain an encrypted 7 serial number ;
8 encrypting said encrypted serial number using said second encryption key to obtain 9 a double-encrypted serial number ;
and 10 storing said double-encrypted serial number in a nonvolatile random access 11 memory . 1 2 . The method of claim 1 wherein said storing step includes providing a cyclical 2 redundancy checksum . 1 3 . A computer system (computer system) for encrypting a microprocessor serial number comprising :

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		WO9736239A1
CLAIM 1 1 . A method of programming a microprocessor serial number , comprising : 2 providing a first encryption key , a second encryption key , and a serial number to a 3 register in a microprocessor ;
4 accessing said register for said first encryption key , said second encryption key , 5 and said serial number ;
6 encrypting said serial number using said first encryption key to obtain an encrypted 7 serial number ;
8 encrypting said encrypted serial number using said second encryption key to obtain 9 a double-encrypted serial number ;
and 10 storing said double-encrypted serial number in a nonvolatile random access 11 memory . 1 2 . The method of claim 1 wherein said storing step includes providing a cyclical 2 redundancy checksum . 1 3 . A computer system (computer system) for encrypting a microprocessor serial number comprising :

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		WO9736239A1
CLAIM 1 1 . A method of programming a microprocessor serial number , comprising : 2 providing a first encryption key , a second encryption key , and a serial number to a 3 register in a microprocessor ;
4 accessing said register for said first encryption key , said second encryption key , 5 and said serial number ;
6 encrypting said serial number using said first encryption key to obtain an encrypted 7 serial number ;
8 encrypting said encrypted serial number using said second encryption key to obtain 9 a double-encrypted serial number ;
and 10 storing said double-encrypted serial number in a nonvolatile random access 11 memory . 1 2 . The method of claim 1 wherein said storing step includes providing a cyclical 2 redundancy checksum . 1 3 . A computer system (computer system) for encrypting a microprocessor serial number comprising :

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		WO9736239A1
CLAIM 1 1 . A method of programming a microprocessor serial number , comprising : 2 providing a first encryption key , a second encryption key , and a serial number to a 3 register in a microprocessor ;
4 accessing said register for said first encryption key , said second encryption key , 5 and said serial number ;
6 encrypting said serial number using said first encryption key to obtain an encrypted 7 serial number ;
8 encrypting said encrypted serial number using said second encryption key to obtain 9 a double-encrypted serial number ;
and 10 storing said double-encrypted serial number in a nonvolatile random access 11 memory . 1 2 . The method of claim 1 wherein said storing step includes providing a cyclical 2 redundancy checksum . 1 3 . A computer system (computer system) for encrypting a microprocessor serial number comprising :

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		WO9736239A1
CLAIM 4 a memory unit coupled to said central processing unit and configured to store an 5 encrypted microprocessor serial number ;
6 encryption/decryption circuitry coupled to said at least one register and said 7 memory unit and configured to provide encryption to said unencrypted microprocessor 8 serial number using said at least one encryption key ;
and 9 interface circuitry coupled to said encryption/decryption circuitry and said 10 memory unit configured to provide said encrypted microprocessor serial number to said 11 memory unit . 4 . The computer system of claim 2 wherein said memory (relocation code) unit is a nonvolatile random access memory .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		WO9736239A1
CLAIM 4 a memory unit coupled to said central processing unit and configured to store an 5 encrypted microprocessor serial number ;
6 encryption/decryption circuitry coupled to said at least one register and said 7 memory unit and configured to provide encryption to said unencrypted microprocessor 8 serial number using said at least one encryption key ;
and 9 interface circuitry coupled to said encryption/decryption circuitry and said 10 memory unit configured to provide said encrypted microprocessor serial number to said 11 memory unit . 4 . The computer system of claim 2 wherein said memory (relocation code) unit is a nonvolatile random access memory .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (processing unit) will cause the executable conversion code to be executed when seeking to access the protected data . 		WO9736239A1
CLAIM 2 a central processing unit (processor means) including at least one register configured to provide at
US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		WO9736239A1
CLAIM 1 1 . A method of programming a microprocessor serial number , comprising : 2 providing a first encryption key , a second encryption key , and a serial number to a 3 register in a microprocessor ;
4 accessing said register for said first encryption key , said second encryption key , 5 and said serial number ;
6 encrypting said serial number using said first encryption key to obtain an encrypted 7 serial number ;
8 encrypting said encrypted serial number using said second encryption key to obtain 9 a double-encrypted serial number ;
and 10 storing said double-encrypted serial number in a nonvolatile random access 11 memory . 1 2 . The method of claim 1 wherein said storing step includes providing a cyclical 2 redundancy checksum . 1 3 . A computer system (computer system) for encrypting a microprocessor serial number comprising :

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		WO9736239A1
CLAIM 1 1 . A method of programming a microprocessor serial number , comprising : 2 providing a first encryption key , a second encryption key , and a serial number to a 3 register in a microprocessor ;
4 accessing said register for said first encryption key , said second encryption key , 5 and said serial number ;
6 encrypting said serial number using said first encryption key to obtain an encrypted 7 serial number ;
8 encrypting said encrypted serial number using said second encryption key to obtain 9 a double-encrypted serial number ;
and 10 storing said double-encrypted serial number in a nonvolatile random access 11 memory . 1 2 . The method of claim 1 wherein said storing step includes providing a cyclical 2 redundancy checksum . 1 3 . A computer system (computer system) for encrypting a microprocessor serial number comprising :

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		WO9736239A1
CLAIM 1 1 . A method of programming a microprocessor serial number , comprising : 2 providing a first encryption key , a second encryption key , and a serial number to a 3 register in a microprocessor ;
4 accessing said register for said first encryption key , said second encryption key , 5 and said serial number ;
6 encrypting said serial number using said first encryption key to obtain an encrypted 7 serial number ;
8 encrypting said encrypted serial number using said second encryption key to obtain 9 a double-encrypted serial number ;
and 10 storing said double-encrypted serial number in a nonvolatile random access 11 memory . 1 2 . The method of claim 1 wherein said storing step includes providing a cyclical 2 redundancy checksum . 1 3 . A computer system (computer system) for encrypting a microprocessor serial number comprising :

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		WO9736239A1
CLAIM 4 a memory unit coupled to said central processing unit and configured to store an 5 encrypted microprocessor serial number ;
6 encryption/decryption circuitry coupled to said at least one register and said 7 memory unit and configured to provide encryption to said unencrypted microprocessor 8 serial number using said at least one encryption key ;
and 9 interface circuitry coupled to said encryption/decryption circuitry and said 10 memory unit configured to provide said encrypted microprocessor serial number to said 11 memory unit . 4 . The computer system of claim 2 wherein said memory (relocation code) unit is a nonvolatile random access memory .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		WO9736239A1
CLAIM 4 a memory unit coupled to said central processing unit and configured to store an 5 encrypted microprocessor serial number ;
6 encryption/decryption circuitry coupled to said at least one register and said 7 memory unit and configured to provide encryption to said unencrypted microprocessor 8 serial number using said at least one encryption key ;
and 9 interface circuitry coupled to said encryption/decryption circuitry and said 10 memory unit configured to provide said encrypted microprocessor serial number to said 11 memory unit . 4 . The computer system of claim 2 wherein said memory (relocation code) unit is a nonvolatile random access memory .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		WO9736239A1
CLAIM 1 1 . A method of programming a microprocessor serial number , comprising : 2 providing a first encryption key , a second encryption key , and a serial number to a 3 register in a microprocessor ;
4 accessing said register for said first encryption key , said second encryption key , 5 and said serial number ;
6 encrypting said serial number using said first encryption key to obtain an encrypted 7 serial number ;
8 encrypting said encrypted serial number using said second encryption key to obtain 9 a double-encrypted serial number ;
and 10 storing said double-encrypted serial number in a nonvolatile random access 11 memory . 1 2 . The method of claim 1 wherein said storing step includes providing a cyclical 2 redundancy checksum . 1 3 . A computer system (computer system) for encrypting a microprocessor serial number comprising :




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6059840A

Filed: 1997-03-17     Issued: 2000-05-09

Automatic scheduling of instructions to reduce code size

(Original Assignee) Motorola Solutions Inc     (Current Assignee) NXP USA Inc

Cliff N. Click, Jr.
US7162735B2
CLAIM 1 . Computer software (program product) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form (program product) by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US6059840A
CLAIM 14 . A computer program product (executable form, Computer software, Computer software operable to provide protection) encoded in a computer readable medium , the computer program product comprising at least a first plurality of instructions executable on a computer system , said computer program product being compiled according to a method for scheduling instructions , the method comprising : (a) building a def-use chain for the portion of the computer program , wherein the def-use chain defines an input arc and an output arc for each COPY instruction ;
(b) coalescing a first COPY instruction , where the first COPY instruction is part of the portion of the computer program , wherein coalescing the first COPY instruction combines the input and output arcs of the first COPY instruction ;
(c) listing a first subset of the instructions in a ready list , the ready list for listing instructions available for scheduling ;
(d) selecting a next instruction from the first subset listed in the ready list ;
(e) determining if the next instruction has at least one liveness conflict ;
(f) resolving the at least one liveness conflict , if the next instruction has at least one liveness conflict ;
(g) scheduling the next instruction ;
and (h) updating the ready list after completing step (g) .

US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US6059840A
CLAIM 14 . A computer program product encoded in a computer readable medium , the computer program product comprising at least a first plurality of instructions executable on a computer system (computer system) , said computer program product being compiled according to a method for scheduling instructions , the method comprising : (a) building a def-use chain for the portion of the computer program , wherein the def-use chain defines an input arc and an output arc for each COPY instruction ;
(b) coalescing a first COPY instruction , where the first COPY instruction is part of the portion of the computer program , wherein coalescing the first COPY instruction combines the input and output arcs of the first COPY instruction ;
(c) listing a first subset of the instructions in a ready list , the ready list for listing instructions available for scheduling ;
(d) selecting a next instruction from the first subset listed in the ready list ;
(e) determining if the next instruction has at least one liveness conflict ;
(f) resolving the at least one liveness conflict , if the next instruction has at least one liveness conflict ;
(g) scheduling the next instruction ;
and (h) updating the ready list after completing step (g) .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US6059840A
CLAIM 14 . A computer program product encoded in a computer readable medium , the computer program product comprising at least a first plurality of instructions executable on a computer system (computer system) , said computer program product being compiled according to a method for scheduling instructions , the method comprising : (a) building a def-use chain for the portion of the computer program , wherein the def-use chain defines an input arc and an output arc for each COPY instruction ;
(b) coalescing a first COPY instruction , where the first COPY instruction is part of the portion of the computer program , wherein coalescing the first COPY instruction combines the input and output arcs of the first COPY instruction ;
(c) listing a first subset of the instructions in a ready list , the ready list for listing instructions available for scheduling ;
(d) selecting a next instruction from the first subset listed in the ready list ;
(e) determining if the next instruction has at least one liveness conflict ;
(f) resolving the at least one liveness conflict , if the next instruction has at least one liveness conflict ;
(g) scheduling the next instruction ;
and (h) updating the ready list after completing step (g) .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6059840A
CLAIM 14 . A computer program product encoded in a computer readable medium , the computer program product comprising at least a first plurality of instructions executable on a computer system (computer system) , said computer program product being compiled according to a method for scheduling instructions , the method comprising : (a) building a def-use chain for the portion of the computer program , wherein the def-use chain defines an input arc and an output arc for each COPY instruction ;
(b) coalescing a first COPY instruction , where the first COPY instruction is part of the portion of the computer program , wherein coalescing the first COPY instruction combines the input and output arcs of the first COPY instruction ;
(c) listing a first subset of the instructions in a ready list , the ready list for listing instructions available for scheduling ;
(d) selecting a next instruction from the first subset listed in the ready list ;
(e) determining if the next instruction has at least one liveness conflict ;
(f) resolving the at least one liveness conflict , if the next instruction has at least one liveness conflict ;
(g) scheduling the next instruction ;
and (h) updating the ready list after completing step (g) .

US7162735B2
CLAIM 7 . Computer software (program product) which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6059840A
CLAIM 14 . A computer program product (executable form, Computer software, Computer software operable to provide protection) encoded in a computer readable medium , the computer program product comprising at least a first plurality of instructions executable on a computer system (computer system) , said computer program product being compiled according to a method for scheduling instructions , the method comprising : (a) building a def-use chain for the portion of the computer program , wherein the def-use chain defines an input arc and an output arc for each COPY instruction ;
(b) coalescing a first COPY instruction , where the first COPY instruction is part of the portion of the computer program , wherein coalescing the first COPY instruction combines the input and output arcs of the first COPY instruction ;
(c) listing a first subset of the instructions in a ready list , the ready list for listing instructions available for scheduling ;
(d) selecting a next instruction from the first subset listed in the ready list ;
(e) determining if the next instruction has at least one liveness conflict ;
(f) resolving the at least one liveness conflict , if the next instruction has at least one liveness conflict ;
(g) scheduling the next instruction ;
and (h) updating the ready list after completing step (g) .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form (program product) by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US6059840A
CLAIM 14 . A computer program product (executable form, Computer software, Computer software operable to provide protection) encoded in a computer readable medium , the computer program product comprising at least a first plurality of instructions executable on a computer system , said computer program product being compiled according to a method for scheduling instructions , the method comprising : (a) building a def-use chain for the portion of the computer program , wherein the def-use chain defines an input arc and an output arc for each COPY instruction ;
(b) coalescing a first COPY instruction , where the first COPY instruction is part of the portion of the computer program , wherein coalescing the first COPY instruction combines the input and output arcs of the first COPY instruction ;
(c) listing a first subset of the instructions in a ready list , the ready list for listing instructions available for scheduling ;
(d) selecting a next instruction from the first subset listed in the ready list ;
(e) determining if the next instruction has at least one liveness conflict ;
(f) resolving the at least one liveness conflict , if the next instruction has at least one liveness conflict ;
(g) scheduling the next instruction ;
and (h) updating the ready list after completing step (g) .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form (program product) . 		US6059840A
CLAIM 14 . A computer program product (executable form, Computer software, Computer software operable to provide protection) encoded in a computer readable medium , the computer program product comprising at least a first plurality of instructions executable on a computer system , said computer program product being compiled according to a method for scheduling instructions , the method comprising : (a) building a def-use chain for the portion of the computer program , wherein the def-use chain defines an input arc and an output arc for each COPY instruction ;
(b) coalescing a first COPY instruction , where the first COPY instruction is part of the portion of the computer program , wherein coalescing the first COPY instruction combines the input and output arcs of the first COPY instruction ;
(c) listing a first subset of the instructions in a ready list , the ready list for listing instructions available for scheduling ;
(d) selecting a next instruction from the first subset listed in the ready list ;
(e) determining if the next instruction has at least one liveness conflict ;
(f) resolving the at least one liveness conflict , if the next instruction has at least one liveness conflict ;
(g) scheduling the next instruction ;
and (h) updating the ready list after completing step (g) .

US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form (program product) for subsequent execution . 		US6059840A
CLAIM 14 . A computer program product (executable form, Computer software, Computer software operable to provide protection) encoded in a computer readable medium , the computer program product comprising at least a first plurality of instructions executable on a computer system , said computer program product being compiled according to a method for scheduling instructions , the method comprising : (a) building a def-use chain for the portion of the computer program , wherein the def-use chain defines an input arc and an output arc for each COPY instruction ;
(b) coalescing a first COPY instruction , where the first COPY instruction is part of the portion of the computer program , wherein coalescing the first COPY instruction combines the input and output arcs of the first COPY instruction ;
(c) listing a first subset of the instructions in a ready list , the ready list for listing instructions available for scheduling ;
(d) selecting a next instruction from the first subset listed in the ready list ;
(e) determining if the next instruction has at least one liveness conflict ;
(f) resolving the at least one liveness conflict , if the next instruction has at least one liveness conflict ;
(g) scheduling the next instruction ;
and (h) updating the ready list after completing step (g) .

US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form (program product) for subsequent execution . 		US6059840A
CLAIM 14 . A computer program product (executable form, Computer software, Computer software operable to provide protection) encoded in a computer readable medium , the computer program product comprising at least a first plurality of instructions executable on a computer system , said computer program product being compiled according to a method for scheduling instructions , the method comprising : (a) building a def-use chain for the portion of the computer program , wherein the def-use chain defines an input arc and an output arc for each COPY instruction ;
(b) coalescing a first COPY instruction , where the first COPY instruction is part of the portion of the computer program , wherein coalescing the first COPY instruction combines the input and output arcs of the first COPY instruction ;
(c) listing a first subset of the instructions in a ready list , the ready list for listing instructions available for scheduling ;
(d) selecting a next instruction from the first subset listed in the ready list ;
(e) determining if the next instruction has at least one liveness conflict ;
(f) resolving the at least one liveness conflict , if the next instruction has at least one liveness conflict ;
(g) scheduling the next instruction ;
and (h) updating the ready list after completing step (g) .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US6059840A
CLAIM 14 . A computer program product encoded in a computer readable medium , the computer program product comprising at least a first plurality of instructions executable on a computer system (computer system) , said computer program product being compiled according to a method for scheduling instructions , the method comprising : (a) building a def-use chain for the portion of the computer program , wherein the def-use chain defines an input arc and an output arc for each COPY instruction ;
(b) coalescing a first COPY instruction , where the first COPY instruction is part of the portion of the computer program , wherein coalescing the first COPY instruction combines the input and output arcs of the first COPY instruction ;
(c) listing a first subset of the instructions in a ready list , the ready list for listing instructions available for scheduling ;
(d) selecting a next instruction from the first subset listed in the ready list ;
(e) determining if the next instruction has at least one liveness conflict ;
(f) resolving the at least one liveness conflict , if the next instruction has at least one liveness conflict ;
(g) scheduling the next instruction ;
and (h) updating the ready list after completing step (g) .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US6059840A
CLAIM 14 . A computer program product encoded in a computer readable medium , the computer program product comprising at least a first plurality of instructions executable on a computer system (computer system) , said computer program product being compiled according to a method for scheduling instructions , the method comprising : (a) building a def-use chain for the portion of the computer program , wherein the def-use chain defines an input arc and an output arc for each COPY instruction ;
(b) coalescing a first COPY instruction , where the first COPY instruction is part of the portion of the computer program , wherein coalescing the first COPY instruction combines the input and output arcs of the first COPY instruction ;
(c) listing a first subset of the instructions in a ready list , the ready list for listing instructions available for scheduling ;
(d) selecting a next instruction from the first subset listed in the ready list ;
(e) determining if the next instruction has at least one liveness conflict ;
(f) resolving the at least one liveness conflict , if the next instruction has at least one liveness conflict ;
(g) scheduling the next instruction ;
and (h) updating the ready list after completing step (g) .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part (fourth set) of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US6059840A
CLAIM 12 . A computer program compiler for translating human readable computer program code into computer readable program code , the computer program compiler comprising : a first set of instructions which coalesces COPY instructions in a computer program ;
a second set of instructions which lists instructions of the computer program in a ready list ;
a third set of instructions which selects a next instruction from the ready list ;
a fourth set (first part) of instructions which determines liveness conflicts for the next instruction ;
a fifth set of instructions which resolves liveness conflicts for the next instruction ;
a sixth set of instructions which schedules the next instruction , wherein instructions that do not conflict are selected prior to selecting instructions that do conflict , wherein instructions that do not define physical registers are selected prior to selecting instructions that define physical registers ;
and a seventh set of instructions which determines if the ready list is empty .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US6059840A
CLAIM 14 . A computer program product encoded in a computer readable medium , the computer program product comprising at least a first plurality of instructions executable on a computer system (computer system) , said computer program product being compiled according to a method for scheduling instructions , the method comprising : (a) building a def-use chain for the portion of the computer program , wherein the def-use chain defines an input arc and an output arc for each COPY instruction ;
(b) coalescing a first COPY instruction , where the first COPY instruction is part of the portion of the computer program , wherein coalescing the first COPY instruction combines the input and output arcs of the first COPY instruction ;
(c) listing a first subset of the instructions in a ready list , the ready list for listing instructions available for scheduling ;
(d) selecting a next instruction from the first subset listed in the ready list ;
(e) determining if the next instruction has at least one liveness conflict ;
(f) resolving the at least one liveness conflict , if the next instruction has at least one liveness conflict ;
(g) scheduling the next instruction ;
and (h) updating the ready list after completing step (g) .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US6059840A
CLAIM 14 . A computer program product encoded in a computer readable medium , the computer program product comprising at least a first plurality of instructions executable on a computer system (computer system) , said computer program product being compiled according to a method for scheduling instructions , the method comprising : (a) building a def-use chain for the portion of the computer program , wherein the def-use chain defines an input arc and an output arc for each COPY instruction ;
(b) coalescing a first COPY instruction , where the first COPY instruction is part of the portion of the computer program , wherein coalescing the first COPY instruction combines the input and output arcs of the first COPY instruction ;
(c) listing a first subset of the instructions in a ready list , the ready list for listing instructions available for scheduling ;
(d) selecting a next instruction from the first subset listed in the ready list ;
(e) determining if the next instruction has at least one liveness conflict ;
(f) resolving the at least one liveness conflict , if the next instruction has at least one liveness conflict ;
(g) scheduling the next instruction ;
and (h) updating the ready list after completing step (g) .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6044157A

Filed: 1997-03-10     Issued: 2000-03-28

Microprocessor suitable for reproducing AV data while protecting the AV data from illegal copy and image information processing system using the microprocessor

(Original Assignee) Panasonic Corp     (Current Assignee) Panasonic Intellectual Property Corp

Yasushi Uesaka, Kazuhiko Yamauchi, Masayuki Kozuka, Nobuo Higaki, Koichi Horiuchi, Syusuke Haruna
US7162735B2
CLAIM 4 . A digital data (digital data) arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction (call instruction) with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US6044157A
CLAIM 3 . An image information processing system as recited in claim 2 comprising : an AV data read apparatus for reading digital data (digital data) from an external medium , encrypting the digital data if the digital data is compressed AV data , and outputting the encrypted compressed AV data ;
an AV output apparatus for receiving image data and voice data , converting the image data and voice data respectively into an image signal and a voice signal , and displaying an image and outputting a voice ;
a control apparatus , comprising the microprocessor and the memory for converting the encrypted compressed AV data output from the AV data read apparatus into the image data and the voice data and transferring the image data and the voice data to the AV output apparatus .

US6044157A
CLAIM 9 . An image information processing system comprising : a first storage means for storing a reproduction control program for reproducing compressed AV data , wherein the reproduction control program includes a set of encrypted instructions and a set of not-encrypted instructions , wherein each of the encrypted instructions includes an instruction for dealing with the compressed AV data and each of the not-encrypted instructions includes a call instruction (call instruction) for moving an execution control to an encrypted instruction ;
and a microprocessor which comprises execute means for executing an instruction stored in the first storage means , wherein the execute means comprises : an execution prohibit unit for prohibiting the call instruction from being executed based on a signature code included in the call instruction ;
and a decrypt unit for decrypting the set of encrypted instructions before the set of encrypted instructions are executed .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 4 . 		US6044157A
CLAIM 3 . An image information processing system as recited in claim 2 comprising : an AV data read apparatus for reading digital data (digital data) from an external medium , encrypting the digital data if the digital data is compressed AV data , and outputting the encrypted compressed AV data ;
an AV output apparatus for receiving image data and voice data , converting the image data and voice data respectively into an image signal and a voice signal , and displaying an image and outputting a voice ;
a control apparatus , comprising the microprocessor and the memory for converting the encrypted compressed AV data output from the AV data read apparatus into the image data and the voice data and transferring the image data and the voice data to the AV output apparatus .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 4 . 		US6044157A
CLAIM 3 . An image information processing system as recited in claim 2 comprising : an AV data read apparatus for reading digital data (digital data) from an external medium , encrypting the digital data if the digital data is compressed AV data , and outputting the encrypted compressed AV data ;
an AV output apparatus for receiving image data and voice data , converting the image data and voice data respectively into an image signal and a voice signal , and displaying an image and outputting a voice ;
a control apparatus , comprising the microprocessor and the memory for converting the encrypted compressed AV data output from the AV data read apparatus into the image data and the voice data and transferring the image data and the voice data to the AV output apparatus .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction (call instruction) and the security code , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US6044157A
CLAIM 9 . An image information processing system comprising : a first storage means for storing a reproduction control program for reproducing compressed AV data , wherein the reproduction control program includes a set of encrypted instructions and a set of not-encrypted instructions , wherein each of the encrypted instructions includes an instruction for dealing with the compressed AV data and each of the not-encrypted instructions includes a call instruction (call instruction) for moving an execution control to an encrypted instruction ;
and a microprocessor which comprises execute means for executing an instruction stored in the first storage means , wherein the execute means comprises : an execution prohibit unit for prohibiting the call instruction from being executed based on a signature code included in the call instruction ;
and a decrypt unit for decrypting the set of encrypted instructions before the set of encrypted instructions are executed .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code and to modify the call instruction (call instruction) to refer to the new location . 		US6044157A
CLAIM 9 . An image information processing system comprising : a first storage means for storing a reproduction control program for reproducing compressed AV data , wherein the reproduction control program includes a set of encrypted instructions and a set of not-encrypted instructions , wherein each of the encrypted instructions includes an instruction for dealing with the compressed AV data and each of the not-encrypted instructions includes a call instruction (call instruction) for moving an execution control to an encrypted instruction ;
and a microprocessor which comprises execute means for executing an instruction stored in the first storage means , wherein the execute means comprises : an execution prohibit unit for prohibiting the call instruction from being executed based on a signature code included in the call instruction ;
and a decrypt unit for decrypting the set of encrypted instructions before the set of encrypted instructions are executed .

US6044157A
CLAIM 13 . A system for reading and displaying AV signals from a medium storing AV data while inhibiting unauthorized reproduction of AV data stored on said medium comprising : an AV reading unit for reading said AV data from said medium , said AV reading unit encrypting said AV data and storing control information in an unencrypted state ;
a microprocessor connected to said AV reading unit and receiving said encrypted AV data and said control information , said microprocessor adapted to write the encrypted AV data to a memory location connected to said microprocessor , and said microprocessor upon a request to extract said stored encrypted AV data further adapted to a) read said compressed AV data from said memory (relocation code) , b) decrypt said compressed AV data , and c) decompress said compressed AV data in a series of inseparable , consecutive operations ;
and a digital to analog converter for converting the decompressed , decrypted AV data from said microprocessor to AV signals corresponding to said AV data ;
and display means for displaying said AV signals .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US6044157A
CLAIM 13 . A system for reading and displaying AV signals from a medium storing AV data while inhibiting unauthorized reproduction of AV data stored on said medium comprising : an AV reading unit for reading said AV data from said medium , said AV reading unit encrypting said AV data and storing control information in an unencrypted state ;
a microprocessor connected to said AV reading unit and receiving said encrypted AV data and said control information , said microprocessor adapted to write the encrypted AV data to a memory location connected to said microprocessor , and said microprocessor upon a request to extract said stored encrypted AV data further adapted to a) read said compressed AV data from said memory (relocation code) , b) decrypt said compressed AV data , and c) decompress said compressed AV data in a series of inseparable , consecutive operations ;
and a digital to analog converter for converting the decompressed , decrypted AV data from said microprocessor to AV signals corresponding to said AV data ;
and display means for displaying said AV signals .

US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (memory location) for decryption . 		US6044157A
CLAIM 13 . A system for reading and displaying AV signals from a medium storing AV data while inhibiting unauthorized reproduction of AV data stored on said medium comprising : an AV reading unit for reading said AV data from said medium , said AV reading unit encrypting said AV data and storing control information in an unencrypted state ;
a microprocessor connected to said AV reading unit and receiving said encrypted AV data and said control information , said microprocessor adapted to write the encrypted AV data to a memory location (executable instructions, executable instruction, decryption instructions, memory location) connected to said microprocessor , and said microprocessor upon a request to extract said stored encrypted AV data further adapted to a) read said compressed AV data from said memory , b) decrypt said compressed AV data , and c) decompress said compressed AV data in a series of inseparable , consecutive operations ;
and a digital to analog converter for converting the decompressed , decrypted AV data from said microprocessor to AV signals corresponding to said AV data ;
and display means for displaying said AV signals .

US7162735B2
CLAIM 18 . A digital data (digital data) arrangement comprising : protected data provided in encrypted form ;

decryption instructions (memory location) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US6044157A
CLAIM 3 . An image information processing system as recited in claim 2 comprising : an AV data read apparatus for reading digital data (digital data) from an external medium , encrypting the digital data if the digital data is compressed AV data , and outputting the encrypted compressed AV data ;
an AV output apparatus for receiving image data and voice data , converting the image data and voice data respectively into an image signal and a voice signal , and displaying an image and outputting a voice ;
a control apparatus , comprising the microprocessor and the memory for converting the encrypted compressed AV data output from the AV data read apparatus into the image data and the voice data and transferring the image data and the voice data to the AV output apparatus .

US6044157A
CLAIM 13 . A system for reading and displaying AV signals from a medium storing AV data while inhibiting unauthorized reproduction of AV data stored on said medium comprising : an AV reading unit for reading said AV data from said medium , said AV reading unit encrypting said AV data and storing control information in an unencrypted state ;
a microprocessor connected to said AV reading unit and receiving said encrypted AV data and said control information , said microprocessor adapted to write the encrypted AV data to a memory location (executable instructions, executable instruction, decryption instructions, memory location) connected to said microprocessor , and said microprocessor upon a request to extract said stored encrypted AV data further adapted to a) read said compressed AV data from said memory , b) decrypt said compressed AV data , and c) decompress said compressed AV data in a series of inseparable , consecutive operations ;
and a digital to analog converter for converting the decompressed , decrypted AV data from said microprocessor to AV signals corresponding to said AV data ;
and display means for displaying said AV signals .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (memory location) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		US6044157A
CLAIM 13 . A system for reading and displaying AV signals from a medium storing AV data while inhibiting unauthorized reproduction of AV data stored on said medium comprising : an AV reading unit for reading said AV data from said medium , said AV reading unit encrypting said AV data and storing control information in an unencrypted state ;
a microprocessor connected to said AV reading unit and receiving said encrypted AV data and said control information , said microprocessor adapted to write the encrypted AV data to a memory location (executable instructions, executable instruction, decryption instructions, memory location) connected to said microprocessor , and said microprocessor upon a request to extract said stored encrypted AV data further adapted to a) read said compressed AV data from said memory , b) decrypt said compressed AV data , and c) decompress said compressed AV data in a series of inseparable , consecutive operations ;
and a digital to analog converter for converting the decompressed , decrypted AV data from said microprocessor to AV signals corresponding to said AV data ;
and display means for displaying said AV signals .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (memory location) . 		US6044157A
CLAIM 13 . A system for reading and displaying AV signals from a medium storing AV data while inhibiting unauthorized reproduction of AV data stored on said medium comprising : an AV reading unit for reading said AV data from said medium , said AV reading unit encrypting said AV data and storing control information in an unencrypted state ;
a microprocessor connected to said AV reading unit and receiving said encrypted AV data and said control information , said microprocessor adapted to write the encrypted AV data to a memory location (executable instructions, executable instruction, decryption instructions, memory location) connected to said microprocessor , and said microprocessor upon a request to extract said stored encrypted AV data further adapted to a) read said compressed AV data from said memory , b) decrypt said compressed AV data , and c) decompress said compressed AV data in a series of inseparable , consecutive operations ;
and a digital to analog converter for converting the decompressed , decrypted AV data from said microprocessor to AV signals corresponding to said AV data ;
and display means for displaying said AV signals .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions (memory location) and conversion code with a start point at a memory location (memory location) indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US6044157A
CLAIM 13 . A system for reading and displaying AV signals from a medium storing AV data while inhibiting unauthorized reproduction of AV data stored on said medium comprising : an AV reading unit for reading said AV data from said medium , said AV reading unit encrypting said AV data and storing control information in an unencrypted state ;
a microprocessor connected to said AV reading unit and receiving said encrypted AV data and said control information , said microprocessor adapted to write the encrypted AV data to a memory location (executable instructions, executable instruction, decryption instructions, memory location) connected to said microprocessor , and said microprocessor upon a request to extract said stored encrypted AV data further adapted to a) read said compressed AV data from said memory , b) decrypt said compressed AV data , and c) decompress said compressed AV data in a series of inseparable , consecutive operations ;
and a digital to analog converter for converting the decompressed , decrypted AV data from said microprocessor to AV signals corresponding to said AV data ;
and display means for displaying said AV signals .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 18 . 		US6044157A
CLAIM 3 . An image information processing system as recited in claim 2 comprising : an AV data read apparatus for reading digital data (digital data) from an external medium , encrypting the digital data if the digital data is compressed AV data , and outputting the encrypted compressed AV data ;
an AV output apparatus for receiving image data and voice data , converting the image data and voice data respectively into an image signal and a voice signal , and displaying an image and outputting a voice ;
a control apparatus , comprising the microprocessor and the memory for converting the encrypted compressed AV data output from the AV data read apparatus into the image data and the voice data and transferring the image data and the voice data to the AV output apparatus .

US7162735B2
CLAIM 29 . A digital data (digital data) arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction (memory location) which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US6044157A
CLAIM 3 . An image information processing system as recited in claim 2 comprising : an AV data read apparatus for reading digital data (digital data) from an external medium , encrypting the digital data if the digital data is compressed AV data , and outputting the encrypted compressed AV data ;
an AV output apparatus for receiving image data and voice data , converting the image data and voice data respectively into an image signal and a voice signal , and displaying an image and outputting a voice ;
a control apparatus , comprising the microprocessor and the memory for converting the encrypted compressed AV data output from the AV data read apparatus into the image data and the voice data and transferring the image data and the voice data to the AV output apparatus .

US6044157A
CLAIM 13 . A system for reading and displaying AV signals from a medium storing AV data while inhibiting unauthorized reproduction of AV data stored on said medium comprising : an AV reading unit for reading said AV data from said medium , said AV reading unit encrypting said AV data and storing control information in an unencrypted state ;
a microprocessor connected to said AV reading unit and receiving said encrypted AV data and said control information , said microprocessor adapted to write the encrypted AV data to a memory location (executable instructions, executable instruction, decryption instructions, memory location) connected to said microprocessor , and said microprocessor upon a request to extract said stored encrypted AV data further adapted to a) read said compressed AV data from said memory , b) decrypt said compressed AV data , and c) decompress said compressed AV data in a series of inseparable , consecutive operations ;
and a digital to analog converter for converting the decompressed , decrypted AV data from said microprocessor to AV signals corresponding to said AV data ;
and display means for displaying said AV signals .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 29 . 		US6044157A
CLAIM 3 . An image information processing system as recited in claim 2 comprising : an AV data read apparatus for reading digital data (digital data) from an external medium , encrypting the digital data if the digital data is compressed AV data , and outputting the encrypted compressed AV data ;
an AV output apparatus for receiving image data and voice data , converting the image data and voice data respectively into an image signal and a voice signal , and displaying an image and outputting a voice ;
a control apparatus , comprising the microprocessor and the memory for converting the encrypted compressed AV data output from the AV data read apparatus into the image data and the voice data and transferring the image data and the voice data to the AV output apparatus .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code is executable to create the steps on each occasion that the executable instruction (memory location) is to be executed . 		US6044157A
CLAIM 13 . A system for reading and displaying AV signals from a medium storing AV data while inhibiting unauthorized reproduction of AV data stored on said medium comprising : an AV reading unit for reading said AV data from said medium , said AV reading unit encrypting said AV data and storing control information in an unencrypted state ;
a microprocessor connected to said AV reading unit and receiving said encrypted AV data and said control information , said microprocessor adapted to write the encrypted AV data to a memory location (executable instructions, executable instruction, decryption instructions, memory location) connected to said microprocessor , and said microprocessor upon a request to extract said stored encrypted AV data further adapted to a) read said compressed AV data from said memory , b) decrypt said compressed AV data , and c) decompress said compressed AV data in a series of inseparable , consecutive operations ;
and a digital to analog converter for converting the decompressed , decrypted AV data from said microprocessor to AV signals corresponding to said AV data ;
and display means for displaying said AV signals .

US7162735B2
CLAIM 34 . A digital data (digital data) arrangement comprising executable code executable to create a first part (control program) of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US6044157A
CLAIM 3 . An image information processing system as recited in claim 2 comprising : an AV data read apparatus for reading digital data (digital data) from an external medium , encrypting the digital data if the digital data is compressed AV data , and outputting the encrypted compressed AV data ;
an AV output apparatus for receiving image data and voice data , converting the image data and voice data respectively into an image signal and a voice signal , and displaying an image and outputting a voice ;
a control apparatus , comprising the microprocessor and the memory for converting the encrypted compressed AV data output from the AV data read apparatus into the image data and the voice data and transferring the image data and the voice data to the AV output apparatus .

US6044157A
CLAIM 9 . An image information processing system comprising : a first storage means for storing a reproduction control program (first part) for reproducing compressed AV data , wherein the reproduction control program includes a set of encrypted instructions and a set of not-encrypted instructions , wherein each of the encrypted instructions includes an instruction for dealing with the compressed AV data and each of the not-encrypted instructions includes a call instruction for moving an execution control to an encrypted instruction ;
and a microprocessor which comprises execute means for executing an instruction stored in the first storage means , wherein the execute means comprises : an execution prohibit unit for prohibiting the call instruction from being executed based on a signature code included in the call instruction ;
and a decrypt unit for decrypting the set of encrypted instructions before the set of encrypted instructions are executed .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 34 . 		US6044157A
CLAIM 3 . An image information processing system as recited in claim 2 comprising : an AV data read apparatus for reading digital data (digital data) from an external medium , encrypting the digital data if the digital data is compressed AV data , and outputting the encrypted compressed AV data ;
an AV output apparatus for receiving image data and voice data , converting the image data and voice data respectively into an image signal and a voice signal , and displaying an image and outputting a voice ;
a control apparatus , comprising the microprocessor and the memory for converting the encrypted compressed AV data output from the AV data read apparatus into the image data and the voice data and transferring the image data and the voice data to the AV output apparatus .

US7162735B2
CLAIM 38 . A digital data (digital data) arrangement comprising protected code , security code and relocation code (said memory) , wherein : the protected code comprises at least one call instruction (call instruction) to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US6044157A
CLAIM 3 . An image information processing system as recited in claim 2 comprising : an AV data read apparatus for reading digital data (digital data) from an external medium , encrypting the digital data if the digital data is compressed AV data , and outputting the encrypted compressed AV data ;
an AV output apparatus for receiving image data and voice data , converting the image data and voice data respectively into an image signal and a voice signal , and displaying an image and outputting a voice ;
a control apparatus , comprising the microprocessor and the memory for converting the encrypted compressed AV data output from the AV data read apparatus into the image data and the voice data and transferring the image data and the voice data to the AV output apparatus .

US6044157A
CLAIM 9 . An image information processing system comprising : a first storage means for storing a reproduction control program for reproducing compressed AV data , wherein the reproduction control program includes a set of encrypted instructions and a set of not-encrypted instructions , wherein each of the encrypted instructions includes an instruction for dealing with the compressed AV data and each of the not-encrypted instructions includes a call instruction (call instruction) for moving an execution control to an encrypted instruction ;
and a microprocessor which comprises execute means for executing an instruction stored in the first storage means , wherein the execute means comprises : an execution prohibit unit for prohibiting the call instruction from being executed based on a signature code included in the call instruction ;
and a decrypt unit for decrypting the set of encrypted instructions before the set of encrypted instructions are executed .

US6044157A
CLAIM 13 . A system for reading and displaying AV signals from a medium storing AV data while inhibiting unauthorized reproduction of AV data stored on said medium comprising : an AV reading unit for reading said AV data from said medium , said AV reading unit encrypting said AV data and storing control information in an unencrypted state ;
a microprocessor connected to said AV reading unit and receiving said encrypted AV data and said control information , said microprocessor adapted to write the encrypted AV data to a memory location connected to said microprocessor , and said microprocessor upon a request to extract said stored encrypted AV data further adapted to a) read said compressed AV data from said memory (relocation code) , b) decrypt said compressed AV data , and c) decompress said compressed AV data in a series of inseparable , consecutive operations ;
and a digital to analog converter for converting the decompressed , decrypted AV data from said microprocessor to AV signals corresponding to said AV data ;
and display means for displaying said AV signals .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction (call instruction) , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US6044157A
CLAIM 9 . An image information processing system comprising : a first storage means for storing a reproduction control program for reproducing compressed AV data , wherein the reproduction control program includes a set of encrypted instructions and a set of not-encrypted instructions , wherein each of the encrypted instructions includes an instruction for dealing with the compressed AV data and each of the not-encrypted instructions includes a call instruction (call instruction) for moving an execution control to an encrypted instruction ;
and a microprocessor which comprises execute means for executing an instruction stored in the first storage means , wherein the execute means comprises : an execution prohibit unit for prohibiting the call instruction from being executed based on a signature code included in the call instruction ;
and a decrypt unit for decrypting the set of encrypted instructions before the set of encrypted instructions are executed .

US6044157A
CLAIM 13 . A system for reading and displaying AV signals from a medium storing AV data while inhibiting unauthorized reproduction of AV data stored on said medium comprising : an AV reading unit for reading said AV data from said medium , said AV reading unit encrypting said AV data and storing control information in an unencrypted state ;
a microprocessor connected to said AV reading unit and receiving said encrypted AV data and said control information , said microprocessor adapted to write the encrypted AV data to a memory location connected to said microprocessor , and said microprocessor upon a request to extract said stored encrypted AV data further adapted to a) read said compressed AV data from said memory (relocation code) , b) decrypt said compressed AV data , and c) decompress said compressed AV data in a series of inseparable , consecutive operations ;
and a digital to analog converter for converting the decompressed , decrypted AV data from said microprocessor to AV signals corresponding to said AV data ;
and display means for displaying said AV signals .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 38 . 		US6044157A
CLAIM 3 . An image information processing system as recited in claim 2 comprising : an AV data read apparatus for reading digital data (digital data) from an external medium , encrypting the digital data if the digital data is compressed AV data , and outputting the encrypted compressed AV data ;
an AV output apparatus for receiving image data and voice data , converting the image data and voice data respectively into an image signal and a voice signal , and displaying an image and outputting a voice ;
a control apparatus , comprising the microprocessor and the memory for converting the encrypted compressed AV data output from the AV data read apparatus into the image data and the voice data and transferring the image data and the voice data to the AV output apparatus .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6049875A

Filed: 1997-02-28     Issued: 2000-04-11

Security apparatus and method

(Original Assignee) Toshiba Corp     (Current Assignee) Toshiba Corp

Kaoru Suzuki, Kazuhiro Fukui, Hisashi Kazama, Osamu Yamaguchi, Eiji Tanaka, Yasuhiro Taniguchi
US7162735B2
CLAIM 1 . Computer software (readable instructions) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key (security method) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US6049875A
CLAIM 15 . A security method (conversion key) associated with supplying a service to a user in a service use area surrounding the user , comprising the steps of : continuously inputting an image to monitor the service use area ;
continuously recognizing a person in the input image ;
registering the person as a user allowed to use the service if the person is recognized as an authorized user ;
supplying the service to the authorized user ;
deciding that the user is not under a situation to use the service in case the user is not recognized in the input image ;
deciding that a security of the service use area is infringed in case at least one person other than the authorized user is recognized in the input image ;
and controlling the supply of the service if the user is not under the situation to use the service or if the security of the service use area is infringed .

US6049875A
CLAIM 16 . A computer readable memory containing computer-readable instructions (Computer software) to supply a service to a user in a service use area surrounding the user , comprising : instruction means for causing a computer to continuously input an image to monitor the service use area ;
instruction means for causing a computer to continuously recognize a person in the input image ;
instruction means for causing a computer to register the person as a user allowed to use the service if the person is recognized as an authorized user ;
instruction means for causing a computer to supply the service to the authorized user ;
instruction means for causing a computer to decide that the user is not under a situation to use the service in case the user is not recognized in the input image ;
instruction means for causing a computer to decide that a security of the service use area is infringed in case at least one person other than the authorized user is recognized in the input image ;
and instruction means for causing a computer to control a supply of the service if the user is not under the situation to use the service or if the security of the service use area is infringed .

US7162735B2
CLAIM 7 . Computer software (readable instructions) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6049875A
CLAIM 16 . A computer readable memory containing computer-readable instructions (Computer software) to supply a service to a user in a service use area surrounding the user , comprising : instruction means for causing a computer to continuously input an image to monitor the service use area ;
instruction means for causing a computer to continuously recognize a person in the input image ;
instruction means for causing a computer to register the person as a user allowed to use the service if the person is recognized as an authorized user ;
instruction means for causing a computer to supply the service to the authorized user ;
instruction means for causing a computer to decide that the user is not under a situation to use the service in case the user is not recognized in the input image ;
instruction means for causing a computer to decide that a security of the service use area is infringed in case at least one person other than the authorized user is recognized in the input image ;
and instruction means for causing a computer to control a supply of the service if the user is not under the situation to use the service or if the security of the service use area is infringed .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key (security method) from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US6049875A
CLAIM 15 . A security method (conversion key) associated with supplying a service to a user in a service use area surrounding the user , comprising the steps of : continuously inputting an image to monitor the service use area ;
continuously recognizing a person in the input image ;
registering the person as a user allowed to use the service if the person is recognized as an authorized user ;
supplying the service to the authorized user ;
deciding that the user is not under a situation to use the service in case the user is not recognized in the input image ;
deciding that a security of the service use area is infringed in case at least one person other than the authorized user is recognized in the input image ;
and controlling the supply of the service if the user is not under the situation to use the service or if the security of the service use area is infringed .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (security method) derived from a respective target block . 		US6049875A
CLAIM 15 . A security method (conversion key) associated with supplying a service to a user in a service use area surrounding the user , comprising the steps of : continuously inputting an image to monitor the service use area ;
continuously recognizing a person in the input image ;
registering the person as a user allowed to use the service if the person is recognized as an authorized user ;
supplying the service to the authorized user ;
deciding that the user is not under a situation to use the service in case the user is not recognized in the input image ;
deciding that a security of the service use area is infringed in case at least one person other than the authorized user is recognized in the input image ;
and controlling the supply of the service if the user is not under the situation to use the service or if the security of the service use area is infringed .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5933640A

Filed: 1997-02-26     Issued: 1999-08-03

Method for analyzing and presenting test execution flows of programs

(Original Assignee) Digital Equipment Corp     (Current Assignee) Hewlett Packard Enterprise Development LP

Jeremy Dion
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code (executable code) which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5933640A
CLAIM 7 . The method of claim 1 further comprising : instrumenting a machine executable code (executable code) representation the program .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code (executable code) , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5933640A
CLAIM 7 . The method of claim 1 further comprising : instrumenting a machine executable code (executable code) representation the program .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code (executable code) stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		US5933640A
CLAIM 7 . The method of claim 1 further comprising : instrumenting a machine executable code (executable code) representation the program .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code (executable code) and/or a data file . 		US5933640A
CLAIM 7 . The method of claim 1 further comprising : instrumenting a machine executable code (executable code) representation the program .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (control instructions) will cause the executable conversion code to be executed when seeking to access the protected data . 		US5933640A
CLAIM 3 . The method of claim 2 further comprising : selecting first unexecuted destination points that are targets of executed flow control instructions (processor means) .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code (executable code) executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5933640A
CLAIM 7 . The method of claim 1 further comprising : instrumenting a machine executable code (executable code) representation the program .

US7162735B2
CLAIM 32 . The arrangement of claim 29 , wherein the steps include at least one step which initiates operation of security means operable to detect corruption (procedure calls) of the protected data . 		US5933640A
CLAIM 4 . The method of claim 2 further comprising : selecting second unexecuted destination points that are targets of indirect procedure calls (security means operable to detect corruption) .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code (executable code) is executable to create the steps on each occasion that the executable instruction is to be executed . 		US5933640A
CLAIM 7 . The method of claim 1 further comprising : instrumenting a machine executable code (executable code) representation the program .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code (executable code) executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5933640A
CLAIM 7 . The method of claim 1 further comprising : instrumenting a machine executable code (executable code) representation the program .

US7162735B2
CLAIM 36 . The arrangement of claim 34 , wherein the executable code (executable code) is executable to create corrupt data in addition to each part of protected code . 		US5933640A
CLAIM 7 . The method of claim 1 further comprising : instrumenting a machine executable code (executable code) representation the program .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code (executable code) and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5933640A
CLAIM 7 . The method of claim 1 further comprising : instrumenting a machine executable code (executable code) representation the program .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6044220A

Filed: 1997-02-25     Issued: 2000-03-28

Method and apparatus for operating a data processor to execute software written using a foreign instruction set

(Original Assignee) Motorola Solutions Inc     (Current Assignee) NXP USA Inc

Mauricio Breternitz, Jr.
US7162735B2
CLAIM 1 . Computer software (readable instructions) operable to provide protection for a second item of computer software (machine readable medium) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US6044220A
CLAIM 1 . A software system for operating a data processor with a native mode of instructions to execute a plurality of foreign instructions , said software system comprising : A) a set of computer instructions for fetching a first foreign instruction and a subsequent second foreign instruction , B) a set of computer instructions for determining whether a translation in a hash table exists for a sequence of said first and second foreign instructions , wherein said translation comprises at least one native instruction an execution of which is equivalent to an execution of said first and second foreign instructions , C) a set of computer instructions for selectively creating a new translation for said first and second foreign instructions and adding said new translation to said hash table if said translation does not exist , D) a set of computer instructions for executing said new translation , and E) a machine readable medium (computer software) containing the sets A-D of computer readable instructions (Computer software) encoded in a machine readable format .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (machine readable medium) in accordance with claim 1 . 		US6044220A
CLAIM 1 . A software system for operating a data processor with a native mode of instructions to execute a plurality of foreign instructions , said software system comprising : A) a set of computer instructions for fetching a first foreign instruction and a subsequent second foreign instruction , B) a set of computer instructions for determining whether a translation in a hash table exists for a sequence of said first and second foreign instructions , wherein said translation comprises at least one native instruction an execution of which is equivalent to an execution of said first and second foreign instructions , C) a set of computer instructions for selectively creating a new translation for said first and second foreign instructions and adding said new translation to said hash table if said translation does not exist , D) a set of computer instructions for executing said new translation , and E) a machine readable medium (computer software) containing the sets A-D of computer readable instructions encoded in a machine readable format .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (machine readable medium) protected by means of computer software in accordance with claim 1 . 		US6044220A
CLAIM 1 . A software system for operating a data processor with a native mode of instructions to execute a plurality of foreign instructions , said software system comprising : A) a set of computer instructions for fetching a first foreign instruction and a subsequent second foreign instruction , B) a set of computer instructions for determining whether a translation in a hash table exists for a sequence of said first and second foreign instructions , wherein said translation comprises at least one native instruction an execution of which is equivalent to an execution of said first and second foreign instructions , C) a set of computer instructions for selectively creating a new translation for said first and second foreign instructions and adding said new translation to said hash table if said translation does not exist , D) a set of computer instructions for executing said new translation , and E) a machine readable medium (computer software) containing the sets A-D of computer readable instructions encoded in a machine readable format .

US7162735B2
CLAIM 7 . Computer software (readable instructions) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6044220A
CLAIM 1 . A software system for operating a data processor with a native mode of instructions to execute a plurality of foreign instructions , said software system comprising : A) a set of computer instructions for fetching a first foreign instruction and a subsequent second foreign instruction , B) a set of computer instructions for determining whether a translation in a hash table exists for a sequence of said first and second foreign instructions , wherein said translation comprises at least one native instruction an execution of which is equivalent to an execution of said first and second foreign instructions , C) a set of computer instructions for selectively creating a new translation for said first and second foreign instructions and adding said new translation to said hash table if said translation does not exist , D) a set of computer instructions for executing said new translation , and E) a machine readable medium containing the sets A-D of computer readable instructions (Computer software) encoded in a machine readable format .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (processing unit) will cause the executable conversion code to be executed when seeking to access the protected data . 		US6044220A
CLAIM 8 . A data processing system capable of executing a plurality of foreign instructions comprising a central processing unit (processor means) adapted to execute a native mode instruction set and an instruction path coprocessor coupled to the central processing unit which provides native instructions to the central processing unit in response to said central processing unit initiating an instruction fetch on a foreign instruction , the improvement wherein : the instruction path coprocessor includes a hash table ;
and the instruction path coprocessor selectively translates consecutive first and second foreign instructions into a new translation , wherein said new translation comprises at least one native instruction an execution of which is equivalent to an execution of said first and second foreign instructions , stores said new translation in said hash table , and thereafter provides said at least one native instruction to said central processing unit in response to said central processing unit initiating consecutive fetches of said first and second foreign instructions .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6029145A

Filed: 1997-01-06     Issued: 2000-02-22

Software license verification process and apparatus

(Original Assignee) Isogon Corp     (Current Assignee) International Business Machines Corp

Robert Barritz, Peter Kasson
US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US6029145A
CLAIM 32 . Apparatus for software license verification at plural , discrete computer sites , the apparatus comprising : a central computer for communicating with the plural , discrete computer sites which are remote to the central computer ;
each computer site including : means for reporting events on a computer system (computer system) relating to a product , the product being associated with at least one module , said means comprising : a . memory means ;
b . means for detecting an event relating to a module , said detecting means detecting said event other than by indication from said module ;
c . means for obtaining event information relating to said event ;
d . means for recording said event information in said memory means ;
e . means for correlating said event information stored in said memory means and the product associated with said event ;
f . means for transmitting , to said central computer , said correlated data ;
said central computer including : a correlating program which receives local reports from the plural discrete computer sites and collates and orders information in the local reports into data packets formed on the basis of vendors of the at least one software product ;
and a central reporting program for communicating with vendors and reporting to vendors usage of software products at the plural discrete computer sites which are licensed by the vendors .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction (ordering information) with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US6029145A
CLAIM 15 . Method for proprietary product usage verification and reporting at plural , discrete computer sites , the method comprising : providing a central computer for communicating with the plural discrete computer sites which are remote to the central computer ;
providing at each computer site : a . a memory and at least one proprietary product stored in the memory ;
b . a monitoring program that monitors invocations of the at least one proprietary product at the discrete computer sites ;
and c . a reporting program that transmits , to said central computer , a local report which quantifies the usage of the at least one proprietary product at the discrete computer site ;
correlating , at the central computer , the local reports received from the plural discrete computer sites and collating and ordering information (call instruction) contained in the local reports into data packets formed on the basis of vendors of the at least one proprietary product ;
and forming , at the central computer , a central report which communicates to the vendors and reports usage of proprietary products at the plural discrete computer site which are licensed by the vendors .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US6029145A
CLAIM 32 . Apparatus for software license verification at plural , discrete computer sites , the apparatus comprising : a central computer for communicating with the plural , discrete computer sites which are remote to the central computer ;
each computer site including : means for reporting events on a computer system (computer system) relating to a product , the product being associated with at least one module , said means comprising : a . memory means ;
b . means for detecting an event relating to a module , said detecting means detecting said event other than by indication from said module ;
c . means for obtaining event information relating to said event ;
d . means for recording said event information in said memory means ;
e . means for correlating said event information stored in said memory means and the product associated with said event ;
f . means for transmitting , to said central computer , said correlated data ;
said central computer including : a correlating program which receives local reports from the plural discrete computer sites and collates and orders information in the local reports into data packets formed on the basis of vendors of the at least one software product ;
and a central reporting program for communicating with vendors and reporting to vendors usage of software products at the plural discrete computer sites which are licensed by the vendors .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6029145A
CLAIM 32 . Apparatus for software license verification at plural , discrete computer sites , the apparatus comprising : a central computer for communicating with the plural , discrete computer sites which are remote to the central computer ;
each computer site including : means for reporting events on a computer system (computer system) relating to a product , the product being associated with at least one module , said means comprising : a . memory means ;
b . means for detecting an event relating to a module , said detecting means detecting said event other than by indication from said module ;
c . means for obtaining event information relating to said event ;
d . means for recording said event information in said memory means ;
e . means for correlating said event information stored in said memory means and the product associated with said event ;
f . means for transmitting , to said central computer , said correlated data ;
said central computer including : a correlating program which receives local reports from the plural discrete computer sites and collates and orders information in the local reports into data packets formed on the basis of vendors of the at least one software product ;
and a central reporting program for communicating with vendors and reporting to vendors usage of software products at the plural discrete computer sites which are licensed by the vendors .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6029145A
CLAIM 32 . Apparatus for software license verification at plural , discrete computer sites , the apparatus comprising : a central computer for communicating with the plural , discrete computer sites which are remote to the central computer ;
each computer site including : means for reporting events on a computer system (computer system) relating to a product , the product being associated with at least one module , said means comprising : a . memory means ;
b . means for detecting an event relating to a module , said detecting means detecting said event other than by indication from said module ;
c . means for obtaining event information relating to said event ;
d . means for recording said event information in said memory means ;
e . means for correlating said event information stored in said memory means and the product associated with said event ;
f . means for transmitting , to said central computer , said correlated data ;
said central computer including : a correlating program which receives local reports from the plural discrete computer sites and collates and orders information in the local reports into data packets formed on the basis of vendors of the at least one software product ;
and a central reporting program for communicating with vendors and reporting to vendors usage of software products at the plural discrete computer sites which are licensed by the vendors .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction (ordering information) and the security code , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US6029145A
CLAIM 15 . Method for proprietary product usage verification and reporting at plural , discrete computer sites , the method comprising : providing a central computer for communicating with the plural discrete computer sites which are remote to the central computer ;
providing at each computer site : a . a memory and at least one proprietary product stored in the memory ;
b . a monitoring program that monitors invocations of the at least one proprietary product at the discrete computer sites ;
and c . a reporting program that transmits , to said central computer , a local report which quantifies the usage of the at least one proprietary product at the discrete computer site ;
correlating , at the central computer , the local reports received from the plural discrete computer sites and collating and ordering information (call instruction) contained in the local reports into data packets formed on the basis of vendors of the at least one proprietary product ;
and forming , at the central computer , a central report which communicates to the vendors and reports usage of proprietary products at the plural discrete computer site which are licensed by the vendors .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code and to modify the call instruction (ordering information) to refer to the new location . 		US6029145A
CLAIM 15 . Method for proprietary product usage verification and reporting at plural , discrete computer sites , the method comprising : providing a central computer for communicating with the plural discrete computer sites which are remote to the central computer ;
providing at each computer site : a . a memory and at least one proprietary product stored in the memory ;
b . a monitoring program that monitors invocations of the at least one proprietary product at the discrete computer sites ;
and c . a reporting program that transmits , to said central computer , a local report which quantifies the usage of the at least one proprietary product at the discrete computer site ;
correlating , at the central computer , the local reports received from the plural discrete computer sites and collating and ordering information (call instruction) contained in the local reports into data packets formed on the basis of vendors of the at least one proprietary product ;
and forming , at the central computer , a central report which communicates to the vendors and reports usage of proprietary products at the plural discrete computer site which are licensed by the vendors .

US6029145A
CLAIM 31 . Apparatus for software license verification at plural , discrete computer sites , the apparatus comprising : a central computer for communicating with the plural , discrete computer sites which are remote to the central computer ;
each computer site including at least one storage device and further including : a . memory means having both a list of program module names of program modules and for each of said program module names a product name associated therewith stored therein ;
b . surveying means that surveys the storage devices and stores in said memory (relocation code) means module names of modules stored on said at least one storage device ;
c . associating means that stores in said memory means an association between the product names stored in said memory means and each of said module names stored in said memory means ;
d . monitoring means that monitors invocations of said modules on said computer and stores in said memory means invocation data relating to said invocations of said modules ;
e . correlating means that correlates said invocation data stored in said memory means and said association between the product names and each of said module names stored in said memory means ;
and f . reporting means that transmits , to said central computer , the data correlated by said correlating means ;
said central computer including : a correlating program which receives local reports from the plural discrete computer sites and collates and orders information in the local reports into data packets formed on the basis of vendors of the at least one software product ;
and a central reporting program for communicating with vendors and reporting to vendors usage of software products at the plural discrete computer sites which are licensed by the vendors .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US6029145A
CLAIM 31 . Apparatus for software license verification at plural , discrete computer sites , the apparatus comprising : a central computer for communicating with the plural , discrete computer sites which are remote to the central computer ;
each computer site including at least one storage device and further including : a . memory means having both a list of program module names of program modules and for each of said program module names a product name associated therewith stored therein ;
b . surveying means that surveys the storage devices and stores in said memory (relocation code) means module names of modules stored on said at least one storage device ;
c . associating means that stores in said memory means an association between the product names stored in said memory means and each of said module names stored in said memory means ;
d . monitoring means that monitors invocations of said modules on said computer and stores in said memory means invocation data relating to said invocations of said modules ;
e . correlating means that correlates said invocation data stored in said memory means and said association between the product names and each of said module names stored in said memory means ;
and f . reporting means that transmits , to said central computer , the data correlated by said correlating means ;
said central computer including : a correlating program which receives local reports from the plural discrete computer sites and collates and orders information in the local reports into data packets formed on the basis of vendors of the at least one software product ;
and a central reporting program for communicating with vendors and reporting to vendors usage of software products at the plural discrete computer sites which are licensed by the vendors .

US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (main storage) for decryption . 		US6029145A
CLAIM 42 . Apparatus as claimed in claim 32 , wherein said event information includes the name of at least one of : a name associated with said module , a volume associated with said module , a computer system associated with said event , a user associated with said event , a job associated with said event , a library from which said module was obtained , and an area of main storage (executable instructions) from which said module was obtained .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US6029145A
CLAIM 32 . Apparatus for software license verification at plural , discrete computer sites , the apparatus comprising : a central computer for communicating with the plural , discrete computer sites which are remote to the central computer ;
each computer site including : means for reporting events on a computer system (computer system) relating to a product , the product being associated with at least one module , said means comprising : a . memory means ;
b . means for detecting an event relating to a module , said detecting means detecting said event other than by indication from said module ;
c . means for obtaining event information relating to said event ;
d . means for recording said event information in said memory means ;
e . means for correlating said event information stored in said memory means and the product associated with said event ;
f . means for transmitting , to said central computer , said correlated data ;
said central computer including : a correlating program which receives local reports from the plural discrete computer sites and collates and orders information in the local reports into data packets formed on the basis of vendors of the at least one software product ;
and a central reporting program for communicating with vendors and reporting to vendors usage of software products at the plural discrete computer sites which are licensed by the vendors .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US6029145A
CLAIM 32 . Apparatus for software license verification at plural , discrete computer sites , the apparatus comprising : a central computer for communicating with the plural , discrete computer sites which are remote to the central computer ;
each computer site including : means for reporting events on a computer system (computer system) relating to a product , the product being associated with at least one module , said means comprising : a . memory means ;
b . means for detecting an event relating to a module , said detecting means detecting said event other than by indication from said module ;
c . means for obtaining event information relating to said event ;
d . means for recording said event information in said memory means ;
e . means for correlating said event information stored in said memory means and the product associated with said event ;
f . means for transmitting , to said central computer , said correlated data ;
said central computer including : a correlating program which receives local reports from the plural discrete computer sites and collates and orders information in the local reports into data packets formed on the basis of vendors of the at least one software product ;
and a central reporting program for communicating with vendors and reporting to vendors usage of software products at the plural discrete computer sites which are licensed by the vendors .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US6029145A
CLAIM 32 . Apparatus for software license verification at plural , discrete computer sites , the apparatus comprising : a central computer for communicating with the plural , discrete computer sites which are remote to the central computer ;
each computer site including : means for reporting events on a computer system (computer system) relating to a product , the product being associated with at least one module , said means comprising : a . memory means ;
b . means for detecting an event relating to a module , said detecting means detecting said event other than by indication from said module ;
c . means for obtaining event information relating to said event ;
d . means for recording said event information in said memory means ;
e . means for correlating said event information stored in said memory means and the product associated with said event ;
f . means for transmitting , to said central computer , said correlated data ;
said central computer including : a correlating program which receives local reports from the plural discrete computer sites and collates and orders information in the local reports into data packets formed on the basis of vendors of the at least one software product ;
and a central reporting program for communicating with vendors and reporting to vendors usage of software products at the plural discrete computer sites which are licensed by the vendors .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code (said memory) , wherein : the protected code comprises at least one call instruction (ordering information) to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US6029145A
CLAIM 15 . Method for proprietary product usage verification and reporting at plural , discrete computer sites , the method comprising : providing a central computer for communicating with the plural discrete computer sites which are remote to the central computer ;
providing at each computer site : a . a memory and at least one proprietary product stored in the memory ;
b . a monitoring program that monitors invocations of the at least one proprietary product at the discrete computer sites ;
and c . a reporting program that transmits , to said central computer , a local report which quantifies the usage of the at least one proprietary product at the discrete computer site ;
correlating , at the central computer , the local reports received from the plural discrete computer sites and collating and ordering information (call instruction) contained in the local reports into data packets formed on the basis of vendors of the at least one proprietary product ;
and forming , at the central computer , a central report which communicates to the vendors and reports usage of proprietary products at the plural discrete computer site which are licensed by the vendors .

US6029145A
CLAIM 31 . Apparatus for software license verification at plural , discrete computer sites , the apparatus comprising : a central computer for communicating with the plural , discrete computer sites which are remote to the central computer ;
each computer site including at least one storage device and further including : a . memory means having both a list of program module names of program modules and for each of said program module names a product name associated therewith stored therein ;
b . surveying means that surveys the storage devices and stores in said memory (relocation code) means module names of modules stored on said at least one storage device ;
c . associating means that stores in said memory means an association between the product names stored in said memory means and each of said module names stored in said memory means ;
d . monitoring means that monitors invocations of said modules on said computer and stores in said memory means invocation data relating to said invocations of said modules ;
e . correlating means that correlates said invocation data stored in said memory means and said association between the product names and each of said module names stored in said memory means ;
and f . reporting means that transmits , to said central computer , the data correlated by said correlating means ;
said central computer including : a correlating program which receives local reports from the plural discrete computer sites and collates and orders information in the local reports into data packets formed on the basis of vendors of the at least one software product ;
and a central reporting program for communicating with vendors and reporting to vendors usage of software products at the plural discrete computer sites which are licensed by the vendors .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction (ordering information) , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US6029145A
CLAIM 15 . Method for proprietary product usage verification and reporting at plural , discrete computer sites , the method comprising : providing a central computer for communicating with the plural discrete computer sites which are remote to the central computer ;
providing at each computer site : a . a memory and at least one proprietary product stored in the memory ;
b . a monitoring program that monitors invocations of the at least one proprietary product at the discrete computer sites ;
and c . a reporting program that transmits , to said central computer , a local report which quantifies the usage of the at least one proprietary product at the discrete computer site ;
correlating , at the central computer , the local reports received from the plural discrete computer sites and collating and ordering information (call instruction) contained in the local reports into data packets formed on the basis of vendors of the at least one proprietary product ;
and forming , at the central computer , a central report which communicates to the vendors and reports usage of proprietary products at the plural discrete computer site which are licensed by the vendors .

US6029145A
CLAIM 31 . Apparatus for software license verification at plural , discrete computer sites , the apparatus comprising : a central computer for communicating with the plural , discrete computer sites which are remote to the central computer ;
each computer site including at least one storage device and further including : a . memory means having both a list of program module names of program modules and for each of said program module names a product name associated therewith stored therein ;
b . surveying means that surveys the storage devices and stores in said memory (relocation code) means module names of modules stored on said at least one storage device ;
c . associating means that stores in said memory means an association between the product names stored in said memory means and each of said module names stored in said memory means ;
d . monitoring means that monitors invocations of said modules on said computer and stores in said memory means invocation data relating to said invocations of said modules ;
e . correlating means that correlates said invocation data stored in said memory means and said association between the product names and each of said module names stored in said memory means ;
and f . reporting means that transmits , to said central computer , the data correlated by said correlating means ;
said central computer including : a correlating program which receives local reports from the plural discrete computer sites and collates and orders information in the local reports into data packets formed on the basis of vendors of the at least one software product ;
and a central reporting program for communicating with vendors and reporting to vendors usage of software products at the plural discrete computer sites which are licensed by the vendors .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US6029145A
CLAIM 32 . Apparatus for software license verification at plural , discrete computer sites , the apparatus comprising : a central computer for communicating with the plural , discrete computer sites which are remote to the central computer ;
each computer site including : means for reporting events on a computer system (computer system) relating to a product , the product being associated with at least one module , said means comprising : a . memory means ;
b . means for detecting an event relating to a module , said detecting means detecting said event other than by indication from said module ;
c . means for obtaining event information relating to said event ;
d . means for recording said event information in said memory means ;
e . means for correlating said event information stored in said memory means and the product associated with said event ;
f . means for transmitting , to said central computer , said correlated data ;
said central computer including : a correlating program which receives local reports from the plural discrete computer sites and collates and orders information in the local reports into data packets formed on the basis of vendors of the at least one software product ;
and a central reporting program for communicating with vendors and reporting to vendors usage of software products at the plural discrete computer sites which are licensed by the vendors .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5963642A

Filed: 1996-12-30     Issued: 1999-10-05

Method and apparatus for secure storage of data

(Original Assignee) Goldstein; Benjamin D.     (Current Assignee) LONG CORNER SECURITY LLC

Benjamin D. Goldstein
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form (base command) by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5963642A
CLAIM 8 . An apparatus as described in claim 7 wherein the server memory includes a database command (executable form, executable conversion, executable conversion code) storage buffer , and a database response storage buffer .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions (performing operations) to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5963642A
CLAIM 12 . An apparatus for secure storage of data comprising : a database having fully indexed data ;
a database mechanism for performing operations (call instructions, decryption instructions) on or with fully indexed data having index information which permits access and interpretation of the fully indexed data , said database mechanism connected to said database ;
and an access mechanism connected to the database mechanism for obtaining data from the database mechanism .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (performing operations) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion (base command) code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form (base command) by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5963642A
CLAIM 8 . An apparatus as described in claim 7 wherein the server memory includes a database command (executable form, executable conversion, executable conversion code) storage buffer , and a database response storage buffer .

US5963642A
CLAIM 12 . An apparatus for secure storage of data comprising : a database having fully indexed data ;
a database mechanism for performing operations (call instructions, decryption instructions) on or with fully indexed data having index information which permits access and interpretation of the fully indexed data , said database mechanism connected to said database ;
and an access mechanism connected to the database mechanism for obtaining data from the database mechanism .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (performing operations) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form (base command) . 		US5963642A
CLAIM 8 . An apparatus as described in claim 7 wherein the server memory includes a database command (executable form, executable conversion, executable conversion code) storage buffer , and a database response storage buffer .

US5963642A
CLAIM 12 . An apparatus for secure storage of data comprising : a database having fully indexed data ;
a database mechanism for performing operations (call instructions, decryption instructions) on or with fully indexed data having index information which permits access and interpretation of the fully indexed data , said database mechanism connected to said database ;
and an access mechanism connected to the database mechanism for obtaining data from the database mechanism .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion (obtaining data) key derived from a respective target block . 		US5963642A
CLAIM 1 . An apparatus for secure storage of data comprising : a database having a semantically encrypted store of data ;
a database mechanism for performing database operations with semantically encrypted data without requiring decryption of the data , said database mechanism connected with said database ;
and an access mechanism connected to the database mechanism for obtaining data (respective conversion) from the database mechanism .

US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form (base command) for subsequent execution . 		US5963642A
CLAIM 8 . An apparatus as described in claim 7 wherein the server memory includes a database command (executable form, executable conversion, executable conversion code) storage buffer , and a database response storage buffer .

US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form (base command) for subsequent execution . 		US5963642A
CLAIM 8 . An apparatus as described in claim 7 wherein the server memory includes a database command (executable form, executable conversion, executable conversion code) storage buffer , and a database response storage buffer .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (performing operations) . 		US5963642A
CLAIM 12 . An apparatus for secure storage of data comprising : a database having fully indexed data ;
a database mechanism for performing operations (call instructions, decryption instructions) on or with fully indexed data having index information which permits access and interpretation of the fully indexed data , said database mechanism connected to said database ;
and an access mechanism connected to the database mechanism for obtaining data from the database mechanism .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions (performing operations) and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion (base command) code to be executed when seeking to access the protected data . 		US5963642A
CLAIM 8 . An apparatus as described in claim 7 wherein the server memory includes a database command (executable form, executable conversion, executable conversion code) storage buffer , and a database response storage buffer .

US5963642A
CLAIM 12 . An apparatus for secure storage of data comprising : a database having fully indexed data ;
a database mechanism for performing operations (call instructions, decryption instructions) on or with fully indexed data having index information which permits access and interpretation of the fully indexed data , said database mechanism connected to said database ;
and an access mechanism connected to the database mechanism for obtaining data from the database mechanism .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions (performing operations) to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5963642A
CLAIM 12 . An apparatus for secure storage of data comprising : a database having fully indexed data ;
a database mechanism for performing operations (call instructions, decryption instructions) on or with fully indexed data having index information which permits access and interpretation of the fully indexed data , said database mechanism connected to said database ;
and an access mechanism connected to the database mechanism for obtaining data from the database mechanism .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6011908A

Filed: 1996-12-23     Issued: 2000-01-04

Gated store buffer for an advanced microprocessor

(Original Assignee) Transmeta Inc     (Current Assignee) Hanger Solutions LLC

Malcolm J. Wing, Godfrey P. D'Souza
US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions (first instruction) to the security code , and the security code , when executed , replaces a respective call instruction (holding data) (logic circuitry) with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US6011908A
CLAIM 1 . A buffer for controlling the storage in memory of data generated during execution of a sequence of instructions by a processor comprising : a plurality of storage locations each capable of holding data (call instruction) addressed to memory and the address of the data , means for transferring data generated by the operation of a processor to the storage locations as the data is generated until the sequence of instructions completes executing , means for identifying data in the buffer generated by a sequence of instructions which has not completed executing , means for detecting which is most recent data in the buffer directed to a particular memory address in response to a memory access , means for transferring data in the storage locations to memory after a sequence of instructions generating the stores has executed without generating an exception or an error , and means for eliminating memory stores in the storage locations when execution of a sequence of instructions generating the stores generates an exception or an error .

US6011908A
CLAIM 20 . Apparatus for use in a processing system having a host processor capable of executing a first instruction (executable instructions, call instructions, decryption instructions) set to assist in running instructions of a different instruction set which is translated to the first instruction set by the host processor comprising : a buffer including a segregated region for temporarily storing memory stores generated until a determination that a sequence of translated instructions will execute without exception or error on the host processor , logic circuitry (respective conversion, respective target, respective call instruction, respective conversion key) for detecting the most recent memory store to a particular memory address held in the buffer in response to an access of the memory address , draining circuitry for removing memory stores temporarily stored from the segregated portion and permanently storing the memory stores when a determination is made that a sequence of translated instructions will execute without exception or error on the host processor , and means for eliminating memory stores temporarily stored in the segregated portion of the buffer when a determination is made that a sequence of translated instructions will generate an exception or error on the host processor .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction (holding data) and the security code , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US6011908A
CLAIM 1 . A buffer for controlling the storage in memory of data generated during execution of a sequence of instructions by a processor comprising : a plurality of storage locations each capable of holding data (call instruction) addressed to memory and the address of the data , means for transferring data generated by the operation of a processor to the storage locations as the data is generated until the sequence of instructions completes executing , means for identifying data in the buffer generated by a sequence of instructions which has not completed executing , means for detecting which is most recent data in the buffer directed to a particular memory address in response to a memory access , means for transferring data in the storage locations to memory after a sequence of instructions generating the stores has executed without generating an exception or an error , and means for eliminating memory stores in the storage locations when execution of a sequence of instructions generating the stores generates an exception or an error .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code and to modify the call instruction (holding data) to refer to the new location . 		US6011908A
CLAIM 1 . A buffer for controlling the storage in memory of data generated during execution of a sequence of instructions by a processor comprising : a plurality of storage locations each capable of holding data (call instruction) addressed to memory and the address of the data , means for transferring data generated by the operation of a processor to the storage locations as the data is generated until the sequence of instructions completes executing , means for identifying data in the buffer generated by a sequence of instructions which has not completed executing , means for detecting which is most recent data in the buffer directed to a particular memory address in response to a memory access , means for transferring data in the storage locations to memory after a sequence of instructions generating the stores has executed without generating an exception or an error , and means for eliminating memory stores in the storage locations when execution of a sequence of instructions generating the stores generates an exception or an error .

US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (first instruction) for decryption . 		US6011908A
CLAIM 20 . Apparatus for use in a processing system having a host processor capable of executing a first instruction (executable instructions, call instructions, decryption instructions) set to assist in running instructions of a different instruction set which is translated to the first instruction set by the host processor comprising : a buffer including a segregated region for temporarily storing memory stores generated until a determination that a sequence of translated instructions will execute without exception or error on the host processor , logic circuitry for detecting the most recent memory store to a particular memory address held in the buffer in response to an access of the memory address , draining circuitry for removing memory stores temporarily stored from the segregated portion and permanently storing the memory stores when a determination is made that a sequence of translated instructions will execute without exception or error on the host processor , and means for eliminating memory stores temporarily stored in the segregated portion of the buffer when a determination is made that a sequence of translated instructions will generate an exception or error on the host processor .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (first instruction) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US6011908A
CLAIM 20 . Apparatus for use in a processing system having a host processor capable of executing a first instruction (executable instructions, call instructions, decryption instructions) set to assist in running instructions of a different instruction set which is translated to the first instruction set by the host processor comprising : a buffer including a segregated region for temporarily storing memory stores generated until a determination that a sequence of translated instructions will execute without exception or error on the host processor , logic circuitry for detecting the most recent memory store to a particular memory address held in the buffer in response to an access of the memory address , draining circuitry for removing memory stores temporarily stored from the segregated portion and permanently storing the memory stores when a determination is made that a sequence of translated instructions will execute without exception or error on the host processor , and means for eliminating memory stores temporarily stored in the segregated portion of the buffer when a determination is made that a sequence of translated instructions will generate an exception or error on the host processor .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (first instruction) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		US6011908A
CLAIM 20 . Apparatus for use in a processing system having a host processor capable of executing a first instruction (executable instructions, call instructions, decryption instructions) set to assist in running instructions of a different instruction set which is translated to the first instruction set by the host processor comprising : a buffer including a segregated region for temporarily storing memory stores generated until a determination that a sequence of translated instructions will execute without exception or error on the host processor , logic circuitry for detecting the most recent memory store to a particular memory address held in the buffer in response to an access of the memory address , draining circuitry for removing memory stores temporarily stored from the segregated portion and permanently storing the memory stores when a determination is made that a sequence of translated instructions will execute without exception or error on the host processor , and means for eliminating memory stores temporarily stored in the segregated portion of the buffer when a determination is made that a sequence of translated instructions will generate an exception or error on the host processor .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion (logic circuitry) key derived from a respective target (logic circuitry) block . 		US6011908A
CLAIM 20 . Apparatus for use in a processing system having a host processor capable of executing a first instruction set to assist in running instructions of a different instruction set which is translated to the first instruction set by the host processor comprising : a buffer including a segregated region for temporarily storing memory stores generated until a determination that a sequence of translated instructions will execute without exception or error on the host processor , logic circuitry (respective conversion, respective target, respective call instruction, respective conversion key) for detecting the most recent memory store to a particular memory address held in the buffer in response to an access of the memory address , draining circuitry for removing memory stores temporarily stored from the segregated portion and permanently storing the memory stores when a determination is made that a sequence of translated instructions will execute without exception or error on the host processor , and means for eliminating memory stores temporarily stored in the segregated portion of the buffer when a determination is made that a sequence of translated instructions will generate an exception or error on the host processor .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (first instruction) . 		US6011908A
CLAIM 20 . Apparatus for use in a processing system having a host processor capable of executing a first instruction (executable instructions, call instructions, decryption instructions) set to assist in running instructions of a different instruction set which is translated to the first instruction set by the host processor comprising : a buffer including a segregated region for temporarily storing memory stores generated until a determination that a sequence of translated instructions will execute without exception or error on the host processor , logic circuitry for detecting the most recent memory store to a particular memory address held in the buffer in response to an access of the memory address , draining circuitry for removing memory stores temporarily stored from the segregated portion and permanently storing the memory stores when a determination is made that a sequence of translated instructions will execute without exception or error on the host processor , and means for eliminating memory stores temporarily stored in the segregated portion of the buffer when a determination is made that a sequence of translated instructions will generate an exception or error on the host processor .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions (first instruction) and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US6011908A
CLAIM 20 . Apparatus for use in a processing system having a host processor capable of executing a first instruction (executable instructions, call instructions, decryption instructions) set to assist in running instructions of a different instruction set which is translated to the first instruction set by the host processor comprising : a buffer including a segregated region for temporarily storing memory stores generated until a determination that a sequence of translated instructions will execute without exception or error on the host processor , logic circuitry for detecting the most recent memory store to a particular memory address held in the buffer in response to an access of the memory address , draining circuitry for removing memory stores temporarily stored from the segregated portion and permanently storing the memory stores when a determination is made that a sequence of translated instructions will execute without exception or error on the host processor , and means for eliminating memory stores temporarily stored in the segregated portion of the buffer when a determination is made that a sequence of translated instructions will generate an exception or error on the host processor .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code , wherein : the protected code comprises at least one call instruction (holding data) to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US6011908A
CLAIM 1 . A buffer for controlling the storage in memory of data generated during execution of a sequence of instructions by a processor comprising : a plurality of storage locations each capable of holding data (call instruction) addressed to memory and the address of the data , means for transferring data generated by the operation of a processor to the storage locations as the data is generated until the sequence of instructions completes executing , means for identifying data in the buffer generated by a sequence of instructions which has not completed executing , means for detecting which is most recent data in the buffer directed to a particular memory address in response to a memory access , means for transferring data in the storage locations to memory after a sequence of instructions generating the stores has executed without generating an exception or an error , and means for eliminating memory stores in the storage locations when execution of a sequence of instructions generating the stores generates an exception or an error .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions (first instruction) to the security code ;

the security code , when called by a call instruction (holding data) , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US6011908A
CLAIM 1 . A buffer for controlling the storage in memory of data generated during execution of a sequence of instructions by a processor comprising : a plurality of storage locations each capable of holding data (call instruction) addressed to memory and the address of the data , means for transferring data generated by the operation of a processor to the storage locations as the data is generated until the sequence of instructions completes executing , means for identifying data in the buffer generated by a sequence of instructions which has not completed executing , means for detecting which is most recent data in the buffer directed to a particular memory address in response to a memory access , means for transferring data in the storage locations to memory after a sequence of instructions generating the stores has executed without generating an exception or an error , and means for eliminating memory stores in the storage locations when execution of a sequence of instructions generating the stores generates an exception or an error .

US6011908A
CLAIM 20 . Apparatus for use in a processing system having a host processor capable of executing a first instruction (executable instructions, call instructions, decryption instructions) set to assist in running instructions of a different instruction set which is translated to the first instruction set by the host processor comprising : a buffer including a segregated region for temporarily storing memory stores generated until a determination that a sequence of translated instructions will execute without exception or error on the host processor , logic circuitry for detecting the most recent memory store to a particular memory address held in the buffer in response to an access of the memory address , draining circuitry for removing memory stores temporarily stored from the segregated portion and permanently storing the memory stores when a determination is made that a sequence of translated instructions will execute without exception or error on the host processor , and means for eliminating memory stores temporarily stored in the segregated portion of the buffer when a determination is made that a sequence of translated instructions will generate an exception or error on the host processor .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		WO9733216A1

Filed: 1996-12-19     Issued: 1997-09-12

Encoding technique for software and hardware

(Original Assignee) Northern Telecom Limited     

Harold Joseph Johnson, Yuan Xiang Gu, Becky Laiping Chan, Stanley Taihai Chow
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code (security level) which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		WO9733216A1
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) providing one or more different program designs which are each similar to said executable program design as a whole or in part , each program design having sufficient length and width for a desired security level (executable code, executable conversion code) ;
and b) intertwining said executable program design and said one or more different program designs so that outputs of said encoded executable program design depend upon all inputs of said executable program design and different program designs .

US7162735B2
CLAIM 4 . A digital data (determined order) arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code (security level) , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call (use one) instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		WO9733216A1
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) providing one or more different program designs which are each similar to said executable program design as a whole or in part , each program design having sufficient length and width for a desired security level (executable code, executable conversion code) ;
and b) intertwining said executable program design and said one or more different program designs so that outputs of said encoded executable program design depend upon all inputs of said executable program design and different program designs .

WO9733216A1
CLAIM 7 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one (respective call, digital protection) or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 5 . A computer system comprising memory means containing a digital protection (use one) arrangement (comprising steps) according to claim 4 . 		WO9733216A1
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps (digital protection arrangement) of : a) providing one or more different program designs which are each similar to said executable program design as a whole or in part , each program design having sufficient length and width for a desired security level ;
and b) intertwining said executable program design and said one or more different program designs so that outputs of said encoded executable program design depend upon all inputs of said executable program design and different program designs .

WO9733216A1
CLAIM 7 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one (respective call, digital protection) or any of the following steps to be performed in a predetermined order : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (determined order) protection arrangement in accordance with claim 4 . 		WO9733216A1
CLAIM 7 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system , is operable as a digital data (determined order) protection arrangement in accordance with claim 4 . 		WO9733216A1
CLAIM 7 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 18 . A digital data (determined order) arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code (security level) operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		WO9733216A1
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) providing one or more different program designs which are each similar to said executable program design as a whole or in part , each program design having sufficient length and width for a desired security level (executable code, executable conversion code) ;
and b) intertwining said executable program design and said one or more different program designs so that outputs of said encoded executable program design depend upon all inputs of said executable program design and different program designs .

WO9733216A1
CLAIM 7 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code (security level) stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		WO9733216A1
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) providing one or more different program designs which are each similar to said executable program design as a whole or in part , each program design having sufficient length and width for a desired security level (executable code, executable conversion code) ;
and b) intertwining said executable program design and said one or more different program designs so that outputs of said encoded executable program design depend upon all inputs of said executable program design and different program designs .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code (security level) and/or a data file (determined order) . 		WO9733216A1
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) providing one or more different program designs which are each similar to said executable program design as a whole or in part , each program design having sufficient length and width for a desired security level (executable code, executable conversion code) ;
and b) intertwining said executable program design and said one or more different program designs so that outputs of said encoded executable program design depend upon all inputs of said executable program design and different program designs .

WO9733216A1
CLAIM 7 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point (predetermined points) at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code (security level) to be executed when seeking to access the protected data . 		WO9733216A1
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) providing one or more different program designs which are each similar to said executable program design as a whole or in part , each program design having sufficient length and width for a desired security level (executable code, executable conversion code) ;
and b) intertwining said executable program design and said one or more different program designs so that outputs of said encoded executable program design depend upon all inputs of said executable program design and different program designs .

WO9733216A1
CLAIM 2 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : c) generating one or more checking cascades which are each similar to said executable program design , each checking cascade having sufficient length and width for a desired security level ;
d) inserting periodic checking codes distributed over said checking cascades , said checking codes for monitoring expected output of said checking cascades at predetermined points (start point) in said executable program design ;
and e) intertwining said executable program design and said checking cascades so that outputs of said encoded executable program design depend upon all inputs of said executable program design and checking cascades .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (determined order) protection arrangement in accordance with claim 18 . 		WO9733216A1
CLAIM 7 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 29 . A digital data (determined order) arrangement comprising executable code (security level) executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		WO9733216A1
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) providing one or more different program designs which are each similar to said executable program design as a whole or in part , each program design having sufficient length and width for a desired security level (executable code, executable conversion code) ;
and b) intertwining said executable program design and said one or more different program designs so that outputs of said encoded executable program design depend upon all inputs of said executable program design and different program designs .

WO9733216A1
CLAIM 7 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (determined order) protection arrangement in accordance with claim 29 . 		WO9733216A1
CLAIM 7 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code (security level) is executable to create the steps on each occasion that the executable instruction is to be executed . 		WO9733216A1
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) providing one or more different program designs which are each similar to said executable program design as a whole or in part , each program design having sufficient length and width for a desired security level (executable code, executable conversion code) ;
and b) intertwining said executable program design and said one or more different program designs so that outputs of said encoded executable program design depend upon all inputs of said executable program design and different program designs .

US7162735B2
CLAIM 34 . A digital data (determined order) arrangement comprising executable code (security level) executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part (following steps) of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		WO9733216A1
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) providing one or more different program designs which are each similar to said executable program design as a whole or in part , each program design having sufficient length and width for a desired security level (executable code, executable conversion code) ;
and b) intertwining said executable program design and said one or more different program designs so that outputs of said encoded executable program design depend upon all inputs of said executable program design and different program designs .

WO9733216A1
CLAIM 7 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps (second part) to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 36 . The arrangement of claim 34 , wherein the executable code (security level) is executable to create corrupt data in addition to each part of protected code . 		WO9733216A1
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) providing one or more different program designs which are each similar to said executable program design as a whole or in part , each program design having sufficient length and width for a desired security level (executable code, executable conversion code) ;
and b) intertwining said executable program design and said one or more different program designs so that outputs of said encoded executable program design depend upon all inputs of said executable program design and different program designs .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (determined order) protection arrangement in accordance with claim 34 . 		WO9733216A1
CLAIM 7 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 38 . A digital data (determined order) arrangement comprising protected code , security code and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		WO9733216A1
CLAIM 7 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code (security level) and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		WO9733216A1
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) providing one or more different program designs which are each similar to said executable program design as a whole or in part , each program design having sufficient length and width for a desired security level (executable code, executable conversion code) ;
and b) intertwining said executable program design and said one or more different program designs so that outputs of said encoded executable program design depend upon all inputs of said executable program design and different program designs .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (determined order) protection arrangement in accordance with claim 38 . 		WO9733216A1
CLAIM 7 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6064738A

Filed: 1996-12-10     Issued: 2000-05-16

Method for encrypting and decrypting data using chaotic maps

(Original Assignee) Research Foundation of State University of New York     (Current Assignee) Research Foundation of State University of New York

Jiri Fridrich
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key (encrypting data) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US6064738A
CLAIM 1 . A method for encrypting data (conversion key) , the steps comprising : a) creating a discretized map , the sub-steps comprising : i) providing an array of data , said data comprising elements arranged in a first M×N array , each element having a value ;
ii) generating a key that is representative of at least one of said dimensions M and N of said array of data , said key having at least one numeric value ;
iii) building a two-dimensional chaotic map using said key by substituting for at least one of said elements of said first M×N array a new value dependent upon the position of said element in said first M×N array , the original value of said element , and the value of at least one other element ;
iv) extending said two-dimensional chaotic map into at least a third dimension ;
and b) applying said discretized map to a second M×N array of data to generate encrypted data representative thereof .

US7162735B2
CLAIM 4 . A digital data (said elements) arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US6064738A
CLAIM 1 . A method for encrypting data , the steps comprising : a) creating a discretized map , the sub-steps comprising : i) providing an array of data , said data comprising elements arranged in a first M×N array , each element having a value ;
ii) generating a key that is representative of at least one of said dimensions M and N of said array of data , said key having at least one numeric value ;
iii) building a two-dimensional chaotic map using said key by substituting for at least one of said elements (digital data, digital data arrangement, digital data protection arrangement) of said first M×N array a new value dependent upon the position of said element in said first M×N array , the original value of said element , and the value of at least one other element ;
iv) extending said two-dimensional chaotic map into at least a third dimension ;
and b) applying said discretized map to a second M×N array of data to generate encrypted data representative thereof .

US7162735B2
CLAIM 5 . A computer system comprising memory means (original value) containing a digital protection arrangement (other element) according to claim 4 . 		US6064738A
CLAIM 1 . A method for encrypting data , the steps comprising : a) creating a discretized map , the sub-steps comprising : i) providing an array of data , said data comprising elements arranged in a first M×N array , each element having a value ;
ii) generating a key that is representative of at least one of said dimensions M and N of said array of data , said key having at least one numeric value ;
iii) building a two-dimensional chaotic map using said key by substituting for at least one of said elements of said first M×N array a new value dependent upon the position of said element in said first M×N array , the original value (memory means) of said element , and the value of at least one other element (digital protection arrangement) ;
iv) extending said two-dimensional chaotic map into at least a third dimension ;
and b) applying said discretized map to a second M×N array of data to generate encrypted data representative thereof .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said elements) protection arrangement in accordance with claim 4 . 		US6064738A
CLAIM 1 . A method for encrypting data , the steps comprising : a) creating a discretized map , the sub-steps comprising : i) providing an array of data , said data comprising elements arranged in a first M×N array , each element having a value ;
ii) generating a key that is representative of at least one of said dimensions M and N of said array of data , said key having at least one numeric value ;
iii) building a two-dimensional chaotic map using said key by substituting for at least one of said elements (digital data, digital data arrangement, digital data protection arrangement) of said first M×N array a new value dependent upon the position of said element in said first M×N array , the original value of said element , and the value of at least one other element ;
iv) extending said two-dimensional chaotic map into at least a third dimension ;
and b) applying said discretized map to a second M×N array of data to generate encrypted data representative thereof .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system , is operable as a digital data (said elements) protection arrangement in accordance with claim 4 . 		US6064738A
CLAIM 1 . A method for encrypting data , the steps comprising : a) creating a discretized map , the sub-steps comprising : i) providing an array of data , said data comprising elements arranged in a first M×N array , each element having a value ;
ii) generating a key that is representative of at least one of said dimensions M and N of said array of data , said key having at least one numeric value ;
iii) building a two-dimensional chaotic map using said key by substituting for at least one of said elements (digital data, digital data arrangement, digital data protection arrangement) of said first M×N array a new value dependent upon the position of said element in said first M×N array , the original value of said element , and the value of at least one other element ;
iv) extending said two-dimensional chaotic map into at least a third dimension ;
and b) applying said discretized map to a second M×N array of data to generate encrypted data representative thereof .

US7162735B2
CLAIM 18 . A digital data (said elements) arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key (encrypting data) from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US6064738A
CLAIM 1 . A method for encrypting data (conversion key) , the steps comprising : a) creating a discretized map , the sub-steps comprising : i) providing an array of data , said data comprising elements arranged in a first M×N array , each element having a value ;
ii) generating a key that is representative of at least one of said dimensions M and N of said array of data , said key having at least one numeric value ;
iii) building a two-dimensional chaotic map using said key by substituting for at least one of said elements (digital data, digital data arrangement, digital data protection arrangement) of said first M×N array a new value dependent upon the position of said element in said first M×N array , the original value of said element , and the value of at least one other element ;
iv) extending said two-dimensional chaotic map into at least a third dimension ;
and b) applying said discretized map to a second M×N array of data to generate encrypted data representative thereof .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (encrypting data) derived from a respective target block . 		US6064738A
CLAIM 1 . A method for encrypting data (conversion key) , the steps comprising : a) creating a discretized map , the sub-steps comprising : i) providing an array of data , said data comprising elements arranged in a first M×N array , each element having a value ;
ii) generating a key that is representative of at least one of said dimensions M and N of said array of data , said key having at least one numeric value ;
iii) building a two-dimensional chaotic map using said key by substituting for at least one of said elements of said first M×N array a new value dependent upon the position of said element in said first M×N array , the original value of said element , and the value of at least one other element ;
iv) extending said two-dimensional chaotic map into at least a third dimension ;
and b) applying said discretized map to a second M×N array of data to generate encrypted data representative thereof .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (original value) storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US6064738A
CLAIM 1 . A method for encrypting data , the steps comprising : a) creating a discretized map , the sub-steps comprising : i) providing an array of data , said data comprising elements arranged in a first M×N array , each element having a value ;
ii) generating a key that is representative of at least one of said dimensions M and N of said array of data , said key having at least one numeric value ;
iii) building a two-dimensional chaotic map using said key by substituting for at least one of said elements of said first M×N array a new value dependent upon the position of said element in said first M×N array , the original value (memory means) of said element , and the value of at least one other element ;
iv) extending said two-dimensional chaotic map into at least a third dimension ;
and b) applying said discretized map to a second M×N array of data to generate encrypted data representative thereof .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said elements) protection arrangement in accordance with claim 18 . 		US6064738A
CLAIM 1 . A method for encrypting data , the steps comprising : a) creating a discretized map , the sub-steps comprising : i) providing an array of data , said data comprising elements arranged in a first M×N array , each element having a value ;
ii) generating a key that is representative of at least one of said dimensions M and N of said array of data , said key having at least one numeric value ;
iii) building a two-dimensional chaotic map using said key by substituting for at least one of said elements (digital data, digital data arrangement, digital data protection arrangement) of said first M×N array a new value dependent upon the position of said element in said first M×N array , the original value of said element , and the value of at least one other element ;
iv) extending said two-dimensional chaotic map into at least a third dimension ;
and b) applying said discretized map to a second M×N array of data to generate encrypted data representative thereof .

US7162735B2
CLAIM 29 . A digital data (said elements) arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US6064738A
CLAIM 1 . A method for encrypting data , the steps comprising : a) creating a discretized map , the sub-steps comprising : i) providing an array of data , said data comprising elements arranged in a first M×N array , each element having a value ;
ii) generating a key that is representative of at least one of said dimensions M and N of said array of data , said key having at least one numeric value ;
iii) building a two-dimensional chaotic map using said key by substituting for at least one of said elements (digital data, digital data arrangement, digital data protection arrangement) of said first M×N array a new value dependent upon the position of said element in said first M×N array , the original value of said element , and the value of at least one other element ;
iv) extending said two-dimensional chaotic map into at least a third dimension ;
and b) applying said discretized map to a second M×N array of data to generate encrypted data representative thereof .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said elements) protection arrangement in accordance with claim 29 . 		US6064738A
CLAIM 1 . A method for encrypting data , the steps comprising : a) creating a discretized map , the sub-steps comprising : i) providing an array of data , said data comprising elements arranged in a first M×N array , each element having a value ;
ii) generating a key that is representative of at least one of said dimensions M and N of said array of data , said key having at least one numeric value ;
iii) building a two-dimensional chaotic map using said key by substituting for at least one of said elements (digital data, digital data arrangement, digital data protection arrangement) of said first M×N array a new value dependent upon the position of said element in said first M×N array , the original value of said element , and the value of at least one other element ;
iv) extending said two-dimensional chaotic map into at least a third dimension ;
and b) applying said discretized map to a second M×N array of data to generate encrypted data representative thereof .

US7162735B2
CLAIM 34 . A digital data (said elements) arrangement comprising executable code executable to create a first part (said sub) of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US6064738A
CLAIM 1 . A method for encrypting data , the steps comprising : a) creating a discretized map , the sub-steps comprising : i) providing an array of data , said data comprising elements arranged in a first M×N array , each element having a value ;
ii) generating a key that is representative of at least one of said dimensions M and N of said array of data , said key having at least one numeric value ;
iii) building a two-dimensional chaotic map using said key by substituting for at least one of said elements (digital data, digital data arrangement, digital data protection arrangement) of said first M×N array a new value dependent upon the position of said element in said first M×N array , the original value of said element , and the value of at least one other element ;
iv) extending said two-dimensional chaotic map into at least a third dimension ;
and b) applying said discretized map to a second M×N array of data to generate encrypted data representative thereof .

US6064738A
CLAIM 4 . A method for encrypting data , the steps comprising : a) creating a discretized map , the sub-steps comprising : i) providing an array of data , said data comprising elements arranged in a first M×N array comprising a discretized image , each element having a value ;
ii) generating a key representative of at least one of said dimensions M and N of said first array of data , said key having at least one numeric value ;
iii) building a two-dimensional chaotic baker map using said key ;
iv) extending said chaotic map into at least a third dimension ;
b) applying said discretized map successively to subsequent M×N arrays of data , at least one of said sub (first part) sequent arrays of data being padded with dummy data , said subsequent M×N arrays being formed from larger arrays of data , to generate encrypted data representative of each of said arrays .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said elements) protection arrangement in accordance with claim 34 . 		US6064738A
CLAIM 1 . A method for encrypting data , the steps comprising : a) creating a discretized map , the sub-steps comprising : i) providing an array of data , said data comprising elements arranged in a first M×N array , each element having a value ;
ii) generating a key that is representative of at least one of said dimensions M and N of said array of data , said key having at least one numeric value ;
iii) building a two-dimensional chaotic map using said key by substituting for at least one of said elements (digital data, digital data arrangement, digital data protection arrangement) of said first M×N array a new value dependent upon the position of said element in said first M×N array , the original value of said element , and the value of at least one other element ;
iv) extending said two-dimensional chaotic map into at least a third dimension ;
and b) applying said discretized map to a second M×N array of data to generate encrypted data representative thereof .

US7162735B2
CLAIM 38 . A digital data (said elements) arrangement comprising protected code , security code and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US6064738A
CLAIM 1 . A method for encrypting data , the steps comprising : a) creating a discretized map , the sub-steps comprising : i) providing an array of data , said data comprising elements arranged in a first M×N array , each element having a value ;
ii) generating a key that is representative of at least one of said dimensions M and N of said array of data , said key having at least one numeric value ;
iii) building a two-dimensional chaotic map using said key by substituting for at least one of said elements (digital data, digital data arrangement, digital data protection arrangement) of said first M×N array a new value dependent upon the position of said element in said first M×N array , the original value of said element , and the value of at least one other element ;
iv) extending said two-dimensional chaotic map into at least a third dimension ;
and b) applying said discretized map to a second M×N array of data to generate encrypted data representative thereof .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said elements) protection arrangement in accordance with claim 38 . 		US6064738A
CLAIM 1 . A method for encrypting data , the steps comprising : a) creating a discretized map , the sub-steps comprising : i) providing an array of data , said data comprising elements arranged in a first M×N array , each element having a value ;
ii) generating a key that is representative of at least one of said dimensions M and N of said array of data , said key having at least one numeric value ;
iii) building a two-dimensional chaotic map using said key by substituting for at least one of said elements (digital data, digital data arrangement, digital data protection arrangement) of said first M×N array a new value dependent upon the position of said element in said first M×N array , the original value of said element , and the value of at least one other element ;
iv) extending said two-dimensional chaotic map into at least a third dimension ;
and b) applying said discretized map to a second M×N array of data to generate encrypted data representative thereof .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		EP0774714A2

Filed: 1996-11-05     Issued: 1997-05-21

Method and apparatus for instruction scheduling in an optimizing compiler for minimizing overhead instructions

(Original Assignee) Sun Microsystems Inc     (Current Assignee) Sun Microsystems Inc

Partha P. Tirumalai, Krishna Subramanian, Boris Baylin
US7162735B2
CLAIM 1 . Computer software (computer program, program product) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form (computer program, program product) by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		EP0774714A2
CLAIM 14 A computer program (Computer software, executable form, Computer software operable to provide protection) product comprising : a computer usable medium having computer readable program code mechanisms embodied therein to schedule the executable instructions of a target program directed at a target computer architecture having a plurality of parallel computation units which facilitate instruction pipelining and which provides an ability to add two values to form an address used in a memory load or store instruction and which permits two or more instructions to be issued in a single clock cycle , the schedule produced in a manner that reduces the number of executable instructions required in the schedule , the computer readable program code mechanisms in said computer program product comprising : computer readable code mechanisms to cause a computer to partition instructions for a loop in the target program into reducible instructions and non-reducible instructions ;
computer readable code mechanisms to cause the computer to modulo schedule said non-reducible instructions ;
and computer readable code mechanisms to cause the computer to directly insert said reducible instructions into a modulo schedule of said non-reducible instructions which is produced by said modulo scheduler mechanism ;
and computer readable code mechanisms to cause the computer to identify one or more of scheduled non-reducible instructions which would normally use a value produced by a designated reducible instruction and said instruction modification mechanism further to modify an original offset in an address portion of said identified one or more of scheduled non-reducible instructions which use a designated reducible instruction .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (back end) in accordance with claim 1 . 		EP0774714A2
CLAIM 1 A computer system having a central processing unit (CPU) and random access memory (RAM) coupled to said CPU , for use in compiling a target program to run on a target computer architecture having a plurality of parallel computation units which facilitate instruction pipelining and which provides an ability to add two values to form an address used in a memory load or store instruction and which permits two or more instructions to be issued in a single clock cycle , said computer system comprising : a compiler system resident in said computer system having a front end compiler , a code optimizer and a back end (computer memory device containing computer software, data carrier containing software) code generator ;
and an instruction partition mechanism coupled to said code optimizer configured to partition instructions for the target program into reducible instructions and non-reducible instructions ;
a modulo scheduler mechanism coupled to said code optimizer configured to modulo schedule said non-reducible instructions ;
an instruction insertion mechanism configured to directly insert a copy of one of said reducible instructions into a modulo schedule of said non-reducible instructions which is produced by said modulo scheduler mechanism ;
and an instruction modification mechanism coupled to said code optimizer configured to identify one or more of scheduled non-reducible instructions which would normally use a value produced by a designated reducible instruction and said instruction modification mechanism further configured to modify an original offset in an address portion of said identified one or more of scheduled non-reducible instructions which use a designated reducible instruction .

US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		EP0774714A2
CLAIM 1 A computer system (computer system) having a central processing unit (CPU) and random access memory (RAM) coupled to said CPU , for use in compiling a target program to run on a target computer architecture having a plurality of parallel computation units which facilitate instruction pipelining and which provides an ability to add two values to form an address used in a memory load or store instruction and which permits two or more instructions to be issued in a single clock cycle , said computer system comprising : a compiler system resident in said computer system having a front end compiler , a code optimizer and a back end code generator ;
and an instruction partition mechanism coupled to said code optimizer configured to partition instructions for the target program into reducible instructions and non-reducible instructions ;
a modulo scheduler mechanism coupled to said code optimizer configured to modulo schedule said non-reducible instructions ;
an instruction insertion mechanism configured to directly insert a copy of one of said reducible instructions into a modulo schedule of said non-reducible instructions which is produced by said modulo scheduler mechanism ;
and an instruction modification mechanism coupled to said code optimizer configured to identify one or more of scheduled non-reducible instructions which would normally use a value produced by a designated reducible instruction and said instruction modification mechanism further configured to modify an original offset in an address portion of said identified one or more of scheduled non-reducible instructions which use a designated reducible instruction .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		EP0774714A2
CLAIM 1 A computer system (computer system) having a central processing unit (CPU) and random access memory (RAM) coupled to said CPU , for use in compiling a target program to run on a target computer architecture having a plurality of parallel computation units which facilitate instruction pipelining and which provides an ability to add two values to form an address used in a memory load or store instruction and which permits two or more instructions to be issued in a single clock cycle , said computer system comprising : a compiler system resident in said computer system having a front end compiler , a code optimizer and a back end code generator ;
and an instruction partition mechanism coupled to said code optimizer configured to partition instructions for the target program into reducible instructions and non-reducible instructions ;
a modulo scheduler mechanism coupled to said code optimizer configured to modulo schedule said non-reducible instructions ;
an instruction insertion mechanism configured to directly insert a copy of one of said reducible instructions into a modulo schedule of said non-reducible instructions which is produced by said modulo scheduler mechanism ;
and an instruction modification mechanism coupled to said code optimizer configured to identify one or more of scheduled non-reducible instructions which would normally use a value produced by a designated reducible instruction and said instruction modification mechanism further configured to modify an original offset in an address portion of said identified one or more of scheduled non-reducible instructions which use a designated reducible instruction .

US7162735B2
CLAIM 6 . A data carrier containing software (back end) which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		EP0774714A2
CLAIM 1 A computer system (computer system) having a central processing unit (CPU) and random access memory (RAM) coupled to said CPU , for use in compiling a target program to run on a target computer architecture having a plurality of parallel computation units which facilitate instruction pipelining and which provides an ability to add two values to form an address used in a memory load or store instruction and which permits two or more instructions to be issued in a single clock cycle , said computer system comprising : a compiler system resident in said computer system having a front end compiler , a code optimizer and a back end (computer memory device containing computer software, data carrier containing software) code generator ;
and an instruction partition mechanism coupled to said code optimizer configured to partition instructions for the target program into reducible instructions and non-reducible instructions ;
a modulo scheduler mechanism coupled to said code optimizer configured to modulo schedule said non-reducible instructions ;
an instruction insertion mechanism configured to directly insert a copy of one of said reducible instructions into a modulo schedule of said non-reducible instructions which is produced by said modulo scheduler mechanism ;
and an instruction modification mechanism coupled to said code optimizer configured to identify one or more of scheduled non-reducible instructions which would normally use a value produced by a designated reducible instruction and said instruction modification mechanism further configured to modify an original offset in an address portion of said identified one or more of scheduled non-reducible instructions which use a designated reducible instruction .

US7162735B2
CLAIM 7 . Computer software (computer program, program product) which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		EP0774714A2
CLAIM 1 A computer system (computer system) having a central processing unit (CPU) and random access memory (RAM) coupled to said CPU , for use in compiling a target program to run on a target computer architecture having a plurality of parallel computation units which facilitate instruction pipelining and which provides an ability to add two values to form an address used in a memory load or store instruction and which permits two or more instructions to be issued in a single clock cycle , said computer system comprising : a compiler system resident in said computer system having a front end compiler , a code optimizer and a back end code generator ;
and an instruction partition mechanism coupled to said code optimizer configured to partition instructions for the target program into reducible instructions and non-reducible instructions ;
a modulo scheduler mechanism coupled to said code optimizer configured to modulo schedule said non-reducible instructions ;
an instruction insertion mechanism configured to directly insert a copy of one of said reducible instructions into a modulo schedule of said non-reducible instructions which is produced by said modulo scheduler mechanism ;
and an instruction modification mechanism coupled to said code optimizer configured to identify one or more of scheduled non-reducible instructions which would normally use a value produced by a designated reducible instruction and said instruction modification mechanism further configured to modify an original offset in an address portion of said identified one or more of scheduled non-reducible instructions which use a designated reducible instruction .

EP0774714A2
CLAIM 14 A computer program (Computer software, executable form, Computer software operable to provide protection) product comprising : a computer usable medium having computer readable program code mechanisms embodied therein to schedule the executable instructions of a target program directed at a target computer architecture having a plurality of parallel computation units which facilitate instruction pipelining and which provides an ability to add two values to form an address used in a memory load or store instruction and which permits two or more instructions to be issued in a single clock cycle , the schedule produced in a manner that reduces the number of executable instructions required in the schedule , the computer readable program code mechanisms in said computer program product comprising : computer readable code mechanisms to cause a computer to partition instructions for a loop in the target program into reducible instructions and non-reducible instructions ;
computer readable code mechanisms to cause the computer to modulo schedule said non-reducible instructions ;
and computer readable code mechanisms to cause the computer to directly insert said reducible instructions into a modulo schedule of said non-reducible instructions which is produced by said modulo scheduler mechanism ;
and computer readable code mechanisms to cause the computer to identify one or more of scheduled non-reducible instructions which would normally use a value produced by a designated reducible instruction and said instruction modification mechanism further to modify an original offset in an address portion of said identified one or more of scheduled non-reducible instructions which use a designated reducible instruction .

US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (executable instructions) for decryption . 		EP0774714A2
CLAIM 5 An apparatus for optimizing the execution time of executable instructions (executable instructions) in a target program which is designated to run on a target computer architecture having a plurality of parallel computation units which facilitate instruction pipelining and which provides an ability to add two values to form an address used in a memory load or store instruction and which permits two or more instructions to be issued in a single clock cycle , said apparatus comprising : a computer having a processor , a memory , and an input/output section ;
a compiler system resident in said computer memory having a front end compiler , a code optimizer and a back end code generator ;
and an instruction partition mechanism coupled to said computer for use by said code optimizer to partition instructions for the target program into reducible instructions and non-reducible instructions ;
a modulo scheduler mechanism coupled to said computer for use by said code optimizer to modulo schedule said non-reducible instructions ;
an instruction insertion mechanism configured to directly insert said reducible instructions into a modulo schedule of said non-reducible instructions which is produced by said modulo scheduler mechanism ;
and an instruction modification mechanism coupled to said computer for use by said code optimizer configured to identify one or more of scheduled non-reducible instructions which would normally use a value produced by a designated reducible instruction and said instruction modification mechanism further configured to modify an original offset in an address portion of said identified one or more of scheduled non-reducible instructions which use a designated reducible instruction .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code (clock cycle) operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form (computer program, program product) by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		EP0774714A2
CLAIM 1 A computer system having a central processing unit (CPU) and random access memory (RAM) coupled to said CPU , for use in compiling a target program to run on a target computer architecture having a plurality of parallel computation units which facilitate instruction pipelining and which provides an ability to add two values to form an address used in a memory load or store instruction and which permits two or more instructions to be issued in a single clock cycle (conversion code, comprising processing means operable to execute code) , said computer system comprising : a compiler system resident in said computer system having a front end compiler , a code optimizer and a back end code generator ;
and an instruction partition mechanism coupled to said code optimizer configured to partition instructions for the target program into reducible instructions and non-reducible instructions ;
a modulo scheduler mechanism coupled to said code optimizer configured to modulo schedule said non-reducible instructions ;
an instruction insertion mechanism configured to directly insert a copy of one of said reducible instructions into a modulo schedule of said non-reducible instructions which is produced by said modulo scheduler mechanism ;
and an instruction modification mechanism coupled to said code optimizer configured to identify one or more of scheduled non-reducible instructions which would normally use a value produced by a designated reducible instruction and said instruction modification mechanism further configured to modify an original offset in an address portion of said identified one or more of scheduled non-reducible instructions which use a designated reducible instruction .

EP0774714A2
CLAIM 14 A computer program (Computer software, executable form, Computer software operable to provide protection) product comprising : a computer usable medium having computer readable program code mechanisms embodied therein to schedule the executable instructions of a target program directed at a target computer architecture having a plurality of parallel computation units which facilitate instruction pipelining and which provides an ability to add two values to form an address used in a memory load or store instruction and which permits two or more instructions to be issued in a single clock cycle , the schedule produced in a manner that reduces the number of executable instructions required in the schedule , the computer readable program code mechanisms in said computer program product comprising : computer readable code mechanisms to cause a computer to partition instructions for a loop in the target program into reducible instructions and non-reducible instructions ;
computer readable code mechanisms to cause the computer to modulo schedule said non-reducible instructions ;
and computer readable code mechanisms to cause the computer to directly insert said reducible instructions into a modulo schedule of said non-reducible instructions which is produced by said modulo scheduler mechanism ;
and computer readable code mechanisms to cause the computer to identify one or more of scheduled non-reducible instructions which would normally use a value produced by a designated reducible instruction and said instruction modification mechanism further to modify an original offset in an address portion of said identified one or more of scheduled non-reducible instructions which use a designated reducible instruction .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code (clock cycle) is operable to convert each block into an executable form (computer program, program product) . 		EP0774714A2
CLAIM 1 A computer system having a central processing unit (CPU) and random access memory (RAM) coupled to said CPU , for use in compiling a target program to run on a target computer architecture having a plurality of parallel computation units which facilitate instruction pipelining and which provides an ability to add two values to form an address used in a memory load or store instruction and which permits two or more instructions to be issued in a single clock cycle (conversion code, comprising processing means operable to execute code) , said computer system comprising : a compiler system resident in said computer system having a front end compiler , a code optimizer and a back end code generator ;
and an instruction partition mechanism coupled to said code optimizer configured to partition instructions for the target program into reducible instructions and non-reducible instructions ;
a modulo scheduler mechanism coupled to said code optimizer configured to modulo schedule said non-reducible instructions ;
an instruction insertion mechanism configured to directly insert a copy of one of said reducible instructions into a modulo schedule of said non-reducible instructions which is produced by said modulo scheduler mechanism ;
and an instruction modification mechanism coupled to said code optimizer configured to identify one or more of scheduled non-reducible instructions which would normally use a value produced by a designated reducible instruction and said instruction modification mechanism further configured to modify an original offset in an address portion of said identified one or more of scheduled non-reducible instructions which use a designated reducible instruction .

EP0774714A2
CLAIM 14 A computer program (Computer software, executable form, Computer software operable to provide protection) product comprising : a computer usable medium having computer readable program code mechanisms embodied therein to schedule the executable instructions of a target program directed at a target computer architecture having a plurality of parallel computation units which facilitate instruction pipelining and which provides an ability to add two values to form an address used in a memory load or store instruction and which permits two or more instructions to be issued in a single clock cycle , the schedule produced in a manner that reduces the number of executable instructions required in the schedule , the computer readable program code mechanisms in said computer program product comprising : computer readable code mechanisms to cause a computer to partition instructions for a loop in the target program into reducible instructions and non-reducible instructions ;
computer readable code mechanisms to cause the computer to modulo schedule said non-reducible instructions ;
and computer readable code mechanisms to cause the computer to directly insert said reducible instructions into a modulo schedule of said non-reducible instructions which is produced by said modulo scheduler mechanism ;
and computer readable code mechanisms to cause the computer to identify one or more of scheduled non-reducible instructions which would normally use a value produced by a designated reducible instruction and said instruction modification mechanism further to modify an original offset in an address portion of said identified one or more of scheduled non-reducible instructions which use a designated reducible instruction .

US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form (computer program, program product) for subsequent execution . 		EP0774714A2
CLAIM 14 A computer program (Computer software, executable form, Computer software operable to provide protection) product comprising : a computer usable medium having computer readable program code mechanisms embodied therein to schedule the executable instructions of a target program directed at a target computer architecture having a plurality of parallel computation units which facilitate instruction pipelining and which provides an ability to add two values to form an address used in a memory load or store instruction and which permits two or more instructions to be issued in a single clock cycle , the schedule produced in a manner that reduces the number of executable instructions required in the schedule , the computer readable program code mechanisms in said computer program product comprising : computer readable code mechanisms to cause a computer to partition instructions for a loop in the target program into reducible instructions and non-reducible instructions ;
computer readable code mechanisms to cause the computer to modulo schedule said non-reducible instructions ;
and computer readable code mechanisms to cause the computer to directly insert said reducible instructions into a modulo schedule of said non-reducible instructions which is produced by said modulo scheduler mechanism ;
and computer readable code mechanisms to cause the computer to identify one or more of scheduled non-reducible instructions which would normally use a value produced by a designated reducible instruction and said instruction modification mechanism further to modify an original offset in an address portion of said identified one or more of scheduled non-reducible instructions which use a designated reducible instruction .

US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form (computer program, program product) for subsequent execution . 		EP0774714A2
CLAIM 14 A computer program (Computer software, executable form, Computer software operable to provide protection) product comprising : a computer usable medium having computer readable program code mechanisms embodied therein to schedule the executable instructions of a target program directed at a target computer architecture having a plurality of parallel computation units which facilitate instruction pipelining and which provides an ability to add two values to form an address used in a memory load or store instruction and which permits two or more instructions to be issued in a single clock cycle , the schedule produced in a manner that reduces the number of executable instructions required in the schedule , the computer readable program code mechanisms in said computer program product comprising : computer readable code mechanisms to cause a computer to partition instructions for a loop in the target program into reducible instructions and non-reducible instructions ;
computer readable code mechanisms to cause the computer to modulo schedule said non-reducible instructions ;
and computer readable code mechanisms to cause the computer to directly insert said reducible instructions into a modulo schedule of said non-reducible instructions which is produced by said modulo scheduler mechanism ;
and computer readable code mechanisms to cause the computer to identify one or more of scheduled non-reducible instructions which would normally use a value produced by a designated reducible instruction and said instruction modification mechanism further to modify an original offset in an address portion of said identified one or more of scheduled non-reducible instructions which use a designated reducible instruction .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code (clock cycle) , and memory means storing the protected data , decryption instructions and conversion code (clock cycle) with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (said first portion, processing unit) will cause the executable conversion code to be executed when seeking to access the protected data . 		EP0774714A2
CLAIM 1 A computer system having a central processing unit (processor means) (CPU) and random access memory (RAM) coupled to said CPU , for use in compiling a target program to run on a target computer architecture having a plurality of parallel computation units which facilitate instruction pipelining and which provides an ability to add two values to form an address used in a memory load or store instruction and which permits two or more instructions to be issued in a single clock cycle (conversion code, comprising processing means operable to execute code) , said computer system comprising : a compiler system resident in said computer system having a front end compiler , a code optimizer and a back end code generator ;
and an instruction partition mechanism coupled to said code optimizer configured to partition instructions for the target program into reducible instructions and non-reducible instructions ;
a modulo scheduler mechanism coupled to said code optimizer configured to modulo schedule said non-reducible instructions ;
an instruction insertion mechanism configured to directly insert a copy of one of said reducible instructions into a modulo schedule of said non-reducible instructions which is produced by said modulo scheduler mechanism ;
and an instruction modification mechanism coupled to said code optimizer configured to identify one or more of scheduled non-reducible instructions which would normally use a value produced by a designated reducible instruction and said instruction modification mechanism further configured to modify an original offset in an address portion of said identified one or more of scheduled non-reducible instructions which use a designated reducible instruction .

EP0774714A2
CLAIM 6 A code optimizer for use in an compiler system for compiling a target program to run on a target computer architecture having a plurality of parallel computation units which facilitate instruction pipelining and which provides an ability to add two values to form an address used in a memory load or store instruction and which permits two or more instructions to be issued in a single clock cycle , said code optimizer comprising : a first portion configured to accept as input an intermediate code representation of said target program ;
a second portion , coupled to said first portion (processor means) , configured to partition instructions for the target program into reducible instructions and non-reducible instructions ;
a third portion , coupled to said second portion configured to modulo schedule said non-reducible instructions ;
a fourth portion , coupled to said third portion configured to directly insert copies of said reducible instructions into a modulo schedule of said non-reducible instructions which is produced by said third portion ;
and a fifth portion , coupled to said fourth portion configured to identify one or more of scheduled non-reducible instructions which would normally use a value produced by a designated reducible instruction and said fifth portion further configured to modify an original offset in an address portion of said identified one or more of scheduled non-reducible instructions which use a designated reducible instruction , thereby producing a schedule of the executable instructions for the target program .

US7162735B2
CLAIM 28 . A data carrier containing software (back end) which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		EP0774714A2
CLAIM 1 A computer system (computer system) having a central processing unit (CPU) and random access memory (RAM) coupled to said CPU , for use in compiling a target program to run on a target computer architecture having a plurality of parallel computation units which facilitate instruction pipelining and which provides an ability to add two values to form an address used in a memory load or store instruction and which permits two or more instructions to be issued in a single clock cycle , said computer system comprising : a compiler system resident in said computer system having a front end compiler , a code optimizer and a back end (computer memory device containing computer software, data carrier containing software) code generator ;
and an instruction partition mechanism coupled to said code optimizer configured to partition instructions for the target program into reducible instructions and non-reducible instructions ;
a modulo scheduler mechanism coupled to said code optimizer configured to modulo schedule said non-reducible instructions ;
an instruction insertion mechanism configured to directly insert a copy of one of said reducible instructions into a modulo schedule of said non-reducible instructions which is produced by said modulo scheduler mechanism ;
and an instruction modification mechanism coupled to said code optimizer configured to identify one or more of scheduled non-reducible instructions which would normally use a value produced by a designated reducible instruction and said instruction modification mechanism further configured to modify an original offset in an address portion of said identified one or more of scheduled non-reducible instructions which use a designated reducible instruction .

US7162735B2
CLAIM 30 . A data carrier containing software (back end) which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		EP0774714A2
CLAIM 1 A computer system (computer system) having a central processing unit (CPU) and random access memory (RAM) coupled to said CPU , for use in compiling a target program to run on a target computer architecture having a plurality of parallel computation units which facilitate instruction pipelining and which provides an ability to add two values to form an address used in a memory load or store instruction and which permits two or more instructions to be issued in a single clock cycle , said computer system comprising : a compiler system resident in said computer system having a front end compiler , a code optimizer and a back end (computer memory device containing computer software, data carrier containing software) code generator ;
and an instruction partition mechanism coupled to said code optimizer configured to partition instructions for the target program into reducible instructions and non-reducible instructions ;
a modulo scheduler mechanism coupled to said code optimizer configured to modulo schedule said non-reducible instructions ;
an instruction insertion mechanism configured to directly insert a copy of one of said reducible instructions into a modulo schedule of said non-reducible instructions which is produced by said modulo scheduler mechanism ;
and an instruction modification mechanism coupled to said code optimizer configured to identify one or more of scheduled non-reducible instructions which would normally use a value produced by a designated reducible instruction and said instruction modification mechanism further configured to modify an original offset in an address portion of said identified one or more of scheduled non-reducible instructions which use a designated reducible instruction .

US7162735B2
CLAIM 37 . A data carrier containing software (back end) which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		EP0774714A2
CLAIM 1 A computer system (computer system) having a central processing unit (CPU) and random access memory (RAM) coupled to said CPU , for use in compiling a target program to run on a target computer architecture having a plurality of parallel computation units which facilitate instruction pipelining and which provides an ability to add two values to form an address used in a memory load or store instruction and which permits two or more instructions to be issued in a single clock cycle , said computer system comprising : a compiler system resident in said computer system having a front end compiler , a code optimizer and a back end (computer memory device containing computer software, data carrier containing software) code generator ;
and an instruction partition mechanism coupled to said code optimizer configured to partition instructions for the target program into reducible instructions and non-reducible instructions ;
a modulo scheduler mechanism coupled to said code optimizer configured to modulo schedule said non-reducible instructions ;
an instruction insertion mechanism configured to directly insert a copy of one of said reducible instructions into a modulo schedule of said non-reducible instructions which is produced by said modulo scheduler mechanism ;
and an instruction modification mechanism coupled to said code optimizer configured to identify one or more of scheduled non-reducible instructions which would normally use a value produced by a designated reducible instruction and said instruction modification mechanism further configured to modify an original offset in an address portion of said identified one or more of scheduled non-reducible instructions which use a designated reducible instruction .

US7162735B2
CLAIM 40 . A data carrier containing software (back end) which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		EP0774714A2
CLAIM 1 A computer system (computer system) having a central processing unit (CPU) and random access memory (RAM) coupled to said CPU , for use in compiling a target program to run on a target computer architecture having a plurality of parallel computation units which facilitate instruction pipelining and which provides an ability to add two values to form an address used in a memory load or store instruction and which permits two or more instructions to be issued in a single clock cycle , said computer system comprising : a compiler system resident in said computer system having a front end compiler , a code optimizer and a back end (computer memory device containing computer software, data carrier containing software) code generator ;
and an instruction partition mechanism coupled to said code optimizer configured to partition instructions for the target program into reducible instructions and non-reducible instructions ;
a modulo scheduler mechanism coupled to said code optimizer configured to modulo schedule said non-reducible instructions ;
an instruction insertion mechanism configured to directly insert a copy of one of said reducible instructions into a modulo schedule of said non-reducible instructions which is produced by said modulo scheduler mechanism ;
and an instruction modification mechanism coupled to said code optimizer configured to identify one or more of scheduled non-reducible instructions which would normally use a value produced by a designated reducible instruction and said instruction modification mechanism further configured to modify an original offset in an address portion of said identified one or more of scheduled non-reducible instructions which use a designated reducible instruction .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6023506A

Filed: 1996-10-28     Issued: 2000-02-08

Data encryption control apparatus and method

(Original Assignee) Hitachi Ltd     (Current Assignee) Hitachi Ltd

Ichiro Ote, Kazunori Iwabuchi, Hiroaki Washimi, Hiroshi Furukawa, Masahito Sumitomo, Yuuichi Kobayashi
US7162735B2
CLAIM 1 . Computer software (computer program) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US6023506A
CLAIM 17 . A computer program (Computer software) encoded in a computer readable memory medium for directing information encrypting and decrypting operations on the computer , when executed by a computer causes the computer to perform the following : providing a storage area (storage folder) formed by specifying an encrypted file area for storing encrypted files obtained by encrypting unencrypted or plain text files as said information , an encrypted data area for storing plain text file names in association with encrypted file names , and a password storage area for storing a password obtained by encrypting , by means of a system key , a password inputted by a user ;
in encryption , generating an encrypted password by using a system key from a password inputted by an encryption user and storing said encrypted password in said password storage area ;
decrypting said encrypted password by using the system key and generating an encryption key ;
encrypting a specified noncryptic file by using said encryption key and said encrypted plain text file in said encrypted file area ;
and registering said table representing the relation of plain text file names with encrypted file names in said encrypted data area ;
in decryption displaying said registered association table of the encrypted data area on the basis of a password inputted by an decryption user ;
making the decryption user specify a file name to be decrypted by referring to said displayed table ;
generating said encryption key on the basis of said inputted password ;
and decrypting an encrypted file having said specified file name by using said generated encryption key .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (user access) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US6023506A
CLAIM 19 . A method of encrypting information comprising the steps of : creating an encryption folder for holding a plurality of encrypted files ;
receiving from a user a password associated with the encryption folder ;
authenticating the password to provide the user access (security code) to files in the encryption folder ;
storing the password in the encryption folder ;
receiving a user selection of an unencrypted data file to be encrypted ;
retrieving the password stored in the encryption folder ;
automatically generating an encryption key associated with the encryption folder based on the retrieved password ;
and encrypting the selected data file using the encryption key .

US7162735B2
CLAIM 7 . Computer software (computer program) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6023506A
CLAIM 17 . A computer program (Computer software) encoded in a computer readable memory medium for directing information encrypting and decrypting operations on the computer , when executed by a computer causes the computer to perform the following : providing a storage area (storage folder) formed by specifying an encrypted file area for storing encrypted files obtained by encrypting unencrypted or plain text files as said information , an encrypted data area for storing plain text file names in association with encrypted file names , and a password storage area for storing a password obtained by encrypting , by means of a system key , a password inputted by a user ;
in encryption , generating an encrypted password by using a system key from a password inputted by an encryption user and storing said encrypted password in said password storage area ;
decrypting said encrypted password by using the system key and generating an encryption key ;
encrypting a specified noncryptic file by using said encryption key and said encrypted plain text file in said encrypted file area ;
and registering said table representing the relation of plain text file names with encrypted file names in said encrypted data area ;
in decryption displaying said registered association table of the encrypted data area on the basis of a password inputted by an decryption user ;
making the decryption user specify a file name to be decrypted by referring to said displayed table ;
generating said encryption key on the basis of said inputted password ;
and decrypting an encrypted file having said specified file name by using said generated encryption key .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (user access) , when executed , is operable to detect corruption of the protected code . 		US6023506A
CLAIM 19 . A method of encrypting information comprising the steps of : creating an encryption folder for holding a plurality of encrypted files ;
receiving from a user a password associated with the encryption folder ;
authenticating the password to provide the user access (security code) to files in the encryption folder ;
storing the password in the encryption folder ;
receiving a user selection of an unencrypted data file to be encrypted ;
retrieving the password stored in the encryption folder ;
automatically generating an encryption key associated with the encryption folder based on the retrieved password ;
and encrypting the selected data file using the encryption key .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (user access) is operable to delete the protected code in the event that any corruption is detected . 		US6023506A
CLAIM 19 . A method of encrypting information comprising the steps of : creating an encryption folder for holding a plurality of encrypted files ;
receiving from a user a password associated with the encryption folder ;
authenticating the password to provide the user access (security code) to files in the encryption folder ;
storing the password in the encryption folder ;
receiving a user selection of an unencrypted data file to be encrypted ;
retrieving the password stored in the encryption folder ;
automatically generating an encryption key associated with the encryption folder based on the retrieved password ;
and encrypting the selected data file using the encryption key .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (user access) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US6023506A
CLAIM 19 . A method of encrypting information comprising the steps of : creating an encryption folder for holding a plurality of encrypted files ;
receiving from a user a password associated with the encryption folder ;
authenticating the password to provide the user access (security code) to files in the encryption folder ;
storing the password in the encryption folder ;
receiving a user selection of an unencrypted data file to be encrypted ;
retrieving the password stored in the encryption folder ;
automatically generating an encryption key associated with the encryption folder based on the retrieved password ;
and encrypting the selected data file using the encryption key .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (user access) is embedded within the protected code . 		US6023506A
CLAIM 19 . A method of encrypting information comprising the steps of : creating an encryption folder for holding a plurality of encrypted files ;
receiving from a user a password associated with the encryption folder ;
authenticating the password to provide the user access (security code) to files in the encryption folder ;
storing the password in the encryption folder ;
receiving a user selection of an unencrypted data file to be encrypted ;
retrieving the password stored in the encryption folder ;
automatically generating an encryption key associated with the encryption folder based on the retrieved password ;
and encrypting the selected data file using the encryption key .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (user access) is embedded at locations which are unused by the protected code . 		US6023506A
CLAIM 19 . A method of encrypting information comprising the steps of : creating an encryption folder for holding a plurality of encrypted files ;
receiving from a user a password associated with the encryption folder ;
authenticating the password to provide the user access (security code) to files in the encryption folder ;
storing the password in the encryption folder ;
receiving a user selection of an unencrypted data file to be encrypted ;
retrieving the password stored in the encryption folder ;
automatically generating an encryption key associated with the encryption folder based on the retrieved password ;
and encrypting the selected data file using the encryption key .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (user access) and to modify the call instruction to refer to the new location . 		US6023506A
CLAIM 19 . A method of encrypting information comprising the steps of : creating an encryption folder for holding a plurality of encrypted files ;
receiving from a user a password associated with the encryption folder ;
authenticating the password to provide the user access (security code) to files in the encryption folder ;
storing the password in the encryption folder ;
receiving a user selection of an unencrypted data file to be encrypted ;
retrieving the password stored in the encryption folder ;
automatically generating an encryption key associated with the encryption folder based on the retrieved password ;
and encrypting the selected data file using the encryption key .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code and/or a data file (data file) . 		US6023506A
CLAIM 19 . A method of encrypting information comprising the steps of : creating an encryption folder for holding a plurality of encrypted files ;
receiving from a user a password associated with the encryption folder ;
authenticating the password to provide the user access to files in the encryption folder ;
storing the password in the encryption folder ;
receiving a user selection of an unencrypted data file (data file) to be encrypted ;
retrieving the password stored in the encryption folder ;
automatically generating an encryption key associated with the encryption folder based on the retrieved password ;
and encrypting the selected data file using the encryption key .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (user access) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption (encrypted files) of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US6023506A
CLAIM 1 . In a data encryption system for encrypting/decrypting information on a computer , a file encryption apparatus comprising : storage area means for storing one or more encrypted files (detects corruption) with a specific encryption key associated with said storage area means and storing encrypted information for managing the files ;
password registration means for registering an authentication password required for a user to access said storage area means ;
and file encryption/decryption means for encrypting an unencrypted file specified by a user by using the specific encryption key associated with the storage area means .

US6023506A
CLAIM 19 . A method of encrypting information comprising the steps of : creating an encryption folder for holding a plurality of encrypted files ;
receiving from a user a password associated with the encryption folder ;
authenticating the password to provide the user access (security code) to files in the encryption folder ;
storing the password in the encryption folder ;
receiving a user selection of an unencrypted data file to be encrypted ;
retrieving the password stored in the encryption folder ;
automatically generating an encryption key associated with the encryption folder based on the retrieved password ;
and encrypting the selected data file using the encryption key .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (user access) ;

the security code , when called by a call instruction , detects corruption (encrypted files) of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US6023506A
CLAIM 1 . In a data encryption system for encrypting/decrypting information on a computer , a file encryption apparatus comprising : storage area means for storing one or more encrypted files (detects corruption) with a specific encryption key associated with said storage area means and storing encrypted information for managing the files ;
password registration means for registering an authentication password required for a user to access said storage area means ;
and file encryption/decryption means for encrypting an unencrypted file specified by a user by using the specific encryption key associated with the storage area means .

US6023506A
CLAIM 19 . A method of encrypting information comprising the steps of : creating an encryption folder for holding a plurality of encrypted files ;
receiving from a user a password associated with the encryption folder ;
authenticating the password to provide the user access (security code) to files in the encryption folder ;
storing the password in the encryption folder ;
receiving a user selection of an unencrypted data file to be encrypted ;
retrieving the password stored in the encryption folder ;
automatically generating an encryption key associated with the encryption folder based on the retrieved password ;
and encrypting the selected data file using the encryption key .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6038320A

Filed: 1996-10-11     Issued: 2000-03-14

Computer security key

(Original Assignee) Intel Corp     (Current Assignee) Mineral Lassen LLC

Phillip R. Miller
US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US6038320A
CLAIM 1 . A computer security key for a computer system (computer system) with a central processing unit (CPU) which includes an external bus through which access to the CPU is provided , said computer security key comprising : a connector adapted to be coupled to the external bus ;
a controller coupled to said connector ;
and a storage device coupled to said controller which includes a location for storing a first key code and a reprogrammable location for storing an encrypted , user-selectable , first password ;
wherein said controller is programmed to provide , in response to a request received through said connector , said first key code as an output on said connector ;
encrypt a second password received through said connector ;
and provide a comparison of the encrypted second password with said encrypted , user-selectable first password .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US6038320A
CLAIM 1 . A computer security key for a computer system (computer system) with a central processing unit (CPU) which includes an external bus through which access to the CPU is provided , said computer security key comprising : a connector adapted to be coupled to the external bus ;
a controller coupled to said connector ;
and a storage device coupled to said controller which includes a location for storing a first key code and a reprogrammable location for storing an encrypted , user-selectable , first password ;
wherein said controller is programmed to provide , in response to a request received through said connector , said first key code as an output on said connector ;
encrypt a second password received through said connector ;
and provide a comparison of the encrypted second password with said encrypted , user-selectable first password .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6038320A
CLAIM 1 . A computer security key for a computer system (computer system) with a central processing unit (CPU) which includes an external bus through which access to the CPU is provided , said computer security key comprising : a connector adapted to be coupled to the external bus ;
a controller coupled to said connector ;
and a storage device coupled to said controller which includes a location for storing a first key code and a reprogrammable location for storing an encrypted , user-selectable , first password ;
wherein said controller is programmed to provide , in response to a request received through said connector , said first key code as an output on said connector ;
encrypt a second password received through said connector ;
and provide a comparison of the encrypted second password with said encrypted , user-selectable first password .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6038320A
CLAIM 1 . A computer security key for a computer system (computer system) with a central processing unit (CPU) which includes an external bus through which access to the CPU is provided , said computer security key comprising : a connector adapted to be coupled to the external bus ;
a controller coupled to said connector ;
and a storage device coupled to said controller which includes a location for storing a first key code and a reprogrammable location for storing an encrypted , user-selectable , first password ;
wherein said controller is programmed to provide , in response to a request received through said connector , said first key code as an output on said connector ;
encrypt a second password received through said connector ;
and provide a comparison of the encrypted second password with said encrypted , user-selectable first password .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (processing unit) will cause the executable conversion code to be executed when seeking to access the protected data . 		US6038320A
CLAIM 1 . A computer security key for a computer system with a central processing unit (processor means) (CPU) which includes an external bus through which access to the CPU is provided , said computer security key comprising : a connector adapted to be coupled to the external bus ;
a controller coupled to said connector ;
and a storage device coupled to said controller which includes a location for storing a first key code and a reprogrammable location for storing an encrypted , user-selectable , first password ;
wherein said controller is programmed to provide , in response to a request received through said connector , said first key code as an output on said connector ;
encrypt a second password received through said connector ;
and provide a comparison of the encrypted second password with said encrypted , user-selectable first password .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US6038320A
CLAIM 1 . A computer security key for a computer system (computer system) with a central processing unit (CPU) which includes an external bus through which access to the CPU is provided , said computer security key comprising : a connector adapted to be coupled to the external bus ;
a controller coupled to said connector ;
and a storage device coupled to said controller which includes a location for storing a first key code and a reprogrammable location for storing an encrypted , user-selectable , first password ;
wherein said controller is programmed to provide , in response to a request received through said connector , said first key code as an output on said connector ;
encrypt a second password received through said connector ;
and provide a comparison of the encrypted second password with said encrypted , user-selectable first password .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US6038320A
CLAIM 1 . A computer security key for a computer system (computer system) with a central processing unit (CPU) which includes an external bus through which access to the CPU is provided , said computer security key comprising : a connector adapted to be coupled to the external bus ;
a controller coupled to said connector ;
and a storage device coupled to said controller which includes a location for storing a first key code and a reprogrammable location for storing an encrypted , user-selectable , first password ;
wherein said controller is programmed to provide , in response to a request received through said connector , said first key code as an output on said connector ;
encrypt a second password received through said connector ;
and provide a comparison of the encrypted second password with said encrypted , user-selectable first password .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US6038320A
CLAIM 1 . A computer security key for a computer system (computer system) with a central processing unit (CPU) which includes an external bus through which access to the CPU is provided , said computer security key comprising : a connector adapted to be coupled to the external bus ;
a controller coupled to said connector ;
and a storage device coupled to said controller which includes a location for storing a first key code and a reprogrammable location for storing an encrypted , user-selectable , first password ;
wherein said controller is programmed to provide , in response to a request received through said connector , said first key code as an output on said connector ;
encrypt a second password received through said connector ;
and provide a comparison of the encrypted second password with said encrypted , user-selectable first password .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US6038320A
CLAIM 1 . A computer security key for a computer system (computer system) with a central processing unit (CPU) which includes an external bus through which access to the CPU is provided , said computer security key comprising : a connector adapted to be coupled to the external bus ;
a controller coupled to said connector ;
and a storage device coupled to said controller which includes a location for storing a first key code and a reprogrammable location for storing an encrypted , user-selectable , first password ;
wherein said controller is programmed to provide , in response to a request received through said connector , said first key code as an output on said connector ;
encrypt a second password received through said connector ;
and provide a comparison of the encrypted second password with said encrypted , user-selectable first password .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5892900A

Filed: 1996-08-30     Issued: 1999-04-06

Systems and methods for secure transaction management and electronic rights protection

(Original Assignee) Intertrust Technologies Corp     (Current Assignee) Intertrust Technologies Corp

Karl L. Ginter, Victor H. Shear, W. Olin Sibert, Francis J. Spahn, David M. Van Wie
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item (remote device) of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key (encryption keys, certain portion) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5892900A
CLAIM 65 . A virtual distribution environment comprising a host processing environment comprising a central processing unit ;
main memory operatively connected to said central processing unit ;
mass storage operatively connected to said central processing unit and said main memory said mass storage comprising a secure storage area storing information at least some of which is encrypted , said information including one or more applications programs , each of said applications programs comprising one or more applications modules , and at least two encrypted applications modules , one of said encrypted applications modules having been encrypted using a first encryption key and a second of said encrypted applications modules having been encrypted using a second encryption key different from said first encryption key , and a non-secure storage area storing information ;
one or more storage locations including one or more memory locations allocated by an operating system to a boot record file , but not used by such file , said memory locations being located after the end of said file but before the end of the memory sector allocated by said operating system to said file , said one or more storage locations storing one or more cryptographic keys ;
one or more storage locations storing at least one of said encryption keys (conversion key, respective conversion key) . programming which controls said host processing environment so as to load said applications modules from said secure storage area into said main memory , said programming further comprising , programming which decrypts said applications modules during said loading process , and programming which removes at least certain of said application modules from said main memory as soon as execution of each said application module has at least temporarily completed , even if the area of said main memory occupied by said application module is not yet required for other information , whereby the duration of residency of at least certain applications modules in an unencrypted state in said main memory is limited so as to render analysis of said applications modules more difficult .

US5892900A
CLAIM 102 . A virtual distribution environment comprising a host processing environment comprising a central processing unit ;
main memory operatively connected to said central processing unit ;
mass storage operatively connected to said central processing unit and said main memory , a communications port , a storage location storing one or more values indicating the number of designated operations which have occurred since initialization of said one or more values , said storage location operatively connected to said communications port , said storage location constituting one or more memory locations allocated by an operating system to a boot record file , but not used by such file , said memory locations being located after the end of said file but before the end of the memory sector allocated by said operating system to said file , updating circuitry operatively connected to increment said one or more values upon the occurrence of one of said designated operations , whereby , a remote device (second item) can access said one or more values through said communications port .

US5892900A
CLAIM 184 . A virtual distribution environment comprising : a first host processing environment , said first host processing environment comprising a registry containing one or more installation keys ;
a second host processing environment comprising : a central processing unit ;
main memory operatively connected to said central processing unit mass storage operatively connected to said central processing unit and said main memory ;
a communications port ;
and secure software , said secure software including : encrypted operational materials and installation materials , said installation materials including : encrypted installation materials , said encrypted installation materials including : programming which causes at least certain portion (conversion key, respective conversion key) s of said operational materials to be decrypted , and confounding algorithm programming which uses at least one confounding algorithm to create critical values required for correct operation of said operational materials on said second host processing environment ;
at least one of said confounding algorithms constituting the MD5 algorithm , and unencrypted installation materials , said unencrypted installation materials including : programming which causes the decryption of said encrypted installation materials , programming which uses said communications port to establish communication with said first host processing environment , programming which includes a secure key exchange protocol , programming which receives an installation key from said registry , and programming which uses said installation key to decrypt at least a portion of said encrypted installation materials ;
whereby , said installation materials are decrypted and installed and cause said operational materials to be decrypted and installed .

US7162735B2
CLAIM 3 . A computer system (bus interface, interrupt signal, timing circuit) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US5892900A
CLAIM 1 . A secure processing unit comprising a CPU , microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
said barrier including : a secure bus interface (memory means, computer system comprising memory, processor means, computer system) unit , comprising : a port designed for connection to a bus external to the secure processing unit ;
signal-evaluation circuitry which evaluates signals received from said external bus to determine whether said signals were generated by a trusted source ;
and transmission circuitry which transmits signals between said secure processing unit and said external bus , said transmission circuitry comprising gating circuitry operatively connected to said signal-evaluation circuitry ;
said gating circuitry including selective release circuitry which selectively releases signals from said external bus for transmission by said trqansmission circuitry to said secure processing unit or blocks said signals ;
said selective release circuitry being controlled , at least in part , by signals received from said signal-evaluation circuitry , a clock , including ;
circuitry which stores time information ;
circuitry which updates said time information to reflect the passage of time ;
circuitry designed to output said time information for use by said secure processing unit ;
user-controllable circuitry operatively connected to adjust said time information ;
parameter circuitry operatively controlled to limit the magnitude of an adjustment by said user-controllable circuitry to said time information ;
synchronization circuitry operatively connected to an external port , said synchronization circuitry further comprising : a comparator operatively connected to compare said time information with an external timing signal ;
said comparator outputting a non-synch signal in the event said comparison indicates a difference which exceeds a threshold ;
an encryption/decryption engine ;
a random number generator ;
secure memory ;
and means for creation of one or more secure objects , said secure objects comprising at least one control information and content governed by said at least one control information .

US5892900A
CLAIM 37 . A secure processing unit as in claim 34 , said first type of signals further comprising : interrupt signal (memory means, computer system comprising memory, processor means, computer system) s .

US5892900A
CLAIM 54 . A secure processing unit as in claim 19 , said secure processing unit further comprising : timing circuit (memory means, computer system comprising memory, processor means, computer system) ry operatively connected to determine the number of cycles taken by one or more operations performed by said secure processing unit ;
said secure mode interface switch being operatively connected to said timing circuitry ;
said secure mode interface switch including transition circuitry causing said secure mode interface switch to transition from one security state to a different security state based on information received from said timing circuitry .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (unauthorized access, decryption engine, public key) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction (time values) with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5892900A
CLAIM 1 . A secure processing unit comprising a CPU , microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
said barrier including : a secure bus interface unit , comprising : a port designed for connection to a bus external to the secure processing unit ;
signal-evaluation circuitry which evaluates signals received from said external bus to determine whether said signals were generated by a trusted source ;
and transmission circuitry which transmits signals between said secure processing unit and said external bus , said transmission circuitry comprising gating circuitry operatively connected to said signal-evaluation circuitry ;
said gating circuitry including selective release circuitry which selectively releases signals from said external bus for transmission by said trqansmission circuitry to said secure processing unit or blocks said signals ;
said selective release circuitry being controlled , at least in part , by signals received from said signal-evaluation circuitry , a clock , including ;
circuitry which stores time information ;
circuitry which updates said time information to reflect the passage of time ;
circuitry designed to output said time information for use by said secure processing unit ;
user-controllable circuitry operatively connected to adjust said time information ;
parameter circuitry operatively controlled to limit the magnitude of an adjustment by said user-controllable circuitry to said time information ;
synchronization circuitry operatively connected to an external port , said synchronization circuitry further comprising : a comparator operatively connected to compare said time information with an external timing signal ;
said comparator outputting a non-synch signal in the event said comparison indicates a difference which exceeds a threshold ;
an encryption/decryption engine (security code) ;
a random number generator ;
secure memory ;
and means for creation of one or more secure objects , said secure objects comprising at least one control information and content governed by said at least one control information .

US5892900A
CLAIM 10 . A secure processing unit as in claim 9 , said asymmetric encryption algorithm comprising a public key (security code) -private key algorithm .

US5892900A
CLAIM 11 . A secure processing unit comprising a CPU , microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
a clock ;
an encryption/decryption engine ;
a random number generator ;
secure memory ;
said secure memory further comprising : circuitry protecting the contents of said memory from unauthorized access (security code) or alteration ;
and random access memory including volatile random access memory and non-volatile random access memory ;
said non-volatile random access memory storing one or more cryptographic keys ;
budget information and ;
and information loaded into such memory during an initialization process involving communication with a VDE administrator means for creation of one or more secure obiects , said secure objects comprising at least one control information and content governed by said at least one control information .

US5892900A
CLAIM 69 . A virtual distribution environment as in claim 68 , further comprising : time integrity programming comprising : programming which invokes said trusted server time programming , and time comparison programming which compares the time value specified by said clock to said time value obtained from said trusted server , determines whether said time values (call instruction) have a specified relationship and sets an indication based on the result of such determination .

US7162735B2
CLAIM 5 . A computer system (bus interface, interrupt signal, timing circuit) comprising memory means (bus interface, interrupt signal, timing circuit) containing a digital protection (control circuitry, said selection) arrangement according to claim 4 . 		US5892900A
CLAIM 1 . A secure processing unit comprising a CPU , microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
said barrier including : a secure bus interface (memory means, computer system comprising memory, processor means, computer system) unit , comprising : a port designed for connection to a bus external to the secure processing unit ;
signal-evaluation circuitry which evaluates signals received from said external bus to determine whether said signals were generated by a trusted source ;
and transmission circuitry which transmits signals between said secure processing unit and said external bus , said transmission circuitry comprising gating circuitry operatively connected to said signal-evaluation circuitry ;
said gating circuitry including selective release circuitry which selectively releases signals from said external bus for transmission by said trqansmission circuitry to said secure processing unit or blocks said signals ;
said selective release circuitry being controlled , at least in part , by signals received from said signal-evaluation circuitry , a clock , including ;
circuitry which stores time information ;
circuitry which updates said time information to reflect the passage of time ;
circuitry designed to output said time information for use by said secure processing unit ;
user-controllable circuitry operatively connected to adjust said time information ;
parameter circuitry operatively controlled to limit the magnitude of an adjustment by said user-controllable circuitry to said time information ;
synchronization circuitry operatively connected to an external port , said synchronization circuitry further comprising : a comparator operatively connected to compare said time information with an external timing signal ;
said comparator outputting a non-synch signal in the event said comparison indicates a difference which exceeds a threshold ;
an encryption/decryption engine ;
a random number generator ;
secure memory ;
and means for creation of one or more secure objects , said secure objects comprising at least one control information and content governed by said at least one control information .

US5892900A
CLAIM 37 . A secure processing unit as in claim 34 , said first type of signals further comprising : interrupt signal (memory means, computer system comprising memory, processor means, computer system) s .

US5892900A
CLAIM 40 . A secure processing unit as in claim 34 , said secure processing unit further comprising : control circuitry (digital protection) responsive to execution of one or more instructions by said secure processing unit when said secure processing unit is in said first security-related state ;
said control circuitry operating to override said conditional access circuitry , thereby allowing passage of said first type of signals between said external bus and said internal circuitry when said secure processing unit is in said first security-related state .

US5892900A
CLAIM 54 . A secure processing unit as in claim 19 , said secure processing unit further comprising : timing circuit (memory means, computer system comprising memory, processor means, computer system) ry operatively connected to determine the number of cycles taken by one or more operations performed by said secure processing unit ;
said secure mode interface switch being operatively connected to said timing circuitry ;
said secure mode interface switch including transition circuitry causing said secure mode interface switch to transition from one security state to a different security state based on information received from said timing circuitry .

US5892900A
CLAIM 137 . A virtual distribution environment as in claim 136 , said selection (digital protection) programming further comprising : programming which makes such selection on a random or pseudo-random basis .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (bus interface, interrupt signal, timing circuit) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5892900A
CLAIM 1 . A secure processing unit comprising a CPU , microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
said barrier including : a secure bus interface (memory means, computer system comprising memory, processor means, computer system) unit , comprising : a port designed for connection to a bus external to the secure processing unit ;
signal-evaluation circuitry which evaluates signals received from said external bus to determine whether said signals were generated by a trusted source ;
and transmission circuitry which transmits signals between said secure processing unit and said external bus , said transmission circuitry comprising gating circuitry operatively connected to said signal-evaluation circuitry ;
said gating circuitry including selective release circuitry which selectively releases signals from said external bus for transmission by said trqansmission circuitry to said secure processing unit or blocks said signals ;
said selective release circuitry being controlled , at least in part , by signals received from said signal-evaluation circuitry , a clock , including ;
circuitry which stores time information ;
circuitry which updates said time information to reflect the passage of time ;
circuitry designed to output said time information for use by said secure processing unit ;
user-controllable circuitry operatively connected to adjust said time information ;
parameter circuitry operatively controlled to limit the magnitude of an adjustment by said user-controllable circuitry to said time information ;
synchronization circuitry operatively connected to an external port , said synchronization circuitry further comprising : a comparator operatively connected to compare said time information with an external timing signal ;
said comparator outputting a non-synch signal in the event said comparison indicates a difference which exceeds a threshold ;
an encryption/decryption engine ;
a random number generator ;
secure memory ;
and means for creation of one or more secure objects , said secure objects comprising at least one control information and content governed by said at least one control information .

US5892900A
CLAIM 37 . A secure processing unit as in claim 34 , said first type of signals further comprising : interrupt signal (memory means, computer system comprising memory, processor means, computer system) s .

US5892900A
CLAIM 54 . A secure processing unit as in claim 19 , said secure processing unit further comprising : timing circuit (memory means, computer system comprising memory, processor means, computer system) ry operatively connected to determine the number of cycles taken by one or more operations performed by said secure processing unit ;
said secure mode interface switch being operatively connected to said timing circuitry ;
said secure mode interface switch including transition circuitry causing said secure mode interface switch to transition from one security state to a different security state based on information received from said timing circuitry .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (bus interface, interrupt signal, timing circuit) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5892900A
CLAIM 1 . A secure processing unit comprising a CPU , microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
said barrier including : a secure bus interface (memory means, computer system comprising memory, processor means, computer system) unit , comprising : a port designed for connection to a bus external to the secure processing unit ;
signal-evaluation circuitry which evaluates signals received from said external bus to determine whether said signals were generated by a trusted source ;
and transmission circuitry which transmits signals between said secure processing unit and said external bus , said transmission circuitry comprising gating circuitry operatively connected to said signal-evaluation circuitry ;
said gating circuitry including selective release circuitry which selectively releases signals from said external bus for transmission by said trqansmission circuitry to said secure processing unit or blocks said signals ;
said selective release circuitry being controlled , at least in part , by signals received from said signal-evaluation circuitry , a clock , including ;
circuitry which stores time information ;
circuitry which updates said time information to reflect the passage of time ;
circuitry designed to output said time information for use by said secure processing unit ;
user-controllable circuitry operatively connected to adjust said time information ;
parameter circuitry operatively controlled to limit the magnitude of an adjustment by said user-controllable circuitry to said time information ;
synchronization circuitry operatively connected to an external port , said synchronization circuitry further comprising : a comparator operatively connected to compare said time information with an external timing signal ;
said comparator outputting a non-synch signal in the event said comparison indicates a difference which exceeds a threshold ;
an encryption/decryption engine ;
a random number generator ;
secure memory ;
and means for creation of one or more secure objects , said secure objects comprising at least one control information and content governed by said at least one control information .

US5892900A
CLAIM 37 . A secure processing unit as in claim 34 , said first type of signals further comprising : interrupt signal (memory means, computer system comprising memory, processor means, computer system) s .

US5892900A
CLAIM 54 . A secure processing unit as in claim 19 , said secure processing unit further comprising : timing circuit (memory means, computer system comprising memory, processor means, computer system) ry operatively connected to determine the number of cycles taken by one or more operations performed by said secure processing unit ;
said secure mode interface switch being operatively connected to said timing circuitry ;
said secure mode interface switch including transition circuitry causing said secure mode interface switch to transition from one security state to a different security state based on information received from said timing circuitry .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (unauthorized access, decryption engine, public key) , when executed , is operable to detect corruption of the protected code . 		US5892900A
CLAIM 1 . A secure processing unit comprising a CPU , microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
said barrier including : a secure bus interface unit , comprising : a port designed for connection to a bus external to the secure processing unit ;
signal-evaluation circuitry which evaluates signals received from said external bus to determine whether said signals were generated by a trusted source ;
and transmission circuitry which transmits signals between said secure processing unit and said external bus , said transmission circuitry comprising gating circuitry operatively connected to said signal-evaluation circuitry ;
said gating circuitry including selective release circuitry which selectively releases signals from said external bus for transmission by said trqansmission circuitry to said secure processing unit or blocks said signals ;
said selective release circuitry being controlled , at least in part , by signals received from said signal-evaluation circuitry , a clock , including ;
circuitry which stores time information ;
circuitry which updates said time information to reflect the passage of time ;
circuitry designed to output said time information for use by said secure processing unit ;
user-controllable circuitry operatively connected to adjust said time information ;
parameter circuitry operatively controlled to limit the magnitude of an adjustment by said user-controllable circuitry to said time information ;
synchronization circuitry operatively connected to an external port , said synchronization circuitry further comprising : a comparator operatively connected to compare said time information with an external timing signal ;
said comparator outputting a non-synch signal in the event said comparison indicates a difference which exceeds a threshold ;
an encryption/decryption engine (security code) ;
a random number generator ;
secure memory ;
and means for creation of one or more secure objects , said secure objects comprising at least one control information and content governed by said at least one control information .

US5892900A
CLAIM 10 . A secure processing unit as in claim 9 , said asymmetric encryption algorithm comprising a public key (security code) -private key algorithm .

US5892900A
CLAIM 11 . A secure processing unit comprising a CPU , microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
a clock ;
an encryption/decryption engine ;
a random number generator ;
secure memory ;
said secure memory further comprising : circuitry protecting the contents of said memory from unauthorized access (security code) or alteration ;
and random access memory including volatile random access memory and non-volatile random access memory ;
said non-volatile random access memory storing one or more cryptographic keys ;
budget information and ;
and information loaded into such memory during an initialization process involving communication with a VDE administrator means for creation of one or more secure obiects , said secure objects comprising at least one control information and content governed by said at least one control information .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (unauthorized access, decryption engine, public key) is operable to delete the protected code in the event that any corruption is detected . 		US5892900A
CLAIM 1 . A secure processing unit comprising a CPU , microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
said barrier including : a secure bus interface unit , comprising : a port designed for connection to a bus external to the secure processing unit ;
signal-evaluation circuitry which evaluates signals received from said external bus to determine whether said signals were generated by a trusted source ;
and transmission circuitry which transmits signals between said secure processing unit and said external bus , said transmission circuitry comprising gating circuitry operatively connected to said signal-evaluation circuitry ;
said gating circuitry including selective release circuitry which selectively releases signals from said external bus for transmission by said trqansmission circuitry to said secure processing unit or blocks said signals ;
said selective release circuitry being controlled , at least in part , by signals received from said signal-evaluation circuitry , a clock , including ;
circuitry which stores time information ;
circuitry which updates said time information to reflect the passage of time ;
circuitry designed to output said time information for use by said secure processing unit ;
user-controllable circuitry operatively connected to adjust said time information ;
parameter circuitry operatively controlled to limit the magnitude of an adjustment by said user-controllable circuitry to said time information ;
synchronization circuitry operatively connected to an external port , said synchronization circuitry further comprising : a comparator operatively connected to compare said time information with an external timing signal ;
said comparator outputting a non-synch signal in the event said comparison indicates a difference which exceeds a threshold ;
an encryption/decryption engine (security code) ;
a random number generator ;
secure memory ;
and means for creation of one or more secure objects , said secure objects comprising at least one control information and content governed by said at least one control information .

US5892900A
CLAIM 10 . A secure processing unit as in claim 9 , said asymmetric encryption algorithm comprising a public key (security code) -private key algorithm .

US5892900A
CLAIM 11 . A secure processing unit comprising a CPU , microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
a clock ;
an encryption/decryption engine ;
a random number generator ;
secure memory ;
said secure memory further comprising : circuitry protecting the contents of said memory from unauthorized access (security code) or alteration ;
and random access memory including volatile random access memory and non-volatile random access memory ;
said non-volatile random access memory storing one or more cryptographic keys ;
budget information and ;
and information loaded into such memory during an initialization process involving communication with a VDE administrator means for creation of one or more secure obiects , said secure objects comprising at least one control information and content governed by said at least one control information .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction (time values) and the security code (unauthorized access, decryption engine, public key) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US5892900A
CLAIM 1 . A secure processing unit comprising a CPU , microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
said barrier including : a secure bus interface unit , comprising : a port designed for connection to a bus external to the secure processing unit ;
signal-evaluation circuitry which evaluates signals received from said external bus to determine whether said signals were generated by a trusted source ;
and transmission circuitry which transmits signals between said secure processing unit and said external bus , said transmission circuitry comprising gating circuitry operatively connected to said signal-evaluation circuitry ;
said gating circuitry including selective release circuitry which selectively releases signals from said external bus for transmission by said trqansmission circuitry to said secure processing unit or blocks said signals ;
said selective release circuitry being controlled , at least in part , by signals received from said signal-evaluation circuitry , a clock , including ;
circuitry which stores time information ;
circuitry which updates said time information to reflect the passage of time ;
circuitry designed to output said time information for use by said secure processing unit ;
user-controllable circuitry operatively connected to adjust said time information ;
parameter circuitry operatively controlled to limit the magnitude of an adjustment by said user-controllable circuitry to said time information ;
synchronization circuitry operatively connected to an external port , said synchronization circuitry further comprising : a comparator operatively connected to compare said time information with an external timing signal ;
said comparator outputting a non-synch signal in the event said comparison indicates a difference which exceeds a threshold ;
an encryption/decryption engine (security code) ;
a random number generator ;
secure memory ;
and means for creation of one or more secure objects , said secure objects comprising at least one control information and content governed by said at least one control information .

US5892900A
CLAIM 10 . A secure processing unit as in claim 9 , said asymmetric encryption algorithm comprising a public key (security code) -private key algorithm .

US5892900A
CLAIM 11 . A secure processing unit comprising a CPU , microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
a clock ;
an encryption/decryption engine ;
a random number generator ;
secure memory ;
said secure memory further comprising : circuitry protecting the contents of said memory from unauthorized access (security code) or alteration ;
and random access memory including volatile random access memory and non-volatile random access memory ;
said non-volatile random access memory storing one or more cryptographic keys ;
budget information and ;
and information loaded into such memory during an initialization process involving communication with a VDE administrator means for creation of one or more secure obiects , said secure objects comprising at least one control information and content governed by said at least one control information .

US5892900A
CLAIM 69 . A virtual distribution environment as in claim 68 , further comprising : time integrity programming comprising : programming which invokes said trusted server time programming , and time comparison programming which compares the time value specified by said clock to said time value obtained from said trusted server , determines whether said time values (call instruction) have a specified relationship and sets an indication based on the result of such determination .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (unauthorized access, decryption engine, public key) is embedded within the protected code . 		US5892900A
CLAIM 1 . A secure processing unit comprising a CPU , microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
said barrier including : a secure bus interface unit , comprising : a port designed for connection to a bus external to the secure processing unit ;
signal-evaluation circuitry which evaluates signals received from said external bus to determine whether said signals were generated by a trusted source ;
and transmission circuitry which transmits signals between said secure processing unit and said external bus , said transmission circuitry comprising gating circuitry operatively connected to said signal-evaluation circuitry ;
said gating circuitry including selective release circuitry which selectively releases signals from said external bus for transmission by said trqansmission circuitry to said secure processing unit or blocks said signals ;
said selective release circuitry being controlled , at least in part , by signals received from said signal-evaluation circuitry , a clock , including ;
circuitry which stores time information ;
circuitry which updates said time information to reflect the passage of time ;
circuitry designed to output said time information for use by said secure processing unit ;
user-controllable circuitry operatively connected to adjust said time information ;
parameter circuitry operatively controlled to limit the magnitude of an adjustment by said user-controllable circuitry to said time information ;
synchronization circuitry operatively connected to an external port , said synchronization circuitry further comprising : a comparator operatively connected to compare said time information with an external timing signal ;
said comparator outputting a non-synch signal in the event said comparison indicates a difference which exceeds a threshold ;
an encryption/decryption engine (security code) ;
a random number generator ;
secure memory ;
and means for creation of one or more secure objects , said secure objects comprising at least one control information and content governed by said at least one control information .

US5892900A
CLAIM 10 . A secure processing unit as in claim 9 , said asymmetric encryption algorithm comprising a public key (security code) -private key algorithm .

US5892900A
CLAIM 11 . A secure processing unit comprising a CPU , microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
a clock ;
an encryption/decryption engine ;
a random number generator ;
secure memory ;
said secure memory further comprising : circuitry protecting the contents of said memory from unauthorized access (security code) or alteration ;
and random access memory including volatile random access memory and non-volatile random access memory ;
said non-volatile random access memory storing one or more cryptographic keys ;
budget information and ;
and information loaded into such memory during an initialization process involving communication with a VDE administrator means for creation of one or more secure obiects , said secure objects comprising at least one control information and content governed by said at least one control information .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (unauthorized access, decryption engine, public key) is embedded at locations which are unused by the protected code . 		US5892900A
CLAIM 1 . A secure processing unit comprising a CPU , microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
said barrier including : a secure bus interface unit , comprising : a port designed for connection to a bus external to the secure processing unit ;
signal-evaluation circuitry which evaluates signals received from said external bus to determine whether said signals were generated by a trusted source ;
and transmission circuitry which transmits signals between said secure processing unit and said external bus , said transmission circuitry comprising gating circuitry operatively connected to said signal-evaluation circuitry ;
said gating circuitry including selective release circuitry which selectively releases signals from said external bus for transmission by said trqansmission circuitry to said secure processing unit or blocks said signals ;
said selective release circuitry being controlled , at least in part , by signals received from said signal-evaluation circuitry , a clock , including ;
circuitry which stores time information ;
circuitry which updates said time information to reflect the passage of time ;
circuitry designed to output said time information for use by said secure processing unit ;
user-controllable circuitry operatively connected to adjust said time information ;
parameter circuitry operatively controlled to limit the magnitude of an adjustment by said user-controllable circuitry to said time information ;
synchronization circuitry operatively connected to an external port , said synchronization circuitry further comprising : a comparator operatively connected to compare said time information with an external timing signal ;
said comparator outputting a non-synch signal in the event said comparison indicates a difference which exceeds a threshold ;
an encryption/decryption engine (security code) ;
a random number generator ;
secure memory ;
and means for creation of one or more secure objects , said secure objects comprising at least one control information and content governed by said at least one control information .

US5892900A
CLAIM 10 . A secure processing unit as in claim 9 , said asymmetric encryption algorithm comprising a public key (security code) -private key algorithm .

US5892900A
CLAIM 11 . A secure processing unit comprising a CPU , microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
a clock ;
an encryption/decryption engine ;
a random number generator ;
secure memory ;
said secure memory further comprising : circuitry protecting the contents of said memory from unauthorized access (security code) or alteration ;
and random access memory including volatile random access memory and non-volatile random access memory ;
said non-volatile random access memory storing one or more cryptographic keys ;
budget information and ;
and information loaded into such memory during an initialization process involving communication with a VDE administrator means for creation of one or more secure obiects , said secure objects comprising at least one control information and content governed by said at least one control information .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (unauthorized access, decryption engine, public key) and to modify the call instruction (time values) to refer to the new location . 		US5892900A
CLAIM 1 . A secure processing unit comprising a CPU , microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
said barrier including : a secure bus interface unit , comprising : a port designed for connection to a bus external to the secure processing unit ;
signal-evaluation circuitry which evaluates signals received from said external bus to determine whether said signals were generated by a trusted source ;
and transmission circuitry which transmits signals between said secure processing unit and said external bus , said transmission circuitry comprising gating circuitry operatively connected to said signal-evaluation circuitry ;
said gating circuitry including selective release circuitry which selectively releases signals from said external bus for transmission by said trqansmission circuitry to said secure processing unit or blocks said signals ;
said selective release circuitry being controlled , at least in part , by signals received from said signal-evaluation circuitry , a clock , including ;
circuitry which stores time information ;
circuitry which updates said time information to reflect the passage of time ;
circuitry designed to output said time information for use by said secure processing unit ;
user-controllable circuitry operatively connected to adjust said time information ;
parameter circuitry operatively controlled to limit the magnitude of an adjustment by said user-controllable circuitry to said time information ;
synchronization circuitry operatively connected to an external port , said synchronization circuitry further comprising : a comparator operatively connected to compare said time information with an external timing signal ;
said comparator outputting a non-synch signal in the event said comparison indicates a difference which exceeds a threshold ;
an encryption/decryption engine (security code) ;
a random number generator ;
secure memory ;
and means for creation of one or more secure objects , said secure objects comprising at least one control information and content governed by said at least one control information .

US5892900A
CLAIM 10 . A secure processing unit as in claim 9 , said asymmetric encryption algorithm comprising a public key (security code) -private key algorithm .

US5892900A
CLAIM 11 . A secure processing unit comprising a CPU , microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
a clock ;
an encryption/decryption engine ;
a random number generator ;
secure memory ;
said secure memory further comprising : circuitry protecting the contents of said memory from unauthorized access (security code) or alteration ;
and random access memory including volatile random access memory and non-volatile random access memory ;
said non-volatile random access memory storing one or more cryptographic keys ;
budget information and ;
and information loaded into such memory during an initialization process involving communication with a VDE administrator means for creation of one or more secure obiects , said secure objects comprising at least one control information and content governed by said at least one control information .

US5892900A
CLAIM 69 . A virtual distribution environment as in claim 68 , further comprising : time integrity programming comprising : programming which invokes said trusted server time programming , and time comparison programming which compares the time value specified by said clock to said time value obtained from said trusted server , determines whether said time values (call instruction) have a specified relationship and sets an indication based on the result of such determination .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key (encryption keys, certain portion) from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5892900A
CLAIM 65 . A virtual distribution environment comprising a host processing environment comprising a central processing unit ;
main memory operatively connected to said central processing unit ;
mass storage operatively connected to said central processing unit and said main memory said mass storage comprising a secure storage area storing information at least some of which is encrypted , said information including one or more applications programs , each of said applications programs comprising one or more applications modules , and at least two encrypted applications modules , one of said encrypted applications modules having been encrypted using a first encryption key and a second of said encrypted applications modules having been encrypted using a second encryption key different from said first encryption key , and a non-secure storage area storing information ;
one or more storage locations including one or more memory locations allocated by an operating system to a boot record file , but not used by such file , said memory locations being located after the end of said file but before the end of the memory sector allocated by said operating system to said file , said one or more storage locations storing one or more cryptographic keys ;
one or more storage locations storing at least one of said encryption keys (conversion key, respective conversion key) . programming which controls said host processing environment so as to load said applications modules from said secure storage area into said main memory , said programming further comprising , programming which decrypts said applications modules during said loading process , and programming which removes at least certain of said application modules from said main memory as soon as execution of each said application module has at least temporarily completed , even if the area of said main memory occupied by said application module is not yet required for other information , whereby the duration of residency of at least certain applications modules in an unencrypted state in said main memory is limited so as to render analysis of said applications modules more difficult .

US5892900A
CLAIM 184 . A virtual distribution environment comprising : a first host processing environment , said first host processing environment comprising a registry containing one or more installation keys ;
a second host processing environment comprising : a central processing unit ;
main memory operatively connected to said central processing unit mass storage operatively connected to said central processing unit and said main memory ;
a communications port ;
and secure software , said secure software including : encrypted operational materials and installation materials , said installation materials including : encrypted installation materials , said encrypted installation materials including : programming which causes at least certain portion (conversion key, respective conversion key) s of said operational materials to be decrypted , and confounding algorithm programming which uses at least one confounding algorithm to create critical values required for correct operation of said operational materials on said second host processing environment ;
at least one of said confounding algorithms constituting the MD5 algorithm , and unencrypted installation materials , said unencrypted installation materials including : programming which causes the decryption of said encrypted installation materials , programming which uses said communications port to establish communication with said first host processing environment , programming which includes a secure key exchange protocol , programming which receives an installation key from said registry , and programming which uses said installation key to decrypt at least a portion of said encrypted installation materials ;
whereby , said installation materials are decrypted and installed and cause said operational materials to be decrypted and installed .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (encryption keys, certain portion) derived from a respective target (synchronization circuit, more operation) block (synchronization circuit, more operation) . 		US5892900A
CLAIM 3 . A secure processing unit as in claim 2 , said synchronization circuit (respective target block, respective target) ry further comprising : circuitry designed to accept said external timing signal only if said signal evaluation circuitry indicates that said external timing signal is received from a secure source .

US5892900A
CLAIM 54 . A secure processing unit as in claim 19 , said secure processing unit further comprising : timing circuitry operatively connected to determine the number of cycles taken by one or more operation (respective target block, respective target) s performed by said secure processing unit ;
said secure mode interface switch being operatively connected to said timing circuitry ;
said secure mode interface switch including transition circuitry causing said secure mode interface switch to transition from one security state to a different security state based on information received from said timing circuitry .

US5892900A
CLAIM 65 . A virtual distribution environment comprising a host processing environment comprising a central processing unit ;
main memory operatively connected to said central processing unit ;
mass storage operatively connected to said central processing unit and said main memory said mass storage comprising a secure storage area storing information at least some of which is encrypted , said information including one or more applications programs , each of said applications programs comprising one or more applications modules , and at least two encrypted applications modules , one of said encrypted applications modules having been encrypted using a first encryption key and a second of said encrypted applications modules having been encrypted using a second encryption key different from said first encryption key , and a non-secure storage area storing information ;
one or more storage locations including one or more memory locations allocated by an operating system to a boot record file , but not used by such file , said memory locations being located after the end of said file but before the end of the memory sector allocated by said operating system to said file , said one or more storage locations storing one or more cryptographic keys ;
one or more storage locations storing at least one of said encryption keys (conversion key, respective conversion key) . programming which controls said host processing environment so as to load said applications modules from said secure storage area into said main memory , said programming further comprising , programming which decrypts said applications modules during said loading process , and programming which removes at least certain of said application modules from said main memory as soon as execution of each said application module has at least temporarily completed , even if the area of said main memory occupied by said application module is not yet required for other information , whereby the duration of residency of at least certain applications modules in an unencrypted state in said main memory is limited so as to render analysis of said applications modules more difficult .

US5892900A
CLAIM 184 . A virtual distribution environment comprising : a first host processing environment , said first host processing environment comprising a registry containing one or more installation keys ;
a second host processing environment comprising : a central processing unit ;
main memory operatively connected to said central processing unit mass storage operatively connected to said central processing unit and said main memory ;
a communications port ;
and secure software , said secure software including : encrypted operational materials and installation materials , said installation materials including : encrypted installation materials , said encrypted installation materials including : programming which causes at least certain portion (conversion key, respective conversion key) s of said operational materials to be decrypted , and confounding algorithm programming which uses at least one confounding algorithm to create critical values required for correct operation of said operational materials on said second host processing environment ;
at least one of said confounding algorithms constituting the MD5 algorithm , and unencrypted installation materials , said unencrypted installation materials including : programming which causes the decryption of said encrypted installation materials , programming which uses said communications port to establish communication with said first host processing environment , programming which includes a secure key exchange protocol , programming which receives an installation key from said registry , and programming which uses said installation key to decrypt at least a portion of said encrypted installation materials ;
whereby , said installation materials are decrypted and installed and cause said operational materials to be decrypted and installed .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code and/or a data file (Ethernet network, said signals) . 		US5892900A
CLAIM 196 . A method as in claim 195 , said network comprising an Ethernet network (data file, one order) .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (transmits signals) operable to execute code , and memory means (bus interface, interrupt signal, timing circuit) storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (bus interface, interrupt signal, timing circuit) will cause the executable conversion code to be executed when seeking to access the protected data . 		US5892900A
CLAIM 34 . A secure processing unit as in claim 19 , said secure processing unit further comprising : a bus interface (memory means, computer system comprising memory, processor means, computer system) unit operatively connected to internal circuitry of said secure processing unit , to said secure mode interface switch and to an external bus , said bus interface unit operating to pass signals between said external bus and said internal circuitry ;
said bus interface unit containing conditional access circuitry ;
said conditional access circuitry operating to pass a first type of signals between said external bus and said internal circuitry when said secure processing unit is in said second security-related state ;
and said conditional access circuitry operating to block passage of said first type of signals between said external bus and said internal circuitry when said secure processing unit is in said first security-related state .

US5892900A
CLAIM 37 . A secure processing unit as in claim 34 , said first type of signals further comprising : interrupt signal (memory means, computer system comprising memory, processor means, computer system) s .

US5892900A
CLAIM 54 . A secure processing unit as in claim 19 , said secure processing unit further comprising : timing circuit (memory means, computer system comprising memory, processor means, computer system) ry operatively connected to determine the number of cycles taken by one or more operations performed by said secure processing unit ;
said secure mode interface switch being operatively connected to said timing circuitry ;
said secure mode interface switch including transition circuitry causing said secure mode interface switch to transition from one security state to a different security state based on information received from said timing circuitry .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (bus interface, interrupt signal, timing circuit) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5892900A
CLAIM 34 . A secure processing unit as in claim 19 , said secure processing unit further comprising : a bus interface (memory means, computer system comprising memory, processor means, computer system) unit operatively connected to internal circuitry of said secure processing unit , to said secure mode interface switch and to an external bus , said bus interface unit operating to pass signals between said external bus and said internal circuitry ;
said bus interface unit containing conditional access circuitry ;
said conditional access circuitry operating to pass a first type of signals between said external bus and said internal circuitry when said secure processing unit is in said second security-related state ;
and said conditional access circuitry operating to block passage of said first type of signals between said external bus and said internal circuitry when said secure processing unit is in said first security-related state .

US5892900A
CLAIM 37 . A secure processing unit as in claim 34 , said first type of signals further comprising : interrupt signal (memory means, computer system comprising memory, processor means, computer system) s .

US5892900A
CLAIM 54 . A secure processing unit as in claim 19 , said secure processing unit further comprising : timing circuit (memory means, computer system comprising memory, processor means, computer system) ry operatively connected to determine the number of cycles taken by one or more operations performed by said secure processing unit ;
said secure mode interface switch being operatively connected to said timing circuitry ;
said secure mode interface switch including transition circuitry causing said secure mode interface switch to transition from one security state to a different security state based on information received from said timing circuitry .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code (different security) executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order (Ethernet network, said signals) to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5892900A
CLAIM 23 . A secure processing unit as in claim 20 , said secure processing unit further comprising : an instruction fetch mechanism operatively connected to fetch instructions for execution by said secure processing unit ;
said secure mode interface switch being operatively connected to said instruction fetch mechanism ;
said secure mode interface switch further comprising : circuitry that sets a transition indication when said secure processing unit is about to transition into a different security (digital data arrangement comprising executable code) state ;
circuitry that , in response to the setting of said transition indication , causes said instruction fetch mechanism to begin fetching one or more designated instructions at a specified address prior to said secure mode interface switch transitioning to said different security state ;
and circuitry that delays said transition into said different security state until said instruction fetch mechanism has completed fetching said one or more designated instructions .

US5892900A
CLAIM 196 . A method as in claim 195 , said network comprising an Ethernet network (data file, one order) .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (bus interface, interrupt signal, timing circuit) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5892900A
CLAIM 34 . A secure processing unit as in claim 19 , said secure processing unit further comprising : a bus interface (memory means, computer system comprising memory, processor means, computer system) unit operatively connected to internal circuitry of said secure processing unit , to said secure mode interface switch and to an external bus , said bus interface unit operating to pass signals between said external bus and said internal circuitry ;
said bus interface unit containing conditional access circuitry ;
said conditional access circuitry operating to pass a first type of signals between said external bus and said internal circuitry when said secure processing unit is in said second security-related state ;
and said conditional access circuitry operating to block passage of said first type of signals between said external bus and said internal circuitry when said secure processing unit is in said first security-related state .

US5892900A
CLAIM 37 . A secure processing unit as in claim 34 , said first type of signals further comprising : interrupt signal (memory means, computer system comprising memory, processor means, computer system) s .

US5892900A
CLAIM 54 . A secure processing unit as in claim 19 , said secure processing unit further comprising : timing circuit (memory means, computer system comprising memory, processor means, computer system) ry operatively connected to determine the number of cycles taken by one or more operations performed by said secure processing unit ;
said secure mode interface switch being operatively connected to said timing circuitry ;
said secure mode interface switch including transition circuitry causing said secure mode interface switch to transition from one security state to a different security state based on information received from said timing circuitry .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code (different security) executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5892900A
CLAIM 23 . A secure processing unit as in claim 20 , said secure processing unit further comprising : an instruction fetch mechanism operatively connected to fetch instructions for execution by said secure processing unit ;
said secure mode interface switch being operatively connected to said instruction fetch mechanism ;
said secure mode interface switch further comprising : circuitry that sets a transition indication when said secure processing unit is about to transition into a different security (digital data arrangement comprising executable code) state ;
circuitry that , in response to the setting of said transition indication , causes said instruction fetch mechanism to begin fetching one or more designated instructions at a specified address prior to said secure mode interface switch transitioning to said different security state ;
and circuitry that delays said transition into said different security state until said instruction fetch mechanism has completed fetching said one or more designated instructions .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (bus interface, interrupt signal, timing circuit) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5892900A
CLAIM 34 . A secure processing unit as in claim 19 , said secure processing unit further comprising : a bus interface (memory means, computer system comprising memory, processor means, computer system) unit operatively connected to internal circuitry of said secure processing unit , to said secure mode interface switch and to an external bus , said bus interface unit operating to pass signals between said external bus and said internal circuitry ;
said bus interface unit containing conditional access circuitry ;
said conditional access circuitry operating to pass a first type of signals between said external bus and said internal circuitry when said secure processing unit is in said second security-related state ;
and said conditional access circuitry operating to block passage of said first type of signals between said external bus and said internal circuitry when said secure processing unit is in said first security-related state .

US5892900A
CLAIM 37 . A secure processing unit as in claim 34 , said first type of signals further comprising : interrupt signal (memory means, computer system comprising memory, processor means, computer system) s .

US5892900A
CLAIM 54 . A secure processing unit as in claim 19 , said secure processing unit further comprising : timing circuit (memory means, computer system comprising memory, processor means, computer system) ry operatively connected to determine the number of cycles taken by one or more operations performed by said secure processing unit ;
said secure mode interface switch being operatively connected to said timing circuitry ;
said secure mode interface switch including transition circuitry causing said secure mode interface switch to transition from one security state to a different security state based on information received from said timing circuitry .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (unauthorized access, decryption engine, public key) and relocation code , wherein : the protected code comprises at least one call instruction (time values) to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5892900A
CLAIM 7 . A secure processing unit comprising a CPU microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
a clock ;
an encryption/decryption engine (security code) including first encryption/decryption circuitry which encrypts and decrypts information using a first encryption algorithm ;
second encryption/decryption circuitry which encrypts and decrypts information using a second encryption algorithm different from said first encryption algorithm ;
said second encryption algorithm imparting a higher degree of cryptographic security to encrypted information than said first encryption algorithm ;
a random number generator ;
secure memory ;
and means for creation of one or more secure objects said secure objects comprising at least one control information and content governed by said at least one control information .

US5892900A
CLAIM 10 . A secure processing unit as in claim 9 , said asymmetric encryption algorithm comprising a public key (security code) -private key algorithm .

US5892900A
CLAIM 11 . A secure processing unit comprising a CPU , microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
a clock ;
an encryption/decryption engine ;
a random number generator ;
secure memory ;
said secure memory further comprising : circuitry protecting the contents of said memory from unauthorized access (security code) or alteration ;
and random access memory including volatile random access memory and non-volatile random access memory ;
said non-volatile random access memory storing one or more cryptographic keys ;
budget information and ;
and information loaded into such memory during an initialization process involving communication with a VDE administrator means for creation of one or more secure obiects , said secure objects comprising at least one control information and content governed by said at least one control information .

US5892900A
CLAIM 69 . A virtual distribution environment as in claim 68 , further comprising : time integrity programming comprising : programming which invokes said trusted server time programming , and time comparison programming which compares the time value specified by said clock to said time value obtained from said trusted server , determines whether said time values (call instruction) have a specified relationship and sets an indication based on the result of such determination .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (unauthorized access, decryption engine, public key) ;

the security code , when called by a call instruction (time values) , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5892900A
CLAIM 7 . A secure processing unit comprising a CPU microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
a clock ;
an encryption/decryption engine (security code) including first encryption/decryption circuitry which encrypts and decrypts information using a first encryption algorithm ;
second encryption/decryption circuitry which encrypts and decrypts information using a second encryption algorithm different from said first encryption algorithm ;
said second encryption algorithm imparting a higher degree of cryptographic security to encrypted information than said first encryption algorithm ;
a random number generator ;
secure memory ;
and means for creation of one or more secure objects said secure objects comprising at least one control information and content governed by said at least one control information .

US5892900A
CLAIM 10 . A secure processing unit as in claim 9 , said asymmetric encryption algorithm comprising a public key (security code) -private key algorithm .

US5892900A
CLAIM 11 . A secure processing unit comprising a CPU , microprocessor or microcontroller and components designed to perform security-related functions , said components including : a secure , tamper-resistant barrier operating to render unauthorized interference with or access to the contents or operations of the secure processing unit more difficult ;
a clock ;
an encryption/decryption engine ;
a random number generator ;
secure memory ;
said secure memory further comprising : circuitry protecting the contents of said memory from unauthorized access (security code) or alteration ;
and random access memory including volatile random access memory and non-volatile random access memory ;
said non-volatile random access memory storing one or more cryptographic keys ;
budget information and ;
and information loaded into such memory during an initialization process involving communication with a VDE administrator means for creation of one or more secure obiects , said secure objects comprising at least one control information and content governed by said at least one control information .

US5892900A
CLAIM 69 . A virtual distribution environment as in claim 68 , further comprising : time integrity programming comprising : programming which invokes said trusted server time programming , and time comparison programming which compares the time value specified by said clock to said time value obtained from said trusted server , determines whether said time values (call instruction) have a specified relationship and sets an indication based on the result of such determination .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (bus interface, interrupt signal, timing circuit) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5892900A
CLAIM 34 . A secure processing unit as in claim 19 , said secure processing unit further comprising : a bus interface (memory means, computer system comprising memory, processor means, computer system) unit operatively connected to internal circuitry of said secure processing unit , to said secure mode interface switch and to an external bus , said bus interface unit operating to pass signals between said external bus and said internal circuitry ;
said bus interface unit containing conditional access circuitry ;
said conditional access circuitry operating to pass a first type of signals between said external bus and said internal circuitry when said secure processing unit is in said second security-related state ;
and said conditional access circuitry operating to block passage of said first type of signals between said external bus and said internal circuitry when said secure processing unit is in said first security-related state .

US5892900A
CLAIM 37 . A secure processing unit as in claim 34 , said first type of signals further comprising : interrupt signal (memory means, computer system comprising memory, processor means, computer system) s .

US5892900A
CLAIM 54 . A secure processing unit as in claim 19 , said secure processing unit further comprising : timing circuit (memory means, computer system comprising memory, processor means, computer system) ry operatively connected to determine the number of cycles taken by one or more operations performed by said secure processing unit ;
said secure mode interface switch being operatively connected to said timing circuitry ;
said secure mode interface switch including transition circuitry causing said secure mode interface switch to transition from one security state to a different security state based on information received from said timing circuitry .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5943422A

Filed: 1996-08-12     Issued: 1999-08-24

Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels

(Original Assignee) Intertrust Technologies Corp     (Current Assignee) Intertrust Technologies Corp

David M. Van Wie, Robert P. Weber
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means (said first portion, removable memory) operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5943422A
CLAIM 65 . A rights management method operating at least in part on a first apparatus , said first apparatus including a communications port and means for accessing information on a removable memory (processor means, security means, processing means) device , said method comprising : (a) at said first apparatus , receiving a removable memory device containing a signal , said signal comprising governed information and a first rule steganographically incorporated into said signal , (b) at said first apparatus , steganographically decoding said signal to recover said first rule ;
(c) at said first apparatus , using said communications port to initiate communication with a second apparatus remote from said first apparatus ;
(d) at said first apparatus , receiving at least a second rule from said second apparatus ;
(e) at said first apparatus , using said first rule or said second rule to govern at least one aspect of access to or use of said governed information .

US5943422A
CLAIM 158 . A method as in claim 155 , in which : said first rule at least in part governs at least one aspect of use of a first portion of said information ;
and said second rule at least in part governs at least one aspect of use of a second portion of said information , said second portion being different from said first portion (processor means, security means, processing means) .

US7162735B2
CLAIM 4 . A digital data (said time) arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5943422A
CLAIM 51 . A rights management method , comprising : (a) at a first apparatus , receiving a signal comprising governed information and a first rule steganographically incorporated into said signal , said first rule specifying a time ;
(b) at said first apparatus , steganographically decoding said signal to recover said first rule ;
(c) at said first apparatus , attempting to access said governed information ;
(d) at said first apparatus , checking to determine if said time (digital data) has been reached or exceeded ;
and (e) at said first apparatus , allowing said access to complete if said time has not been reached or exceeded , but blocking said access if said time has not been reached .

US7162735B2
CLAIM 5 . A computer system comprising memory means (electronic appliance) containing a digital protection (said selection) arrangement according to claim 4 . 		US5943422A
CLAIM 9 . An electronic appliance (memory means) comprising : decoding means for steganographically decoding a signal to provide control information packaged within at least one secure digital container ;
and rights management means coupled to the decoding means for performing at least one rights management operation based at least in part on the control information .

US5943422A
CLAIM 155 . A steganographic encoding method comprising : (a) receiving information ;
(b) transforming said information into a signal ;
(c) selecting a first and a second location in said signal for the incorporation of steganographically encoded information , said selection (digital protection) being governed at least in part by an analysis of the bandwidth available at such location for such encoding ;
(d) steganographically encoding a first rule in said first location , said first rule at least in part governing at least one aspect of use of at least a portion of said information ;
(e) steganographically encoding a second rule in said second location , said second rule at least in part governing at least one aspect of use of at least a portion of said information .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said time) protection arrangement in accordance with claim 4 . 		US5943422A
CLAIM 51 . A rights management method , comprising : (a) at a first apparatus , receiving a signal comprising governed information and a first rule steganographically incorporated into said signal , said first rule specifying a time ;
(b) at said first apparatus , steganographically decoding said signal to recover said first rule ;
(c) at said first apparatus , attempting to access said governed information ;
(d) at said first apparatus , checking to determine if said time (digital data) has been reached or exceeded ;
and (e) at said first apparatus , allowing said access to complete if said time has not been reached or exceeded , but blocking said access if said time has not been reached .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system , is operable as a digital data (said time) protection arrangement in accordance with claim 4 . 		US5943422A
CLAIM 51 . A rights management method , comprising : (a) at a first apparatus , receiving a signal comprising governed information and a first rule steganographically incorporated into said signal , said first rule specifying a time ;
(b) at said first apparatus , steganographically decoding said signal to recover said first rule ;
(c) at said first apparatus , attempting to access said governed information ;
(d) at said first apparatus , checking to determine if said time (digital data) has been reached or exceeded ;
and (e) at said first apparatus , allowing said access to complete if said time has not been reached or exceeded , but blocking said access if said time has not been reached .

US7162735B2
CLAIM 13 . The arrangement of claim 12 , wherein at least one embedding location is identified when the protected code is executed , the security means (said first portion, removable memory) is written to the embedding location . 		US5943422A
CLAIM 65 . A rights management method operating at least in part on a first apparatus , said first apparatus including a communications port and means for accessing information on a removable memory (processor means, security means, processing means) device , said method comprising : (a) at said first apparatus , receiving a removable memory device containing a signal , said signal comprising governed information and a first rule steganographically incorporated into said signal , (b) at said first apparatus , steganographically decoding said signal to recover said first rule ;
(c) at said first apparatus , using said communications port to initiate communication with a second apparatus remote from said first apparatus ;
(d) at said first apparatus , receiving at least a second rule from said second apparatus ;
(e) at said first apparatus , using said first rule or said second rule to govern at least one aspect of access to or use of said governed information .

US5943422A
CLAIM 158 . A method as in claim 155 , in which : said first rule at least in part governs at least one aspect of use of a first portion of said information ;
and said second rule at least in part governs at least one aspect of use of a second portion of said information , said second portion being different from said first portion (processor means, security means, processing means) .

US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (information comprises information) for decryption . 		US5943422A
CLAIM 336 . An apparatus as in claim 335 , in which : said identification information comprises information (executable instructions, executable conversion) identifying said apparatus and/or a user of said apparatus .

US7162735B2
CLAIM 18 . A digital data (said time) arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion (information comprises information) code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5943422A
CLAIM 51 . A rights management method , comprising : (a) at a first apparatus , receiving a signal comprising governed information and a first rule steganographically incorporated into said signal , said first rule specifying a time ;
(b) at said first apparatus , steganographically decoding said signal to recover said first rule ;
(c) at said first apparatus , attempting to access said governed information ;
(d) at said first apparatus , checking to determine if said time (digital data) has been reached or exceeded ;
and (e) at said first apparatus , allowing said access to complete if said time has not been reached or exceeded , but blocking said access if said time has not been reached .

US5943422A
CLAIM 336 . An apparatus as in claim 335 , in which : said identification information comprises information (executable instructions, executable conversion) identifying said apparatus and/or a user of said apparatus .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (said first portion, removable memory) operable to execute code , and memory means (electronic appliance) storing the protected data , decryption instructions and conversion code with a start point at a memory location (specified number) indicated within the arrangement as the start point for the protected data , whereby the processor means (said first portion, removable memory) will cause the executable conversion (information comprises information) code to be executed when seeking to access the protected data . 		US5943422A
CLAIM 9 . An electronic appliance (memory means) comprising : decoding means for steganographically decoding a signal to provide control information packaged within at least one secure digital container ;
and rights management means coupled to the decoding means for performing at least one rights management operation based at least in part on the control information .

US5943422A
CLAIM 39 . A rights management method comprising : (a) at a first apparatus , receiving a signal comprising governed information and at first rule steganographically incorporated into said signal ;
(b) at said first apparatus , steganographically decoding said signal to recover said first rule ;
and (c) at said first apparatus , performing at least one operation on at least a portion of said governed information , said operation governed , at least in part , by said first rule , said at least one operation comprising at least : determining whether said governed information has been accessed or used more than a specified number (memory location) of times , and allowing access or use of said governed information if said number of accesses or uses is less than or equal to said specified number , or blocking access or use if said number of accesses or uses is greater than said specified number .

US5943422A
CLAIM 65 . A rights management method operating at least in part on a first apparatus , said first apparatus including a communications port and means for accessing information on a removable memory (processor means, security means, processing means) device , said method comprising : (a) at said first apparatus , receiving a removable memory device containing a signal , said signal comprising governed information and a first rule steganographically incorporated into said signal , (b) at said first apparatus , steganographically decoding said signal to recover said first rule ;
(c) at said first apparatus , using said communications port to initiate communication with a second apparatus remote from said first apparatus ;
(d) at said first apparatus , receiving at least a second rule from said second apparatus ;
(e) at said first apparatus , using said first rule or said second rule to govern at least one aspect of access to or use of said governed information .

US5943422A
CLAIM 158 . A method as in claim 155 , in which : said first rule at least in part governs at least one aspect of use of a first portion of said information ;
and said second rule at least in part governs at least one aspect of use of a second portion of said information , said second portion being different from said first portion (processor means, security means, processing means) .

US5943422A
CLAIM 336 . An apparatus as in claim 335 , in which : said identification information comprises information (executable instructions, executable conversion) identifying said apparatus and/or a user of said apparatus .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said time) protection arrangement in accordance with claim 18 . 		US5943422A
CLAIM 51 . A rights management method , comprising : (a) at a first apparatus , receiving a signal comprising governed information and a first rule steganographically incorporated into said signal , said first rule specifying a time ;
(b) at said first apparatus , steganographically decoding said signal to recover said first rule ;
(c) at said first apparatus , attempting to access said governed information ;
(d) at said first apparatus , checking to determine if said time (digital data) has been reached or exceeded ;
and (e) at said first apparatus , allowing said access to complete if said time has not been reached or exceeded , but blocking said access if said time has not been reached .

US7162735B2
CLAIM 29 . A digital data (said time) arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5943422A
CLAIM 51 . A rights management method , comprising : (a) at a first apparatus , receiving a signal comprising governed information and a first rule steganographically incorporated into said signal , said first rule specifying a time ;
(b) at said first apparatus , steganographically decoding said signal to recover said first rule ;
(c) at said first apparatus , attempting to access said governed information ;
(d) at said first apparatus , checking to determine if said time (digital data) has been reached or exceeded ;
and (e) at said first apparatus , allowing said access to complete if said time has not been reached or exceeded , but blocking said access if said time has not been reached .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said time) protection arrangement in accordance with claim 29 . 		US5943422A
CLAIM 51 . A rights management method , comprising : (a) at a first apparatus , receiving a signal comprising governed information and a first rule steganographically incorporated into said signal , said first rule specifying a time ;
(b) at said first apparatus , steganographically decoding said signal to recover said first rule ;
(c) at said first apparatus , attempting to access said governed information ;
(d) at said first apparatus , checking to determine if said time (digital data) has been reached or exceeded ;
and (e) at said first apparatus , allowing said access to complete if said time has not been reached or exceeded , but blocking said access if said time has not been reached .

US7162735B2
CLAIM 32 . The arrangement of claim 29 , wherein the steps include at least one step which initiates operation of security means (said first portion, removable memory) operable to detect corruption of the protected data . 		US5943422A
CLAIM 65 . A rights management method operating at least in part on a first apparatus , said first apparatus including a communications port and means for accessing information on a removable memory (processor means, security means, processing means) device , said method comprising : (a) at said first apparatus , receiving a removable memory device containing a signal , said signal comprising governed information and a first rule steganographically incorporated into said signal , (b) at said first apparatus , steganographically decoding said signal to recover said first rule ;
(c) at said first apparatus , using said communications port to initiate communication with a second apparatus remote from said first apparatus ;
(d) at said first apparatus , receiving at least a second rule from said second apparatus ;
(e) at said first apparatus , using said first rule or said second rule to govern at least one aspect of access to or use of said governed information .

US5943422A
CLAIM 158 . A method as in claim 155 , in which : said first rule at least in part governs at least one aspect of use of a first portion of said information ;
and said second rule at least in part governs at least one aspect of use of a second portion of said information , said second portion being different from said first portion (processor means, security means, processing means) .

US7162735B2
CLAIM 34 . A digital data (said time) arrangement comprising executable code executable to create a first part (said organ) of protected code and to execute the first part of protected code , and to subsequently create a second part (following steps) of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5943422A
CLAIM 51 . A rights management method , comprising : (a) at a first apparatus , receiving a signal comprising governed information and a first rule steganographically incorporated into said signal , said first rule specifying a time ;
(b) at said first apparatus , steganographically decoding said signal to recover said first rule ;
(c) at said first apparatus , attempting to access said governed information ;
(d) at said first apparatus , checking to determine if said time (digital data) has been reached or exceeded ;
and (e) at said first apparatus , allowing said access to complete if said time has not been reached or exceeded , but blocking said access if said time has not been reached .

US5943422A
CLAIM 107 . A rights management method comprising : (a) at a first apparatus , receiving a signal comprising governed information and an organizational structure incorporated into said signal , said organ (first part) izational structure including a first rule governing at least one aspect of access to or use of said governed information ;
said organizational structure comprising a secure container containing said first rule ;
(b) at said first apparatus , steganographically decoding said signal to recover said organizational structure ;
(c) at said first apparatus , accessing said first rule ;
and (d) at said first apparatus , using said first rule to govern at least one aspect of access to or use of said governed information .

US5943422A
CLAIM 283 . A method comprising the following steps (second part) : (a) receiving information ;
(b) transforming said information into a signal ;
(c) selecting a first location in said signal for the incorporation of steganographic encoding , said selection being governed at least in part by an analysis of the bandwidth available at such location for such encoding ;
said first location being selected at least in part because it has a relatively high degree of available bandwidth for such encoding ;
(d) steganographically encoding a first rule in said first location , said first rule at least in part governing at least one aspect of use of at least a portion of said information ;
(e) selecting a second location in said signal for the incorporation of steganographically encoding ;
(f) analyzing said second location to determine the bandwidth available at said second location for steganographic encoding ;
(g) determining that said second location has relatively less bandwidth available for such encoding ;
and (h) steganographically encoding a pointer to said first rule at said second location ;
(i) storing said signal , including said steganographically encoded information , on a portable memory ;
(j) inserting said portable memory into a first appliance ;
(k) said first apparatus reading from said second location prior to reading from said first location ;
(l) following reading from said second location , said first apparatus following said pointer in order to read from said first location ;
(m) said first apparatus retrieving said first rule from said first location ;
and (n) said first apparatus using said first rule to govern at least one aspect of access to or use of said information .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said time) protection arrangement in accordance with claim 34 . 		US5943422A
CLAIM 51 . A rights management method , comprising : (a) at a first apparatus , receiving a signal comprising governed information and a first rule steganographically incorporated into said signal , said first rule specifying a time ;
(b) at said first apparatus , steganographically decoding said signal to recover said first rule ;
(c) at said first apparatus , attempting to access said governed information ;
(d) at said first apparatus , checking to determine if said time (digital data) has been reached or exceeded ;
and (e) at said first apparatus , allowing said access to complete if said time has not been reached or exceeded , but blocking said access if said time has not been reached .

US7162735B2
CLAIM 38 . A digital data (said time) arrangement comprising protected code , security code and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5943422A
CLAIM 51 . A rights management method , comprising : (a) at a first apparatus , receiving a signal comprising governed information and a first rule steganographically incorporated into said signal , said first rule specifying a time ;
(b) at said first apparatus , steganographically decoding said signal to recover said first rule ;
(c) at said first apparatus , attempting to access said governed information ;
(d) at said first apparatus , checking to determine if said time (digital data) has been reached or exceeded ;
and (e) at said first apparatus , allowing said access to complete if said time has not been reached or exceeded , but blocking said access if said time has not been reached .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said time) protection arrangement in accordance with claim 38 . 		US5943422A
CLAIM 51 . A rights management method , comprising : (a) at a first apparatus , receiving a signal comprising governed information and a first rule steganographically incorporated into said signal , said first rule specifying a time ;
(b) at said first apparatus , steganographically decoding said signal to recover said first rule ;
(c) at said first apparatus , attempting to access said governed information ;
(d) at said first apparatus , checking to determine if said time (digital data) has been reached or exceeded ;
and (e) at said first apparatus , allowing said access to complete if said time has not been reached or exceeded , but blocking said access if said time has not been reached .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6075862A

Filed: 1996-07-30     Issued: 2000-06-13

Decryption key management scheme for software distribution system

(Original Assignee) Toshiba Corp     (Current Assignee) Toshiba Corp

Hideki Yoshida, Hideo Segawa, Toru Imai
US7162735B2
CLAIM 1 . Computer software (second computer) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US6075862A
CLAIM 25 . A computer usable medium having computer readable program code stored therein for causing a computer to function as a system for managing a decryption key for decrypting an encrypted software to be installed into said computer using a software distribution system in which the decryption key is obtained in exchange for a payment of a software usage charge , and the encrypted software is obtained without the payment of the software usage charge , the computer readable program code comprising : first computer readable program code for causing said computer to search the decryption key in a memory device of said computer , the memory device including a software content memory unit for storing a software content of each currently installed software and a decryption key memory unit for storing each decryption key for decrypting each previously installed and subsequently deleted software ;
second computer (Computer software) readable program code for causing said computer to acquire the decryption key from a distribution source of the encrypted software in exchange for the payment of the software usage charge when the decryption key is not found in the memory device by the first computer readable program code ;
third computer readable program code for causing said computer to decrypt the encrypted software by using the decryption key obtained by the first computer readable program code or the second computer readable program code , install a decrypted software content of the encrypted software into the software content memory unit of the memory device , and storing the decryption key into the software content memory unit of the memory device ;
and fourth computer readable program for causing said computer to delete the encrypted software by deleting the decrypted software content installed by the third computer readable program code and the decryption key stored by the third computer readable program code from the software content memory unit of the memory device , and store the decryption key into the decryption key memory unit of the memory device , such that the decryption key stored in the decryption key memory unit of the memory device is utilizable in decrypting the encrypted software at a time of re-installing the encrypted software without requiring another payment of the software usage charge .

US7162735B2
CLAIM 7 . Computer software (second computer) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6075862A
CLAIM 25 . A computer usable medium having computer readable program code stored therein for causing a computer to function as a system for managing a decryption key for decrypting an encrypted software to be installed into said computer using a software distribution system in which the decryption key is obtained in exchange for a payment of a software usage charge , and the encrypted software is obtained without the payment of the software usage charge , the computer readable program code comprising : first computer readable program code for causing said computer to search the decryption key in a memory device of said computer , the memory device including a software content memory unit for storing a software content of each currently installed software and a decryption key memory unit for storing each decryption key for decrypting each previously installed and subsequently deleted software ;
second computer (Computer software) readable program code for causing said computer to acquire the decryption key from a distribution source of the encrypted software in exchange for the payment of the software usage charge when the decryption key is not found in the memory device by the first computer readable program code ;
third computer readable program code for causing said computer to decrypt the encrypted software by using the decryption key obtained by the first computer readable program code or the second computer readable program code , install a decrypted software content of the encrypted software into the software content memory unit of the memory device , and storing the decryption key into the software content memory unit of the memory device ;
and fourth computer readable program for causing said computer to delete the encrypted software by deleting the decrypted software content installed by the third computer readable program code and the decryption key stored by the third computer readable program code from the software content memory unit of the memory device , and store the decryption key into the decryption key memory unit of the memory device , such that the decryption key stored in the decryption key memory unit of the memory device is utilizable in decrypting the encrypted software at a time of re-installing the encrypted software without requiring another payment of the software usage charge .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (rolling operation) operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US6075862A
CLAIM 23 . The computer of claim 13 , wherein the encrypted software is accompanied by non-encrypted installer programs for controlling operation (processing means) s of the decryption key retrieval means , the decryption key acquisition means , the decryption and install means , and the decryption key storing means .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		WO9706637A1

Filed: 1996-07-29     Issued: 1997-02-20

High definition tv motion picture distribution network

(Original Assignee) SIP - SOCIETA' ITALIANA PER L'ESERCIZIO DELLE TELECOMINICAZIONI P.A. doing business as TELECOM ITALIA S.P.A.     

Vincenzo Gulla'
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block (electric signal) of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		WO9706637A1
CLAIM 5 . High definition TV motion picture diεtribution network via εatellite according to claim 1 , characterized in that the output εignal from the demodulator (21) may be directly sent to the decoder (23) or may be stored in a device (22) designed for thiε purpoεe , εuited to receive a digital flow with a predetermined rate , wherein the recording device (22) tranεforms the electric signal (target block, respective target block) with standard characteristics into a digital flow suited to be buffered and wherein the memory of the recording device (22) is embodied by a phyεical medium which is not removable , like a hard disk .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction (received signal) with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		WO9706637A1
CLAIM 1 . High definition TV motion picture diεtribution network via εatelliteε , characterized in that it co prises : I) a service center for the management and commercial / administrative planning of the film distribution in the various cinema-halls ;
II) a network control center (3) which performs the following operations : - transmitting the filed movies assigned by the service center , to the addressees or userε , according to the planning of the service center ;
- enabling of the receiver terminalε of the users (4 ' ;
, 4" ;
, . . . 4 h) by means of the network εoftware , which checkε the situation of the terminal ;
wherein the control center puts into effect all the accesε and diagnostic functions through via cable lines (6) ;
- check of the quality of the transmiεεion via εatelliteε by monitoring both the transmiεεion terminal and the receiver terminals ;
- promoting the maintenance of the receiver terminals (4' ;
, 4" ;
, . . . 4 ^) in the event of malfunctions ;
- determining the modal ltieε how the data are to be transmitted again to those receiver terminals which showed to have anomalies in recording and in the quality of the received signal (call instruction) ;
- coordination of the transportable units (1) for the transmission of the live picture shooting , enabling the user terminals (4 ' ;
, 4" ;
. . . 4 α) to receive the εignal ;
III) a plurality of receiver terminalε (4 ' ;
, 4 ' ;
' ;
, . . . 4 r) , each of them compriεing : a receiver (20) via εatellite , a demodulator (21) , a digital recording apparatus (22) , a decoder (23) and an apparatus (25) for the projection of the movie on a large screen according to different high definition standards , wherein these constituent blocks or componentε (20 , 21 , 22 , 23 , 24 , and 25) are interfaced with a control unit (24) performing the telemetering and detection functionε on the blocks (20 , 21 , 22 , 23 , 24 and 25) comprised in the receiver terminal ;
wherein the control unit (24) storeε and processes again the information related to the operation of the terminal , said control unit being directly linked by dedicated communication protocols and through via cable telephone lines (6) to the network control center (3) ;
IV) transportable units (1) for the live pictures shooting and transmiεεion , which are directly linked to the satellite (2) during transmission and monitored by the control center of the network (3) .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction (received signal) and the security code , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		WO9706637A1
CLAIM 1 . High definition TV motion picture diεtribution network via εatelliteε , characterized in that it co prises : I) a service center for the management and commercial / administrative planning of the film distribution in the various cinema-halls ;
II) a network control center (3) which performs the following operations : - transmitting the filed movies assigned by the service center , to the addressees or userε , according to the planning of the service center ;
- enabling of the receiver terminalε of the users (4 ' ;
, 4" ;
, . . . 4 h) by means of the network εoftware , which checkε the situation of the terminal ;
wherein the control center puts into effect all the accesε and diagnostic functions through via cable lines (6) ;
- check of the quality of the transmiεεion via εatelliteε by monitoring both the transmiεεion terminal and the receiver terminals ;
- promoting the maintenance of the receiver terminals (4' ;
, 4" ;
, . . . 4 ^) in the event of malfunctions ;
- determining the modal ltieε how the data are to be transmitted again to those receiver terminals which showed to have anomalies in recording and in the quality of the received signal (call instruction) ;
- coordination of the transportable units (1) for the transmission of the live picture shooting , enabling the user terminals (4 ' ;
, 4" ;
. . . 4 α) to receive the εignal ;
III) a plurality of receiver terminalε (4 ' ;
, 4 ' ;
' ;
, . . . 4 r) , each of them compriεing : a receiver (20) via εatellite , a demodulator (21) , a digital recording apparatus (22) , a decoder (23) and an apparatus (25) for the projection of the movie on a large screen according to different high definition standards , wherein these constituent blocks or componentε (20 , 21 , 22 , 23 , 24 , and 25) are interfaced with a control unit (24) performing the telemetering and detection functionε on the blocks (20 , 21 , 22 , 23 , 24 and 25) comprised in the receiver terminal ;
wherein the control unit (24) storeε and processes again the information related to the operation of the terminal , said control unit being directly linked by dedicated communication protocols and through via cable telephone lines (6) to the network control center (3) ;
IV) transportable units (1) for the live pictures shooting and transmiεεion , which are directly linked to the satellite (2) during transmission and monitored by the control center of the network (3) .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code and to modify the call instruction (received signal) to refer to the new location . 		WO9706637A1
CLAIM 1 . High definition TV motion picture diεtribution network via εatelliteε , characterized in that it co prises : I) a service center for the management and commercial / administrative planning of the film distribution in the various cinema-halls ;
II) a network control center (3) which performs the following operations : - transmitting the filed movies assigned by the service center , to the addressees or userε , according to the planning of the service center ;
- enabling of the receiver terminalε of the users (4 ' ;
, 4" ;
, . . . 4 h) by means of the network εoftware , which checkε the situation of the terminal ;
wherein the control center puts into effect all the accesε and diagnostic functions through via cable lines (6) ;
- check of the quality of the transmiεεion via εatelliteε by monitoring both the transmiεεion terminal and the receiver terminals ;
- promoting the maintenance of the receiver terminals (4' ;
, 4" ;
, . . . 4 ^) in the event of malfunctions ;
- determining the modal ltieε how the data are to be transmitted again to those receiver terminals which showed to have anomalies in recording and in the quality of the received signal (call instruction) ;
- coordination of the transportable units (1) for the transmission of the live picture shooting , enabling the user terminals (4 ' ;
, 4" ;
. . . 4 α) to receive the εignal ;
III) a plurality of receiver terminalε (4 ' ;
, 4 ' ;
' ;
, . . . 4 r) , each of them compriεing : a receiver (20) via εatellite , a demodulator (21) , a digital recording apparatus (22) , a decoder (23) and an apparatus (25) for the projection of the movie on a large screen according to different high definition standards , wherein these constituent blocks or componentε (20 , 21 , 22 , 23 , 24 , and 25) are interfaced with a control unit (24) performing the telemetering and detection functionε on the blocks (20 , 21 , 22 , 23 , 24 and 25) comprised in the receiver terminal ;
wherein the control unit (24) storeε and processes again the information related to the operation of the terminal , said control unit being directly linked by dedicated communication protocols and through via cable telephone lines (6) to the network control center (3) ;
IV) transportable units (1) for the live pictures shooting and transmiεεion , which are directly linked to the satellite (2) during transmission and monitored by the control center of the network (3) .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block (electric signal) of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		WO9706637A1
CLAIM 5 . High definition TV motion picture diεtribution network via εatellite according to claim 1 , characterized in that the output εignal from the demodulator (21) may be directly sent to the decoder (23) or may be stored in a device (22) designed for thiε purpoεe , εuited to receive a digital flow with a predetermined rate , wherein the recording device (22) tranεforms the electric signal (target block, respective target block) with standard characteristics into a digital flow suited to be buffered and wherein the memory of the recording device (22) is embodied by a phyεical medium which is not removable , like a hard disk .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key derived from a respective target block (electric signal) . 		WO9706637A1
CLAIM 5 . High definition TV motion picture diεtribution network via εatellite according to claim 1 , characterized in that the output εignal from the demodulator (21) may be directly sent to the decoder (23) or may be stored in a device (22) designed for thiε purpoεe , εuited to receive a digital flow with a predetermined rate , wherein the recording device (22) tranεforms the electric signal (target block, respective target block) with standard characteristics into a digital flow suited to be buffered and wherein the memory of the recording device (22) is embodied by a phyεical medium which is not removable , like a hard disk .

US7162735B2
CLAIM 23 . The arrangement of claim 18 , wherein the or each target block (electric signal) is contained within the protected data . 		WO9706637A1
CLAIM 5 . High definition TV motion picture diεtribution network via εatellite according to claim 1 , characterized in that the output εignal from the demodulator (21) may be directly sent to the decoder (23) or may be stored in a device (22) designed for thiε purpoεe , εuited to receive a digital flow with a predetermined rate , wherein the recording device (22) tranεforms the electric signal (target block, respective target block) with standard characteristics into a digital flow suited to be buffered and wherein the memory of the recording device (22) is embodied by a phyεical medium which is not removable , like a hard disk .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block (electric signal) is contained within the decryption instructions . 		WO9706637A1
CLAIM 5 . High definition TV motion picture diεtribution network via εatellite according to claim 1 , characterized in that the output εignal from the demodulator (21) may be directly sent to the decoder (23) or may be stored in a device (22) designed for thiε purpoεe , εuited to receive a digital flow with a predetermined rate , wherein the recording device (22) tranεforms the electric signal (target block, respective target block) with standard characteristics into a digital flow suited to be buffered and wherein the memory of the recording device (22) is embodied by a phyεical medium which is not removable , like a hard disk .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (following operations) operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (control unit) will cause the executable conversion code to be executed when seeking to access the protected data . 		WO9706637A1
CLAIM 8 . High definition TV motion picture distribution network via satellite according to the preceding claims , characterized in that local control operations are performed by each terminal (4 ' ;
, 4 ' ;
' ;
, . . . 4) by means of the control unit (processor means) (24) which allows to : - collect the diagnostic data of the whole terminal (4) and to send to the network control center (3) the anomalies which have been found ;
- to send a report or εtate ent on the quality of the received εignal , based on the quality data measured at the output of the demodulator (21) ;
- to interpret and put into effect the control signals sent by the control center ;
- to enable the terminal (4) to receive the signal after the key or pasεword haε been interpreted .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5970143A

Filed: 1996-07-10     Issued: 1999-10-19

Remote-auditing of computer generated outcomes, authenticated billing and access control, and software metering system using cryptographic and other protocols

(Original Assignee) Walker Asset Management LP     (Current Assignee) Inventor Holdings LLC

Bruce Schneier, Jay S. Walker, James Jorasch
US7162735B2
CLAIM 1 . Computer software (computer program) operable to provide protection for a second item (remote device) of computer software , the protection software comprising security means (identity information, key information, public key) operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key (cryptographic process) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5970143A
CLAIM 3 . The method of claim 1 wherein at least a portion of said encoding step occurs in a device selected from the group consisting of (a) a secure processor , (b) a dongle , (c) a separate cryptographic process (conversion key, respective conversion key) or and (d) a plug-in module .

US5970143A
CLAIM 5 . The method of claim 4 wherein said decoding step comprises the step of decrypting said encoded message using an algorithm selected from the group consisting of (a) a symmetric key algorithm , (b) a public key (security means, security code) algorithm and (c) a hashing algorithm .

US5970143A
CLAIM 10 . The computer device of claim 9 wherein said means for encoding generates said encoded message by using information selected from the group consisting of (a) tamper-evidence information , (b) user identity information (security means, security code) , (c) unique digital signature information , (d) global positioning information regarding a global position of said computer device , (e) a random number generated by a central computer , (t) a number corresponding to a time at which said outcome was generated , (g) a number which is incremented upon each successive outcome ot said computer game program , (h) an end parameter received from a central computer , (i) symmetric key information (security means, security code) , (j) public key information , and (k) hashing algorithm information .

US5970143A
CLAIM 18 . A method , comprising the steps of : executing a computer game program to generate a computer game outcome ;
metering time use of said computer program (Computer software) to generate metered time information ;
encoding the computer game outcome and said metered time information to generate an encoded message ;
and providing said encoded message to a user .

US5970143A
CLAIM 37 . A method , comprising the steps of : executing a computer game program by a first processor to generate a computer game outcome ;
encoding the computer game outcome by a second processor to generate an encoded message ;
providing said encoded message to a user for transmission to a remote device (second item) configured for decoding said encoded message .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (identity information, key information, public key) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5970143A
CLAIM 5 . The method of claim 4 wherein said decoding step comprises the step of decrypting said encoded message using an algorithm selected from the group consisting of (a) a symmetric key algorithm , (b) a public key (security means, security code) algorithm and (c) a hashing algorithm .

US5970143A
CLAIM 10 . The computer device of claim 9 wherein said means for encoding generates said encoded message by using information selected from the group consisting of (a) tamper-evidence information , (b) user identity information (security means, security code) , (c) unique digital signature information , (d) global positioning information regarding a global position of said computer device , (e) a random number generated by a central computer , (t) a number corresponding to a time at which said outcome was generated , (g) a number which is incremented upon each successive outcome ot said computer game program , (h) an end parameter received from a central computer , (i) symmetric key information (security means, security code) , (j) public key information , and (k) hashing algorithm information .

US7162735B2
CLAIM 7 . Computer software (computer program) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5970143A
CLAIM 18 . A method , comprising the steps of : executing a computer game program to generate a computer game outcome ;
metering time use of said computer program (Computer software) to generate metered time information ;
encoding the computer game outcome and said metered time information to generate an encoded message ;
and providing said encoded message to a user .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (identity information, key information, public key) , when executed , is operable to detect corruption of the protected code . 		US5970143A
CLAIM 5 . The method of claim 4 wherein said decoding step comprises the step of decrypting said encoded message using an algorithm selected from the group consisting of (a) a symmetric key algorithm , (b) a public key (security means, security code) algorithm and (c) a hashing algorithm .

US5970143A
CLAIM 10 . The computer device of claim 9 wherein said means for encoding generates said encoded message by using information selected from the group consisting of (a) tamper-evidence information , (b) user identity information (security means, security code) , (c) unique digital signature information , (d) global positioning information regarding a global position of said computer device , (e) a random number generated by a central computer , (t) a number corresponding to a time at which said outcome was generated , (g) a number which is incremented upon each successive outcome ot said computer game program , (h) an end parameter received from a central computer , (i) symmetric key information (security means, security code) , (j) public key information , and (k) hashing algorithm information .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (identity information, key information, public key) is operable to delete the protected code in the event that any corruption is detected . 		US5970143A
CLAIM 5 . The method of claim 4 wherein said decoding step comprises the step of decrypting said encoded message using an algorithm selected from the group consisting of (a) a symmetric key algorithm , (b) a public key (security means, security code) algorithm and (c) a hashing algorithm .

US5970143A
CLAIM 10 . The computer device of claim 9 wherein said means for encoding generates said encoded message by using information selected from the group consisting of (a) tamper-evidence information , (b) user identity information (security means, security code) , (c) unique digital signature information , (d) global positioning information regarding a global position of said computer device , (e) a random number generated by a central computer , (t) a number corresponding to a time at which said outcome was generated , (g) a number which is incremented upon each successive outcome ot said computer game program , (h) an end parameter received from a central computer , (i) symmetric key information (security means, security code) , (j) public key information , and (k) hashing algorithm information .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (identity information, key information, public key) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US5970143A
CLAIM 5 . The method of claim 4 wherein said decoding step comprises the step of decrypting said encoded message using an algorithm selected from the group consisting of (a) a symmetric key algorithm , (b) a public key (security means, security code) algorithm and (c) a hashing algorithm .

US5970143A
CLAIM 10 . The computer device of claim 9 wherein said means for encoding generates said encoded message by using information selected from the group consisting of (a) tamper-evidence information , (b) user identity information (security means, security code) , (c) unique digital signature information , (d) global positioning information regarding a global position of said computer device , (e) a random number generated by a central computer , (t) a number corresponding to a time at which said outcome was generated , (g) a number which is incremented upon each successive outcome ot said computer game program , (h) an end parameter received from a central computer , (i) symmetric key information (security means, security code) , (j) public key information , and (k) hashing algorithm information .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (identity information, key information, public key) is embedded within the protected code . 		US5970143A
CLAIM 5 . The method of claim 4 wherein said decoding step comprises the step of decrypting said encoded message using an algorithm selected from the group consisting of (a) a symmetric key algorithm , (b) a public key (security means, security code) algorithm and (c) a hashing algorithm .

US5970143A
CLAIM 10 . The computer device of claim 9 wherein said means for encoding generates said encoded message by using information selected from the group consisting of (a) tamper-evidence information , (b) user identity information (security means, security code) , (c) unique digital signature information , (d) global positioning information regarding a global position of said computer device , (e) a random number generated by a central computer , (t) a number corresponding to a time at which said outcome was generated , (g) a number which is incremented upon each successive outcome ot said computer game program , (h) an end parameter received from a central computer , (i) symmetric key information (security means, security code) , (j) public key information , and (k) hashing algorithm information .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (identity information, key information, public key) is embedded at locations which are unused by the protected code . 		US5970143A
CLAIM 5 . The method of claim 4 wherein said decoding step comprises the step of decrypting said encoded message using an algorithm selected from the group consisting of (a) a symmetric key algorithm , (b) a public key (security means, security code) algorithm and (c) a hashing algorithm .

US5970143A
CLAIM 10 . The computer device of claim 9 wherein said means for encoding generates said encoded message by using information selected from the group consisting of (a) tamper-evidence information , (b) user identity information (security means, security code) , (c) unique digital signature information , (d) global positioning information regarding a global position of said computer device , (e) a random number generated by a central computer , (t) a number corresponding to a time at which said outcome was generated , (g) a number which is incremented upon each successive outcome ot said computer game program , (h) an end parameter received from a central computer , (i) symmetric key information (security means, security code) , (j) public key information , and (k) hashing algorithm information .

US7162735B2
CLAIM 13 . The arrangement of claim 12 , wherein at least one embedding location is identified when the protected code is executed , the security means (identity information, key information, public key) is written to the embedding location . 		US5970143A
CLAIM 5 . The method of claim 4 wherein said decoding step comprises the step of decrypting said encoded message using an algorithm selected from the group consisting of (a) a symmetric key algorithm , (b) a public key (security means, security code) algorithm and (c) a hashing algorithm .

US5970143A
CLAIM 10 . The computer device of claim 9 wherein said means for encoding generates said encoded message by using information selected from the group consisting of (a) tamper-evidence information , (b) user identity information (security means, security code) , (c) unique digital signature information , (d) global positioning information regarding a global position of said computer device , (e) a random number generated by a central computer , (t) a number corresponding to a time at which said outcome was generated , (g) a number which is incremented upon each successive outcome ot said computer game program , (h) an end parameter received from a central computer , (i) symmetric key information (security means, security code) , (j) public key information , and (k) hashing algorithm information .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (identity information, key information, public key) and to modify the call instruction to refer to the new location . 		US5970143A
CLAIM 5 . The method of claim 4 wherein said decoding step comprises the step of decrypting said encoded message using an algorithm selected from the group consisting of (a) a symmetric key algorithm , (b) a public key (security means, security code) algorithm and (c) a hashing algorithm .

US5970143A
CLAIM 10 . The computer device of claim 9 wherein said means for encoding generates said encoded message by using information selected from the group consisting of (a) tamper-evidence information , (b) user identity information (security means, security code) , (c) unique digital signature information , (d) global positioning information regarding a global position of said computer device , (e) a random number generated by a central computer , (t) a number corresponding to a time at which said outcome was generated , (g) a number which is incremented upon each successive outcome ot said computer game program , (h) an end parameter received from a central computer , (i) symmetric key information (security means, security code) , (j) public key information , and (k) hashing algorithm information .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key (cryptographic process) from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5970143A
CLAIM 3 . The method of claim 1 wherein at least a portion of said encoding step occurs in a device selected from the group consisting of (a) a secure processor , (b) a dongle , (c) a separate cryptographic process (conversion key, respective conversion key) or and (d) a plug-in module .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (cryptographic process) derived from a respective target block . 		US5970143A
CLAIM 3 . The method of claim 1 wherein at least a portion of said encoding step occurs in a device selected from the group consisting of (a) a secure processor , (b) a dongle , (c) a separate cryptographic process (conversion key, respective conversion key) or and (d) a plug-in module .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order (metering means) to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5970143A
CLAIM 14 . A computer device comprising : a computer readable medium having computer readable program code means embodied therein , said computer readable program code means comprising encoding means for causing said computer device to generate an encoded message representing an outcome of a computer game , code means for causing said computer device to provide said encoded message to a user and metering means (one order) for metering an amount of time of use of said computer game .

US7162735B2
CLAIM 32 . The arrangement of claim 29 , wherein the steps include at least one step which initiates operation of security means (identity information, key information, public key) operable to detect corruption of the protected data . 		US5970143A
CLAIM 5 . The method of claim 4 wherein said decoding step comprises the step of decrypting said encoded message using an algorithm selected from the group consisting of (a) a symmetric key algorithm , (b) a public key (security means, security code) algorithm and (c) a hashing algorithm .

US5970143A
CLAIM 10 . The computer device of claim 9 wherein said means for encoding generates said encoded message by using information selected from the group consisting of (a) tamper-evidence information , (b) user identity information (security means, security code) , (c) unique digital signature information , (d) global positioning information regarding a global position of said computer device , (e) a random number generated by a central computer , (t) a number corresponding to a time at which said outcome was generated , (g) a number which is incremented upon each successive outcome ot said computer game program , (h) an end parameter received from a central computer , (i) symmetric key information (security means, security code) , (j) public key information , and (k) hashing algorithm information .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (identity information, key information, public key) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5970143A
CLAIM 5 . The method of claim 4 wherein said decoding step comprises the step of decrypting said encoded message using an algorithm selected from the group consisting of (a) a symmetric key algorithm , (b) a public key (security means, security code) algorithm and (c) a hashing algorithm .

US5970143A
CLAIM 10 . The computer device of claim 9 wherein said means for encoding generates said encoded message by using information selected from the group consisting of (a) tamper-evidence information , (b) user identity information (security means, security code) , (c) unique digital signature information , (d) global positioning information regarding a global position of said computer device , (e) a random number generated by a central computer , (t) a number corresponding to a time at which said outcome was generated , (g) a number which is incremented upon each successive outcome ot said computer game program , (h) an end parameter received from a central computer , (i) symmetric key information (security means, security code) , (j) public key information , and (k) hashing algorithm information .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (identity information, key information, public key) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5970143A
CLAIM 5 . The method of claim 4 wherein said decoding step comprises the step of decrypting said encoded message using an algorithm selected from the group consisting of (a) a symmetric key algorithm , (b) a public key (security means, security code) algorithm and (c) a hashing algorithm .

US5970143A
CLAIM 10 . The computer device of claim 9 wherein said means for encoding generates said encoded message by using information selected from the group consisting of (a) tamper-evidence information , (b) user identity information (security means, security code) , (c) unique digital signature information , (d) global positioning information regarding a global position of said computer device , (e) a random number generated by a central computer , (t) a number corresponding to a time at which said outcome was generated , (g) a number which is incremented upon each successive outcome ot said computer game program , (h) an end parameter received from a central computer , (i) symmetric key information (security means, security code) , (j) public key information , and (k) hashing algorithm information .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6031992A

Filed: 1996-07-05     Issued: 2000-02-29

Combining hardware and software to provide an improved microprocessor

(Original Assignee) Transmeta Inc     (Current Assignee) Intellectual Ventures Holding 81 LLC

Robert F. Cmelik, David R. Ditzel, Edmund J. Kelly, Colin B. Hunter, Douglas A. Laird, Malcolm John Wing, Grzegorz B. Zyner
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software (application programs) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US6031992A
CLAIM 14 . A microprocessor for a host computer designed to execute target application programs (computer software) for a target computer having a target instruction set comprising the combination of : code morphing software , and morph host processing hardware designed to execute instructions of a host instruction set , the combination of the code morphing software and the morph host processing hardware comprising : means to translate a set of target instructions into instructions of a host instruction set speculating upon the occurrence of a condition , means to determine under control of the code morphing software official state of the target computer which existed at the beginning of a translation of a set of target instructions during execution of the target program by the microprocessor , means for updating state of the target computer from state of the host computer when a set of host instructions executes in accordance with the speculation , means to detect failure of the condition during the execution of the set of host instructions , means for updating state of the host computer from state of the target computer when a set of host instructions fails to execute in accordance with the speculation , and means to translate a new set of host instructions without the speculation when a set of host instructions fails to execute in accordance with the speculation .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (application programs) in accordance with claim 1 . 		US6031992A
CLAIM 14 . A microprocessor for a host computer designed to execute target application programs (computer software) for a target computer having a target instruction set comprising the combination of : code morphing software , and morph host processing hardware designed to execute instructions of a host instruction set , the combination of the code morphing software and the morph host processing hardware comprising : means to translate a set of target instructions into instructions of a host instruction set speculating upon the occurrence of a condition , means to determine under control of the code morphing software official state of the target computer which existed at the beginning of a translation of a set of target instructions during execution of the target program by the microprocessor , means for updating state of the target computer from state of the host computer when a set of host instructions executes in accordance with the speculation , means to detect failure of the condition during the execution of the set of host instructions , means for updating state of the host computer from state of the target computer when a set of host instructions fails to execute in accordance with the speculation , and means to translate a new set of host instructions without the speculation when a set of host instructions fails to execute in accordance with the speculation .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (application programs) protected by means of computer software in accordance with claim 1 . 		US6031992A
CLAIM 14 . A microprocessor for a host computer designed to execute target application programs (computer software) for a target computer having a target instruction set comprising the combination of : code morphing software , and morph host processing hardware designed to execute instructions of a host instruction set , the combination of the code morphing software and the morph host processing hardware comprising : means to translate a set of target instructions into instructions of a host instruction set speculating upon the occurrence of a condition , means to determine under control of the code morphing software official state of the target computer which existed at the beginning of a translation of a set of target instructions during execution of the target program by the microprocessor , means for updating state of the target computer from state of the host computer when a set of host instructions executes in accordance with the speculation , means to detect failure of the condition during the execution of the set of host instructions , means for updating state of the host computer from state of the target computer when a set of host instructions fails to execute in accordance with the speculation , and means to translate a new set of host instructions without the speculation when a set of host instructions fails to execute in accordance with the speculation .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions (first instruction, additional steps) to the security code , and the security code , when executed , replaces a respective call instruction (executing instructions) with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US6031992A
CLAIM 4 . A microprocessor comprising the combination of translation software , and host hardware , in which the translation software is code morphing software and the host hardware is morph host hardware , in which the code morphing software comprises : processes to translate target instructions of a program written for a processor having a first instruction (executable instructions, call instructions, decryption instructions) set into primitive instructions capable of execution on the enhanced morph host hardware , and processes to store the host primitive instructions as host translations in a translation buffer from which they may be recalled and executed by the morph host hardware any number of times .

US6031992A
CLAIM 25 . A method of executing target programs designed to be executed by a target computer having a target instruction set on a host computer having a host processor capable of executing instructions (executable instruction, call instruction) from a host instruction set different than the target instruction set , the method comprising : storing state of the target computer as it exists at the beginning of translating a target instruction ;
translating target instructions commanding an operation into a set of host instructions for executing on the host processor the operation commanded by the target instruction ;
storing the host instructions as a host translation in a translation buffer ;
executing the host translation on the host processor ;
updating state stored for the target computer from state of the host computer when the execution of a host translation does not generate an exception or error ;
and updating state of the host computer from stored state of the target computer when the execution of the host translation generates an exception or error .

US6031992A
CLAIM 27 . A method of executing target application programs as claimed in claim 25 comprising the additional steps (executable instructions, call instructions, decryption instructions) of : translating each target instructions commanding an operation into a set of host instructions for executing on the host processor each target instruction of the operation commanded by the target instructions without reordering , optimizing , or rescheduling the primitive instructions to generate a host instruction ;
storing each set of host instructions in the translation buffer as a host translation as the set is completed ;
storing and updating state of the host computer after each target instruction is translated to a set of host instructions , executing each host translation on the host processor ;
updating state stored for the target computer from state of the host computer when the execution of a host translation does not generate an exception or error ;
and taking any exception or error generated when executing the host instruction generates an exception or an error .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction (executing instructions) and the security code , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US6031992A
CLAIM 25 . A method of executing target programs designed to be executed by a target computer having a target instruction set on a host computer having a host processor capable of executing instructions (executable instruction, call instruction) from a host instruction set different than the target instruction set , the method comprising : storing state of the target computer as it exists at the beginning of translating a target instruction ;
translating target instructions commanding an operation into a set of host instructions for executing on the host processor the operation commanded by the target instruction ;
storing the host instructions as a host translation in a translation buffer ;
executing the host translation on the host processor ;
updating state stored for the target computer from state of the host computer when the execution of a host translation does not generate an exception or error ;
and updating state of the host computer from stored state of the target computer when the execution of the host translation generates an exception or error .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code and to modify the call instruction (executing instructions) to refer to the new location . 		US6031992A
CLAIM 25 . A method of executing target programs designed to be executed by a target computer having a target instruction set on a host computer having a host processor capable of executing instructions (executable instruction, call instruction) from a host instruction set different than the target instruction set , the method comprising : storing state of the target computer as it exists at the beginning of translating a target instruction ;
translating target instructions commanding an operation into a set of host instructions for executing on the host processor the operation commanded by the target instruction ;
storing the host instructions as a host translation in a translation buffer ;
executing the host translation on the host processor ;
updating state stored for the target computer from state of the host computer when the execution of a host translation does not generate an exception or error ;
and updating state of the host computer from stored state of the target computer when the execution of the host translation generates an exception or error .

US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (first instruction, additional steps) for decryption . 		US6031992A
CLAIM 4 . A microprocessor comprising the combination of translation software , and host hardware , in which the translation software is code morphing software and the host hardware is morph host hardware , in which the code morphing software comprises : processes to translate target instructions of a program written for a processor having a first instruction (executable instructions, call instructions, decryption instructions) set into primitive instructions capable of execution on the enhanced morph host hardware , and processes to store the host primitive instructions as host translations in a translation buffer from which they may be recalled and executed by the morph host hardware any number of times .

US6031992A
CLAIM 27 . A method of executing target application programs as claimed in claim 25 comprising the additional steps (executable instructions, call instructions, decryption instructions) of : translating each target instructions commanding an operation into a set of host instructions for executing on the host processor each target instruction of the operation commanded by the target instructions without reordering , optimizing , or rescheduling the primitive instructions to generate a host instruction ;
storing each set of host instructions in the translation buffer as a host translation as the set is completed ;
storing and updating state of the host computer after each target instruction is translated to a set of host instructions , executing each host translation on the host processor ;
updating state stored for the target computer from state of the host computer when the execution of a host translation does not generate an exception or error ;
and taking any exception or error generated when executing the host instruction generates an exception or an error .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (first instruction, additional steps) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US6031992A
CLAIM 4 . A microprocessor comprising the combination of translation software , and host hardware , in which the translation software is code morphing software and the host hardware is morph host hardware , in which the code morphing software comprises : processes to translate target instructions of a program written for a processor having a first instruction (executable instructions, call instructions, decryption instructions) set into primitive instructions capable of execution on the enhanced morph host hardware , and processes to store the host primitive instructions as host translations in a translation buffer from which they may be recalled and executed by the morph host hardware any number of times .

US6031992A
CLAIM 27 . A method of executing target application programs as claimed in claim 25 comprising the additional steps (executable instructions, call instructions, decryption instructions) of : translating each target instructions commanding an operation into a set of host instructions for executing on the host processor each target instruction of the operation commanded by the target instructions without reordering , optimizing , or rescheduling the primitive instructions to generate a host instruction ;
storing each set of host instructions in the translation buffer as a host translation as the set is completed ;
storing and updating state of the host computer after each target instruction is translated to a set of host instructions , executing each host translation on the host processor ;
updating state stored for the target computer from state of the host computer when the execution of a host translation does not generate an exception or error ;
and taking any exception or error generated when executing the host instruction generates an exception or an error .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (first instruction, additional steps) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		US6031992A
CLAIM 4 . A microprocessor comprising the combination of translation software , and host hardware , in which the translation software is code morphing software and the host hardware is morph host hardware , in which the code morphing software comprises : processes to translate target instructions of a program written for a processor having a first instruction (executable instructions, call instructions, decryption instructions) set into primitive instructions capable of execution on the enhanced morph host hardware , and processes to store the host primitive instructions as host translations in a translation buffer from which they may be recalled and executed by the morph host hardware any number of times .

US6031992A
CLAIM 27 . A method of executing target application programs as claimed in claim 25 comprising the additional steps (executable instructions, call instructions, decryption instructions) of : translating each target instructions commanding an operation into a set of host instructions for executing on the host processor each target instruction of the operation commanded by the target instructions without reordering , optimizing , or rescheduling the primitive instructions to generate a host instruction ;
storing each set of host instructions in the translation buffer as a host translation as the set is completed ;
storing and updating state of the host computer after each target instruction is translated to a set of host instructions , executing each host translation on the host processor ;
updating state stored for the target computer from state of the host computer when the execution of a host translation does not generate an exception or error ;
and taking any exception or error generated when executing the host instruction generates an exception or an error .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (first instruction, additional steps) . 		US6031992A
CLAIM 4 . A microprocessor comprising the combination of translation software , and host hardware , in which the translation software is code morphing software and the host hardware is morph host hardware , in which the code morphing software comprises : processes to translate target instructions of a program written for a processor having a first instruction (executable instructions, call instructions, decryption instructions) set into primitive instructions capable of execution on the enhanced morph host hardware , and processes to store the host primitive instructions as host translations in a translation buffer from which they may be recalled and executed by the morph host hardware any number of times .

US6031992A
CLAIM 27 . A method of executing target application programs as claimed in claim 25 comprising the additional steps (executable instructions, call instructions, decryption instructions) of : translating each target instructions commanding an operation into a set of host instructions for executing on the host processor each target instruction of the operation commanded by the target instructions without reordering , optimizing , or rescheduling the primitive instructions to generate a host instruction ;
storing each set of host instructions in the translation buffer as a host translation as the set is completed ;
storing and updating state of the host computer after each target instruction is translated to a set of host instructions , executing each host translation on the host processor ;
updating state stored for the target computer from state of the host computer when the execution of a host translation does not generate an exception or error ;
and taking any exception or error generated when executing the host instruction generates an exception or an error .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions (first instruction, additional steps) and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US6031992A
CLAIM 4 . A microprocessor comprising the combination of translation software , and host hardware , in which the translation software is code morphing software and the host hardware is morph host hardware , in which the code morphing software comprises : processes to translate target instructions of a program written for a processor having a first instruction (executable instructions, call instructions, decryption instructions) set into primitive instructions capable of execution on the enhanced morph host hardware , and processes to store the host primitive instructions as host translations in a translation buffer from which they may be recalled and executed by the morph host hardware any number of times .

US6031992A
CLAIM 27 . A method of executing target application programs as claimed in claim 25 comprising the additional steps (executable instructions, call instructions, decryption instructions) of : translating each target instructions commanding an operation into a set of host instructions for executing on the host processor each target instruction of the operation commanded by the target instructions without reordering , optimizing , or rescheduling the primitive instructions to generate a host instruction ;
storing each set of host instructions in the translation buffer as a host translation as the set is completed ;
storing and updating state of the host computer after each target instruction is translated to a set of host instructions , executing each host translation on the host processor ;
updating state stored for the target computer from state of the host computer when the execution of a host translation does not generate an exception or error ;
and taking any exception or error generated when executing the host instruction generates an exception or an error .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction (executing instructions) which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US6031992A
CLAIM 25 . A method of executing target programs designed to be executed by a target computer having a target instruction set on a host computer having a host processor capable of executing instructions (executable instruction, call instruction) from a host instruction set different than the target instruction set , the method comprising : storing state of the target computer as it exists at the beginning of translating a target instruction ;
translating target instructions commanding an operation into a set of host instructions for executing on the host processor the operation commanded by the target instruction ;
storing the host instructions as a host translation in a translation buffer ;
executing the host translation on the host processor ;
updating state stored for the target computer from state of the host computer when the execution of a host translation does not generate an exception or error ;
and updating state of the host computer from stored state of the target computer when the execution of the host translation generates an exception or error .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code is executable to create the steps on each occasion that the executable instruction (executing instructions) is to be executed . 		US6031992A
CLAIM 25 . A method of executing target programs designed to be executed by a target computer having a target instruction set on a host computer having a host processor capable of executing instructions (executable instruction, call instruction) from a host instruction set different than the target instruction set , the method comprising : storing state of the target computer as it exists at the beginning of translating a target instruction ;
translating target instructions commanding an operation into a set of host instructions for executing on the host processor the operation commanded by the target instruction ;
storing the host instructions as a host translation in a translation buffer ;
executing the host translation on the host processor ;
updating state stored for the target computer from state of the host computer when the execution of a host translation does not generate an exception or error ;
and updating state of the host computer from stored state of the target computer when the execution of the host translation generates an exception or error .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code , wherein : the protected code comprises at least one call instruction (executing instructions) to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US6031992A
CLAIM 25 . A method of executing target programs designed to be executed by a target computer having a target instruction set on a host computer having a host processor capable of executing instructions (executable instruction, call instruction) from a host instruction set different than the target instruction set , the method comprising : storing state of the target computer as it exists at the beginning of translating a target instruction ;
translating target instructions commanding an operation into a set of host instructions for executing on the host processor the operation commanded by the target instruction ;
storing the host instructions as a host translation in a translation buffer ;
executing the host translation on the host processor ;
updating state stored for the target computer from state of the host computer when the execution of a host translation does not generate an exception or error ;
and updating state of the host computer from stored state of the target computer when the execution of the host translation generates an exception or error .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions (first instruction, additional steps) to the security code ;

the security code , when called by a call instruction (executing instructions) , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US6031992A
CLAIM 4 . A microprocessor comprising the combination of translation software , and host hardware , in which the translation software is code morphing software and the host hardware is morph host hardware , in which the code morphing software comprises : processes to translate target instructions of a program written for a processor having a first instruction (executable instructions, call instructions, decryption instructions) set into primitive instructions capable of execution on the enhanced morph host hardware , and processes to store the host primitive instructions as host translations in a translation buffer from which they may be recalled and executed by the morph host hardware any number of times .

US6031992A
CLAIM 25 . A method of executing target programs designed to be executed by a target computer having a target instruction set on a host computer having a host processor capable of executing instructions (executable instruction, call instruction) from a host instruction set different than the target instruction set , the method comprising : storing state of the target computer as it exists at the beginning of translating a target instruction ;
translating target instructions commanding an operation into a set of host instructions for executing on the host processor the operation commanded by the target instruction ;
storing the host instructions as a host translation in a translation buffer ;
executing the host translation on the host processor ;
updating state stored for the target computer from state of the host computer when the execution of a host translation does not generate an exception or error ;
and updating state of the host computer from stored state of the target computer when the execution of the host translation generates an exception or error .

US6031992A
CLAIM 27 . A method of executing target application programs as claimed in claim 25 comprising the additional steps (executable instructions, call instructions, decryption instructions) of : translating each target instructions commanding an operation into a set of host instructions for executing on the host processor each target instruction of the operation commanded by the target instructions without reordering , optimizing , or rescheduling the primitive instructions to generate a host instruction ;
storing each set of host instructions in the translation buffer as a host translation as the set is completed ;
storing and updating state of the host computer after each target instruction is translated to a set of host instructions , executing each host translation on the host processor ;
updating state stored for the target computer from state of the host computer when the execution of a host translation does not generate an exception or error ;
and taking any exception or error generated when executing the host instruction generates an exception or an error .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5794230A

Filed: 1996-06-28     Issued: 1998-08-11

Method and system for creating and searching directories on a server

(Original Assignee) Microsoft Corp     (Current Assignee) Microsoft Technology Licensing LLC

Peter H. Horadan, Eric M. Candell
US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US5794230A
CLAIM 16 . A computer system (computer system) including a client and a server , the client being operative to execute a program module for allowing the client to download a file stored on the server , the server comprising : a memory for storing files containing information relating to a plurality of respective institutions , each institution being identified by a unique identifier comprising a predetermined plurality of symbols , each file being identified by a unique filepath ;
and a processing device , coupled to said memory , for searching and locating a specific file ;
and the client comprising : a memory for storing the program module ;
a processing device , responsive to instructions from the program module , operative to : connect the client to the server ;
transmit , in response to input from a user of the client computer , a request to the server for a specific file identified by a specific filepath , the filepath including a unique identifier ;
parse the unique identifier into predetermined segments comprising a subset of said symbols , the segments corresponding respectively to a directory , at least one subdirectory , and a file name ;
search the server using the segments of the unique identifier to locate the specific file as identified within the directory , the at least one subdirectory , and the file name ;
and receive the downloaded specific file from the server .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US5794230A
CLAIM 16 . A computer system (computer system) including a client and a server , the client being operative to execute a program module for allowing the client to download a file stored on the server , the server comprising : a memory for storing files containing information relating to a plurality of respective institutions , each institution being identified by a unique identifier comprising a predetermined plurality of symbols , each file being identified by a unique filepath ;
and a processing device , coupled to said memory , for searching and locating a specific file ;
and the client comprising : a memory for storing the program module ;
a processing device , responsive to instructions from the program module , operative to : connect the client to the server ;
transmit , in response to input from a user of the client computer , a request to the server for a specific file identified by a specific filepath , the filepath including a unique identifier ;
parse the unique identifier into predetermined segments comprising a subset of said symbols , the segments corresponding respectively to a directory , at least one subdirectory , and a file name ;
search the server using the segments of the unique identifier to locate the specific file as identified within the directory , the at least one subdirectory , and the file name ;
and receive the downloaded specific file from the server .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5794230A
CLAIM 16 . A computer system (computer system) including a client and a server , the client being operative to execute a program module for allowing the client to download a file stored on the server , the server comprising : a memory for storing files containing information relating to a plurality of respective institutions , each institution being identified by a unique identifier comprising a predetermined plurality of symbols , each file being identified by a unique filepath ;
and a processing device , coupled to said memory , for searching and locating a specific file ;
and the client comprising : a memory for storing the program module ;
a processing device , responsive to instructions from the program module , operative to : connect the client to the server ;
transmit , in response to input from a user of the client computer , a request to the server for a specific file identified by a specific filepath , the filepath including a unique identifier ;
parse the unique identifier into predetermined segments comprising a subset of said symbols , the segments corresponding respectively to a directory , at least one subdirectory , and a file name ;
search the server using the segments of the unique identifier to locate the specific file as identified within the directory , the at least one subdirectory , and the file name ;
and receive the downloaded specific file from the server .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5794230A
CLAIM 16 . A computer system (computer system) including a client and a server , the client being operative to execute a program module for allowing the client to download a file stored on the server , the server comprising : a memory for storing files containing information relating to a plurality of respective institutions , each institution being identified by a unique identifier comprising a predetermined plurality of symbols , each file being identified by a unique filepath ;
and a processing device , coupled to said memory , for searching and locating a specific file ;
and the client comprising : a memory for storing the program module ;
a processing device , responsive to instructions from the program module , operative to : connect the client to the server ;
transmit , in response to input from a user of the client computer , a request to the server for a specific file identified by a specific filepath , the filepath including a unique identifier ;
parse the unique identifier into predetermined segments comprising a subset of said symbols , the segments corresponding respectively to a directory , at least one subdirectory , and a file name ;
search the server using the segments of the unique identifier to locate the specific file as identified within the directory , the at least one subdirectory , and the file name ;
and receive the downloaded specific file from the server .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		US5794230A
CLAIM 16 . A computer system including a client and a server , the client being operative to execute a program module for allowing the client to download a file stored on the server , the server comprising : a memory for storing files containing information relating to a plurality of respective institutions , each institution being identified by a unique identifier comprising a predetermined plurality of symbols , each file being identified by a unique filepath ;
and a processing device , coupled to said memory (relocation code) , for searching and locating a specific file ;
and the client comprising : a memory for storing the program module ;
a processing device , responsive to instructions from the program module , operative to : connect the client to the server ;
transmit , in response to input from a user of the client computer , a request to the server for a specific file identified by a specific filepath , the filepath including a unique identifier ;
parse the unique identifier into predetermined segments comprising a subset of said symbols , the segments corresponding respectively to a directory , at least one subdirectory , and a file name ;
search the server using the segments of the unique identifier to locate the specific file as identified within the directory , the at least one subdirectory , and the file name ;
and receive the downloaded specific file from the server .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US5794230A
CLAIM 16 . A computer system including a client and a server , the client being operative to execute a program module for allowing the client to download a file stored on the server , the server comprising : a memory for storing files containing information relating to a plurality of respective institutions , each institution being identified by a unique identifier comprising a predetermined plurality of symbols , each file being identified by a unique filepath ;
and a processing device , coupled to said memory (relocation code) , for searching and locating a specific file ;
and the client comprising : a memory for storing the program module ;
a processing device , responsive to instructions from the program module , operative to : connect the client to the server ;
transmit , in response to input from a user of the client computer , a request to the server for a specific file identified by a specific filepath , the filepath including a unique identifier ;
parse the unique identifier into predetermined segments comprising a subset of said symbols , the segments corresponding respectively to a directory , at least one subdirectory , and a file name ;
search the server using the segments of the unique identifier to locate the specific file as identified within the directory , the at least one subdirectory , and the file name ;
and receive the downloaded specific file from the server .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5794230A
CLAIM 16 . A computer system (computer system) including a client and a server , the client being operative to execute a program module for allowing the client to download a file stored on the server , the server comprising : a memory for storing files containing information relating to a plurality of respective institutions , each institution being identified by a unique identifier comprising a predetermined plurality of symbols , each file being identified by a unique filepath ;
and a processing device , coupled to said memory , for searching and locating a specific file ;
and the client comprising : a memory for storing the program module ;
a processing device , responsive to instructions from the program module , operative to : connect the client to the server ;
transmit , in response to input from a user of the client computer , a request to the server for a specific file identified by a specific filepath , the filepath including a unique identifier ;
parse the unique identifier into predetermined segments comprising a subset of said symbols , the segments corresponding respectively to a directory , at least one subdirectory , and a file name ;
search the server using the segments of the unique identifier to locate the specific file as identified within the directory , the at least one subdirectory , and the file name ;
and receive the downloaded specific file from the server .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5794230A
CLAIM 16 . A computer system (computer system) including a client and a server , the client being operative to execute a program module for allowing the client to download a file stored on the server , the server comprising : a memory for storing files containing information relating to a plurality of respective institutions , each institution being identified by a unique identifier comprising a predetermined plurality of symbols , each file being identified by a unique filepath ;
and a processing device , coupled to said memory , for searching and locating a specific file ;
and the client comprising : a memory for storing the program module ;
a processing device , responsive to instructions from the program module , operative to : connect the client to the server ;
transmit , in response to input from a user of the client computer , a request to the server for a specific file identified by a specific filepath , the filepath including a unique identifier ;
parse the unique identifier into predetermined segments comprising a subset of said symbols , the segments corresponding respectively to a directory , at least one subdirectory , and a file name ;
search the server using the segments of the unique identifier to locate the specific file as identified within the directory , the at least one subdirectory , and the file name ;
and receive the downloaded specific file from the server .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5794230A
CLAIM 16 . A computer system (computer system) including a client and a server , the client being operative to execute a program module for allowing the client to download a file stored on the server , the server comprising : a memory for storing files containing information relating to a plurality of respective institutions , each institution being identified by a unique identifier comprising a predetermined plurality of symbols , each file being identified by a unique filepath ;
and a processing device , coupled to said memory , for searching and locating a specific file ;
and the client comprising : a memory for storing the program module ;
a processing device , responsive to instructions from the program module , operative to : connect the client to the server ;
transmit , in response to input from a user of the client computer , a request to the server for a specific file identified by a specific filepath , the filepath including a unique identifier ;
parse the unique identifier into predetermined segments comprising a subset of said symbols , the segments corresponding respectively to a directory , at least one subdirectory , and a file name ;
search the server using the segments of the unique identifier to locate the specific file as identified within the directory , the at least one subdirectory , and the file name ;
and receive the downloaded specific file from the server .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5794230A
CLAIM 16 . A computer system including a client and a server , the client being operative to execute a program module for allowing the client to download a file stored on the server , the server comprising : a memory for storing files containing information relating to a plurality of respective institutions , each institution being identified by a unique identifier comprising a predetermined plurality of symbols , each file being identified by a unique filepath ;
and a processing device , coupled to said memory (relocation code) , for searching and locating a specific file ;
and the client comprising : a memory for storing the program module ;
a processing device , responsive to instructions from the program module , operative to : connect the client to the server ;
transmit , in response to input from a user of the client computer , a request to the server for a specific file identified by a specific filepath , the filepath including a unique identifier ;
parse the unique identifier into predetermined segments comprising a subset of said symbols , the segments corresponding respectively to a directory , at least one subdirectory , and a file name ;
search the server using the segments of the unique identifier to locate the specific file as identified within the directory , the at least one subdirectory , and the file name ;
and receive the downloaded specific file from the server .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5794230A
CLAIM 16 . A computer system including a client and a server , the client being operative to execute a program module for allowing the client to download a file stored on the server , the server comprising : a memory for storing files containing information relating to a plurality of respective institutions , each institution being identified by a unique identifier comprising a predetermined plurality of symbols , each file being identified by a unique filepath ;
and a processing device , coupled to said memory (relocation code) , for searching and locating a specific file ;
and the client comprising : a memory for storing the program module ;
a processing device , responsive to instructions from the program module , operative to : connect the client to the server ;
transmit , in response to input from a user of the client computer , a request to the server for a specific file identified by a specific filepath , the filepath including a unique identifier ;
parse the unique identifier into predetermined segments comprising a subset of said symbols , the segments corresponding respectively to a directory , at least one subdirectory , and a file name ;
search the server using the segments of the unique identifier to locate the specific file as identified within the directory , the at least one subdirectory , and the file name ;
and receive the downloaded specific file from the server .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5794230A
CLAIM 16 . A computer system (computer system) including a client and a server , the client being operative to execute a program module for allowing the client to download a file stored on the server , the server comprising : a memory for storing files containing information relating to a plurality of respective institutions , each institution being identified by a unique identifier comprising a predetermined plurality of symbols , each file being identified by a unique filepath ;
and a processing device , coupled to said memory , for searching and locating a specific file ;
and the client comprising : a memory for storing the program module ;
a processing device , responsive to instructions from the program module , operative to : connect the client to the server ;
transmit , in response to input from a user of the client computer , a request to the server for a specific file identified by a specific filepath , the filepath including a unique identifier ;
parse the unique identifier into predetermined segments comprising a subset of said symbols , the segments corresponding respectively to a directory , at least one subdirectory , and a file name ;
search the server using the segments of the unique identifier to locate the specific file as identified within the directory , the at least one subdirectory , and the file name ;
and receive the downloaded specific file from the server .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5892899A

Filed: 1996-06-13     Issued: 1999-04-06

Tamper resistant methods and apparatus

(Original Assignee) Intel Corp     (Current Assignee) Intel Corp

David Aucsmith, Gary Graunke
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software (machine readable storage medium, second application, first public key, first private key) , the protection software (system integrity) comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5892899A
CLAIM 45 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first , a second , a third , and a fourth plurality of programming instructions to be executed by the execution unit , the first and second plurality of programming instructions implementing a first and a second integrity verification function for a first and a second application (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) respectively , whereas the third and fourth programming instructions implement a third and a fourth integrity verification function for a system integrity (protection software) verification program , all four pluralities of programming instructions having incorporated defensive techniques rendering them tamper resistant , the four pluralities of programming instructions jointly implementing an interlocking trust mechanism , requiring the first and the second pluralities of programming instructions each to cooperate with both the third and fourth pluralities of programming instructions to complete an integrity verification on the apparatus .

US5892899A
CLAIM 47 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first and a second plurality of programming instructions to be executed by the execution unit , and a first secret private key , the first and second pluralities of programming instructions implementing a first and a second tamper resistant decryption function respectively , the first tamper resistant decryption function being used for recovering a first public key (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) asymmetric to the first secret private key using a second public key , the first public key having been previously encrypted using a second secret private key asymmetric to the second public key , the second tamper resistant decryption function being used for recovering a content encryption key using the first secret private key , the content encryption key having been previously encrypted using the first public key .

US5892899A
CLAIM 49 . A machine implemented method for recovering content , the method comprising the steps of : a) recovering a first public key using a second public key , the first and second public keys having a first and a second asymmetric private key respectively , the first public key having been previously encrypted by the second private key ;
b) providing the recovered first public key to be used for encrypting a content encryption key ;
c) receiving the encrypted content encryption key ;
and d) recovering the content encryption key using the first private key (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) .

US5892899A
CLAIM 51 . A machine readable storage medium (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) having stored therein a plurality of programming instruction blocks that operates on corresponding subparts of a secret distributed among them , to be executed over a period of time .

US7162735B2
CLAIM 2 . A computer memory device (machine readable storage medium, second application, first public key, first private key) containing computer software (machine readable storage medium, second application, first public key, first private key) in accordance with claim 1 . 		US5892899A
CLAIM 45 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first , a second , a third , and a fourth plurality of programming instructions to be executed by the execution unit , the first and second plurality of programming instructions implementing a first and a second integrity verification function for a first and a second application (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) respectively , whereas the third and fourth programming instructions implement a third and a fourth integrity verification function for a system integrity verification program , all four pluralities of programming instructions having incorporated defensive techniques rendering them tamper resistant , the four pluralities of programming instructions jointly implementing an interlocking trust mechanism , requiring the first and the second pluralities of programming instructions each to cooperate with both the third and fourth pluralities of programming instructions to complete an integrity verification on the apparatus .

US5892899A
CLAIM 47 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first and a second plurality of programming instructions to be executed by the execution unit , and a first secret private key , the first and second pluralities of programming instructions implementing a first and a second tamper resistant decryption function respectively , the first tamper resistant decryption function being used for recovering a first public key (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) asymmetric to the first secret private key using a second public key , the first public key having been previously encrypted using a second secret private key asymmetric to the second public key , the second tamper resistant decryption function being used for recovering a content encryption key using the first secret private key , the content encryption key having been previously encrypted using the first public key .

US5892899A
CLAIM 49 . A machine implemented method for recovering content , the method comprising the steps of : a) recovering a first public key using a second public key , the first and second public keys having a first and a second asymmetric private key respectively , the first public key having been previously encrypted by the second private key ;
b) providing the recovered first public key to be used for encrypting a content encryption key ;
c) receiving the encrypted content encryption key ;
and d) recovering the content encryption key using the first private key (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) .

US5892899A
CLAIM 51 . A machine readable storage medium (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) having stored therein a plurality of programming instruction blocks that operates on corresponding subparts of a secret distributed among them , to be executed over a period of time .

US7162735B2
CLAIM 3 . A computer system (machine readable storage medium, second application, first public key, first private key) containing an item of computer software (machine readable storage medium, second application, first public key, first private key) protected by means of computer software in accordance with claim 1 . 		US5892899A
CLAIM 45 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first , a second , a third , and a fourth plurality of programming instructions to be executed by the execution unit , the first and second plurality of programming instructions implementing a first and a second integrity verification function for a first and a second application (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) respectively , whereas the third and fourth programming instructions implement a third and a fourth integrity verification function for a system integrity verification program , all four pluralities of programming instructions having incorporated defensive techniques rendering them tamper resistant , the four pluralities of programming instructions jointly implementing an interlocking trust mechanism , requiring the first and the second pluralities of programming instructions each to cooperate with both the third and fourth pluralities of programming instructions to complete an integrity verification on the apparatus .

US5892899A
CLAIM 47 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first and a second plurality of programming instructions to be executed by the execution unit , and a first secret private key , the first and second pluralities of programming instructions implementing a first and a second tamper resistant decryption function respectively , the first tamper resistant decryption function being used for recovering a first public key (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) asymmetric to the first secret private key using a second public key , the first public key having been previously encrypted using a second secret private key asymmetric to the second public key , the second tamper resistant decryption function being used for recovering a content encryption key using the first secret private key , the content encryption key having been previously encrypted using the first public key .

US5892899A
CLAIM 49 . A machine implemented method for recovering content , the method comprising the steps of : a) recovering a first public key using a second public key , the first and second public keys having a first and a second asymmetric private key respectively , the first public key having been previously encrypted by the second private key ;
b) providing the recovered first public key to be used for encrypting a content encryption key ;
c) receiving the encrypted content encryption key ;
and d) recovering the content encryption key using the first private key (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) .

US5892899A
CLAIM 51 . A machine readable storage medium (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) having stored therein a plurality of programming instruction blocks that operates on corresponding subparts of a secret distributed among them , to be executed over a period of time .

US7162735B2
CLAIM 5 . A computer system (machine readable storage medium, second application, first public key, first private key) comprising memory means (second pluralities) containing a digital protection arrangement according to claim 4 . 		US5892899A
CLAIM 45 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first , a second , a third , and a fourth plurality of programming instructions to be executed by the execution unit , the first and second plurality of programming instructions implementing a first and a second integrity verification function for a first and a second application (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) respectively , whereas the third and fourth programming instructions implement a third and a fourth integrity verification function for a system integrity verification program , all four pluralities of programming instructions having incorporated defensive techniques rendering them tamper resistant , the four pluralities of programming instructions jointly implementing an interlocking trust mechanism , requiring the first and the second pluralities (memory means) of programming instructions each to cooperate with both the third and fourth pluralities of programming instructions to complete an integrity verification on the apparatus .

US5892899A
CLAIM 47 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first and a second plurality of programming instructions to be executed by the execution unit , and a first secret private key , the first and second pluralities of programming instructions implementing a first and a second tamper resistant decryption function respectively , the first tamper resistant decryption function being used for recovering a first public key (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) asymmetric to the first secret private key using a second public key , the first public key having been previously encrypted using a second secret private key asymmetric to the second public key , the second tamper resistant decryption function being used for recovering a content encryption key using the first secret private key , the content encryption key having been previously encrypted using the first public key .

US5892899A
CLAIM 49 . A machine implemented method for recovering content , the method comprising the steps of : a) recovering a first public key using a second public key , the first and second public keys having a first and a second asymmetric private key respectively , the first public key having been previously encrypted by the second private key ;
b) providing the recovered first public key to be used for encrypting a content encryption key ;
c) receiving the encrypted content encryption key ;
and d) recovering the content encryption key using the first private key (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) .

US5892899A
CLAIM 51 . A machine readable storage medium (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) having stored therein a plurality of programming instruction blocks that operates on corresponding subparts of a secret distributed among them , to be executed over a period of time .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (machine readable storage medium, second application, first public key, first private key) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5892899A
CLAIM 45 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first , a second , a third , and a fourth plurality of programming instructions to be executed by the execution unit , the first and second plurality of programming instructions implementing a first and a second integrity verification function for a first and a second application (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) respectively , whereas the third and fourth programming instructions implement a third and a fourth integrity verification function for a system integrity verification program , all four pluralities of programming instructions having incorporated defensive techniques rendering them tamper resistant , the four pluralities of programming instructions jointly implementing an interlocking trust mechanism , requiring the first and the second pluralities of programming instructions each to cooperate with both the third and fourth pluralities of programming instructions to complete an integrity verification on the apparatus .

US5892899A
CLAIM 47 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first and a second plurality of programming instructions to be executed by the execution unit , and a first secret private key , the first and second pluralities of programming instructions implementing a first and a second tamper resistant decryption function respectively , the first tamper resistant decryption function being used for recovering a first public key (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) asymmetric to the first secret private key using a second public key , the first public key having been previously encrypted using a second secret private key asymmetric to the second public key , the second tamper resistant decryption function being used for recovering a content encryption key using the first secret private key , the content encryption key having been previously encrypted using the first public key .

US5892899A
CLAIM 49 . A machine implemented method for recovering content , the method comprising the steps of : a) recovering a first public key using a second public key , the first and second public keys having a first and a second asymmetric private key respectively , the first public key having been previously encrypted by the second private key ;
b) providing the recovered first public key to be used for encrypting a content encryption key ;
c) receiving the encrypted content encryption key ;
and d) recovering the content encryption key using the first private key (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) .

US5892899A
CLAIM 51 . A machine readable storage medium (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) having stored therein a plurality of programming instruction blocks that operates on corresponding subparts of a secret distributed among them , to be executed over a period of time .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (machine readable storage medium, second application, first public key, first private key) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5892899A
CLAIM 45 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first , a second , a third , and a fourth plurality of programming instructions to be executed by the execution unit , the first and second plurality of programming instructions implementing a first and a second integrity verification function for a first and a second application (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) respectively , whereas the third and fourth programming instructions implement a third and a fourth integrity verification function for a system integrity verification program , all four pluralities of programming instructions having incorporated defensive techniques rendering them tamper resistant , the four pluralities of programming instructions jointly implementing an interlocking trust mechanism , requiring the first and the second pluralities of programming instructions each to cooperate with both the third and fourth pluralities of programming instructions to complete an integrity verification on the apparatus .

US5892899A
CLAIM 47 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first and a second plurality of programming instructions to be executed by the execution unit , and a first secret private key , the first and second pluralities of programming instructions implementing a first and a second tamper resistant decryption function respectively , the first tamper resistant decryption function being used for recovering a first public key (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) asymmetric to the first secret private key using a second public key , the first public key having been previously encrypted using a second secret private key asymmetric to the second public key , the second tamper resistant decryption function being used for recovering a content encryption key using the first secret private key , the content encryption key having been previously encrypted using the first public key .

US5892899A
CLAIM 49 . A machine implemented method for recovering content , the method comprising the steps of : a) recovering a first public key using a second public key , the first and second public keys having a first and a second asymmetric private key respectively , the first public key having been previously encrypted by the second private key ;
b) providing the recovered first public key to be used for encrypting a content encryption key ;
c) receiving the encrypted content encryption key ;
and d) recovering the content encryption key using the first private key (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) .

US5892899A
CLAIM 51 . A machine readable storage medium (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) having stored therein a plurality of programming instruction blocks that operates on corresponding subparts of a secret distributed among them , to be executed over a period of time .

US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (fourth programming, third programming, encrypted content) for decryption . 		US5892899A
CLAIM 14 . The apparatus as set forth in claim 13 , wherein each programming instruction block includes a first programming instruction sub-block for performing a task , a second programming instruction sub-block for computing mutation partners for a plurality of memory cells , a key to be employed in said computation of mutation partners , a third programming (executable instructions, decryption instructions) instruction sub-block for mutating memory cells in accordance with the computed mutation partnering , and a fourth programming (executable instructions, decryption instructions) instruction sub-block for transferring execution control to another programming instruction block .

US5892899A
CLAIM 49 . A machine implemented method for recovering content , the method comprising the steps of : a) recovering a first public key using a second public key , the first and second public keys having a first and a second asymmetric private key respectively , the first public key having been previously encrypted by the second private key ;
b) providing the recovered first public key to be used for encrypting a content encryption key ;
c) receiving the encrypted content (executable instructions, decryption instructions) encryption key ;
and d) recovering the content encryption key using the first private key .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (fourth programming, third programming, encrypted content) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5892899A
CLAIM 14 . The apparatus as set forth in claim 13 , wherein each programming instruction block includes a first programming instruction sub-block for performing a task , a second programming instruction sub-block for computing mutation partners for a plurality of memory cells , a key to be employed in said computation of mutation partners , a third programming (executable instructions, decryption instructions) instruction sub-block for mutating memory cells in accordance with the computed mutation partnering , and a fourth programming (executable instructions, decryption instructions) instruction sub-block for transferring execution control to another programming instruction block .

US5892899A
CLAIM 49 . A machine implemented method for recovering content , the method comprising the steps of : a) recovering a first public key using a second public key , the first and second public keys having a first and a second asymmetric private key respectively , the first public key having been previously encrypted by the second private key ;
b) providing the recovered first public key to be used for encrypting a content encryption key ;
c) receiving the encrypted content (executable instructions, decryption instructions) encryption key ;
and d) recovering the content encryption key using the first private key .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (fourth programming, third programming, encrypted content) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		US5892899A
CLAIM 14 . The apparatus as set forth in claim 13 , wherein each programming instruction block includes a first programming instruction sub-block for performing a task , a second programming instruction sub-block for computing mutation partners for a plurality of memory cells , a key to be employed in said computation of mutation partners , a third programming (executable instructions, decryption instructions) instruction sub-block for mutating memory cells in accordance with the computed mutation partnering , and a fourth programming (executable instructions, decryption instructions) instruction sub-block for transferring execution control to another programming instruction block .

US5892899A
CLAIM 49 . A machine implemented method for recovering content , the method comprising the steps of : a) recovering a first public key using a second public key , the first and second public keys having a first and a second asymmetric private key respectively , the first public key having been previously encrypted by the second private key ;
b) providing the recovered first public key to be used for encrypting a content encryption key ;
c) receiving the encrypted content (executable instructions, decryption instructions) encryption key ;
and d) recovering the content encryption key using the first private key .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (fourth programming, third programming, encrypted content) . 		US5892899A
CLAIM 14 . The apparatus as set forth in claim 13 , wherein each programming instruction block includes a first programming instruction sub-block for performing a task , a second programming instruction sub-block for computing mutation partners for a plurality of memory cells , a key to be employed in said computation of mutation partners , a third programming (executable instructions, decryption instructions) instruction sub-block for mutating memory cells in accordance with the computed mutation partnering , and a fourth programming (executable instructions, decryption instructions) instruction sub-block for transferring execution control to another programming instruction block .

US5892899A
CLAIM 49 . A machine implemented method for recovering content , the method comprising the steps of : a) recovering a first public key using a second public key , the first and second public keys having a first and a second asymmetric private key respectively , the first public key having been previously encrypted by the second private key ;
b) providing the recovered first public key to be used for encrypting a content encryption key ;
c) receiving the encrypted content (executable instructions, decryption instructions) encryption key ;
and d) recovering the content encryption key using the first private key .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code (function call) , and memory means (second pluralities) storing the protected data , decryption instructions (fourth programming, third programming, encrypted content) and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US5892899A
CLAIM 14 . The apparatus as set forth in claim 13 , wherein each programming instruction block includes a first programming instruction sub-block for performing a task , a second programming instruction sub-block for computing mutation partners for a plurality of memory cells , a key to be employed in said computation of mutation partners , a third programming (executable instructions, decryption instructions) instruction sub-block for mutating memory cells in accordance with the computed mutation partnering , and a fourth programming (executable instructions, decryption instructions) instruction sub-block for transferring execution control to another programming instruction block .

US5892899A
CLAIM 45 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first , a second , a third , and a fourth plurality of programming instructions to be executed by the execution unit , the first and second plurality of programming instructions implementing a first and a second integrity verification function for a first and a second application respectively , whereas the third and fourth programming instructions implement a third and a fourth integrity verification function for a system integrity verification program , all four pluralities of programming instructions having incorporated defensive techniques rendering them tamper resistant , the four pluralities of programming instructions jointly implementing an interlocking trust mechanism , requiring the first and the second pluralities (memory means) of programming instructions each to cooperate with both the third and fourth pluralities of programming instructions to complete an integrity verification on the apparatus .

US5892899A
CLAIM 46 . A machine implemented method for verifying integrity on an apparatus , the method comprising the steps of : a) a first and a second tamper resistant integrity verification function of a first and a second application of the apparatus individually requesting a third tamper resistant integrity verification function of a system integrity verification program to jointly perform integrity verification with the first and second tamper resistant integrity verification functions respectively ;
b) in response , the third tamper resistant integrity verification function call (comprising processing means operable to execute code) ing a fourth tamper resistant integrity verification function of the system integrity verification program to jointly perform the requested integrity verifications ;
c) the fourth tamper resistant integrity verification function providing the first and the second tamper resistant integrity verification functions with respective results of the requested integrity verifications .

US5892899A
CLAIM 49 . A machine implemented method for recovering content , the method comprising the steps of : a) recovering a first public key using a second public key , the first and second public keys having a first and a second asymmetric private key respectively , the first public key having been previously encrypted by the second private key ;
b) providing the recovered first public key to be used for encrypting a content encryption key ;
c) receiving the encrypted content (executable instructions, decryption instructions) encryption key ;
and d) recovering the content encryption key using the first private key .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (machine readable storage medium, second application, first public key, first private key) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5892899A
CLAIM 45 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first , a second , a third , and a fourth plurality of programming instructions to be executed by the execution unit , the first and second plurality of programming instructions implementing a first and a second integrity verification function for a first and a second application (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) respectively , whereas the third and fourth programming instructions implement a third and a fourth integrity verification function for a system integrity verification program , all four pluralities of programming instructions having incorporated defensive techniques rendering them tamper resistant , the four pluralities of programming instructions jointly implementing an interlocking trust mechanism , requiring the first and the second pluralities of programming instructions each to cooperate with both the third and fourth pluralities of programming instructions to complete an integrity verification on the apparatus .

US5892899A
CLAIM 47 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first and a second plurality of programming instructions to be executed by the execution unit , and a first secret private key , the first and second pluralities of programming instructions implementing a first and a second tamper resistant decryption function respectively , the first tamper resistant decryption function being used for recovering a first public key (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) asymmetric to the first secret private key using a second public key , the first public key having been previously encrypted using a second secret private key asymmetric to the second public key , the second tamper resistant decryption function being used for recovering a content encryption key using the first secret private key , the content encryption key having been previously encrypted using the first public key .

US5892899A
CLAIM 49 . A machine implemented method for recovering content , the method comprising the steps of : a) recovering a first public key using a second public key , the first and second public keys having a first and a second asymmetric private key respectively , the first public key having been previously encrypted by the second private key ;
b) providing the recovered first public key to be used for encrypting a content encryption key ;
c) receiving the encrypted content encryption key ;
and d) recovering the content encryption key using the first private key (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) .

US5892899A
CLAIM 51 . A machine readable storage medium (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) having stored therein a plurality of programming instruction blocks that operates on corresponding subparts of a secret distributed among them , to be executed over a period of time .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (machine readable storage medium, second application, first public key, first private key) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5892899A
CLAIM 45 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first , a second , a third , and a fourth plurality of programming instructions to be executed by the execution unit , the first and second plurality of programming instructions implementing a first and a second integrity verification function for a first and a second application (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) respectively , whereas the third and fourth programming instructions implement a third and a fourth integrity verification function for a system integrity verification program , all four pluralities of programming instructions having incorporated defensive techniques rendering them tamper resistant , the four pluralities of programming instructions jointly implementing an interlocking trust mechanism , requiring the first and the second pluralities of programming instructions each to cooperate with both the third and fourth pluralities of programming instructions to complete an integrity verification on the apparatus .

US5892899A
CLAIM 47 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first and a second plurality of programming instructions to be executed by the execution unit , and a first secret private key , the first and second pluralities of programming instructions implementing a first and a second tamper resistant decryption function respectively , the first tamper resistant decryption function being used for recovering a first public key (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) asymmetric to the first secret private key using a second public key , the first public key having been previously encrypted using a second secret private key asymmetric to the second public key , the second tamper resistant decryption function being used for recovering a content encryption key using the first secret private key , the content encryption key having been previously encrypted using the first public key .

US5892899A
CLAIM 49 . A machine implemented method for recovering content , the method comprising the steps of : a) recovering a first public key using a second public key , the first and second public keys having a first and a second asymmetric private key respectively , the first public key having been previously encrypted by the second private key ;
b) providing the recovered first public key to be used for encrypting a content encryption key ;
c) receiving the encrypted content encryption key ;
and d) recovering the content encryption key using the first private key (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) .

US5892899A
CLAIM 51 . A machine readable storage medium (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) having stored therein a plurality of programming instruction blocks that operates on corresponding subparts of a secret distributed among them , to be executed over a period of time .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (machine readable storage medium, second application, first public key, first private key) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5892899A
CLAIM 45 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first , a second , a third , and a fourth plurality of programming instructions to be executed by the execution unit , the first and second plurality of programming instructions implementing a first and a second integrity verification function for a first and a second application (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) respectively , whereas the third and fourth programming instructions implement a third and a fourth integrity verification function for a system integrity verification program , all four pluralities of programming instructions having incorporated defensive techniques rendering them tamper resistant , the four pluralities of programming instructions jointly implementing an interlocking trust mechanism , requiring the first and the second pluralities of programming instructions each to cooperate with both the third and fourth pluralities of programming instructions to complete an integrity verification on the apparatus .

US5892899A
CLAIM 47 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first and a second plurality of programming instructions to be executed by the execution unit , and a first secret private key , the first and second pluralities of programming instructions implementing a first and a second tamper resistant decryption function respectively , the first tamper resistant decryption function being used for recovering a first public key (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) asymmetric to the first secret private key using a second public key , the first public key having been previously encrypted using a second secret private key asymmetric to the second public key , the second tamper resistant decryption function being used for recovering a content encryption key using the first secret private key , the content encryption key having been previously encrypted using the first public key .

US5892899A
CLAIM 49 . A machine implemented method for recovering content , the method comprising the steps of : a) recovering a first public key using a second public key , the first and second public keys having a first and a second asymmetric private key respectively , the first public key having been previously encrypted by the second private key ;
b) providing the recovered first public key to be used for encrypting a content encryption key ;
c) receiving the encrypted content encryption key ;
and d) recovering the content encryption key using the first private key (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) .

US5892899A
CLAIM 51 . A machine readable storage medium (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) having stored therein a plurality of programming instruction blocks that operates on corresponding subparts of a secret distributed among them , to be executed over a period of time .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (machine readable storage medium, second application, first public key, first private key) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5892899A
CLAIM 45 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first , a second , a third , and a fourth plurality of programming instructions to be executed by the execution unit , the first and second plurality of programming instructions implementing a first and a second integrity verification function for a first and a second application (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) respectively , whereas the third and fourth programming instructions implement a third and a fourth integrity verification function for a system integrity verification program , all four pluralities of programming instructions having incorporated defensive techniques rendering them tamper resistant , the four pluralities of programming instructions jointly implementing an interlocking trust mechanism , requiring the first and the second pluralities of programming instructions each to cooperate with both the third and fourth pluralities of programming instructions to complete an integrity verification on the apparatus .

US5892899A
CLAIM 47 . An apparatus comprising : an execution unit for executing programming instructions ;
a storage medium having stored therein a first and a second plurality of programming instructions to be executed by the execution unit , and a first secret private key , the first and second pluralities of programming instructions implementing a first and a second tamper resistant decryption function respectively , the first tamper resistant decryption function being used for recovering a first public key (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) asymmetric to the first secret private key using a second public key , the first public key having been previously encrypted using a second secret private key asymmetric to the second public key , the second tamper resistant decryption function being used for recovering a content encryption key using the first secret private key , the content encryption key having been previously encrypted using the first public key .

US5892899A
CLAIM 49 . A machine implemented method for recovering content , the method comprising the steps of : a) recovering a first public key using a second public key , the first and second public keys having a first and a second asymmetric private key respectively , the first public key having been previously encrypted by the second private key ;
b) providing the recovered first public key to be used for encrypting a content encryption key ;
c) receiving the encrypted content encryption key ;
and d) recovering the content encryption key using the first private key (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) .

US5892899A
CLAIM 51 . A machine readable storage medium (computer software, computer memory device, computer system, computer memory device containing computer software, computer system comprising memory) having stored therein a plurality of programming instruction blocks that operates on corresponding subparts of a secret distributed among them , to be executed over a period of time .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5754647A

Filed: 1996-03-27     Issued: 1998-05-19

Software protection apparatus and the method of protection utilizing read-write memory means having inconsistent input and output data

(Original Assignee) United Microelectronics Corp     (Current Assignee) United Microelectronics Corp

Jerry Hsu
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software (providing output) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5754647A
CLAIM 1 . An apparatus for protecting a software program from unauthorized access , comprising : a read-write memory device providing output (computer software) data that is inconsistent with corresponding input data , for storing the software program , the memory device being coupled to a system bus , the system bus including an address bus , a data bus , and a control bus ;
and an emulator detector means for detecting the presence of an emulator coupled to any of the buses included in the system bus and for providing a select signal to the read-write memory when an emulator is detected ;
the read-write memory device including means for receiving the select signal and means for providing erroneous data to the system bus in response to the select signal .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (providing output) in accordance with claim 1 . 		US5754647A
CLAIM 1 . An apparatus for protecting a software program from unauthorized access , comprising : a read-write memory device providing output (computer software) data that is inconsistent with corresponding input data , for storing the software program , the memory device being coupled to a system bus , the system bus including an address bus , a data bus , and a control bus ;
and an emulator detector means for detecting the presence of an emulator coupled to any of the buses included in the system bus and for providing a select signal to the read-write memory when an emulator is detected ;
the read-write memory device including means for receiving the select signal and means for providing erroneous data to the system bus in response to the select signal .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (providing output) protected by means of computer software in accordance with claim 1 . 		US5754647A
CLAIM 1 . An apparatus for protecting a software program from unauthorized access , comprising : a read-write memory device providing output (computer software) data that is inconsistent with corresponding input data , for storing the software program , the memory device being coupled to a system bus , the system bus including an address bus , a data bus , and a control bus ;
and an emulator detector means for detecting the presence of an emulator coupled to any of the buses included in the system bus and for providing a select signal to the read-write memory when an emulator is detected ;
the read-write memory device including means for receiving the select signal and means for providing erroneous data to the system bus in response to the select signal .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (unauthorized access) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions (received software) to the security code , and the security code , when executed , replaces a respective call instruction (reset signal) with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5754647A
CLAIM 1 . An apparatus for protecting a software program from unauthorized access (security code) , comprising : a read-write memory device providing output data that is inconsistent with corresponding input data , for storing the software program , the memory device being coupled to a system bus , the system bus including an address bus , a data bus , and a control bus ;
and an emulator detector means for detecting the presence of an emulator coupled to any of the buses included in the system bus and for providing a select signal to the read-write memory when an emulator is detected ;
the read-write memory device including means for receiving the select signal and means for providing erroneous data to the system bus in response to the select signal .

US5754647A
CLAIM 65 . The method of claim 45 , further comprising the step of generating a reset signal (respective call instruction) at a system reset to stop the generation of said drive signal .

US5754647A
CLAIM 119 . A method of software protection utilizing a read-write memory device having inconsistent input and output data , said method is suitable for protection of software programs transmitted unidirectionally from a software distribution end to a user end against illegal pirating via illegal reading , said method comprising the steps of : (a) providing an encryption procedure for encrypting a software program at said distribution end ;
(b) providing a transmission procedure for distributing said encrypted software program from said distribution end to said user end via a communication media ;
(c) providing a receiving procedure for receiving said encrypted software program at said user end ;
(d) providing a decryption procedure for decrypting said received software (call instructions, decryption instructions) program and writing said decrypted software program into a read-write memory device having inconsistent input and output data ;
(e) providing an emulator detection procedure for detecting the presence of said microprocessor emulator that is attempting to access said software program stored in said read-write memory device having inconsistent input and output data ;
(f) providing an erroneous data reading mode for rendering the data accessed by said microprocessor emulator erroneous when said detection procedure determines there has been the emulator attempting to access said software program data ;
thus rendering at least some of the data accessed by said microprocessor emulator erroneous thereby achieving protection of said software program .

US7162735B2
CLAIM 5 . A computer system comprising memory means (memory means) containing a digital protection arrangement (output control means) according to claim 4 . 		US5754647A
CLAIM 4 . The apparatus of claim 2 , wherein said write conversion means and said read conversion means further include output control means (digital protection arrangement) for setting a direction for data flow between the random access memory means (memory means) and the data bus .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (unauthorized access) , when executed , is operable to detect corruption of the protected code . 		US5754647A
CLAIM 1 . An apparatus for protecting a software program from unauthorized access (security code) , comprising : a read-write memory device providing output data that is inconsistent with corresponding input data , for storing the software program , the memory device being coupled to a system bus , the system bus including an address bus , a data bus , and a control bus ;
and an emulator detector means for detecting the presence of an emulator coupled to any of the buses included in the system bus and for providing a select signal to the read-write memory when an emulator is detected ;
the read-write memory device including means for receiving the select signal and means for providing erroneous data to the system bus in response to the select signal .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (unauthorized access) is operable to delete the protected code in the event that any corruption is detected . 		US5754647A
CLAIM 1 . An apparatus for protecting a software program from unauthorized access (security code) , comprising : a read-write memory device providing output data that is inconsistent with corresponding input data , for storing the software program , the memory device being coupled to a system bus , the system bus including an address bus , a data bus , and a control bus ;
and an emulator detector means for detecting the presence of an emulator coupled to any of the buses included in the system bus and for providing a select signal to the read-write memory when an emulator is detected ;
the read-write memory device including means for receiving the select signal and means for providing erroneous data to the system bus in response to the select signal .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (unauthorized access) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US5754647A
CLAIM 1 . An apparatus for protecting a software program from unauthorized access (security code) , comprising : a read-write memory device providing output data that is inconsistent with corresponding input data , for storing the software program , the memory device being coupled to a system bus , the system bus including an address bus , a data bus , and a control bus ;
and an emulator detector means for detecting the presence of an emulator coupled to any of the buses included in the system bus and for providing a select signal to the read-write memory when an emulator is detected ;
the read-write memory device including means for receiving the select signal and means for providing erroneous data to the system bus in response to the select signal .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (unauthorized access) is embedded within the protected code . 		US5754647A
CLAIM 1 . An apparatus for protecting a software program from unauthorized access (security code) , comprising : a read-write memory device providing output data that is inconsistent with corresponding input data , for storing the software program , the memory device being coupled to a system bus , the system bus including an address bus , a data bus , and a control bus ;
and an emulator detector means for detecting the presence of an emulator coupled to any of the buses included in the system bus and for providing a select signal to the read-write memory when an emulator is detected ;
the read-write memory device including means for receiving the select signal and means for providing erroneous data to the system bus in response to the select signal .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (unauthorized access) is embedded at locations which are unused by the protected code . 		US5754647A
CLAIM 1 . An apparatus for protecting a software program from unauthorized access (security code) , comprising : a read-write memory device providing output data that is inconsistent with corresponding input data , for storing the software program , the memory device being coupled to a system bus , the system bus including an address bus , a data bus , and a control bus ;
and an emulator detector means for detecting the presence of an emulator coupled to any of the buses included in the system bus and for providing a select signal to the read-write memory when an emulator is detected ;
the read-write memory device including means for receiving the select signal and means for providing erroneous data to the system bus in response to the select signal .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (unauthorized access) and to modify the call instruction to refer to the new location . 		US5754647A
CLAIM 1 . An apparatus for protecting a software program from unauthorized access (security code) , comprising : a read-write memory device providing output data that is inconsistent with corresponding input data , for storing the software program , the memory device being coupled to a system bus , the system bus including an address bus , a data bus , and a control bus ;
and an emulator detector means for detecting the presence of an emulator coupled to any of the buses included in the system bus and for providing a select signal to the read-write memory when an emulator is detected ;
the read-write memory device including means for receiving the select signal and means for providing erroneous data to the system bus in response to the select signal .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (received software) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5754647A
CLAIM 119 . A method of software protection utilizing a read-write memory device having inconsistent input and output data , said method is suitable for protection of software programs transmitted unidirectionally from a software distribution end to a user end against illegal pirating via illegal reading , said method comprising the steps of : (a) providing an encryption procedure for encrypting a software program at said distribution end ;
(b) providing a transmission procedure for distributing said encrypted software program from said distribution end to said user end via a communication media ;
(c) providing a receiving procedure for receiving said encrypted software program at said user end ;
(d) providing a decryption procedure for decrypting said received software (call instructions, decryption instructions) program and writing said decrypted software program into a read-write memory device having inconsistent input and output data ;
(e) providing an emulator detection procedure for detecting the presence of said microprocessor emulator that is attempting to access said software program stored in said read-write memory device having inconsistent input and output data ;
(f) providing an erroneous data reading mode for rendering the data accessed by said microprocessor emulator erroneous when said detection procedure determines there has been the emulator attempting to access said software program data ;
thus rendering at least some of the data accessed by said microprocessor emulator erroneous thereby achieving protection of said software program .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (received software) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		US5754647A
CLAIM 119 . A method of software protection utilizing a read-write memory device having inconsistent input and output data , said method is suitable for protection of software programs transmitted unidirectionally from a software distribution end to a user end against illegal pirating via illegal reading , said method comprising the steps of : (a) providing an encryption procedure for encrypting a software program at said distribution end ;
(b) providing a transmission procedure for distributing said encrypted software program from said distribution end to said user end via a communication media ;
(c) providing a receiving procedure for receiving said encrypted software program at said user end ;
(d) providing a decryption procedure for decrypting said received software (call instructions, decryption instructions) program and writing said decrypted software program into a read-write memory device having inconsistent input and output data ;
(e) providing an emulator detection procedure for detecting the presence of said microprocessor emulator that is attempting to access said software program stored in said read-write memory device having inconsistent input and output data ;
(f) providing an erroneous data reading mode for rendering the data accessed by said microprocessor emulator erroneous when said detection procedure determines there has been the emulator attempting to access said software program data ;
thus rendering at least some of the data accessed by said microprocessor emulator erroneous thereby achieving protection of said software program .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (received software) . 		US5754647A
CLAIM 119 . A method of software protection utilizing a read-write memory device having inconsistent input and output data , said method is suitable for protection of software programs transmitted unidirectionally from a software distribution end to a user end against illegal pirating via illegal reading , said method comprising the steps of : (a) providing an encryption procedure for encrypting a software program at said distribution end ;
(b) providing a transmission procedure for distributing said encrypted software program from said distribution end to said user end via a communication media ;
(c) providing a receiving procedure for receiving said encrypted software program at said user end ;
(d) providing a decryption procedure for decrypting said received software (call instructions, decryption instructions) program and writing said decrypted software program into a read-write memory device having inconsistent input and output data ;
(e) providing an emulator detection procedure for detecting the presence of said microprocessor emulator that is attempting to access said software program stored in said read-write memory device having inconsistent input and output data ;
(f) providing an erroneous data reading mode for rendering the data accessed by said microprocessor emulator erroneous when said detection procedure determines there has been the emulator attempting to access said software program data ;
thus rendering at least some of the data accessed by said microprocessor emulator erroneous thereby achieving protection of said software program .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (memory means) storing the protected data , decryption instructions (received software) and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US5754647A
CLAIM 4 . The apparatus of claim 2 , wherein said write conversion means and said read conversion means further include output control means for setting a direction for data flow between the random access memory means (memory means) and the data bus .

US5754647A
CLAIM 119 . A method of software protection utilizing a read-write memory device having inconsistent input and output data , said method is suitable for protection of software programs transmitted unidirectionally from a software distribution end to a user end against illegal pirating via illegal reading , said method comprising the steps of : (a) providing an encryption procedure for encrypting a software program at said distribution end ;
(b) providing a transmission procedure for distributing said encrypted software program from said distribution end to said user end via a communication media ;
(c) providing a receiving procedure for receiving said encrypted software program at said user end ;
(d) providing a decryption procedure for decrypting said received software (call instructions, decryption instructions) program and writing said decrypted software program into a read-write memory device having inconsistent input and output data ;
(e) providing an emulator detection procedure for detecting the presence of said microprocessor emulator that is attempting to access said software program stored in said read-write memory device having inconsistent input and output data ;
(f) providing an erroneous data reading mode for rendering the data accessed by said microprocessor emulator erroneous when said detection procedure determines there has been the emulator attempting to access said software program data ;
thus rendering at least some of the data accessed by said microprocessor emulator erroneous thereby achieving protection of said software program .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (unauthorized access) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5754647A
CLAIM 1 . An apparatus for protecting a software program from unauthorized access (security code) , comprising : a read-write memory device providing output data that is inconsistent with corresponding input data , for storing the software program , the memory device being coupled to a system bus , the system bus including an address bus , a data bus , and a control bus ;
and an emulator detector means for detecting the presence of an emulator coupled to any of the buses included in the system bus and for providing a select signal to the read-write memory when an emulator is detected ;
the read-write memory device including means for receiving the select signal and means for providing erroneous data to the system bus in response to the select signal .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions (received software) to the security code (unauthorized access) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5754647A
CLAIM 1 . An apparatus for protecting a software program from unauthorized access (security code) , comprising : a read-write memory device providing output data that is inconsistent with corresponding input data , for storing the software program , the memory device being coupled to a system bus , the system bus including an address bus , a data bus , and a control bus ;
and an emulator detector means for detecting the presence of an emulator coupled to any of the buses included in the system bus and for providing a select signal to the read-write memory when an emulator is detected ;
the read-write memory device including means for receiving the select signal and means for providing erroneous data to the system bus in response to the select signal .

US5754647A
CLAIM 119 . A method of software protection utilizing a read-write memory device having inconsistent input and output data , said method is suitable for protection of software programs transmitted unidirectionally from a software distribution end to a user end against illegal pirating via illegal reading , said method comprising the steps of : (a) providing an encryption procedure for encrypting a software program at said distribution end ;
(b) providing a transmission procedure for distributing said encrypted software program from said distribution end to said user end via a communication media ;
(c) providing a receiving procedure for receiving said encrypted software program at said user end ;
(d) providing a decryption procedure for decrypting said received software (call instructions, decryption instructions) program and writing said decrypted software program into a read-write memory device having inconsistent input and output data ;
(e) providing an emulator detection procedure for detecting the presence of said microprocessor emulator that is attempting to access said software program stored in said read-write memory device having inconsistent input and output data ;
(f) providing an erroneous data reading mode for rendering the data accessed by said microprocessor emulator erroneous when said detection procedure determines there has been the emulator attempting to access said software program data ;
thus rendering at least some of the data accessed by said microprocessor emulator erroneous thereby achieving protection of said software program .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6088452A

Filed: 1996-03-07     Issued: 2000-07-11

Encoding technique for software and hardware

(Original Assignee) Northern Telecom Ltd     (Current Assignee) Nortel Networks Ltd

Harold Joseph Johnson, Yuan Xiang Gu, Becky Laiping Chang, Stanley Taihai Chow
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software (machine readable medium) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code (security level) which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US6088452A
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) generating one or more checking cascades for each of one or more basic blocks of the executable program design , each checking cascade having at least as many operations as said each respective basic block and having a length and width for a preset security level (executable code, executable conversion code) ;
b) inserting periodic checking codes distributed over said checking cascades , said checking codes for monitoring expected output of said checking cascades at predetermined points in said executable program design ;
and c) intertwining said executable program design and said checking cascades so that outputs of said encoded executable program design depend upon all inputs of said executable program design and checking cascades .

US6088452A
CLAIM 34 . An encoded executable program design stored in a machine readable medium (computer software) , the program design being tamper protected and concealing information contained therein , comprising : one or more checking cascades intertwined with the program design , said one or more checking cascades having a length and width for a preset security level , and periodic checking codes distributed over said one or more checking cascades for monitoring expected outputs of said checking cascades at predetermined points in said program design .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (machine readable medium) in accordance with claim 1 . 		US6088452A
CLAIM 34 . An encoded executable program design stored in a machine readable medium (computer software) , the program design being tamper protected and concealing information contained therein , comprising : one or more checking cascades intertwined with the program design , said one or more checking cascades having a length and width for a preset security level , and periodic checking codes distributed over said one or more checking cascades for monitoring expected outputs of said checking cascades at predetermined points in said program design .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (machine readable medium) protected by means of computer software in accordance with claim 1 . 		US6088452A
CLAIM 34 . An encoded executable program design stored in a machine readable medium (computer software) , the program design being tamper protected and concealing information contained therein , comprising : one or more checking cascades intertwined with the program design , said one or more checking cascades having a length and width for a preset security level , and periodic checking codes distributed over said one or more checking cascades for monitoring expected outputs of said checking cascades at predetermined points in said program design .

US7162735B2
CLAIM 4 . A digital data (determined order) arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code (security level) , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call (use one) instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US6088452A
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) generating one or more checking cascades for each of one or more basic blocks of the executable program design , each checking cascade having at least as many operations as said each respective basic block and having a length and width for a preset security level (executable code, executable conversion code) ;
b) inserting periodic checking codes distributed over said checking cascades , said checking codes for monitoring expected output of said checking cascades at predetermined points in said executable program design ;
and c) intertwining said executable program design and said checking cascades so that outputs of said encoded executable program design depend upon all inputs of said executable program design and checking cascades .

US6088452A
CLAIM 6 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one (respective call, digital protection) or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 5 . A computer system comprising memory means containing a digital protection (use one) arrangement (comprising steps) according to claim 4 . 		US6088452A
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps (digital protection arrangement) of : a) generating one or more checking cascades for each of one or more basic blocks of the executable program design , each checking cascade having at least as many operations as said each respective basic block and having a length and width for a preset security level ;
b) inserting periodic checking codes distributed over said checking cascades , said checking codes for monitoring expected output of said checking cascades at predetermined points in said executable program design ;
and c) intertwining said executable program design and said checking cascades so that outputs of said encoded executable program design depend upon all inputs of said executable program design and checking cascades .

US6088452A
CLAIM 6 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one (respective call, digital protection) or any of the following steps to be performed in a predetermined order : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (determined order) protection arrangement in accordance with claim 4 . 		US6088452A
CLAIM 6 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system , is operable as a digital data (determined order) protection arrangement in accordance with claim 4 . 		US6088452A
CLAIM 6 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 18 . A digital data (determined order) arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code (security level) operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US6088452A
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) generating one or more checking cascades for each of one or more basic blocks of the executable program design , each checking cascade having at least as many operations as said each respective basic block and having a length and width for a preset security level (executable code, executable conversion code) ;
b) inserting periodic checking codes distributed over said checking cascades , said checking codes for monitoring expected output of said checking cascades at predetermined points in said executable program design ;
and c) intertwining said executable program design and said checking cascades so that outputs of said encoded executable program design depend upon all inputs of said executable program design and checking cascades .

US6088452A
CLAIM 6 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code (security level) stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		US6088452A
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) generating one or more checking cascades for each of one or more basic blocks of the executable program design , each checking cascade having at least as many operations as said each respective basic block and having a length and width for a preset security level (executable code, executable conversion code) ;
b) inserting periodic checking codes distributed over said checking cascades , said checking codes for monitoring expected output of said checking cascades at predetermined points in said executable program design ;
and c) intertwining said executable program design and said checking cascades so that outputs of said encoded executable program design depend upon all inputs of said executable program design and checking cascades .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code (security level) and/or a data file (determined order) . 		US6088452A
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) generating one or more checking cascades for each of one or more basic blocks of the executable program design , each checking cascade having at least as many operations as said each respective basic block and having a length and width for a preset security level (executable code, executable conversion code) ;
b) inserting periodic checking codes distributed over said checking cascades , said checking codes for monitoring expected output of said checking cascades at predetermined points in said executable program design ;
and c) intertwining said executable program design and said checking cascades so that outputs of said encoded executable program design depend upon all inputs of said executable program design and checking cascades .

US6088452A
CLAIM 6 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point (predetermined points) at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code (security level) to be executed when seeking to access the protected data . 		US6088452A
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) generating one or more checking cascades for each of one or more basic blocks of the executable program design , each checking cascade having at least as many operations as said each respective basic block and having a length and width for a preset security level (executable code, executable conversion code) ;
b) inserting periodic checking codes distributed over said checking cascades , said checking codes for monitoring expected output of said checking cascades at predetermined points (start point) in said executable program design ;
and c) intertwining said executable program design and said checking cascades so that outputs of said encoded executable program design depend upon all inputs of said executable program design and checking cascades .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (determined order) protection arrangement in accordance with claim 18 . 		US6088452A
CLAIM 6 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 29 . A digital data (determined order) arrangement comprising executable code (security level) executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US6088452A
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) generating one or more checking cascades for each of one or more basic blocks of the executable program design , each checking cascade having at least as many operations as said each respective basic block and having a length and width for a preset security level (executable code, executable conversion code) ;
b) inserting periodic checking codes distributed over said checking cascades , said checking codes for monitoring expected output of said checking cascades at predetermined points in said executable program design ;
and c) intertwining said executable program design and said checking cascades so that outputs of said encoded executable program design depend upon all inputs of said executable program design and checking cascades .

US6088452A
CLAIM 6 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (determined order) protection arrangement in accordance with claim 29 . 		US6088452A
CLAIM 6 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code (security level) is executable to create the steps on each occasion that the executable instruction is to be executed . 		US6088452A
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) generating one or more checking cascades for each of one or more basic blocks of the executable program design , each checking cascade having at least as many operations as said each respective basic block and having a length and width for a preset security level (executable code, executable conversion code) ;
b) inserting periodic checking codes distributed over said checking cascades , said checking codes for monitoring expected output of said checking cascades at predetermined points in said executable program design ;
and c) intertwining said executable program design and said checking cascades so that outputs of said encoded executable program design depend upon all inputs of said executable program design and checking cascades .

US7162735B2
CLAIM 34 . A digital data (determined order) arrangement comprising executable code (security level) executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part (following steps) of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US6088452A
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) generating one or more checking cascades for each of one or more basic blocks of the executable program design , each checking cascade having at least as many operations as said each respective basic block and having a length and width for a preset security level (executable code, executable conversion code) ;
b) inserting periodic checking codes distributed over said checking cascades , said checking codes for monitoring expected output of said checking cascades at predetermined points in said executable program design ;
and c) intertwining said executable program design and said checking cascades so that outputs of said encoded executable program design depend upon all inputs of said executable program design and checking cascades .

US6088452A
CLAIM 6 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps (second part) to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 36 . The arrangement of claim 34 , wherein the executable code (security level) is executable to create corrupt data in addition to each part of protected code . 		US6088452A
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) generating one or more checking cascades for each of one or more basic blocks of the executable program design , each checking cascade having at least as many operations as said each respective basic block and having a length and width for a preset security level (executable code, executable conversion code) ;
b) inserting periodic checking codes distributed over said checking cascades , said checking codes for monitoring expected output of said checking cascades at predetermined points in said executable program design ;
and c) intertwining said executable program design and said checking cascades so that outputs of said encoded executable program design depend upon all inputs of said executable program design and checking cascades .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (determined order) protection arrangement in accordance with claim 34 . 		US6088452A
CLAIM 6 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 38 . A digital data (determined order) arrangement comprising protected code , security code and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US6088452A
CLAIM 6 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code (security level) and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US6088452A
CLAIM 1 . A process of encoding an executable program design for tamper protection and concealment of information contained therein such that the encoded program design remains executable comprising steps of : a) generating one or more checking cascades for each of one or more basic blocks of the executable program design , each checking cascade having at least as many operations as said each respective basic block and having a length and width for a preset security level (executable code, executable conversion code) ;
b) inserting periodic checking codes distributed over said checking cascades , said checking codes for monitoring expected output of said checking cascades at predetermined points in said executable program design ;
and c) intertwining said executable program design and said checking cascades so that outputs of said encoded executable program design depend upon all inputs of said executable program design and checking cascades .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (determined order) protection arrangement in accordance with claim 38 . 		US6088452A
CLAIM 6 . The process of encoding an executable program design according to claim 5 wherein execution of said trap code is so constructed as to cause one or any of the following steps to be performed in a predetermined order (digital data, data file) : (1) emitting a warning message and terminating execution of said program design ;
(2) terminating abnormally execution of said program design without a warning message ;
and (3) executing a program which loops indefinitely within the said trap code .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5790664A

Filed: 1996-02-26     Issued: 1998-08-04

Automated system for management of licensed software

(Original Assignee) Network Engr Software Inc     (Current Assignee) GraphOn Corp

Christopher D. Coley, Ralph E. Wesinger, Jr.
US7162735B2
CLAIM 1 . Computer software (client computer) operable to provide protection for a second item of computer software (lower level) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5790664A
CLAIM 1 . A network software licensing system having self-enabling software , the network licensing system comprising : a plurality of computers arranged in a hierarchy , the plurality of computers including client computer (Computer software) s , server computers and agent computers , wherein the server computers are located at the highest level in the hierarchy and the client and the agent computers are located at levels in the hierarchy below the highest level ;
at least one client computer having a client application loaded thereon , wherein the client application comprises a software application and a client module ;
an agent computer from which at least one client computer is subtended , the agent computer having a licensing module running thereon , wherein the licensing module includes : an agent component for communicating with the client module ;
cache component for storing license records , and a client component for communicating with an agent component ;
a server computer having a license server running thereon , wherein the license server includes : an agent module for communicating with the client component in the licensing module ;
and a database for storing license records ;
wherein the client component in the licensing module systematically initiates communication with the agent module in the license server over a public network to collect license records for storage in the cache component ;
and wherein the client module automatically initiates communication with the agent component in the licensing module at a level in the hierarchy above the client module and not the agent component in the license server to determine whether the cache component in the licensing module contains a license record corresponding to the software application .

US5790664A
CLAIM 16 . The method of claim 12 wherein the license server periodically sends license information to licensing modules at highest levels in the hierarchy below the license server , and the licensing modules at the highest levels in the hierarchy propagate the license information to licensing modules at lower level (computer software) s in the hierarchy .

US7162735B2
CLAIM 2 . A computer memory device (management system) containing computer software (lower level) in accordance with claim 1 . 		US5790664A
CLAIM 8 . A licensing management system (computer memory device, computer memory device containing computer software) as claimed in claim 7 wherein the plurality of licensing modules comprises : a library of code modules suitable for inserting into a precompiled version of the computer software , the library of code modules including a plurality of client modules .

US5790664A
CLAIM 16 . The method of claim 12 wherein the license server periodically sends license information to licensing modules at highest levels in the hierarchy below the license server , and the licensing modules at the highest levels in the hierarchy propagate the license information to licensing modules at lower level (computer software) s in the hierarchy .

US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software (lower level) protected by means of computer software in accordance with claim 1 . 		US5790664A
CLAIM 12 . In a computer system (computer system) having a plurality of computers connected by a computer network , the plurality of computers arranged in a hierarchy from a lowest level to highest level and having computer software that is enabled with a license , a method of enabling the computer software with a license , the method comprising the following steps : (a) maintaining a license server on a computer at the highest level in the hierarchical license system , the license server having a database of licensing information for enabling computer software on the plurality of computers in the hierarchy ;
(b) requesting a license in a licensing module at a level L in the hierarchy from a licensing module on a computer at level L+1 in the hierarchy to enable computer software on a computer at a level L in the hierarchy , the licensing modules having : client component for communicating with agent components in licensing modules in a next level L+1 in the hierarchy , agent component for communicating with client components in licensing modules in a previous level L-1 in the hierarchy , and cache component for storing license information for computer software on computers in a previous level L-1 in the hierarchy , wherein the cache component is updated periodically with license information from agent components in a next level L+1 in the hierarchy ;
(c) determining from the licensing module at the level L+1 if the requested license is in a cache component for the licensing module , and if not , (d) sending the request for the license to a licensing module at a next higher level in the hierarchy ;
(e) repeating step (d) until the requested license is located in a cache component in a licensing module at a next highest level in the hierarchy , or the highest level in the hierarchy is reached , wherein the requested license is located on the license server .

US5790664A
CLAIM 16 . The method of claim 12 wherein the license server periodically sends license information to licensing modules at highest levels in the hierarchy below the license server , and the licensing modules at the highest levels in the hierarchy propagate the license information to licensing modules at lower level (computer software) s in the hierarchy .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US5790664A
CLAIM 12 . In a computer system (computer system) having a plurality of computers connected by a computer network , the plurality of computers arranged in a hierarchy from a lowest level to highest level and having computer software that is enabled with a license , a method of enabling the computer software with a license , the method comprising the following steps : (a) maintaining a license server on a computer at the highest level in the hierarchical license system , the license server having a database of licensing information for enabling computer software on the plurality of computers in the hierarchy ;
(b) requesting a license in a licensing module at a level L in the hierarchy from a licensing module on a computer at level L+1 in the hierarchy to enable computer software on a computer at a level L in the hierarchy , the licensing modules having : client component for communicating with agent components in licensing modules in a next level L+1 in the hierarchy , agent component for communicating with client components in licensing modules in a previous level L-1 in the hierarchy , and cache component for storing license information for computer software on computers in a previous level L-1 in the hierarchy , wherein the cache component is updated periodically with license information from agent components in a next level L+1 in the hierarchy ;
(c) determining from the licensing module at the level L+1 if the requested license is in a cache component for the licensing module , and if not , (d) sending the request for the license to a licensing module at a next higher level in the hierarchy ;
(e) repeating step (d) until the requested license is located in a cache component in a licensing module at a next highest level in the hierarchy , or the highest level in the hierarchy is reached , wherein the requested license is located on the license server .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5790664A
CLAIM 12 . In a computer system (computer system) having a plurality of computers connected by a computer network , the plurality of computers arranged in a hierarchy from a lowest level to highest level and having computer software that is enabled with a license , a method of enabling the computer software with a license , the method comprising the following steps : (a) maintaining a license server on a computer at the highest level in the hierarchical license system , the license server having a database of licensing information for enabling computer software on the plurality of computers in the hierarchy ;
(b) requesting a license in a licensing module at a level L in the hierarchy from a licensing module on a computer at level L+1 in the hierarchy to enable computer software on a computer at a level L in the hierarchy , the licensing modules having : client component for communicating with agent components in licensing modules in a next level L+1 in the hierarchy , agent component for communicating with client components in licensing modules in a previous level L-1 in the hierarchy , and cache component for storing license information for computer software on computers in a previous level L-1 in the hierarchy , wherein the cache component is updated periodically with license information from agent components in a next level L+1 in the hierarchy ;
(c) determining from the licensing module at the level L+1 if the requested license is in a cache component for the licensing module , and if not , (d) sending the request for the license to a licensing module at a next higher level in the hierarchy ;
(e) repeating step (d) until the requested license is located in a cache component in a licensing module at a next highest level in the hierarchy , or the highest level in the hierarchy is reached , wherein the requested license is located on the license server .

US7162735B2
CLAIM 7 . Computer software (client computer) which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5790664A
CLAIM 1 . A network software licensing system having self-enabling software , the network licensing system comprising : a plurality of computers arranged in a hierarchy , the plurality of computers including client computer (Computer software) s , server computers and agent computers , wherein the server computers are located at the highest level in the hierarchy and the client and the agent computers are located at levels in the hierarchy below the highest level ;
at least one client computer having a client application loaded thereon , wherein the client application comprises a software application and a client module ;
an agent computer from which at least one client computer is subtended , the agent computer having a licensing module running thereon , wherein the licensing module includes : an agent component for communicating with the client module ;
cache component for storing license records , and a client component for communicating with an agent component ;
a server computer having a license server running thereon , wherein the license server includes : an agent module for communicating with the client component in the licensing module ;
and a database for storing license records ;
wherein the client component in the licensing module systematically initiates communication with the agent module in the license server over a public network to collect license records for storage in the cache component ;
and wherein the client module automatically initiates communication with the agent component in the licensing module at a level in the hierarchy above the client module and not the agent component in the license server to determine whether the cache component in the licensing module contains a license record corresponding to the software application .

US5790664A
CLAIM 12 . In a computer system (computer system) having a plurality of computers connected by a computer network , the plurality of computers arranged in a hierarchy from a lowest level to highest level and having computer software that is enabled with a license , a method of enabling the computer software with a license , the method comprising the following steps : (a) maintaining a license server on a computer at the highest level in the hierarchical license system , the license server having a database of licensing information for enabling computer software on the plurality of computers in the hierarchy ;
(b) requesting a license in a licensing module at a level L in the hierarchy from a licensing module on a computer at level L+1 in the hierarchy to enable computer software on a computer at a level L in the hierarchy , the licensing modules having : client component for communicating with agent components in licensing modules in a next level L+1 in the hierarchy , agent component for communicating with client components in licensing modules in a previous level L-1 in the hierarchy , and cache component for storing license information for computer software on computers in a previous level L-1 in the hierarchy , wherein the cache component is updated periodically with license information from agent components in a next level L+1 in the hierarchy ;
(c) determining from the licensing module at the level L+1 if the requested license is in a cache component for the licensing module , and if not , (d) sending the request for the license to a licensing module at a next higher level in the hierarchy ;
(e) repeating step (d) until the requested license is located in a cache component in a licensing module at a next highest level in the hierarchy , or the highest level in the hierarchy is reached , wherein the requested license is located on the license server .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5790664A
CLAIM 12 . In a computer system (computer system) having a plurality of computers connected by a computer network , the plurality of computers arranged in a hierarchy from a lowest level to highest level and having computer software that is enabled with a license , a method of enabling the computer software with a license , the method comprising the following steps : (a) maintaining a license server on a computer at the highest level in the hierarchical license system , the license server having a database of licensing information for enabling computer software on the plurality of computers in the hierarchy ;
(b) requesting a license in a licensing module at a level L in the hierarchy from a licensing module on a computer at level L+1 in the hierarchy to enable computer software on a computer at a level L in the hierarchy , the licensing modules having : client component for communicating with agent components in licensing modules in a next level L+1 in the hierarchy , agent component for communicating with client components in licensing modules in a previous level L-1 in the hierarchy , and cache component for storing license information for computer software on computers in a previous level L-1 in the hierarchy , wherein the cache component is updated periodically with license information from agent components in a next level L+1 in the hierarchy ;
(c) determining from the licensing module at the level L+1 if the requested license is in a cache component for the licensing module , and if not , (d) sending the request for the license to a licensing module at a next higher level in the hierarchy ;
(e) repeating step (d) until the requested license is located in a cache component in a licensing module at a next highest level in the hierarchy , or the highest level in the hierarchy is reached , wherein the requested license is located on the license server .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5790664A
CLAIM 12 . In a computer system (computer system) having a plurality of computers connected by a computer network , the plurality of computers arranged in a hierarchy from a lowest level to highest level and having computer software that is enabled with a license , a method of enabling the computer software with a license , the method comprising the following steps : (a) maintaining a license server on a computer at the highest level in the hierarchical license system , the license server having a database of licensing information for enabling computer software on the plurality of computers in the hierarchy ;
(b) requesting a license in a licensing module at a level L in the hierarchy from a licensing module on a computer at level L+1 in the hierarchy to enable computer software on a computer at a level L in the hierarchy , the licensing modules having : client component for communicating with agent components in licensing modules in a next level L+1 in the hierarchy , agent component for communicating with client components in licensing modules in a previous level L-1 in the hierarchy , and cache component for storing license information for computer software on computers in a previous level L-1 in the hierarchy , wherein the cache component is updated periodically with license information from agent components in a next level L+1 in the hierarchy ;
(c) determining from the licensing module at the level L+1 if the requested license is in a cache component for the licensing module , and if not , (d) sending the request for the license to a licensing module at a next higher level in the hierarchy ;
(e) repeating step (d) until the requested license is located in a cache component in a licensing module at a next highest level in the hierarchy , or the highest level in the hierarchy is reached , wherein the requested license is located on the license server .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part (following steps) of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5790664A
CLAIM 12 . In a computer system having a plurality of computers connected by a computer network , the plurality of computers arranged in a hierarchy from a lowest level to highest level and having computer software that is enabled with a license , a method of enabling the computer software with a license , the method comprising the following steps (second part) : (a) maintaining a license server on a computer at the highest level in the hierarchical license system , the license server having a database of licensing information for enabling computer software on the plurality of computers in the hierarchy ;
(b) requesting a license in a licensing module at a level L in the hierarchy from a licensing module on a computer at level L+1 in the hierarchy to enable computer software on a computer at a level L in the hierarchy , the licensing modules having : client component for communicating with agent components in licensing modules in a next level L+1 in the hierarchy , agent component for communicating with client components in licensing modules in a previous level L-1 in the hierarchy , and cache component for storing license information for computer software on computers in a previous level L-1 in the hierarchy , wherein the cache component is updated periodically with license information from agent components in a next level L+1 in the hierarchy ;
(c) determining from the licensing module at the level L+1 if the requested license is in a cache component for the licensing module , and if not , (d) sending the request for the license to a licensing module at a next higher level in the hierarchy ;
(e) repeating step (d) until the requested license is located in a cache component in a licensing module at a next highest level in the hierarchy , or the highest level in the hierarchy is reached , wherein the requested license is located on the license server .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5790664A
CLAIM 12 . In a computer system (computer system) having a plurality of computers connected by a computer network , the plurality of computers arranged in a hierarchy from a lowest level to highest level and having computer software that is enabled with a license , a method of enabling the computer software with a license , the method comprising the following steps : (a) maintaining a license server on a computer at the highest level in the hierarchical license system , the license server having a database of licensing information for enabling computer software on the plurality of computers in the hierarchy ;
(b) requesting a license in a licensing module at a level L in the hierarchy from a licensing module on a computer at level L+1 in the hierarchy to enable computer software on a computer at a level L in the hierarchy , the licensing modules having : client component for communicating with agent components in licensing modules in a next level L+1 in the hierarchy , agent component for communicating with client components in licensing modules in a previous level L-1 in the hierarchy , and cache component for storing license information for computer software on computers in a previous level L-1 in the hierarchy , wherein the cache component is updated periodically with license information from agent components in a next level L+1 in the hierarchy ;
(c) determining from the licensing module at the level L+1 if the requested license is in a cache component for the licensing module , and if not , (d) sending the request for the license to a licensing module at a next higher level in the hierarchy ;
(e) repeating step (d) until the requested license is located in a cache component in a licensing module at a next highest level in the hierarchy , or the highest level in the hierarchy is reached , wherein the requested license is located on the license server .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5790664A
CLAIM 12 . In a computer system (computer system) having a plurality of computers connected by a computer network , the plurality of computers arranged in a hierarchy from a lowest level to highest level and having computer software that is enabled with a license , a method of enabling the computer software with a license , the method comprising the following steps : (a) maintaining a license server on a computer at the highest level in the hierarchical license system , the license server having a database of licensing information for enabling computer software on the plurality of computers in the hierarchy ;
(b) requesting a license in a licensing module at a level L in the hierarchy from a licensing module on a computer at level L+1 in the hierarchy to enable computer software on a computer at a level L in the hierarchy , the licensing modules having : client component for communicating with agent components in licensing modules in a next level L+1 in the hierarchy , agent component for communicating with client components in licensing modules in a previous level L-1 in the hierarchy , and cache component for storing license information for computer software on computers in a previous level L-1 in the hierarchy , wherein the cache component is updated periodically with license information from agent components in a next level L+1 in the hierarchy ;
(c) determining from the licensing module at the level L+1 if the requested license is in a cache component for the licensing module , and if not , (d) sending the request for the license to a licensing module at a next higher level in the hierarchy ;
(e) repeating step (d) until the requested license is located in a cache component in a licensing module at a next highest level in the hierarchy , or the highest level in the hierarchy is reached , wherein the requested license is located on the license server .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5708709A

Filed: 1995-12-08     Issued: 1998-01-13

System and method for managing try-and-buy usage of application programs

(Original Assignee) Sun Microsystems Inc     (Current Assignee) Oracle America Inc

John R. Rose
US7162735B2
CLAIM 1 . Computer software (client computer) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5708709A
CLAIM 1 . A method for managing usage of an application program by a user on a distributed computer system , said application program being initially stored as a stored version of said application program on a server coupled to said distributed computer system , said method comprising the steps of : at said server , performing steps of : recognizing a user request to access said application program ;
determining whether predetermined access conditions are satisfied ;
transmitting a transmission version of said application program to a computer associated with said user for receipt and storage only when said access conditions have been satisfied ;
wherein said transmission version of said application program is at least partially encrypted and is not directly executable ;
at a client computer (Computer software) , performing steps of : verifying prior to execution of said program that said user is currently entitled to execute said received application program ;
and generating an executable version of said application program from said transmission version only if said verification is affirmative , said generating step including decrypting encrypted portions of said transmission version .

US7162735B2
CLAIM 2 . A computer memory device (management system) containing computer software in accordance with claim 1 . 		US5708709A
CLAIM 10 . A program usage management system (computer memory device, computer memory device containing computer software) for managing usage of an application program by a user associated with a client computer on a distributed computer network , said system comprising : a server coupled to said distributed computer system and having memory storage for storing said application program ;
a controller coupled to said client computer for recognizing a user request to access said application program and for determining whether predetermined program access conditions associated with said application program are satisfied by said client computer ;
a program file formatter for generating a transmission version of said program file that incorporates identification information associated with said client and a version of said application program that is at least partially encrypted , said program file formatter responsive to said controller to generate said transmission version only when said access conditions are satisfied ;
a transmitter for transmitting said transmission version of said application program to said client computer associated with said user for receipt and storage only when said access conditions have been satisfied ;
a license verifier for verifying prior to execution of said application program by said client computer that the user associated with said client computer is currently entitled to execute said application program ;
and a program decoder coupled to said client computer for generating a decrypted machine executable version of said application program from said transmission version of said application program only if said license verifier verifies that the user associated with said client computer is currently entitled to execute said application program , said program decoder including instructions for decrypting encrypted portions of said transmission version .

US7162735B2
CLAIM 3 . A computer system (distributed computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US5708709A
CLAIM 1 . A method for managing usage of an application program by a user on a distributed computer system (computer system) , said application program being initially stored as a stored version of said application program on a server coupled to said distributed computer system , said method comprising the steps of : at said server , performing steps of : recognizing a user request to access said application program ;
determining whether predetermined access conditions are satisfied ;
transmitting a transmission version of said application program to a computer associated with said user for receipt and storage only when said access conditions have been satisfied ;
wherein said transmission version of said application program is at least partially encrypted and is not directly executable ;
at a client computer , performing steps of : verifying prior to execution of said program that said user is currently entitled to execute said received application program ;
and generating an executable version of said application program from said transmission version only if said verification is affirmative , said generating step including decrypting encrypted portions of said transmission version .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (public key) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5708709A
CLAIM 6 . The method in claim 1 , wherein said transmission version of said application program is encrypted with a public key (security code) associated with said user , and wherein said decryption is performed with a corresponding private key .

US7162735B2
CLAIM 5 . A computer system (distributed computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US5708709A
CLAIM 1 . A method for managing usage of an application program by a user on a distributed computer system (computer system) , said application program being initially stored as a stored version of said application program on a server coupled to said distributed computer system , said method comprising the steps of : at said server , performing steps of : recognizing a user request to access said application program ;
determining whether predetermined access conditions are satisfied ;
transmitting a transmission version of said application program to a computer associated with said user for receipt and storage only when said access conditions have been satisfied ;
wherein said transmission version of said application program is at least partially encrypted and is not directly executable ;
at a client computer , performing steps of : verifying prior to execution of said program that said user is currently entitled to execute said received application program ;
and generating an executable version of said application program from said transmission version only if said verification is affirmative , said generating step including decrypting encrypted portions of said transmission version .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (distributed computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5708709A
CLAIM 1 . A method for managing usage of an application program by a user on a distributed computer system (computer system) , said application program being initially stored as a stored version of said application program on a server coupled to said distributed computer system , said method comprising the steps of : at said server , performing steps of : recognizing a user request to access said application program ;
determining whether predetermined access conditions are satisfied ;
transmitting a transmission version of said application program to a computer associated with said user for receipt and storage only when said access conditions have been satisfied ;
wherein said transmission version of said application program is at least partially encrypted and is not directly executable ;
at a client computer , performing steps of : verifying prior to execution of said program that said user is currently entitled to execute said received application program ;
and generating an executable version of said application program from said transmission version only if said verification is affirmative , said generating step including decrypting encrypted portions of said transmission version .

US7162735B2
CLAIM 7 . Computer software (client computer) which , when installed on a computer system (distributed computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5708709A
CLAIM 1 . A method for managing usage of an application program by a user on a distributed computer system (computer system) , said application program being initially stored as a stored version of said application program on a server coupled to said distributed computer system , said method comprising the steps of : at said server , performing steps of : recognizing a user request to access said application program ;
determining whether predetermined access conditions are satisfied ;
transmitting a transmission version of said application program to a computer associated with said user for receipt and storage only when said access conditions have been satisfied ;
wherein said transmission version of said application program is at least partially encrypted and is not directly executable ;
at a client computer (Computer software) , performing steps of : verifying prior to execution of said program that said user is currently entitled to execute said received application program ;
and generating an executable version of said application program from said transmission version only if said verification is affirmative , said generating step including decrypting encrypted portions of said transmission version .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (public key) , when executed , is operable to detect corruption of the protected code . 		US5708709A
CLAIM 6 . The method in claim 1 , wherein said transmission version of said application program is encrypted with a public key (security code) associated with said user , and wherein said decryption is performed with a corresponding private key .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (public key) is operable to delete the protected code in the event that any corruption is detected . 		US5708709A
CLAIM 6 . The method in claim 1 , wherein said transmission version of said application program is encrypted with a public key (security code) associated with said user , and wherein said decryption is performed with a corresponding private key .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (public key) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US5708709A
CLAIM 6 . The method in claim 1 , wherein said transmission version of said application program is encrypted with a public key (security code) associated with said user , and wherein said decryption is performed with a corresponding private key .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (public key) is embedded within the protected code . 		US5708709A
CLAIM 6 . The method in claim 1 , wherein said transmission version of said application program is encrypted with a public key (security code) associated with said user , and wherein said decryption is performed with a corresponding private key .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (public key) is embedded at locations which are unused by the protected code . 		US5708709A
CLAIM 6 . The method in claim 1 , wherein said transmission version of said application program is encrypted with a public key (security code) associated with said user , and wherein said decryption is performed with a corresponding private key .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (public key) and to modify the call instruction to refer to the new location . 		US5708709A
CLAIM 6 . The method in claim 1 , wherein said transmission version of said application program is encrypted with a public key (security code) associated with said user , and wherein said decryption is performed with a corresponding private key .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (distributed computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5708709A
CLAIM 1 . A method for managing usage of an application program by a user on a distributed computer system (computer system) , said application program being initially stored as a stored version of said application program on a server coupled to said distributed computer system , said method comprising the steps of : at said server , performing steps of : recognizing a user request to access said application program ;
determining whether predetermined access conditions are satisfied ;
transmitting a transmission version of said application program to a computer associated with said user for receipt and storage only when said access conditions have been satisfied ;
wherein said transmission version of said application program is at least partially encrypted and is not directly executable ;
at a client computer , performing steps of : verifying prior to execution of said program that said user is currently entitled to execute said received application program ;
and generating an executable version of said application program from said transmission version only if said verification is affirmative , said generating step including decrypting encrypted portions of said transmission version .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (distributed computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5708709A
CLAIM 1 . A method for managing usage of an application program by a user on a distributed computer system (computer system) , said application program being initially stored as a stored version of said application program on a server coupled to said distributed computer system , said method comprising the steps of : at said server , performing steps of : recognizing a user request to access said application program ;
determining whether predetermined access conditions are satisfied ;
transmitting a transmission version of said application program to a computer associated with said user for receipt and storage only when said access conditions have been satisfied ;
wherein said transmission version of said application program is at least partially encrypted and is not directly executable ;
at a client computer , performing steps of : verifying prior to execution of said program that said user is currently entitled to execute said received application program ;
and generating an executable version of said application program from said transmission version only if said verification is affirmative , said generating step including decrypting encrypted portions of said transmission version .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (distributed computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5708709A
CLAIM 1 . A method for managing usage of an application program by a user on a distributed computer system (computer system) , said application program being initially stored as a stored version of said application program on a server coupled to said distributed computer system , said method comprising the steps of : at said server , performing steps of : recognizing a user request to access said application program ;
determining whether predetermined access conditions are satisfied ;
transmitting a transmission version of said application program to a computer associated with said user for receipt and storage only when said access conditions have been satisfied ;
wherein said transmission version of said application program is at least partially encrypted and is not directly executable ;
at a client computer , performing steps of : verifying prior to execution of said program that said user is currently entitled to execute said received application program ;
and generating an executable version of said application program from said transmission version only if said verification is affirmative , said generating step including decrypting encrypted portions of said transmission version .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (public key) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5708709A
CLAIM 6 . The method in claim 1 , wherein said transmission version of said application program is encrypted with a public key (security code) associated with said user , and wherein said decryption is performed with a corresponding private key .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (public key) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5708709A
CLAIM 6 . The method in claim 1 , wherein said transmission version of said application program is encrypted with a public key (security code) associated with said user , and wherein said decryption is performed with a corresponding private key .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (distributed computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5708709A
CLAIM 1 . A method for managing usage of an application program by a user on a distributed computer system (computer system) , said application program being initially stored as a stored version of said application program on a server coupled to said distributed computer system , said method comprising the steps of : at said server , performing steps of : recognizing a user request to access said application program ;
determining whether predetermined access conditions are satisfied ;
transmitting a transmission version of said application program to a computer associated with said user for receipt and storage only when said access conditions have been satisfied ;
wherein said transmission version of said application program is at least partially encrypted and is not directly executable ;
at a client computer , performing steps of : verifying prior to execution of said program that said user is currently entitled to execute said received application program ;
and generating an executable version of said application program from said transmission version only if said verification is affirmative , said generating step including decrypting encrypted portions of said transmission version .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US6067575A

Filed: 1995-12-08     Issued: 2000-05-23

System and method for generating trusted, architecture specific, compiled versions of architecture neutral programs

(Original Assignee) Sun Microsystems Inc     (Current Assignee) Oracle America Inc

Charles E. McManis, Frank Yellin
US7162735B2
CLAIM 1 . Computer software (computer program, program product) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form (computer program, program product) by means of an algorithm which requires at least one conversion key (encryption keys) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US6067575A
CLAIM 5 . A computer network as in claim 1 wherein : for the originating and compiling parties , said network includes corresponding private and public encryption keys (conversion key, respective conversion key) and corresponding hash functions ;
the originating party' ;
s digital signature includes a message digest of the architecture neutral program generated by performing the originating party' ;
s corresponding hash function on the architecture neutral program , the message digest of the architecture neutral program being encrypted with the originating party' ;
s corresponding private key ;
the program compiling computers' ;
signature verifier includes instructions for verifying the originating party' ;
s digital signature by (A) decrypting the message digest of the architecture neutral program with the originating party' ;
s public encryption key , (B) generating a corresponding test message digest of the architecture neutral program by performing the originating party' ;
s hash function on the architecture neutral program code , and (C) comparing the decrypted message digest and the test message digest of the architecture neutral program ;
the signature generator includes instructions for generating the compiling party' ;
s digital signature by (A) generating a message digest of the architecture neutral program generated by performing the compiling party' ;
s corresponding hash function on the architecture specific program code , and (B) encrypting the message digest of the architecture specific program with the compiling party' ;
s corresponding private key ;
and the program executing computer' ;
s signature verifier includes instructions for verifying the compiling party' ;
s digital signature by (A) decrypting the message digest of the architecture specific program with the compiling party' ;
s public encryption key , (B) generating a corresponding test message digest of the architecture specific program by performing the compiling party' ;
s hash function on the architecture specific program code , and (C) comparing the decrypted message digest and the test message digest of the architecture specific program .

US6067575A
CLAIM 25 . A computer program (Computer software, executable form, Computer software operable to provide protection) product for use in conjunction with one or more computer systems , the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein , the computer program mechanism comprising : a first module configured for use in conjunction with a program compiling computer , operated by a compiling party , that receives an architecture neutral program generated by an originating party , the architecture neutral program containing architecture neutral program code and a digital signature of the originating party that when verified verifies that the architecture neutral program was signed by the originating party , the first module including ;
a signature verifier that verifies the originating party' ;
s digital signature ;
a program verifier for verifying that the received architecture neutral program satisfies predefined integrity criteria including predefined operand stack and data type usage restrictions ;
a compiler that generates an architecture specific program when the originating party' ;
s digital signature has been verified and the received architecture neutral program' ;
s integrity has been verified by the program verifier , the compiler generating the architecture specific program by (A) compiling the architecture neutral program code into architecture specific program code in an architecture specific language , and (B) appending a digital signature of the compiling party that when verified verifies that the architecture specific program was generated by the compiling party ;
and a signature generator that generates the compiling party' ;
s digital signature ;
and a second module for use in conjunction with a program executing computer , operated by an executing party , that receives the architecture specific program , the second module including : a signature verifier that verifies the compiling party' ;
s digital signature ;
an executer that executes program code that is in the architecture specific language , the executer executing the architecture specific program code when the compiling party' ;
s signature has been verified ;
a program verifier for verifying whether a specified architecture neutral program satisfies said predefined integrity criteria , including predefined operand stack and data type usage restrictions ;
and an architecture neutral program executer for executing the specified architecture neutral program when the program verifier has verified that the specified architecture neutral program satisfies said predefined integrity criteria ;
whereby verification of the compiling party' ;
s digital signature by the program executing computer indirectly verifies the originating party' ;
s signature as well as the integrity of the architecture neutral program from which the architecture specific program was compiled .

US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US6067575A
CLAIM 25 . A computer program product for use in conjunction with one or more computer system (computer system) s , the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein , the computer program mechanism comprising : a first module configured for use in conjunction with a program compiling computer , operated by a compiling party , that receives an architecture neutral program generated by an originating party , the architecture neutral program containing architecture neutral program code and a digital signature of the originating party that when verified verifies that the architecture neutral program was signed by the originating party , the first module including ;
a signature verifier that verifies the originating party' ;
s digital signature ;
a program verifier for verifying that the received architecture neutral program satisfies predefined integrity criteria including predefined operand stack and data type usage restrictions ;
a compiler that generates an architecture specific program when the originating party' ;
s digital signature has been verified and the received architecture neutral program' ;
s integrity has been verified by the program verifier , the compiler generating the architecture specific program by (A) compiling the architecture neutral program code into architecture specific program code in an architecture specific language , and (B) appending a digital signature of the compiling party that when verified verifies that the architecture specific program was generated by the compiling party ;
and a signature generator that generates the compiling party' ;
s digital signature ;
and a second module for use in conjunction with a program executing computer , operated by an executing party , that receives the architecture specific program , the second module including : a signature verifier that verifies the compiling party' ;
s digital signature ;
an executer that executes program code that is in the architecture specific language , the executer executing the architecture specific program code when the compiling party' ;
s signature has been verified ;
a program verifier for verifying whether a specified architecture neutral program satisfies said predefined integrity criteria , including predefined operand stack and data type usage restrictions ;
and an architecture neutral program executer for executing the specified architecture neutral program when the program verifier has verified that the specified architecture neutral program satisfies said predefined integrity criteria ;
whereby verification of the compiling party' ;
s digital signature by the program executing computer indirectly verifies the originating party' ;
s signature as well as the integrity of the architecture neutral program from which the architecture specific program was compiled .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US6067575A
CLAIM 25 . A computer program product for use in conjunction with one or more computer system (computer system) s , the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein , the computer program mechanism comprising : a first module configured for use in conjunction with a program compiling computer , operated by a compiling party , that receives an architecture neutral program generated by an originating party , the architecture neutral program containing architecture neutral program code and a digital signature of the originating party that when verified verifies that the architecture neutral program was signed by the originating party , the first module including ;
a signature verifier that verifies the originating party' ;
s digital signature ;
a program verifier for verifying that the received architecture neutral program satisfies predefined integrity criteria including predefined operand stack and data type usage restrictions ;
a compiler that generates an architecture specific program when the originating party' ;
s digital signature has been verified and the received architecture neutral program' ;
s integrity has been verified by the program verifier , the compiler generating the architecture specific program by (A) compiling the architecture neutral program code into architecture specific program code in an architecture specific language , and (B) appending a digital signature of the compiling party that when verified verifies that the architecture specific program was generated by the compiling party ;
and a signature generator that generates the compiling party' ;
s digital signature ;
and a second module for use in conjunction with a program executing computer , operated by an executing party , that receives the architecture specific program , the second module including : a signature verifier that verifies the compiling party' ;
s digital signature ;
an executer that executes program code that is in the architecture specific language , the executer executing the architecture specific program code when the compiling party' ;
s signature has been verified ;
a program verifier for verifying whether a specified architecture neutral program satisfies said predefined integrity criteria , including predefined operand stack and data type usage restrictions ;
and an architecture neutral program executer for executing the specified architecture neutral program when the program verifier has verified that the specified architecture neutral program satisfies said predefined integrity criteria ;
whereby verification of the compiling party' ;
s digital signature by the program executing computer indirectly verifies the originating party' ;
s signature as well as the integrity of the architecture neutral program from which the architecture specific program was compiled .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6067575A
CLAIM 25 . A computer program product for use in conjunction with one or more computer system (computer system) s , the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein , the computer program mechanism comprising : a first module configured for use in conjunction with a program compiling computer , operated by a compiling party , that receives an architecture neutral program generated by an originating party , the architecture neutral program containing architecture neutral program code and a digital signature of the originating party that when verified verifies that the architecture neutral program was signed by the originating party , the first module including ;
a signature verifier that verifies the originating party' ;
s digital signature ;
a program verifier for verifying that the received architecture neutral program satisfies predefined integrity criteria including predefined operand stack and data type usage restrictions ;
a compiler that generates an architecture specific program when the originating party' ;
s digital signature has been verified and the received architecture neutral program' ;
s integrity has been verified by the program verifier , the compiler generating the architecture specific program by (A) compiling the architecture neutral program code into architecture specific program code in an architecture specific language , and (B) appending a digital signature of the compiling party that when verified verifies that the architecture specific program was generated by the compiling party ;
and a signature generator that generates the compiling party' ;
s digital signature ;
and a second module for use in conjunction with a program executing computer , operated by an executing party , that receives the architecture specific program , the second module including : a signature verifier that verifies the compiling party' ;
s digital signature ;
an executer that executes program code that is in the architecture specific language , the executer executing the architecture specific program code when the compiling party' ;
s signature has been verified ;
a program verifier for verifying whether a specified architecture neutral program satisfies said predefined integrity criteria , including predefined operand stack and data type usage restrictions ;
and an architecture neutral program executer for executing the specified architecture neutral program when the program verifier has verified that the specified architecture neutral program satisfies said predefined integrity criteria ;
whereby verification of the compiling party' ;
s digital signature by the program executing computer indirectly verifies the originating party' ;
s signature as well as the integrity of the architecture neutral program from which the architecture specific program was compiled .

US7162735B2
CLAIM 7 . Computer software (computer program, program product) which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US6067575A
CLAIM 25 . A computer program (Computer software, executable form, Computer software operable to provide protection) product for use in conjunction with one or more computer system (computer system) s , the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein , the computer program mechanism comprising : a first module configured for use in conjunction with a program compiling computer , operated by a compiling party , that receives an architecture neutral program generated by an originating party , the architecture neutral program containing architecture neutral program code and a digital signature of the originating party that when verified verifies that the architecture neutral program was signed by the originating party , the first module including ;
a signature verifier that verifies the originating party' ;
s digital signature ;
a program verifier for verifying that the received architecture neutral program satisfies predefined integrity criteria including predefined operand stack and data type usage restrictions ;
a compiler that generates an architecture specific program when the originating party' ;
s digital signature has been verified and the received architecture neutral program' ;
s integrity has been verified by the program verifier , the compiler generating the architecture specific program by (A) compiling the architecture neutral program code into architecture specific program code in an architecture specific language , and (B) appending a digital signature of the compiling party that when verified verifies that the architecture specific program was generated by the compiling party ;
and a signature generator that generates the compiling party' ;
s digital signature ;
and a second module for use in conjunction with a program executing computer , operated by an executing party , that receives the architecture specific program , the second module including : a signature verifier that verifies the compiling party' ;
s digital signature ;
an executer that executes program code that is in the architecture specific language , the executer executing the architecture specific program code when the compiling party' ;
s signature has been verified ;
a program verifier for verifying whether a specified architecture neutral program satisfies said predefined integrity criteria , including predefined operand stack and data type usage restrictions ;
and an architecture neutral program executer for executing the specified architecture neutral program when the program verifier has verified that the specified architecture neutral program satisfies said predefined integrity criteria ;
whereby verification of the compiling party' ;
s digital signature by the program executing computer indirectly verifies the originating party' ;
s signature as well as the integrity of the architecture neutral program from which the architecture specific program was compiled .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key (encryption keys) from a target block of data of the arrangement ;

convert the decryption instructions into an executable form (computer program, program product) by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US6067575A
CLAIM 5 . A computer network as in claim 1 wherein : for the originating and compiling parties , said network includes corresponding private and public encryption keys (conversion key, respective conversion key) and corresponding hash functions ;
the originating party' ;
s digital signature includes a message digest of the architecture neutral program generated by performing the originating party' ;
s corresponding hash function on the architecture neutral program , the message digest of the architecture neutral program being encrypted with the originating party' ;
s corresponding private key ;
the program compiling computers' ;
signature verifier includes instructions for verifying the originating party' ;
s digital signature by (A) decrypting the message digest of the architecture neutral program with the originating party' ;
s public encryption key , (B) generating a corresponding test message digest of the architecture neutral program by performing the originating party' ;
s hash function on the architecture neutral program code , and (C) comparing the decrypted message digest and the test message digest of the architecture neutral program ;
the signature generator includes instructions for generating the compiling party' ;
s digital signature by (A) generating a message digest of the architecture neutral program generated by performing the compiling party' ;
s corresponding hash function on the architecture specific program code , and (B) encrypting the message digest of the architecture specific program with the compiling party' ;
s corresponding private key ;
and the program executing computer' ;
s signature verifier includes instructions for verifying the compiling party' ;
s digital signature by (A) decrypting the message digest of the architecture specific program with the compiling party' ;
s public encryption key , (B) generating a corresponding test message digest of the architecture specific program by performing the compiling party' ;
s hash function on the architecture specific program code , and (C) comparing the decrypted message digest and the test message digest of the architecture specific program .

US6067575A
CLAIM 26 . The computer program (Computer software, executable form, Computer software operable to provide protection) product of claim 25 , wherein the signature generator generates a digital signature of the compiler that when verified verifies that the architecture specific program was generated with the compiler ;
the first module appends to the architecture specific program code the compiler' ;
s digital signature ;
the second module' ;
s signature verifier verifies the compiler' ;
s digital signature ;
and the second module' ;
s executer executes the architecture specific program code only after the compiler' ;
s digital signature has been verified and only when the compiling party is a member of a defined set of trusted compiling parties and the compiler is a member of a defined set of trusted compilers .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form (computer program, program product) . 		US6067575A
CLAIM 26 . The computer program (Computer software, executable form, Computer software operable to provide protection) product of claim 25 , wherein the signature generator generates a digital signature of the compiler that when verified verifies that the architecture specific program was generated with the compiler ;
the first module appends to the architecture specific program code the compiler' ;
s digital signature ;
the second module' ;
s signature verifier verifies the compiler' ;
s digital signature ;
and the second module' ;
s executer executes the architecture specific program code only after the compiler' ;
s digital signature has been verified and only when the compiling party is a member of a defined set of trusted compiling parties and the compiler is a member of a defined set of trusted compilers .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (encryption keys) derived from a respective target block . 		US6067575A
CLAIM 5 . A computer network as in claim 1 wherein : for the originating and compiling parties , said network includes corresponding private and public encryption keys (conversion key, respective conversion key) and corresponding hash functions ;
the originating party' ;
s digital signature includes a message digest of the architecture neutral program generated by performing the originating party' ;
s corresponding hash function on the architecture neutral program , the message digest of the architecture neutral program being encrypted with the originating party' ;
s corresponding private key ;
the program compiling computers' ;
signature verifier includes instructions for verifying the originating party' ;
s digital signature by (A) decrypting the message digest of the architecture neutral program with the originating party' ;
s public encryption key , (B) generating a corresponding test message digest of the architecture neutral program by performing the originating party' ;
s hash function on the architecture neutral program code , and (C) comparing the decrypted message digest and the test message digest of the architecture neutral program ;
the signature generator includes instructions for generating the compiling party' ;
s digital signature by (A) generating a message digest of the architecture neutral program generated by performing the compiling party' ;
s corresponding hash function on the architecture specific program code , and (B) encrypting the message digest of the architecture specific program with the compiling party' ;
s corresponding private key ;
and the program executing computer' ;
s signature verifier includes instructions for verifying the compiling party' ;
s digital signature by (A) decrypting the message digest of the architecture specific program with the compiling party' ;
s public encryption key , (B) generating a corresponding test message digest of the architecture specific program by performing the compiling party' ;
s hash function on the architecture specific program code , and (C) comparing the decrypted message digest and the test message digest of the architecture specific program .

US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form (computer program, program product) for subsequent execution . 		US6067575A
CLAIM 26 . The computer program (Computer software, executable form, Computer software operable to provide protection) product of claim 25 , wherein the signature generator generates a digital signature of the compiler that when verified verifies that the architecture specific program was generated with the compiler ;
the first module appends to the architecture specific program code the compiler' ;
s digital signature ;
the second module' ;
s signature verifier verifies the compiler' ;
s digital signature ;
and the second module' ;
s executer executes the architecture specific program code only after the compiler' ;
s digital signature has been verified and only when the compiling party is a member of a defined set of trusted compiling parties and the compiler is a member of a defined set of trusted compilers .

US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form (computer program, program product) for subsequent execution . 		US6067575A
CLAIM 26 . The computer program (Computer software, executable form, Computer software operable to provide protection) product of claim 25 , wherein the signature generator generates a digital signature of the compiler that when verified verifies that the architecture specific program was generated with the compiler ;
the first module appends to the architecture specific program code the compiler' ;
s digital signature ;
the second module' ;
s signature verifier verifies the compiler' ;
s digital signature ;
and the second module' ;
s executer executes the architecture specific program code only after the compiler' ;
s digital signature has been verified and only when the compiling party is a member of a defined set of trusted compiling parties and the compiler is a member of a defined set of trusted compilers .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		EP0715246A1

Filed: 1995-11-23     Issued: 1996-06-05

System for controlling the distribution and use of composite digital works

(Original Assignee) Xerox Corp     (Current Assignee) Contentguard Holdings Inc

Mark J. Stefik, Peter L. T. Pirolli, Daniel G. Bobrow
US7162735B2
CLAIM 4 . A digital data (digital data) arrangement (said second part, said first part) comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		EP0715246A1
CLAIM 2 The method as recited in Claim 1 wherein said step of creating a composite digital work is further comprised of the steps of : a1) creating a first part of said digital work ;
a2) creating a first description block for said first part (processing means, one order, digital data arrangement) of said composite digital work ;
a3) obtaining an existing second part for said composite digital work , said second part (processing means, one order, digital data arrangement) of the digital work having a second description block ;
a4) combining said first part and said second part to form said composite digital work ;
and a5) creating a third description block for said composite digital work .

EP0715246A1
CLAIM 8 A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 4 . 		EP0715246A1
CLAIM 8 A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 4 . 		EP0715246A1
CLAIM 8 A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .

US7162735B2
CLAIM 18 . A digital data (digital data) arrangement (said second part, said first part) comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		EP0715246A1
CLAIM 2 The method as recited in Claim 1 wherein said step of creating a composite digital work is further comprised of the steps of : a1) creating a first part of said digital work ;
a2) creating a first description block for said first part (processing means, one order, digital data arrangement) of said composite digital work ;
a3) obtaining an existing second part for said composite digital work , said second part (processing means, one order, digital data arrangement) of the digital work having a second description block ;
a4) combining said first part and said second part to form said composite digital work ;
and a5) creating a third description block for said composite digital work .

EP0715246A1
CLAIM 8 A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (said second part, said first part) operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		EP0715246A1
CLAIM 2 The method as recited in Claim 1 wherein said step of creating a composite digital work is further comprised of the steps of : a1) creating a first part of said digital work ;
a2) creating a first description block for said first part (processing means, one order, digital data arrangement) of said composite digital work ;
a3) obtaining an existing second part for said composite digital work , said second part (processing means, one order, digital data arrangement) of the digital work having a second description block ;
a4) combining said first part and said second part to form said composite digital work ;
and a5) creating a third description block for said composite digital work .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 18 . 		EP0715246A1
CLAIM 8 A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .

US7162735B2
CLAIM 29 . A digital data (digital data) arrangement (said second part, said first part) comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order (said second part, said first part) to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		EP0715246A1
CLAIM 2 The method as recited in Claim 1 wherein said step of creating a composite digital work is further comprised of the steps of : a1) creating a first part of said digital work ;
a2) creating a first description block for said first part (processing means, one order, digital data arrangement) of said composite digital work ;
a3) obtaining an existing second part for said composite digital work , said second part (processing means, one order, digital data arrangement) of the digital work having a second description block ;
a4) combining said first part and said second part to form said composite digital work ;
and a5) creating a third description block for said composite digital work .

EP0715246A1
CLAIM 8 A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 29 . 		EP0715246A1
CLAIM 8 A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .

US7162735B2
CLAIM 34 . A digital data (digital data) arrangement (said second part, said first part) comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		EP0715246A1
CLAIM 2 The method as recited in Claim 1 wherein said step of creating a composite digital work is further comprised of the steps of : a1) creating a first part of said digital work ;
a2) creating a first description block for said first part (processing means, one order, digital data arrangement) of said composite digital work ;
a3) obtaining an existing second part for said composite digital work , said second part (processing means, one order, digital data arrangement) of the digital work having a second description block ;
a4) combining said first part and said second part to form said composite digital work ;
and a5) creating a third description block for said composite digital work .

EP0715246A1
CLAIM 8 A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 34 . 		EP0715246A1
CLAIM 8 A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .

US7162735B2
CLAIM 38 . A digital data (digital data) arrangement (said second part, said first part) comprising protected code , security code and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		EP0715246A1
CLAIM 2 The method as recited in Claim 1 wherein said step of creating a composite digital work is further comprised of the steps of : a1) creating a first part of said digital work ;
a2) creating a first description block for said first part (processing means, one order, digital data arrangement) of said composite digital work ;
a3) obtaining an existing second part for said composite digital work , said second part (processing means, one order, digital data arrangement) of the digital work having a second description block ;
a4) combining said first part and said second part to form said composite digital work ;
and a5) creating a third description block for said composite digital work .

EP0715246A1
CLAIM 8 A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 38 . 		EP0715246A1
CLAIM 8 A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		EP0715247A1

Filed: 1995-11-23     Issued: 1996-06-05

System for controlling the distribution and use of digital works using digital tickets

(Original Assignee) Xerox Corp     (Current Assignee) Contentguard Holdings Inc

Mark J. Stefik, Peter L. T. Pirolli
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code (particular instance) which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form (particular instance) by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		EP0715247A1
CLAIM 1 A system for controlling the distribution and use of digital works comprising : means for attaching one or more usage rights to a digital work , each of said one or more usage rights specifying a particular instance (executable code, executable form, executable instructions, executable conversion, executable conversion code, digital data arrangement comprising executable code) of how said digital work may be used or distributed , each of said usage rights being capable of specifying a digital ticket , the possession of said digital ticket being a condition on the exercise of a right specifying said digital ticket ;
a plurality of repositories for storing and exchanging digital works , each of said plurality of repositories comprising : storage means for storing digital works , their attached usage rights , and digital tickets ;
transaction processing means having a requester mode of operation for requesting access to a digital work , said request specifying a usage right , and a server mode of operation for processing requests to access said requested digital work based on said usage right specified in said request , the usage rights attached to said digital work , and digital tickets associated with said usage rights ;
a generic ticket agent for punching digital tickets to indicate that an associated usage right has been exercised ;
and a coupling means for coupling to another of said plurality of repositories across a communications medium .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code (particular instance) , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		EP0715247A1
CLAIM 1 A system for controlling the distribution and use of digital works comprising : means for attaching one or more usage rights to a digital work , each of said one or more usage rights specifying a particular instance (executable code, executable form, executable instructions, executable conversion, executable conversion code, digital data arrangement comprising executable code) of how said digital work may be used or distributed , each of said usage rights being capable of specifying a digital ticket , the possession of said digital ticket being a condition on the exercise of a right specifying said digital ticket ;
a plurality of repositories for storing and exchanging digital works , each of said plurality of repositories comprising : storage means for storing digital works , their attached usage rights , and digital tickets ;
transaction processing means having a requester mode of operation for requesting access to a digital work , said request specifying a usage right , and a server mode of operation for processing requests to access said requested digital work based on said usage right specified in said request , the usage rights attached to said digital work , and digital tickets associated with said usage rights ;
a generic ticket agent for punching digital tickets to indicate that an associated usage right has been exercised ;
and a coupling means for coupling to another of said plurality of repositories across a communications medium .

US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (particular instance) for decryption . 		EP0715247A1
CLAIM 1 A system for controlling the distribution and use of digital works comprising : means for attaching one or more usage rights to a digital work , each of said one or more usage rights specifying a particular instance (executable code, executable form, executable instructions, executable conversion, executable conversion code, digital data arrangement comprising executable code) of how said digital work may be used or distributed , each of said usage rights being capable of specifying a digital ticket , the possession of said digital ticket being a condition on the exercise of a right specifying said digital ticket ;
a plurality of repositories for storing and exchanging digital works , each of said plurality of repositories comprising : storage means for storing digital works , their attached usage rights , and digital tickets ;
transaction processing means having a requester mode of operation for requesting access to a digital work , said request specifying a usage right , and a server mode of operation for processing requests to access said requested digital work based on said usage right specified in said request , the usage rights attached to said digital work , and digital tickets associated with said usage rights ;
a generic ticket agent for punching digital tickets to indicate that an associated usage right has been exercised ;
and a coupling means for coupling to another of said plurality of repositories across a communications medium .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion (particular instance) code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form (particular instance) by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		EP0715247A1
CLAIM 1 A system for controlling the distribution and use of digital works comprising : means for attaching one or more usage rights to a digital work , each of said one or more usage rights specifying a particular instance (executable code, executable form, executable instructions, executable conversion, executable conversion code, digital data arrangement comprising executable code) of how said digital work may be used or distributed , each of said usage rights being capable of specifying a digital ticket , the possession of said digital ticket being a condition on the exercise of a right specifying said digital ticket ;
a plurality of repositories for storing and exchanging digital works , each of said plurality of repositories comprising : storage means for storing digital works , their attached usage rights , and digital tickets ;
transaction processing means having a requester mode of operation for requesting access to a digital work , said request specifying a usage right , and a server mode of operation for processing requests to access said requested digital work based on said usage right specified in said request , the usage rights attached to said digital work , and digital tickets associated with said usage rights ;
a generic ticket agent for punching digital tickets to indicate that an associated usage right has been exercised ;
and a coupling means for coupling to another of said plurality of repositories across a communications medium .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code (particular instance) stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form (particular instance) . 		EP0715247A1
CLAIM 1 A system for controlling the distribution and use of digital works comprising : means for attaching one or more usage rights to a digital work , each of said one or more usage rights specifying a particular instance (executable code, executable form, executable instructions, executable conversion, executable conversion code, digital data arrangement comprising executable code) of how said digital work may be used or distributed , each of said usage rights being capable of specifying a digital ticket , the possession of said digital ticket being a condition on the exercise of a right specifying said digital ticket ;
a plurality of repositories for storing and exchanging digital works , each of said plurality of repositories comprising : storage means for storing digital works , their attached usage rights , and digital tickets ;
transaction processing means having a requester mode of operation for requesting access to a digital work , said request specifying a usage right , and a server mode of operation for processing requests to access said requested digital work based on said usage right specified in said request , the usage rights attached to said digital work , and digital tickets associated with said usage rights ;
a generic ticket agent for punching digital tickets to indicate that an associated usage right has been exercised ;
and a coupling means for coupling to another of said plurality of repositories across a communications medium .

US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form (particular instance) for subsequent execution . 		EP0715247A1
CLAIM 1 A system for controlling the distribution and use of digital works comprising : means for attaching one or more usage rights to a digital work , each of said one or more usage rights specifying a particular instance (executable code, executable form, executable instructions, executable conversion, executable conversion code, digital data arrangement comprising executable code) of how said digital work may be used or distributed , each of said usage rights being capable of specifying a digital ticket , the possession of said digital ticket being a condition on the exercise of a right specifying said digital ticket ;
a plurality of repositories for storing and exchanging digital works , each of said plurality of repositories comprising : storage means for storing digital works , their attached usage rights , and digital tickets ;
transaction processing means having a requester mode of operation for requesting access to a digital work , said request specifying a usage right , and a server mode of operation for processing requests to access said requested digital work based on said usage right specified in said request , the usage rights attached to said digital work , and digital tickets associated with said usage rights ;
a generic ticket agent for punching digital tickets to indicate that an associated usage right has been exercised ;
and a coupling means for coupling to another of said plurality of repositories across a communications medium .

US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form (particular instance) for subsequent execution . 		EP0715247A1
CLAIM 1 A system for controlling the distribution and use of digital works comprising : means for attaching one or more usage rights to a digital work , each of said one or more usage rights specifying a particular instance (executable code, executable form, executable instructions, executable conversion, executable conversion code, digital data arrangement comprising executable code) of how said digital work may be used or distributed , each of said usage rights being capable of specifying a digital ticket , the possession of said digital ticket being a condition on the exercise of a right specifying said digital ticket ;
a plurality of repositories for storing and exchanging digital works , each of said plurality of repositories comprising : storage means for storing digital works , their attached usage rights , and digital tickets ;
transaction processing means having a requester mode of operation for requesting access to a digital work , said request specifying a usage right , and a server mode of operation for processing requests to access said requested digital work based on said usage right specified in said request , the usage rights attached to said digital work , and digital tickets associated with said usage rights ;
a generic ticket agent for punching digital tickets to indicate that an associated usage right has been exercised ;
and a coupling means for coupling to another of said plurality of repositories across a communications medium .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code (particular instance) and/or a data file . 		EP0715247A1
CLAIM 1 A system for controlling the distribution and use of digital works comprising : means for attaching one or more usage rights to a digital work , each of said one or more usage rights specifying a particular instance (executable code, executable form, executable instructions, executable conversion, executable conversion code, digital data arrangement comprising executable code) of how said digital work may be used or distributed , each of said usage rights being capable of specifying a digital ticket , the possession of said digital ticket being a condition on the exercise of a right specifying said digital ticket ;
a plurality of repositories for storing and exchanging digital works , each of said plurality of repositories comprising : storage means for storing digital works , their attached usage rights , and digital tickets ;
transaction processing means having a requester mode of operation for requesting access to a digital work , said request specifying a usage right , and a server mode of operation for processing requests to access said requested digital work based on said usage right specified in said request , the usage rights attached to said digital work , and digital tickets associated with said usage rights ;
a generic ticket agent for punching digital tickets to indicate that an associated usage right has been exercised ;
and a coupling means for coupling to another of said plurality of repositories across a communications medium .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (processing means) operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion (particular instance) code to be executed when seeking to access the protected data . 		EP0715247A1
CLAIM 1 A system for controlling the distribution and use of digital works comprising : means for attaching one or more usage rights to a digital work , each of said one or more usage rights specifying a particular instance (executable code, executable form, executable instructions, executable conversion, executable conversion code, digital data arrangement comprising executable code) of how said digital work may be used or distributed , each of said usage rights being capable of specifying a digital ticket , the possession of said digital ticket being a condition on the exercise of a right specifying said digital ticket ;
a plurality of repositories for storing and exchanging digital works , each of said plurality of repositories comprising : storage means for storing digital works , their attached usage rights , and digital tickets ;
transaction processing means (processing means) having a requester mode of operation for requesting access to a digital work , said request specifying a usage right , and a server mode of operation for processing requests to access said requested digital work based on said usage right specified in said request , the usage rights attached to said digital work , and digital tickets associated with said usage rights ;
a generic ticket agent for punching digital tickets to indicate that an associated usage right has been exercised ;
and a coupling means for coupling to another of said plurality of repositories across a communications medium .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code (particular instance) executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order (said predetermined number) to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		EP0715247A1
CLAIM 1 A system for controlling the distribution and use of digital works comprising : means for attaching one or more usage rights to a digital work , each of said one or more usage rights specifying a particular instance (executable code, executable form, executable instructions, executable conversion, executable conversion code, digital data arrangement comprising executable code) of how said digital work may be used or distributed , each of said usage rights being capable of specifying a digital ticket , the possession of said digital ticket being a condition on the exercise of a right specifying said digital ticket ;
a plurality of repositories for storing and exchanging digital works , each of said plurality of repositories comprising : storage means for storing digital works , their attached usage rights , and digital tickets ;
transaction processing means having a requester mode of operation for requesting access to a digital work , said request specifying a usage right , and a server mode of operation for processing requests to access said requested digital work based on said usage right specified in said request , the usage rights attached to said digital work , and digital tickets associated with said usage rights ;
a generic ticket agent for punching digital tickets to indicate that an associated usage right has been exercised ;
and a coupling means for coupling to another of said plurality of repositories across a communications medium .

EP0715247A1
CLAIM 8 A method for controlling the number of times that a usage right attached to a digital work may be exercised in a computer controlled system for the distribution of digital works , said method comprising the steps of : a) creating a digital work ;
b) defining a usage right for said digital work , said usage right specifying a digital ticket indicating a predetermined number of times that said usage right may be exercised ;
c) creating said digital ticket with an indicator of said predetermined number (one order) ;
d) storing said digital work , said usage right and said digital ticket in a first repository ;
e) a second repository transmitting a request to access said digital work to said first repository , said request specifying said usage right ;
f) said first repository determining if said digital ticket for said usage right indicates that said usage right has been exercised said predetermined number of times ;
g) if said digital ticket indicates that said usage right has been exercised said predetermined number of times , said first repository denying access to said digital work ;
h) if said digital ticket indicates that said usage right has not been exercised said predetermined number of times , said first repository granting access to said digital work ;
and i) said first repository punching said digital ticket to indicate an instance of exercising said usage right .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code (particular instance) is executable to create the steps on each occasion that the executable instruction is to be executed . 		EP0715247A1
CLAIM 1 A system for controlling the distribution and use of digital works comprising : means for attaching one or more usage rights to a digital work , each of said one or more usage rights specifying a particular instance (executable code, executable form, executable instructions, executable conversion, executable conversion code, digital data arrangement comprising executable code) of how said digital work may be used or distributed , each of said usage rights being capable of specifying a digital ticket , the possession of said digital ticket being a condition on the exercise of a right specifying said digital ticket ;
a plurality of repositories for storing and exchanging digital works , each of said plurality of repositories comprising : storage means for storing digital works , their attached usage rights , and digital tickets ;
transaction processing means having a requester mode of operation for requesting access to a digital work , said request specifying a usage right , and a server mode of operation for processing requests to access said requested digital work based on said usage right specified in said request , the usage rights attached to said digital work , and digital tickets associated with said usage rights ;
a generic ticket agent for punching digital tickets to indicate that an associated usage right has been exercised ;
and a coupling means for coupling to another of said plurality of repositories across a communications medium .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code (particular instance) executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		EP0715247A1
CLAIM 1 A system for controlling the distribution and use of digital works comprising : means for attaching one or more usage rights to a digital work , each of said one or more usage rights specifying a particular instance (executable code, executable form, executable instructions, executable conversion, executable conversion code, digital data arrangement comprising executable code) of how said digital work may be used or distributed , each of said usage rights being capable of specifying a digital ticket , the possession of said digital ticket being a condition on the exercise of a right specifying said digital ticket ;
a plurality of repositories for storing and exchanging digital works , each of said plurality of repositories comprising : storage means for storing digital works , their attached usage rights , and digital tickets ;
transaction processing means having a requester mode of operation for requesting access to a digital work , said request specifying a usage right , and a server mode of operation for processing requests to access said requested digital work based on said usage right specified in said request , the usage rights attached to said digital work , and digital tickets associated with said usage rights ;
a generic ticket agent for punching digital tickets to indicate that an associated usage right has been exercised ;
and a coupling means for coupling to another of said plurality of repositories across a communications medium .

US7162735B2
CLAIM 36 . The arrangement of claim 34 , wherein the executable code (particular instance) is executable to create corrupt data in addition to each part of protected code . 		EP0715247A1
CLAIM 1 A system for controlling the distribution and use of digital works comprising : means for attaching one or more usage rights to a digital work , each of said one or more usage rights specifying a particular instance (executable code, executable form, executable instructions, executable conversion, executable conversion code, digital data arrangement comprising executable code) of how said digital work may be used or distributed , each of said usage rights being capable of specifying a digital ticket , the possession of said digital ticket being a condition on the exercise of a right specifying said digital ticket ;
a plurality of repositories for storing and exchanging digital works , each of said plurality of repositories comprising : storage means for storing digital works , their attached usage rights , and digital tickets ;
transaction processing means having a requester mode of operation for requesting access to a digital work , said request specifying a usage right , and a server mode of operation for processing requests to access said requested digital work based on said usage right specified in said request , the usage rights attached to said digital work , and digital tickets associated with said usage rights ;
a generic ticket agent for punching digital tickets to indicate that an associated usage right has been exercised ;
and a coupling means for coupling to another of said plurality of repositories across a communications medium .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code (particular instance) and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		EP0715247A1
CLAIM 1 A system for controlling the distribution and use of digital works comprising : means for attaching one or more usage rights to a digital work , each of said one or more usage rights specifying a particular instance (executable code, executable form, executable instructions, executable conversion, executable conversion code, digital data arrangement comprising executable code) of how said digital work may be used or distributed , each of said usage rights being capable of specifying a digital ticket , the possession of said digital ticket being a condition on the exercise of a right specifying said digital ticket ;
a plurality of repositories for storing and exchanging digital works , each of said plurality of repositories comprising : storage means for storing digital works , their attached usage rights , and digital tickets ;
transaction processing means having a requester mode of operation for requesting access to a digital work , said request specifying a usage right , and a server mode of operation for processing requests to access said requested digital work based on said usage right specified in said request , the usage rights attached to said digital work , and digital tickets associated with said usage rights ;
a generic ticket agent for punching digital tickets to indicate that an associated usage right has been exercised ;
and a coupling means for coupling to another of said plurality of repositories across a communications medium .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5638445A

Filed: 1995-09-19     Issued: 1997-06-10

Blind encryption

(Original Assignee) Microsoft Corp     (Current Assignee) Microsoft Technology Licensing LLC

Jeffrey F. Spelman, Matthew W. Thomlinson
US7162735B2
CLAIM 2 . A computer memory device containing computer software (first private key, first public key, first means) in accordance with claim 1 . 		US5638445A
CLAIM 4 . The method of claim 3 wherein the first key is a first public key (computer system comprising memory, computer memory device containing computer software) having associated therewith a first private key (computer system comprising memory, computer memory device containing computer software) and the second key is a second public key having associated therewith a second private key .

US5638445A
CLAIM 25 . The apparatus of claim 24 further comprising : first means (computer system comprising memory, computer memory device containing computer software) for decrypting the re-encrypted key k1 , said first means using said first private key ;
and second means for decrypting the first part , said second means using key k1 to perform said decryption .

US7162735B2
CLAIM 5 . A computer system comprising memory (first private key, first public key, first means) means containing a digital protection arrangement according to claim 4 . 		US5638445A
CLAIM 4 . The method of claim 3 wherein the first key is a first public key (computer system comprising memory, computer memory device containing computer software) having associated therewith a first private key (computer system comprising memory, computer memory device containing computer software) and the second key is a second public key having associated therewith a second private key .

US5638445A
CLAIM 25 . The apparatus of claim 24 further comprising : first means (computer system comprising memory, computer memory device containing computer software) for decrypting the re-encrypted key k1 , said first means using said first private key ;
and second means for decrypting the first part , said second means using key k1 to perform said decryption .

US7162735B2
CLAIM 25 . The arrangement of claim 18 , wherein the or each algorithm for converting code is a CRC algorithm (mod N) . 		US5638445A
CLAIM 9 . The method of claim 8 wherein the multiplier is b R mod N (CRC algorithm) , wherein R is the recryptor' ;
s public key , N is a modulus of R , and b is a random number that is less than N .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5721781A

Filed: 1995-09-13     Issued: 1998-02-24

Authentication system and method for smart card transactions

(Original Assignee) Microsoft Corp     (Current Assignee) Microsoft Technology Licensing LLC

Vinay Deo, Robert B. Seidensticker, Daniel R. Simon
US7162735B2
CLAIM 4 . A digital data (multiple security) arrangement comprising protected code and security code (public key) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions (additional steps) to the security code , and the security code , when executed , replaces a respective call (multiple security) instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5721781A
CLAIM 3 . A method as recited in claim 1 , wherein the portable information device is associated with a user who has a unique PIN , and further comprising the following additional steps (call instructions) : receiving the PIN at the terminal during the transaction ;
passing the PIN from the terminal to the portable information device ;
and authenticating the the user at the portable information device .

US5721781A
CLAIM 4 . A method for conducting a transaction between a smart card and multiple various types of terminals that are each capable of accessing the smart card during the transaction , each terminal having at least one resident application stored thereon , the method comprising the following steps : storing multiple applications on the smart card , the applications being compatible target applications which operate in conjunction with a corresponding said resident application stored on each of the various terminals ;
establishing multiple security (digital data, respective call, digital protection, digital data protection arrangement) levels for corresponding types of terminals , the security levels having associated value limits for limiting a value of any transaction conducted on the corresponding terminal type ;
assigning a card-related certificate to the smart card , the card-related certificate having a digital signature of a certified authority and a public key (security code) unique to the smart card for use in data encryption ;
assigning terminal-related certificates to the various types of terminal , each terminal-related certificate having the digital signature of the certified authority and a public key unique to the terminal for use in data encryption , said each terminal-related certificate also having information regarding the type of terminal ;
assigning an application-related certificate to each application stored on the smart card and to the resident applications at the terminals , each application-related certificate having the digital signature of the certified authority and a public key unique to that application ;
commencing a transactional session between the smart card and a particular one of the terminals ;
exchanging the device-related and terminal-related certificates between the smart card and the particular terminal ;
authenticating the smart card and the particular terminal to each other using the exchanged device-related and terminal-related certificates ;
determining the security level for particular terminal , at the smart card , using the terminal type information contained in the terminal-related certificate received from the particular terminal ;
selecting a target application from among the multiple applications stored on the smart card that is compatible with the resident application stored at the particular terminal ;
exchanging , between the smart card and the particular terminal , the application-related certificates assigned to the selected target application stored on the smart card and the resident application stored at the particular terminal ;
authenticating the target and resident applications using their exchanged application-related certificates ;
conducting the transaction after the target application has been authenticated ;
and restricting the value of the transaction to the value limit associated with the security level determined for the particular terminal .

US7162735B2
CLAIM 5 . A computer system comprising memory means (monetary value) containing a digital protection (multiple security) arrangement according to claim 4 . 		US5721781A
CLAIM 4 . A method for conducting a transaction between a smart card and multiple various types of terminals that are each capable of accessing the smart card during the transaction , each terminal having at least one resident application stored thereon , the method comprising the following steps : storing multiple applications on the smart card , the applications being compatible target applications which operate in conjunction with a corresponding said resident application stored on each of the various terminals ;
establishing multiple security (digital data, respective call, digital protection, digital data protection arrangement) levels for corresponding types of terminals , the security levels having associated value limits for limiting a value of any transaction conducted on the corresponding terminal type ;
assigning a card-related certificate to the smart card , the card-related certificate having a digital signature of a certified authority and a public key unique to the smart card for use in data encryption ;
assigning terminal-related certificates to the various types of terminal , each terminal-related certificate having the digital signature of the certified authority and a public key unique to the terminal for use in data encryption , said each terminal-related certificate also having information regarding the type of terminal ;
assigning an application-related certificate to each application stored on the smart card and to the resident applications at the terminals , each application-related certificate having the digital signature of the certified authority and a public key unique to that application ;
commencing a transactional session between the smart card and a particular one of the terminals ;
exchanging the device-related and terminal-related certificates between the smart card and the particular terminal ;
authenticating the smart card and the particular terminal to each other using the exchanged device-related and terminal-related certificates ;
determining the security level for particular terminal , at the smart card , using the terminal type information contained in the terminal-related certificate received from the particular terminal ;
selecting a target application from among the multiple applications stored on the smart card that is compatible with the resident application stored at the particular terminal ;
exchanging , between the smart card and the particular terminal , the application-related certificates assigned to the selected target application stored on the smart card and the resident application stored at the particular terminal ;
authenticating the target and resident applications using their exchanged application-related certificates ;
conducting the transaction after the target application has been authenticated ;
and restricting the value of the transaction to the value limit associated with the security level determined for the particular terminal .

US5721781A
CLAIM 5 . A method according to claim 4 and further comprising associating monetary value (memory means) limits with the different security levels .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (multiple security) protection arrangement in accordance with claim 4 . 		US5721781A
CLAIM 4 . A method for conducting a transaction between a smart card and multiple various types of terminals that are each capable of accessing the smart card during the transaction , each terminal having at least one resident application stored thereon , the method comprising the following steps : storing multiple applications on the smart card , the applications being compatible target applications which operate in conjunction with a corresponding said resident application stored on each of the various terminals ;
establishing multiple security (digital data, respective call, digital protection, digital data protection arrangement) levels for corresponding types of terminals , the security levels having associated value limits for limiting a value of any transaction conducted on the corresponding terminal type ;
assigning a card-related certificate to the smart card , the card-related certificate having a digital signature of a certified authority and a public key unique to the smart card for use in data encryption ;
assigning terminal-related certificates to the various types of terminal , each terminal-related certificate having the digital signature of the certified authority and a public key unique to the terminal for use in data encryption , said each terminal-related certificate also having information regarding the type of terminal ;
assigning an application-related certificate to each application stored on the smart card and to the resident applications at the terminals , each application-related certificate having the digital signature of the certified authority and a public key unique to that application ;
commencing a transactional session between the smart card and a particular one of the terminals ;
exchanging the device-related and terminal-related certificates between the smart card and the particular terminal ;
authenticating the smart card and the particular terminal to each other using the exchanged device-related and terminal-related certificates ;
determining the security level for particular terminal , at the smart card , using the terminal type information contained in the terminal-related certificate received from the particular terminal ;
selecting a target application from among the multiple applications stored on the smart card that is compatible with the resident application stored at the particular terminal ;
exchanging , between the smart card and the particular terminal , the application-related certificates assigned to the selected target application stored on the smart card and the resident application stored at the particular terminal ;
authenticating the target and resident applications using their exchanged application-related certificates ;
conducting the transaction after the target application has been authenticated ;
and restricting the value of the transaction to the value limit associated with the security level determined for the particular terminal .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system , is operable as a digital data (multiple security) protection arrangement in accordance with claim 4 . 		US5721781A
CLAIM 4 . A method for conducting a transaction between a smart card and multiple various types of terminals that are each capable of accessing the smart card during the transaction , each terminal having at least one resident application stored thereon , the method comprising the following steps : storing multiple applications on the smart card , the applications being compatible target applications which operate in conjunction with a corresponding said resident application stored on each of the various terminals ;
establishing multiple security (digital data, respective call, digital protection, digital data protection arrangement) levels for corresponding types of terminals , the security levels having associated value limits for limiting a value of any transaction conducted on the corresponding terminal type ;
assigning a card-related certificate to the smart card , the card-related certificate having a digital signature of a certified authority and a public key unique to the smart card for use in data encryption ;
assigning terminal-related certificates to the various types of terminal , each terminal-related certificate having the digital signature of the certified authority and a public key unique to the terminal for use in data encryption , said each terminal-related certificate also having information regarding the type of terminal ;
assigning an application-related certificate to each application stored on the smart card and to the resident applications at the terminals , each application-related certificate having the digital signature of the certified authority and a public key unique to that application ;
commencing a transactional session between the smart card and a particular one of the terminals ;
exchanging the device-related and terminal-related certificates between the smart card and the particular terminal ;
authenticating the smart card and the particular terminal to each other using the exchanged device-related and terminal-related certificates ;
determining the security level for particular terminal , at the smart card , using the terminal type information contained in the terminal-related certificate received from the particular terminal ;
selecting a target application from among the multiple applications stored on the smart card that is compatible with the resident application stored at the particular terminal ;
exchanging , between the smart card and the particular terminal , the application-related certificates assigned to the selected target application stored on the smart card and the resident application stored at the particular terminal ;
authenticating the target and resident applications using their exchanged application-related certificates ;
conducting the transaction after the target application has been authenticated ;
and restricting the value of the transaction to the value limit associated with the security level determined for the particular terminal .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (public key) , when executed , is operable to detect corruption of the protected code . 		US5721781A
CLAIM 4 . A method for conducting a transaction between a smart card and multiple various types of terminals that are each capable of accessing the smart card during the transaction , each terminal having at least one resident application stored thereon , the method comprising the following steps : storing multiple applications on the smart card , the applications being compatible target applications which operate in conjunction with a corresponding said resident application stored on each of the various terminals ;
establishing multiple security levels for corresponding types of terminals , the security levels having associated value limits for limiting a value of any transaction conducted on the corresponding terminal type ;
assigning a card-related certificate to the smart card , the card-related certificate having a digital signature of a certified authority and a public key (security code) unique to the smart card for use in data encryption ;
assigning terminal-related certificates to the various types of terminal , each terminal-related certificate having the digital signature of the certified authority and a public key unique to the terminal for use in data encryption , said each terminal-related certificate also having information regarding the type of terminal ;
assigning an application-related certificate to each application stored on the smart card and to the resident applications at the terminals , each application-related certificate having the digital signature of the certified authority and a public key unique to that application ;
commencing a transactional session between the smart card and a particular one of the terminals ;
exchanging the device-related and terminal-related certificates between the smart card and the particular terminal ;
authenticating the smart card and the particular terminal to each other using the exchanged device-related and terminal-related certificates ;
determining the security level for particular terminal , at the smart card , using the terminal type information contained in the terminal-related certificate received from the particular terminal ;
selecting a target application from among the multiple applications stored on the smart card that is compatible with the resident application stored at the particular terminal ;
exchanging , between the smart card and the particular terminal , the application-related certificates assigned to the selected target application stored on the smart card and the resident application stored at the particular terminal ;
authenticating the target and resident applications using their exchanged application-related certificates ;
conducting the transaction after the target application has been authenticated ;
and restricting the value of the transaction to the value limit associated with the security level determined for the particular terminal .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (public key) is operable to delete the protected code in the event that any corruption is detected . 		US5721781A
CLAIM 4 . A method for conducting a transaction between a smart card and multiple various types of terminals that are each capable of accessing the smart card during the transaction , each terminal having at least one resident application stored thereon , the method comprising the following steps : storing multiple applications on the smart card , the applications being compatible target applications which operate in conjunction with a corresponding said resident application stored on each of the various terminals ;
establishing multiple security levels for corresponding types of terminals , the security levels having associated value limits for limiting a value of any transaction conducted on the corresponding terminal type ;
assigning a card-related certificate to the smart card , the card-related certificate having a digital signature of a certified authority and a public key (security code) unique to the smart card for use in data encryption ;
assigning terminal-related certificates to the various types of terminal , each terminal-related certificate having the digital signature of the certified authority and a public key unique to the terminal for use in data encryption , said each terminal-related certificate also having information regarding the type of terminal ;
assigning an application-related certificate to each application stored on the smart card and to the resident applications at the terminals , each application-related certificate having the digital signature of the certified authority and a public key unique to that application ;
commencing a transactional session between the smart card and a particular one of the terminals ;
exchanging the device-related and terminal-related certificates between the smart card and the particular terminal ;
authenticating the smart card and the particular terminal to each other using the exchanged device-related and terminal-related certificates ;
determining the security level for particular terminal , at the smart card , using the terminal type information contained in the terminal-related certificate received from the particular terminal ;
selecting a target application from among the multiple applications stored on the smart card that is compatible with the resident application stored at the particular terminal ;
exchanging , between the smart card and the particular terminal , the application-related certificates assigned to the selected target application stored on the smart card and the resident application stored at the particular terminal ;
authenticating the target and resident applications using their exchanged application-related certificates ;
conducting the transaction after the target application has been authenticated ;
and restricting the value of the transaction to the value limit associated with the security level determined for the particular terminal .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (public key) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US5721781A
CLAIM 9 . A method as recited in claim 4 and further comprising the additional step of encrypting the application-related certificates before exchanging them using the public key (security code) s from the device-related and terminal-related certificates that have already been exchanged .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (public key) is embedded within the protected code . 		US5721781A
CLAIM 9 . A method as recited in claim 4 and further comprising the additional step of encrypting the application-related certificates before exchanging them using the public key (security code) s from the device-related and terminal-related certificates that have already been exchanged .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (public key) is embedded at locations which are unused by the protected code . 		US5721781A
CLAIM 9 . A method as recited in claim 4 and further comprising the additional step of encrypting the application-related certificates before exchanging them using the public key (security code) s from the device-related and terminal-related certificates that have already been exchanged .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (public key) and to modify the call instruction to refer to the new location . 		US5721781A
CLAIM 9 . A method as recited in claim 4 and further comprising the additional step of encrypting the application-related certificates before exchanging them using the public key (security code) s from the device-related and terminal-related certificates that have already been exchanged .

US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (executable instructions) for decryption . 		US5721781A
CLAIM 20 . Computer-readable media resident at the portable information device and the terminal having computer-executable instructions (executable instructions) for performing the steps in the method recited in claim 1 .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (monetary value) storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US5721781A
CLAIM 5 . A method according to claim 4 and further comprising associating monetary value (memory means) limits with the different security levels .

US7162735B2
CLAIM 29 . A digital data (multiple security) arrangement comprising executable code (different security) executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5721781A
CLAIM 5 . A method according to claim 4 and further comprising associating monetary value limits with the different security (digital data arrangement comprising executable code) levels .

US7162735B2
CLAIM 34 . A digital data (multiple security) arrangement comprising executable code (different security) executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part (following steps) of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5721781A
CLAIM 1 . A method for authenticating a transaction between a portable information device and a terminal , the portable information device storing a device-related certificate unique to the device and the terminal storing a terminal-related certificate unique to the terminal which includes information regarding a type of terminal , the method comprising the following steps (second part) : exchanging the device-related and terminal-related certificates between the portable information device and the terminal during a transaction ;
authenticating the portable information device and the terminal to each other using the exchanged device-related and terminal-related certificates ;
determining , at the portable information device , a security level for the terminal based on the terminal type information contained in the terminal-related certificate received from the terminal , the security level having an associated value limit for a value of the transaction conducted during the transactional session ;
and restricting the value of the transaction to the value limit associated with the determined security level .

US5721781A
CLAIM 5 . A method according to claim 4 and further comprising associating monetary value limits with the different security (digital data arrangement comprising executable code) levels .

US7162735B2
CLAIM 38 . A digital data (multiple security) arrangement comprising protected code , security code (public key) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5721781A
CLAIM 9 . A method as recited in claim 4 and further comprising the additional step of encrypting the application-related certificates before exchanging them using the public key (security code) s from the device-related and terminal-related certificates that have already been exchanged .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions (additional steps) to the security code (public key) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5721781A
CLAIM 3 . A method as recited in claim 1 , wherein the portable information device is associated with a user who has a unique PIN , and further comprising the following additional steps (call instructions) : receiving the PIN at the terminal during the transaction ;
passing the PIN from the terminal to the portable information device ;
and authenticating the the user at the portable information device .

US5721781A
CLAIM 9 . A method as recited in claim 4 and further comprising the additional step of encrypting the application-related certificates before exchanging them using the public key (security code) s from the device-related and terminal-related certificates that have already been exchanged .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5745879A

Filed: 1995-09-06     Issued: 1998-04-28

Method and system for managing execution of licensed programs

(Original Assignee) Digital Equipment Corp     (Current Assignee) Hewlett Packard Development Co LP

Robert M. Wyman
US7162735B2
CLAIM 1 . Computer software (computer program) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5745879A
CLAIM 27 . A memory storing a computer program (Computer software) for managing access to software items comprising : means for maintaining a store of license authorizations for said software items , each of said license authorizations including an identification of a corresponding software item and one or more policy components used to define a license management policy for said corresponding software item , one of said policy components being a platform context describing a computer platform upon which said software product is used , said platform context identifying at least one of the following : a login domain , a node in the computer system , a user name , a product name , an operating system , an execution domain , or a type of computer processor ;
means for sending a request from said client executing in a computer system to a server to obtain permission to use said software item , said request including data identifying the client and the software item ;
means for retrieving , in response to said means for sending a request , a license authorization from said store that corresponds to said software item ;
means for determining , using said license authorization , whether to grant or refuse said request ;
and means for sending a response to said client indicating whether said request has been granted or refused .

US7162735B2
CLAIM 3 . A computer system (distributed computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US5745879A
CLAIM 24 . The method of claim 23 wherein said license manager is a license server , said request is sent to said license server , and said client and said license server are included in a distributed computer system (computer system) .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call (application context) instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5745879A
CLAIM 9 . The method of claim 8 wherein said context further includes an application context (respective call, respective call instruction) identifying an element which is supplied by said software item .

US7162735B2
CLAIM 5 . A computer system (distributed computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US5745879A
CLAIM 24 . The method of claim 23 wherein said license manager is a license server , said request is sent to said license server , and said client and said license server are included in a distributed computer system (computer system) .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (distributed computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5745879A
CLAIM 24 . The method of claim 23 wherein said license manager is a license server , said request is sent to said license server , and said client and said license server are included in a distributed computer system (computer system) .

US7162735B2
CLAIM 7 . Computer software (computer program) which , when installed on a computer system (distributed computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5745879A
CLAIM 24 . The method of claim 23 wherein said license manager is a license server , said request is sent to said license server , and said client and said license server are included in a distributed computer system (computer system) .

US5745879A
CLAIM 27 . A memory storing a computer program (Computer software) for managing access to software items comprising : means for maintaining a store of license authorizations for said software items , each of said license authorizations including an identification of a corresponding software item and one or more policy components used to define a license management policy for said corresponding software item , one of said policy components being a platform context describing a computer platform upon which said software product is used , said platform context identifying at least one of the following : a login domain , a node in the computer system , a user name , a product name , an operating system , an execution domain , or a type of computer processor ;
means for sending a request from said client executing in a computer system to a server to obtain permission to use said software item , said request including data identifying the client and the software item ;
means for retrieving , in response to said means for sending a request , a license authorization from said store that corresponds to said software item ;
means for determining , using said license authorization , whether to grant or refuse said request ;
and means for sending a response to said client indicating whether said request has been granted or refused .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion (computing environment) code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5745879A
CLAIM 16 . The system of claim 15 wherein said means for maintaining , said means for retrieving and said means for sending a response to said client are included in a license server in a distributed computing environment (executable conversion) , and said means for sending a request from a client is included in a client node in said distributed computing environment .

US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form for subsequent execution (end time) . 		US5745879A
CLAIM 26 . The method of claim 23 wherein said license authorization defines a license use period having a start time and end time (subsequent execution) and said license manager uses said start time and said end time to determine whether to grant or refuse said request .

US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form for subsequent execution (end time) . 		US5745879A
CLAIM 26 . The method of claim 23 wherein said license authorization defines a license use period having a start time and end time (subsequent execution) and said license manager uses said start time and said end time to determine whether to grant or refuse said request .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion (computing environment) code to be executed when seeking to access the protected data . 		US5745879A
CLAIM 16 . The system of claim 15 wherein said means for maintaining , said means for retrieving and said means for sending a response to said client are included in a license server in a distributed computing environment (executable conversion) , and said means for sending a request from a client is included in a client node in said distributed computing environment .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (distributed computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5745879A
CLAIM 24 . The method of claim 23 wherein said license manager is a license server , said request is sent to said license server , and said client and said license server are included in a distributed computer system (computer system) .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (distributed computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5745879A
CLAIM 24 . The method of claim 23 wherein said license manager is a license server , said request is sent to said license server , and said client and said license server are included in a distributed computer system (computer system) .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (distributed computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5745879A
CLAIM 24 . The method of claim 23 wherein said license manager is a license server , said request is sent to said license server , and said client and said license server are included in a distributed computer system (computer system) .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (distributed computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5745879A
CLAIM 24 . The method of claim 23 wherein said license manager is a license server , said request is sent to said license server , and said client and said license server are included in a distributed computer system (computer system) .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5671412A

Filed: 1995-07-28     Issued: 1997-09-23

License management system for software applications

(Original Assignee) Globetrotter Software Inc     (Current Assignee) Flexera Software LLC

Matt Christiano
US7162735B2
CLAIM 2 . A computer memory device (management system) containing computer software in accordance with claim 1 . 		US5671412A
CLAIM 14 . A method as recited in claim 2 wherein a fail safe indicator is stored in said license record , said fail safe indicator indicating that licenses over the amount of licenses stored in said license record can be provided to clients when a failure occurs in a license management system (computer memory device, computer memory device containing computer software) , said license management system including said license database and said clients .

US7162735B2
CLAIM 5 . A computer system comprising memory means containing a digital protection arrangement (comprising steps) according to claim 4 . 		US5671412A
CLAIM 12 . A method as recited in claim 3 further comprising steps (digital protection arrangement) of : determining when a client requests a license to operate a software program , said license ;
being provided by a license record stored in said license database ;
and providing said license to said client when said license is determined to be available for said client .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5673315A

Filed: 1995-07-24     Issued: 1997-09-30

Method and system for software asset usage detection and management

(Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp

Timothy J. Wolf
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software (computer software) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5673315A
CLAIM 11 . A computer software (computer software) asset management system for a computer system having a processor , a program memory , and a program execution operating system , said computer system having at least one application program software asset whose usage in said computer system is to be managed , said management system comprising : means in said computer system for reading a header portion of said application program software asset to locate therein any Dynamically Linked Library (DLL) routine references ;
means in said computer system for loading into said program memory any said DLL routine found to be referenced in said header portion of said application' ;
s program ;
means in said computer system' ;
s processor for executing any program logic contained in said DLL routines loaded into said program memory of said computer system ;
and means in said computer system responsive to the execution of said program logic of at least one of said DLLs for loading into said program memory a new DLL containing an operating system kernel , thereby permitting execution of said application program only when said program logic of said at least one DLL routine provides application execution permission upon execution of said program logic therein .

US7162735B2
CLAIM 2 . A computer memory device (management system) containing computer software (computer software) in accordance with claim 1 . 		US5673315A
CLAIM 11 . A computer software (computer software) asset management system (computer memory device, computer memory device containing computer software) for a computer system having a processor , a program memory , and a program execution operating system , said computer system having at least one application program software asset whose usage in said computer system is to be managed , said management system comprising : means in said computer system for reading a header portion of said application program software asset to locate therein any Dynamically Linked Library (DLL) routine references ;
means in said computer system for loading into said program memory any said DLL routine found to be referenced in said header portion of said application' ;
s program ;
means in said computer system' ;
s processor for executing any program logic contained in said DLL routines loaded into said program memory of said computer system ;
and means in said computer system responsive to the execution of said program logic of at least one of said DLLs for loading into said program memory a new DLL containing an operating system kernel , thereby permitting execution of said application program only when said program logic of said at least one DLL routine provides application execution permission upon execution of said program logic therein .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (computer software) protected by means of computer software in accordance with claim 1 . 		US5673315A
CLAIM 11 . A computer software (computer software) asset management system for a computer system having a processor , a program memory , and a program execution operating system , said computer system having at least one application program software asset whose usage in said computer system is to be managed , said management system comprising : means in said computer system for reading a header portion of said application program software asset to locate therein any Dynamically Linked Library (DLL) routine references ;
means in said computer system for loading into said program memory any said DLL routine found to be referenced in said header portion of said application' ;
s program ;
means in said computer system' ;
s processor for executing any program logic contained in said DLL routines loaded into said program memory of said computer system ;
and means in said computer system responsive to the execution of said program logic of at least one of said DLLs for loading into said program memory a new DLL containing an operating system kernel , thereby permitting execution of said application program only when said program logic of said at least one DLL routine provides application execution permission upon execution of said program logic therein .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		US5673315A
CLAIM 2 . A method as described in claim 1 , further including a step of recording in said memory (relocation code) said executing of said DLL providing said execution permission logic as a record of attempted usage of said application program .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US5673315A
CLAIM 2 . A method as described in claim 1 , further including a step of recording in said memory (relocation code) said executing of said DLL providing said execution permission logic as a record of attempted usage of said application program .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key derived from a respective target block (d line) . 		US5673315A
CLAIM 10 . A method is described in any of claims 2 through 4 , further including steps of : comparing said record of attempted usage of said application program against a prestored number representing the authorized limit of use of said application program ;
and directing said loading into said program memory of said DLL containing said operating system kernel only if said record of attempted usage does not exceed said authorized limit . Appendix 1 - Sample `C' ;
source code to implement DLL initializationheaderint . sub . -- CRT . sub . -- init(void) ;
void . sub . -- CRT . sub . -- term(void) ;
static PIB pib ;
static PTIB tib ;
unsigned long . sub . -- System . sub . -- DLL . sub . -- InitTerm(unsigned long hModule , unsigned long ulFlag) { switch(ulFlag) { case 0 : // Indicates `Program Starting' ;
{if ( . sub . -- CRT . sub . -- init () ==-1) // Required return 0UL ;
// Load Failed if unsuccessful// Program is attempting to run . . . // One way to get the name of the program running is to use//// DosGetInfoBlocks(& ;
tib , & ;
pib) ;
//// pib -> ;
pib . sub . -- pchcmd holds the command line (respective target block) used// to start the program//////if (PermissionToRun()) // perform any verification desired return(1UL) ;
// OK - Load is successfulreturn(0UL) ;
// Load Failedbreak ;
} case 1 : // Indicates `Program Stopping' ;
{ . sub . -- CRT . sub . -- term() ;
// Perform any cleanup or execution // termination logic here . return 1UL ;
// OK} } return 0ul ;
Appendix 2 - Sample Module Definition File for Intercept DLLThe following is an example of a module definition file thatmight be used to create an intercept dll named DOSCALLX . DLL . Note that an Export in the intercept DLL DOSCALLX is no morethan a passthrough to its corresponding Export in DOSCALLSLIBRARY DOSCALLX INITINSTANCE TERMINSTANCEPROTMODEDATA NONSHARED MULTIPLE LOADONCALLCODE SHARED LOADONCALLIMPORTS a0000001 = DOSCALLS . 1 a0000002 = DOSCALLS . 2 a0000003 = DOSCALLS . 3 . . . a0000500 = DOSCALLS . 500EXPORTS a000000l @l a0000002 @2 a0000003 @3 . . . a0000500 @500 . sub . -- CRT . sub . -- init

US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form for subsequent execution (computer operating system) . 		US5673315A
CLAIM 12 . A tool for application program management in a computer system having a processor , a program memory , and a program execution operation system , wherein usage of said application program is to be managed , comprising : means , effective in said computer system , for reading a header portion of said application program whose usage in said system is to be managed , and for locating in said header portion any references to Dynamically Linked Library (DLL) routines ;
means , effective in said computer system , for loading into said program memory of said computer system any said DLL routine found to be referenced in said header portion ;
means , responsive to said loading step and effective in said computer system' ;
s processor , for executing any program logic contained in said referenced DLL routines loaded into said program memory ;
and means , effective in said computer system and responsive to the execution of said program logic of at least one of said referenced DLL routines , for loading into said program memory a new DLL containing a computer operating system (subsequent execution) kernel , thereby permitting execution of said application program whose usage is to be managed , said loading occurring only when said program logic of said at least one referenced DLL routine provides execution permission , upon execution of said program logic therein .

US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form for subsequent execution (computer operating system) . 		US5673315A
CLAIM 12 . A tool for application program management in a computer system having a processor , a program memory , and a program execution operation system , wherein usage of said application program is to be managed , comprising : means , effective in said computer system , for reading a header portion of said application program whose usage in said system is to be managed , and for locating in said header portion any references to Dynamically Linked Library (DLL) routines ;
means , effective in said computer system , for loading into said program memory of said computer system any said DLL routine found to be referenced in said header portion ;
means , responsive to said loading step and effective in said computer system' ;
s processor , for executing any program logic contained in said referenced DLL routines loaded into said program memory ;
and means , effective in said computer system and responsive to the execution of said program logic of at least one of said referenced DLL routines , for loading into said program memory a new DLL containing a computer operating system (subsequent execution) kernel , thereby permitting execution of said application program whose usage is to be managed , said loading occurring only when said program logic of said at least one referenced DLL routine provides execution permission , upon execution of said program logic therein .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part (said sub) of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5673315A
CLAIM 7 . A method as described in any one of claims 1 through 4 , further including a step of searching said application program header to locate a reference to the operating system kernel DLL and , replacing said reference in said application program header with a substitute DLL reference identifying a substitute DLL which contains execution permission logic including a conditional pointer to pass execution from said sub (first part) stitute DLL to said original DLL only if said execution permission is provided by execution of said substitute DLL .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5673315A
CLAIM 2 . A method as described in claim 1 , further including a step of recording in said memory (relocation code) said executing of said DLL providing said execution permission logic as a record of attempted usage of said application program .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5673315A
CLAIM 2 . A method as described in claim 1 , further including a step of recording in said memory (relocation code) said executing of said DLL providing said execution permission logic as a record of attempted usage of said application program .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5592549A

Filed: 1995-06-15     Issued: 1997-01-07

Method and apparatus for retrieving selected information from a secure information source

(Original Assignee) Infosafe Systems Inc     (Current Assignee) HARMONY LOGIC SYSTEMS LLC

Robert Nagel, Thomas H. Lipscomb
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key (decryption device) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5592549A
CLAIM 1 . In apparatus for retrieving information from a secure electronic information source , wherein at least some of said information is in encrypted form and are decrypted for use ;
and wherein said apparatus comprises : (a) a control device for selecting information to be retrieved from said information source ;
(b) an information retrieval device , coupled to said control device , for retrieving said selected information from said information source ;
(c) a decryption device (conversion key) , coupled to said control device , for decrypting at least portions of said selected information retrieved from said information source ;
and (d) a data logging device , coupled to said control device , for maintaining a data log of said selected information as it is retrieved from said information source and decrypted ;
the improvement comprising the method steps of automatically electronically : (1) adding a unique brand code to at least some of said selected and decrypted information ;
and (2) adding said brand code to said data log in association with the identity of said selected and decrypted information ;
whereby at least some of said selected and decrypted information includes a brand code .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (retrieval device) in accordance with claim 1 . 		US5592549A
CLAIM 1 . In apparatus for retrieving information from a secure electronic information source , wherein at least some of said information is in encrypted form and are decrypted for use ;
and wherein said apparatus comprises : (a) a control device for selecting information to be retrieved from said information source ;
(b) an information retrieval device (respective conversion, respective conversion key, respective target block, memory location, computer memory device containing computer software) , coupled to said control device , for retrieving said selected information from said information source ;
(c) a decryption device , coupled to said control device , for decrypting at least portions of said selected information retrieved from said information source ;
and (d) a data logging device , coupled to said control device , for maintaining a data log of said selected information as it is retrieved from said information source and decrypted ;
the improvement comprising the method steps of automatically electronically : (1) adding a unique brand code to at least some of said selected and decrypted information ;
and (2) adding said brand code to said data log in association with the identity of said selected and decrypted information ;
whereby at least some of said selected and decrypted information includes a brand code .

US7162735B2
CLAIM 5 . A computer system comprising memory means (control device) containing a digital protection arrangement according to claim 4 . 		US5592549A
CLAIM 1 . In apparatus for retrieving information from a secure electronic information source , wherein at least some of said information is in encrypted form and are decrypted for use ;
and wherein said apparatus comprises : (a) a control device (memory means, start point, processor means) for selecting information to be retrieved from said information source ;
(b) an information retrieval device , coupled to said control device , for retrieving said selected information from said information source ;
(c) a decryption device , coupled to said control device , for decrypting at least portions of said selected information retrieved from said information source ;
and (d) a data logging device , coupled to said control device , for maintaining a data log of said selected information as it is retrieved from said information source and decrypted ;
the improvement comprising the method steps of automatically electronically : (1) adding a unique brand code to at least some of said selected and decrypted information ;
and (2) adding said brand code to said data log in association with the identity of said selected and decrypted information ;
whereby at least some of said selected and decrypted information includes a brand code .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key (decryption device) from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5592549A
CLAIM 1 . In apparatus for retrieving information from a secure electronic information source , wherein at least some of said information is in encrypted form and are decrypted for use ;
and wherein said apparatus comprises : (a) a control device for selecting information to be retrieved from said information source ;
(b) an information retrieval device , coupled to said control device , for retrieving said selected information from said information source ;
(c) a decryption device (conversion key) , coupled to said control device , for decrypting at least portions of said selected information retrieved from said information source ;
and (d) a data logging device , coupled to said control device , for maintaining a data log of said selected information as it is retrieved from said information source and decrypted ;
the improvement comprising the method steps of automatically electronically : (1) adding a unique brand code to at least some of said selected and decrypted information ;
and (2) adding said brand code to said data log in association with the identity of said selected and decrypted information ;
whereby at least some of said selected and decrypted information includes a brand code .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (decryption device) derived from a respective target block (retrieval device) . 		US5592549A
CLAIM 1 . In apparatus for retrieving information from a secure electronic information source , wherein at least some of said information is in encrypted form and are decrypted for use ;
and wherein said apparatus comprises : (a) a control device for selecting information to be retrieved from said information source ;
(b) an information retrieval device (respective conversion, respective conversion key, respective target block, memory location, computer memory device containing computer software) , coupled to said control device , for retrieving said selected information from said information source ;
(c) a decryption device (conversion key) , coupled to said control device , for decrypting at least portions of said selected information retrieved from said information source ;
and (d) a data logging device , coupled to said control device , for maintaining a data log of said selected information as it is retrieved from said information source and decrypted ;
the improvement comprising the method steps of automatically electronically : (1) adding a unique brand code to at least some of said selected and decrypted information ;
and (2) adding said brand code to said data log in association with the identity of said selected and decrypted information ;
whereby at least some of said selected and decrypted information includes a brand code .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (control device) storing the protected data , decryption instructions and conversion code with a start point (control device) at a memory location (retrieval device) indicated within the arrangement as the start point for the protected data , whereby the processor means (control device) will cause the executable conversion code to be executed when seeking to access the protected data . 		US5592549A
CLAIM 1 . In apparatus for retrieving information from a secure electronic information source , wherein at least some of said information is in encrypted form and are decrypted for use ;
and wherein said apparatus comprises : (a) a control device (memory means, start point, processor means) for selecting information to be retrieved from said information source ;
(b) an information retrieval device (respective conversion, respective conversion key, respective target block, memory location, computer memory device containing computer software) , coupled to said control device , for retrieving said selected information from said information source ;
(c) a decryption device , coupled to said control device , for decrypting at least portions of said selected information retrieved from said information source ;
and (d) a data logging device , coupled to said control device , for maintaining a data log of said selected information as it is retrieved from said information source and decrypted ;
the improvement comprising the method steps of automatically electronically : (1) adding a unique brand code to at least some of said selected and decrypted information ;
and (2) adding said brand code to said data log in association with the identity of said selected and decrypted information ;
whereby at least some of said selected and decrypted information includes a brand code .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5671275A

Filed: 1995-04-28     Issued: 1997-09-23

Protection of software programs stored in read-only memory from unauthorized access

(Original Assignee) NEC Corp     (Current Assignee) NEC Corp

Hiroshi Ezuriko
US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (unauthorized access) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5671275A
CLAIM 14 . A method for protecting a software program stored in a read-only memory from unauthorized access (security code) , comprising the steps of : a) scrambling an original software program with a keyword ;
b) storing the scrambled software program into the read-only memory ;
c) reading the scrambled software program from the read-only memory ;
and d) descrambling the read software program with a replica of said keyword to produce a replica of said original software program , and supplying the replica of the original software program directly to a microprocessor .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (unauthorized access) , when executed , is operable to detect corruption of the protected code . 		US5671275A
CLAIM 14 . A method for protecting a software program stored in a read-only memory from unauthorized access (security code) , comprising the steps of : a) scrambling an original software program with a keyword ;
b) storing the scrambled software program into the read-only memory ;
c) reading the scrambled software program from the read-only memory ;
and d) descrambling the read software program with a replica of said keyword to produce a replica of said original software program , and supplying the replica of the original software program directly to a microprocessor .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (unauthorized access) is operable to delete the protected code in the event that any corruption is detected . 		US5671275A
CLAIM 14 . A method for protecting a software program stored in a read-only memory from unauthorized access (security code) , comprising the steps of : a) scrambling an original software program with a keyword ;
b) storing the scrambled software program into the read-only memory ;
c) reading the scrambled software program from the read-only memory ;
and d) descrambling the read software program with a replica of said keyword to produce a replica of said original software program , and supplying the replica of the original software program directly to a microprocessor .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (unauthorized access) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US5671275A
CLAIM 14 . A method for protecting a software program stored in a read-only memory from unauthorized access (security code) , comprising the steps of : a) scrambling an original software program with a keyword ;
b) storing the scrambled software program into the read-only memory ;
c) reading the scrambled software program from the read-only memory ;
and d) descrambling the read software program with a replica of said keyword to produce a replica of said original software program , and supplying the replica of the original software program directly to a microprocessor .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (unauthorized access) is embedded within the protected code . 		US5671275A
CLAIM 14 . A method for protecting a software program stored in a read-only memory from unauthorized access (security code) , comprising the steps of : a) scrambling an original software program with a keyword ;
b) storing the scrambled software program into the read-only memory ;
c) reading the scrambled software program from the read-only memory ;
and d) descrambling the read software program with a replica of said keyword to produce a replica of said original software program , and supplying the replica of the original software program directly to a microprocessor .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (unauthorized access) is embedded at locations which are unused by the protected code . 		US5671275A
CLAIM 14 . A method for protecting a software program stored in a read-only memory from unauthorized access (security code) , comprising the steps of : a) scrambling an original software program with a keyword ;
b) storing the scrambled software program into the read-only memory ;
c) reading the scrambled software program from the read-only memory ;
and d) descrambling the read software program with a replica of said keyword to produce a replica of said original software program , and supplying the replica of the original software program directly to a microprocessor .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (unauthorized access) and to modify the call instruction to refer to the new location . 		US5671275A
CLAIM 14 . A method for protecting a software program stored in a read-only memory from unauthorized access (security code) , comprising the steps of : a) scrambling an original software program with a keyword ;
b) storing the scrambled software program into the read-only memory ;
c) reading the scrambled software program from the read-only memory ;
and d) descrambling the read software program with a replica of said keyword to produce a replica of said original software program , and supplying the replica of the original software program directly to a microprocessor .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion (address signals) code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5671275A
CLAIM 8 . A controller comprising : a microprocessor ;
a read-only memory for storing scrambled program data words ;
a random-access memory ;
a data bus for transporting information signals between said microprocessor and said read-only memory and said random-access memory ;
an address bus for transporting address signals (executable conversion) from said microprocessor to said read-only memory and said random-access memory ;
and a data converter connected in said data bus for descrambling data words when said read-only memory is accessed through said address bus to produce a replica of original program data words and applying said replica to said microprocessor for operating said controller , and applying data words to said microprocessor without descrambling the data words when said random-access memory is accessed through said address bus .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion (address signals) code to be executed when seeking to access the protected data . 		US5671275A
CLAIM 8 . A controller comprising : a microprocessor ;
a read-only memory for storing scrambled program data words ;
a random-access memory ;
a data bus for transporting information signals between said microprocessor and said read-only memory and said random-access memory ;
an address bus for transporting address signals (executable conversion) from said microprocessor to said read-only memory and said random-access memory ;
and a data converter connected in said data bus for descrambling data words when said read-only memory is accessed through said address bus to produce a replica of original program data words and applying said replica to said microprocessor for operating said controller , and applying data words to said microprocessor without descrambling the data words when said random-access memory is accessed through said address bus .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (unauthorized access) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5671275A
CLAIM 14 . A method for protecting a software program stored in a read-only memory from unauthorized access (security code) , comprising the steps of : a) scrambling an original software program with a keyword ;
b) storing the scrambled software program into the read-only memory ;
c) reading the scrambled software program from the read-only memory ;
and d) descrambling the read software program with a replica of said keyword to produce a replica of said original software program , and supplying the replica of the original software program directly to a microprocessor .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (unauthorized access) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5671275A
CLAIM 14 . A method for protecting a software program stored in a read-only memory from unauthorized access (security code) , comprising the steps of : a) scrambling an original software program with a keyword ;
b) storing the scrambled software program into the read-only memory ;
c) reading the scrambled software program from the read-only memory ;
and d) descrambling the read software program with a replica of said keyword to produce a replica of said original software program , and supplying the replica of the original software program directly to a microprocessor .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		JPH08305558A

Filed: 1995-04-27     Issued: 1996-11-22

暗号化プログラム演算装置

(Original Assignee) Casio Comput Co Ltd; カシオ計算機株式会社     

Takayuki Hiroya, 孝幸 廣谷
US7162735B2
CLAIM 2 . A computer memory device (書込み) containing computer software in accordance with claim 1 . 		JPH08305558A
CLAIM 4 【請求項4】 前記第2のメモリはキャッシュメモリで あり、暗号プログラムの実行時は、解読された暗号プロ グラムの記憶領域の追出し,書込み (computer memory device) を禁止することを特 徴とする請求項2又は請求項3何れか1項記載の暗号化 プログラム演算装置。
US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (暗号化) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code (の読出し) operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		JPH08305558A
CLAIM 1 【請求項1】 少なくとも暗号解読プログラムを記憶し ている第1のメモリと、 この第1のメモリに記憶された暗号解読プログラムによ り解読された暗号プログラムを記憶する第2のメモリ と、 この第2のメモリに記憶された解読された暗号プログラ ムの外部への読出し (conversion code, converting code) を禁止する読出し禁止手段とを具備 したことを特徴とする暗号化 (decryption instructions) プログラム演算装置。
US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (暗号化) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code (の読出し) is operable to convert each block into an executable form . 		JPH08305558A
CLAIM 1 【請求項1】 少なくとも暗号解読プログラムを記憶し ている第1のメモリと、 この第1のメモリに記憶された暗号解読プログラムによ り解読された暗号プログラムを記憶する第2のメモリ と、 この第2のメモリに記憶された解読された暗号プログラ ムの外部への読出し (conversion code, converting code) を禁止する読出し禁止手段とを具備 したことを特徴とする暗号化 (decryption instructions) プログラム演算装置。
US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form for subsequent execution (実行時) . 		JPH08305558A
CLAIM 4 【請求項4】 前記第2のメモリはキャッシュメモリで あり、暗号プログラムの実行時 (subsequent execution) は、解読された暗号プロ グラムの記憶領域の追出し,書込みを禁止することを特 徴とする請求項2又は請求項3何れか1項記載の暗号化 プログラム演算装置。
US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form for subsequent execution (実行時) . 		JPH08305558A
CLAIM 4 【請求項4】 前記第2のメモリはキャッシュメモリで あり、暗号プログラムの実行時 (subsequent execution) は、解読された暗号プロ グラムの記憶領域の追出し,書込みを禁止することを特 徴とする請求項2又は請求項3何れか1項記載の暗号化 プログラム演算装置。
US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (暗号化) . 		JPH08305558A
CLAIM 1 【請求項1】 少なくとも暗号解読プログラムを記憶し ている第1のメモリと、 この第1のメモリに記憶された暗号解読プログラムによ り解読された暗号プログラムを記憶する第2のメモリ と、 この第2のメモリに記憶された解読された暗号プログラ ムの外部への読出しを禁止する読出し禁止手段とを具備 したことを特徴とする暗号化 (decryption instructions) プログラム演算装置。
US7162735B2
CLAIM 25 . The arrangement of claim 18 , wherein the or each algorithm for converting code (の読出し) is a CRC algorithm . 		JPH08305558A
CLAIM 1 【請求項1】 少なくとも暗号解読プログラムを記憶し ている第1のメモリと、 この第1のメモリに記憶された暗号解読プログラムによ り解読された暗号プログラムを記憶する第2のメモリ と、 この第2のメモリに記憶された解読された暗号プログラ ムの外部への読出し (conversion code, converting code) を禁止する読出し禁止手段とを具備 したことを特徴とする暗号化プログラム演算装置。
US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions (暗号化) and conversion code (の読出し) with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		JPH08305558A
CLAIM 1 【請求項1】 少なくとも暗号解読プログラムを記憶し ている第1のメモリと、 この第1のメモリに記憶された暗号解読プログラムによ り解読された暗号プログラムを記憶する第2のメモリ と、 この第2のメモリに記憶された解読された暗号プログラ ムの外部への読出し (conversion code, converting code) を禁止する読出し禁止手段とを具備 したことを特徴とする暗号化 (decryption instructions) プログラム演算装置。



US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5675645A

Filed: 1995-04-18     Issued: 1997-10-07

Method and apparatus for securing executable programs against copying

(Original Assignee) Ricoh Co Ltd; Ricoh Americas Corp     (Current Assignee) Ricoh Co Ltd ; Ricoh Americas Corp

Edward L. Schwartz, Michael J. Gormish
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block (locking means) of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5675645A
CLAIM 9 . The apparatus of claim 1 , further comprising : clocking means (target block) , within the security chip , for determining a rate of instruction execution of the processor ;
and timing response means for rejecting processor requests when the clocking means determines that the rate is outside a range of normal operation for the processor .

US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US5675645A
CLAIM 1 . An apparatus for executing a secure program in a computer system (computer system) , wherein the ability to make workable copies of the secure program from the computer system is inhibited , the apparatus comprising : a program memory in which the secure program data is stored in an encrypted form ;
a security chip coupled to the program memory , the security chip comprising : means for decrypting portions of the secure program into a clear portion and a remainder portion ;
means for providing the clear portion to memory locations accessible by a processor ;
and remainder memory for storing the remainder portion of the secure program , the remainder memory not directly accessible by the processor ;
means for requesting subsets of the remainder portion for use by the processor ;
and means , within the security chip , for checking that the requested subset is within a valid predetermined set of requested subsets dependent on a stored state for the processor .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US5675645A
CLAIM 1 . An apparatus for executing a secure program in a computer system (computer system) , wherein the ability to make workable copies of the secure program from the computer system is inhibited , the apparatus comprising : a program memory in which the secure program data is stored in an encrypted form ;
a security chip coupled to the program memory , the security chip comprising : means for decrypting portions of the secure program into a clear portion and a remainder portion ;
means for providing the clear portion to memory locations accessible by a processor ;
and remainder memory for storing the remainder portion of the secure program , the remainder memory not directly accessible by the processor ;
means for requesting subsets of the remainder portion for use by the processor ;
and means , within the security chip , for checking that the requested subset is within a valid predetermined set of requested subsets dependent on a stored state for the processor .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5675645A
CLAIM 1 . An apparatus for executing a secure program in a computer system (computer system) , wherein the ability to make workable copies of the secure program from the computer system is inhibited , the apparatus comprising : a program memory in which the secure program data is stored in an encrypted form ;
a security chip coupled to the program memory , the security chip comprising : means for decrypting portions of the secure program into a clear portion and a remainder portion ;
means for providing the clear portion to memory locations accessible by a processor ;
and remainder memory for storing the remainder portion of the secure program , the remainder memory not directly accessible by the processor ;
means for requesting subsets of the remainder portion for use by the processor ;
and means , within the security chip , for checking that the requested subset is within a valid predetermined set of requested subsets dependent on a stored state for the processor .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5675645A
CLAIM 1 . An apparatus for executing a secure program in a computer system (computer system) , wherein the ability to make workable copies of the secure program from the computer system is inhibited , the apparatus comprising : a program memory in which the secure program data is stored in an encrypted form ;
a security chip coupled to the program memory , the security chip comprising : means for decrypting portions of the secure program into a clear portion and a remainder portion ;
means for providing the clear portion to memory locations accessible by a processor ;
and remainder memory for storing the remainder portion of the secure program , the remainder memory not directly accessible by the processor ;
means for requesting subsets of the remainder portion for use by the processor ;
and means , within the security chip , for checking that the requested subset is within a valid predetermined set of requested subsets dependent on a stored state for the processor .

US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (memory location) for decryption . 		US5675645A
CLAIM 1 . An apparatus for executing a secure program in a computer system , wherein the ability to make workable copies of the secure program from the computer system is inhibited , the apparatus comprising : a program memory in which the secure program data is stored in an encrypted form ;
a security chip coupled to the program memory , the security chip comprising : means for decrypting portions of the secure program into a clear portion and a remainder portion ;
means for providing the clear portion to memory location (executable instructions, executable instruction, decryption instructions, memory location) s accessible by a processor ;
and remainder memory for storing the remainder portion of the secure program , the remainder memory not directly accessible by the processor ;
means for requesting subsets of the remainder portion for use by the processor ;
and means , within the security chip , for checking that the requested subset is within a valid predetermined set of requested subsets dependent on a stored state for the processor .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (memory location) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code (branch instructions) operable to : derive a conversion key from a target block (locking means) of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5675645A
CLAIM 1 . An apparatus for executing a secure program in a computer system , wherein the ability to make workable copies of the secure program from the computer system is inhibited , the apparatus comprising : a program memory in which the secure program data is stored in an encrypted form ;
a security chip coupled to the program memory , the security chip comprising : means for decrypting portions of the secure program into a clear portion and a remainder portion ;
means for providing the clear portion to memory location (executable instructions, executable instruction, decryption instructions, memory location) s accessible by a processor ;
and remainder memory for storing the remainder portion of the secure program , the remainder memory not directly accessible by the processor ;
means for requesting subsets of the remainder portion for use by the processor ;
and means , within the security chip , for checking that the requested subset is within a valid predetermined set of requested subsets dependent on a stored state for the processor .

US5675645A
CLAIM 3 . The apparatus of claim 1 , wherein the remainder portion is a set of branch instructions (conversion code) of the secure program .

US5675645A
CLAIM 9 . The apparatus of claim 1 , further comprising : clocking means (target block) , within the security chip , for determining a rate of instruction execution of the processor ;
and timing response means for rejecting processor requests when the clocking means determines that the rate is outside a range of normal operation for the processor .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (memory location) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code (branch instructions) is operable to convert each block into an executable form . 		US5675645A
CLAIM 1 . An apparatus for executing a secure program in a computer system , wherein the ability to make workable copies of the secure program from the computer system is inhibited , the apparatus comprising : a program memory in which the secure program data is stored in an encrypted form ;
a security chip coupled to the program memory , the security chip comprising : means for decrypting portions of the secure program into a clear portion and a remainder portion ;
means for providing the clear portion to memory location (executable instructions, executable instruction, decryption instructions, memory location) s accessible by a processor ;
and remainder memory for storing the remainder portion of the secure program , the remainder memory not directly accessible by the processor ;
means for requesting subsets of the remainder portion for use by the processor ;
and means , within the security chip , for checking that the requested subset is within a valid predetermined set of requested subsets dependent on a stored state for the processor .

US5675645A
CLAIM 3 . The apparatus of claim 1 , wherein the remainder portion is a set of branch instructions (conversion code) of the secure program .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key derived from a respective target block (locking means) . 		US5675645A
CLAIM 9 . The apparatus of claim 1 , further comprising : clocking means (target block) , within the security chip , for determining a rate of instruction execution of the processor ;
and timing response means for rejecting processor requests when the clocking means determines that the rate is outside a range of normal operation for the processor .

US7162735B2
CLAIM 23 . The arrangement of claim 18 , wherein the or each target block (locking means) is contained within the protected data . 		US5675645A
CLAIM 9 . The apparatus of claim 1 , further comprising : clocking means (target block) , within the security chip , for determining a rate of instruction execution of the processor ;
and timing response means for rejecting processor requests when the clocking means determines that the rate is outside a range of normal operation for the processor .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block (locking means) is contained within the decryption instructions (memory location) . 		US5675645A
CLAIM 1 . An apparatus for executing a secure program in a computer system , wherein the ability to make workable copies of the secure program from the computer system is inhibited , the apparatus comprising : a program memory in which the secure program data is stored in an encrypted form ;
a security chip coupled to the program memory , the security chip comprising : means for decrypting portions of the secure program into a clear portion and a remainder portion ;
means for providing the clear portion to memory location (executable instructions, executable instruction, decryption instructions, memory location) s accessible by a processor ;
and remainder memory for storing the remainder portion of the secure program , the remainder memory not directly accessible by the processor ;
means for requesting subsets of the remainder portion for use by the processor ;
and means , within the security chip , for checking that the requested subset is within a valid predetermined set of requested subsets dependent on a stored state for the processor .

US5675645A
CLAIM 9 . The apparatus of claim 1 , further comprising : clocking means (target block) , within the security chip , for determining a rate of instruction execution of the processor ;
and timing response means for rejecting processor requests when the clocking means determines that the rate is outside a range of normal operation for the processor .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions (memory location) and conversion code (branch instructions) with a start point at a memory location (memory location) indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US5675645A
CLAIM 1 . An apparatus for executing a secure program in a computer system , wherein the ability to make workable copies of the secure program from the computer system is inhibited , the apparatus comprising : a program memory in which the secure program data is stored in an encrypted form ;
a security chip coupled to the program memory , the security chip comprising : means for decrypting portions of the secure program into a clear portion and a remainder portion ;
means for providing the clear portion to memory location (executable instructions, executable instruction, decryption instructions, memory location) s accessible by a processor ;
and remainder memory for storing the remainder portion of the secure program , the remainder memory not directly accessible by the processor ;
means for requesting subsets of the remainder portion for use by the processor ;
and means , within the security chip , for checking that the requested subset is within a valid predetermined set of requested subsets dependent on a stored state for the processor .

US5675645A
CLAIM 3 . The apparatus of claim 1 , wherein the remainder portion is a set of branch instructions (conversion code) of the secure program .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5675645A
CLAIM 1 . An apparatus for executing a secure program in a computer system (computer system) , wherein the ability to make workable copies of the secure program from the computer system is inhibited , the apparatus comprising : a program memory in which the secure program data is stored in an encrypted form ;
a security chip coupled to the program memory , the security chip comprising : means for decrypting portions of the secure program into a clear portion and a remainder portion ;
means for providing the clear portion to memory locations accessible by a processor ;
and remainder memory for storing the remainder portion of the secure program , the remainder memory not directly accessible by the processor ;
means for requesting subsets of the remainder portion for use by the processor ;
and means , within the security chip , for checking that the requested subset is within a valid predetermined set of requested subsets dependent on a stored state for the processor .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction (memory location) which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5675645A
CLAIM 1 . An apparatus for executing a secure program in a computer system , wherein the ability to make workable copies of the secure program from the computer system is inhibited , the apparatus comprising : a program memory in which the secure program data is stored in an encrypted form ;
a security chip coupled to the program memory , the security chip comprising : means for decrypting portions of the secure program into a clear portion and a remainder portion ;
means for providing the clear portion to memory location (executable instructions, executable instruction, decryption instructions, memory location) s accessible by a processor ;
and remainder memory for storing the remainder portion of the secure program , the remainder memory not directly accessible by the processor ;
means for requesting subsets of the remainder portion for use by the processor ;
and means , within the security chip , for checking that the requested subset is within a valid predetermined set of requested subsets dependent on a stored state for the processor .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5675645A
CLAIM 1 . An apparatus for executing a secure program in a computer system (computer system) , wherein the ability to make workable copies of the secure program from the computer system is inhibited , the apparatus comprising : a program memory in which the secure program data is stored in an encrypted form ;
a security chip coupled to the program memory , the security chip comprising : means for decrypting portions of the secure program into a clear portion and a remainder portion ;
means for providing the clear portion to memory locations accessible by a processor ;
and remainder memory for storing the remainder portion of the secure program , the remainder memory not directly accessible by the processor ;
means for requesting subsets of the remainder portion for use by the processor ;
and means , within the security chip , for checking that the requested subset is within a valid predetermined set of requested subsets dependent on a stored state for the processor .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code is executable to create the steps on each occasion that the executable instruction (memory location) is to be executed . 		US5675645A
CLAIM 1 . An apparatus for executing a secure program in a computer system , wherein the ability to make workable copies of the secure program from the computer system is inhibited , the apparatus comprising : a program memory in which the secure program data is stored in an encrypted form ;
a security chip coupled to the program memory , the security chip comprising : means for decrypting portions of the secure program into a clear portion and a remainder portion ;
means for providing the clear portion to memory location (executable instructions, executable instruction, decryption instructions, memory location) s accessible by a processor ;
and remainder memory for storing the remainder portion of the secure program , the remainder memory not directly accessible by the processor ;
means for requesting subsets of the remainder portion for use by the processor ;
and means , within the security chip , for checking that the requested subset is within a valid predetermined set of requested subsets dependent on a stored state for the processor .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5675645A
CLAIM 1 . An apparatus for executing a secure program in a computer system (computer system) , wherein the ability to make workable copies of the secure program from the computer system is inhibited , the apparatus comprising : a program memory in which the secure program data is stored in an encrypted form ;
a security chip coupled to the program memory , the security chip comprising : means for decrypting portions of the secure program into a clear portion and a remainder portion ;
means for providing the clear portion to memory locations accessible by a processor ;
and remainder memory for storing the remainder portion of the secure program , the remainder memory not directly accessible by the processor ;
means for requesting subsets of the remainder portion for use by the processor ;
and means , within the security chip , for checking that the requested subset is within a valid predetermined set of requested subsets dependent on a stored state for the processor .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5675645A
CLAIM 1 . An apparatus for executing a secure program in a computer system (computer system) , wherein the ability to make workable copies of the secure program from the computer system is inhibited , the apparatus comprising : a program memory in which the secure program data is stored in an encrypted form ;
a security chip coupled to the program memory , the security chip comprising : means for decrypting portions of the secure program into a clear portion and a remainder portion ;
means for providing the clear portion to memory locations accessible by a processor ;
and remainder memory for storing the remainder portion of the secure program , the remainder memory not directly accessible by the processor ;
means for requesting subsets of the remainder portion for use by the processor ;
and means , within the security chip , for checking that the requested subset is within a valid predetermined set of requested subsets dependent on a stored state for the processor .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		EP0679979A1

Filed: 1995-04-11     Issued: 1995-11-02

Method and apparatus enabling software trial with a try-and-buy user interaction

(Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp

Thomas Edward Cooper, Robert Franklin Pryor
US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (accessible memory) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		EP0679979A1
CLAIM 1 A method of distributing software objects from a producer to a potential user , comprising the method steps of : providing a software object ;
providing a computer-accessible memory (decryption instructions) media ;
providing a file management program ;
reversibly functionally limiting said software object ;
recording said software object onto said computer-accessible memory media ;
shipping said computer-accessible memory media from said producer to said potential user ;
loading said file management program into a user-controlled data processing system and associating it with an operating system for said user-controlled data processing system ;
reading said computer-accessible memory media with said user-controlled data processing system ;
utilizing said file management program by executing it with said user-controlled data processing system to restrict access to said software object .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (accessible memory) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		EP0679979A1
CLAIM 1 A method of distributing software objects from a producer to a potential user , comprising the method steps of : providing a software object ;
providing a computer-accessible memory (decryption instructions) media ;
providing a file management program ;
reversibly functionally limiting said software object ;
recording said software object onto said computer-accessible memory media ;
shipping said computer-accessible memory media from said producer to said potential user ;
loading said file management program into a user-controlled data processing system and associating it with an operating system for said user-controlled data processing system ;
reading said computer-accessible memory media with said user-controlled data processing system ;
utilizing said file management program by executing it with said user-controlled data processing system to restrict access to said software object .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (accessible memory) . 		EP0679979A1
CLAIM 1 A method of distributing software objects from a producer to a potential user , comprising the method steps of : providing a software object ;
providing a computer-accessible memory (decryption instructions) media ;
providing a file management program ;
reversibly functionally limiting said software object ;
recording said software object onto said computer-accessible memory media ;
shipping said computer-accessible memory media from said producer to said potential user ;
loading said file management program into a user-controlled data processing system and associating it with an operating system for said user-controlled data processing system ;
reading said computer-accessible memory media with said user-controlled data processing system ;
utilizing said file management program by executing it with said user-controlled data processing system to restrict access to said software object .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions (accessible memory) and conversion code with a start point at a memory location (access key) indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		EP0679979A1
CLAIM 1 A method of distributing software objects from a producer to a potential user , comprising the method steps of : providing a software object ;
providing a computer-accessible memory (decryption instructions) media ;
providing a file management program ;
reversibly functionally limiting said software object ;
recording said software object onto said computer-accessible memory media ;
shipping said computer-accessible memory media from said producer to said potential user ;
loading said file management program into a user-controlled data processing system and associating it with an operating system for said user-controlled data processing system ;
reading said computer-accessible memory media with said user-controlled data processing system ;
utilizing said file management program by executing it with said user-controlled data processing system to restrict access to said software object .

EP0679979A1
CLAIM 13 A method of distributing software objects according to one of Claims 1 to 12 , wherein said file management program performs a plurality of operations , including : (a) continually monitoring said operating system of said user-controlled data processing system for operating system input calls and output calls ;
(b) identifying when said operating system of said user-controlled data processing system calls for said software object ;
(c) fetching a temporary access key (memory location) associated with said software object ;
(d) examining said temporary access key to determine if it is valid ;
(e) reversing said functional limitation of said software object ;
(f) passing said software object to said data processing system for processing .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		EP0679977A1

Filed: 1995-04-10     Issued: 1995-11-02

Method and apparatus enabling software trial allowing the distribution of software objects

(Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp

Thomas Edward Cooper, Jagdish Nagda, Robert Franklin Pryor
US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		EP0679977A1
CLAIM 1 A method of passing encrypted files between data processing systems , comprising : at a source computer providing at least one file which is encrypted with a key which is at least partially derived from at least one unique source computer system (computer system) attribute ;
providing a transfer memory medium ;
at said source computer , decrypting said at least one file ;
at said source computer , encrypting said at least one file with a key which is derived from at least one unique transfer memory media attribute ;
at said source computer , copying said encrypted file to said transfer memory media ;
at a target computer , decrypting said at least one file ;
at said target computer , encrypting said at least one file with a key which is at least partially derived from at least one target computer system attribute .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		EP0679977A1
CLAIM 1 A method of passing encrypted files between data processing systems , comprising : at a source computer providing at least one file which is encrypted with a key which is at least partially derived from at least one unique source computer system (computer system) attribute ;
providing a transfer memory medium ;
at said source computer , decrypting said at least one file ;
at said source computer , encrypting said at least one file with a key which is derived from at least one unique transfer memory media attribute ;
at said source computer , copying said encrypted file to said transfer memory media ;
at a target computer , decrypting said at least one file ;
at said target computer , encrypting said at least one file with a key which is at least partially derived from at least one target computer system attribute .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		EP0679977A1
CLAIM 1 A method of passing encrypted files between data processing systems , comprising : at a source computer providing at least one file which is encrypted with a key which is at least partially derived from at least one unique source computer system (computer system) attribute ;
providing a transfer memory medium ;
at said source computer , decrypting said at least one file ;
at said source computer , encrypting said at least one file with a key which is derived from at least one unique transfer memory media attribute ;
at said source computer , copying said encrypted file to said transfer memory media ;
at a target computer , decrypting said at least one file ;
at said target computer , encrypting said at least one file with a key which is at least partially derived from at least one target computer system attribute .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		EP0679977A1
CLAIM 1 A method of passing encrypted files between data processing systems , comprising : at a source computer providing at least one file which is encrypted with a key which is at least partially derived from at least one unique source computer system (computer system) attribute ;
providing a transfer memory medium ;
at said source computer , decrypting said at least one file ;
at said source computer , encrypting said at least one file with a key which is derived from at least one unique transfer memory media attribute ;
at said source computer , copying said encrypted file to said transfer memory media ;
at a target computer , decrypting said at least one file ;
at said target computer , encrypting said at least one file with a key which is at least partially derived from at least one target computer system attribute .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		EP0679977A1
CLAIM 1 A method of passing encrypted files between data processing systems , comprising : at a source computer providing at least one file which is encrypted with a key which is at least partially derived from at least one unique source computer system (computer system) attribute ;
providing a transfer memory medium ;
at said source computer , decrypting said at least one file ;
at said source computer , encrypting said at least one file with a key which is derived from at least one unique transfer memory media attribute ;
at said source computer , copying said encrypted file to said transfer memory media ;
at a target computer , decrypting said at least one file ;
at said target computer , encrypting said at least one file with a key which is at least partially derived from at least one target computer system attribute .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		EP0679977A1
CLAIM 1 A method of passing encrypted files between data processing systems , comprising : at a source computer providing at least one file which is encrypted with a key which is at least partially derived from at least one unique source computer system (computer system) attribute ;
providing a transfer memory medium ;
at said source computer , decrypting said at least one file ;
at said source computer , encrypting said at least one file with a key which is derived from at least one unique transfer memory media attribute ;
at said source computer , copying said encrypted file to said transfer memory media ;
at a target computer , decrypting said at least one file ;
at said target computer , encrypting said at least one file with a key which is at least partially derived from at least one target computer system attribute .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		EP0679977A1
CLAIM 1 A method of passing encrypted files between data processing systems , comprising : at a source computer providing at least one file which is encrypted with a key which is at least partially derived from at least one unique source computer system (computer system) attribute ;
providing a transfer memory medium ;
at said source computer , decrypting said at least one file ;
at said source computer , encrypting said at least one file with a key which is derived from at least one unique transfer memory media attribute ;
at said source computer , copying said encrypted file to said transfer memory media ;
at a target computer , decrypting said at least one file ;
at said target computer , encrypting said at least one file with a key which is at least partially derived from at least one target computer system attribute .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption (encrypted files) of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		EP0679977A1
CLAIM 1 A method of passing encrypted files (detects corruption) between data processing systems , comprising : at a source computer providing at least one file which is encrypted with a key which is at least partially derived from at least one unique source computer system attribute ;
providing a transfer memory medium ;
at said source computer , decrypting said at least one file ;
at said source computer , encrypting said at least one file with a key which is derived from at least one unique transfer memory media attribute ;
at said source computer , copying said encrypted file to said transfer memory media ;
at a target computer , decrypting said at least one file ;
at said target computer , encrypting said at least one file with a key which is at least partially derived from at least one target computer system attribute .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption (encrypted files) of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		EP0679977A1
CLAIM 1 A method of passing encrypted files (detects corruption) between data processing systems , comprising : at a source computer providing at least one file which is encrypted with a key which is at least partially derived from at least one unique source computer system attribute ;
providing a transfer memory medium ;
at said source computer , decrypting said at least one file ;
at said source computer , encrypting said at least one file with a key which is derived from at least one unique transfer memory media attribute ;
at said source computer , copying said encrypted file to said transfer memory media ;
at a target computer , decrypting said at least one file ;
at said target computer , encrypting said at least one file with a key which is at least partially derived from at least one target computer system attribute .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		EP0679977A1
CLAIM 1 A method of passing encrypted files between data processing systems , comprising : at a source computer providing at least one file which is encrypted with a key which is at least partially derived from at least one unique source computer system (computer system) attribute ;
providing a transfer memory medium ;
at said source computer , decrypting said at least one file ;
at said source computer , encrypting said at least one file with a key which is derived from at least one unique transfer memory media attribute ;
at said source computer , copying said encrypted file to said transfer memory media ;
at a target computer , decrypting said at least one file ;
at said target computer , encrypting said at least one file with a key which is at least partially derived from at least one target computer system attribute .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		EP0679978A1

Filed: 1995-04-10     Issued: 1995-11-02

Method and apparatus enabling software trial using a decryption stub

(Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp

Thomas Edward Cooper, Robert Franklin Pryor
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code (executable code) which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		EP0679978A1
CLAIM 1 A method in a data processing system of securing access to particular files which are stored in a computer-accessible memory media , comprising the method steps of : providing a file management program as an operating system component of said data processing system ;
storing at least one encrypted file and at least one unencrypted file in said computer-accessible memory media ;
associating an unencrypted security stub , at least partially composed of executable code (executable code) , with each of said at least one encrypted file ;
utilizing said file management program to (a) monitor data processing system calls for a called file stored in said computer-accessible memory media , and (b) determine whether said called file has an associated unencrypted security stub , and (c) process said called file in a particular manner dependent upon whether or not said called file has an associated unencrypted security stub .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code (executable code) , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		EP0679978A1
CLAIM 1 A method in a data processing system of securing access to particular files which are stored in a computer-accessible memory media , comprising the method steps of : providing a file management program as an operating system component of said data processing system ;
storing at least one encrypted file and at least one unencrypted file in said computer-accessible memory media ;
associating an unencrypted security stub , at least partially composed of executable code (executable code) , with each of said at least one encrypted file ;
utilizing said file management program to (a) monitor data processing system calls for a called file stored in said computer-accessible memory media , and (b) determine whether said called file has an associated unencrypted security stub , and (c) process said called file in a particular manner dependent upon whether or not said called file has an associated unencrypted security stub .

US7162735B2
CLAIM 5 . A computer system comprising memory means (memory means) containing a digital protection arrangement according to claim 4 . 		EP0679978A1
CLAIM 14 An apparatus for securing access to particular files which are stored in a computer-accessible memory media in a data processing system , comprising memory means (memory means) for storing at least one encrypted file and at least one unencrypted file in said computer-accessible memory media ;
an unencrypted security stub , at least partially composed of executable code , which is associated with each of said at least one encrypted file ;
a file management program included as an operating system component of said data processing system which is utilized to (a) monitor data processing system calls for a called file stored in said computer-accessible memory media , and (b) determine whether said called file has an associated unencrypted security stub , and (c) process said called files in a particular manner dependent upon whether or not said called file has an associated unencrypted security stub .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (accessible memory) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		EP0679978A1
CLAIM 1 A method in a data processing system of securing access to particular files which are stored in a computer-accessible memory (decryption instructions) media , comprising the method steps of : providing a file management program as an operating system component of said data processing system ;
storing at least one encrypted file and at least one unencrypted file in said computer-accessible memory media ;
associating an unencrypted security stub , at least partially composed of executable code , with each of said at least one encrypted file ;
utilizing said file management program to (a) monitor data processing system calls for a called file stored in said computer-accessible memory media , and (b) determine whether said called file has an associated unencrypted security stub , and (c) process said called file in a particular manner dependent upon whether or not said called file has an associated unencrypted security stub .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (accessible memory) comprise a plurality of blocks of executable code (executable code) stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		EP0679978A1
CLAIM 1 A method in a data processing system of securing access to particular files which are stored in a computer-accessible memory (decryption instructions) media , comprising the method steps of : providing a file management program as an operating system component of said data processing system ;
storing at least one encrypted file and at least one unencrypted file in said computer-accessible memory media ;
associating an unencrypted security stub , at least partially composed of executable code (executable code) , with each of said at least one encrypted file ;
utilizing said file management program to (a) monitor data processing system calls for a called file stored in said computer-accessible memory media , and (b) determine whether said called file has an associated unencrypted security stub , and (c) process said called file in a particular manner dependent upon whether or not said called file has an associated unencrypted security stub .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (accessible memory) . 		EP0679978A1
CLAIM 1 A method in a data processing system of securing access to particular files which are stored in a computer-accessible memory (decryption instructions) media , comprising the method steps of : providing a file management program as an operating system component of said data processing system ;
storing at least one encrypted file and at least one unencrypted file in said computer-accessible memory media ;
associating an unencrypted security stub , at least partially composed of executable code , with each of said at least one encrypted file ;
utilizing said file management program to (a) monitor data processing system calls for a called file stored in said computer-accessible memory media , and (b) determine whether said called file has an associated unencrypted security stub , and (c) process said called file in a particular manner dependent upon whether or not said called file has an associated unencrypted security stub .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code (executable code) and/or a data file . 		EP0679978A1
CLAIM 1 A method in a data processing system of securing access to particular files which are stored in a computer-accessible memory media , comprising the method steps of : providing a file management program as an operating system component of said data processing system ;
storing at least one encrypted file and at least one unencrypted file in said computer-accessible memory media ;
associating an unencrypted security stub , at least partially composed of executable code (executable code) , with each of said at least one encrypted file ;
utilizing said file management program to (a) monitor data processing system calls for a called file stored in said computer-accessible memory media , and (b) determine whether said called file has an associated unencrypted security stub , and (c) process said called file in a particular manner dependent upon whether or not said called file has an associated unencrypted security stub .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (memory means) storing the protected data , decryption instructions (accessible memory) and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		EP0679978A1
CLAIM 1 A method in a data processing system of securing access to particular files which are stored in a computer-accessible memory (decryption instructions) media , comprising the method steps of : providing a file management program as an operating system component of said data processing system ;
storing at least one encrypted file and at least one unencrypted file in said computer-accessible memory media ;
associating an unencrypted security stub , at least partially composed of executable code , with each of said at least one encrypted file ;
utilizing said file management program to (a) monitor data processing system calls for a called file stored in said computer-accessible memory media , and (b) determine whether said called file has an associated unencrypted security stub , and (c) process said called file in a particular manner dependent upon whether or not said called file has an associated unencrypted security stub .

EP0679978A1
CLAIM 14 An apparatus for securing access to particular files which are stored in a computer-accessible memory media in a data processing system , comprising memory means (memory means) for storing at least one encrypted file and at least one unencrypted file in said computer-accessible memory media ;
an unencrypted security stub , at least partially composed of executable code , which is associated with each of said at least one encrypted file ;
a file management program included as an operating system component of said data processing system which is utilized to (a) monitor data processing system calls for a called file stored in said computer-accessible memory media , and (b) determine whether said called file has an associated unencrypted security stub , and (c) process said called files in a particular manner dependent upon whether or not said called file has an associated unencrypted security stub .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code (executable code) executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		EP0679978A1
CLAIM 1 A method in a data processing system of securing access to particular files which are stored in a computer-accessible memory media , comprising the method steps of : providing a file management program as an operating system component of said data processing system ;
storing at least one encrypted file and at least one unencrypted file in said computer-accessible memory media ;
associating an unencrypted security stub , at least partially composed of executable code (executable code) , with each of said at least one encrypted file ;
utilizing said file management program to (a) monitor data processing system calls for a called file stored in said computer-accessible memory media , and (b) determine whether said called file has an associated unencrypted security stub , and (c) process said called file in a particular manner dependent upon whether or not said called file has an associated unencrypted security stub .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code (executable code) is executable to create the steps on each occasion that the executable instruction is to be executed . 		EP0679978A1
CLAIM 1 A method in a data processing system of securing access to particular files which are stored in a computer-accessible memory media , comprising the method steps of : providing a file management program as an operating system component of said data processing system ;
storing at least one encrypted file and at least one unencrypted file in said computer-accessible memory media ;
associating an unencrypted security stub , at least partially composed of executable code (executable code) , with each of said at least one encrypted file ;
utilizing said file management program to (a) monitor data processing system calls for a called file stored in said computer-accessible memory media , and (b) determine whether said called file has an associated unencrypted security stub , and (c) process said called file in a particular manner dependent upon whether or not said called file has an associated unencrypted security stub .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code (executable code) executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		EP0679978A1
CLAIM 1 A method in a data processing system of securing access to particular files which are stored in a computer-accessible memory media , comprising the method steps of : providing a file management program as an operating system component of said data processing system ;
storing at least one encrypted file and at least one unencrypted file in said computer-accessible memory media ;
associating an unencrypted security stub , at least partially composed of executable code (executable code) , with each of said at least one encrypted file ;
utilizing said file management program to (a) monitor data processing system calls for a called file stored in said computer-accessible memory media , and (b) determine whether said called file has an associated unencrypted security stub , and (c) process said called file in a particular manner dependent upon whether or not said called file has an associated unencrypted security stub .

US7162735B2
CLAIM 36 . The arrangement of claim 34 , wherein the executable code (executable code) is executable to create corrupt data in addition to each part of protected code . 		EP0679978A1
CLAIM 1 A method in a data processing system of securing access to particular files which are stored in a computer-accessible memory media , comprising the method steps of : providing a file management program as an operating system component of said data processing system ;
storing at least one encrypted file and at least one unencrypted file in said computer-accessible memory media ;
associating an unencrypted security stub , at least partially composed of executable code (executable code) , with each of said at least one encrypted file ;
utilizing said file management program to (a) monitor data processing system calls for a called file stored in said computer-accessible memory media , and (b) determine whether said called file has an associated unencrypted security stub , and (c) process said called file in a particular manner dependent upon whether or not said called file has an associated unencrypted security stub .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code (executable code) and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		EP0679978A1
CLAIM 1 A method in a data processing system of securing access to particular files which are stored in a computer-accessible memory media , comprising the method steps of : providing a file management program as an operating system component of said data processing system ;
storing at least one encrypted file and at least one unencrypted file in said computer-accessible memory media ;
associating an unencrypted security stub , at least partially composed of executable code (executable code) , with each of said at least one encrypted file ;
utilizing said file management program to (a) monitor data processing system calls for a called file stored in said computer-accessible memory media , and (b) determine whether said called file has an associated unencrypted security stub , and (c) process said called file in a particular manner dependent upon whether or not said called file has an associated unencrypted security stub .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5696823A

Filed: 1995-03-31     Issued: 1997-12-09

High-bandwidth encryption system with low-bandwidth cryptographic modules

(Original Assignee) Nokia of America Corp     (Current Assignee) Nokia of America Corp

Matthew A. Blaze
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key (encrypting data) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5696823A
CLAIM 1 . A method of encrypting data (conversion key) comprising the steps of receiving at a cryptographic module a hash value representing a block of data from a host ;
encrypting the hash value at the cryptographic module using a cryptographic key stored in the cryptographic module to form a block key ;
transmitting the block key to the host ;
and receiving the block key at the host and encrypting the block of data using the received block key .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key (encrypting data) from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5696823A
CLAIM 1 . A method of encrypting data (conversion key) comprising the steps of receiving at a cryptographic module a hash value representing a block of data from a host ;
encrypting the hash value at the cryptographic module using a cryptographic key stored in the cryptographic module to form a block key ;
transmitting the block key to the host ;
and receiving the block key at the host and encrypting the block of data using the received block key .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (encrypting data) derived from a respective target block . 		US5696823A
CLAIM 1 . A method of encrypting data (conversion key) comprising the steps of receiving at a cryptographic module a hash value representing a block of data from a host ;
encrypting the hash value at the cryptographic module using a cryptographic key stored in the cryptographic module to form a block key ;
transmitting the block key to the host ;
and receiving the block key at the host and encrypting the block of data using the received block key .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part (said sub) of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5696823A
CLAIM 11 . A method of encrypting blocks of data , said method comprising the steps of : at a host receiving a block of data that is divided therein into sub-blocks from which at least one sub-block is selected , wherein each sub-block contains a plurality of bits of data ;
modifying each bit in the at least one selected sub-block such that each one of said bits is dependent on every bit in the block of data to create a value representing the entire block ;
transmitting said value to a cryptographic module having access to a cryptographic key ;
at the cryptographic module encrypting said value at least once using the cryptographic key to form a block key and transmitting the block key to the host at the host encrypting said sub (first part) -blocks of data using the block key .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5625692A

Filed: 1995-01-23     Issued: 1997-04-29

Method and system for a public key cryptosystem having proactive, robust, and recoverable distributed threshold secret sharing

(Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp

Amir Herzberg, Stanislaw M. Jarecki, Hugo M. Krawczyk, Marcel M. Yung
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means (secret value) operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5625692A
CLAIM 2 . The method of claim 1 , wherein said initializing servers linked by a communications network to form keys comprises the steps of : choosing random numbers for each said server ;
calculating secret value (security means) s for each said server from said random numbers ;
calculating private keys for each said server from said secret values ;
and broadcasting public counterparts of said private keys on said communications network .

US7162735B2
CLAIM 4 . A digital data arrangement (said second part, said first part) comprising protected code and security code (public key) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5625692A
CLAIM 1 . A method of public key (security code) cryptography having proactive , robust and recoverable distributed threshold secret sharing , comprising the steps of : initializing servers linked by a communications network to form keys ;
synchronizing said servers to operate in discrete rounds having ends ;
calculating updated keys at said ends of said rounds from messages broadcast on said communications network ;
verifying said updated keys to form a set of compromised servers ;
recovering said set of compromised servers ;
and wherein said step of calculating updated keys at said ends of said rounds from messages broadcast on said communications network comprises the steps of : picking a set of random numbers for each said server ;
picking a new key for each said server , said new key derived from said set of random numbers ;
and broadcasting messages derived from said set of random numbers on said communication network .

US5625692A
CLAIM 7 . The method of claim 1 , further comprising the steps of : picking random numbers for each said server ;
computing first parts of signatures for each said server from said random numbers ;
broadcasting said first part (processing means, one order, digital data arrangement) s of signatures on said communications network ;
and computing second parts of signatures for each said server from said first parts of signatures .

US5625692A
CLAIM 8 . The method of claim 7 , further comprising the step of verifying a message signed with said second part (processing means, one order, digital data arrangement) s of signatures .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (public key) , when executed , is operable to detect corruption of the protected code . 		US5625692A
CLAIM 1 . A method of public key (security code) cryptography having proactive , robust and recoverable distributed threshold secret sharing , comprising the steps of : initializing servers linked by a communications network to form keys ;
synchronizing said servers to operate in discrete rounds having ends ;
calculating updated keys at said ends of said rounds from messages broadcast on said communications network ;
verifying said updated keys to form a set of compromised servers ;
recovering said set of compromised servers ;
and wherein said step of calculating updated keys at said ends of said rounds from messages broadcast on said communications network comprises the steps of : picking a set of random numbers for each said server ;
picking a new key for each said server , said new key derived from said set of random numbers ;
and broadcasting messages derived from said set of random numbers on said communication network .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (public key) is operable to delete the protected code in the event that any corruption is detected . 		US5625692A
CLAIM 1 . A method of public key (security code) cryptography having proactive , robust and recoverable distributed threshold secret sharing , comprising the steps of : initializing servers linked by a communications network to form keys ;
synchronizing said servers to operate in discrete rounds having ends ;
calculating updated keys at said ends of said rounds from messages broadcast on said communications network ;
verifying said updated keys to form a set of compromised servers ;
recovering said set of compromised servers ;
and wherein said step of calculating updated keys at said ends of said rounds from messages broadcast on said communications network comprises the steps of : picking a set of random numbers for each said server ;
picking a new key for each said server , said new key derived from said set of random numbers ;
and broadcasting messages derived from said set of random numbers on said communication network .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (public key) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US5625692A
CLAIM 1 . A method of public key (security code) cryptography having proactive , robust and recoverable distributed threshold secret sharing , comprising the steps of : initializing servers linked by a communications network to form keys ;
synchronizing said servers to operate in discrete rounds having ends ;
calculating updated keys at said ends of said rounds from messages broadcast on said communications network ;
verifying said updated keys to form a set of compromised servers ;
recovering said set of compromised servers ;
and wherein said step of calculating updated keys at said ends of said rounds from messages broadcast on said communications network comprises the steps of : picking a set of random numbers for each said server ;
picking a new key for each said server , said new key derived from said set of random numbers ;
and broadcasting messages derived from said set of random numbers on said communication network .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (public key) is embedded within the protected code . 		US5625692A
CLAIM 1 . A method of public key (security code) cryptography having proactive , robust and recoverable distributed threshold secret sharing , comprising the steps of : initializing servers linked by a communications network to form keys ;
synchronizing said servers to operate in discrete rounds having ends ;
calculating updated keys at said ends of said rounds from messages broadcast on said communications network ;
verifying said updated keys to form a set of compromised servers ;
recovering said set of compromised servers ;
and wherein said step of calculating updated keys at said ends of said rounds from messages broadcast on said communications network comprises the steps of : picking a set of random numbers for each said server ;
picking a new key for each said server , said new key derived from said set of random numbers ;
and broadcasting messages derived from said set of random numbers on said communication network .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (public key) is embedded at locations which are unused by the protected code . 		US5625692A
CLAIM 1 . A method of public key (security code) cryptography having proactive , robust and recoverable distributed threshold secret sharing , comprising the steps of : initializing servers linked by a communications network to form keys ;
synchronizing said servers to operate in discrete rounds having ends ;
calculating updated keys at said ends of said rounds from messages broadcast on said communications network ;
verifying said updated keys to form a set of compromised servers ;
recovering said set of compromised servers ;
and wherein said step of calculating updated keys at said ends of said rounds from messages broadcast on said communications network comprises the steps of : picking a set of random numbers for each said server ;
picking a new key for each said server , said new key derived from said set of random numbers ;
and broadcasting messages derived from said set of random numbers on said communication network .

US7162735B2
CLAIM 13 . The arrangement of claim 12 , wherein at least one embedding location is identified when the protected code is executed , the security means (secret value) is written to the embedding location . 		US5625692A
CLAIM 2 . The method of claim 1 , wherein said initializing servers linked by a communications network to form keys comprises the steps of : choosing random numbers for each said server ;
calculating secret value (security means) s for each said server from said random numbers ;
calculating private keys for each said server from said secret values ;
and broadcasting public counterparts of said private keys on said communications network .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (public key) and to modify the call instruction to refer to the new location . 		US5625692A
CLAIM 1 . A method of public key (security code) cryptography having proactive , robust and recoverable distributed threshold secret sharing , comprising the steps of : initializing servers linked by a communications network to form keys ;
synchronizing said servers to operate in discrete rounds having ends ;
calculating updated keys at said ends of said rounds from messages broadcast on said communications network ;
verifying said updated keys to form a set of compromised servers ;
recovering said set of compromised servers ;
and wherein said step of calculating updated keys at said ends of said rounds from messages broadcast on said communications network comprises the steps of : picking a set of random numbers for each said server ;
picking a new key for each said server , said new key derived from said set of random numbers ;
and broadcasting messages derived from said set of random numbers on said communication network .

US7162735B2
CLAIM 18 . A digital data arrangement (said second part, said first part) comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5625692A
CLAIM 7 . The method of claim 1 , further comprising the steps of : picking random numbers for each said server ;
computing first parts of signatures for each said server from said random numbers ;
broadcasting said first part (processing means, one order, digital data arrangement) s of signatures on said communications network ;
and computing second parts of signatures for each said server from said first parts of signatures .

US5625692A
CLAIM 8 . The method of claim 7 , further comprising the step of verifying a message signed with said second part (processing means, one order, digital data arrangement) s of signatures .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (said second part, said first part) operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US5625692A
CLAIM 7 . The method of claim 1 , further comprising the steps of : picking random numbers for each said server ;
computing first parts of signatures for each said server from said random numbers ;
broadcasting said first part (processing means, one order, digital data arrangement) s of signatures on said communications network ;
and computing second parts of signatures for each said server from said first parts of signatures .

US5625692A
CLAIM 8 . The method of claim 7 , further comprising the step of verifying a message signed with said second part (processing means, one order, digital data arrangement) s of signatures .

US7162735B2
CLAIM 29 . A digital data arrangement (said second part, said first part) comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order (said second part, said first part) to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5625692A
CLAIM 7 . The method of claim 1 , further comprising the steps of : picking random numbers for each said server ;
computing first parts of signatures for each said server from said random numbers ;
broadcasting said first part (processing means, one order, digital data arrangement) s of signatures on said communications network ;
and computing second parts of signatures for each said server from said first parts of signatures .

US5625692A
CLAIM 8 . The method of claim 7 , further comprising the step of verifying a message signed with said second part (processing means, one order, digital data arrangement) s of signatures .

US7162735B2
CLAIM 32 . The arrangement of claim 29 , wherein the steps include at least one step which initiates operation of security means (secret value) operable to detect corruption of the protected data . 		US5625692A
CLAIM 2 . The method of claim 1 , wherein said initializing servers linked by a communications network to form keys comprises the steps of : choosing random numbers for each said server ;
calculating secret value (security means) s for each said server from said random numbers ;
calculating private keys for each said server from said secret values ;
and broadcasting public counterparts of said private keys on said communications network .

US7162735B2
CLAIM 34 . A digital data arrangement (said second part, said first part) comprising executable code executable to create a first part (said sub) of protected code and to execute the first part of protected code , and to subsequently create a second part (second parts) of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5625692A
CLAIM 5 . The method of claim 1 , wherein said recovering said set of compromised servers comprises the steps of : installing a new private key in each server in said set of compromised servers ;
choosing a set of recovery servers from said servers ;
computing sub-shares for each server in said set of recovery servers ;
broadcasting messages derived from said sub (first part) -shares on said communications network ;
and verifying said messages derived from said sub-shares received by said set of compromised servers .

US5625692A
CLAIM 7 . The method of claim 1 , further comprising the steps of : picking random numbers for each said server ;
computing first parts of signatures for each said server from said random numbers ;
broadcasting said first part (processing means, one order, digital data arrangement) s of signatures on said communications network ;
and computing second parts (second part) of signatures for each said server from said first parts of signatures .

US5625692A
CLAIM 8 . The method of claim 7 , further comprising the step of verifying a message signed with said second part (processing means, one order, digital data arrangement) s of signatures .

US7162735B2
CLAIM 38 . A digital data arrangement (said second part, said first part) comprising protected code , security code (public key) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5625692A
CLAIM 1 . A method of public key (security code) cryptography having proactive , robust and recoverable distributed threshold secret sharing , comprising the steps of : initializing servers linked by a communications network to form keys ;
synchronizing said servers to operate in discrete rounds having ends ;
calculating updated keys at said ends of said rounds from messages broadcast on said communications network ;
verifying said updated keys to form a set of compromised servers ;
recovering said set of compromised servers ;
and wherein said step of calculating updated keys at said ends of said rounds from messages broadcast on said communications network comprises the steps of : picking a set of random numbers for each said server ;
picking a new key for each said server , said new key derived from said set of random numbers ;
and broadcasting messages derived from said set of random numbers on said communication network .

US5625692A
CLAIM 7 . The method of claim 1 , further comprising the steps of : picking random numbers for each said server ;
computing first parts of signatures for each said server from said random numbers ;
broadcasting said first part (processing means, one order, digital data arrangement) s of signatures on said communications network ;
and computing second parts of signatures for each said server from said first parts of signatures .

US5625692A
CLAIM 8 . The method of claim 7 , further comprising the step of verifying a message signed with said second part (processing means, one order, digital data arrangement) s of signatures .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (public key) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5625692A
CLAIM 1 . A method of public key (security code) cryptography having proactive , robust and recoverable distributed threshold secret sharing , comprising the steps of : initializing servers linked by a communications network to form keys ;
synchronizing said servers to operate in discrete rounds having ends ;
calculating updated keys at said ends of said rounds from messages broadcast on said communications network ;
verifying said updated keys to form a set of compromised servers ;
recovering said set of compromised servers ;
and wherein said step of calculating updated keys at said ends of said rounds from messages broadcast on said communications network comprises the steps of : picking a set of random numbers for each said server ;
picking a new key for each said server , said new key derived from said set of random numbers ;
and broadcasting messages derived from said set of random numbers on said communication network .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5532920A

Filed: 1994-12-28     Issued: 1996-07-02

Data processing system and method to enforce payment of royalties when copying softcopy books

(Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp

Thomas V. Hartrick, Jeffrey N. Stevens, Nicholas J. Sabia
US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (public key) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5532920A
CLAIM 6 . The method of claim 4 , wherein said validation data is the public key (security code) portion of a public key--private key pair issued by said second data processor ;
said sender identity data is an encrypted message , encrypted by said second data processor under said private key ;
and wherein said step of validating further comprises a step of decrypting said encrypted message using said public key at said user' ;
s data processor .

US7162735B2
CLAIM 5 . A computer system comprising memory means (memory means) containing a digital protection arrangement (comprising steps) according to claim 4 . 		US5532920A
CLAIM 8 . The method of claim 7 , further comprising steps (digital protection arrangement) of : outputting a second authorization message from said second data processor to said user' ;
s data processor in response to receiving said first acknowledgement signal from said user' ;
s data processor , said second authorization message giving authorization to print said second fraction of said portion of said document by said printer .

US5532920A
CLAIM 28 . A data processing system for managing the printing of pages of a structured document on a user' ;
s printer in a network , so as to comply with royalty payment requirements of the document , the system comprising : input means for loading into memory of a user' ;
s data processor in said network , a formatted text stream of a structured document which includes a plurality of portions , at least one portion having an associated document portion royalty payment element including a document portion royalty payment amount tag defining a document portion royalty payment amount ;
first receiving means coupled to said memory , for receiving a print command from a user to print a portion of said document on a printer device controlled by said user' ;
s data processor ;
searching means coupled to said input means , for searching said formatted text stream to identify said document portion royalty payment element associated with the portion to be printed and storing said document portion royalty payment element in a memory in said user' ;
s data processor ;
first transmitting means , responsive to said print command and to said identified document portion royalty payment element , coupled to said memory means (memory means) , for transmitting from said user' ;
s data processor to a second data processor in said network a request for authorization to print said portion of said document , said request for authorization including said document portion royalty payment amount defined by said document portion royalty payment amount tag ;
second receiving means in said second data processor for receiving said request at said second data processor and in response thereto , creating a charge of said document portion royalty payment amount to an account of said user ;
second transmitting means coupled to said second receiving means for transmitting from said second data processor to said user' ;
s data processor an authorization message for printing said portion of said document ;
authorization receiving means at said user' ;
s data processor for receiving said authorization message at said user' ;
s data processor and in response thereto , outputting a print control signal from said user' ;
s data processor to a user' ;
s printer , controlled by said user' ;
s data processor , to print said portion of said document on said printer .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (public key) , when executed , is operable to detect corruption of the protected code . 		US5532920A
CLAIM 6 . The method of claim 4 , wherein said validation data is the public key (security code) portion of a public key--private key pair issued by said second data processor ;
said sender identity data is an encrypted message , encrypted by said second data processor under said private key ;
and wherein said step of validating further comprises a step of decrypting said encrypted message using said public key at said user' ;
s data processor .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (public key) is operable to delete the protected code in the event that any corruption is detected . 		US5532920A
CLAIM 6 . The method of claim 4 , wherein said validation data is the public key (security code) portion of a public key--private key pair issued by said second data processor ;
said sender identity data is an encrypted message , encrypted by said second data processor under said private key ;
and wherein said step of validating further comprises a step of decrypting said encrypted message using said public key at said user' ;
s data processor .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (public key) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US5532920A
CLAIM 6 . The method of claim 4 , wherein said validation data is the public key (security code) portion of a public key--private key pair issued by said second data processor ;
said sender identity data is an encrypted message , encrypted by said second data processor under said private key ;
and wherein said step of validating further comprises a step of decrypting said encrypted message using said public key at said user' ;
s data processor .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (public key) is embedded within the protected code . 		US5532920A
CLAIM 6 . The method of claim 4 , wherein said validation data is the public key (security code) portion of a public key--private key pair issued by said second data processor ;
said sender identity data is an encrypted message , encrypted by said second data processor under said private key ;
and wherein said step of validating further comprises a step of decrypting said encrypted message using said public key at said user' ;
s data processor .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (public key) is embedded at locations which are unused by the protected code . 		US5532920A
CLAIM 6 . The method of claim 4 , wherein said validation data is the public key (security code) portion of a public key--private key pair issued by said second data processor ;
said sender identity data is an encrypted message , encrypted by said second data processor under said private key ;
and wherein said step of validating further comprises a step of decrypting said encrypted message using said public key at said user' ;
s data processor .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code (public key) and to modify the call instruction to refer to the new location . 		US5532920A
CLAIM 6 . The method of claim 4 , wherein said validation data is the public key (security code) portion of a public key--private key pair issued by said second data processor ;
said sender identity data is an encrypted message , encrypted by said second data processor under said private key ;
and wherein said step of validating further comprises a step of decrypting said encrypted message using said public key at said user' ;
s data processor .

US5532920A
CLAIM 28 . A data processing system for managing the printing of pages of a structured document on a user' ;
s printer in a network , so as to comply with royalty payment requirements of the document , the system comprising : input means for loading into memory of a user' ;
s data processor in said network , a formatted text stream of a structured document which includes a plurality of portions , at least one portion having an associated document portion royalty payment element including a document portion royalty payment amount tag defining a document portion royalty payment amount ;
first receiving means coupled to said memory (relocation code) , for receiving a print command from a user to print a portion of said document on a printer device controlled by said user' ;
s data processor ;
searching means coupled to said input means , for searching said formatted text stream to identify said document portion royalty payment element associated with the portion to be printed and storing said document portion royalty payment element in a memory in said user' ;
s data processor ;
first transmitting means , responsive to said print command and to said identified document portion royalty payment element , coupled to said memory means , for transmitting from said user' ;
s data processor to a second data processor in said network a request for authorization to print said portion of said document , said request for authorization including said document portion royalty payment amount defined by said document portion royalty payment amount tag ;
second receiving means in said second data processor for receiving said request at said second data processor and in response thereto , creating a charge of said document portion royalty payment amount to an account of said user ;
second transmitting means coupled to said second receiving means for transmitting from said second data processor to said user' ;
s data processor an authorization message for printing said portion of said document ;
authorization receiving means at said user' ;
s data processor for receiving said authorization message at said user' ;
s data processor and in response thereto , outputting a print control signal from said user' ;
s data processor to a user' ;
s printer , controlled by said user' ;
s data processor , to print said portion of said document on said printer .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US5532920A
CLAIM 28 . A data processing system for managing the printing of pages of a structured document on a user' ;
s printer in a network , so as to comply with royalty payment requirements of the document , the system comprising : input means for loading into memory of a user' ;
s data processor in said network , a formatted text stream of a structured document which includes a plurality of portions , at least one portion having an associated document portion royalty payment element including a document portion royalty payment amount tag defining a document portion royalty payment amount ;
first receiving means coupled to said memory (relocation code) , for receiving a print command from a user to print a portion of said document on a printer device controlled by said user' ;
s data processor ;
searching means coupled to said input means , for searching said formatted text stream to identify said document portion royalty payment element associated with the portion to be printed and storing said document portion royalty payment element in a memory in said user' ;
s data processor ;
first transmitting means , responsive to said print command and to said identified document portion royalty payment element , coupled to said memory means , for transmitting from said user' ;
s data processor to a second data processor in said network a request for authorization to print said portion of said document , said request for authorization including said document portion royalty payment amount defined by said document portion royalty payment amount tag ;
second receiving means in said second data processor for receiving said request at said second data processor and in response thereto , creating a charge of said document portion royalty payment amount to an account of said user ;
second transmitting means coupled to said second receiving means for transmitting from said second data processor to said user' ;
s data processor an authorization message for printing said portion of said document ;
authorization receiving means at said user' ;
s data processor for receiving said authorization message at said user' ;
s data processor and in response thereto , outputting a print control signal from said user' ;
s data processor to a user' ;
s printer , controlled by said user' ;
s data processor , to print said portion of said document on said printer .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (memory means) storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US5532920A
CLAIM 28 . A data processing system for managing the printing of pages of a structured document on a user' ;
s printer in a network , so as to comply with royalty payment requirements of the document , the system comprising : input means for loading into memory of a user' ;
s data processor in said network , a formatted text stream of a structured document which includes a plurality of portions , at least one portion having an associated document portion royalty payment element including a document portion royalty payment amount tag defining a document portion royalty payment amount ;
first receiving means coupled to said memory , for receiving a print command from a user to print a portion of said document on a printer device controlled by said user' ;
s data processor ;
searching means coupled to said input means , for searching said formatted text stream to identify said document portion royalty payment element associated with the portion to be printed and storing said document portion royalty payment element in a memory in said user' ;
s data processor ;
first transmitting means , responsive to said print command and to said identified document portion royalty payment element , coupled to said memory means (memory means) , for transmitting from said user' ;
s data processor to a second data processor in said network a request for authorization to print said portion of said document , said request for authorization including said document portion royalty payment amount defined by said document portion royalty payment amount tag ;
second receiving means in said second data processor for receiving said request at said second data processor and in response thereto , creating a charge of said document portion royalty payment amount to an account of said user ;
second transmitting means coupled to said second receiving means for transmitting from said second data processor to said user' ;
s data processor an authorization message for printing said portion of said document ;
authorization receiving means at said user' ;
s data processor for receiving said authorization message at said user' ;
s data processor and in response thereto , outputting a print control signal from said user' ;
s data processor to a user' ;
s printer , controlled by said user' ;
s data processor , to print said portion of said document on said printer .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part (document identity) of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5532920A
CLAIM 3 . The method of claim 2 , wherein said step of transmitting said request for authorization from said user' ;
s data processor to a second data processor in said network , further comprises : assembling document identity (first part) data for said document , portion specification data for said portion to be printed , and user identity data for said user ;
and including said document identity data , said portion specification data , and said user identity data in said request for authorization .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (public key) and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5532920A
CLAIM 6 . The method of claim 4 , wherein said validation data is the public key (security code) portion of a public key--private key pair issued by said second data processor ;
said sender identity data is an encrypted message , encrypted by said second data processor under said private key ;
and wherein said step of validating further comprises a step of decrypting said encrypted message using said public key at said user' ;
s data processor .

US5532920A
CLAIM 28 . A data processing system for managing the printing of pages of a structured document on a user' ;
s printer in a network , so as to comply with royalty payment requirements of the document , the system comprising : input means for loading into memory of a user' ;
s data processor in said network , a formatted text stream of a structured document which includes a plurality of portions , at least one portion having an associated document portion royalty payment element including a document portion royalty payment amount tag defining a document portion royalty payment amount ;
first receiving means coupled to said memory (relocation code) , for receiving a print command from a user to print a portion of said document on a printer device controlled by said user' ;
s data processor ;
searching means coupled to said input means , for searching said formatted text stream to identify said document portion royalty payment element associated with the portion to be printed and storing said document portion royalty payment element in a memory in said user' ;
s data processor ;
first transmitting means , responsive to said print command and to said identified document portion royalty payment element , coupled to said memory means , for transmitting from said user' ;
s data processor to a second data processor in said network a request for authorization to print said portion of said document , said request for authorization including said document portion royalty payment amount defined by said document portion royalty payment amount tag ;
second receiving means in said second data processor for receiving said request at said second data processor and in response thereto , creating a charge of said document portion royalty payment amount to an account of said user ;
second transmitting means coupled to said second receiving means for transmitting from said second data processor to said user' ;
s data processor an authorization message for printing said portion of said document ;
authorization receiving means at said user' ;
s data processor for receiving said authorization message at said user' ;
s data processor and in response thereto , outputting a print control signal from said user' ;
s data processor to a user' ;
s printer , controlled by said user' ;
s data processor , to print said portion of said document on said printer .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (public key) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5532920A
CLAIM 6 . The method of claim 4 , wherein said validation data is the public key (security code) portion of a public key--private key pair issued by said second data processor ;
said sender identity data is an encrypted message , encrypted by said second data processor under said private key ;
and wherein said step of validating further comprises a step of decrypting said encrypted message using said public key at said user' ;
s data processor .

US5532920A
CLAIM 29 . A data processing system for managing the copying of pages of a structured document on a copier included in a network , so as to comply with royalty payment requirements of the document , the system comprising : input means for loading into memory of a user' ;
s data processor in said network a formatted text stream of a structured document which includes a plurality of portions , at least one portion having an associated document portion royalty payment element including a document portion royalty payment amount tag defining a document portion royalty payment amount ;
first receiving means coupled to said memory (relocation code) , for receiving a copy command from a user to copy a portion of said document on a copier controlled by said user' ;
s data processor ;
searching means coupled to said input means , for searching said formatted text stream to identify said document portion royalty payment element associated with the portion to be copied and storing said document portion royalty payment element in a memory in said user' ;
s data processor ;
first transmitting means coupled to said memory means and responsive to said copy command and to said identified document portion royalty payment element , for transmitting from said user' ;
s data processor to a second data processor in said network a request for authorization to copy said portion of said document , said request for authorization including said document portion royalty payment amount defined by said document portion royalty payment amount tag ;
second receiving means in said second data processor for receiving said request at said second data processor and in response thereto , creating a charge of said document portion royalty payment amount to an account of said user ;
second transmitting means coupled to said second receiving means for transmitting from said second data processor to said user' ;
s data processor an authorization message for copying said portion of said document ;
authorization receiving means at said user' ;
s data processor for receiving said authorization message at said user' ;
s data processor and in response thereto , outputting a copy control signal from said user' ;
s data processor to said copier to copy said portion of said document on said copier .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5654746A

Filed: 1994-12-01     Issued: 1997-08-05

Secure authorization and control method and apparatus for a game delivery service

(Original Assignee) Scientific Atlanta LLC     (Current Assignee) Cisco Technology Inc

Jay C. McMullan, Jr., David B. Burleson, Paul Borsetti, Jr., John T. Filion
US7162735B2
CLAIM 4 . A digital data (said signal) arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5654746A
CLAIM 14 . The communications system according to claim 1 , wherein said communications terminal further comprises a tuner for tuning said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US7162735B2
CLAIM 5 . A computer system comprising memory means containing a digital protection (said signal) arrangement according to claim 4 . 		US5654746A
CLAIM 14 . The communications system according to claim 1 , wherein said communications terminal further comprises a tuner for tuning said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said signal) protection arrangement in accordance with claim 4 . 		US5654746A
CLAIM 14 . The communications system according to claim 1 , wherein said communications terminal further comprises a tuner for tuning said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system , is operable as a digital data (said signal) protection arrangement in accordance with claim 4 . 		US5654746A
CLAIM 14 . The communications system according to claim 1 , wherein said communications terminal further comprises a tuner for tuning said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		US5654746A
CLAIM 13 . The communications system according to claim 12 , wherein said control circuit further includes an interface for interfacing said memory (relocation code) to an external device , wherein a processor of said external device is capable of executing digital data programs stored in said memory .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US5654746A
CLAIM 13 . The communications system according to claim 12 , wherein said control circuit further includes an interface for interfacing said memory (relocation code) to an external device , wherein a processor of said external device is capable of executing digital data programs stored in said memory .

US7162735B2
CLAIM 18 . A digital data (said signal) arrangement comprising : protected data provided in encrypted form ;

decryption instructions (program content) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5654746A
CLAIM 14 . The communications system according to claim 1 , wherein said communications terminal further comprises a tuner for tuning said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US5654746A
CLAIM 21 . The communications system according to claim 1 , wherein said digital data programs comprise video games and said control circuit authorizes access to parentally authorized ones of said digital data programs only during parentally authorized and predetermined time of day periods and according to a rating for program content (decryption instructions) .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (program content) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		US5654746A
CLAIM 21 . The communications system according to claim 1 , wherein said digital data programs comprise video games and said control circuit authorizes access to parentally authorized ones of said digital data programs only during parentally authorized and predetermined time of day periods and according to a rating for program content (decryption instructions) .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (program content) . 		US5654746A
CLAIM 21 . The communications system according to claim 1 , wherein said digital data programs comprise video games and said control circuit authorizes access to parentally authorized ones of said digital data programs only during parentally authorized and predetermined time of day periods and according to a rating for program content (decryption instructions) .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions (program content) and conversion code with a start point at a memory location (remote locations) indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US5654746A
CLAIM 21 . The communications system according to claim 1 , wherein said digital data programs comprise video games and said control circuit authorizes access to parentally authorized ones of said digital data programs only during parentally authorized and predetermined time of day periods and according to a rating for program content (decryption instructions) .

US5654746A
CLAIM 34 . A communications system for the delivery of digital data programs to a plurality of remote locations (memory location) , said system comprising : communications terminals located at said remote locations ;
a transmitter for transmitting a signal comprising said digital data programs , first authorization data for authorizing all of said communications terminals to access first authorized ones of said digital data programs for predetermined program access periods , and second authorization data for authorizing respective ones of said communications terminals to access second authorized ones of said digital data programs regardless of said predetermined program access periods .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said signal) protection arrangement in accordance with claim 18 . 		US5654746A
CLAIM 14 . The communications system according to claim 1 , wherein said communications terminal further comprises a tuner for tuning said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US7162735B2
CLAIM 29 . A digital data (said signal) arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5654746A
CLAIM 14 . The communications system according to claim 1 , wherein said communications terminal further comprises a tuner for tuning said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said signal) protection arrangement in accordance with claim 29 . 		US5654746A
CLAIM 14 . The communications system according to claim 1 , wherein said communications terminal further comprises a tuner for tuning said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US7162735B2
CLAIM 34 . A digital data (said signal) arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5654746A
CLAIM 14 . The communications system according to claim 1 , wherein said communications terminal further comprises a tuner for tuning said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said signal) protection arrangement in accordance with claim 34 . 		US5654746A
CLAIM 14 . The communications system according to claim 1 , wherein said communications terminal further comprises a tuner for tuning said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US7162735B2
CLAIM 38 . A digital data (said signal) arrangement comprising protected code , security code and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5654746A
CLAIM 13 . The communications system according to claim 12 , wherein said control circuit further includes an interface for interfacing said memory (relocation code) to an external device , wherein a processor of said external device is capable of executing digital data programs stored in said memory .

US5654746A
CLAIM 14 . The communications system according to claim 1 , wherein said communications terminal further comprises a tuner for tuning said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5654746A
CLAIM 13 . The communications system according to claim 12 , wherein said control circuit further includes an interface for interfacing said memory (relocation code) to an external device , wherein a processor of said external device is capable of executing digital data programs stored in said memory .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said signal) protection arrangement in accordance with claim 38 . 		US5654746A
CLAIM 14 . The communications system according to claim 1 , wherein said communications terminal further comprises a tuner for tuning said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5629980A

Filed: 1994-11-23     Issued: 1997-05-13

System for controlling the distribution and use of digital works

(Original Assignee) Xerox Corp     (Current Assignee) Contentguard Holdings Inc

Mark J. Stefik, Michalene M. Casey
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software (storing code) , the protection software comprising security means (first session) operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key (audio playback) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5629980A
CLAIM 12 . A system for controlling distribution and use of digital works comprising : means for attaching usage rights to said digital work , said usage rights indicating how a recipient may use and subsequently distribute said digital work ;
a communications medium for coupling repositories to enable distribution of digital works ;
a plurality of repositories for managing exchange of digital works based on usage rights attached to said digital works , each of said plurality of repositories comprising : a storage means for storing digital works and their attached usage rights ;
a processor operating responsive to coded instructions ;
a memory means coupled to said processor for storing code (computer software) d instruction to enable said processor to operate in a first server mode for processing access requests to digital works and for attaching usage rights to digital works when transmitted to another of said plurality of repositories , a second requester mode for initiating requests to access digital works , and a session initiation mode for establishing a trusted session with another of said plurality of repositories over said communications medium ;
a clock ;
a repository interface for coupling to said communications medium .

US5629980A
CLAIM 24 . The method as recited in claim 23 wherein said step of a requesting repository performing a first registration transaction with a server repository is further comprised of the steps of : a6) said requesting repository generating a first session (security means) key pair , a first key of said first session key pair for said requesting repository to encrypt subsequent messages to said sever repository and a second key of said first session key pair for said server repository to decrypt subsequent messages from said requesting repository ;
and a7) said requesting repository transmitting said second key of said first session key pair to said server repository .

US5629980A
CLAIM 30 . The system as recited in claim 2 wherein said rendering device of said rendering system is an audio playback (conversion key) device .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (storing code) in accordance with claim 1 . 		US5629980A
CLAIM 12 . A system for controlling distribution and use of digital works comprising : means for attaching usage rights to said digital work , said usage rights indicating how a recipient may use and subsequently distribute said digital work ;
a communications medium for coupling repositories to enable distribution of digital works ;
a plurality of repositories for managing exchange of digital works based on usage rights attached to said digital works , each of said plurality of repositories comprising : a storage means for storing digital works and their attached usage rights ;
a processor operating responsive to coded instructions ;
a memory means coupled to said processor for storing code (computer software) d instruction to enable said processor to operate in a first server mode for processing access requests to digital works and for attaching usage rights to digital works when transmitted to another of said plurality of repositories , a second requester mode for initiating requests to access digital works , and a session initiation mode for establishing a trusted session with another of said plurality of repositories over said communications medium ;
a clock ;
a repository interface for coupling to said communications medium .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (storing code) protected by means of computer software in accordance with claim 1 . 		US5629980A
CLAIM 12 . A system for controlling distribution and use of digital works comprising : means for attaching usage rights to said digital work , said usage rights indicating how a recipient may use and subsequently distribute said digital work ;
a communications medium for coupling repositories to enable distribution of digital works ;
a plurality of repositories for managing exchange of digital works based on usage rights attached to said digital works , each of said plurality of repositories comprising : a storage means for storing digital works and their attached usage rights ;
a processor operating responsive to coded instructions ;
a memory means coupled to said processor for storing code (computer software) d instruction to enable said processor to operate in a first server mode for processing access requests to digital works and for attaching usage rights to digital works when transmitted to another of said plurality of repositories , a second requester mode for initiating requests to access digital works , and a session initiation mode for establishing a trusted session with another of said plurality of repositories over said communications medium ;
a clock ;
a repository interface for coupling to said communications medium .

US7162735B2
CLAIM 5 . A computer system comprising memory means (memory means) containing a digital protection arrangement according to claim 4 . 		US5629980A
CLAIM 12 . A system for controlling distribution and use of digital works comprising : means for attaching usage rights to said digital work , said usage rights indicating how a recipient may use and subsequently distribute said digital work ;
a communications medium for coupling repositories to enable distribution of digital works ;
a plurality of repositories for managing exchange of digital works based on usage rights attached to said digital works , each of said plurality of repositories comprising : a storage means for storing digital works and their attached usage rights ;
a processor operating responsive to coded instructions ;
a memory means (memory means) coupled to said processor for storing coded instruction to enable said processor to operate in a first server mode for processing access requests to digital works and for attaching usage rights to digital works when transmitted to another of said plurality of repositories , a second requester mode for initiating requests to access digital works , and a session initiation mode for establishing a trusted session with another of said plurality of repositories over said communications medium ;
a clock ;
a repository interface for coupling to said communications medium .

US7162735B2
CLAIM 13 . The arrangement of claim 12 , wherein at least one embedding location is identified when the protected code is executed , the security means (first session) is written to the embedding location . 		US5629980A
CLAIM 24 . The method as recited in claim 23 wherein said step of a requesting repository performing a first registration transaction with a server repository is further comprised of the steps of : a6) said requesting repository generating a first session (security means) key pair , a first key of said first session key pair for said requesting repository to encrypt subsequent messages to said sever repository and a second key of said first session key pair for said server repository to decrypt subsequent messages from said requesting repository ;
and a7) said requesting repository transmitting said second key of said first session key pair to said server repository .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		US5629980A
CLAIM 14 . The system as recited in claim 13 wherein said memory (relocation code) means further stores coded instructions for said processor in said first server mode of operation for examining usage rights attached to a digital work to determine if an access request can be granted .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US5629980A
CLAIM 14 . The system as recited in claim 13 wherein said memory (relocation code) means further stores coded instructions for said processor in said first server mode of operation for examining usage rights attached to a digital work to determine if an access request can be granted .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key (audio playback) from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5629980A
CLAIM 30 . The system as recited in claim 2 wherein said rendering device of said rendering system is an audio playback (conversion key) device .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (audio playback) derived from a respective target block . 		US5629980A
CLAIM 30 . The system as recited in claim 2 wherein said rendering device of said rendering system is an audio playback (conversion key) device .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (memory means) storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US5629980A
CLAIM 12 . A system for controlling distribution and use of digital works comprising : means for attaching usage rights to said digital work , said usage rights indicating how a recipient may use and subsequently distribute said digital work ;
a communications medium for coupling repositories to enable distribution of digital works ;
a plurality of repositories for managing exchange of digital works based on usage rights attached to said digital works , each of said plurality of repositories comprising : a storage means for storing digital works and their attached usage rights ;
a processor operating responsive to coded instructions ;
a memory means (memory means) coupled to said processor for storing coded instruction to enable said processor to operate in a first server mode for processing access requests to digital works and for attaching usage rights to digital works when transmitted to another of said plurality of repositories , a second requester mode for initiating requests to access digital works , and a session initiation mode for establishing a trusted session with another of said plurality of repositories over said communications medium ;
a clock ;
a repository interface for coupling to said communications medium .

US7162735B2
CLAIM 32 . The arrangement of claim 29 , wherein the steps include at least one step which initiates operation of security means (first session) operable to detect corruption of the protected data . 		US5629980A
CLAIM 24 . The method as recited in claim 23 wherein said step of a requesting repository performing a first registration transaction with a server repository is further comprised of the steps of : a6) said requesting repository generating a first session (security means) key pair , a first key of said first session key pair for said requesting repository to encrypt subsequent messages to said sever repository and a second key of said first session key pair for said server repository to decrypt subsequent messages from said requesting repository ;
and a7) said requesting repository transmitting said second key of said first session key pair to said server repository .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5629980A
CLAIM 14 . The system as recited in claim 13 wherein said memory (relocation code) means further stores coded instructions for said processor in said first server mode of operation for examining usage rights attached to a digital work to determine if an access request can be granted .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5629980A
CLAIM 14 . The system as recited in claim 13 wherein said memory (relocation code) means further stores coded instructions for said processor in said first server mode of operation for examining usage rights attached to a digital work to determine if an access request can be granted .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5638443A

Filed: 1994-11-23     Issued: 1997-06-10

System for controlling the distribution and use of composite digital works

(Original Assignee) Xerox Corp     (Current Assignee) ContentGuard Holdings Inc

Mark J. Stefik, Daniel G. Bobrow, Peter L. T. Pirolli
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key (audio playback) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5638443A
CLAIM 23 . The system as recited in claim 16 wherein one of said plurality of digital works is an audio work and said rendering device is an audio playback (conversion key) device .

US7162735B2
CLAIM 4 . A digital data (digital data) arrangement (said second part, said first part) comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5638443A
CLAIM 2 . The method as recited in claim 1 wherein said step of creating an instance of a composite digital work is further comprised of the steps of : a1) creating a first part of said composite digital work ;
a2) creating a first description block for said first part (processing means, one order, digital data arrangement) of said composite digital work ;
a3) obtaining an existing second part for said composite digital work , said second digital work having a second description block ;
a4) combining said first part and said second part (processing means, one order, digital data arrangement) to form said composite digital work ;
and a5) creating a third description block for said composite digital work .

US5638443A
CLAIM 12 . A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 4 . 		US5638443A
CLAIM 12 . A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 4 . 		US5638443A
CLAIM 12 . A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .

US7162735B2
CLAIM 18 . A digital data (digital data) arrangement (said second part, said first part) comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key (audio playback) from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5638443A
CLAIM 2 . The method as recited in claim 1 wherein said step of creating an instance of a composite digital work is further comprised of the steps of : a1) creating a first part of said composite digital work ;
a2) creating a first description block for said first part (processing means, one order, digital data arrangement) of said composite digital work ;
a3) obtaining an existing second part for said composite digital work , said second digital work having a second description block ;
a4) combining said first part and said second part (processing means, one order, digital data arrangement) to form said composite digital work ;
and a5) creating a third description block for said composite digital work .

US5638443A
CLAIM 12 . A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .

US5638443A
CLAIM 23 . The system as recited in claim 16 wherein one of said plurality of digital works is an audio work and said rendering device is an audio playback (conversion key) device .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (audio playback) derived from a respective target block . 		US5638443A
CLAIM 23 . The system as recited in claim 16 wherein one of said plurality of digital works is an audio work and said rendering device is an audio playback (conversion key) device .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (said second part, said first part) operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US5638443A
CLAIM 2 . The method as recited in claim 1 wherein said step of creating an instance of a composite digital work is further comprised of the steps of : a1) creating a first part of said composite digital work ;
a2) creating a first description block for said first part (processing means, one order, digital data arrangement) of said composite digital work ;
a3) obtaining an existing second part for said composite digital work , said second digital work having a second description block ;
a4) combining said first part and said second part (processing means, one order, digital data arrangement) to form said composite digital work ;
and a5) creating a third description block for said composite digital work .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 18 . 		US5638443A
CLAIM 12 . A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .

US7162735B2
CLAIM 29 . A digital data (digital data) arrangement (said second part, said first part) comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order (said second part, said first part) to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5638443A
CLAIM 2 . The method as recited in claim 1 wherein said step of creating an instance of a composite digital work is further comprised of the steps of : a1) creating a first part of said composite digital work ;
a2) creating a first description block for said first part (processing means, one order, digital data arrangement) of said composite digital work ;
a3) obtaining an existing second part for said composite digital work , said second digital work having a second description block ;
a4) combining said first part and said second part (processing means, one order, digital data arrangement) to form said composite digital work ;
and a5) creating a third description block for said composite digital work .

US5638443A
CLAIM 12 . A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 29 . 		US5638443A
CLAIM 12 . A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .

US7162735B2
CLAIM 34 . A digital data (digital data) arrangement (said second part, said first part) comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5638443A
CLAIM 2 . The method as recited in claim 1 wherein said step of creating an instance of a composite digital work is further comprised of the steps of : a1) creating a first part of said composite digital work ;
a2) creating a first description block for said first part (processing means, one order, digital data arrangement) of said composite digital work ;
a3) obtaining an existing second part for said composite digital work , said second digital work having a second description block ;
a4) combining said first part and said second part (processing means, one order, digital data arrangement) to form said composite digital work ;
and a5) creating a third description block for said composite digital work .

US5638443A
CLAIM 12 . A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 34 . 		US5638443A
CLAIM 12 . A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .

US7162735B2
CLAIM 38 . A digital data (digital data) arrangement (said second part, said first part) comprising protected code , security code and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5638443A
CLAIM 2 . The method as recited in claim 1 wherein said step of creating an instance of a composite digital work is further comprised of the steps of : a1) creating a first part of said composite digital work ;
a2) creating a first description block for said first part (processing means, one order, digital data arrangement) of said composite digital work ;
a3) obtaining an existing second part for said composite digital work , said second digital work having a second description block ;
a4) combining said first part and said second part (processing means, one order, digital data arrangement) to form said composite digital work ;
and a5) creating a third description block for said composite digital work .

US5638443A
CLAIM 12 . A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (digital data) protection arrangement in accordance with claim 38 . 		US5638443A
CLAIM 12 . A repository for storing and controlling access to composite digital works comprising : an interface means for receiving requests to access digital works stored therein ;
a first storage unit for storing digital data (digital data) representing digital works ;
a second storage unit for storing description structures for digital works stored in said first storage unit , said description structure comprising a plurality of description blocks , each of said description blocks comprising : a pointer to a parent description block , one or more pointers to children description blocks , a pointer to a corresponding part of a digital work stored in said first storage unit and a usage rights part for storing one or more usage rights , each of said usage rights specifying an instance of how said part may be used ;
a transactions processor for processing requests to access a digital work , said transactions processor comprising a means for identifying a usage right from a request to access said digital work , and a means for determining if a description block contains an identified usage right .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5615061A

Filed: 1994-09-29     Issued: 1997-03-25

Method of preventng software piracy by uniquely identifying the specific magnetic storage device the software is stored on

(Original Assignee) HP Inc     (Current Assignee) HTC Corp

Jitendra K. Singh
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means (magnetic read) operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5615061A
CLAIM 6 . An apparatus as in claim 5 wherein : the first plurality of voltages are read from the specific magnetic storage device by a magnetic read (security means) head and converted into digital format by an analog-to-digital converter .

US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US5615061A
CLAIM 7 . An apparatus as in claim 5 wherein : a software program is executed by the associated computer system (computer system) only if the first and second plurality of voltages match after the software program is attempted to be executed .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US5615061A
CLAIM 7 . An apparatus as in claim 5 wherein : a software program is executed by the associated computer system (computer system) only if the first and second plurality of voltages match after the software program is attempted to be executed .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5615061A
CLAIM 7 . An apparatus as in claim 5 wherein : a software program is executed by the associated computer system (computer system) only if the first and second plurality of voltages match after the software program is attempted to be executed .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5615061A
CLAIM 7 . An apparatus as in claim 5 wherein : a software program is executed by the associated computer system (computer system) only if the first and second plurality of voltages match after the software program is attempted to be executed .

US7162735B2
CLAIM 13 . The arrangement of claim 12 , wherein at least one embedding location is identified when the protected code is executed , the security means (magnetic read) is written to the embedding location . 		US5615061A
CLAIM 6 . An apparatus as in claim 5 wherein : the first plurality of voltages are read from the specific magnetic storage device by a magnetic read (security means) head and converted into digital format by an analog-to-digital converter .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5615061A
CLAIM 7 . An apparatus as in claim 5 wherein : a software program is executed by the associated computer system (computer system) only if the first and second plurality of voltages match after the software program is attempted to be executed .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5615061A
CLAIM 7 . An apparatus as in claim 5 wherein : a software program is executed by the associated computer system (computer system) only if the first and second plurality of voltages match after the software program is attempted to be executed .

US7162735B2
CLAIM 32 . The arrangement of claim 29 , wherein the steps include at least one step which initiates operation of security means (magnetic read) operable to detect corruption of the protected data . 		US5615061A
CLAIM 6 . An apparatus as in claim 5 wherein : the first plurality of voltages are read from the specific magnetic storage device by a magnetic read (security means) head and converted into digital format by an analog-to-digital converter .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5615061A
CLAIM 7 . An apparatus as in claim 5 wherein : a software program is executed by the associated computer system (computer system) only if the first and second plurality of voltages match after the software program is attempted to be executed .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5615061A
CLAIM 7 . An apparatus as in claim 5 wherein : a software program is executed by the associated computer system (computer system) only if the first and second plurality of voltages match after the software program is attempted to be executed .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5473692A

Filed: 1994-09-07     Issued: 1995-12-05

Roving software license for a hardware agent

(Original Assignee) Intel Corp     (Current Assignee) Intel Corp ; Parker Hannifin Corp

Derek L. Davis
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means (authentication device) operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5473692A
CLAIM 14 . A system adapted for transferring a license token to and from a remote system , the system comprising : a memory element ;
a host processor ;
a bus for coupling said host processor and said memory element ;
and a hardware agent , being coupled to said bus , for internally decrypting input information including the license token encrypted by said remote system and encrypting output information including the license token prior to transmission to said remote system , said hardware agent including a processor for executing an encryption and decryption program within said hardware agent to obtain the license token , a non-volatile storage element for storing a uniquely designated key pair , an authentication device (security means) certificate and a manufacturer public key , all of which being used for decrypting said input information and encrypting said output information , said non-volatile storage element being coupled to said processor , a volatile storage element for temporarily storing said input and output information processed by said processor , a random number generator for generating said unique key pair inaccessible outside said hardware agent , and an interface for enabling communication between said system and said remote system , said interface being coupled to said processor .

US7162735B2
CLAIM 3 . A computer system (processing unit, bus interface, memory means) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US5473692A
CLAIM 7 . The first integrated circuit component according to claim 6 , wherein said interface means includes a bus interface (processor means, computer system, memory means, computer system comprising memory) which allows the first integrated circuit component to internally decrypt and store the license token received from said second integrated circuit component and to internally encrypt and transmit the license token to said second integrated circuit component .

US5473692A
CLAIM 8 . A first integrated circuit component adapted for exchanging a license token , necessary for executing a licensed software program , with a second integrated circuit component distantly separated from the first integrated circuit component , said first integrated circuit component comprising : non-volatile memory for storing a unique key pair , a device certificate of a manufacturer of the integrated circuit component , a public key of said manufacturer and the license token ;
random access memory for temporarily storing information ;
a processing unit (processor means, computer system, memory means, computer system comprising memory) , coupled to said non-volatile memory and said random access memory , for internally processing information transmitted from the second integrated circuit component so that the unique key pair , the device certificate and the public key are not accessible outside the first integrated circuit component ;
a random number generator for generating said unique key pair internally within the first integrated circuit component , said random number generator being coupled to said processing unit ;
and an interface for enabling the integrated circuit component to exchange the license token with the second integrated circuit component , said interface being coupled to said processing unit .

US5473692A
CLAIM 10 . A system adapted for transferring a license token between a remote system , the system comprising : host processing means for executing a software program ;
memory means (processor means, computer system, memory means, computer system comprising memory) for storing said software program ;
bus means for coupling said host processing means and said memory means ;
and agent means , being coupled to said bus means , for internally decrypting cryptographic information input into said agent means and encrypting cryptographic information output from said agent means , said agent means including : processing means for processing said input and output cryptographic information entirely within said agent means , first storage means for storing a unique key pair , a device certificate of a manufacturer of said agent means , a public key of said manufacturer used for decrypting said input cryptographic information and encrypting said output cryptographic information and the license token within the agent means said first storage means being coupled to said processing means ;
second storage means for temporarily storing said input and output cryptographic information , said second storage means coupled to said processing means , generating means for generating said unique key pair which are inaccessible outside the agent means , said generating means being coupled to said processing means , and interface means for providing a communication link between said system and the remote system , said interface means being coupled to said processing means .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (public key) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5473692A
CLAIM 1 . A first integrated circuit component adapted for exchanging a license token , necessary for executing a licensed software program , with a second integrated circuit component , the first integrated circuit component comprising : processing means for processing information completely within said first integrated circuit component ;
first storage means for storing a unique key pair , an authentication digital certificate , a public key (security code) of a manufacturer of the first integrated circuit component and the license token within the first integrated circuit component , said first storage means being coupled to said processing means ;
second storage means for storing said information processed by said processing means , said second storage means being coupled to said processing means ;
means for generating said unique key pair to reside within the first integrated circuit component , said generating means being coupled to said processing means ;
and interface means for providing a communication link between said first integrated circuit component and the second integrated circuit component to exchange the license token , said interface means being coupled to said processing means .

US7162735B2
CLAIM 5 . A computer system (processing unit, bus interface, memory means) comprising memory means (processing unit, bus interface, memory means) containing a digital protection arrangement according to claim 4 . 		US5473692A
CLAIM 7 . The first integrated circuit component according to claim 6 , wherein said interface means includes a bus interface (processor means, computer system, memory means, computer system comprising memory) which allows the first integrated circuit component to internally decrypt and store the license token received from said second integrated circuit component and to internally encrypt and transmit the license token to said second integrated circuit component .

US5473692A
CLAIM 8 . A first integrated circuit component adapted for exchanging a license token , necessary for executing a licensed software program , with a second integrated circuit component distantly separated from the first integrated circuit component , said first integrated circuit component comprising : non-volatile memory for storing a unique key pair , a device certificate of a manufacturer of the integrated circuit component , a public key of said manufacturer and the license token ;
random access memory for temporarily storing information ;
a processing unit (processor means, computer system, memory means, computer system comprising memory) , coupled to said non-volatile memory and said random access memory , for internally processing information transmitted from the second integrated circuit component so that the unique key pair , the device certificate and the public key are not accessible outside the first integrated circuit component ;
a random number generator for generating said unique key pair internally within the first integrated circuit component , said random number generator being coupled to said processing unit ;
and an interface for enabling the integrated circuit component to exchange the license token with the second integrated circuit component , said interface being coupled to said processing unit .

US5473692A
CLAIM 10 . A system adapted for transferring a license token between a remote system , the system comprising : host processing means for executing a software program ;
memory means (processor means, computer system, memory means, computer system comprising memory) for storing said software program ;
bus means for coupling said host processing means and said memory means ;
and agent means , being coupled to said bus means , for internally decrypting cryptographic information input into said agent means and encrypting cryptographic information output from said agent means , said agent means including : processing means for processing said input and output cryptographic information entirely within said agent means , first storage means for storing a unique key pair , a device certificate of a manufacturer of said agent means , a public key of said manufacturer used for decrypting said input cryptographic information and encrypting said output cryptographic information and the license token within the agent means said first storage means being coupled to said processing means ;
second storage means for temporarily storing said input and output cryptographic information , said second storage means coupled to said processing means , generating means for generating said unique key pair which are inaccessible outside the agent means , said generating means being coupled to said processing means , and interface means for providing a communication link between said system and the remote system , said interface means being coupled to said processing means .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (processing unit, bus interface, memory means) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5473692A
CLAIM 7 . The first integrated circuit component according to claim 6 , wherein said interface means includes a bus interface (processor means, computer system, memory means, computer system comprising memory) which allows the first integrated circuit component to internally decrypt and store the license token received from said second integrated circuit component and to internally encrypt and transmit the license token to said second integrated circuit component .

US5473692A
CLAIM 8 . A first integrated circuit component adapted for exchanging a license token , necessary for executing a licensed software program , with a second integrated circuit component distantly separated from the first integrated circuit component , said first integrated circuit component comprising : non-volatile memory for storing a unique key pair , a device certificate of a manufacturer of the integrated circuit component , a public key of said manufacturer and the license token ;
random access memory for temporarily storing information ;
a processing unit (processor means, computer system, memory means, computer system comprising memory) , coupled to said non-volatile memory and said random access memory , for internally processing information transmitted from the second integrated circuit component so that the unique key pair , the device certificate and the public key are not accessible outside the first integrated circuit component ;
a random number generator for generating said unique key pair internally within the first integrated circuit component , said random number generator being coupled to said processing unit ;
and an interface for enabling the integrated circuit component to exchange the license token with the second integrated circuit component , said interface being coupled to said processing unit .

US5473692A
CLAIM 10 . A system adapted for transferring a license token between a remote system , the system comprising : host processing means for executing a software program ;
memory means (processor means, computer system, memory means, computer system comprising memory) for storing said software program ;
bus means for coupling said host processing means and said memory means ;
and agent means , being coupled to said bus means , for internally decrypting cryptographic information input into said agent means and encrypting cryptographic information output from said agent means , said agent means including : processing means for processing said input and output cryptographic information entirely within said agent means , first storage means for storing a unique key pair , a device certificate of a manufacturer of said agent means , a public key of said manufacturer used for decrypting said input cryptographic information and encrypting said output cryptographic information and the license token within the agent means said first storage means being coupled to said processing means ;
second storage means for temporarily storing said input and output cryptographic information , said second storage means coupled to said processing means , generating means for generating said unique key pair which are inaccessible outside the agent means , said generating means being coupled to said processing means , and interface means for providing a communication link between said system and the remote system , said interface means being coupled to said processing means .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (processing unit, bus interface, memory means) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5473692A
CLAIM 7 . The first integrated circuit component according to claim 6 , wherein said interface means includes a bus interface (processor means, computer system, memory means, computer system comprising memory) which allows the first integrated circuit component to internally decrypt and store the license token received from said second integrated circuit component and to internally encrypt and transmit the license token to said second integrated circuit component .

US5473692A
CLAIM 8 . A first integrated circuit component adapted for exchanging a license token , necessary for executing a licensed software program , with a second integrated circuit component distantly separated from the first integrated circuit component , said first integrated circuit component comprising : non-volatile memory for storing a unique key pair , a device certificate of a manufacturer of the integrated circuit component , a public key of said manufacturer and the license token ;
random access memory for temporarily storing information ;
a processing unit (processor means, computer system, memory means, computer system comprising memory) , coupled to said non-volatile memory and said random access memory , for internally processing information transmitted from the second integrated circuit component so that the unique key pair , the device certificate and the public key are not accessible outside the first integrated circuit component ;
a random number generator for generating said unique key pair internally within the first integrated circuit component , said random number generator being coupled to said processing unit ;
and an interface for enabling the integrated circuit component to exchange the license token with the second integrated circuit component , said interface being coupled to said processing unit .

US5473692A
CLAIM 10 . A system adapted for transferring a license token between a remote system , the system comprising : host processing means for executing a software program ;
memory means (processor means, computer system, memory means, computer system comprising memory) for storing said software program ;
bus means for coupling said host processing means and said memory means ;
and agent means , being coupled to said bus means , for internally decrypting cryptographic information input into said agent means and encrypting cryptographic information output from said agent means , said agent means including : processing means for processing said input and output cryptographic information entirely within said agent means , first storage means for storing a unique key pair , a device certificate of a manufacturer of said agent means , a public key of said manufacturer used for decrypting said input cryptographic information and encrypting said output cryptographic information and the license token within the agent means said first storage means being coupled to said processing means ;
second storage means for temporarily storing said input and output cryptographic information , said second storage means coupled to said processing means , generating means for generating said unique key pair which are inaccessible outside the agent means , said generating means being coupled to said processing means , and interface means for providing a communication link between said system and the remote system , said interface means being coupled to said processing means .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (public key) , when executed , is operable to detect corruption of the protected code . 		US5473692A
CLAIM 1 . A first integrated circuit component adapted for exchanging a license token , necessary for executing a licensed software program , with a second integrated circuit component , the first integrated circuit component comprising : processing means for processing information completely within said first integrated circuit component ;
first storage means for storing a unique key pair , an authentication digital certificate , a public key (security code) of a manufacturer of the first integrated circuit component and the license token within the first integrated circuit component , said first storage means being coupled to said processing means ;
second storage means for storing said information processed by said processing means , said second storage means being coupled to said processing means ;
means for generating said unique key pair to reside within the first integrated circuit component , said generating means being coupled to said processing means ;
and interface means for providing a communication link between said first integrated circuit component and the second integrated circuit component to exchange the license token , said interface means being coupled to said processing means .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (public key) is operable to delete the protected code in the event that any corruption is detected . 		US5473692A
CLAIM 1 . A first integrated circuit component adapted for exchanging a license token , necessary for executing a licensed software program , with a second integrated circuit component , the first integrated circuit component comprising : processing means for processing information completely within said first integrated circuit component ;
first storage means for storing a unique key pair , an authentication digital certificate , a public key (security code) of a manufacturer of the first integrated circuit component and the license token within the first integrated circuit component , said first storage means being coupled to said processing means ;
second storage means for storing said information processed by said processing means , said second storage means being coupled to said processing means ;
means for generating said unique key pair to reside within the first integrated circuit component , said generating means being coupled to said processing means ;
and interface means for providing a communication link between said first integrated circuit component and the second integrated circuit component to exchange the license token , said interface means being coupled to said processing means .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (public key) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US5473692A
CLAIM 1 . A first integrated circuit component adapted for exchanging a license token , necessary for executing a licensed software program , with a second integrated circuit component , the first integrated circuit component comprising : processing means for processing information completely within said first integrated circuit component ;
first storage means for storing a unique key pair , an authentication digital certificate , a public key (security code) of a manufacturer of the first integrated circuit component and the license token within the first integrated circuit component , said first storage means being coupled to said processing means ;
second storage means for storing said information processed by said processing means , said second storage means being coupled to said processing means ;
means for generating said unique key pair to reside within the first integrated circuit component , said generating means being coupled to said processing means ;
and interface means for providing a communication link between said first integrated circuit component and the second integrated circuit component to exchange the license token , said interface means being coupled to said processing means .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (public key) is embedded within the protected code . 		US5473692A
CLAIM 1 . A first integrated circuit component adapted for exchanging a license token , necessary for executing a licensed software program , with a second integrated circuit component , the first integrated circuit component comprising : processing means for processing information completely within said first integrated circuit component ;
first storage means for storing a unique key pair , an authentication digital certificate , a public key (security code) of a manufacturer of the first integrated circuit component and the license token within the first integrated circuit component , said first storage means being coupled to said processing means ;
second storage means for storing said information processed by said processing means , said second storage means being coupled to said processing means ;
means for generating said unique key pair to reside within the first integrated circuit component , said generating means being coupled to said processing means ;
and interface means for providing a communication link between said first integrated circuit component and the second integrated circuit component to exchange the license token , said interface means being coupled to said processing means .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (public key) is embedded at locations which are unused by the protected code . 		US5473692A
CLAIM 1 . A first integrated circuit component adapted for exchanging a license token , necessary for executing a licensed software program , with a second integrated circuit component , the first integrated circuit component comprising : processing means for processing information completely within said first integrated circuit component ;
first storage means for storing a unique key pair , an authentication digital certificate , a public key (security code) of a manufacturer of the first integrated circuit component and the license token within the first integrated circuit component , said first storage means being coupled to said processing means ;
second storage means for storing said information processed by said processing means , said second storage means being coupled to said processing means ;
means for generating said unique key pair to reside within the first integrated circuit component , said generating means being coupled to said processing means ;
and interface means for providing a communication link between said first integrated circuit component and the second integrated circuit component to exchange the license token , said interface means being coupled to said processing means .

US7162735B2
CLAIM 13 . The arrangement of claim 12 , wherein at least one embedding location is identified when the protected code is executed , the security means (authentication device) is written to the embedding location . 		US5473692A
CLAIM 14 . A system adapted for transferring a license token to and from a remote system , the system comprising : a memory element ;
a host processor ;
a bus for coupling said host processor and said memory element ;
and a hardware agent , being coupled to said bus , for internally decrypting input information including the license token encrypted by said remote system and encrypting output information including the license token prior to transmission to said remote system , said hardware agent including a processor for executing an encryption and decryption program within said hardware agent to obtain the license token , a non-volatile storage element for storing a uniquely designated key pair , an authentication device (security means) certificate and a manufacturer public key , all of which being used for decrypting said input information and encrypting said output information , said non-volatile storage element being coupled to said processor , a volatile storage element for temporarily storing said input and output information processed by said processor , a random number generator for generating said unique key pair inaccessible outside said hardware agent , and an interface for enabling communication between said system and said remote system , said interface being coupled to said processor .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code (public key) and to modify the call instruction to refer to the new location . 		US5473692A
CLAIM 1 . A first integrated circuit component adapted for exchanging a license token , necessary for executing a licensed software program , with a second integrated circuit component , the first integrated circuit component comprising : processing means for processing information completely within said first integrated circuit component ;
first storage means for storing a unique key pair , an authentication digital certificate , a public key (security code) of a manufacturer of the first integrated circuit component and the license token within the first integrated circuit component , said first storage means being coupled to said processing means ;
second storage means for storing said information processed by said processing means , said second storage means being coupled to said processing means ;
means for generating said unique key pair to reside within the first integrated circuit component , said generating means being coupled to said processing means ;
and interface means for providing a communication link between said first integrated circuit component and the second integrated circuit component to exchange the license token , said interface means being coupled to said processing means .

US5473692A
CLAIM 10 . A system adapted for transferring a license token between a remote system , the system comprising : host processing means for executing a software program ;
memory means for storing said software program ;
bus means for coupling said host processing means and said memory (relocation code) means ;
and agent means , being coupled to said bus means , for internally decrypting cryptographic information input into said agent means and encrypting cryptographic information output from said agent means , said agent means including : processing means for processing said input and output cryptographic information entirely within said agent means , first storage means for storing a unique key pair , a device certificate of a manufacturer of said agent means , a public key of said manufacturer used for decrypting said input cryptographic information and encrypting said output cryptographic information and the license token within the agent means said first storage means being coupled to said processing means ;
second storage means for temporarily storing said input and output cryptographic information , said second storage means coupled to said processing means , generating means for generating said unique key pair which are inaccessible outside the agent means , said generating means being coupled to said processing means , and interface means for providing a communication link between said system and the remote system , said interface means being coupled to said processing means .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US5473692A
CLAIM 10 . A system adapted for transferring a license token between a remote system , the system comprising : host processing means for executing a software program ;
memory means for storing said software program ;
bus means for coupling said host processing means and said memory (relocation code) means ;
and agent means , being coupled to said bus means , for internally decrypting cryptographic information input into said agent means and encrypting cryptographic information output from said agent means , said agent means including : processing means for processing said input and output cryptographic information entirely within said agent means , first storage means for storing a unique key pair , a device certificate of a manufacturer of said agent means , a public key of said manufacturer used for decrypting said input cryptographic information and encrypting said output cryptographic information and the license token within the agent means said first storage means being coupled to said processing means ;
second storage means for temporarily storing said input and output cryptographic information , said second storage means coupled to said processing means , generating means for generating said unique key pair which are inaccessible outside the agent means , said generating means being coupled to said processing means , and interface means for providing a communication link between said system and the remote system , said interface means being coupled to said processing means .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (processing unit, bus interface, memory means) storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (processing unit, bus interface, memory means) will cause the executable conversion code to be executed when seeking to access the protected data . 		US5473692A
CLAIM 7 . The first integrated circuit component according to claim 6 , wherein said interface means includes a bus interface (processor means, computer system, memory means, computer system comprising memory) which allows the first integrated circuit component to internally decrypt and store the license token received from said second integrated circuit component and to internally encrypt and transmit the license token to said second integrated circuit component .

US5473692A
CLAIM 8 . A first integrated circuit component adapted for exchanging a license token , necessary for executing a licensed software program , with a second integrated circuit component distantly separated from the first integrated circuit component , said first integrated circuit component comprising : non-volatile memory for storing a unique key pair , a device certificate of a manufacturer of the integrated circuit component , a public key of said manufacturer and the license token ;
random access memory for temporarily storing information ;
a processing unit (processor means, computer system, memory means, computer system comprising memory) , coupled to said non-volatile memory and said random access memory , for internally processing information transmitted from the second integrated circuit component so that the unique key pair , the device certificate and the public key are not accessible outside the first integrated circuit component ;
a random number generator for generating said unique key pair internally within the first integrated circuit component , said random number generator being coupled to said processing unit ;
and an interface for enabling the integrated circuit component to exchange the license token with the second integrated circuit component , said interface being coupled to said processing unit .

US5473692A
CLAIM 10 . A system adapted for transferring a license token between a remote system , the system comprising : host processing means for executing a software program ;
memory means (processor means, computer system, memory means, computer system comprising memory) for storing said software program ;
bus means for coupling said host processing means and said memory means ;
and agent means , being coupled to said bus means , for internally decrypting cryptographic information input into said agent means and encrypting cryptographic information output from said agent means , said agent means including : processing means for processing said input and output cryptographic information entirely within said agent means , first storage means for storing a unique key pair , a device certificate of a manufacturer of said agent means , a public key of said manufacturer used for decrypting said input cryptographic information and encrypting said output cryptographic information and the license token within the agent means said first storage means being coupled to said processing means ;
second storage means for temporarily storing said input and output cryptographic information , said second storage means coupled to said processing means , generating means for generating said unique key pair which are inaccessible outside the agent means , said generating means being coupled to said processing means , and interface means for providing a communication link between said system and the remote system , said interface means being coupled to said processing means .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (processing unit, bus interface, memory means) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5473692A
CLAIM 7 . The first integrated circuit component according to claim 6 , wherein said interface means includes a bus interface (processor means, computer system, memory means, computer system comprising memory) which allows the first integrated circuit component to internally decrypt and store the license token received from said second integrated circuit component and to internally encrypt and transmit the license token to said second integrated circuit component .

US5473692A
CLAIM 8 . A first integrated circuit component adapted for exchanging a license token , necessary for executing a licensed software program , with a second integrated circuit component distantly separated from the first integrated circuit component , said first integrated circuit component comprising : non-volatile memory for storing a unique key pair , a device certificate of a manufacturer of the integrated circuit component , a public key of said manufacturer and the license token ;
random access memory for temporarily storing information ;
a processing unit (processor means, computer system, memory means, computer system comprising memory) , coupled to said non-volatile memory and said random access memory , for internally processing information transmitted from the second integrated circuit component so that the unique key pair , the device certificate and the public key are not accessible outside the first integrated circuit component ;
a random number generator for generating said unique key pair internally within the first integrated circuit component , said random number generator being coupled to said processing unit ;
and an interface for enabling the integrated circuit component to exchange the license token with the second integrated circuit component , said interface being coupled to said processing unit .

US5473692A
CLAIM 10 . A system adapted for transferring a license token between a remote system , the system comprising : host processing means for executing a software program ;
memory means (processor means, computer system, memory means, computer system comprising memory) for storing said software program ;
bus means for coupling said host processing means and said memory means ;
and agent means , being coupled to said bus means , for internally decrypting cryptographic information input into said agent means and encrypting cryptographic information output from said agent means , said agent means including : processing means for processing said input and output cryptographic information entirely within said agent means , first storage means for storing a unique key pair , a device certificate of a manufacturer of said agent means , a public key of said manufacturer used for decrypting said input cryptographic information and encrypting said output cryptographic information and the license token within the agent means said first storage means being coupled to said processing means ;
second storage means for temporarily storing said input and output cryptographic information , said second storage means coupled to said processing means , generating means for generating said unique key pair which are inaccessible outside the agent means , said generating means being coupled to said processing means , and interface means for providing a communication link between said system and the remote system , said interface means being coupled to said processing means .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (processing unit, bus interface, memory means) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5473692A
CLAIM 7 . The first integrated circuit component according to claim 6 , wherein said interface means includes a bus interface (processor means, computer system, memory means, computer system comprising memory) which allows the first integrated circuit component to internally decrypt and store the license token received from said second integrated circuit component and to internally encrypt and transmit the license token to said second integrated circuit component .

US5473692A
CLAIM 8 . A first integrated circuit component adapted for exchanging a license token , necessary for executing a licensed software program , with a second integrated circuit component distantly separated from the first integrated circuit component , said first integrated circuit component comprising : non-volatile memory for storing a unique key pair , a device certificate of a manufacturer of the integrated circuit component , a public key of said manufacturer and the license token ;
random access memory for temporarily storing information ;
a processing unit (processor means, computer system, memory means, computer system comprising memory) , coupled to said non-volatile memory and said random access memory , for internally processing information transmitted from the second integrated circuit component so that the unique key pair , the device certificate and the public key are not accessible outside the first integrated circuit component ;
a random number generator for generating said unique key pair internally within the first integrated circuit component , said random number generator being coupled to said processing unit ;
and an interface for enabling the integrated circuit component to exchange the license token with the second integrated circuit component , said interface being coupled to said processing unit .

US5473692A
CLAIM 10 . A system adapted for transferring a license token between a remote system , the system comprising : host processing means for executing a software program ;
memory means (processor means, computer system, memory means, computer system comprising memory) for storing said software program ;
bus means for coupling said host processing means and said memory means ;
and agent means , being coupled to said bus means , for internally decrypting cryptographic information input into said agent means and encrypting cryptographic information output from said agent means , said agent means including : processing means for processing said input and output cryptographic information entirely within said agent means , first storage means for storing a unique key pair , a device certificate of a manufacturer of said agent means , a public key of said manufacturer used for decrypting said input cryptographic information and encrypting said output cryptographic information and the license token within the agent means said first storage means being coupled to said processing means ;
second storage means for temporarily storing said input and output cryptographic information , said second storage means coupled to said processing means , generating means for generating said unique key pair which are inaccessible outside the agent means , said generating means being coupled to said processing means , and interface means for providing a communication link between said system and the remote system , said interface means being coupled to said processing means .

US7162735B2
CLAIM 32 . The arrangement of claim 29 , wherein the steps include at least one step which initiates operation of security means (authentication device) operable to detect corruption of the protected data . 		US5473692A
CLAIM 14 . A system adapted for transferring a license token to and from a remote system , the system comprising : a memory element ;
a host processor ;
a bus for coupling said host processor and said memory element ;
and a hardware agent , being coupled to said bus , for internally decrypting input information including the license token encrypted by said remote system and encrypting output information including the license token prior to transmission to said remote system , said hardware agent including a processor for executing an encryption and decryption program within said hardware agent to obtain the license token , a non-volatile storage element for storing a uniquely designated key pair , an authentication device (security means) certificate and a manufacturer public key , all of which being used for decrypting said input information and encrypting said output information , said non-volatile storage element being coupled to said processor , a volatile storage element for temporarily storing said input and output information processed by said processor , a random number generator for generating said unique key pair inaccessible outside said hardware agent , and an interface for enabling communication between said system and said remote system , said interface being coupled to said processor .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (processing unit, bus interface, memory means) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5473692A
CLAIM 7 . The first integrated circuit component according to claim 6 , wherein said interface means includes a bus interface (processor means, computer system, memory means, computer system comprising memory) which allows the first integrated circuit component to internally decrypt and store the license token received from said second integrated circuit component and to internally encrypt and transmit the license token to said second integrated circuit component .

US5473692A
CLAIM 8 . A first integrated circuit component adapted for exchanging a license token , necessary for executing a licensed software program , with a second integrated circuit component distantly separated from the first integrated circuit component , said first integrated circuit component comprising : non-volatile memory for storing a unique key pair , a device certificate of a manufacturer of the integrated circuit component , a public key of said manufacturer and the license token ;
random access memory for temporarily storing information ;
a processing unit (processor means, computer system, memory means, computer system comprising memory) , coupled to said non-volatile memory and said random access memory , for internally processing information transmitted from the second integrated circuit component so that the unique key pair , the device certificate and the public key are not accessible outside the first integrated circuit component ;
a random number generator for generating said unique key pair internally within the first integrated circuit component , said random number generator being coupled to said processing unit ;
and an interface for enabling the integrated circuit component to exchange the license token with the second integrated circuit component , said interface being coupled to said processing unit .

US5473692A
CLAIM 10 . A system adapted for transferring a license token between a remote system , the system comprising : host processing means for executing a software program ;
memory means (processor means, computer system, memory means, computer system comprising memory) for storing said software program ;
bus means for coupling said host processing means and said memory means ;
and agent means , being coupled to said bus means , for internally decrypting cryptographic information input into said agent means and encrypting cryptographic information output from said agent means , said agent means including : processing means for processing said input and output cryptographic information entirely within said agent means , first storage means for storing a unique key pair , a device certificate of a manufacturer of said agent means , a public key of said manufacturer used for decrypting said input cryptographic information and encrypting said output cryptographic information and the license token within the agent means said first storage means being coupled to said processing means ;
second storage means for temporarily storing said input and output cryptographic information , said second storage means coupled to said processing means , generating means for generating said unique key pair which are inaccessible outside the agent means , said generating means being coupled to said processing means , and interface means for providing a communication link between said system and the remote system , said interface means being coupled to said processing means .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (public key) and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption (cryptographic algorithm) of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5473692A
CLAIM 1 . A first integrated circuit component adapted for exchanging a license token , necessary for executing a licensed software program , with a second integrated circuit component , the first integrated circuit component comprising : processing means for processing information completely within said first integrated circuit component ;
first storage means for storing a unique key pair , an authentication digital certificate , a public key (security code) of a manufacturer of the first integrated circuit component and the license token within the first integrated circuit component , said first storage means being coupled to said processing means ;
second storage means for storing said information processed by said processing means , said second storage means being coupled to said processing means ;
means for generating said unique key pair to reside within the first integrated circuit component , said generating means being coupled to said processing means ;
and interface means for providing a communication link between said first integrated circuit component and the second integrated circuit component to exchange the license token , said interface means being coupled to said processing means .

US5473692A
CLAIM 4 . The first integrated circuit component according to claim 2 , wherein said first storage means further includes a cryptographic algorithm (detects corruption) .

US5473692A
CLAIM 10 . A system adapted for transferring a license token between a remote system , the system comprising : host processing means for executing a software program ;
memory means for storing said software program ;
bus means for coupling said host processing means and said memory (relocation code) means ;
and agent means , being coupled to said bus means , for internally decrypting cryptographic information input into said agent means and encrypting cryptographic information output from said agent means , said agent means including : processing means for processing said input and output cryptographic information entirely within said agent means , first storage means for storing a unique key pair , a device certificate of a manufacturer of said agent means , a public key of said manufacturer used for decrypting said input cryptographic information and encrypting said output cryptographic information and the license token within the agent means said first storage means being coupled to said processing means ;
second storage means for temporarily storing said input and output cryptographic information , said second storage means coupled to said processing means , generating means for generating said unique key pair which are inaccessible outside the agent means , said generating means being coupled to said processing means , and interface means for providing a communication link between said system and the remote system , said interface means being coupled to said processing means .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (public key) ;

the security code , when called by a call instruction , detects corruption (cryptographic algorithm) of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5473692A
CLAIM 1 . A first integrated circuit component adapted for exchanging a license token , necessary for executing a licensed software program , with a second integrated circuit component , the first integrated circuit component comprising : processing means for processing information completely within said first integrated circuit component ;
first storage means for storing a unique key pair , an authentication digital certificate , a public key (security code) of a manufacturer of the first integrated circuit component and the license token within the first integrated circuit component , said first storage means being coupled to said processing means ;
second storage means for storing said information processed by said processing means , said second storage means being coupled to said processing means ;
means for generating said unique key pair to reside within the first integrated circuit component , said generating means being coupled to said processing means ;
and interface means for providing a communication link between said first integrated circuit component and the second integrated circuit component to exchange the license token , said interface means being coupled to said processing means .

US5473692A
CLAIM 4 . The first integrated circuit component according to claim 2 , wherein said first storage means further includes a cryptographic algorithm (detects corruption) .

US5473692A
CLAIM 10 . A system adapted for transferring a license token between a remote system , the system comprising : host processing means for executing a software program ;
memory means for storing said software program ;
bus means for coupling said host processing means and said memory (relocation code) means ;
and agent means , being coupled to said bus means , for internally decrypting cryptographic information input into said agent means and encrypting cryptographic information output from said agent means , said agent means including : processing means for processing said input and output cryptographic information entirely within said agent means , first storage means for storing a unique key pair , a device certificate of a manufacturer of said agent means , a public key of said manufacturer used for decrypting said input cryptographic information and encrypting said output cryptographic information and the license token within the agent means said first storage means being coupled to said processing means ;
second storage means for temporarily storing said input and output cryptographic information , said second storage means coupled to said processing means , generating means for generating said unique key pair which are inaccessible outside the agent means , said generating means being coupled to said processing means , and interface means for providing a communication link between said system and the remote system , said interface means being coupled to said processing means .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (processing unit, bus interface, memory means) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5473692A
CLAIM 7 . The first integrated circuit component according to claim 6 , wherein said interface means includes a bus interface (processor means, computer system, memory means, computer system comprising memory) which allows the first integrated circuit component to internally decrypt and store the license token received from said second integrated circuit component and to internally encrypt and transmit the license token to said second integrated circuit component .

US5473692A
CLAIM 8 . A first integrated circuit component adapted for exchanging a license token , necessary for executing a licensed software program , with a second integrated circuit component distantly separated from the first integrated circuit component , said first integrated circuit component comprising : non-volatile memory for storing a unique key pair , a device certificate of a manufacturer of the integrated circuit component , a public key of said manufacturer and the license token ;
random access memory for temporarily storing information ;
a processing unit (processor means, computer system, memory means, computer system comprising memory) , coupled to said non-volatile memory and said random access memory , for internally processing information transmitted from the second integrated circuit component so that the unique key pair , the device certificate and the public key are not accessible outside the first integrated circuit component ;
a random number generator for generating said unique key pair internally within the first integrated circuit component , said random number generator being coupled to said processing unit ;
and an interface for enabling the integrated circuit component to exchange the license token with the second integrated circuit component , said interface being coupled to said processing unit .

US5473692A
CLAIM 10 . A system adapted for transferring a license token between a remote system , the system comprising : host processing means for executing a software program ;
memory means (processor means, computer system, memory means, computer system comprising memory) for storing said software program ;
bus means for coupling said host processing means and said memory means ;
and agent means , being coupled to said bus means , for internally decrypting cryptographic information input into said agent means and encrypting cryptographic information output from said agent means , said agent means including : processing means for processing said input and output cryptographic information entirely within said agent means , first storage means for storing a unique key pair , a device certificate of a manufacturer of said agent means , a public key of said manufacturer used for decrypting said input cryptographic information and encrypting said output cryptographic information and the license token within the agent means said first storage means being coupled to said processing means ;
second storage means for temporarily storing said input and output cryptographic information , said second storage means coupled to said processing means , generating means for generating said unique key pair which are inaccessible outside the agent means , said generating means being coupled to said processing means , and interface means for providing a communication link between said system and the remote system , said interface means being coupled to said processing means .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5557346A

Filed: 1994-08-11     Issued: 1996-09-17

System and method for key escrow encryption

(Original Assignee) Trusted Information Systems Inc     (Current Assignee) McAfee LLC

Steven B. Lipner, David M. Balenson, Carl M. Ellison, Stephen T. Walker
US7162735B2
CLAIM 1 . Computer software (computer program, program product) operable to provide protection for a second item of computer software , the protection software comprising security means (first session) operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form (computer program, program product) by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5557346A
CLAIM 10 . A method for key escrow cryptography , comprising the steps of : (1) encrypting in a sender a message using a session key to form an encrypted message ;
(2) splitting in said sender said session key to form a first session (security means) key part and a second session key part ;
(3) generating in said sender a law enforcement access field by concatenating at least a first encrypted session key , obtained by encrypting said first session key part with a public portion of a key associated with a first escrow agent , with a second encrypted session key , obtained by encrypting said second session key part with a public portion of a key associated with a second escrow agent ;
(4) generating in said sender an encrypted verification string by encrypting a verification string that includes a concatenation of at least said first session key part and said second session key part with said session key ;
(5) transmitting said encrypted message , said law enforcement access field , and said encrypted verification string from said sender to a receiver ;
(6) decrypting in said receiver said encrypted verification string using said session key to recover said verification string , and extracting at least said first session key part and said second session key part from said verification string ;
(7) generating a second law enforcement access field by concatenating at least a first trial encrypted session key , obtained by encrypting said extracted first session key part with a copy of said public portion of said key associated with said first escrow agent , with a second trial encrypted session key , obtained by encrypting said extracted second session key part with a copy of said public portion of said key associated with said second escrow agent ;
(8) comparing said first law enforcement access field with said second law enforcement access field , wherein if said first law enforcement access field is equal to said second law enforcement access field , said first law enforcement access field is authentic ;
and (9) if said first law enforcement access field is authentic , then decrypting in said receiver said encrypted message using said session key .

US5557346A
CLAIM 40 . A computer program (Computer software, executable form, Computer software operable to provide protection) product , comprising : a computer usable medium having computer readable program code means embodied in said medium for implementing a cryptographic communications method , said computer readable program code means comprising : computer readable program code means for causing a computer to effect a reception of a first access field from a sender , wherein said first access field includes an encryption of at least a part of a first encryption key using a public portion of a second encryption key ;
computer readable program code means for causing a computer to effect a construction of a second access field using at least said part of said first encryption key and said public portion of said second encryption key ;
computer readable program code means for causing a computer to effect a comparison said first access field to said second access field , wherein if said first access field is equal to said second access field , said first access field is authentic ;
and computer readable program code means for causing a computer to effect a decryption an encrypted message using said first encryption key if said first access field is authentic .

US7162735B2
CLAIM 4 . A digital data arrangement (said second part, said first part) comprising protected code and security code (public key) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions (combining i) to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5557346A
CLAIM 2 . A method for key escrow cryptography for use in a system comprising a sender and a receiver , in which only public key (security code) s are stored in said sender and said receiver , a session key being available to said sender and said receiver , comprising the steps of : (1) encrypting in said sender a message using said session key to form an encrypted message ;
(2) encrypting in said sender said session key using a public portion of a first key to generate an encrypted session key ;
(3) generating in said sender a first law enforcement access field by encrypting said encrypted session key with a public portion of a second key ;
(4) transmitting said encrypted message and said first law enforcement access field from said sender to said receiver ;
(5) constructing , in said receiver , a second law enforcement access field using said session key and public information available to said receiver ;
(6) comparing in said receiver said first law enforcement access field to said second law enforcement access field , wherein if said first law enforcement access field is equal to said second law enforcement access field , said first law enforcement access field is authentic ;
and (7) if said first law enforcement access field is authentic , then decrypting in said receiver said encrypted message using said session key .

US5557346A
CLAIM 12 . The method of claim 10 in which a private portion of said key associated with said first escrow agent is maintained by said first escrow agent , and a private portion of said key associated with said second escrow agent is maintained by said second escrow agent , the method further comprising the steps of : extracting in a protected environment entity at least said first encrypted session key and said second encrypted session key from said law enforcement access field ;
decrypting in said first escrow agent said first encrypted session key using said private portion of said key associated with said first escrow agent to obtain said first session key part ;
decrypting in said second escrow agent said second encrypted session key using said private portion of said key associated with said second escrow agent to obtain said second session key part ;
combining i (call instructions) n said protected environment entity at least said first session key part and said second session key part to obtain said session key ;
and decrypting said encrypted message using said session key .

US5557346A
CLAIM 16 . The method of claim 15 , wherein said step (1) comprises the step of receiving a first access field from said sender , wherein said first access field includes an encryption of a first part of said two parts of said first encryption key using the public portion of said second encryption key , wherein said first part (processing means, one order, digital data arrangement) is an exclusive-OR of a second part of said two parts and said first encryption key .

US5557346A
CLAIM 34 . The method of claim 32 , further comprising the step of : extracting by a fourth party from said first access field a second part of said first encryption key using a private portion of a third encryption key , wherein said second part (processing means, one order, digital data arrangement) of said first encryption key is encrypted in said first access field using a public portion of said third encryption key .

US7162735B2
CLAIM 7 . Computer software (computer program, program product) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5557346A
CLAIM 40 . A computer program (Computer software, executable form, Computer software operable to provide protection) product , comprising : a computer usable medium having computer readable program code means embodied in said medium for implementing a cryptographic communications method , said computer readable program code means comprising : computer readable program code means for causing a computer to effect a reception of a first access field from a sender , wherein said first access field includes an encryption of at least a part of a first encryption key using a public portion of a second encryption key ;
computer readable program code means for causing a computer to effect a construction of a second access field using at least said part of said first encryption key and said public portion of said second encryption key ;
computer readable program code means for causing a computer to effect a comparison said first access field to said second access field , wherein if said first access field is equal to said second access field , said first access field is authentic ;
and computer readable program code means for causing a computer to effect a decryption an encrypted message using said first encryption key if said first access field is authentic .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (public key) , when executed , is operable to detect corruption of the protected code . 		US5557346A
CLAIM 2 . A method for key escrow cryptography for use in a system comprising a sender and a receiver , in which only public key (security code) s are stored in said sender and said receiver , a session key being available to said sender and said receiver , comprising the steps of : (1) encrypting in said sender a message using said session key to form an encrypted message ;
(2) encrypting in said sender said session key using a public portion of a first key to generate an encrypted session key ;
(3) generating in said sender a first law enforcement access field by encrypting said encrypted session key with a public portion of a second key ;
(4) transmitting said encrypted message and said first law enforcement access field from said sender to said receiver ;
(5) constructing , in said receiver , a second law enforcement access field using said session key and public information available to said receiver ;
(6) comparing in said receiver said first law enforcement access field to said second law enforcement access field , wherein if said first law enforcement access field is equal to said second law enforcement access field , said first law enforcement access field is authentic ;
and (7) if said first law enforcement access field is authentic , then decrypting in said receiver said encrypted message using said session key .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (public key) is operable to delete the protected code in the event that any corruption is detected . 		US5557346A
CLAIM 2 . A method for key escrow cryptography for use in a system comprising a sender and a receiver , in which only public key (security code) s are stored in said sender and said receiver , a session key being available to said sender and said receiver , comprising the steps of : (1) encrypting in said sender a message using said session key to form an encrypted message ;
(2) encrypting in said sender said session key using a public portion of a first key to generate an encrypted session key ;
(3) generating in said sender a first law enforcement access field by encrypting said encrypted session key with a public portion of a second key ;
(4) transmitting said encrypted message and said first law enforcement access field from said sender to said receiver ;
(5) constructing , in said receiver , a second law enforcement access field using said session key and public information available to said receiver ;
(6) comparing in said receiver said first law enforcement access field to said second law enforcement access field , wherein if said first law enforcement access field is equal to said second law enforcement access field , said first law enforcement access field is authentic ;
and (7) if said first law enforcement access field is authentic , then decrypting in said receiver said encrypted message using said session key .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (public key) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US5557346A
CLAIM 2 . A method for key escrow cryptography for use in a system comprising a sender and a receiver , in which only public key (security code) s are stored in said sender and said receiver , a session key being available to said sender and said receiver , comprising the steps of : (1) encrypting in said sender a message using said session key to form an encrypted message ;
(2) encrypting in said sender said session key using a public portion of a first key to generate an encrypted session key ;
(3) generating in said sender a first law enforcement access field by encrypting said encrypted session key with a public portion of a second key ;
(4) transmitting said encrypted message and said first law enforcement access field from said sender to said receiver ;
(5) constructing , in said receiver , a second law enforcement access field using said session key and public information available to said receiver ;
(6) comparing in said receiver said first law enforcement access field to said second law enforcement access field , wherein if said first law enforcement access field is equal to said second law enforcement access field , said first law enforcement access field is authentic ;
and (7) if said first law enforcement access field is authentic , then decrypting in said receiver said encrypted message using said session key .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (public key) is embedded within the protected code . 		US5557346A
CLAIM 2 . A method for key escrow cryptography for use in a system comprising a sender and a receiver , in which only public key (security code) s are stored in said sender and said receiver , a session key being available to said sender and said receiver , comprising the steps of : (1) encrypting in said sender a message using said session key to form an encrypted message ;
(2) encrypting in said sender said session key using a public portion of a first key to generate an encrypted session key ;
(3) generating in said sender a first law enforcement access field by encrypting said encrypted session key with a public portion of a second key ;
(4) transmitting said encrypted message and said first law enforcement access field from said sender to said receiver ;
(5) constructing , in said receiver , a second law enforcement access field using said session key and public information available to said receiver ;
(6) comparing in said receiver said first law enforcement access field to said second law enforcement access field , wherein if said first law enforcement access field is equal to said second law enforcement access field , said first law enforcement access field is authentic ;
and (7) if said first law enforcement access field is authentic , then decrypting in said receiver said encrypted message using said session key .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (public key) is embedded at locations which are unused by the protected code . 		US5557346A
CLAIM 2 . A method for key escrow cryptography for use in a system comprising a sender and a receiver , in which only public key (security code) s are stored in said sender and said receiver , a session key being available to said sender and said receiver , comprising the steps of : (1) encrypting in said sender a message using said session key to form an encrypted message ;
(2) encrypting in said sender said session key using a public portion of a first key to generate an encrypted session key ;
(3) generating in said sender a first law enforcement access field by encrypting said encrypted session key with a public portion of a second key ;
(4) transmitting said encrypted message and said first law enforcement access field from said sender to said receiver ;
(5) constructing , in said receiver , a second law enforcement access field using said session key and public information available to said receiver ;
(6) comparing in said receiver said first law enforcement access field to said second law enforcement access field , wherein if said first law enforcement access field is equal to said second law enforcement access field , said first law enforcement access field is authentic ;
and (7) if said first law enforcement access field is authentic , then decrypting in said receiver said encrypted message using said session key .

US7162735B2
CLAIM 13 . The arrangement of claim 12 , wherein at least one embedding location is identified when the protected code is executed , the security means (first session) is written to the embedding location . 		US5557346A
CLAIM 10 . A method for key escrow cryptography , comprising the steps of : (1) encrypting in a sender a message using a session key to form an encrypted message ;
(2) splitting in said sender said session key to form a first session (security means) key part and a second session key part ;
(3) generating in said sender a law enforcement access field by concatenating at least a first encrypted session key , obtained by encrypting said first session key part with a public portion of a key associated with a first escrow agent , with a second encrypted session key , obtained by encrypting said second session key part with a public portion of a key associated with a second escrow agent ;
(4) generating in said sender an encrypted verification string by encrypting a verification string that includes a concatenation of at least said first session key part and said second session key part with said session key ;
(5) transmitting said encrypted message , said law enforcement access field , and said encrypted verification string from said sender to a receiver ;
(6) decrypting in said receiver said encrypted verification string using said session key to recover said verification string , and extracting at least said first session key part and said second session key part from said verification string ;
(7) generating a second law enforcement access field by concatenating at least a first trial encrypted session key , obtained by encrypting said extracted first session key part with a copy of said public portion of said key associated with said first escrow agent , with a second trial encrypted session key , obtained by encrypting said extracted second session key part with a copy of said public portion of said key associated with said second escrow agent ;
(8) comparing said first law enforcement access field with said second law enforcement access field , wherein if said first law enforcement access field is equal to said second law enforcement access field , said first law enforcement access field is authentic ;
and (9) if said first law enforcement access field is authentic , then decrypting in said receiver said encrypted message using said session key .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (public key) and to modify the call instruction to refer to the new location . 		US5557346A
CLAIM 2 . A method for key escrow cryptography for use in a system comprising a sender and a receiver , in which only public key (security code) s are stored in said sender and said receiver , a session key being available to said sender and said receiver , comprising the steps of : (1) encrypting in said sender a message using said session key to form an encrypted message ;
(2) encrypting in said sender said session key using a public portion of a first key to generate an encrypted session key ;
(3) generating in said sender a first law enforcement access field by encrypting said encrypted session key with a public portion of a second key ;
(4) transmitting said encrypted message and said first law enforcement access field from said sender to said receiver ;
(5) constructing , in said receiver , a second law enforcement access field using said session key and public information available to said receiver ;
(6) comparing in said receiver said first law enforcement access field to said second law enforcement access field , wherein if said first law enforcement access field is equal to said second law enforcement access field , said first law enforcement access field is authentic ;
and (7) if said first law enforcement access field is authentic , then decrypting in said receiver said encrypted message using said session key .

US7162735B2
CLAIM 18 . A digital data arrangement (said second part, said first part) comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form (computer program, program product) by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5557346A
CLAIM 16 . The method of claim 15 , wherein said step (1) comprises the step of receiving a first access field from said sender , wherein said first access field includes an encryption of a first part of said two parts of said first encryption key using the public portion of said second encryption key , wherein said first part (processing means, one order, digital data arrangement) is an exclusive-OR of a second part of said two parts and said first encryption key .

US5557346A
CLAIM 34 . The method of claim 32 , further comprising the step of : extracting by a fourth party from said first access field a second part of said first encryption key using a private portion of a third encryption key , wherein said second part (processing means, one order, digital data arrangement) of said first encryption key is encrypted in said first access field using a public portion of said third encryption key .

US5557346A
CLAIM 40 . A computer program (Computer software, executable form, Computer software operable to provide protection) product , comprising : a computer usable medium having computer readable program code means embodied in said medium for implementing a cryptographic communications method , said computer readable program code means comprising : computer readable program code means for causing a computer to effect a reception of a first access field from a sender , wherein said first access field includes an encryption of at least a part of a first encryption key using a public portion of a second encryption key ;
computer readable program code means for causing a computer to effect a construction of a second access field using at least said part of said first encryption key and said public portion of said second encryption key ;
computer readable program code means for causing a computer to effect a comparison said first access field to said second access field , wherein if said first access field is equal to said second access field , said first access field is authentic ;
and computer readable program code means for causing a computer to effect a decryption an encrypted message using said first encryption key if said first access field is authentic .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form (computer program, program product) . 		US5557346A
CLAIM 40 . A computer program (Computer software, executable form, Computer software operable to provide protection) product , comprising : a computer usable medium having computer readable program code means embodied in said medium for implementing a cryptographic communications method , said computer readable program code means comprising : computer readable program code means for causing a computer to effect a reception of a first access field from a sender , wherein said first access field includes an encryption of at least a part of a first encryption key using a public portion of a second encryption key ;
computer readable program code means for causing a computer to effect a construction of a second access field using at least said part of said first encryption key and said public portion of said second encryption key ;
computer readable program code means for causing a computer to effect a comparison said first access field to said second access field , wherein if said first access field is equal to said second access field , said first access field is authentic ;
and computer readable program code means for causing a computer to effect a decryption an encrypted message using said first encryption key if said first access field is authentic .

US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form (computer program, program product) for subsequent execution . 		US5557346A
CLAIM 40 . A computer program (Computer software, executable form, Computer software operable to provide protection) product , comprising : a computer usable medium having computer readable program code means embodied in said medium for implementing a cryptographic communications method , said computer readable program code means comprising : computer readable program code means for causing a computer to effect a reception of a first access field from a sender , wherein said first access field includes an encryption of at least a part of a first encryption key using a public portion of a second encryption key ;
computer readable program code means for causing a computer to effect a construction of a second access field using at least said part of said first encryption key and said public portion of said second encryption key ;
computer readable program code means for causing a computer to effect a comparison said first access field to said second access field , wherein if said first access field is equal to said second access field , said first access field is authentic ;
and computer readable program code means for causing a computer to effect a decryption an encrypted message using said first encryption key if said first access field is authentic .

US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form (computer program, program product) for subsequent execution . 		US5557346A
CLAIM 40 . A computer program (Computer software, executable form, Computer software operable to provide protection) product , comprising : a computer usable medium having computer readable program code means embodied in said medium for implementing a cryptographic communications method , said computer readable program code means comprising : computer readable program code means for causing a computer to effect a reception of a first access field from a sender , wherein said first access field includes an encryption of at least a part of a first encryption key using a public portion of a second encryption key ;
computer readable program code means for causing a computer to effect a construction of a second access field using at least said part of said first encryption key and said public portion of said second encryption key ;
computer readable program code means for causing a computer to effect a comparison said first access field to said second access field , wherein if said first access field is equal to said second access field , said first access field is authentic ;
and computer readable program code means for causing a computer to effect a decryption an encrypted message using said first encryption key if said first access field is authentic .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (said second part, said first part) operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US5557346A
CLAIM 16 . The method of claim 15 , wherein said step (1) comprises the step of receiving a first access field from said sender , wherein said first access field includes an encryption of a first part of said two parts of said first encryption key using the public portion of said second encryption key , wherein said first part (processing means, one order, digital data arrangement) is an exclusive-OR of a second part of said two parts and said first encryption key .

US5557346A
CLAIM 34 . The method of claim 32 , further comprising the step of : extracting by a fourth party from said first access field a second part of said first encryption key using a private portion of a third encryption key , wherein said second part (processing means, one order, digital data arrangement) of said first encryption key is encrypted in said first access field using a public portion of said third encryption key .

US7162735B2
CLAIM 29 . A digital data arrangement (said second part, said first part) comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order (said second part, said first part) to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5557346A
CLAIM 16 . The method of claim 15 , wherein said step (1) comprises the step of receiving a first access field from said sender , wherein said first access field includes an encryption of a first part of said two parts of said first encryption key using the public portion of said second encryption key , wherein said first part (processing means, one order, digital data arrangement) is an exclusive-OR of a second part of said two parts and said first encryption key .

US5557346A
CLAIM 34 . The method of claim 32 , further comprising the step of : extracting by a fourth party from said first access field a second part of said first encryption key using a private portion of a third encryption key , wherein said second part (processing means, one order, digital data arrangement) of said first encryption key is encrypted in said first access field using a public portion of said third encryption key .

US7162735B2
CLAIM 32 . The arrangement of claim 29 , wherein the steps include at least one step which initiates operation of security means (first session) operable to detect corruption of the protected data . 		US5557346A
CLAIM 10 . A method for key escrow cryptography , comprising the steps of : (1) encrypting in a sender a message using a session key to form an encrypted message ;
(2) splitting in said sender said session key to form a first session (security means) key part and a second session key part ;
(3) generating in said sender a law enforcement access field by concatenating at least a first encrypted session key , obtained by encrypting said first session key part with a public portion of a key associated with a first escrow agent , with a second encrypted session key , obtained by encrypting said second session key part with a public portion of a key associated with a second escrow agent ;
(4) generating in said sender an encrypted verification string by encrypting a verification string that includes a concatenation of at least said first session key part and said second session key part with said session key ;
(5) transmitting said encrypted message , said law enforcement access field , and said encrypted verification string from said sender to a receiver ;
(6) decrypting in said receiver said encrypted verification string using said session key to recover said verification string , and extracting at least said first session key part and said second session key part from said verification string ;
(7) generating a second law enforcement access field by concatenating at least a first trial encrypted session key , obtained by encrypting said extracted first session key part with a copy of said public portion of said key associated with said first escrow agent , with a second trial encrypted session key , obtained by encrypting said extracted second session key part with a copy of said public portion of said key associated with said second escrow agent ;
(8) comparing said first law enforcement access field with said second law enforcement access field , wherein if said first law enforcement access field is equal to said second law enforcement access field , said first law enforcement access field is authentic ;
and (9) if said first law enforcement access field is authentic , then decrypting in said receiver said encrypted message using said session key .

US7162735B2
CLAIM 34 . A digital data arrangement (said second part, said first part) comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part (following steps) of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5557346A
CLAIM 3 . The method of claim 2 , further comprising the following steps (second part) which are performed before step (5) : generating in said sender a verification string by combining said public portion of said first key with a signature representing said public portion of said first key signed by a private portion of a third key ;
and transmitting said verification string from said sender to said receiver .

US5557346A
CLAIM 16 . The method of claim 15 , wherein said step (1) comprises the step of receiving a first access field from said sender , wherein said first access field includes an encryption of a first part of said two parts of said first encryption key using the public portion of said second encryption key , wherein said first part (processing means, one order, digital data arrangement) is an exclusive-OR of a second part of said two parts and said first encryption key .

US5557346A
CLAIM 34 . The method of claim 32 , further comprising the step of : extracting by a fourth party from said first access field a second part of said first encryption key using a private portion of a third encryption key , wherein said second part (processing means, one order, digital data arrangement) of said first encryption key is encrypted in said first access field using a public portion of said third encryption key .

US7162735B2
CLAIM 38 . A digital data arrangement (said second part, said first part) comprising protected code , security code (public key) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5557346A
CLAIM 2 . A method for key escrow cryptography for use in a system comprising a sender and a receiver , in which only public key (security code) s are stored in said sender and said receiver , a session key being available to said sender and said receiver , comprising the steps of : (1) encrypting in said sender a message using said session key to form an encrypted message ;
(2) encrypting in said sender said session key using a public portion of a first key to generate an encrypted session key ;
(3) generating in said sender a first law enforcement access field by encrypting said encrypted session key with a public portion of a second key ;
(4) transmitting said encrypted message and said first law enforcement access field from said sender to said receiver ;
(5) constructing , in said receiver , a second law enforcement access field using said session key and public information available to said receiver ;
(6) comparing in said receiver said first law enforcement access field to said second law enforcement access field , wherein if said first law enforcement access field is equal to said second law enforcement access field , said first law enforcement access field is authentic ;
and (7) if said first law enforcement access field is authentic , then decrypting in said receiver said encrypted message using said session key .

US5557346A
CLAIM 16 . The method of claim 15 , wherein said step (1) comprises the step of receiving a first access field from said sender , wherein said first access field includes an encryption of a first part of said two parts of said first encryption key using the public portion of said second encryption key , wherein said first part (processing means, one order, digital data arrangement) is an exclusive-OR of a second part of said two parts and said first encryption key .

US5557346A
CLAIM 34 . The method of claim 32 , further comprising the step of : extracting by a fourth party from said first access field a second part of said first encryption key using a private portion of a third encryption key , wherein said second part (processing means, one order, digital data arrangement) of said first encryption key is encrypted in said first access field using a public portion of said third encryption key .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions (combining i) to the security code (public key) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5557346A
CLAIM 2 . A method for key escrow cryptography for use in a system comprising a sender and a receiver , in which only public key (security code) s are stored in said sender and said receiver , a session key being available to said sender and said receiver , comprising the steps of : (1) encrypting in said sender a message using said session key to form an encrypted message ;
(2) encrypting in said sender said session key using a public portion of a first key to generate an encrypted session key ;
(3) generating in said sender a first law enforcement access field by encrypting said encrypted session key with a public portion of a second key ;
(4) transmitting said encrypted message and said first law enforcement access field from said sender to said receiver ;
(5) constructing , in said receiver , a second law enforcement access field using said session key and public information available to said receiver ;
(6) comparing in said receiver said first law enforcement access field to said second law enforcement access field , wherein if said first law enforcement access field is equal to said second law enforcement access field , said first law enforcement access field is authentic ;
and (7) if said first law enforcement access field is authentic , then decrypting in said receiver said encrypted message using said session key .

US5557346A
CLAIM 12 . The method of claim 10 in which a private portion of said key associated with said first escrow agent is maintained by said first escrow agent , and a private portion of said key associated with said second escrow agent is maintained by said second escrow agent , the method further comprising the steps of : extracting in a protected environment entity at least said first encrypted session key and said second encrypted session key from said law enforcement access field ;
decrypting in said first escrow agent said first encrypted session key using said private portion of said key associated with said first escrow agent to obtain said first session key part ;
decrypting in said second escrow agent said second encrypted session key using said private portion of said key associated with said second escrow agent to obtain said second session key part ;
combining i (call instructions) n said protected environment entity at least said first session key part and said second session key part to obtain said session key ;
and decrypting said encrypted message using said session key .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5511123A

Filed: 1994-08-04     Issued: 1996-04-23

Symmetric cryptographic system for data encryption

(Original Assignee) Northern Telecom Ltd     (Current Assignee) Entrust Ltd

Carlisle M. Adams
US7162735B2
CLAIM 5 . A computer system comprising memory means containing a digital protection arrangement (comprising steps) according to claim 4 . 		US5511123A
CLAIM 1 . In a data encryption method of cryptographically transforming plaintext into ciphertext in data blocks of a predetermined bitlength comprising a plurality of consecutive transformation rounds of half of each data block , each consecutive transformation round comprising steps (digital protection arrangement) of : selecting an internal key of a specific bit combination from key bits ;
processing the internal key by a (m×n) substitution box to generate a modified internal key , where m and n are positive even integers , m< ;
< ;
n , and ##EQU8## XORing half of each data block with the modified internal key to generate a first modified half data block ;
processing the first modified half data block by a plurality of (m×n) mutually different substitution boxes to generate a second modified half data block ;
and XORing the second modified half data block with the remaining half of the data block to generate a transformed half data block of a transformation round .

US7162735B2
CLAIM 6 . A data carrier containing software (first transformation) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5511123A
CLAIM 10 . A data encryption method of cryptographically transforming plaintext into ciphertext in data blocks according to claim 1 wherein the steps of selecting an internal key and processing the internal key to generate a modified internal key are performed for all the consecutive transformation rounds before the step of XORing a half of each data block in the first transformation (data carrier containing software) round .

US7162735B2
CLAIM 28 . A data carrier containing software (first transformation) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5511123A
CLAIM 10 . A data encryption method of cryptographically transforming plaintext into ciphertext in data blocks according to claim 1 wherein the steps of selecting an internal key and processing the internal key to generate a modified internal key are performed for all the consecutive transformation rounds before the step of XORing a half of each data block in the first transformation (data carrier containing software) round .

US7162735B2
CLAIM 30 . A data carrier containing software (first transformation) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5511123A
CLAIM 10 . A data encryption method of cryptographically transforming plaintext into ciphertext in data blocks according to claim 1 wherein the steps of selecting an internal key and processing the internal key to generate a modified internal key are performed for all the consecutive transformation rounds before the step of XORing a half of each data block in the first transformation (data carrier containing software) round .

US7162735B2
CLAIM 37 . A data carrier containing software (first transformation) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5511123A
CLAIM 10 . A data encryption method of cryptographically transforming plaintext into ciphertext in data blocks according to claim 1 wherein the steps of selecting an internal key and processing the internal key to generate a modified internal key are performed for all the consecutive transformation rounds before the step of XORing a half of each data block in the first transformation (data carrier containing software) round .

US7162735B2
CLAIM 40 . A data carrier containing software (first transformation) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5511123A
CLAIM 10 . A data encryption method of cryptographically transforming plaintext into ciphertext in data blocks according to claim 1 wherein the steps of selecting an internal key and processing the internal key to generate a modified internal key are performed for all the consecutive transformation rounds before the step of XORing a half of each data block in the first transformation (data carrier containing software) round .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5497423A

Filed: 1994-06-20     Issued: 1996-03-05

Method of implementing elliptic curve cryptosystems in digital signatures or verification and privacy communication

(Original Assignee) Panasonic Corp     (Current Assignee) Panasonic Corp

Atsuko Miyaji
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code (prime factor) which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5497423A
CLAIM 1 . A method of implementing a privacy communication comprising following procedures : (1) a network provider provides E{GF(p)} and a basepoint BP to be used for the privacy communication to each user ;
(2) each user who received E{GF(p)} and the basepoint BP selects an arbitrary natural number to find a value by adding said basepoint BP the selected natural number of times on E{GF(p)} ;
(3) each user keeps his arbitrary selected natural number in secret , while notifying the value obtained by adding the BP said natural number of times on E{GF(p)} as his public key to a user to whom he would like to send a message ;
(4) two users , who are to communicate , find a value by adding the public key their respective natural number of times on E{GF(p)} as a common key ;
(5) the two users make an agreement on a method of arithmetic operation for the public key and the message to encipher and decipher the message using the common key ;
(6) one of the two users enciphers the message in accordance with the agreement using the common key to send an enciphered message to the other user ;
and (7) the other user , upon the receipt of the enciphered message , deciphers the enciphered message in accordance with the agreement using the common key , wherein {E(GF(p)} is defined as follows : let d be a positive integer such that gives an imaginary quadratic field Q{(-d) 1/2 } a small class number ;
let p be a prime number such that a prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) of 4×p-a 2 is d×square number where a is an integer , such that one of p+1-a and p+1+a is divisible by a prime number of 30 or more digits , and such that is expressed as 2 t ±α , where t is a positive integer and α is a small positive integer ;
then an elliptic curve E has a finite field GF(p) as a definition field which has a solution modulo p for a class polynomial H d (x)=0 which is determined by d as a j-invariant .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (public key) , wherein the protected code comprises incomplete executable code (prime factor) , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5497423A
CLAIM 1 . A method of implementing a privacy communication comprising following procedures : (1) a network provider provides E{GF(p)} and a basepoint BP to be used for the privacy communication to each user ;
(2) each user who received E{GF(p)} and the basepoint BP selects an arbitrary natural number to find a value by adding said basepoint BP the selected natural number of times on E{GF(p)} ;
(3) each user keeps his arbitrary selected natural number in secret , while notifying the value obtained by adding the BP said natural number of times on E{GF(p)} as his public key (security code) to a user to whom he would like to send a message ;
(4) two users , who are to communicate , find a value by adding the public key their respective natural number of times on E{GF(p)} as a common key ;
(5) the two users make an agreement on a method of arithmetic operation for the public key and the message to encipher and decipher the message using the common key ;
(6) one of the two users enciphers the message in accordance with the agreement using the common key to send an enciphered message to the other user ;
and (7) the other user , upon the receipt of the enciphered message , deciphers the enciphered message in accordance with the agreement using the common key , wherein {E(GF(p)} is defined as follows : let d be a positive integer such that gives an imaginary quadratic field Q{(-d) 1/2 } a small class number ;
let p be a prime number such that a prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) of 4×p-a 2 is d×square number where a is an integer , such that one of p+1-a and p+1+a is divisible by a prime number of 30 or more digits , and such that is expressed as 2 t ±α , where t is a positive integer and α is a small positive integer ;
then an elliptic curve E has a finite field GF(p) as a definition field which has a solution modulo p for a class polynomial H d (x)=0 which is determined by d as a j-invariant .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (public key) , when executed , is operable to detect corruption of the protected code . 		US5497423A
CLAIM 1 . A method of implementing a privacy communication comprising following procedures : (1) a network provider provides E{GF(p)} and a basepoint BP to be used for the privacy communication to each user ;
(2) each user who received E{GF(p)} and the basepoint BP selects an arbitrary natural number to find a value by adding said basepoint BP the selected natural number of times on E{GF(p)} ;
(3) each user keeps his arbitrary selected natural number in secret , while notifying the value obtained by adding the BP said natural number of times on E{GF(p)} as his public key (security code) to a user to whom he would like to send a message ;
(4) two users , who are to communicate , find a value by adding the public key their respective natural number of times on E{GF(p)} as a common key ;
(5) the two users make an agreement on a method of arithmetic operation for the public key and the message to encipher and decipher the message using the common key ;
(6) one of the two users enciphers the message in accordance with the agreement using the common key to send an enciphered message to the other user ;
and (7) the other user , upon the receipt of the enciphered message , deciphers the enciphered message in accordance with the agreement using the common key , wherein {E(GF(p)} is defined as follows : let d be a positive integer such that gives an imaginary quadratic field Q{(-d) 1/2 } a small class number ;
let p be a prime number such that a prime factor of 4×p-a 2 is d×square number where a is an integer , such that one of p+1-a and p+1+a is divisible by a prime number of 30 or more digits , and such that is expressed as 2 t ±α , where t is a positive integer and α is a small positive integer ;
then an elliptic curve E has a finite field GF(p) as a definition field which has a solution modulo p for a class polynomial H d (x)=0 which is determined by d as a j-invariant .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (public key) is operable to delete the protected code in the event that any corruption is detected . 		US5497423A
CLAIM 1 . A method of implementing a privacy communication comprising following procedures : (1) a network provider provides E{GF(p)} and a basepoint BP to be used for the privacy communication to each user ;
(2) each user who received E{GF(p)} and the basepoint BP selects an arbitrary natural number to find a value by adding said basepoint BP the selected natural number of times on E{GF(p)} ;
(3) each user keeps his arbitrary selected natural number in secret , while notifying the value obtained by adding the BP said natural number of times on E{GF(p)} as his public key (security code) to a user to whom he would like to send a message ;
(4) two users , who are to communicate , find a value by adding the public key their respective natural number of times on E{GF(p)} as a common key ;
(5) the two users make an agreement on a method of arithmetic operation for the public key and the message to encipher and decipher the message using the common key ;
(6) one of the two users enciphers the message in accordance with the agreement using the common key to send an enciphered message to the other user ;
and (7) the other user , upon the receipt of the enciphered message , deciphers the enciphered message in accordance with the agreement using the common key , wherein {E(GF(p)} is defined as follows : let d be a positive integer such that gives an imaginary quadratic field Q{(-d) 1/2 } a small class number ;
let p be a prime number such that a prime factor of 4×p-a 2 is d×square number where a is an integer , such that one of p+1-a and p+1+a is divisible by a prime number of 30 or more digits , and such that is expressed as 2 t ±α , where t is a positive integer and α is a small positive integer ;
then an elliptic curve E has a finite field GF(p) as a definition field which has a solution modulo p for a class polynomial H d (x)=0 which is determined by d as a j-invariant .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (public key) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US5497423A
CLAIM 1 . A method of implementing a privacy communication comprising following procedures : (1) a network provider provides E{GF(p)} and a basepoint BP to be used for the privacy communication to each user ;
(2) each user who received E{GF(p)} and the basepoint BP selects an arbitrary natural number to find a value by adding said basepoint BP the selected natural number of times on E{GF(p)} ;
(3) each user keeps his arbitrary selected natural number in secret , while notifying the value obtained by adding the BP said natural number of times on E{GF(p)} as his public key (security code) to a user to whom he would like to send a message ;
(4) two users , who are to communicate , find a value by adding the public key their respective natural number of times on E{GF(p)} as a common key ;
(5) the two users make an agreement on a method of arithmetic operation for the public key and the message to encipher and decipher the message using the common key ;
(6) one of the two users enciphers the message in accordance with the agreement using the common key to send an enciphered message to the other user ;
and (7) the other user , upon the receipt of the enciphered message , deciphers the enciphered message in accordance with the agreement using the common key , wherein {E(GF(p)} is defined as follows : let d be a positive integer such that gives an imaginary quadratic field Q{(-d) 1/2 } a small class number ;
let p be a prime number such that a prime factor of 4×p-a 2 is d×square number where a is an integer , such that one of p+1-a and p+1+a is divisible by a prime number of 30 or more digits , and such that is expressed as 2 t ±α , where t is a positive integer and α is a small positive integer ;
then an elliptic curve E has a finite field GF(p) as a definition field which has a solution modulo p for a class polynomial H d (x)=0 which is determined by d as a j-invariant .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (public key) is embedded within the protected code . 		US5497423A
CLAIM 1 . A method of implementing a privacy communication comprising following procedures : (1) a network provider provides E{GF(p)} and a basepoint BP to be used for the privacy communication to each user ;
(2) each user who received E{GF(p)} and the basepoint BP selects an arbitrary natural number to find a value by adding said basepoint BP the selected natural number of times on E{GF(p)} ;
(3) each user keeps his arbitrary selected natural number in secret , while notifying the value obtained by adding the BP said natural number of times on E{GF(p)} as his public key (security code) to a user to whom he would like to send a message ;
(4) two users , who are to communicate , find a value by adding the public key their respective natural number of times on E{GF(p)} as a common key ;
(5) the two users make an agreement on a method of arithmetic operation for the public key and the message to encipher and decipher the message using the common key ;
(6) one of the two users enciphers the message in accordance with the agreement using the common key to send an enciphered message to the other user ;
and (7) the other user , upon the receipt of the enciphered message , deciphers the enciphered message in accordance with the agreement using the common key , wherein {E(GF(p)} is defined as follows : let d be a positive integer such that gives an imaginary quadratic field Q{(-d) 1/2 } a small class number ;
let p be a prime number such that a prime factor of 4×p-a 2 is d×square number where a is an integer , such that one of p+1-a and p+1+a is divisible by a prime number of 30 or more digits , and such that is expressed as 2 t ±α , where t is a positive integer and α is a small positive integer ;
then an elliptic curve E has a finite field GF(p) as a definition field which has a solution modulo p for a class polynomial H d (x)=0 which is determined by d as a j-invariant .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (public key) is embedded at locations which are unused by the protected code . 		US5497423A
CLAIM 1 . A method of implementing a privacy communication comprising following procedures : (1) a network provider provides E{GF(p)} and a basepoint BP to be used for the privacy communication to each user ;
(2) each user who received E{GF(p)} and the basepoint BP selects an arbitrary natural number to find a value by adding said basepoint BP the selected natural number of times on E{GF(p)} ;
(3) each user keeps his arbitrary selected natural number in secret , while notifying the value obtained by adding the BP said natural number of times on E{GF(p)} as his public key (security code) to a user to whom he would like to send a message ;
(4) two users , who are to communicate , find a value by adding the public key their respective natural number of times on E{GF(p)} as a common key ;
(5) the two users make an agreement on a method of arithmetic operation for the public key and the message to encipher and decipher the message using the common key ;
(6) one of the two users enciphers the message in accordance with the agreement using the common key to send an enciphered message to the other user ;
and (7) the other user , upon the receipt of the enciphered message , deciphers the enciphered message in accordance with the agreement using the common key , wherein {E(GF(p)} is defined as follows : let d be a positive integer such that gives an imaginary quadratic field Q{(-d) 1/2 } a small class number ;
let p be a prime number such that a prime factor of 4×p-a 2 is d×square number where a is an integer , such that one of p+1-a and p+1+a is divisible by a prime number of 30 or more digits , and such that is expressed as 2 t ±α , where t is a positive integer and α is a small positive integer ;
then an elliptic curve E has a finite field GF(p) as a definition field which has a solution modulo p for a class polynomial H d (x)=0 which is determined by d as a j-invariant .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (public key) and to modify the call instruction to refer to the new location . 		US5497423A
CLAIM 1 . A method of implementing a privacy communication comprising following procedures : (1) a network provider provides E{GF(p)} and a basepoint BP to be used for the privacy communication to each user ;
(2) each user who received E{GF(p)} and the basepoint BP selects an arbitrary natural number to find a value by adding said basepoint BP the selected natural number of times on E{GF(p)} ;
(3) each user keeps his arbitrary selected natural number in secret , while notifying the value obtained by adding the BP said natural number of times on E{GF(p)} as his public key (security code) to a user to whom he would like to send a message ;
(4) two users , who are to communicate , find a value by adding the public key their respective natural number of times on E{GF(p)} as a common key ;
(5) the two users make an agreement on a method of arithmetic operation for the public key and the message to encipher and decipher the message using the common key ;
(6) one of the two users enciphers the message in accordance with the agreement using the common key to send an enciphered message to the other user ;
and (7) the other user , upon the receipt of the enciphered message , deciphers the enciphered message in accordance with the agreement using the common key , wherein {E(GF(p)} is defined as follows : let d be a positive integer such that gives an imaginary quadratic field Q{(-d) 1/2 } a small class number ;
let p be a prime number such that a prime factor of 4×p-a 2 is d×square number where a is an integer , such that one of p+1-a and p+1+a is divisible by a prime number of 30 or more digits , and such that is expressed as 2 t ±α , where t is a positive integer and α is a small positive integer ;
then an elliptic curve E has a finite field GF(p) as a definition field which has a solution modulo p for a class polynomial H d (x)=0 which is determined by d as a j-invariant .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code (prime factor) (prime factor) operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5497423A
CLAIM 1 . A method of implementing a privacy communication comprising following procedures : (1) a network provider provides E{GF(p)} and a basepoint BP to be used for the privacy communication to each user ;
(2) each user who received E{GF(p)} and the basepoint BP selects an arbitrary natural number to find a value by adding said basepoint BP the selected natural number of times on E{GF(p)} ;
(3) each user keeps his arbitrary selected natural number in secret , while notifying the value obtained by adding the BP said natural number of times on E{GF(p)} as his public key to a user to whom he would like to send a message ;
(4) two users , who are to communicate , find a value by adding the public key their respective natural number of times on E{GF(p)} as a common key ;
(5) the two users make an agreement on a method of arithmetic operation for the public key and the message to encipher and decipher the message using the common key ;
(6) one of the two users enciphers the message in accordance with the agreement using the common key to send an enciphered message to the other user ;
and (7) the other user , upon the receipt of the enciphered message , deciphers the enciphered message in accordance with the agreement using the common key , wherein {E(GF(p)} is defined as follows : let d be a positive integer such that gives an imaginary quadratic field Q{(-d) 1/2 } a small class number ;
let p be a prime number such that a prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) of 4×p-a 2 is d×square number where a is an integer , such that one of p+1-a and p+1+a is divisible by a prime number of 30 or more digits , and such that is expressed as 2 t ±α , where t is a positive integer and α is a small positive integer ;
then an elliptic curve E has a finite field GF(p) as a definition field which has a solution modulo p for a class polynomial H d (x)=0 which is determined by d as a j-invariant .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code (prime factor) stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code (prime factor) is operable to convert each block into an executable form . 		US5497423A
CLAIM 1 . A method of implementing a privacy communication comprising following procedures : (1) a network provider provides E{GF(p)} and a basepoint BP to be used for the privacy communication to each user ;
(2) each user who received E{GF(p)} and the basepoint BP selects an arbitrary natural number to find a value by adding said basepoint BP the selected natural number of times on E{GF(p)} ;
(3) each user keeps his arbitrary selected natural number in secret , while notifying the value obtained by adding the BP said natural number of times on E{GF(p)} as his public key to a user to whom he would like to send a message ;
(4) two users , who are to communicate , find a value by adding the public key their respective natural number of times on E{GF(p)} as a common key ;
(5) the two users make an agreement on a method of arithmetic operation for the public key and the message to encipher and decipher the message using the common key ;
(6) one of the two users enciphers the message in accordance with the agreement using the common key to send an enciphered message to the other user ;
and (7) the other user , upon the receipt of the enciphered message , deciphers the enciphered message in accordance with the agreement using the common key , wherein {E(GF(p)} is defined as follows : let d be a positive integer such that gives an imaginary quadratic field Q{(-d) 1/2 } a small class number ;
let p be a prime number such that a prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) of 4×p-a 2 is d×square number where a is an integer , such that one of p+1-a and p+1+a is divisible by a prime number of 30 or more digits , and such that is expressed as 2 t ±α , where t is a positive integer and α is a small positive integer ;
then an elliptic curve E has a finite field GF(p) as a definition field which has a solution modulo p for a class polynomial H d (x)=0 which is determined by d as a j-invariant .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code (prime factor) and/or a data file . 		US5497423A
CLAIM 1 . A method of implementing a privacy communication comprising following procedures : (1) a network provider provides E{GF(p)} and a basepoint BP to be used for the privacy communication to each user ;
(2) each user who received E{GF(p)} and the basepoint BP selects an arbitrary natural number to find a value by adding said basepoint BP the selected natural number of times on E{GF(p)} ;
(3) each user keeps his arbitrary selected natural number in secret , while notifying the value obtained by adding the BP said natural number of times on E{GF(p)} as his public key to a user to whom he would like to send a message ;
(4) two users , who are to communicate , find a value by adding the public key their respective natural number of times on E{GF(p)} as a common key ;
(5) the two users make an agreement on a method of arithmetic operation for the public key and the message to encipher and decipher the message using the common key ;
(6) one of the two users enciphers the message in accordance with the agreement using the common key to send an enciphered message to the other user ;
and (7) the other user , upon the receipt of the enciphered message , deciphers the enciphered message in accordance with the agreement using the common key , wherein {E(GF(p)} is defined as follows : let d be a positive integer such that gives an imaginary quadratic field Q{(-d) 1/2 } a small class number ;
let p be a prime number such that a prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) of 4×p-a 2 is d×square number where a is an integer , such that one of p+1-a and p+1+a is divisible by a prime number of 30 or more digits , and such that is expressed as 2 t ±α , where t is a positive integer and α is a small positive integer ;
then an elliptic curve E has a finite field GF(p) as a definition field which has a solution modulo p for a class polynomial H d (x)=0 which is determined by d as a j-invariant .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code (prime factor) , and memory means storing the protected data , decryption instructions and conversion code (prime factor) with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code (prime factor) to be executed when seeking to access the protected data . 		US5497423A
CLAIM 1 . A method of implementing a privacy communication comprising following procedures : (1) a network provider provides E{GF(p)} and a basepoint BP to be used for the privacy communication to each user ;
(2) each user who received E{GF(p)} and the basepoint BP selects an arbitrary natural number to find a value by adding said basepoint BP the selected natural number of times on E{GF(p)} ;
(3) each user keeps his arbitrary selected natural number in secret , while notifying the value obtained by adding the BP said natural number of times on E{GF(p)} as his public key to a user to whom he would like to send a message ;
(4) two users , who are to communicate , find a value by adding the public key their respective natural number of times on E{GF(p)} as a common key ;
(5) the two users make an agreement on a method of arithmetic operation for the public key and the message to encipher and decipher the message using the common key ;
(6) one of the two users enciphers the message in accordance with the agreement using the common key to send an enciphered message to the other user ;
and (7) the other user , upon the receipt of the enciphered message , deciphers the enciphered message in accordance with the agreement using the common key , wherein {E(GF(p)} is defined as follows : let d be a positive integer such that gives an imaginary quadratic field Q{(-d) 1/2 } a small class number ;
let p be a prime number such that a prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) of 4×p-a 2 is d×square number where a is an integer , such that one of p+1-a and p+1+a is divisible by a prime number of 30 or more digits , and such that is expressed as 2 t ±α , where t is a positive integer and α is a small positive integer ;
then an elliptic curve E has a finite field GF(p) as a definition field which has a solution modulo p for a class polynomial H d (x)=0 which is determined by d as a j-invariant .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code (prime factor) executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5497423A
CLAIM 1 . A method of implementing a privacy communication comprising following procedures : (1) a network provider provides E{GF(p)} and a basepoint BP to be used for the privacy communication to each user ;
(2) each user who received E{GF(p)} and the basepoint BP selects an arbitrary natural number to find a value by adding said basepoint BP the selected natural number of times on E{GF(p)} ;
(3) each user keeps his arbitrary selected natural number in secret , while notifying the value obtained by adding the BP said natural number of times on E{GF(p)} as his public key to a user to whom he would like to send a message ;
(4) two users , who are to communicate , find a value by adding the public key their respective natural number of times on E{GF(p)} as a common key ;
(5) the two users make an agreement on a method of arithmetic operation for the public key and the message to encipher and decipher the message using the common key ;
(6) one of the two users enciphers the message in accordance with the agreement using the common key to send an enciphered message to the other user ;
and (7) the other user , upon the receipt of the enciphered message , deciphers the enciphered message in accordance with the agreement using the common key , wherein {E(GF(p)} is defined as follows : let d be a positive integer such that gives an imaginary quadratic field Q{(-d) 1/2 } a small class number ;
let p be a prime number such that a prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) of 4×p-a 2 is d×square number where a is an integer , such that one of p+1-a and p+1+a is divisible by a prime number of 30 or more digits , and such that is expressed as 2 t ±α , where t is a positive integer and α is a small positive integer ;
then an elliptic curve E has a finite field GF(p) as a definition field which has a solution modulo p for a class polynomial H d (x)=0 which is determined by d as a j-invariant .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code (prime factor) is executable to create the steps on each occasion that the executable instruction is to be executed . 		US5497423A
CLAIM 1 . A method of implementing a privacy communication comprising following procedures : (1) a network provider provides E{GF(p)} and a basepoint BP to be used for the privacy communication to each user ;
(2) each user who received E{GF(p)} and the basepoint BP selects an arbitrary natural number to find a value by adding said basepoint BP the selected natural number of times on E{GF(p)} ;
(3) each user keeps his arbitrary selected natural number in secret , while notifying the value obtained by adding the BP said natural number of times on E{GF(p)} as his public key to a user to whom he would like to send a message ;
(4) two users , who are to communicate , find a value by adding the public key their respective natural number of times on E{GF(p)} as a common key ;
(5) the two users make an agreement on a method of arithmetic operation for the public key and the message to encipher and decipher the message using the common key ;
(6) one of the two users enciphers the message in accordance with the agreement using the common key to send an enciphered message to the other user ;
and (7) the other user , upon the receipt of the enciphered message , deciphers the enciphered message in accordance with the agreement using the common key , wherein {E(GF(p)} is defined as follows : let d be a positive integer such that gives an imaginary quadratic field Q{(-d) 1/2 } a small class number ;
let p be a prime number such that a prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) of 4×p-a 2 is d×square number where a is an integer , such that one of p+1-a and p+1+a is divisible by a prime number of 30 or more digits , and such that is expressed as 2 t ±α , where t is a positive integer and α is a small positive integer ;
then an elliptic curve E has a finite field GF(p) as a definition field which has a solution modulo p for a class polynomial H d (x)=0 which is determined by d as a j-invariant .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code (prime factor) executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5497423A
CLAIM 1 . A method of implementing a privacy communication comprising following procedures : (1) a network provider provides E{GF(p)} and a basepoint BP to be used for the privacy communication to each user ;
(2) each user who received E{GF(p)} and the basepoint BP selects an arbitrary natural number to find a value by adding said basepoint BP the selected natural number of times on E{GF(p)} ;
(3) each user keeps his arbitrary selected natural number in secret , while notifying the value obtained by adding the BP said natural number of times on E{GF(p)} as his public key to a user to whom he would like to send a message ;
(4) two users , who are to communicate , find a value by adding the public key their respective natural number of times on E{GF(p)} as a common key ;
(5) the two users make an agreement on a method of arithmetic operation for the public key and the message to encipher and decipher the message using the common key ;
(6) one of the two users enciphers the message in accordance with the agreement using the common key to send an enciphered message to the other user ;
and (7) the other user , upon the receipt of the enciphered message , deciphers the enciphered message in accordance with the agreement using the common key , wherein {E(GF(p)} is defined as follows : let d be a positive integer such that gives an imaginary quadratic field Q{(-d) 1/2 } a small class number ;
let p be a prime number such that a prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) of 4×p-a 2 is d×square number where a is an integer , such that one of p+1-a and p+1+a is divisible by a prime number of 30 or more digits , and such that is expressed as 2 t ±α , where t is a positive integer and α is a small positive integer ;
then an elliptic curve E has a finite field GF(p) as a definition field which has a solution modulo p for a class polynomial H d (x)=0 which is determined by d as a j-invariant .

US7162735B2
CLAIM 36 . The arrangement of claim 34 , wherein the executable code (prime factor) is executable to create corrupt data in addition to each part of protected code . 		US5497423A
CLAIM 1 . A method of implementing a privacy communication comprising following procedures : (1) a network provider provides E{GF(p)} and a basepoint BP to be used for the privacy communication to each user ;
(2) each user who received E{GF(p)} and the basepoint BP selects an arbitrary natural number to find a value by adding said basepoint BP the selected natural number of times on E{GF(p)} ;
(3) each user keeps his arbitrary selected natural number in secret , while notifying the value obtained by adding the BP said natural number of times on E{GF(p)} as his public key to a user to whom he would like to send a message ;
(4) two users , who are to communicate , find a value by adding the public key their respective natural number of times on E{GF(p)} as a common key ;
(5) the two users make an agreement on a method of arithmetic operation for the public key and the message to encipher and decipher the message using the common key ;
(6) one of the two users enciphers the message in accordance with the agreement using the common key to send an enciphered message to the other user ;
and (7) the other user , upon the receipt of the enciphered message , deciphers the enciphered message in accordance with the agreement using the common key , wherein {E(GF(p)} is defined as follows : let d be a positive integer such that gives an imaginary quadratic field Q{(-d) 1/2 } a small class number ;
let p be a prime number such that a prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) of 4×p-a 2 is d×square number where a is an integer , such that one of p+1-a and p+1+a is divisible by a prime number of 30 or more digits , and such that is expressed as 2 t ±α , where t is a positive integer and α is a small positive integer ;
then an elliptic curve E has a finite field GF(p) as a definition field which has a solution modulo p for a class polynomial H d (x)=0 which is determined by d as a j-invariant .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (public key) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5497423A
CLAIM 1 . A method of implementing a privacy communication comprising following procedures : (1) a network provider provides E{GF(p)} and a basepoint BP to be used for the privacy communication to each user ;
(2) each user who received E{GF(p)} and the basepoint BP selects an arbitrary natural number to find a value by adding said basepoint BP the selected natural number of times on E{GF(p)} ;
(3) each user keeps his arbitrary selected natural number in secret , while notifying the value obtained by adding the BP said natural number of times on E{GF(p)} as his public key (security code) to a user to whom he would like to send a message ;
(4) two users , who are to communicate , find a value by adding the public key their respective natural number of times on E{GF(p)} as a common key ;
(5) the two users make an agreement on a method of arithmetic operation for the public key and the message to encipher and decipher the message using the common key ;
(6) one of the two users enciphers the message in accordance with the agreement using the common key to send an enciphered message to the other user ;
and (7) the other user , upon the receipt of the enciphered message , deciphers the enciphered message in accordance with the agreement using the common key , wherein {E(GF(p)} is defined as follows : let d be a positive integer such that gives an imaginary quadratic field Q{(-d) 1/2 } a small class number ;
let p be a prime number such that a prime factor of 4×p-a 2 is d×square number where a is an integer , such that one of p+1-a and p+1+a is divisible by a prime number of 30 or more digits , and such that is expressed as 2 t ±α , where t is a positive integer and α is a small positive integer ;
then an elliptic curve E has a finite field GF(p) as a definition field which has a solution modulo p for a class polynomial H d (x)=0 which is determined by d as a j-invariant .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (public key) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code (prime factor) and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5497423A
CLAIM 1 . A method of implementing a privacy communication comprising following procedures : (1) a network provider provides E{GF(p)} and a basepoint BP to be used for the privacy communication to each user ;
(2) each user who received E{GF(p)} and the basepoint BP selects an arbitrary natural number to find a value by adding said basepoint BP the selected natural number of times on E{GF(p)} ;
(3) each user keeps his arbitrary selected natural number in secret , while notifying the value obtained by adding the BP said natural number of times on E{GF(p)} as his public key (security code) to a user to whom he would like to send a message ;
(4) two users , who are to communicate , find a value by adding the public key their respective natural number of times on E{GF(p)} as a common key ;
(5) the two users make an agreement on a method of arithmetic operation for the public key and the message to encipher and decipher the message using the common key ;
(6) one of the two users enciphers the message in accordance with the agreement using the common key to send an enciphered message to the other user ;
and (7) the other user , upon the receipt of the enciphered message , deciphers the enciphered message in accordance with the agreement using the common key , wherein {E(GF(p)} is defined as follows : let d be a positive integer such that gives an imaginary quadratic field Q{(-d) 1/2 } a small class number ;
let p be a prime number such that a prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) of 4×p-a 2 is d×square number where a is an integer , such that one of p+1-a and p+1+a is divisible by a prime number of 30 or more digits , and such that is expressed as 2 t ±α , where t is a positive integer and α is a small positive integer ;
then an elliptic curve E has a finite field GF(p) as a definition field which has a solution modulo p for a class polynomial H d (x)=0 which is determined by d as a j-invariant .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5524072A

Filed: 1994-06-17     Issued: 1996-06-04

Methods and apparatus for data encryption and transmission

(Original Assignee) Enco Tone Ltd     (Current Assignee) ENCO-TONE Ltd ; Enco Tone Ltd

Isaac Labaton, Michael K. Kelly
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key (confidential information) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5524072A
CLAIM 7 . An encryption and decryption system comprising a transmitting device and a receiving device wherein the transmitting device comprises : a keypad for entering a PIN ;
means for entering confidential information (conversion key) to be transmitted to said receiving device ;
means for storing an authentication number which is unique for each transmitting device ;
means for determining date and time ;
means for computing a first reversible mathematical function in response to the entry of the personal identification number , said first function including the year , month , day , hour , and minute of encryption ;
means for encrypting said consolidated information into a message based upon said first function ;
means for transmitting said message and said authentication number to the receiving device ;
a card writer circuit configured to write said message in a digital format onto a configurable magnetic strip associated with a dynamically reconfigurable transaction card ;
and the receiving device comprises : means for receiving said message and said authentication number from the transmitting device ;
means for determining date and time ;
means for computing a second mathematical function which is the mathematical inverse of said first function ;
means for applying said second function to said message to thereby decrypt said message and reveal said confidential information ;
means for storing a data base of authentication numbers ;
and means for comparing said received authentication number to the data base of authentication numbers to thereby confirm the authenticity of said transmitting device ;
and means for applying said confidential information to a data base of account numbers to facilitate the approval of a financial transaction .

US7162735B2
CLAIM 5 . A computer system comprising memory means (writing circuit) containing a digital protection arrangement according to claim 4 . 		US5524072A
CLAIM 10 . The system of claim 7 , further comprising : a wallet-sized transaction card bearing a dynamically configurable magnetic strip for interaction with said card writing circuit (memory means) of said transmitting device such that said card writing circuit writes said message onto said configurable magnetic strip ;
and a point of sale (POS) device having a card swipe slot configured to receive said transaction card and read said message , the POS device being further configured to transmit said message to said receiving device along conventional telephone lines .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key (confidential information) from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5524072A
CLAIM 7 . An encryption and decryption system comprising a transmitting device and a receiving device wherein the transmitting device comprises : a keypad for entering a PIN ;
means for entering confidential information (conversion key) to be transmitted to said receiving device ;
means for storing an authentication number which is unique for each transmitting device ;
means for determining date and time ;
means for computing a first reversible mathematical function in response to the entry of the personal identification number , said first function including the year , month , day , hour , and minute of encryption ;
means for encrypting said consolidated information into a message based upon said first function ;
means for transmitting said message and said authentication number to the receiving device ;
a card writer circuit configured to write said message in a digital format onto a configurable magnetic strip associated with a dynamically reconfigurable transaction card ;
and the receiving device comprises : means for receiving said message and said authentication number from the transmitting device ;
means for determining date and time ;
means for computing a second mathematical function which is the mathematical inverse of said first function ;
means for applying said second function to said message to thereby decrypt said message and reveal said confidential information ;
means for storing a data base of authentication numbers ;
and means for comparing said received authentication number to the data base of authentication numbers to thereby confirm the authenticity of said transmitting device ;
and means for applying said confidential information to a data base of account numbers to facilitate the approval of a financial transaction .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (confidential information) derived from a respective target block . 		US5524072A
CLAIM 7 . An encryption and decryption system comprising a transmitting device and a receiving device wherein the transmitting device comprises : a keypad for entering a PIN ;
means for entering confidential information (conversion key) to be transmitted to said receiving device ;
means for storing an authentication number which is unique for each transmitting device ;
means for determining date and time ;
means for computing a first reversible mathematical function in response to the entry of the personal identification number , said first function including the year , month , day , hour , and minute of encryption ;
means for encrypting said consolidated information into a message based upon said first function ;
means for transmitting said message and said authentication number to the receiving device ;
a card writer circuit configured to write said message in a digital format onto a configurable magnetic strip associated with a dynamically reconfigurable transaction card ;
and the receiving device comprises : means for receiving said message and said authentication number from the transmitting device ;
means for determining date and time ;
means for computing a second mathematical function which is the mathematical inverse of said first function ;
means for applying said second function to said message to thereby decrypt said message and reveal said confidential information ;
means for storing a data base of authentication numbers ;
and means for comparing said received authentication number to the data base of authentication numbers to thereby confirm the authenticity of said transmitting device ;
and means for applying said confidential information to a data base of account numbers to facilitate the approval of a financial transaction .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (writing circuit) storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US5524072A
CLAIM 10 . The system of claim 7 , further comprising : a wallet-sized transaction card bearing a dynamically configurable magnetic strip for interaction with said card writing circuit (memory means) of said transmitting device such that said card writing circuit writes said message onto said configurable magnetic strip ;
and a point of sale (POS) device having a card swipe slot configured to receive said transaction card and read said message , the POS device being further configured to transmit said message to said receiving device along conventional telephone lines .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions (natural logarithmic function) to refer to the new location . 		US5524072A
CLAIM 11 . The system of claim 7 , wherein : said confidential information comprises a credit card account number ;
said first function includes a natural logarithmic function (remaining call instructions) of said credit card account number and a natural logarithmic function of at least a portion of said year , month , day , hour , and minute information .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5557675A

Filed: 1994-05-10     Issued: 1996-09-17

Computer controlled audio-visual system

(Original Assignee) Schupak; Donald     

Donald Schupak
US7162735B2
CLAIM 6 . A data carrier containing software (respective plurality) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5557675A
CLAIM 1 . A computer apparatus receiving an audio/video signal for controlling , in response to user input , an audio/video system including a plurality of audio/video components , comprising : a central processor receiving said user input ;
a plurality of tuners receiving a respective plurality (data carrier containing software) of tuner control signals from said central processor for tuning a plurality of selected channels from among a plurality of channels present in said audio/video signal ;
a plurality of descramblers receiving a respective plurality of descrambler control signals from said central processor and a respective plurality of tuned selected channels for descrambling the plurality of tuned selected channels when said plurality of tuned selected channels have been scrambled ;
a multiplexer receiving a multiplexer control signal from said central processor and said plurality of tuned selected channels , a plurality of descrambled signals , and said audio/video signal for multiplexing into a multiplexed signal in response to said multiplexer control signal ;
and means for providing said multiplexed signal to a plurality of demultiplexers , each of said plurality of demultiplexers outputting a demultiplexed signal to one of said plurality of audio/video components .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (processing unit) will cause the executable conversion code to be executed when seeking to access the protected data . 		US5557675A
CLAIM 8 . The apparatus of claim 1 , further comprising a data card and a data port receiving operating data from the central processing unit (processor means) for providing the operating data to a data receiving audio/video system component .

US7162735B2
CLAIM 28 . A data carrier containing software (respective plurality) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5557675A
CLAIM 1 . A computer apparatus receiving an audio/video signal for controlling , in response to user input , an audio/video system including a plurality of audio/video components , comprising : a central processor receiving said user input ;
a plurality of tuners receiving a respective plurality (data carrier containing software) of tuner control signals from said central processor for tuning a plurality of selected channels from among a plurality of channels present in said audio/video signal ;
a plurality of descramblers receiving a respective plurality of descrambler control signals from said central processor and a respective plurality of tuned selected channels for descrambling the plurality of tuned selected channels when said plurality of tuned selected channels have been scrambled ;
a multiplexer receiving a multiplexer control signal from said central processor and said plurality of tuned selected channels , a plurality of descrambled signals , and said audio/video signal for multiplexing into a multiplexed signal in response to said multiplexer control signal ;
and means for providing said multiplexed signal to a plurality of demultiplexers , each of said plurality of demultiplexers outputting a demultiplexed signal to one of said plurality of audio/video components .

US7162735B2
CLAIM 30 . A data carrier containing software (respective plurality) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5557675A
CLAIM 1 . A computer apparatus receiving an audio/video signal for controlling , in response to user input , an audio/video system including a plurality of audio/video components , comprising : a central processor receiving said user input ;
a plurality of tuners receiving a respective plurality (data carrier containing software) of tuner control signals from said central processor for tuning a plurality of selected channels from among a plurality of channels present in said audio/video signal ;
a plurality of descramblers receiving a respective plurality of descrambler control signals from said central processor and a respective plurality of tuned selected channels for descrambling the plurality of tuned selected channels when said plurality of tuned selected channels have been scrambled ;
a multiplexer receiving a multiplexer control signal from said central processor and said plurality of tuned selected channels , a plurality of descrambled signals , and said audio/video signal for multiplexing into a multiplexed signal in response to said multiplexer control signal ;
and means for providing said multiplexed signal to a plurality of demultiplexers , each of said plurality of demultiplexers outputting a demultiplexed signal to one of said plurality of audio/video components .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part (receiving audio) of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5557675A
CLAIM 8 . The apparatus of claim 1 , further comprising a data card and a data port receiving operating data from the central processing unit for providing the operating data to a data receiving audio (second part) /video system component .

US7162735B2
CLAIM 37 . A data carrier containing software (respective plurality) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5557675A
CLAIM 1 . A computer apparatus receiving an audio/video signal for controlling , in response to user input , an audio/video system including a plurality of audio/video components , comprising : a central processor receiving said user input ;
a plurality of tuners receiving a respective plurality (data carrier containing software) of tuner control signals from said central processor for tuning a plurality of selected channels from among a plurality of channels present in said audio/video signal ;
a plurality of descramblers receiving a respective plurality of descrambler control signals from said central processor and a respective plurality of tuned selected channels for descrambling the plurality of tuned selected channels when said plurality of tuned selected channels have been scrambled ;
a multiplexer receiving a multiplexer control signal from said central processor and said plurality of tuned selected channels , a plurality of descrambled signals , and said audio/video signal for multiplexing into a multiplexed signal in response to said multiplexer control signal ;
and means for providing said multiplexed signal to a plurality of demultiplexers , each of said plurality of demultiplexers outputting a demultiplexed signal to one of said plurality of audio/video components .

US7162735B2
CLAIM 40 . A data carrier containing software (respective plurality) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5557675A
CLAIM 1 . A computer apparatus receiving an audio/video signal for controlling , in response to user input , an audio/video system including a plurality of audio/video components , comprising : a central processor receiving said user input ;
a plurality of tuners receiving a respective plurality (data carrier containing software) of tuner control signals from said central processor for tuning a plurality of selected channels from among a plurality of channels present in said audio/video signal ;
a plurality of descramblers receiving a respective plurality of descrambler control signals from said central processor and a respective plurality of tuned selected channels for descrambling the plurality of tuned selected channels when said plurality of tuned selected channels have been scrambled ;
a multiplexer receiving a multiplexer control signal from said central processor and said plurality of tuned selected channels , a plurality of descrambled signals , and said audio/video signal for multiplexing into a multiplexed signal in response to said multiplexer control signal ;
and means for providing said multiplexed signal to a plurality of demultiplexers , each of said plurality of demultiplexers outputting a demultiplexed signal to one of said plurality of audio/video components .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5394469A

Filed: 1994-02-18     Issued: 1995-02-28

Method and apparatus for retrieving secure information from mass storage media

(Original Assignee) Infosafe Systems Inc     (Current Assignee) HARMONY LOGIC SYSTEMS LLC

Robert Nagel, Thomas H. Lipscomb
US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US5394469A
CLAIM 2 . The apparatus defined in claim 1 , wherein the digital bus is a small computer system (computer system) interface bus .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US5394469A
CLAIM 2 . The apparatus defined in claim 1 , wherein the digital bus is a small computer system (computer system) interface bus .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5394469A
CLAIM 2 . The apparatus defined in claim 1 , wherein the digital bus is a small computer system (computer system) interface bus .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5394469A
CLAIM 2 . The apparatus defined in claim 1 , wherein the digital bus is a small computer system (computer system) interface bus .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		US5394469A
CLAIM 1 . Apparatus for retrieving information packets from a mass storage device , at least some of which information packets are stored in said mass storage device in encrypted form , said apparatus comprising , in combination : (a) a digital bus that transmits address information , control information and data from a call initiating unit , connected to said bus , to one or more call receiving units , connected to said bus , wherein each unit connected to said bus has an associated bus address ;
(b) a host computer connected to said bus and having a first address ;
(c) a mass storage device connected to said bus and having a second address ;
and (d) a decryption controller connected to said bus and having a third address , said decryption controller including : (1) a control unit for controlling the operation of said decryption controller ;
(2) a memory ;
and (3) means for decrypting encrypted information ;
wherein the host computer has stored therein said third address as the address of said mass storage device and sends information requests via said bus to said decryption controller in lieu of said mass storage device ;
and wherein said decryption controller by means of said control unit receives information requests from said host computer and executes said information requests by sending information requests via said bus to said mass storage device , storing in said memory (relocation code) information packets received from said mass storage device in response to said information requests , decrypting encrypted portions of said information packets , if any , by said decryption means and transmitting said information packets , in decrypted form , to said host computer .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US5394469A
CLAIM 1 . Apparatus for retrieving information packets from a mass storage device , at least some of which information packets are stored in said mass storage device in encrypted form , said apparatus comprising , in combination : (a) a digital bus that transmits address information , control information and data from a call initiating unit , connected to said bus , to one or more call receiving units , connected to said bus , wherein each unit connected to said bus has an associated bus address ;
(b) a host computer connected to said bus and having a first address ;
(c) a mass storage device connected to said bus and having a second address ;
and (d) a decryption controller connected to said bus and having a third address , said decryption controller including : (1) a control unit for controlling the operation of said decryption controller ;
(2) a memory ;
and (3) means for decrypting encrypted information ;
wherein the host computer has stored therein said third address as the address of said mass storage device and sends information requests via said bus to said decryption controller in lieu of said mass storage device ;
and wherein said decryption controller by means of said control unit receives information requests from said host computer and executes said information requests by sending information requests via said bus to said mass storage device , storing in said memory (relocation code) information packets received from said mass storage device in response to said information requests , decrypting encrypted portions of said information packets , if any , by said decryption means and transmitting said information packets , in decrypted form , to said host computer .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code and/or a data file (second address) . 		US5394469A
CLAIM 1 . Apparatus for retrieving information packets from a mass storage device , at least some of which information packets are stored in said mass storage device in encrypted form , said apparatus comprising , in combination : (a) a digital bus that transmits address information , control information and data from a call initiating unit , connected to said bus , to one or more call receiving units , connected to said bus , wherein each unit connected to said bus has an associated bus address ;
(b) a host computer connected to said bus and having a first address ;
(c) a mass storage device connected to said bus and having a second address (data file) ;
and (d) a decryption controller connected to said bus and having a third address , said decryption controller including : (1) a control unit for controlling the operation of said decryption controller ;
(2) a memory ;
and (3) means for decrypting encrypted information ;
wherein the host computer has stored therein said third address as the address of said mass storage device and sends information requests via said bus to said decryption controller in lieu of said mass storage device ;
and wherein said decryption controller by means of said control unit receives information requests from said host computer and executes said information requests by sending information requests via said bus to said mass storage device , storing in said memory information packets received from said mass storage device in response to said information requests , decrypting encrypted portions of said information packets , if any , by said decryption means and transmitting said information packets , in decrypted form , to said host computer .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (control unit) will cause the executable conversion code to be executed when seeking to access the protected data . 		US5394469A
CLAIM 1 . Apparatus for retrieving information packets from a mass storage device , at least some of which information packets are stored in said mass storage device in encrypted form , said apparatus comprising , in combination : (a) a digital bus that transmits address information , control information and data from a call initiating unit , connected to said bus , to one or more call receiving units , connected to said bus , wherein each unit connected to said bus has an associated bus address ;
(b) a host computer connected to said bus and having a first address ;
(c) a mass storage device connected to said bus and having a second address ;
and (d) a decryption controller connected to said bus and having a third address , said decryption controller including : (1) a control unit (processor means) for controlling the operation of said decryption controller ;
(2) a memory ;
and (3) means for decrypting encrypted information ;
wherein the host computer has stored therein said third address as the address of said mass storage device and sends information requests via said bus to said decryption controller in lieu of said mass storage device ;
and wherein said decryption controller by means of said control unit receives information requests from said host computer and executes said information requests by sending information requests via said bus to said mass storage device , storing in said memory information packets received from said mass storage device in response to said information requests , decrypting encrypted portions of said information packets , if any , by said decryption means and transmitting said information packets , in decrypted form , to said host computer .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5394469A
CLAIM 2 . The apparatus defined in claim 1 , wherein the digital bus is a small computer system (computer system) interface bus .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5394469A
CLAIM 2 . The apparatus defined in claim 1 , wherein the digital bus is a small computer system (computer system) interface bus .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5394469A
CLAIM 2 . The apparatus defined in claim 1 , wherein the digital bus is a small computer system (computer system) interface bus .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5394469A
CLAIM 1 . Apparatus for retrieving information packets from a mass storage device , at least some of which information packets are stored in said mass storage device in encrypted form , said apparatus comprising , in combination : (a) a digital bus that transmits address information , control information and data from a call initiating unit , connected to said bus , to one or more call receiving units , connected to said bus , wherein each unit connected to said bus has an associated bus address ;
(b) a host computer connected to said bus and having a first address ;
(c) a mass storage device connected to said bus and having a second address ;
and (d) a decryption controller connected to said bus and having a third address , said decryption controller including : (1) a control unit for controlling the operation of said decryption controller ;
(2) a memory ;
and (3) means for decrypting encrypted information ;
wherein the host computer has stored therein said third address as the address of said mass storage device and sends information requests via said bus to said decryption controller in lieu of said mass storage device ;
and wherein said decryption controller by means of said control unit receives information requests from said host computer and executes said information requests by sending information requests via said bus to said mass storage device , storing in said memory (relocation code) information packets received from said mass storage device in response to said information requests , decrypting encrypted portions of said information packets , if any , by said decryption means and transmitting said information packets , in decrypted form , to said host computer .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5394469A
CLAIM 1 . Apparatus for retrieving information packets from a mass storage device , at least some of which information packets are stored in said mass storage device in encrypted form , said apparatus comprising , in combination : (a) a digital bus that transmits address information , control information and data from a call initiating unit , connected to said bus , to one or more call receiving units , connected to said bus , wherein each unit connected to said bus has an associated bus address ;
(b) a host computer connected to said bus and having a first address ;
(c) a mass storage device connected to said bus and having a second address ;
and (d) a decryption controller connected to said bus and having a third address , said decryption controller including : (1) a control unit for controlling the operation of said decryption controller ;
(2) a memory ;
and (3) means for decrypting encrypted information ;
wherein the host computer has stored therein said third address as the address of said mass storage device and sends information requests via said bus to said decryption controller in lieu of said mass storage device ;
and wherein said decryption controller by means of said control unit receives information requests from said host computer and executes said information requests by sending information requests via said bus to said mass storage device , storing in said memory (relocation code) information packets received from said mass storage device in response to said information requests , decrypting encrypted portions of said information packets , if any , by said decryption means and transmitting said information packets , in decrypted form , to said host computer .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5394469A
CLAIM 2 . The apparatus defined in claim 1 , wherein the digital bus is a small computer system (computer system) interface bus .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5553143A

Filed: 1994-02-04     Issued: 1996-09-03

Method and apparatus for electronic licensing

(Original Assignee) Micro Focus Software Inc     (Current Assignee) RPX Corp

Cliff D. Ross, Neil W. Taylor, Kevin W. Kingdon, Howard R. Davis, Drew Major
US7162735B2
CLAIM 1 . Computer software (second computer) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5553143A
CLAIM 1 . A method of electronic licensing comprising the steps of : creating , using a first computer system , a plurality of licenses independent of a manufacture of a product , each of said plurality of licenses stored in a license document ;
storing said plurality of licenses in a database in a second computer (Computer software) system ;
extracting from said database one or more licenses from said plurality of licenses ;
installing said one or more licenses on a third computer system independent of an installation of said product , wherein said third computer system operates independently of and separate from said first and second computer systems ;
and validating said one or more licenses using a license enforcement process executing in said third computer system .

US7162735B2
CLAIM 7 . Computer software (second computer) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5553143A
CLAIM 1 . A method of electronic licensing comprising the steps of : creating , using a first computer system , a plurality of licenses independent of a manufacture of a product , each of said plurality of licenses stored in a license document ;
storing said plurality of licenses in a database in a second computer (Computer software) system ;
extracting from said database one or more licenses from said plurality of licenses ;
installing said one or more licenses on a third computer system independent of an installation of said product , wherein said third computer system operates independently of and separate from said first and second computer systems ;
and validating said one or more licenses using a license enforcement process executing in said third computer system .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		US5553143A
CLAIM 31 . The licensing system of claim 31 , wherein said distribution system is configured to selectably provide a second license having a second set of access parameters to said memory (relocation code) , and wherein said access regulator is responsive to said second access parameters to facilitate access to the software according to said second access parameters .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US5553143A
CLAIM 31 . The licensing system of claim 31 , wherein said distribution system is configured to selectably provide a second license having a second set of access parameters to said memory (relocation code) , and wherein said access regulator is responsive to said second access parameters to facilitate access to the software according to said second access parameters .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (said first portion) will cause the executable conversion code to be executed when seeking to access the protected data . 		US5553143A
CLAIM 18 . A method of creating an electronic license comprising the steps of : determining values for information fields that define said electronic license ;
storing said values in a first portion of a license document associated with said electronic license ;
calculating a first digest of said first portion (processor means) of said license document ;
generating an encoded version of said first portion of said license using an encryption key ;
storing said encoded version in a second portion of said license document .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part (following steps) of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5553143A
CLAIM 19 . A method of installing an electronic license comprising the steps of : copying said electronic license to a computer system' ;
s store ;
performing the following steps (second part) when said electronic license is an upgrade license : a . obtaining an anchor serial number from an anchor license in said license chain ;
b . comparing an upgrade serial number of said upgrade license with said anchor serial number ;
c . removing said upgrade license from said computer system' ;
s store when said anchor serial number and said upgrade serial number are not equal ;
d . determining a current maximum number of connections allowed by said upgrade license' ;
s predecessor license ;
e . comparing said current maximum number of connections allowed with said upgrade license' ;
s previous number of connections allowed ;
f . removing said upgrade license from said computer system' ;
s store when said current maximum number of connections allowed is not equal to said previous number of connections allowed .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5553143A
CLAIM 31 . The licensing system of claim 31 , wherein said distribution system is configured to selectably provide a second license having a second set of access parameters to said memory (relocation code) , and wherein said access regulator is responsive to said second access parameters to facilitate access to the software according to said second access parameters .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5553143A
CLAIM 31 . The licensing system of claim 31 , wherein said distribution system is configured to selectably provide a second license having a second set of access parameters to said memory (relocation code) , and wherein said access regulator is responsive to said second access parameters to facilitate access to the software according to said second access parameters .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5509074A

Filed: 1994-01-27     Issued: 1996-04-16

Method of protecting electronically published materials using cryptographic protocols

(Original Assignee) AT&T Corp     (Current Assignee) AT&T Corp

Abhijit K. Choudhury, Nicholas F. Maxemchuk, Sanjoy Paul, Henning G. Schulzrinne
US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US5509074A
CLAIM 1 . A method of protecting electronically published documents , which comprises the step of : operating a computer system (computer system) , including a copyright server and a document server connected thereto , and a network for electronic publication of documents stored in the document server , and including therein the steps of : a .) receiving requests for documents from a plurality of users having computers with display devices or printers , said computers being connected by said network to said computer system , said requests including unique user identification for each of said plurality of users ;
b .) authenticating said requests from said plurality of users with the copyright server ;
c .) using said copyright server to direct the document server to act upon proper authentication of each request ;
d .) in response to direction from said copyright server , using the document server to create encrypted documents from an encoded document along with a unique identification for each authenticated request and forwarding said documents to each authenticated request user through said network to corresponding agents located at each authenticated request user , each of said agents being selected from display agents and printer agents ;
e .) encoding a requested document as an encoded document using the document server so that each encoded document created is uniquely encoded based upon said unique identification ;
and , f .) decrypting said documents at each of said agents and making said documents available for use only in response to receiving correct secret keys provided by said authenticated request user to said agents .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US5509074A
CLAIM 1 . A method of protecting electronically published documents , which comprises the step of : operating a computer system (computer system) , including a copyright server and a document server connected thereto , and a network for electronic publication of documents stored in the document server , and including therein the steps of : a . ) receiving requests for documents from a plurality of users having computers with display devices or printers , said computers being connected by said network to said computer system , said requests including unique user identification for each of said plurality of users ;
b . ) authenticating said requests from said plurality of users with the copyright server ;
c . ) using said copyright server to direct the document server to act upon proper authentication of each request ;
d . ) in response to direction from said copyright server , using the document server to create encrypted documents from an encoded document along with a unique identification for each authenticated request and forwarding said documents to each authenticated request user through said network to corresponding agents located at each authenticated request user , each of said agents being selected from display agents and printer agents ;
e . ) encoding a requested document as an encoded document using the document server so that each encoded document created is uniquely encoded based upon said unique identification ;
and , f . ) decrypting said documents at each of said agents and making said documents available for use only in response to receiving correct secret keys provided by said authenticated request user to said agents .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5509074A
CLAIM 1 . A method of protecting electronically published documents , which comprises the step of : operating a computer system (computer system) , including a copyright server and a document server connected thereto , and a network for electronic publication of documents stored in the document server , and including therein the steps of : a . ) receiving requests for documents from a plurality of users having computers with display devices or printers , said computers being connected by said network to said computer system , said requests including unique user identification for each of said plurality of users ;
b . ) authenticating said requests from said plurality of users with the copyright server ;
c . ) using said copyright server to direct the document server to act upon proper authentication of each request ;
d . ) in response to direction from said copyright server , using the document server to create encrypted documents from an encoded document along with a unique identification for each authenticated request and forwarding said documents to each authenticated request user through said network to corresponding agents located at each authenticated request user , each of said agents being selected from display agents and printer agents ;
e . ) encoding a requested document as an encoded document using the document server so that each encoded document created is uniquely encoded based upon said unique identification ;
and , f . ) decrypting said documents at each of said agents and making said documents available for use only in response to receiving correct secret keys provided by said authenticated request user to said agents .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5509074A
CLAIM 1 . A method of protecting electronically published documents , which comprises the step of : operating a computer system (computer system) , including a copyright server and a document server connected thereto , and a network for electronic publication of documents stored in the document server , and including therein the steps of : a . ) receiving requests for documents from a plurality of users having computers with display devices or printers , said computers being connected by said network to said computer system , said requests including unique user identification for each of said plurality of users ;
b . ) authenticating said requests from said plurality of users with the copyright server ;
c . ) using said copyright server to direct the document server to act upon proper authentication of each request ;
d . ) in response to direction from said copyright server , using the document server to create encrypted documents from an encoded document along with a unique identification for each authenticated request and forwarding said documents to each authenticated request user through said network to corresponding agents located at each authenticated request user , each of said agents being selected from display agents and printer agents ;
e . ) encoding a requested document as an encoded document using the document server so that each encoded document created is uniquely encoded based upon said unique identification ;
and , f . ) decrypting said documents at each of said agents and making said documents available for use only in response to receiving correct secret keys provided by said authenticated request user to said agents .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5509074A
CLAIM 1 . A method of protecting electronically published documents , which comprises the step of : operating a computer system (computer system) , including a copyright server and a document server connected thereto , and a network for electronic publication of documents stored in the document server , and including therein the steps of : a . ) receiving requests for documents from a plurality of users having computers with display devices or printers , said computers being connected by said network to said computer system , said requests including unique user identification for each of said plurality of users ;
b . ) authenticating said requests from said plurality of users with the copyright server ;
c . ) using said copyright server to direct the document server to act upon proper authentication of each request ;
d . ) in response to direction from said copyright server , using the document server to create encrypted documents from an encoded document along with a unique identification for each authenticated request and forwarding said documents to each authenticated request user through said network to corresponding agents located at each authenticated request user , each of said agents being selected from display agents and printer agents ;
e . ) encoding a requested document as an encoded document using the document server so that each encoded document created is uniquely encoded based upon said unique identification ;
and , f . ) decrypting said documents at each of said agents and making said documents available for use only in response to receiving correct secret keys provided by said authenticated request user to said agents .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order (unique identification) to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5509074A
CLAIM 1 . A method of protecting electronically published documents , which comprises the step of : operating a computer system , including a copyright server and a document server connected thereto , and a network for electronic publication of documents stored in the document server , and including therein the steps of : a . ) receiving requests for documents from a plurality of users having computers with display devices or printers , said computers being connected by said network to said computer system , said requests including unique user identification for each of said plurality of users ;
b . ) authenticating said requests from said plurality of users with the copyright server ;
c . ) using said copyright server to direct the document server to act upon proper authentication of each request ;
d . ) in response to direction from said copyright server , using the document server to create encrypted documents from an encoded document along with a unique identification (one order) for each authenticated request and forwarding said documents to each authenticated request user through said network to corresponding agents located at each authenticated request user , each of said agents being selected from display agents and printer agents ;
e . ) encoding a requested document as an encoded document using the document server so that each encoded document created is uniquely encoded based upon said unique identification ;
and , f . ) decrypting said documents at each of said agents and making said documents available for use only in response to receiving correct secret keys provided by said authenticated request user to said agents .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5509074A
CLAIM 1 . A method of protecting electronically published documents , which comprises the step of : operating a computer system (computer system) , including a copyright server and a document server connected thereto , and a network for electronic publication of documents stored in the document server , and including therein the steps of : a . ) receiving requests for documents from a plurality of users having computers with display devices or printers , said computers being connected by said network to said computer system , said requests including unique user identification for each of said plurality of users ;
b . ) authenticating said requests from said plurality of users with the copyright server ;
c . ) using said copyright server to direct the document server to act upon proper authentication of each request ;
d . ) in response to direction from said copyright server , using the document server to create encrypted documents from an encoded document along with a unique identification for each authenticated request and forwarding said documents to each authenticated request user through said network to corresponding agents located at each authenticated request user , each of said agents being selected from display agents and printer agents ;
e . ) encoding a requested document as an encoded document using the document server so that each encoded document created is uniquely encoded based upon said unique identification ;
and , f . ) decrypting said documents at each of said agents and making said documents available for use only in response to receiving correct secret keys provided by said authenticated request user to said agents .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5509074A
CLAIM 1 . A method of protecting electronically published documents , which comprises the step of : operating a computer system (computer system) , including a copyright server and a document server connected thereto , and a network for electronic publication of documents stored in the document server , and including therein the steps of : a . ) receiving requests for documents from a plurality of users having computers with display devices or printers , said computers being connected by said network to said computer system , said requests including unique user identification for each of said plurality of users ;
b . ) authenticating said requests from said plurality of users with the copyright server ;
c . ) using said copyright server to direct the document server to act upon proper authentication of each request ;
d . ) in response to direction from said copyright server , using the document server to create encrypted documents from an encoded document along with a unique identification for each authenticated request and forwarding said documents to each authenticated request user through said network to corresponding agents located at each authenticated request user , each of said agents being selected from display agents and printer agents ;
e . ) encoding a requested document as an encoded document using the document server so that each encoded document created is uniquely encoded based upon said unique identification ;
and , f . ) decrypting said documents at each of said agents and making said documents available for use only in response to receiving correct secret keys provided by said authenticated request user to said agents .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5509074A
CLAIM 1 . A method of protecting electronically published documents , which comprises the step of : operating a computer system (computer system) , including a copyright server and a document server connected thereto , and a network for electronic publication of documents stored in the document server , and including therein the steps of : a . ) receiving requests for documents from a plurality of users having computers with display devices or printers , said computers being connected by said network to said computer system , said requests including unique user identification for each of said plurality of users ;
b . ) authenticating said requests from said plurality of users with the copyright server ;
c . ) using said copyright server to direct the document server to act upon proper authentication of each request ;
d . ) in response to direction from said copyright server , using the document server to create encrypted documents from an encoded document along with a unique identification for each authenticated request and forwarding said documents to each authenticated request user through said network to corresponding agents located at each authenticated request user , each of said agents being selected from display agents and printer agents ;
e . ) encoding a requested document as an encoded document using the document server so that each encoded document created is uniquely encoded based upon said unique identification ;
and , f . ) decrypting said documents at each of said agents and making said documents available for use only in response to receiving correct secret keys provided by said authenticated request user to said agents .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5473687A

Filed: 1993-12-29     Issued: 1995-12-05

Method for retrieving secure information from a database

(Original Assignee) Infosafe Systems Inc     (Current Assignee) HARMONY LOGIC SYSTEMS LLC

Thomas H. Lipscomb, Robert H. Nagel
US7162735B2
CLAIM 5 . A computer system comprising memory means containing a digital protection (stored information) arrangement according to claim 4 . 		US5473687A
CLAIM 1 . A method of retrieving a packet of informational digital data which is stored in encrypted form , said method comprising the steps of : (a) retrieving the stored information (digital protection) al data packet (IDP) ;
(b) decrypting the IDP into a first sequence of digital data ;
(c) expanding the first sequence of digital data into a second sequence of digital data which is so large as to be inconvenient for permanent storage , said expanding step including the step of embedding said first sequence of digital data in a series of pseudorandom digital data which is substantially equal to 1-5 megabytes or more in length , such that said second sequence is substantially equal to 1 . 5 megabytes or more in length and is not compressible ;
(d) storing said second sequence of digital data ;
(e) retrieving the stored second sequence of digital data ;
and (f) extracting the IDP from said second sequence .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion (removable storage) code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5473687A
CLAIM 12 . The method defined in claim 1 , wherein said length of said second sequence is greater than the largest hand-held , removable storage (executable conversion) medium .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion (removable storage) code to be executed when seeking to access the protected data . 		US5473687A
CLAIM 12 . The method defined in claim 1 , wherein said length of said second sequence is greater than the largest hand-held , removable storage (executable conversion) medium .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5625690A

Filed: 1993-11-15     Issued: 1997-04-29

Software pay per use system

(Original Assignee) Nokia of America Corp     (Current Assignee) AT&T Corp ; Nokia of America Corp

Alan D. Michel, Robert E. Reinke
US7162735B2
CLAIM 1 . Computer software (computer program) operable to provide protection for a second item of computer software (computer software) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5625690A
CLAIM 1 . A system for the validation and use of secured computer software (computer software) , said secured computer software including encrypted computer program (Computer software) code and user validation program code , said system comprising : a software validation system ;
a software user system ;
a communications network connected to the software validation system and the software user system for the transmission of data between the systems ;
said software validation system comprising : means for storing at least one decryption key , means for receiving from said software user system over said communications network an identification of secured software , means for recording the receipt of said identification of secured software , and means for transmitting to said software user system over said communications network a decryption key chosen from said at least one stored decryption key ;
said software user system further comprising : means for transmitting said secured software identification to the software validation system over said communications network , means for receiving said decryption key from said software validation system over said communications network , means for decrypting said encrypted computer program code using said chosen decryption key ;
processor means for executing said decrypted computer program code ;
and means for preventing the decryption of said encrypted computer program code and execution of said decrypted computer program code unless said secured software identification is transmitted to the validation system over the communications network prior to each and every execution of said decrypted computer program code .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (computer software) in accordance with claim 1 . 		US5625690A
CLAIM 1 . A system for the validation and use of secured computer software (computer software) , said secured computer software including encrypted computer program code and user validation program code , said system comprising : a software validation system ;
a software user system ;
a communications network connected to the software validation system and the software user system for the transmission of data between the systems ;
said software validation system comprising : means for storing at least one decryption key , means for receiving from said software user system over said communications network an identification of secured software , means for recording the receipt of said identification of secured software , and means for transmitting to said software user system over said communications network a decryption key chosen from said at least one stored decryption key ;
said software user system further comprising : means for transmitting said secured software identification to the software validation system over said communications network , means for receiving said decryption key from said software validation system over said communications network , means for decrypting said encrypted computer program code using said chosen decryption key ;
processor means for executing said decrypted computer program code ;
and means for preventing the decryption of said encrypted computer program code and execution of said decrypted computer program code unless said secured software identification is transmitted to the validation system over the communications network prior to each and every execution of said decrypted computer program code .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (computer software) protected by means of computer software in accordance with claim 1 . 		US5625690A
CLAIM 1 . A system for the validation and use of secured computer software (computer software) , said secured computer software including encrypted computer program code and user validation program code , said system comprising : a software validation system ;
a software user system ;
a communications network connected to the software validation system and the software user system for the transmission of data between the systems ;
said software validation system comprising : means for storing at least one decryption key , means for receiving from said software user system over said communications network an identification of secured software , means for recording the receipt of said identification of secured software , and means for transmitting to said software user system over said communications network a decryption key chosen from said at least one stored decryption key ;
said software user system further comprising : means for transmitting said secured software identification to the software validation system over said communications network , means for receiving said decryption key from said software validation system over said communications network , means for decrypting said encrypted computer program code using said chosen decryption key ;
processor means for executing said decrypted computer program code ;
and means for preventing the decryption of said encrypted computer program code and execution of said decrypted computer program code unless said secured software identification is transmitted to the validation system over the communications network prior to each and every execution of said decrypted computer program code .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions (phone number) to the security code , and the security code , when executed , replaces a respective call (phone number) instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5625690A
CLAIM 2 . The system of claim 1 wherein the communication over said communications network is initiated by a telephone call to a per call service fee telephone number (respective call, call instructions) .

US7162735B2
CLAIM 7 . Computer software (computer program) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5625690A
CLAIM 1 . A system for the validation and use of secured computer software , said secured computer software including encrypted computer program (Computer software) code and user validation program code , said system comprising : a software validation system ;
a software user system ;
a communications network connected to the software validation system and the software user system for the transmission of data between the systems ;
said software validation system comprising : means for storing at least one decryption key , means for receiving from said software user system over said communications network an identification of secured software , means for recording the receipt of said identification of secured software , and means for transmitting to said software user system over said communications network a decryption key chosen from said at least one stored decryption key ;
said software user system further comprising : means for transmitting said secured software identification to the software validation system over said communications network , means for receiving said decryption key from said software validation system over said communications network , means for decrypting said encrypted computer program code using said chosen decryption key ;
processor means for executing said decrypted computer program code ;
and means for preventing the decryption of said encrypted computer program code and execution of said decrypted computer program code unless said secured software identification is transmitted to the validation system over the communications network prior to each and every execution of said decrypted computer program code .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		US5625690A
CLAIM 7 . The end user computer system of claim 3 further comprising : a memory unit connected to said processor means , said memory (relocation code) unit comprising a plurality of memory locations , wherein said enforcement means further comprises : means for storing a first portion of said decryption key in a first memory location ;
and means for storing a second portion of said decryption key in a second memory location .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US5625690A
CLAIM 7 . The end user computer system of claim 3 further comprising : a memory unit connected to said processor means , said memory (relocation code) unit comprising a plurality of memory locations , wherein said enforcement means further comprises : means for storing a first portion of said decryption key in a first memory location ;
and means for storing a second portion of said decryption key in a second memory location .

US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (memory location) for decryption . 		US5625690A
CLAIM 7 . The end user computer system of claim 3 further comprising : a memory unit connected to said processor means , said memory unit comprising a plurality of memory location (executable instructions, executable instruction, decryption instructions, memory location) s , wherein said enforcement means further comprises : means for storing a first portion of said decryption key in a first memory location ;
and means for storing a second portion of said decryption key in a second memory location .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (memory location) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5625690A
CLAIM 7 . The end user computer system of claim 3 further comprising : a memory unit connected to said processor means , said memory unit comprising a plurality of memory location (executable instructions, executable instruction, decryption instructions, memory location) s , wherein said enforcement means further comprises : means for storing a first portion of said decryption key in a first memory location ;
and means for storing a second portion of said decryption key in a second memory location .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (memory location) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		US5625690A
CLAIM 7 . The end user computer system of claim 3 further comprising : a memory unit connected to said processor means , said memory unit comprising a plurality of memory location (executable instructions, executable instruction, decryption instructions, memory location) s , wherein said enforcement means further comprises : means for storing a first portion of said decryption key in a first memory location ;
and means for storing a second portion of said decryption key in a second memory location .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (memory location) . 		US5625690A
CLAIM 7 . The end user computer system of claim 3 further comprising : a memory unit connected to said processor means , said memory unit comprising a plurality of memory location (executable instructions, executable instruction, decryption instructions, memory location) s , wherein said enforcement means further comprises : means for storing a first portion of said decryption key in a first memory location ;
and means for storing a second portion of said decryption key in a second memory location .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions (memory location) and conversion code with a start point at a memory location (memory location) indicated within the arrangement as the start point for the protected data , whereby the processor means (processor means) will cause the executable conversion code to be executed when seeking to access the protected data . 		US5625690A
CLAIM 1 . A system for the validation and use of secured computer software , said secured computer software including encrypted computer program code and user validation program code , said system comprising : a software validation system ;
a software user system ;
a communications network connected to the software validation system and the software user system for the transmission of data between the systems ;
said software validation system comprising : means for storing at least one decryption key , means for receiving from said software user system over said communications network an identification of secured software , means for recording the receipt of said identification of secured software , and means for transmitting to said software user system over said communications network a decryption key chosen from said at least one stored decryption key ;
said software user system further comprising : means for transmitting said secured software identification to the software validation system over said communications network , means for receiving said decryption key from said software validation system over said communications network , means for decrypting said encrypted computer program code using said chosen decryption key ;
processor means (processor means) for executing said decrypted computer program code ;
and means for preventing the decryption of said encrypted computer program code and execution of said decrypted computer program code unless said secured software identification is transmitted to the validation system over the communications network prior to each and every execution of said decrypted computer program code .

US5625690A
CLAIM 7 . The end user computer system of claim 3 further comprising : a memory unit connected to said processor means , said memory unit comprising a plurality of memory location (executable instructions, executable instruction, decryption instructions, memory location) s , wherein said enforcement means further comprises : means for storing a first portion of said decryption key in a first memory location ;
and means for storing a second portion of said decryption key in a second memory location .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction (memory location) which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5625690A
CLAIM 7 . The end user computer system of claim 3 further comprising : a memory unit connected to said processor means , said memory unit comprising a plurality of memory location (executable instructions, executable instruction, decryption instructions, memory location) s , wherein said enforcement means further comprises : means for storing a first portion of said decryption key in a first memory location ;
and means for storing a second portion of said decryption key in a second memory location .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code is executable to create the steps on each occasion that the executable instruction (memory location) is to be executed . 		US5625690A
CLAIM 7 . The end user computer system of claim 3 further comprising : a memory unit connected to said processor means , said memory unit comprising a plurality of memory location (executable instructions, executable instruction, decryption instructions, memory location) s , wherein said enforcement means further comprises : means for storing a first portion of said decryption key in a first memory location ;
and means for storing a second portion of said decryption key in a second memory location .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5625690A
CLAIM 7 . The end user computer system of claim 3 further comprising : a memory unit connected to said processor means , said memory (relocation code) unit comprising a plurality of memory locations , wherein said enforcement means further comprises : means for storing a first portion of said decryption key in a first memory location ;
and means for storing a second portion of said decryption key in a second memory location .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions (phone number) to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5625690A
CLAIM 2 . The system of claim 1 wherein the communication over said communications network is initiated by a telephone call to a per call service fee telephone number (respective call, call instructions) .

US5625690A
CLAIM 7 . The end user computer system of claim 3 further comprising : a memory unit connected to said processor means , said memory (relocation code) unit comprising a plurality of memory locations , wherein said enforcement means further comprises : means for storing a first portion of said decryption key in a first memory location ;
and means for storing a second portion of said decryption key in a second memory location .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5473690A

Filed: 1993-10-25     Issued: 1995-12-05

Secured method for loading a plurality of applications into a microprocessor memory card

(Original Assignee) Gemplus Card International SA     (Current Assignee) Gemplus SA

Georges Grimonprez, Pierre Paradinas
US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		US5473690A
CLAIM 6 . The method according to claim 1 , wherein said chart of data tables includes , as a description for each of a plurality of data tables , at least one element selected from the group consisting of : a name for that data table , a name for an application that is associated with that data table , a number of columns for that data table , a type of that data table , an addresses , in said memory (relocation code) of said chip card , of data elements pertaining to that data table , an address of a start of a description of a following table , and for each column of that data table , a type of that column , a length of that column and a name for that column .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US5473690A
CLAIM 6 . The method according to claim 1 , wherein said chart of data tables includes , as a description for each of a plurality of data tables , at least one element selected from the group consisting of : a name for that data table , a name for an application that is associated with that data table , a number of columns for that data table , a type of that data table , an addresses , in said memory (relocation code) of said chip card , of data elements pertaining to that data table , an address of a start of a description of a following table , and for each column of that data table , a type of that column , a length of that column and a name for that column .

US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (memory allocation) for decryption . 		US5473690A
CLAIM 2 . The method according to claim 1 , further comprising : recording a data table name in said chart of data tables if I) there is a successful presenting of a secret code associated with an application name and II) a memory allocation (executable instructions) for this application permits the recording of the data table name ;
recording rights for said data table name in said chart of rights if there is a successful presenting of said secrete code associated with said application name for which this table name has been recorded ;
and managing data elements contained in a table of data corresponding to said data table name as a function of i) an application in progress and ii) rights granted to said application in progress pertaining to said table of data .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5473690A
CLAIM 6 . The method according to claim 1 , wherein said chart of data tables includes , as a description for each of a plurality of data tables , at least one element selected from the group consisting of : a name for that data table , a name for an application that is associated with that data table , a number of columns for that data table , a type of that data table , an addresses , in said memory (relocation code) of said chip card , of data elements pertaining to that data table , an address of a start of a description of a following table , and for each column of that data table , a type of that column , a length of that column and a name for that column .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5473690A
CLAIM 6 . The method according to claim 1 , wherein said chart of data tables includes , as a description for each of a plurality of data tables , at least one element selected from the group consisting of : a name for that data table , a name for an application that is associated with that data table , a number of columns for that data table , a type of that data table , an addresses , in said memory (relocation code) of said chip card , of data elements pertaining to that data table , an address of a start of a description of a following table , and for each column of that data table , a type of that column , a length of that column and a name for that column .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		WO9407204A1

Filed: 1993-09-20     Issued: 1994-03-31

System for software registration

(Original Assignee) Uniloc (Singapore) Private Limited; Uniloc Corporation Pty Limited     

Ric Bailier Richardson
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means (security means) operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		WO9407204A1
CLAIM 16 . The registration means of claim 13 wherein said registration means is replicated at a registration authority and used for the purposes of checking by the registration authority that the information unique to the user is correctly entered at the time that the registratio key is generated by the security means (security means) .

US7162735B2
CLAIM 13 . The arrangement of claim 12 , wherein at least one embedding location is identified when the protected code is executed , the security means (security means) is written to the embedding location . 		WO9407204A1
CLAIM 16 . The registration means of claim 13 wherein said registration means is replicated at a registration authority and used for the purposes of checking by the registration authority that the information unique to the user is correctly entered at the time that the registratio key is generated by the security means (security means) .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (Digital data) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		WO9407204A1
CLAIM 22 . Digital data (decryption instructions) incorporating registration code , said digital data executable on a platform ;
said registration code comprising a portion of said digital data executable on said platform so as to switch said digital data between a demonstration mode and a use mode .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (Digital data) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		WO9407204A1
CLAIM 22 . Digital data (decryption instructions) incorporating registration code , said digital data executable on a platform ;
said registration code comprising a portion of said digital data executable on said platform so as to switch said digital data between a demonstration mode and a use mode .

US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form for subsequent execution (computer operating system, subsequent execution) . 		WO9407204A1
CLAIM 3 . The system of claim 2 wherein said mode switching means permits operation of said digital data in said use mode in subsequent execution (subsequent execution) of said digital data only if said licensee unique ID generated by said local licensee unique ID generating means has not changed .

WO9407204A1
CLAIM 11 . The system of claim 1 wherein said platform comprise a computer operating system (subsequent execution) environment .

US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form for subsequent execution (computer operating system, subsequent execution) . 		WO9407204A1
CLAIM 3 . The system of claim 2 wherein said mode switching means permits operation of said digital data in said use mode in subsequent execution (subsequent execution) of said digital data only if said licensee unique ID generated by said local licensee unique ID generating means has not changed .

WO9407204A1
CLAIM 11 . The system of claim 1 wherein said platform comprise a computer operating system (subsequent execution) environment .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (Digital data) . 		WO9407204A1
CLAIM 22 . Digital data (decryption instructions) incorporating registration code , said digital data executable on a platform ;
said registration code comprising a portion of said digital data executable on said platform so as to switch said digital data between a demonstration mode and a use mode .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions (Digital data) and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		WO9407204A1
CLAIM 22 . Digital data (decryption instructions) incorporating registration code , said digital data executable on a platform ;
said registration code comprising a portion of said digital data executable on said platform so as to switch said digital data between a demonstration mode and a use mode .

US7162735B2
CLAIM 32 . The arrangement of claim 29 , wherein the steps include at least one step which initiates operation of security means (security means) operable to detect corruption of the protected data . 		WO9407204A1
CLAIM 16 . The registration means of claim 13 wherein said registration means is replicated at a registration authority and used for the purposes of checking by the registration authority that the information unique to the user is correctly entered at the time that the registratio key is generated by the security means (security means) .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5544246A

Filed: 1993-09-17     Issued: 1996-08-06

Smartcard adapted for a plurality of service providers and for remote installation of same

(Original Assignee) AT&T Corp     (Current Assignee) AT&T Corp ; Nokia of America Corp

Richard Mandelbaum, Stephen A. Sherman, Diane R. Wetherington
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key (encryption keys, random sequence) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5544246A
CLAIM 8 . The method of claim 7 where the first and the second data strings comprise random sequence (conversion key, respective conversion key) s .

US5544246A
CLAIM 9 . The method of claim 7 where the first and the second encryption keys (conversion key, respective conversion key) are the same .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		US5544246A
CLAIM 1 . A multiple-application smartcard in connection with which there is a party that is an issuer/owner of the smartcard , a party that is a holder of the smartcard , and a service provider that accesses the smartcard , the smartcard comprising : a microprocessor , a memory coupled to the microprocessor , a plurality of files in said memory (relocation code) which combine to form an operating system for the microprocessor , which operating system includes a tree-like file structure ;
a plurality of executable files executed in said microprocessor , forming part of the tree-like structure and each having file characteristics that are controlled solely by said issuer/owner , which files are executable in the sense that , when referenced , they access at least one other file in said memory ;
a first password file in said memory that is accessible only to said issuer/owner , which contains data and which is accessed by said issuer/owner prior to said issuer/owner gaining access to said plurality of executable files ;
a second password file that is accessible only to said holder , which contains data and which is accessed by said holder prior to said holder gaining access to files in said plurality of executable files ;
and a third password file that is accessible only to said service provider , which contains data and which is accessed by said service provider prior to said service provider gaining access to files in said plurality of executable files .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US5544246A
CLAIM 1 . A multiple-application smartcard in connection with which there is a party that is an issuer/owner of the smartcard , a party that is a holder of the smartcard , and a service provider that accesses the smartcard , the smartcard comprising : a microprocessor , a memory coupled to the microprocessor , a plurality of files in said memory (relocation code) which combine to form an operating system for the microprocessor , which operating system includes a tree-like file structure ;
a plurality of executable files executed in said microprocessor , forming part of the tree-like structure and each having file characteristics that are controlled solely by said issuer/owner , which files are executable in the sense that , when referenced , they access at least one other file in said memory ;
a first password file in said memory that is accessible only to said issuer/owner , which contains data and which is accessed by said issuer/owner prior to said issuer/owner gaining access to said plurality of executable files ;
a second password file that is accessible only to said holder , which contains data and which is accessed by said holder prior to said holder gaining access to files in said plurality of executable files ;
and a third password file that is accessible only to said service provider , which contains data and which is accessed by said service provider prior to said service provider gaining access to files in said plurality of executable files .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key (encryption keys, random sequence) from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5544246A
CLAIM 8 . The method of claim 7 where the first and the second data strings comprise random sequence (conversion key, respective conversion key) s .

US5544246A
CLAIM 9 . The method of claim 7 where the first and the second encryption keys (conversion key, respective conversion key) are the same .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (encryption keys, random sequence) derived from a respective target block . 		US5544246A
CLAIM 8 . The method of claim 7 where the first and the second data strings comprise random sequence (conversion key, respective conversion key) s .

US5544246A
CLAIM 9 . The method of claim 7 where the first and the second encryption keys (conversion key, respective conversion key) are the same .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (said second part) operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US5544246A
CLAIM 2 . In connection with a smartcard issued by a first party , where the smartcard includes an operating system having a tree-like file structure that begins with a directory-file with attributes that are controlled solely by said party , a plurality of files , forming part of the tree-like structure and each having file attributes that are controlled solely by said first party , which files are executable files in the sense that , when referenced , they access , or access and alter , data in a file in said memory , and a password file that is accessible only to said first party and is used to confirm identity of said first party before granting access by said first party to said executable files , a method for installing in said smartcard a second party interaction means to allow a second party access to at least some of said files , the method comprising the steps of : establishing communication between the smartcard and said first party ;
executing a log-in protocol between the smartcard and said first party , employing the data contained in said password file ;
communicating to said first party a request for installation of a said second part (processing means, one order) y interaction means on said smartcard ;
said first party establishing a user password file in said smartcard , with said user password file arranged to form part of said tree-like structure ;
said first party inserting data into said user password file ;
and said first party changing file attributes of said user password file to make it accessible to said second party .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order (said second part) to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5544246A
CLAIM 2 . In connection with a smartcard issued by a first party , where the smartcard includes an operating system having a tree-like file structure that begins with a directory-file with attributes that are controlled solely by said party , a plurality of files , forming part of the tree-like structure and each having file attributes that are controlled solely by said first party , which files are executable files in the sense that , when referenced , they access , or access and alter , data in a file in said memory , and a password file that is accessible only to said first party and is used to confirm identity of said first party before granting access by said first party to said executable files , a method for installing in said smartcard a second party interaction means to allow a second party access to at least some of said files , the method comprising the steps of : establishing communication between the smartcard and said first party ;
executing a log-in protocol between the smartcard and said first party , employing the data contained in said password file ;
communicating to said first party a request for installation of a said second part (processing means, one order) y interaction means on said smartcard ;
said first party establishing a user password file in said smartcard , with said user password file arranged to form part of said tree-like structure ;
said first party inserting data into said user password file ;
and said first party changing file attributes of said user password file to make it accessible to said second party .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5544246A
CLAIM 1 . A multiple-application smartcard in connection with which there is a party that is an issuer/owner of the smartcard , a party that is a holder of the smartcard , and a service provider that accesses the smartcard , the smartcard comprising : a microprocessor , a memory coupled to the microprocessor , a plurality of files in said memory (relocation code) which combine to form an operating system for the microprocessor , which operating system includes a tree-like file structure ;
a plurality of executable files executed in said microprocessor , forming part of the tree-like structure and each having file characteristics that are controlled solely by said issuer/owner , which files are executable in the sense that , when referenced , they access at least one other file in said memory ;
a first password file in said memory that is accessible only to said issuer/owner , which contains data and which is accessed by said issuer/owner prior to said issuer/owner gaining access to said plurality of executable files ;
a second password file that is accessible only to said holder , which contains data and which is accessed by said holder prior to said holder gaining access to files in said plurality of executable files ;
and a third password file that is accessible only to said service provider , which contains data and which is accessed by said service provider prior to said service provider gaining access to files in said plurality of executable files .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5544246A
CLAIM 1 . A multiple-application smartcard in connection with which there is a party that is an issuer/owner of the smartcard , a party that is a holder of the smartcard , and a service provider that accesses the smartcard , the smartcard comprising : a microprocessor , a memory coupled to the microprocessor , a plurality of files in said memory (relocation code) which combine to form an operating system for the microprocessor , which operating system includes a tree-like file structure ;
a plurality of executable files executed in said microprocessor , forming part of the tree-like structure and each having file characteristics that are controlled solely by said issuer/owner , which files are executable in the sense that , when referenced , they access at least one other file in said memory ;
a first password file in said memory that is accessible only to said issuer/owner , which contains data and which is accessed by said issuer/owner prior to said issuer/owner gaining access to said plurality of executable files ;
a second password file that is accessible only to said holder , which contains data and which is accessed by said holder prior to said holder gaining access to files in said plurality of executable files ;
and a third password file that is accessible only to said service provider , which contains data and which is accessed by said service provider prior to said service provider gaining access to files in said plurality of executable files .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		EP0583140A1

Filed: 1993-08-05     Issued: 1994-02-16

System for seamless processing of encrypted and non-encrypted data and instructions

(Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp

Robert Charles Hartman, Jr.
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key (encrypting data) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		EP0583140A1
CLAIM 11 The data processing system as claimed in any preceding 1 wherein said segment register means stores a plurality of de-encrypted media master keys for de-encrypting data (conversion key) and instructions contained in media encrypted through the use of said media master keys , said de-encrypted data and instructions employed by said central processor .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (public key) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		EP0583140A1
CLAIM 6 The data processing system as claimed in any preceding claim further comprising :    read only memories within said secure physical region for storing both a public key (security code) and a private key .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (public key) , when executed , is operable to detect corruption of the protected code . 		EP0583140A1
CLAIM 6 The data processing system as claimed in any preceding claim further comprising :    read only memories within said secure physical region for storing both a public key (security code) and a private key .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (public key) is operable to delete the protected code in the event that any corruption is detected . 		EP0583140A1
CLAIM 6 The data processing system as claimed in any preceding claim further comprising :    read only memories within said secure physical region for storing both a public key (security code) and a private key .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (public key) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		EP0583140A1
CLAIM 6 The data processing system as claimed in any preceding claim further comprising :    read only memories within said secure physical region for storing both a public key (security code) and a private key .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (public key) is embedded within the protected code . 		EP0583140A1
CLAIM 6 The data processing system as claimed in any preceding claim further comprising :    read only memories within said secure physical region for storing both a public key (security code) and a private key .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (public key) is embedded at locations which are unused by the protected code . 		EP0583140A1
CLAIM 6 The data processing system as claimed in any preceding claim further comprising :    read only memories within said secure physical region for storing both a public key (security code) and a private key .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (public key) and to modify the call instruction to refer to the new location . 		EP0583140A1
CLAIM 6 The data processing system as claimed in any preceding claim further comprising :    read only memories within said secure physical region for storing both a public key (security code) and a private key .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key (encrypting data) from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		EP0583140A1
CLAIM 11 The data processing system as claimed in any preceding 1 wherein said segment register means stores a plurality of de-encrypted media master keys for de-encrypting data (conversion key) and instructions contained in media encrypted through the use of said media master keys , said de-encrypted data and instructions employed by said central processor .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (encrypting data) derived from a respective target block . 		EP0583140A1
CLAIM 11 The data processing system as claimed in any preceding 1 wherein said segment register means stores a plurality of de-encrypted media master keys for de-encrypting data (conversion key) and instructions contained in media encrypted through the use of said media master keys , said de-encrypted data and instructions employed by said central processor .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (public key) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		EP0583140A1
CLAIM 6 The data processing system as claimed in any preceding claim further comprising :    read only memories within said secure physical region for storing both a public key (security code) and a private key .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (public key) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		EP0583140A1
CLAIM 6 The data processing system as claimed in any preceding claim further comprising :    read only memories within said secure physical region for storing both a public key (security code) and a private key .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5416840A

Filed: 1993-07-06     Issued: 1995-05-16

Software catalog encoding method and system

(Original Assignee) Phoenix Technologies Ltd     (Current Assignee) Kinglite Holdings Inc

David A. Cane, David S. Hirschman
US7162735B2
CLAIM 1 . Computer software (computer program) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key (decryption device) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5416840A
CLAIM 1 . A method for protecting computer program (Computer software) distribution within a broadcast medium that is operable on a computer using a decryption device (conversion key) having a unique hardware identifier j , comprising the steps of : A . encrypting at least a portion of the computer program S i , the program having an associated computer program identifier i , in accordance with the formula : S . sub . i . sup . E =E(S . sub . i , SK . sub . i) wherein E is an encryption algorithm and Sk i is a software encryption key ;
B . securing the software encryption key SK i against unauthorized access ;
C . generating a first table representative of correspondences between the software encryption key SK i and the computer program identifier i ;
D . generating a second table representative of correspondences between the hardware identifier j and a password key PK j ;
E . selecting from the first and second tables the password key PK j and software encryption key SK i responsive to receipt of the hardware identifier j and computer program identifier i ;
F . generating a password P ij in accordance with the formula : P . sub . ij =F(SK . sub . i , PK . sub . j) wherein F is a reversible function ;
and G . issuing the password P ij to enable operation of the encrypted portion of the computer program .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (unauthorized access) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5416840A
CLAIM 1 . A method for protecting computer program distribution within a broadcast medium that is operable on a computer using a decryption device having a unique hardware identifier j , comprising the steps of : A . encrypting at least a portion of the computer program S i , the program having an associated computer program identifier i , in accordance with the formula : S . sub . i . sup . E =E(S . sub . i , SK . sub . i) wherein E is an encryption algorithm and Sk i is a software encryption key ;
B . securing the software encryption key SK i against unauthorized access (security code) ;
C . generating a first table representative of correspondences between the software encryption key SK i and the computer program identifier i ;
D . generating a second table representative of correspondences between the hardware identifier j and a password key PK j ;
E . selecting from the first and second tables the password key PK j and software encryption key SK i responsive to receipt of the hardware identifier j and computer program identifier i ;
F . generating a password P ij in accordance with the formula : P . sub . ij =F(SK . sub . i , PK . sub . j) wherein F is a reversible function ;
and G . issuing the password P ij to enable operation of the encrypted portion of the computer program .

US7162735B2
CLAIM 7 . Computer software (computer program) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5416840A
CLAIM 1 . A method for protecting computer program (Computer software) distribution within a broadcast medium that is operable on a computer using a decryption device having a unique hardware identifier j , comprising the steps of : A . encrypting at least a portion of the computer program S i , the program having an associated computer program identifier i , in accordance with the formula : S . sub . i . sup . E =E(S . sub . i , SK . sub . i) wherein E is an encryption algorithm and Sk i is a software encryption key ;
B . securing the software encryption key SK i against unauthorized access ;
C . generating a first table representative of correspondences between the software encryption key SK i and the computer program identifier i ;
D . generating a second table representative of correspondences between the hardware identifier j and a password key PK j ;
E . selecting from the first and second tables the password key PK j and software encryption key SK i responsive to receipt of the hardware identifier j and computer program identifier i ;
F . generating a password P ij in accordance with the formula : P . sub . ij =F(SK . sub . i , PK . sub . j) wherein F is a reversible function ;
and G . issuing the password P ij to enable operation of the encrypted portion of the computer program .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (unauthorized access) , when executed , is operable to detect corruption of the protected code . 		US5416840A
CLAIM 1 . A method for protecting computer program distribution within a broadcast medium that is operable on a computer using a decryption device having a unique hardware identifier j , comprising the steps of : A . encrypting at least a portion of the computer program S i , the program having an associated computer program identifier i , in accordance with the formula : S . sub . i . sup . E =E(S . sub . i , SK . sub . i) wherein E is an encryption algorithm and Sk i is a software encryption key ;
B . securing the software encryption key SK i against unauthorized access (security code) ;
C . generating a first table representative of correspondences between the software encryption key SK i and the computer program identifier i ;
D . generating a second table representative of correspondences between the hardware identifier j and a password key PK j ;
E . selecting from the first and second tables the password key PK j and software encryption key SK i responsive to receipt of the hardware identifier j and computer program identifier i ;
F . generating a password P ij in accordance with the formula : P . sub . ij =F(SK . sub . i , PK . sub . j) wherein F is a reversible function ;
and G . issuing the password P ij to enable operation of the encrypted portion of the computer program .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (unauthorized access) is operable to delete the protected code in the event that any corruption is detected . 		US5416840A
CLAIM 1 . A method for protecting computer program distribution within a broadcast medium that is operable on a computer using a decryption device having a unique hardware identifier j , comprising the steps of : A . encrypting at least a portion of the computer program S i , the program having an associated computer program identifier i , in accordance with the formula : S . sub . i . sup . E =E(S . sub . i , SK . sub . i) wherein E is an encryption algorithm and Sk i is a software encryption key ;
B . securing the software encryption key SK i against unauthorized access (security code) ;
C . generating a first table representative of correspondences between the software encryption key SK i and the computer program identifier i ;
D . generating a second table representative of correspondences between the hardware identifier j and a password key PK j ;
E . selecting from the first and second tables the password key PK j and software encryption key SK i responsive to receipt of the hardware identifier j and computer program identifier i ;
F . generating a password P ij in accordance with the formula : P . sub . ij =F(SK . sub . i , PK . sub . j) wherein F is a reversible function ;
and G . issuing the password P ij to enable operation of the encrypted portion of the computer program .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (unauthorized access) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US5416840A
CLAIM 1 . A method for protecting computer program distribution within a broadcast medium that is operable on a computer using a decryption device having a unique hardware identifier j , comprising the steps of : A . encrypting at least a portion of the computer program S i , the program having an associated computer program identifier i , in accordance with the formula : S . sub . i . sup . E =E(S . sub . i , SK . sub . i) wherein E is an encryption algorithm and Sk i is a software encryption key ;
B . securing the software encryption key SK i against unauthorized access (security code) ;
C . generating a first table representative of correspondences between the software encryption key SK i and the computer program identifier i ;
D . generating a second table representative of correspondences between the hardware identifier j and a password key PK j ;
E . selecting from the first and second tables the password key PK j and software encryption key SK i responsive to receipt of the hardware identifier j and computer program identifier i ;
F . generating a password P ij in accordance with the formula : P . sub . ij =F(SK . sub . i , PK . sub . j) wherein F is a reversible function ;
and G . issuing the password P ij to enable operation of the encrypted portion of the computer program .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (unauthorized access) is embedded within the protected code . 		US5416840A
CLAIM 1 . A method for protecting computer program distribution within a broadcast medium that is operable on a computer using a decryption device having a unique hardware identifier j , comprising the steps of : A . encrypting at least a portion of the computer program S i , the program having an associated computer program identifier i , in accordance with the formula : S . sub . i . sup . E =E(S . sub . i , SK . sub . i) wherein E is an encryption algorithm and Sk i is a software encryption key ;
B . securing the software encryption key SK i against unauthorized access (security code) ;
C . generating a first table representative of correspondences between the software encryption key SK i and the computer program identifier i ;
D . generating a second table representative of correspondences between the hardware identifier j and a password key PK j ;
E . selecting from the first and second tables the password key PK j and software encryption key SK i responsive to receipt of the hardware identifier j and computer program identifier i ;
F . generating a password P ij in accordance with the formula : P . sub . ij =F(SK . sub . i , PK . sub . j) wherein F is a reversible function ;
and G . issuing the password P ij to enable operation of the encrypted portion of the computer program .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (unauthorized access) is embedded at locations which are unused by the protected code . 		US5416840A
CLAIM 1 . A method for protecting computer program distribution within a broadcast medium that is operable on a computer using a decryption device having a unique hardware identifier j , comprising the steps of : A . encrypting at least a portion of the computer program S i , the program having an associated computer program identifier i , in accordance with the formula : S . sub . i . sup . E =E(S . sub . i , SK . sub . i) wherein E is an encryption algorithm and Sk i is a software encryption key ;
B . securing the software encryption key SK i against unauthorized access (security code) ;
C . generating a first table representative of correspondences between the software encryption key SK i and the computer program identifier i ;
D . generating a second table representative of correspondences between the hardware identifier j and a password key PK j ;
E . selecting from the first and second tables the password key PK j and software encryption key SK i responsive to receipt of the hardware identifier j and computer program identifier i ;
F . generating a password P ij in accordance with the formula : P . sub . ij =F(SK . sub . i , PK . sub . j) wherein F is a reversible function ;
and G . issuing the password P ij to enable operation of the encrypted portion of the computer program .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (unauthorized access) and to modify the call instruction to refer to the new location . 		US5416840A
CLAIM 1 . A method for protecting computer program distribution within a broadcast medium that is operable on a computer using a decryption device having a unique hardware identifier j , comprising the steps of : A . encrypting at least a portion of the computer program S i , the program having an associated computer program identifier i , in accordance with the formula : S . sub . i . sup . E =E(S . sub . i , SK . sub . i) wherein E is an encryption algorithm and Sk i is a software encryption key ;
B . securing the software encryption key SK i against unauthorized access (security code) ;
C . generating a first table representative of correspondences between the software encryption key SK i and the computer program identifier i ;
D . generating a second table representative of correspondences between the hardware identifier j and a password key PK j ;
E . selecting from the first and second tables the password key PK j and software encryption key SK i responsive to receipt of the hardware identifier j and computer program identifier i ;
F . generating a password P ij in accordance with the formula : P . sub . ij =F(SK . sub . i , PK . sub . j) wherein F is a reversible function ;
and G . issuing the password P ij to enable operation of the encrypted portion of the computer program .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key (decryption device) from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5416840A
CLAIM 1 . A method for protecting computer program distribution within a broadcast medium that is operable on a computer using a decryption device (conversion key) having a unique hardware identifier j , comprising the steps of : A . encrypting at least a portion of the computer program S i , the program having an associated computer program identifier i , in accordance with the formula : S . sub . i . sup . E =E(S . sub . i , SK . sub . i) wherein E is an encryption algorithm and Sk i is a software encryption key ;
B . securing the software encryption key SK i against unauthorized access ;
C . generating a first table representative of correspondences between the software encryption key SK i and the computer program identifier i ;
D . generating a second table representative of correspondences between the hardware identifier j and a password key PK j ;
E . selecting from the first and second tables the password key PK j and software encryption key SK i responsive to receipt of the hardware identifier j and computer program identifier i ;
F . generating a password P ij in accordance with the formula : P . sub . ij =F(SK . sub . i , PK . sub . j) wherein F is a reversible function ;
and G . issuing the password P ij to enable operation of the encrypted portion of the computer program .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (decryption device) derived from a respective target block . 		US5416840A
CLAIM 1 . A method for protecting computer program distribution within a broadcast medium that is operable on a computer using a decryption device (conversion key) having a unique hardware identifier j , comprising the steps of : A . encrypting at least a portion of the computer program S i , the program having an associated computer program identifier i , in accordance with the formula : S . sub . i . sup . E =E(S . sub . i , SK . sub . i) wherein E is an encryption algorithm and Sk i is a software encryption key ;
B . securing the software encryption key SK i against unauthorized access ;
C . generating a first table representative of correspondences between the software encryption key SK i and the computer program identifier i ;
D . generating a second table representative of correspondences between the hardware identifier j and a password key PK j ;
E . selecting from the first and second tables the password key PK j and software encryption key SK i responsive to receipt of the hardware identifier j and computer program identifier i ;
F . generating a password P ij in accordance with the formula : P . sub . ij =F(SK . sub . i , PK . sub . j) wherein F is a reversible function ;
and G . issuing the password P ij to enable operation of the encrypted portion of the computer program .

US7162735B2
CLAIM 25 . The arrangement of claim 18 , wherein the or each algorithm for converting code (third storage) is a CRC algorithm . 		US5416840A
CLAIM 12 . A system for controllably authorizing access to distributed software , including : a decryption device having an associated unique hardware identifier j , the system comprising : A . first storage means for storing an encrypted authorization code A i E encrypted using an encryption algorithm related to the hardware identifier j ;
B . a number generator , in communication with the software , for generating a unique identifier RN associated with the software ;
C . second storage means in communication with the software , for storing an authorization code A i ' ;
;
D . third storage (converting code) means for storing a password key PK j ;
E . a first decryption block for decrypting the authorization code A i E using the password key PK j retrieved from the third storage means ;
F . a challenge block for generating a first message digest MD using the unique identifier RN retrieved from the number generator and the decrypted authorization code retrieved from the first decryption block ;
G . means for generating a second message digest MD' ;
using the unique identifier RN retrieved from the number generator and the authorization code A i ' ;
retrieved from the first storage means ;
and H . means for authorizing access to the software based on a positive correlation between the first message digest MD and the second message digest MD' ;
.

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (unauthorized access) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5416840A
CLAIM 1 . A method for protecting computer program distribution within a broadcast medium that is operable on a computer using a decryption device having a unique hardware identifier j , comprising the steps of : A . encrypting at least a portion of the computer program S i , the program having an associated computer program identifier i , in accordance with the formula : S . sub . i . sup . E =E(S . sub . i , SK . sub . i) wherein E is an encryption algorithm and Sk i is a software encryption key ;
B . securing the software encryption key SK i against unauthorized access (security code) ;
C . generating a first table representative of correspondences between the software encryption key SK i and the computer program identifier i ;
D . generating a second table representative of correspondences between the hardware identifier j and a password key PK j ;
E . selecting from the first and second tables the password key PK j and software encryption key SK i responsive to receipt of the hardware identifier j and computer program identifier i ;
F . generating a password P ij in accordance with the formula : P . sub . ij =F(SK . sub . i , PK . sub . j) wherein F is a reversible function ;
and G . issuing the password P ij to enable operation of the encrypted portion of the computer program .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (unauthorized access) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5416840A
CLAIM 1 . A method for protecting computer program distribution within a broadcast medium that is operable on a computer using a decryption device having a unique hardware identifier j , comprising the steps of : A . encrypting at least a portion of the computer program S i , the program having an associated computer program identifier i , in accordance with the formula : S . sub . i . sup . E =E(S . sub . i , SK . sub . i) wherein E is an encryption algorithm and Sk i is a software encryption key ;
B . securing the software encryption key SK i against unauthorized access (security code) ;
C . generating a first table representative of correspondences between the software encryption key SK i and the computer program identifier i ;
D . generating a second table representative of correspondences between the hardware identifier j and a password key PK j ;
E . selecting from the first and second tables the password key PK j and software encryption key SK i responsive to receipt of the hardware identifier j and computer program identifier i ;
F . generating a password P ij in accordance with the formula : P . sub . ij =F(SK . sub . i , PK . sub . j) wherein F is a reversible function ;
and G . issuing the password P ij to enable operation of the encrypted portion of the computer program .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		JPH06112937A

Filed: 1993-06-24     Issued: 1994-04-22

データ処理システム及び方法

(Original Assignee) Internatl Business Mach Corp <Ibm>; インターナショナル・ビジネス・マシーンズ・コーポレイション     

Jr Robert C Hartman, チャールズ ハートマン、ジュニア ロバート
US7162735B2
CLAIM 2 . A computer memory device (プロセッサ, の命令) containing computer software in accordance with claim 1 . 		JPH06112937A
CLAIM 1 【請求項1】 暗号化及び非暗号化データ及び命令の両 方を処理するためのデータ処理システムであって、前記 システムのユーザへアクセス不能な安全物理領域を含 み、 暗号解読されたディジタル情報及び非暗号化ディジタル 情報を記憶するための、前記安全物理領域内の内部メモ リ手段と、 暗号化マスタキーを解読する際に使用するため前記安全 物理領域内の専用キーをアクセスするとの命令 (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) を記憶す るための、前記安全物理領域外側の外部メモリ手段と、 アクセスされた専用キーの使用により前記暗号化マスタ キーを解読すると共に前記マスタキーで暗号化された情 報を解読するための、前記安全物理領域内のインタフェ ース手段と、 アクティブメモリセグメントの記録を保持すると共に、 解読されたマスタキーをそれと対応させるための、前記 安全物理領域内のセグメントレジスタ手段と、 前記外部メモリ手段のアドレスに記憶された非暗号化及 び暗号化情報の両方のセグメントをアクセスすると共 に、アクセスされたアドレスと前記セグメントレジスタ 手段内で対応される前記解読されたマスタキーを前記イ ンタフェース手段に使用させて、前記アドレスからの情 報を解読し、解読された情報を前記内部メモリ手段に記 憶し、前記外部メモリ手段からの情報が暗号化されてい ない場合には前記情報を前記内部メモリ手段に直接記憶 するための、前記安全物理領域内の中央プロセッサ (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) と、 を備えたデータ処理システム。
US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions (プロセッサ, の命令) to the security code , and the security code , when executed , replaces a respective call instruction (プロセッサ, の命令) with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		JPH06112937A
CLAIM 1 【請求項1】 暗号化及び非暗号化データ及び命令の両 方を処理するためのデータ処理システムであって、前記 システムのユーザへアクセス不能な安全物理領域を含 み、 暗号解読されたディジタル情報及び非暗号化ディジタル 情報を記憶するための、前記安全物理領域内の内部メモ リ手段と、 暗号化マスタキーを解読する際に使用するため前記安全 物理領域内の専用キーをアクセスするとの命令 (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) を記憶す るための、前記安全物理領域外側の外部メモリ手段と、 アクセスされた専用キーの使用により前記暗号化マスタ キーを解読すると共に前記マスタキーで暗号化された情 報を解読するための、前記安全物理領域内のインタフェ ース手段と、 アクティブメモリセグメントの記録を保持すると共に、 解読されたマスタキーをそれと対応させるための、前記 安全物理領域内のセグメントレジスタ手段と、 前記外部メモリ手段のアドレスに記憶された非暗号化及 び暗号化情報の両方のセグメントをアクセスすると共 に、アクセスされたアドレスと前記セグメントレジスタ 手段内で対応される前記解読されたマスタキーを前記イ ンタフェース手段に使用させて、前記アドレスからの情 報を解読し、解読された情報を前記内部メモリ手段に記 憶し、前記外部メモリ手段からの情報が暗号化されてい ない場合には前記情報を前記内部メモリ手段に直接記憶 するための、前記安全物理領域内の中央プロセッサ (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) と、 を備えたデータ処理システム。
US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction (プロセッサ, の命令) and the security code , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		JPH06112937A
CLAIM 1 【請求項1】 暗号化及び非暗号化データ及び命令の両 方を処理するためのデータ処理システムであって、前記 システムのユーザへアクセス不能な安全物理領域を含 み、 暗号解読されたディジタル情報及び非暗号化ディジタル 情報を記憶するための、前記安全物理領域内の内部メモ リ手段と、 暗号化マスタキーを解読する際に使用するため前記安全 物理領域内の専用キーをアクセスするとの命令 (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) を記憶す るための、前記安全物理領域外側の外部メモリ手段と、 アクセスされた専用キーの使用により前記暗号化マスタ キーを解読すると共に前記マスタキーで暗号化された情 報を解読するための、前記安全物理領域内のインタフェ ース手段と、 アクティブメモリセグメントの記録を保持すると共に、 解読されたマスタキーをそれと対応させるための、前記 安全物理領域内のセグメントレジスタ手段と、 前記外部メモリ手段のアドレスに記憶された非暗号化及 び暗号化情報の両方のセグメントをアクセスすると共 に、アクセスされたアドレスと前記セグメントレジスタ 手段内で対応される前記解読されたマスタキーを前記イ ンタフェース手段に使用させて、前記アドレスからの情 報を解読し、解読された情報を前記内部メモリ手段に記 憶し、前記外部メモリ手段からの情報が暗号化されてい ない場合には前記情報を前記内部メモリ手段に直接記憶 するための、前記安全物理領域内の中央プロセッサ (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) と、 を備えたデータ処理システム。
US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code and to modify the call instruction (プロセッサ, の命令) to refer to the new location . 		JPH06112937A
CLAIM 1 【請求項1】 暗号化及び非暗号化データ及び命令の両 方を処理するためのデータ処理システムであって、前記 システムのユーザへアクセス不能な安全物理領域を含 み、 暗号解読されたディジタル情報及び非暗号化ディジタル 情報を記憶するための、前記安全物理領域内の内部メモ リ手段と、 暗号化マスタキーを解読する際に使用するため前記安全 物理領域内の専用キーをアクセスするとの命令 (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) を記憶す るための、前記安全物理領域外側の外部メモリ手段と、 アクセスされた専用キーの使用により前記暗号化マスタ キーを解読すると共に前記マスタキーで暗号化された情 報を解読するための、前記安全物理領域内のインタフェ ース手段と、 アクティブメモリセグメントの記録を保持すると共に、 解読されたマスタキーをそれと対応させるための、前記 安全物理領域内のセグメントレジスタ手段と、 前記外部メモリ手段のアドレスに記憶された非暗号化及 び暗号化情報の両方のセグメントをアクセスすると共 に、アクセスされたアドレスと前記セグメントレジスタ 手段内で対応される前記解読されたマスタキーを前記イ ンタフェース手段に使用させて、前記アドレスからの情 報を解読し、解読された情報を前記内部メモリ手段に記 憶し、前記外部メモリ手段からの情報が暗号化されてい ない場合には前記情報を前記内部メモリ手段に直接記憶 するための、前記安全物理領域内の中央プロセッサ (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) と、 を備えたデータ処理システム。
US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (プロセッサ, の命令) for decryption . 		JPH06112937A
CLAIM 1 【請求項1】 暗号化及び非暗号化データ及び命令の両 方を処理するためのデータ処理システムであって、前記 システムのユーザへアクセス不能な安全物理領域を含 み、 暗号解読されたディジタル情報及び非暗号化ディジタル 情報を記憶するための、前記安全物理領域内の内部メモ リ手段と、 暗号化マスタキーを解読する際に使用するため前記安全 物理領域内の専用キーをアクセスするとの命令 (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) を記憶す るための、前記安全物理領域外側の外部メモリ手段と、 アクセスされた専用キーの使用により前記暗号化マスタ キーを解読すると共に前記マスタキーで暗号化された情 報を解読するための、前記安全物理領域内のインタフェ ース手段と、 アクティブメモリセグメントの記録を保持すると共に、 解読されたマスタキーをそれと対応させるための、前記 安全物理領域内のセグメントレジスタ手段と、 前記外部メモリ手段のアドレスに記憶された非暗号化及 び暗号化情報の両方のセグメントをアクセスすると共 に、アクセスされたアドレスと前記セグメントレジスタ 手段内で対応される前記解読されたマスタキーを前記イ ンタフェース手段に使用させて、前記アドレスからの情 報を解読し、解読された情報を前記内部メモリ手段に記 憶し、前記外部メモリ手段からの情報が暗号化されてい ない場合には前記情報を前記内部メモリ手段に直接記憶 するための、前記安全物理領域内の中央プロセッサ (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) と、 を備えたデータ処理システム。
US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (プロセッサ, の命令) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		JPH06112937A
CLAIM 1 【請求項1】 暗号化及び非暗号化データ及び命令の両 方を処理するためのデータ処理システムであって、前記 システムのユーザへアクセス不能な安全物理領域を含 み、 暗号解読されたディジタル情報及び非暗号化ディジタル 情報を記憶するための、前記安全物理領域内の内部メモ リ手段と、 暗号化マスタキーを解読する際に使用するため前記安全 物理領域内の専用キーをアクセスするとの命令 (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) を記憶す るための、前記安全物理領域外側の外部メモリ手段と、 アクセスされた専用キーの使用により前記暗号化マスタ キーを解読すると共に前記マスタキーで暗号化された情 報を解読するための、前記安全物理領域内のインタフェ ース手段と、 アクティブメモリセグメントの記録を保持すると共に、 解読されたマスタキーをそれと対応させるための、前記 安全物理領域内のセグメントレジスタ手段と、 前記外部メモリ手段のアドレスに記憶された非暗号化及 び暗号化情報の両方のセグメントをアクセスすると共 に、アクセスされたアドレスと前記セグメントレジスタ 手段内で対応される前記解読されたマスタキーを前記イ ンタフェース手段に使用させて、前記アドレスからの情 報を解読し、解読された情報を前記内部メモリ手段に記 憶し、前記外部メモリ手段からの情報が暗号化されてい ない場合には前記情報を前記内部メモリ手段に直接記憶 するための、前記安全物理領域内の中央プロセッサ (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) と、 を備えたデータ処理システム。
US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (プロセッサ, の命令) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		JPH06112937A
CLAIM 1 【請求項1】 暗号化及び非暗号化データ及び命令の両 方を処理するためのデータ処理システムであって、前記 システムのユーザへアクセス不能な安全物理領域を含 み、 暗号解読されたディジタル情報及び非暗号化ディジタル 情報を記憶するための、前記安全物理領域内の内部メモ リ手段と、 暗号化マスタキーを解読する際に使用するため前記安全 物理領域内の専用キーをアクセスするとの命令 (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) を記憶す るための、前記安全物理領域外側の外部メモリ手段と、 アクセスされた専用キーの使用により前記暗号化マスタ キーを解読すると共に前記マスタキーで暗号化された情 報を解読するための、前記安全物理領域内のインタフェ ース手段と、 アクティブメモリセグメントの記録を保持すると共に、 解読されたマスタキーをそれと対応させるための、前記 安全物理領域内のセグメントレジスタ手段と、 前記外部メモリ手段のアドレスに記憶された非暗号化及 び暗号化情報の両方のセグメントをアクセスすると共 に、アクセスされたアドレスと前記セグメントレジスタ 手段内で対応される前記解読されたマスタキーを前記イ ンタフェース手段に使用させて、前記アドレスからの情 報を解読し、解読された情報を前記内部メモリ手段に記 憶し、前記外部メモリ手段からの情報が暗号化されてい ない場合には前記情報を前記内部メモリ手段に直接記憶 するための、前記安全物理領域内の中央プロセッサ (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) と、 を備えたデータ処理システム。
US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key derived from a respective target (の処理) block . 		JPH06112937A
CLAIM 7 【請求項7】 前記セグメントレジスタ手段は、前記デ ータセグメント内の情報が暗号化されているか否かを示 すフラッグを含み、前記インタフェース手段は、前記外 部手段からの情報の処理 (respective target) において前記フラッグに応答す る請求項6記載のデータ処理方法。
US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (プロセッサ, の命令) . 		JPH06112937A
CLAIM 1 【請求項1】 暗号化及び非暗号化データ及び命令の両 方を処理するためのデータ処理システムであって、前記 システムのユーザへアクセス不能な安全物理領域を含 み、 暗号解読されたディジタル情報及び非暗号化ディジタル 情報を記憶するための、前記安全物理領域内の内部メモ リ手段と、 暗号化マスタキーを解読する際に使用するため前記安全 物理領域内の専用キーをアクセスするとの命令 (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) を記憶す るための、前記安全物理領域外側の外部メモリ手段と、 アクセスされた専用キーの使用により前記暗号化マスタ キーを解読すると共に前記マスタキーで暗号化された情 報を解読するための、前記安全物理領域内のインタフェ ース手段と、 アクティブメモリセグメントの記録を保持すると共に、 解読されたマスタキーをそれと対応させるための、前記 安全物理領域内のセグメントレジスタ手段と、 前記外部メモリ手段のアドレスに記憶された非暗号化及 び暗号化情報の両方のセグメントをアクセスすると共 に、アクセスされたアドレスと前記セグメントレジスタ 手段内で対応される前記解読されたマスタキーを前記イ ンタフェース手段に使用させて、前記アドレスからの情 報を解読し、解読された情報を前記内部メモリ手段に記 憶し、前記外部メモリ手段からの情報が暗号化されてい ない場合には前記情報を前記内部メモリ手段に直接記憶 するための、前記安全物理領域内の中央プロセッサ (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) と、 を備えたデータ処理システム。
US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions (プロセッサ, の命令) and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		JPH06112937A
CLAIM 1 【請求項1】 暗号化及び非暗号化データ及び命令の両 方を処理するためのデータ処理システムであって、前記 システムのユーザへアクセス不能な安全物理領域を含 み、 暗号解読されたディジタル情報及び非暗号化ディジタル 情報を記憶するための、前記安全物理領域内の内部メモ リ手段と、 暗号化マスタキーを解読する際に使用するため前記安全 物理領域内の専用キーをアクセスするとの命令 (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) を記憶す るための、前記安全物理領域外側の外部メモリ手段と、 アクセスされた専用キーの使用により前記暗号化マスタ キーを解読すると共に前記マスタキーで暗号化された情 報を解読するための、前記安全物理領域内のインタフェ ース手段と、 アクティブメモリセグメントの記録を保持すると共に、 解読されたマスタキーをそれと対応させるための、前記 安全物理領域内のセグメントレジスタ手段と、 前記外部メモリ手段のアドレスに記憶された非暗号化及 び暗号化情報の両方のセグメントをアクセスすると共 に、アクセスされたアドレスと前記セグメントレジスタ 手段内で対応される前記解読されたマスタキーを前記イ ンタフェース手段に使用させて、前記アドレスからの情 報を解読し、解読された情報を前記内部メモリ手段に記 憶し、前記外部メモリ手段からの情報が暗号化されてい ない場合には前記情報を前記内部メモリ手段に直接記憶 するための、前記安全物理領域内の中央プロセッサ (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) と、 を備えたデータ処理システム。
US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order (システム) to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		JPH06112937A
CLAIM 1 【請求項1】 暗号化及び非暗号化データ及び命令の両 方を処理するためのデータ処理システム (one order) であって、前記 システムのユーザへアクセス不能な安全物理領域を含 み、 暗号解読されたディジタル情報及び非暗号化ディジタル 情報を記憶するための、前記安全物理領域内の内部メモ リ手段と、 暗号化マスタキーを解読する際に使用するため前記安全 物理領域内の専用キーをアクセスするとの命令を記憶す るための、前記安全物理領域外側の外部メモリ手段と、 アクセスされた専用キーの使用により前記暗号化マスタ キーを解読すると共に前記マスタキーで暗号化された情 報を解読するための、前記安全物理領域内のインタフェ ース手段と、 アクティブメモリセグメントの記録を保持すると共に、 解読されたマスタキーをそれと対応させるための、前記 安全物理領域内のセグメントレジスタ手段と、 前記外部メモリ手段のアドレスに記憶された非暗号化及 び暗号化情報の両方のセグメントをアクセスすると共 に、アクセスされたアドレスと前記セグメントレジスタ 手段内で対応される前記解読されたマスタキーを前記イ ンタフェース手段に使用させて、前記アドレスからの情 報を解読し、解読された情報を前記内部メモリ手段に記 憶し、前記外部メモリ手段からの情報が暗号化されてい ない場合には前記情報を前記内部メモリ手段に直接記憶 するための、前記安全物理領域内の中央プロセッサと、 を備えたデータ処理システム
US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code , wherein : the protected code comprises at least one call instruction (プロセッサ, の命令) to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		JPH06112937A
CLAIM 1 【請求項1】 暗号化及び非暗号化データ及び命令の両 方を処理するためのデータ処理システムであって、前記 システムのユーザへアクセス不能な安全物理領域を含 み、 暗号解読されたディジタル情報及び非暗号化ディジタル 情報を記憶するための、前記安全物理領域内の内部メモ リ手段と、 暗号化マスタキーを解読する際に使用するため前記安全 物理領域内の専用キーをアクセスするとの命令 (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) を記憶す るための、前記安全物理領域外側の外部メモリ手段と、 アクセスされた専用キーの使用により前記暗号化マスタ キーを解読すると共に前記マスタキーで暗号化された情 報を解読するための、前記安全物理領域内のインタフェ ース手段と、 アクティブメモリセグメントの記録を保持すると共に、 解読されたマスタキーをそれと対応させるための、前記 安全物理領域内のセグメントレジスタ手段と、 前記外部メモリ手段のアドレスに記憶された非暗号化及 び暗号化情報の両方のセグメントをアクセスすると共 に、アクセスされたアドレスと前記セグメントレジスタ 手段内で対応される前記解読されたマスタキーを前記イ ンタフェース手段に使用させて、前記アドレスからの情 報を解読し、解読された情報を前記内部メモリ手段に記 憶し、前記外部メモリ手段からの情報が暗号化されてい ない場合には前記情報を前記内部メモリ手段に直接記憶 するための、前記安全物理領域内の中央プロセッサ (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) と、 を備えたデータ処理システム。
US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions (プロセッサ, の命令) to the security code ;

the security code , when called by a call instruction (プロセッサ, の命令) , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		JPH06112937A
CLAIM 1 【請求項1】 暗号化及び非暗号化データ及び命令の両 方を処理するためのデータ処理システムであって、前記 システムのユーザへアクセス不能な安全物理領域を含 み、 暗号解読されたディジタル情報及び非暗号化ディジタル 情報を記憶するための、前記安全物理領域内の内部メモ リ手段と、 暗号化マスタキーを解読する際に使用するため前記安全 物理領域内の専用キーをアクセスするとの命令 (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) を記憶す るための、前記安全物理領域外側の外部メモリ手段と、 アクセスされた専用キーの使用により前記暗号化マスタ キーを解読すると共に前記マスタキーで暗号化された情 報を解読するための、前記安全物理領域内のインタフェ ース手段と、 アクティブメモリセグメントの記録を保持すると共に、 解読されたマスタキーをそれと対応させるための、前記 安全物理領域内のセグメントレジスタ手段と、 前記外部メモリ手段のアドレスに記憶された非暗号化及 び暗号化情報の両方のセグメントをアクセスすると共 に、アクセスされたアドレスと前記セグメントレジスタ 手段内で対応される前記解読されたマスタキーを前記イ ンタフェース手段に使用させて、前記アドレスからの情 報を解読し、解読された情報を前記内部メモリ手段に記 憶し、前記外部メモリ手段からの情報が暗号化されてい ない場合には前記情報を前記内部メモリ手段に直接記憶 するための、前記安全物理領域内の中央プロセッサ (executable instructions, computer memory device, call instructions, decryption instructions, computer memory device containing computer software, call instruction) と、 を備えたデータ処理システム。



US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5325433A

Filed: 1993-04-02     Issued: 1994-06-28

Encryption communication system

(Original Assignee) Fujitsu Ltd     (Current Assignee) Fujitsu Ltd

Naoya Torii, Takayuki Hasebe, Ryota Akiyama
US7162735B2
CLAIM 1 . Computer software (second computer) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5325433A
CLAIM 1 . An encryption communication system comprising : a communication center having at least a key information generating means for generating key generating information used for encryption communication , and a plurality of computers 1 to N including first , second and third computers , each interconnected by a plurality of paths through the communication center , and each having at least an encryption key generating means and an encryption processing means , wherein the first computer sends a password PW to the communication center and the communication center generates key generating information based on the following modulo arithmetic formula , Z=M ** (1/PW * (product of prime numbers)) mod n the first computer receives the key generating information from the communication center , and generates an encryption key used between the first computer and the second computer (Computer software) based on the following modulo arithmetic formula , ##EQU22## and wherein , the communication center provides in a public file a plurality of modulus numbers to utilize prime numbers assigned to at least two paths between the first computer and the third computer , and between the first computer and the second computer , so that it is possible to reduce the number of prime numbers , where M is center identifying information for the communication center , PW is a password generated by the first computer , * is multiplication , ** is exponential calculation , and mod n is modulo n arithmetic .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (key information) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5325433A
CLAIM 1 . An encryption communication system comprising : a communication center having at least a key information (security code) generating means for generating key generating information used for encryption communication , and a plurality of computers 1 to N including first , second and third computers , each interconnected by a plurality of paths through the communication center , and each having at least an encryption key generating means and an encryption processing means , wherein the first computer sends a password PW to the communication center and the communication center generates key generating information based on the following modulo arithmetic formula , Z=M ** (1/PW * (product of prime numbers)) mod n the first computer receives the key generating information from the communication center , and generates an encryption key used between the first computer and the second computer based on the following modulo arithmetic formula , ##EQU22## and wherein , the communication center provides in a public file a plurality of modulus numbers to utilize prime numbers assigned to at least two paths between the first computer and the third computer , and between the first computer and the second computer , so that it is possible to reduce the number of prime numbers , where M is center identifying information for the communication center , PW is a password generated by the first computer , * is multiplication , ** is exponential calculation , and mod n is modulo n arithmetic .

US7162735B2
CLAIM 7 . Computer software (second computer) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5325433A
CLAIM 1 . An encryption communication system comprising : a communication center having at least a key information generating means for generating key generating information used for encryption communication , and a plurality of computers 1 to N including first , second and third computers , each interconnected by a plurality of paths through the communication center , and each having at least an encryption key generating means and an encryption processing means , wherein the first computer sends a password PW to the communication center and the communication center generates key generating information based on the following modulo arithmetic formula , Z=M ** (1/PW * (product of prime numbers)) mod n the first computer receives the key generating information from the communication center , and generates an encryption key used between the first computer and the second computer (Computer software) based on the following modulo arithmetic formula , ##EQU22## and wherein , the communication center provides in a public file a plurality of modulus numbers to utilize prime numbers assigned to at least two paths between the first computer and the third computer , and between the first computer and the second computer , so that it is possible to reduce the number of prime numbers , where M is center identifying information for the communication center , PW is a password generated by the first computer , * is multiplication , ** is exponential calculation , and mod n is modulo n arithmetic .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (key information) , when executed , is operable to detect corruption of the protected code . 		US5325433A
CLAIM 1 . An encryption communication system comprising : a communication center having at least a key information (security code) generating means for generating key generating information used for encryption communication , and a plurality of computers 1 to N including first , second and third computers , each interconnected by a plurality of paths through the communication center , and each having at least an encryption key generating means and an encryption processing means , wherein the first computer sends a password PW to the communication center and the communication center generates key generating information based on the following modulo arithmetic formula , Z=M ** (1/PW * (product of prime numbers)) mod n the first computer receives the key generating information from the communication center , and generates an encryption key used between the first computer and the second computer based on the following modulo arithmetic formula , ##EQU22## and wherein , the communication center provides in a public file a plurality of modulus numbers to utilize prime numbers assigned to at least two paths between the first computer and the third computer , and between the first computer and the second computer , so that it is possible to reduce the number of prime numbers , where M is center identifying information for the communication center , PW is a password generated by the first computer , * is multiplication , ** is exponential calculation , and mod n is modulo n arithmetic .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (key information) is operable to delete the protected code in the event that any corruption is detected . 		US5325433A
CLAIM 1 . An encryption communication system comprising : a communication center having at least a key information (security code) generating means for generating key generating information used for encryption communication , and a plurality of computers 1 to N including first , second and third computers , each interconnected by a plurality of paths through the communication center , and each having at least an encryption key generating means and an encryption processing means , wherein the first computer sends a password PW to the communication center and the communication center generates key generating information based on the following modulo arithmetic formula , Z=M ** (1/PW * (product of prime numbers)) mod n the first computer receives the key generating information from the communication center , and generates an encryption key used between the first computer and the second computer based on the following modulo arithmetic formula , ##EQU22## and wherein , the communication center provides in a public file a plurality of modulus numbers to utilize prime numbers assigned to at least two paths between the first computer and the third computer , and between the first computer and the second computer , so that it is possible to reduce the number of prime numbers , where M is center identifying information for the communication center , PW is a password generated by the first computer , * is multiplication , ** is exponential calculation , and mod n is modulo n arithmetic .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (key information) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US5325433A
CLAIM 1 . An encryption communication system comprising : a communication center having at least a key information (security code) generating means for generating key generating information used for encryption communication , and a plurality of computers 1 to N including first , second and third computers , each interconnected by a plurality of paths through the communication center , and each having at least an encryption key generating means and an encryption processing means , wherein the first computer sends a password PW to the communication center and the communication center generates key generating information based on the following modulo arithmetic formula , Z=M ** (1/PW * (product of prime numbers)) mod n the first computer receives the key generating information from the communication center , and generates an encryption key used between the first computer and the second computer based on the following modulo arithmetic formula , ##EQU22## and wherein , the communication center provides in a public file a plurality of modulus numbers to utilize prime numbers assigned to at least two paths between the first computer and the third computer , and between the first computer and the second computer , so that it is possible to reduce the number of prime numbers , where M is center identifying information for the communication center , PW is a password generated by the first computer , * is multiplication , ** is exponential calculation , and mod n is modulo n arithmetic .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (key information) is embedded within the protected code . 		US5325433A
CLAIM 1 . An encryption communication system comprising : a communication center having at least a key information (security code) generating means for generating key generating information used for encryption communication , and a plurality of computers 1 to N including first , second and third computers , each interconnected by a plurality of paths through the communication center , and each having at least an encryption key generating means and an encryption processing means , wherein the first computer sends a password PW to the communication center and the communication center generates key generating information based on the following modulo arithmetic formula , Z=M ** (1/PW * (product of prime numbers)) mod n the first computer receives the key generating information from the communication center , and generates an encryption key used between the first computer and the second computer based on the following modulo arithmetic formula , ##EQU22## and wherein , the communication center provides in a public file a plurality of modulus numbers to utilize prime numbers assigned to at least two paths between the first computer and the third computer , and between the first computer and the second computer , so that it is possible to reduce the number of prime numbers , where M is center identifying information for the communication center , PW is a password generated by the first computer , * is multiplication , ** is exponential calculation , and mod n is modulo n arithmetic .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (key information) is embedded at locations which are unused by the protected code . 		US5325433A
CLAIM 1 . An encryption communication system comprising : a communication center having at least a key information (security code) generating means for generating key generating information used for encryption communication , and a plurality of computers 1 to N including first , second and third computers , each interconnected by a plurality of paths through the communication center , and each having at least an encryption key generating means and an encryption processing means , wherein the first computer sends a password PW to the communication center and the communication center generates key generating information based on the following modulo arithmetic formula , Z=M ** (1/PW * (product of prime numbers)) mod n the first computer receives the key generating information from the communication center , and generates an encryption key used between the first computer and the second computer based on the following modulo arithmetic formula , ##EQU22## and wherein , the communication center provides in a public file a plurality of modulus numbers to utilize prime numbers assigned to at least two paths between the first computer and the third computer , and between the first computer and the second computer , so that it is possible to reduce the number of prime numbers , where M is center identifying information for the communication center , PW is a password generated by the first computer , * is multiplication , ** is exponential calculation , and mod n is modulo n arithmetic .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (key information) and to modify the call instruction to refer to the new location . 		US5325433A
CLAIM 1 . An encryption communication system comprising : a communication center having at least a key information (security code) generating means for generating key generating information used for encryption communication , and a plurality of computers 1 to N including first , second and third computers , each interconnected by a plurality of paths through the communication center , and each having at least an encryption key generating means and an encryption processing means , wherein the first computer sends a password PW to the communication center and the communication center generates key generating information based on the following modulo arithmetic formula , Z=M ** (1/PW * (product of prime numbers)) mod n the first computer receives the key generating information from the communication center , and generates an encryption key used between the first computer and the second computer based on the following modulo arithmetic formula , ##EQU22## and wherein , the communication center provides in a public file a plurality of modulus numbers to utilize prime numbers assigned to at least two paths between the first computer and the third computer , and between the first computer and the second computer , so that it is possible to reduce the number of prime numbers , where M is center identifying information for the communication center , PW is a password generated by the first computer , * is multiplication , ** is exponential calculation , and mod n is modulo n arithmetic .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (encryption processing) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5325433A
CLAIM 1 . An encryption communication system comprising : a communication center having at least a key information generating means for generating key generating information used for encryption communication , and a plurality of computers 1 to N including first , second and third computers , each interconnected by a plurality of paths through the communication center , and each having at least an encryption key generating means and an encryption processing (decryption instructions) means , wherein the first computer sends a password PW to the communication center and the communication center generates key generating information based on the following modulo arithmetic formula , Z=M ** (1/PW * (product of prime numbers)) mod n the first computer receives the key generating information from the communication center , and generates an encryption key used between the first computer and the second computer based on the following modulo arithmetic formula , ##EQU22## and wherein , the communication center provides in a public file a plurality of modulus numbers to utilize prime numbers assigned to at least two paths between the first computer and the third computer , and between the first computer and the second computer , so that it is possible to reduce the number of prime numbers , where M is center identifying information for the communication center , PW is a password generated by the first computer , * is multiplication , ** is exponential calculation , and mod n is modulo n arithmetic .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (encryption processing) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		US5325433A
CLAIM 1 . An encryption communication system comprising : a communication center having at least a key information generating means for generating key generating information used for encryption communication , and a plurality of computers 1 to N including first , second and third computers , each interconnected by a plurality of paths through the communication center , and each having at least an encryption key generating means and an encryption processing (decryption instructions) means , wherein the first computer sends a password PW to the communication center and the communication center generates key generating information based on the following modulo arithmetic formula , Z=M ** (1/PW * (product of prime numbers)) mod n the first computer receives the key generating information from the communication center , and generates an encryption key used between the first computer and the second computer based on the following modulo arithmetic formula , ##EQU22## and wherein , the communication center provides in a public file a plurality of modulus numbers to utilize prime numbers assigned to at least two paths between the first computer and the third computer , and between the first computer and the second computer , so that it is possible to reduce the number of prime numbers , where M is center identifying information for the communication center , PW is a password generated by the first computer , * is multiplication , ** is exponential calculation , and mod n is modulo n arithmetic .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (encryption processing) . 		US5325433A
CLAIM 1 . An encryption communication system comprising : a communication center having at least a key information generating means for generating key generating information used for encryption communication , and a plurality of computers 1 to N including first , second and third computers , each interconnected by a plurality of paths through the communication center , and each having at least an encryption key generating means and an encryption processing (decryption instructions) means , wherein the first computer sends a password PW to the communication center and the communication center generates key generating information based on the following modulo arithmetic formula , Z=M ** (1/PW * (product of prime numbers)) mod n the first computer receives the key generating information from the communication center , and generates an encryption key used between the first computer and the second computer based on the following modulo arithmetic formula , ##EQU22## and wherein , the communication center provides in a public file a plurality of modulus numbers to utilize prime numbers assigned to at least two paths between the first computer and the third computer , and between the first computer and the second computer , so that it is possible to reduce the number of prime numbers , where M is center identifying information for the communication center , PW is a password generated by the first computer , * is multiplication , ** is exponential calculation , and mod n is modulo n arithmetic .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (processing means) operable to execute code , and memory means storing the protected data , decryption instructions (encryption processing) and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (control unit) will cause the executable conversion code to be executed when seeking to access the protected data . 		US5325433A
CLAIM 1 . An encryption communication system comprising : a communication center having at least a key information generating means for generating key generating information used for encryption communication , and a plurality of computers 1 to N including first , second and third computers , each interconnected by a plurality of paths through the communication center , and each having at least an encryption key generating means and an encryption processing (decryption instructions) means , wherein the first computer sends a password PW to the communication center and the communication center generates key generating information based on the following modulo arithmetic formula , Z=M ** (1/PW * (product of prime numbers)) mod n the first computer receives the key generating information from the communication center , and generates an encryption key used between the first computer and the second computer based on the following modulo arithmetic formula , ##EQU22## and wherein , the communication center provides in a public file a plurality of modulus numbers to utilize prime numbers assigned to at least two paths between the first computer and the third computer , and between the first computer and the second computer , so that it is possible to reduce the number of prime numbers , where M is center identifying information for the communication center , PW is a password generated by the first computer , * is multiplication , ** is exponential calculation , and mod n is modulo n arithmetic .

US5325433A
CLAIM 14 . An encryption communication system as claimed in claim 1 , further comprising a public file for storing the modulus numbers and the prime numbers of the paths , and a control unit (processor means) for controlling transmission of the key generating information to the computer and reception of the password therefrom .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (key information) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5325433A
CLAIM 1 . An encryption communication system comprising : a communication center having at least a key information (security code) generating means for generating key generating information used for encryption communication , and a plurality of computers 1 to N including first , second and third computers , each interconnected by a plurality of paths through the communication center , and each having at least an encryption key generating means and an encryption processing means , wherein the first computer sends a password PW to the communication center and the communication center generates key generating information based on the following modulo arithmetic formula , Z=M ** (1/PW * (product of prime numbers)) mod n the first computer receives the key generating information from the communication center , and generates an encryption key used between the first computer and the second computer based on the following modulo arithmetic formula , ##EQU22## and wherein , the communication center provides in a public file a plurality of modulus numbers to utilize prime numbers assigned to at least two paths between the first computer and the third computer , and between the first computer and the second computer , so that it is possible to reduce the number of prime numbers , where M is center identifying information for the communication center , PW is a password generated by the first computer , * is multiplication , ** is exponential calculation , and mod n is modulo n arithmetic .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (key information) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5325433A
CLAIM 1 . An encryption communication system comprising : a communication center having at least a key information (security code) generating means for generating key generating information used for encryption communication , and a plurality of computers 1 to N including first , second and third computers , each interconnected by a plurality of paths through the communication center , and each having at least an encryption key generating means and an encryption processing means , wherein the first computer sends a password PW to the communication center and the communication center generates key generating information based on the following modulo arithmetic formula , Z=M ** (1/PW * (product of prime numbers)) mod n the first computer receives the key generating information from the communication center , and generates an encryption key used between the first computer and the second computer based on the following modulo arithmetic formula , ##EQU22## and wherein , the communication center provides in a public file a plurality of modulus numbers to utilize prime numbers assigned to at least two paths between the first computer and the third computer , and between the first computer and the second computer , so that it is possible to reduce the number of prime numbers , where M is center identifying information for the communication center , PW is a password generated by the first computer , * is multiplication , ** is exponential calculation , and mod n is modulo n arithmetic .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5933497A

Filed: 1993-01-29     Issued: 1999-08-03

Apparatus and method for controlling access to software

(Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp

Robert Carl Beetcher, Michael Joseph Corrigan, Francis Joseph Reardon, Jr., James William Moran
US7162735B2
CLAIM 1 . Computer software (program product) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form (program product) by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5933497A
CLAIM 16 . A program product (executable form, Computer software, Computer software operable to provide protection) apparatus for controlling entitlement , wherein said program product apparatus executes on a computer system having means for receiving entitlement to execute a software module , and having entitlement verification means responsive to triggering means in said software module for verifying that said computer system has entitlement to execute said software module , said program product apparatus comprising : at least one software module recorded on recording media , said software module being a program unit that is discrete and identifiable with respect to compiling , combining with other units , and loading ;
and a plurality of independent triggering means in said software module for triggering said entitlement verification means on said computer system .

US7162735B2
CLAIM 7 . Computer software (program product) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5933497A
CLAIM 16 . A program product (executable form, Computer software, Computer software operable to provide protection) apparatus for controlling entitlement , wherein said program product apparatus executes on a computer system having means for receiving entitlement to execute a software module , and having entitlement verification means responsive to triggering means in said software module for verifying that said computer system has entitlement to execute said software module , said program product apparatus comprising : at least one software module recorded on recording media , said software module being a program unit that is discrete and identifiable with respect to compiling , combining with other units , and loading ;
and a plurality of independent triggering means in said software module for triggering said entitlement verification means on said computer system .

US7162735B2
CLAIM 13 . The arrangement of claim 12 , wherein at least one embedding location (separate locations) is identified when the protected code is executed , the security means is written to the embedding location . 		US5933497A
CLAIM 10 . The method for controlling the use of a software module of claim 9 , wherein said step of placing in said software module a plurality of independent triggering means comprising placing , at each of a plurality of separate locations (embedding location) in said software module , a single object code instruction which triggers said entitlement verification .

US7162735B2
CLAIM 14 . The arrangement of claim 13 , wherein an embedding location (separate locations) is identified by decompiling the protected code , and analyzing the decompiled code . 		US5933497A
CLAIM 10 . The method for controlling the use of a software module of claim 9 , wherein said step of placing in said software module a plurality of independent triggering means comprising placing , at each of a plurality of separate locations (embedding location) in said software module , a single object code instruction which triggers said entitlement verification .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form (program product) by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5933497A
CLAIM 16 . A program product (executable form, Computer software, Computer software operable to provide protection) apparatus for controlling entitlement , wherein said program product apparatus executes on a computer system having means for receiving entitlement to execute a software module , and having entitlement verification means responsive to triggering means in said software module for verifying that said computer system has entitlement to execute said software module , said program product apparatus comprising : at least one software module recorded on recording media , said software module being a program unit that is discrete and identifiable with respect to compiling , combining with other units , and loading ;
and a plurality of independent triggering means in said software module for triggering said entitlement verification means on said computer system .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form (program product) . 		US5933497A
CLAIM 16 . A program product (executable form, Computer software, Computer software operable to provide protection) apparatus for controlling entitlement , wherein said program product apparatus executes on a computer system having means for receiving entitlement to execute a software module , and having entitlement verification means responsive to triggering means in said software module for verifying that said computer system has entitlement to execute said software module , said program product apparatus comprising : at least one software module recorded on recording media , said software module being a program unit that is discrete and identifiable with respect to compiling , combining with other units , and loading ;
and a plurality of independent triggering means in said software module for triggering said entitlement verification means on said computer system .

US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form (program product) for subsequent execution . 		US5933497A
CLAIM 16 . A program product (executable form, Computer software, Computer software operable to provide protection) apparatus for controlling entitlement , wherein said program product apparatus executes on a computer system having means for receiving entitlement to execute a software module , and having entitlement verification means responsive to triggering means in said software module for verifying that said computer system has entitlement to execute said software module , said program product apparatus comprising : at least one software module recorded on recording media , said software module being a program unit that is discrete and identifiable with respect to compiling , combining with other units , and loading ;
and a plurality of independent triggering means in said software module for triggering said entitlement verification means on said computer system .

US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form (program product) for subsequent execution . 		US5933497A
CLAIM 16 . A program product (executable form, Computer software, Computer software operable to provide protection) apparatus for controlling entitlement , wherein said program product apparatus executes on a computer system having means for receiving entitlement to execute a software module , and having entitlement verification means responsive to triggering means in said software module for verifying that said computer system has entitlement to execute said software module , said program product apparatus comprising : at least one software module recorded on recording media , said software module being a program unit that is discrete and identifiable with respect to compiling , combining with other units , and loading ;
and a plurality of independent triggering means in said software module for triggering said entitlement verification means on said computer system .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5509070A

Filed: 1992-12-15     Issued: 1996-04-16

Method for encouraging purchase of executable and non-executable software

(Original Assignee) SoftLock Services Inc     (Current Assignee) ST PATENT HOLDINGS LLC ; SL Patent Holdings LLC

Jonathan Schull
US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (hardware changes) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5509070A
CLAIM 6 . A method of generating , and encouraging the purchase of , passwords to protected software , said protected software containing advanced features which are desired by the programmer to be accessible only in the presence of a password which unlocks said advanced features only in the context of a specific id-target , said method comprising the steps of : executing a programmer' ;
s program which controls the user' ;
s processor in such a way as to : generate a target-id in response to reliably measurable characteristics of the id-target ;
generate a password-able id for each advanced feature , determine whether valid passwords are present for any advanced features , unlock advanced features whose passwords are present , enable a user to make an informed decision whether to unlock any locked advanced features , and enable said user to purchase a password to unlock advanced feature in transmitting the passwordable id and other information to a licensing processor , executing a licensing program on a licensing processor which : receives and stores said information transmitted from the user' ;
s system , provides the user or user' ;
s system with the password required for the passwordable ids just submitted , and arranges for transfer of funds from user to programmer or software vendor ;
and executing the programmer' ;
s program upon receipt of a password in such a way as to : install passwords in storage locations accessible upon future executions of the programmer' ;
s program , and unlock any advanced features whose passwords have just been obtained from the licensing system ;
the method further comprising evaluating users' ;
reports of hardware changes (decryption instructions) which may necessitate new passwords , said method further comprising the steps of : generating a list of the characteristics of the id-target which are responsible for the uniqueness of the target-id each time the programmer' ;
s program is executed ;
storing an encryption of said list in a non-volatile storage location accessible to the programmer' ;
s program each time a valid password is encountered ;
generating a difference-list when the absence of a valid password is confirmed ;
making an encryption of this difference-list available to the user for use in corroborating the user' ;
s report of a hardware changes , when the user contacts the managers of the licensing system to report said hardware change ;
and decryption of the difference-list by the managers of the licensing system in order to cross-check the users' ;
report .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (hardware changes) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		US5509070A
CLAIM 6 . A method of generating , and encouraging the purchase of , passwords to protected software , said protected software containing advanced features which are desired by the programmer to be accessible only in the presence of a password which unlocks said advanced features only in the context of a specific id-target , said method comprising the steps of : executing a programmer' ;
s program which controls the user' ;
s processor in such a way as to : generate a target-id in response to reliably measurable characteristics of the id-target ;
generate a password-able id for each advanced feature , determine whether valid passwords are present for any advanced features , unlock advanced features whose passwords are present , enable a user to make an informed decision whether to unlock any locked advanced features , and enable said user to purchase a password to unlock advanced feature in transmitting the passwordable id and other information to a licensing processor , executing a licensing program on a licensing processor which : receives and stores said information transmitted from the user' ;
s system , provides the user or user' ;
s system with the password required for the passwordable ids just submitted , and arranges for transfer of funds from user to programmer or software vendor ;
and executing the programmer' ;
s program upon receipt of a password in such a way as to : install passwords in storage locations accessible upon future executions of the programmer' ;
s program , and unlock any advanced features whose passwords have just been obtained from the licensing system ;
the method further comprising evaluating users' ;
reports of hardware changes (decryption instructions) which may necessitate new passwords , said method further comprising the steps of : generating a list of the characteristics of the id-target which are responsible for the uniqueness of the target-id each time the programmer' ;
s program is executed ;
storing an encryption of said list in a non-volatile storage location accessible to the programmer' ;
s program each time a valid password is encountered ;
generating a difference-list when the absence of a valid password is confirmed ;
making an encryption of this difference-list available to the user for use in corroborating the user' ;
s report of a hardware changes , when the user contacts the managers of the licensing system to report said hardware change ;
and decryption of the difference-list by the managers of the licensing system in order to cross-check the users' ;
report .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (hardware changes) . 		US5509070A
CLAIM 6 . A method of generating , and encouraging the purchase of , passwords to protected software , said protected software containing advanced features which are desired by the programmer to be accessible only in the presence of a password which unlocks said advanced features only in the context of a specific id-target , said method comprising the steps of : executing a programmer' ;
s program which controls the user' ;
s processor in such a way as to : generate a target-id in response to reliably measurable characteristics of the id-target ;
generate a password-able id for each advanced feature , determine whether valid passwords are present for any advanced features , unlock advanced features whose passwords are present , enable a user to make an informed decision whether to unlock any locked advanced features , and enable said user to purchase a password to unlock advanced feature in transmitting the passwordable id and other information to a licensing processor , executing a licensing program on a licensing processor which : receives and stores said information transmitted from the user' ;
s system , provides the user or user' ;
s system with the password required for the passwordable ids just submitted , and arranges for transfer of funds from user to programmer or software vendor ;
and executing the programmer' ;
s program upon receipt of a password in such a way as to : install passwords in storage locations accessible upon future executions of the programmer' ;
s program , and unlock any advanced features whose passwords have just been obtained from the licensing system ;
the method further comprising evaluating users' ;
reports of hardware changes (decryption instructions) which may necessitate new passwords , said method further comprising the steps of : generating a list of the characteristics of the id-target which are responsible for the uniqueness of the target-id each time the programmer' ;
s program is executed ;
storing an encryption of said list in a non-volatile storage location accessible to the programmer' ;
s program each time a valid password is encountered ;
generating a difference-list when the absence of a valid password is confirmed ;
making an encryption of this difference-list available to the user for use in corroborating the user' ;
s report of a hardware changes , when the user contacts the managers of the licensing system to report said hardware change ;
and decryption of the difference-list by the managers of the licensing system in order to cross-check the users' ;
report .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions (hardware changes) and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US5509070A
CLAIM 6 . A method of generating , and encouraging the purchase of , passwords to protected software , said protected software containing advanced features which are desired by the programmer to be accessible only in the presence of a password which unlocks said advanced features only in the context of a specific id-target , said method comprising the steps of : executing a programmer' ;
s program which controls the user' ;
s processor in such a way as to : generate a target-id in response to reliably measurable characteristics of the id-target ;
generate a password-able id for each advanced feature , determine whether valid passwords are present for any advanced features , unlock advanced features whose passwords are present , enable a user to make an informed decision whether to unlock any locked advanced features , and enable said user to purchase a password to unlock advanced feature in transmitting the passwordable id and other information to a licensing processor , executing a licensing program on a licensing processor which : receives and stores said information transmitted from the user' ;
s system , provides the user or user' ;
s system with the password required for the passwordable ids just submitted , and arranges for transfer of funds from user to programmer or software vendor ;
and executing the programmer' ;
s program upon receipt of a password in such a way as to : install passwords in storage locations accessible upon future executions of the programmer' ;
s program , and unlock any advanced features whose passwords have just been obtained from the licensing system ;
the method further comprising evaluating users' ;
reports of hardware changes (decryption instructions) which may necessitate new passwords , said method further comprising the steps of : generating a list of the characteristics of the id-target which are responsible for the uniqueness of the target-id each time the programmer' ;
s program is executed ;
storing an encryption of said list in a non-volatile storage location accessible to the programmer' ;
s program each time a valid password is encountered ;
generating a difference-list when the absence of a valid password is confirmed ;
making an encryption of this difference-list available to the user for use in corroborating the user' ;
s report of a hardware changes , when the user contacts the managers of the licensing system to report said hardware change ;
and decryption of the difference-list by the managers of the licensing system in order to cross-check the users' ;
report .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part (said three) of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5509070A
CLAIM 2 . The method according to claim 1 wherein said synthesis is achieved by using a uniqueness-preserving combination of the said three (first part) component ids , using said combination as the seed for a pseudo-random character generation algorithm , and using the first n characters so-generated as the n-digit passwordable id .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5579222A

Filed: 1992-12-14     Issued: 1996-11-26

Distributed license administration system using a local policy server to communicate with a license server and control execution of computer programs

(Original Assignee) Intergraph Corp     (Current Assignee) Uniloc Luxembourg SA

Jeffrey E. Bains, Willard W. Case
US7162735B2
CLAIM 5 . A computer system comprising memory means (when load) containing a digital protection arrangement according to claim 4 . 		US5579222A
CLAIM 18 . A digital storage medium encoded with instructions for a given computer on a computer network , the instructions causing administration of license terms for use on the network of a software product , the network of a type having : (i) a plurality of digital computers , each computer at a node , in communication with each other over a data path , wherein with respect to the running of the software product on nodes of the network a number of licenses have been made available and each of a set of nodes may be caused to seek a license to run the software product ;
(ii) usage tracking means , associated with one of the computers acting as a license server , for (i) causing storage of the number of licenses available for running the software product on nodes of the network , (ii) identifying the current set of nodes with respect to which a license has been granted to run the software product at a given time , and (iii) determining whether at any given time any licenses remain to be granted for permitting an additional node to run the software product , the instructions when load (memory means) ed into the given computer establishing : (a) data structure for a policy server database , maintained locally on the given computer , containing data specifying conditions under which usage of the software product is permitted on the given computer ;
and (b) policy server means , maintained and operating totally , as an independent process , separate from the software product on the given computer , and in association with the policy server database , for (i) communicating with the license server , (ii) interfacing with both (aa) the software product and (bb) the policy server database , and (iii) making a permission-to-run availability determination , with respect to local usage of the software product , on the basis of applicable data from the license server and the policy server database , so that enforcement of license terms applicable to the software product at the given computer is achieved on the basis of license policy maintained at the given computer as well as applicable data from the license server .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (when load) storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US5579222A
CLAIM 18 . A digital storage medium encoded with instructions for a given computer on a computer network , the instructions causing administration of license terms for use on the network of a software product , the network of a type having : (i) a plurality of digital computers , each computer at a node , in communication with each other over a data path , wherein with respect to the running of the software product on nodes of the network a number of licenses have been made available and each of a set of nodes may be caused to seek a license to run the software product ;
(ii) usage tracking means , associated with one of the computers acting as a license server , for (i) causing storage of the number of licenses available for running the software product on nodes of the network , (ii) identifying the current set of nodes with respect to which a license has been granted to run the software product at a given time , and (iii) determining whether at any given time any licenses remain to be granted for permitting an additional node to run the software product , the instructions when load (memory means) ed into the given computer establishing : (a) data structure for a policy server database , maintained locally on the given computer , containing data specifying conditions under which usage of the software product is permitted on the given computer ;
and (b) policy server means , maintained and operating totally , as an independent process , separate from the software product on the given computer , and in association with the policy server database , for (i) communicating with the license server , (ii) interfacing with both (aa) the software product and (bb) the policy server database , and (iii) making a permission-to-run availability determination , with respect to local usage of the software product , on the basis of applicable data from the license server and the policy server database , so that enforcement of license terms applicable to the software product at the given computer is achieved on the basis of license policy maintained at the given computer as well as applicable data from the license server .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction (include instructions) which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5579222A
CLAIM 1 . An improved system , operative on a computer having a plurality of digital computers , each computer at a node , in communication with each other over a data path , for administration of license terms for use on the network of a software product with respect to the running of which on nodes of the network a number of licenses have been made available and each of a set of nodes may be caused to seek a license to run the software product , the system being of a type having usage tracking means , associated with one of the computers acting as a license server , for (i) causing storage of the number of licenses available for running the software product on nodes of the network , (ii) identifying the current set of nodes with respect to which a license has been granted to run the software product at a given time , and (iii) determining whether at any given time any licenses remain to be granted for permitting an additional node to run the software product , so that the software product may include instructions (executable instruction) to cause enforcement of the license terms ;
wherein the improvement comprises : (a) a policy server database containing data specifying conditions under which usage of the software product is permitted on any given node ;
and (b) policy server means , maintained and operating locally as an independent process ;
from the software product , on each computer , with respect to which the license terms are to be enforced , in association with the policy server database , for (i) communicating with the license server , (ii) interfacing with both the software product and the policy server database , and (iii) making a permission-to-run availability determination , with respect to local usage of the software product , on the basis of applicable data from the license server and the policy server database , so that enforcement of license terms applicable to the software product at a given local node is achieved on the basis of both license policy maintained in the policy server database as well as applicable data from the license server .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code is executable to create the steps on each occasion that the executable instruction (include instructions) is to be executed . 		US5579222A
CLAIM 1 . An improved system , operative on a computer having a plurality of digital computers , each computer at a node , in communication with each other over a data path , for administration of license terms for use on the network of a software product with respect to the running of which on nodes of the network a number of licenses have been made available and each of a set of nodes may be caused to seek a license to run the software product , the system being of a type having usage tracking means , associated with one of the computers acting as a license server , for (i) causing storage of the number of licenses available for running the software product on nodes of the network , (ii) identifying the current set of nodes with respect to which a license has been granted to run the software product at a given time , and (iii) determining whether at any given time any licenses remain to be granted for permitting an additional node to run the software product , so that the software product may include instructions (executable instruction) to cause enforcement of the license terms ;
wherein the improvement comprises : (a) a policy server database containing data specifying conditions under which usage of the software product is permitted on any given node ;
and (b) policy server means , maintained and operating locally as an independent process ;
from the software product , on each computer , with respect to which the license terms are to be enforced , in association with the policy server database , for (i) communicating with the license server , (ii) interfacing with both the software product and the policy server database , and (iii) making a permission-to-run availability determination , with respect to local usage of the software product , on the basis of applicable data from the license server and the policy server database , so that enforcement of license terms applicable to the software product at a given local node is achieved on the basis of both license policy maintained in the policy server database as well as applicable data from the license server .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		WO9311480A1

Filed: 1992-11-24     Issued: 1993-06-10

System and method for network license administration

(Original Assignee) Intergraph Corporation     

Jeffrey E. Bains, Willard W. Case
US7162735B2
CLAIM 5 . A computer system comprising memory means (when load) containing a digital protection arrangement according to claim 4 . 		WO9311480A1
CLAIM 18 . A digital storage medium encoded with instructions for a given computer in a computer network of the type having : (i) a plurality of digital computers , each computer at a node , in communication with each other over a data path ;
(ii) usage tracking means , associated with one of the computers acting as a license server , for (i) causing the storage of the number of licenses available for running the software product on nodes of the network , (ii) identifying the current set of nodes with respect to which a license has been granted to run the software product at a given time , and (iii) determining whether at any given time any licenses remain to be granted for permitting an additional node to run the software product , the instructions when load (memory means) ed into the given computer establishing : (a) data structure for a policy server database , maintained locally on the given computer , containing data specifying conditions under which usage of any given one of the software products is permitted on the given computer ;
and (b) policy server means , maintained and operating locally , on the given computer , and in association with the policy server database , for (i) communicating with the license server , (ii) interfacing with both (aa) each of the software products and (bb) the policy server database , and (iii) making a permission-to-run availability determination , with respect to local usage of any given software product , on the basis of applicable data from the license server and the policy server database , so that enforcement of license terms applicable to the given software product at the given computer is achieved on the basis of the license policy maintained at the given computer as well as applicable data from the license server .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (when load) storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		WO9311480A1
CLAIM 18 . A digital storage medium encoded with instructions for a given computer in a computer network of the type having : (i) a plurality of digital computers , each computer at a node , in communication with each other over a data path ;
(ii) usage tracking means , associated with one of the computers acting as a license server , for (i) causing the storage of the number of licenses available for running the software product on nodes of the network , (ii) identifying the current set of nodes with respect to which a license has been granted to run the software product at a given time , and (iii) determining whether at any given time any licenses remain to be granted for permitting an additional node to run the software product , the instructions when load (memory means) ed into the given computer establishing : (a) data structure for a policy server database , maintained locally on the given computer , containing data specifying conditions under which usage of any given one of the software products is permitted on the given computer ;
and (b) policy server means , maintained and operating locally , on the given computer , and in association with the policy server database , for (i) communicating with the license server , (ii) interfacing with both (aa) each of the software products and (bb) the policy server database , and (iii) making a permission-to-run availability determination , with respect to local usage of any given software product , on the basis of applicable data from the license server and the policy server database , so that enforcement of license terms applicable to the given software product at the given computer is achieved on the basis of the license policy maintained at the given computer as well as applicable data from the license server .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction (include instructions) which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		WO9311480A1
CLAIM 1 What is claimed is : 1 . An improved system for administration , on a computer network , of license terms for use of a software product on the network , the system being of the type wherein the network has a plurality of digital computers , each computer at a node , in communication with each other over a data path , and the system has usage tracking means , associated with one of the computers acting as a license server , for (i) causing the storage of the number of licenses available for running the software product on nodes of the network , (ii) identifying the current set of nodes with respect to which a license has been granted to run the software product at a given time , and (iii) determining whether at any given time any licenses remain to be granted for permitting an additional node to run the software product , so that the software product may include instructions (executable instruction) to cause enforcement of the license terms ;
wherein the improvement comprises : (a) a policy server database containing data specifying conditions under which usage of the software product is permitted on any given node ;
and (b) policy server means , maintained and operating locally as an independent process , on each computer , with respect to which the license terms are to be enforced , in association with the policy server database , for (i) communicating with the license server , (ii) interfacing with both the software product and the policy server database , and (iii) making a permission-to-run availability determination , with respect to local usage of the software product , on the basis of applicable data from the license server and the policy server database , so that enforcement of license terms applicable to the software product at a given local node is achieved on the basis of both license policy maintained in the policy server database as well as applicable data from the license server .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code is executable to create the steps on each occasion that the executable instruction (include instructions) is to be executed . 		WO9311480A1
CLAIM 1 What is claimed is : 1 . An improved system for administration , on a computer network , of license terms for use of a software product on the network , the system being of the type wherein the network has a plurality of digital computers , each computer at a node , in communication with each other over a data path , and the system has usage tracking means , associated with one of the computers acting as a license server , for (i) causing the storage of the number of licenses available for running the software product on nodes of the network , (ii) identifying the current set of nodes with respect to which a license has been granted to run the software product at a given time , and (iii) determining whether at any given time any licenses remain to be granted for permitting an additional node to run the software product , so that the software product may include instructions (executable instruction) to cause enforcement of the license terms ;
wherein the improvement comprises : (a) a policy server database containing data specifying conditions under which usage of the software product is permitted on any given node ;
and (b) policy server means , maintained and operating locally as an independent process , on each computer , with respect to which the license terms are to be enforced , in association with the policy server database , for (i) communicating with the license server , (ii) interfacing with both the software product and the policy server database , and (iii) making a permission-to-run availability determination , with respect to local usage of the software product , on the basis of applicable data from the license server and the policy server database , so that enforcement of license terms applicable to the software product at a given local node is achieved on the basis of both license policy maintained in the policy server database as well as applicable data from the license server .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5287408A

Filed: 1992-08-31     Issued: 1994-02-15

Apparatus and method for serializing and validating copies of computer software

(Original Assignee) Autodesk Inc     (Current Assignee) Autodesk Inc

Peter R. Samson
US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US5287408A
CLAIM 22 . An apparatus for disabling an unauthorized copy of a computer program comprising : a means for generating a number according to a first mathematical function ;
a means for embedding said number in a physical device ;
a means for disabling said computer program if , upon installation of said computer program onto a computer system (computer system) , said physical device having said number is not coupled to said computer system .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US5287408A
CLAIM 22 . An apparatus for disabling an unauthorized copy of a computer program comprising : a means for generating a number according to a first mathematical function ;
a means for embedding said number in a physical device ;
a means for disabling said computer program if , upon installation of said computer program onto a computer system (computer system) , said physical device having said number is not coupled to said computer system .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5287408A
CLAIM 22 . An apparatus for disabling an unauthorized copy of a computer program comprising : a means for generating a number according to a first mathematical function ;
a means for embedding said number in a physical device ;
a means for disabling said computer program if , upon installation of said computer program onto a computer system (computer system) , said physical device having said number is not coupled to said computer system .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5287408A
CLAIM 22 . An apparatus for disabling an unauthorized copy of a computer program comprising : a means for generating a number according to a first mathematical function ;
a means for embedding said number in a physical device ;
a means for disabling said computer program if , upon installation of said computer program onto a computer system (computer system) , said physical device having said number is not coupled to said computer system .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (error signal) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		US5287408A
CLAIM 9 . The method of claim 4 , wherein in a computer network , said method is further comprised of the steps of : determining whether said computer network is running a second copy of said computer program ;
comparing said read number against a number at said location in said second copy , if said computer network is running said second copy of said computer program ;
generating an error signal (relocation code) if said read number is identical to said number at said location in said second copy .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (error signal) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US5287408A
CLAIM 9 . The method of claim 4 , wherein in a computer network , said method is further comprised of the steps of : determining whether said computer network is running a second copy of said computer program ;
comparing said read number against a number at said location in said second copy , if said computer network is running said second copy of said computer program ;
generating an error signal (relocation code) if said read number is identical to said number at said location in said second copy .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5287408A
CLAIM 22 . An apparatus for disabling an unauthorized copy of a computer program comprising : a means for generating a number according to a first mathematical function ;
a means for embedding said number in a physical device ;
a means for disabling said computer program if , upon installation of said computer program onto a computer system (computer system) , said physical device having said number is not coupled to said computer system .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5287408A
CLAIM 22 . An apparatus for disabling an unauthorized copy of a computer program comprising : a means for generating a number according to a first mathematical function ;
a means for embedding said number in a physical device ;
a means for disabling said computer program if , upon installation of said computer program onto a computer system (computer system) , said physical device having said number is not coupled to said computer system .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5287408A
CLAIM 22 . An apparatus for disabling an unauthorized copy of a computer program comprising : a means for generating a number according to a first mathematical function ;
a means for embedding said number in a physical device ;
a means for disabling said computer program if , upon installation of said computer program onto a computer system (computer system) , said physical device having said number is not coupled to said computer system .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code (error signal) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5287408A
CLAIM 9 . The method of claim 4 , wherein in a computer network , said method is further comprised of the steps of : determining whether said computer network is running a second copy of said computer program ;
comparing said read number against a number at said location in said second copy , if said computer network is running said second copy of said computer program ;
generating an error signal (relocation code) if said read number is identical to said number at said location in said second copy .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (error signal) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5287408A
CLAIM 9 . The method of claim 4 , wherein in a computer network , said method is further comprised of the steps of : determining whether said computer network is running a second copy of said computer program ;
comparing said read number against a number at said location in said second copy , if said computer network is running said second copy of said computer program ;
generating an error signal (relocation code) if said read number is identical to said number at said location in said second copy .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5287408A
CLAIM 22 . An apparatus for disabling an unauthorized copy of a computer program comprising : a means for generating a number according to a first mathematical function ;
a means for embedding said number in a physical device ;
a means for disabling said computer program if , upon installation of said computer program onto a computer system (computer system) , said physical device having said number is not coupled to said computer system .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5361359A

Filed: 1992-08-31     Issued: 1994-11-01

System and method for controlling the use of a computer

(Original Assignee) Trusted Information Systems Inc     (Current Assignee) McAfee LLC

Homayoon Tajalli, Mark L. Badger, David I. Dalva, Stephen T. Walker
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software (application programs) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5361359A
CLAIM 9 . The method of claim 1 , wherein step (1) comprises a step of mounting a file system corresponding to a portion of said protected media which stores an approved data set of zero or more data , wherein said file system is mounted so that its contents cannot be modified by said application programs (computer software) or said ordinary users .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (application programs) in accordance with claim 1 . 		US5361359A
CLAIM 9 . The method of claim 1 , wherein step (1) comprises a step of mounting a file system corresponding to a portion of said protected media which stores an approved data set of zero or more data , wherein said file system is mounted so that its contents cannot be modified by said application programs (computer software) or said ordinary users .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (application programs) protected by means of computer software in accordance with claim 1 . 		US5361359A
CLAIM 9 . The method of claim 1 , wherein step (1) comprises a step of mounting a file system corresponding to a portion of said protected media which stores an approved data set of zero or more data , wherein said file system is mounted so that its contents cannot be modified by said application programs (computer software) or said ordinary users .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions (user mode) to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5361359A
CLAIM 4 . The method of claim 1 , further comprising a step of entering a single user mode (call instructions) of the operating system so as to enter said trusted path mode .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions (user mode) to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5361359A
CLAIM 4 . The method of claim 1 , further comprising a step of entering a single user mode (call instructions) of the operating system so as to enter said trusted path mode .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5357573A

Filed: 1992-08-12     Issued: 1994-10-18

Memory card

(Original Assignee) Intelligent Solution Services GmbH     (Current Assignee) Intelligent Solution Services GmbH

Kenn D. Walters
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software (application programs) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5357573A
CLAIM 1 . A protected PCMCIA/JEIDA standard memory card for use as a mass memory device for computer systems such as palmtop , notebook and laptop computers , comprising a read-write memory means for storing data and application programs (computer software) , a control means for controlling the read-write memory means , and an interface means for connecting the memory card to a computer system , wherein an unchangeable protection code is stored on a read-only memory means on the memory card .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (application programs) in accordance with claim 1 . 		US5357573A
CLAIM 1 . A protected PCMCIA/JEIDA standard memory card for use as a mass memory device for computer systems such as palmtop , notebook and laptop computers , comprising a read-write memory means for storing data and application programs (computer software) , a control means for controlling the read-write memory means , and an interface means for connecting the memory card to a computer system , wherein an unchangeable protection code is stored on a read-only memory means on the memory card .

US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software (application programs) protected by means of computer software in accordance with claim 1 . 		US5357573A
CLAIM 1 . A protected PCMCIA/JEIDA standard memory card for use as a mass memory device for computer system (computer system) s such as palmtop , notebook and laptop computers , comprising a read-write memory means for storing data and application programs (computer software) , a control means for controlling the read-write memory means , and an interface means for connecting the memory card to a computer system , wherein an unchangeable protection code is stored on a read-only memory means on the memory card .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means (control device) containing a digital protection arrangement according to claim 4 . 		US5357573A
CLAIM 1 . A protected PCMCIA/JEIDA standard memory card for use as a mass memory device for computer system (computer system) s such as palmtop , notebook and laptop computers , comprising a read-write memory means for storing data and application programs , a control means for controlling the read-write memory means , and an interface means for connecting the memory card to a computer system , wherein an unchangeable protection code is stored on a read-only memory means on the memory card .

US5357573A
CLAIM 7 . Method for modifying a PCMCIA/JEIDA standard memory card so as to prevent unauthorized use , comprising the steps of : providing a conventional PCMCIA/JEIDA memory card with a first read-write memory means for storing data and application programs , a second read-write memory means , a control device (memory means, start point, processor means) to control access to the first and second read-write memory means , and an interface device to connect the PCMCIA/JEIDA memory card to a computer system ;
and storing a protection code in the second read-write memory means via the interface means , wherein said first read-write and said second read-write memory means include data terminals , address terminals , write enable terminals , and read enable terminals , all being connected to said interface , and wherein the write enable terminal of the second memory means is physically cut through so as to disable write enable functions of the second memory means .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5357573A
CLAIM 1 . A protected PCMCIA/JEIDA standard memory card for use as a mass memory device for computer system (computer system) s such as palmtop , notebook and laptop computers , comprising a read-write memory means for storing data and application programs , a control means for controlling the read-write memory means , and an interface means for connecting the memory card to a computer system , wherein an unchangeable protection code is stored on a read-only memory means on the memory card .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5357573A
CLAIM 1 . A protected PCMCIA/JEIDA standard memory card for use as a mass memory device for computer system (computer system) s such as palmtop , notebook and laptop computers , comprising a read-write memory means for storing data and application programs , a control means for controlling the read-write memory means , and an interface means for connecting the memory card to a computer system , wherein an unchangeable protection code is stored on a read-only memory means on the memory card .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (control device) storing the protected data , decryption instructions and conversion code with a start point (control device) at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (control device) will cause the executable conversion code to be executed when seeking to access the protected data . 		US5357573A
CLAIM 7 . Method for modifying a PCMCIA/JEIDA standard memory card so as to prevent unauthorized use , comprising the steps of : providing a conventional PCMCIA/JEIDA memory card with a first read-write memory means for storing data and application programs , a second read-write memory means , a control device (memory means, start point, processor means) to control access to the first and second read-write memory means , and an interface device to connect the PCMCIA/JEIDA memory card to a computer system ;
and storing a protection code in the second read-write memory means via the interface means , wherein said first read-write and said second read-write memory means include data terminals , address terminals , write enable terminals , and read enable terminals , all being connected to said interface , and wherein the write enable terminal of the second memory means is physically cut through so as to disable write enable functions of the second memory means .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5357573A
CLAIM 1 . A protected PCMCIA/JEIDA standard memory card for use as a mass memory device for computer system (computer system) s such as palmtop , notebook and laptop computers , comprising a read-write memory means for storing data and application programs , a control means for controlling the read-write memory means , and an interface means for connecting the memory card to a computer system , wherein an unchangeable protection code is stored on a read-only memory means on the memory card .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5357573A
CLAIM 1 . A protected PCMCIA/JEIDA standard memory card for use as a mass memory device for computer system (computer system) s such as palmtop , notebook and laptop computers , comprising a read-write memory means for storing data and application programs , a control means for controlling the read-write memory means , and an interface means for connecting the memory card to a computer system , wherein an unchangeable protection code is stored on a read-only memory means on the memory card .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5357573A
CLAIM 1 . A protected PCMCIA/JEIDA standard memory card for use as a mass memory device for computer system (computer system) s such as palmtop , notebook and laptop computers , comprising a read-write memory means for storing data and application programs , a control means for controlling the read-write memory means , and an interface means for connecting the memory card to a computer system , wherein an unchangeable protection code is stored on a read-only memory means on the memory card .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5357573A
CLAIM 1 . A protected PCMCIA/JEIDA standard memory card for use as a mass memory device for computer system (computer system) s such as palmtop , notebook and laptop computers , comprising a read-write memory means for storing data and application programs , a control means for controlling the read-write memory means , and an interface means for connecting the memory card to a computer system , wherein an unchangeable protection code is stored on a read-only memory means on the memory card .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5276311A

Filed: 1992-07-01     Issued: 1994-01-04

Method and device for simplifying the use of a plurality of credit cards, or the like

(Original Assignee) Hartmut Hennige     (Current Assignee) E-PASS TECHNOLOGIES Inc

Hartmut Hennige
US7162735B2
CLAIM 3 . A computer system (stored data) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US5276311A
CLAIM 18 . The method according to claim 17 wherein said checking terminal erases said stored data (computer system, computer system comprising memory) sets of the multi-function card in response to use of an incorrect secret code of the multi-function card .

US7162735B2
CLAIM 5 . A computer system (stored data) comprising memory means containing a digital protection (said selection) arrangement according to claim 4 . 		US5276311A
CLAIM 18 . The method according to claim 17 wherein said checking terminal erases said stored data (computer system, computer system comprising memory) sets of the multi-function card in response to use of an incorrect secret code of the multi-function card .

US5276311A
CLAIM 33 . The device according to claim 20 , wherein the multi-function card comprises a first set of keys for activating said selection (digital protection) means , whereby the user sequentially accesses each of said data sets from said plurality of data sources ;
and a second set of keys for entering the user' ;
s secret code .

US7162735B2
CLAIM 6 . A data carrier (data carrier) containing software which , when installed on a computer system (stored data) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5276311A
CLAIM 11 . The method according to claim 1 wherein said transferred data set is transferred from a data carrier (data carrier) supplied by an issuing party and said transferred data set is transferred to the multi-function card by introducing said data carrier and the multi-function card into a transmission unit .

US5276311A
CLAIM 18 . The method according to claim 17 wherein said checking terminal erases said stored data (computer system, computer system comprising memory) sets of the multi-function card in response to use of an incorrect secret code of the multi-function card .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (stored data) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5276311A
CLAIM 18 . The method according to claim 17 wherein said checking terminal erases said stored data (computer system, computer system comprising memory) sets of the multi-function card in response to use of an incorrect secret code of the multi-function card .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (processing means) operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US5276311A
CLAIM 20 . A device for selecting data from a plurality of data sources such as credit cards , check cards , customer cards , identity cards , documents , keys , access information and master keys comprising : an electronic multi-function card , said card having storage means for storing a data set from each of the plurality of data sources , said card having at least one display area for displaying said stored data set ;
input means for producing a secret code ;
activating means for activating said card for use ;
processing means (processing means) responsive to said secret code for enabling said activating means ;
selection means for selecting a predetermined one of said stored data sets in said activated card ;
and display means for displaying said selected data set on the card in said display area .

US7162735B2
CLAIM 28 . A data carrier (data carrier) containing software which , when installed on a computer system (stored data) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5276311A
CLAIM 11 . The method according to claim 1 wherein said transferred data set is transferred from a data carrier (data carrier) supplied by an issuing party and said transferred data set is transferred to the multi-function card by introducing said data carrier and the multi-function card into a transmission unit .

US5276311A
CLAIM 18 . The method according to claim 17 wherein said checking terminal erases said stored data (computer system, computer system comprising memory) sets of the multi-function card in response to use of an incorrect secret code of the multi-function card .

US7162735B2
CLAIM 30 . A data carrier (data carrier) containing software which , when installed on a computer system (stored data) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5276311A
CLAIM 11 . The method according to claim 1 wherein said transferred data set is transferred from a data carrier (data carrier) supplied by an issuing party and said transferred data set is transferred to the multi-function card by introducing said data carrier and the multi-function card into a transmission unit .

US5276311A
CLAIM 18 . The method according to claim 17 wherein said checking terminal erases said stored data (computer system, computer system comprising memory) sets of the multi-function card in response to use of an incorrect secret code of the multi-function card .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part (selective operation) of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5276311A
CLAIM 3 . The method according to claim 2 , wherein said step of entering said secret code into the multi-function card comprises selective operation (first part) of input keys at the place of use of the multi-function card whereby entering said secret code accesses a select one of said data sources , and further comprises the steps of : inserting the multi-function card into a checking terminal for payment purposes , displaying said stored signature in a predetermined one of said display areas of said multi-function card for visual inspection , producing said personal signature at the moment of payment on a document printer assigned to said checking terminal , and comparing said applied personal signature with said displayed personal signature .

US7162735B2
CLAIM 37 . A data carrier (data carrier) containing software which , when installed on a computer system (stored data) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5276311A
CLAIM 11 . The method according to claim 1 wherein said transferred data set is transferred from a data carrier (data carrier) supplied by an issuing party and said transferred data set is transferred to the multi-function card by introducing said data carrier and the multi-function card into a transmission unit .

US5276311A
CLAIM 18 . The method according to claim 17 wherein said checking terminal erases said stored data (computer system, computer system comprising memory) sets of the multi-function card in response to use of an incorrect secret code of the multi-function card .

US7162735B2
CLAIM 40 . A data carrier (data carrier) containing software which , when installed on a computer system (stored data) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5276311A
CLAIM 11 . The method according to claim 1 wherein said transferred data set is transferred from a data carrier (data carrier) supplied by an issuing party and said transferred data set is transferred to the multi-function card by introducing said data carrier and the multi-function card into a transmission unit .

US5276311A
CLAIM 18 . The method according to claim 17 wherein said checking terminal erases said stored data (computer system, computer system comprising memory) sets of the multi-function card in response to use of an incorrect secret code of the multi-function card .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5410703A

Filed: 1992-07-01     Issued: 1995-04-25

System for changing software during computer operation

(Original Assignee) Telefonaktiebolaget LM Ericsson AB     (Current Assignee) Telefonaktiebolaget LM Ericsson AB

Rickard Nilsson, Ulf Markstrom, Leif Klofver
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software (second application) , the protection software (second software application) comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5410703A
CLAIM 60 . A method of dynamically binding first and second modules respectively disposed in first and second software application (protection software) s by providing a set of direction points for dynamically directing chains of events within the operational software system to either one or the other of said first or second application (computer software) s , said method comprising the steps of : analyzing messages addressed by function name ;
directing those messages to processes in each of said first or second modules ;
and directing the execution of a process by dynamic runtime binding to selectively continue the execution of said process in either one of said first or said second software modules .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (second application) in accordance with claim 1 . 		US5410703A
CLAIM 60 . A method of dynamically binding first and second modules respectively disposed in first and second software applications by providing a set of direction points for dynamically directing chains of events within the operational software system to either one or the other of said first or second application (computer software) s , said method comprising the steps of : analyzing messages addressed by function name ;
directing those messages to processes in each of said first or second modules ;
and directing the execution of a process by dynamic runtime binding to selectively continue the execution of said process in either one of said first or said second software modules .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (second application) protected by means of computer software in accordance with claim 1 . 		US5410703A
CLAIM 60 . A method of dynamically binding first and second modules respectively disposed in first and second software applications by providing a set of direction points for dynamically directing chains of events within the operational software system to either one or the other of said first or second application (computer software) s , said method comprising the steps of : analyzing messages addressed by function name ;
directing those messages to processes in each of said first or second modules ;
and directing the execution of a process by dynamic runtime binding to selectively continue the execution of said process in either one of said first or said second software modules .

US7162735B2
CLAIM 5 . A computer system comprising memory (first means) means containing a digital protection arrangement according to claim 4 . 		US5410703A
CLAIM 61 . Apparatus for automatically shifting data processing operations from previously loaded first software to newly loaded second software in a computer system in which the first software is processing existing data while new data is being received by the computer system , said apparatus comprising : first means (computer system comprising memory) for transmitting test data to said second software for processing thereby , said test data simulating actual data to be processed by said first software , while at the same time both existing and new actual data are being processed by said first software ;
second means , responsive to a successful processing of said test data by said second software , for transmitting all of said new data to said second software during continued processing of said existing data by said first software and the simultaneous production of output data from both said first and second software ;
and third means , responsive to the first to occur of the completion of processing of said existing data by said first software or the expiration of a preselected period of time following the beginning of transmission of all of said new data to said second software , for discontinuing further use of said first software for processing data , whereby the changeover from said first software to said second software may be automatically effected during computer system runtime without materially disrupting the continuance of data processing operations thereof .

US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (software module) for decryption . 		US5410703A
CLAIM 60 . A method of dynamically binding first and second modules respectively disposed in first and second software applications by providing a set of direction points for dynamically directing chains of events within the operational software system to either one or the other of said first or second applications , said method comprising the steps of : analyzing messages addressed by function name ;
directing those messages to processes in each of said first or second modules ;
and directing the execution of a process by dynamic runtime binding to selectively continue the execution of said process in either one of said first or said second software module (executable instructions) s .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5359659A

Filed: 1992-06-19     Issued: 1994-10-25

Method for securing software against corruption by computer viruses

(Original Assignee) Doren Rosenthal     

Doren Rosenthal
US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US5359659A
CLAIM 1 . A method of using a computer system (computer system) to secure against corruption by virus an existing executable software program , said computer system having one or more storage media , said existing executable software program being stored on at least one of said storage media , said method comprising the steps of : identifying one or more security routines , said one or more security routines to detect corruption by virus of said existing executable software program and to detect the presence of corruption by virus of portions of said computer system external to said existing executable software program ;
modifying electronic signals representative of said existing executable software program to cause said computer system to execute said one or more security routines first during each execution of said existing routines to said software program ;
and storing said modifications to said existing executable software program .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call (system comprising one) instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5359659A
CLAIM 16 . An apparatus for securing against corruption by virus an existing executable software program , said apparatus comprising : a computer system comprising one (respective call) or more storage media , said existing executable software program stored on at least one of said storage media ;
means for identifying one or more security routines , said one or more security routines to detect corruption by virus of said existing executable software program and to detect corruption by virus of portions of said computer system external to said existing executable software program ;
means for modifying electronic signals representative of said existing executable software program to cause said computer system to execute said one or more security routines first during each execution of said existing executable software program ;
and means for storing said modifications to said existing executable software program .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US5359659A
CLAIM 1 . A method of using a computer system (computer system) to secure against corruption by virus an existing executable software program , said computer system having one or more storage media , said existing executable software program being stored on at least one of said storage media , said method comprising the steps of : identifying one or more security routines , said one or more security routines to detect corruption by virus of said existing executable software program and to detect the presence of corruption by virus of portions of said computer system external to said existing executable software program ;
modifying electronic signals representative of said existing executable software program to cause said computer system to execute said one or more security routines first during each execution of said existing routines to said software program ;
and storing said modifications to said existing executable software program .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5359659A
CLAIM 1 . A method of using a computer system (computer system) to secure against corruption by virus an existing executable software program , said computer system having one or more storage media , said existing executable software program being stored on at least one of said storage media , said method comprising the steps of : identifying one or more security routines , said one or more security routines to detect corruption by virus of said existing executable software program and to detect the presence of corruption by virus of portions of said computer system external to said existing executable software program ;
modifying electronic signals representative of said existing executable software program to cause said computer system to execute said one or more security routines first during each execution of said existing routines to said software program ;
and storing said modifications to said existing executable software program .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5359659A
CLAIM 1 . A method of using a computer system (computer system) to secure against corruption by virus an existing executable software program , said computer system having one or more storage media , said existing executable software program being stored on at least one of said storage media , said method comprising the steps of : identifying one or more security routines , said one or more security routines to detect corruption by virus of said existing executable software program and to detect the presence of corruption by virus of portions of said computer system external to said existing executable software program ;
modifying electronic signals representative of said existing executable software program to cause said computer system to execute said one or more security routines first during each execution of said existing routines to said software program ;
and storing said modifications to said existing executable software program .

US7162735B2
CLAIM 25 . The arrangement of claim 18 , wherein the or each algorithm for converting code is a CRC algorithm (cyclic redundancy check) . 		US5359659A
CLAIM 9 . The method of claim 1 , wherein at least one of said one or more security routines computes and verifies one or more cyclic redundancy check (CRC algorithm) test values for said existing executable software program .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location (more storage) indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US5359659A
CLAIM 1 . A method of using a computer system to secure against corruption by virus an existing executable software program , said computer system having one or more storage (memory location) media , said existing executable software program being stored on at least one of said storage media , said method comprising the steps of : identifying one or more security routines , said one or more security routines to detect corruption by virus of said existing executable software program and to detect the presence of corruption by virus of portions of said computer system external to said existing executable software program ;
modifying electronic signals representative of said existing executable software program to cause said computer system to execute said one or more security routines first during each execution of said existing routines to said software program ;
and storing said modifications to said existing executable software program .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5359659A
CLAIM 1 . A method of using a computer system (computer system) to secure against corruption by virus an existing executable software program , said computer system having one or more storage media , said existing executable software program being stored on at least one of said storage media , said method comprising the steps of : identifying one or more security routines , said one or more security routines to detect corruption by virus of said existing executable software program and to detect the presence of corruption by virus of portions of said computer system external to said existing executable software program ;
modifying electronic signals representative of said existing executable software program to cause said computer system to execute said one or more security routines first during each execution of said existing routines to said software program ;
and storing said modifications to said existing executable software program .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5359659A
CLAIM 1 . A method of using a computer system (computer system) to secure against corruption by virus an existing executable software program , said computer system having one or more storage media , said existing executable software program being stored on at least one of said storage media , said method comprising the steps of : identifying one or more security routines , said one or more security routines to detect corruption by virus of said existing executable software program and to detect the presence of corruption by virus of portions of said computer system external to said existing executable software program ;
modifying electronic signals representative of said existing executable software program to cause said computer system to execute said one or more security routines first during each execution of said existing routines to said software program ;
and storing said modifications to said existing executable software program .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5359659A
CLAIM 1 . A method of using a computer system (computer system) to secure against corruption by virus an existing executable software program , said computer system having one or more storage media , said existing executable software program being stored on at least one of said storage media , said method comprising the steps of : identifying one or more security routines , said one or more security routines to detect corruption by virus of said existing executable software program and to detect the presence of corruption by virus of portions of said computer system external to said existing executable software program ;
modifying electronic signals representative of said existing executable software program to cause said computer system to execute said one or more security routines first during each execution of said existing routines to said software program ;
and storing said modifications to said existing executable software program .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5359659A
CLAIM 1 . A method of using a computer system (computer system) to secure against corruption by virus an existing executable software program , said computer system having one or more storage media , said existing executable software program being stored on at least one of said storage media , said method comprising the steps of : identifying one or more security routines , said one or more security routines to detect corruption by virus of said existing executable software program and to detect the presence of corruption by virus of portions of said computer system external to said existing executable software program ;
modifying electronic signals representative of said existing executable software program to cause said computer system to execute said one or more security routines first during each execution of said existing routines to said software program ;
and storing said modifications to said existing executable software program .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5166886A

Filed: 1992-02-12     Issued: 1992-11-24

System to demonstrate and sell computer programs

(Original Assignee) Molnar Charles E; Backus Alan L     

Charles E. Molnar, Alan L. Backus
US7162735B2
CLAIM 1 . Computer software (one computer) operable to provide protection for a second item (way media) of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5166886A
CLAIM 1 . A vending system for retailing at least one computer (Computer software) program comprising : a retailed computer program ;
a transmitting unit including means for repetitively transmitting said retailed computer program ;
a medium of transmission comprising cable television cable , said transmission medium being in communication with said transmitting unit and carrying said retained computer program repetitively transmitted by said transmitting unit , said transmission medium simultaneously carrying other signals comprising television signals ;
a plurality of computing devices located in domiciles , each of said computing devices including a receiver in communication with said transmission medium , each of said receivers being able to access and receive said retailed computer program repetitively transmitted by said transmitting unit through said transmission medium , and each of said computing devices comprising a processing section able to execute said retailed computer program to provide trail use of said retailed computer program to users of said computing devices in their domiciles , said trial use providing full use of said retailed computer-program ;
a vending program transmitted through said transmission medium to said computing devices , each of said computing devices being able to execute said vending program to provide means for said users of said computing devices to purchase reusable copies of said retailed computer program in their domiciles , said reusable copies of said retailed computer program being adapted for use on one of said computing devices ;
and said vending system including means to prohibit unauthorized duplication of said retailed computer program .

US5166886A
CLAIM 13 . A method of protecting demonstrated retailed computer programs from unauthorized duplication comprising the steps of : repetitively transmitting a retailed computer program through one-way media (second item) to a computing device , such that said computing device executes routines in said retailed computer program and a user of said computing devices has full use of said retailed computer program , and such that said computing device at no single time has a true , accurate and complete copy of said retailed computer program within said computing device , thereby preventing unauthorized duplication of said retailed computer program by eliminating the presence within said computing device , at any single time , of a true , accurate and complete copy of said retailed computer program .

US7162735B2
CLAIM 7 . Computer software (one computer) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5166886A
CLAIM 1 . A vending system for retailing at least one computer (Computer software) program comprising : a retailed computer program ;
a transmitting unit including means for repetitively transmitting said retailed computer program ;
a medium of transmission comprising cable television cable , said transmission medium being in communication with said transmitting unit and carrying said retained computer program repetitively transmitted by said transmitting unit , said transmission medium simultaneously carrying other signals comprising television signals ;
a plurality of computing devices located in domiciles , each of said computing devices including a receiver in communication with said transmission medium , each of said receivers being able to access and receive said retailed computer program repetitively transmitted by said transmitting unit through said transmission medium , and each of said computing devices comprising a processing section able to execute said retailed computer program to provide trail use of said retailed computer program to users of said computing devices in their domiciles , said trial use providing full use of said retailed computer-program ;
a vending program transmitted through said transmission medium to said computing devices , each of said computing devices being able to execute said vending program to provide means for said users of said computing devices to purchase reusable copies of said retailed computer program in their domiciles , said reusable copies of said retailed computer program being adapted for use on one of said computing devices ;
and said vending system including means to prohibit unauthorized duplication of said retailed computer program .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (memory cartridge) will cause the executable conversion code to be executed when seeking to access the protected data . 		US5166886A
CLAIM 4 . The vending system of claim 1 wherein said computing devices comprise , as processing apparatus , an entertainment computing device utilizing replaceable read-only memory cartridge (processor means) s that provide game functions .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5220606A

Filed: 1992-02-10     Issued: 1993-06-15

Cryptographic system and method

(Original Assignee) Harold Greenberg     

Harold Greenberg
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software (mod p) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5220606A
CLAIM 2 . A method for developing an encoding key K and a random signature inversion T comprising the steps of : A . using a sender' ;
s signature number sequence S={s . sub . 0 , s . sub . 1 , . . . , s . sub . n } , 1≦s . sub . i ≦p-1 , p a prime number , as the polynomial form S . sub . 1 =s . sub . 0 +s . sub . 1 x+s . sub . 2 x . sup . 2 + . . . +s . sub . n x . sup . n ;
B . developing a sequence of random digits R={r . sub . 0 , r . sub . 1 , . . . , r . sub . s } , 1≦r . sub . i ≦p-1 , with polynomial form R . sub . 1 =r . sub . 0 +r . sub . 1 x+r . sub . 2 x . sup . 2 + . . . +r . sub . s x . sup . s ;
C . producing said encoding key K from the coefficients of the polynomial K 1 defined by K . sub . 1 =S . sub . 1 R . sub . 1 -1 mod p (computer software, computer system, CRC algorithm, computer memory device containing computer software) , which results in K . sub . 1 =k . sub . 0 +k . sub . 1 x+k . sub . 2 x . sup . 2 + . . . +k . sub . u x . sup . u and the encoding key K={k . sub . 0 , k . sub . 1 , . . . , k . sub . u } ;
D . obtaining the inverse of signature S from the result S . sub . 1 R . sub . 1 =1 mod(K . sub . 1 and p) , which produces T 1 =R 1 as the inverse polynomial to S 1 and T=R as the inverse of S with T in the form T={t . sub . 0 , t . sub . 1 , t . sub . 2 , . . . , t . sub . g } .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (mod p) in accordance with claim 1 . 		US5220606A
CLAIM 2 . A method for developing an encoding key K and a random signature inversion T comprising the steps of : A . using a sender' ;
s signature number sequence S={s . sub . 0 , s . sub . 1 , . . . , s . sub . n } , 1≦s . sub . i ≦p-1 , p a prime number , as the polynomial form S . sub . 1 =s . sub . 0 +s . sub . 1 x+s . sub . 2 x . sup . 2 + . . . +s . sub . n x . sup . n ;
B . developing a sequence of random digits R={r . sub . 0 , r . sub . 1 , . . . , r . sub . s } , 1≦r . sub . i ≦p-1 , with polynomial form R . sub . 1 =r . sub . 0 +r . sub . 1 x+r . sub . 2 x . sup . 2 + . . . +r . sub . s x . sup . s ;
C . producing said encoding key K from the coefficients of the polynomial K 1 defined by K . sub . 1 =S . sub . 1 R . sub . 1 -1 mod p (computer software, computer system, CRC algorithm, computer memory device containing computer software) , which results in K . sub . 1 =k . sub . 0 +k . sub . 1 x+k . sub . 2 x . sup . 2 + . . . +k . sub . u x . sup . u and the encoding key K={k . sub . 0 , k . sub . 1 , . . . , k . sub . u } ;
D . obtaining the inverse of signature S from the result S . sub . 1 R . sub . 1 =1 mod(K . sub . 1 and p) , which produces T 1 =R 1 as the inverse polynomial to S 1 and T=R as the inverse of S with T in the form T={t . sub . 0 , t . sub . 1 , t . sub . 2 , . . . , t . sub . g } .

US7162735B2
CLAIM 3 . A computer system (mod p) containing an item of computer software (mod p) protected by means of computer software in accordance with claim 1 . 		US5220606A
CLAIM 2 . A method for developing an encoding key K and a random signature inversion T comprising the steps of : A . using a sender' ;
s signature number sequence S={s . sub . 0 , s . sub . 1 , . . . , s . sub . n } , 1≦s . sub . i ≦p-1 , p a prime number , as the polynomial form S . sub . 1 =s . sub . 0 +s . sub . 1 x+s . sub . 2 x . sup . 2 + . . . +s . sub . n x . sup . n ;
B . developing a sequence of random digits R={r . sub . 0 , r . sub . 1 , . . . , r . sub . s } , 1≦r . sub . i ≦p-1 , with polynomial form R . sub . 1 =r . sub . 0 +r . sub . 1 x+r . sub . 2 x . sup . 2 + . . . +r . sub . s x . sup . s ;
C . producing said encoding key K from the coefficients of the polynomial K 1 defined by K . sub . 1 =S . sub . 1 R . sub . 1 -1 mod p (computer software, computer system, CRC algorithm, computer memory device containing computer software) , which results in K . sub . 1 =k . sub . 0 +k . sub . 1 x+k . sub . 2 x . sup . 2 + . . . +k . sub . u x . sup . u and the encoding key K={k . sub . 0 , k . sub . 1 , . . . , k . sub . u } ;
D . obtaining the inverse of signature S from the result S . sub . 1 R . sub . 1 =1 mod(K . sub . 1 and p) , which produces T 1 =R 1 as the inverse polynomial to S 1 and T=R as the inverse of S with T in the form T={t . sub . 0 , t . sub . 1 , t . sub . 2 , . . . , t . sub . g } .

US7162735B2
CLAIM 5 . A computer system (mod p) comprising memory means containing a digital protection arrangement according to claim 4 . 		US5220606A
CLAIM 2 . A method for developing an encoding key K and a random signature inversion T comprising the steps of : A . using a sender' ;
s signature number sequence S={s . sub . 0 , s . sub . 1 , . . . , s . sub . n } , 1≦s . sub . i ≦p-1 , p a prime number , as the polynomial form S . sub . 1 =s . sub . 0 +s . sub . 1 x+s . sub . 2 x . sup . 2 + . . . +s . sub . n x . sup . n ;
B . developing a sequence of random digits R={r . sub . 0 , r . sub . 1 , . . . , r . sub . s } , 1≦r . sub . i ≦p-1 , with polynomial form R . sub . 1 =r . sub . 0 +r . sub . 1 x+r . sub . 2 x . sup . 2 + . . . +r . sub . s x . sup . s ;
C . producing said encoding key K from the coefficients of the polynomial K 1 defined by K . sub . 1 =S . sub . 1 R . sub . 1 -1 mod p (computer software, computer system, CRC algorithm, computer memory device containing computer software) , which results in K . sub . 1 =k . sub . 0 +k . sub . 1 x+k . sub . 2 x . sup . 2 + . . . +k . sub . u x . sup . u and the encoding key K={k . sub . 0 , k . sub . 1 , . . . , k . sub . u } ;
D . obtaining the inverse of signature S from the result S . sub . 1 R . sub . 1 =1 mod(K . sub . 1 and p) , which produces T 1 =R 1 as the inverse polynomial to S 1 and T=R as the inverse of S with T in the form T={t . sub . 0 , t . sub . 1 , t . sub . 2 , . . . , t . sub . g } .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (mod p) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5220606A
CLAIM 2 . A method for developing an encoding key K and a random signature inversion T comprising the steps of : A . using a sender' ;
s signature number sequence S={s . sub . 0 , s . sub . 1 , . . . , s . sub . n } , 1≦s . sub . i ≦p-1 , p a prime number , as the polynomial form S . sub . 1 =s . sub . 0 +s . sub . 1 x+s . sub . 2 x . sup . 2 + . . . +s . sub . n x . sup . n ;
B . developing a sequence of random digits R={r . sub . 0 , r . sub . 1 , . . . , r . sub . s } , 1≦r . sub . i ≦p-1 , with polynomial form R . sub . 1 =r . sub . 0 +r . sub . 1 x+r . sub . 2 x . sup . 2 + . . . +r . sub . s x . sup . s ;
C . producing said encoding key K from the coefficients of the polynomial K 1 defined by K . sub . 1 =S . sub . 1 R . sub . 1 -1 mod p (computer software, computer system, CRC algorithm, computer memory device containing computer software) , which results in K . sub . 1 =k . sub . 0 +k . sub . 1 x+k . sub . 2 x . sup . 2 + . . . +k . sub . u x . sup . u and the encoding key K={k . sub . 0 , k . sub . 1 , . . . , k . sub . u } ;
D . obtaining the inverse of signature S from the result S . sub . 1 R . sub . 1 =1 mod(K . sub . 1 and p) , which produces T 1 =R 1 as the inverse polynomial to S 1 and T=R as the inverse of S with T in the form T={t . sub . 0 , t . sub . 1 , t . sub . 2 , . . . , t . sub . g } .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (mod p) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5220606A
CLAIM 2 . A method for developing an encoding key K and a random signature inversion T comprising the steps of : A . using a sender' ;
s signature number sequence S={s . sub . 0 , s . sub . 1 , . . . , s . sub . n } , 1≦s . sub . i ≦p-1 , p a prime number , as the polynomial form S . sub . 1 =s . sub . 0 +s . sub . 1 x+s . sub . 2 x . sup . 2 + . . . +s . sub . n x . sup . n ;
B . developing a sequence of random digits R={r . sub . 0 , r . sub . 1 , . . . , r . sub . s } , 1≦r . sub . i ≦p-1 , with polynomial form R . sub . 1 =r . sub . 0 +r . sub . 1 x+r . sub . 2 x . sup . 2 + . . . +r . sub . s x . sup . s ;
C . producing said encoding key K from the coefficients of the polynomial K 1 defined by K . sub . 1 =S . sub . 1 R . sub . 1 -1 mod p (computer software, computer system, CRC algorithm, computer memory device containing computer software) , which results in K . sub . 1 =k . sub . 0 +k . sub . 1 x+k . sub . 2 x . sup . 2 + . . . +k . sub . u x . sup . u and the encoding key K={k . sub . 0 , k . sub . 1 , . . . , k . sub . u } ;
D . obtaining the inverse of signature S from the result S . sub . 1 R . sub . 1 =1 mod(K . sub . 1 and p) , which produces T 1 =R 1 as the inverse polynomial to S 1 and T=R as the inverse of S with T in the form T={t . sub . 0 , t . sub . 1 , t . sub . 2 , . . . , t . sub . g } .

US7162735B2
CLAIM 25 . The arrangement of claim 18 , wherein the or each algorithm for converting code (encoded form) is a CRC algorithm (mod p) . 		US5220606A
CLAIM 5 . A system for developing an encoding key K comprising : a signature storage means for obtaining a message sender' ;
s signature S={s . sub . 0 , s . sub . 1 , . . . , s . sub . n } ;
a random number generator means for obtaining a string of random numbers R={r . sub . 0 , r . sub . 1 , . . . , r . sub . s } ;
a key creator means coupled to said signature storage means and said random number generator means for developing an encoding key K by said key creator means considering S and R as the polynomials forms S . sub . 1 =s . sub . 0 +s . sub . 1 x+s . sub . 2 x . sup . 2 + . . . +s . sub . n x . sup . n R . sub . 1 =r . sub . 0 +r . sub . 1 x+r . sub . 2 x . sup . 2 + . . . +r . sub . s x . sup . s and developing the encoding key K as the coefficients of the polynomial K 1 , defined by K . sub . 1 =S . sub . 1 R . sub . 1 -1 mod p (computer software, computer system, CRC algorithm, computer memory device containing computer software) , as K . sub . 1 =k . sub . 0 +k . sub . 1 x+k . sub . 2 x . sup . 2 + . . . +k . sub . u x . sup . u with resulting encoding key K={k . sub . 0 , k . sub . 1 , . . . , k . sub . u } .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5222133A

Filed: 1991-10-17     Issued: 1993-06-22

Method of protecting computer software from unauthorized execution using multiple keys

(Original Assignee) Wayne W. Chou; Richard Erett     (Current Assignee) SafeNet Inc

Wayne W. Chou, Richard Erett, Joseph M. Kulinets
US7162735B2
CLAIM 1 . Computer software (hardware devices) operable to provide protection for a second item of computer software (computer software) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5222133A
CLAIM 1 . A method of protecting computer software (computer software) from unauthorized execution using multiple keys , one of which is stored in a hardware device to produce a control key which will allow the protected software to execute comprising the steps of : storing a plurality of unique first keys in a plurality of hardware devices (Computer software) , each hardware device having its own unique first key , establishing a plurality of unique second keys , each having a predetermined relationship with one of each of said first keys forming a plurality of unique key pairs , storing an algorithm for processing said unique key pairs in software which is desired to be protected , supplying identical copies of said software to be protected together with said hardware devices , each having one of said first keys , one device with each of said copies , supplying said second key that forms said key pair with one of said first keys in said hardware device , inserting one of said hardware devices in an input/output port of said computer , loading said software to be protected containing said algorithm in said computer , loading a second key external to said software to be protected in said computer , and processing said first and second keys in said algorithm for deriving a control key , if present , for permitting the continued processing of the software being protected .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (computer software) in accordance with claim 1 . 		US5222133A
CLAIM 1 . A method of protecting computer software (computer software) from unauthorized execution using multiple keys , one of which is stored in a hardware device to produce a control key which will allow the protected software to execute comprising the steps of : storing a plurality of unique first keys in a plurality of hardware devices , each hardware device having its own unique first key , establishing a plurality of unique second keys , each having a predetermined relationship with one of each of said first keys forming a plurality of unique key pairs , storing an algorithm for processing said unique key pairs in software which is desired to be protected , supplying identical copies of said software to be protected together with said hardware devices , each having one of said first keys , one device with each of said copies , supplying said second key that forms said key pair with one of said first keys in said hardware device , inserting one of said hardware devices in an input/output port of said computer , loading said software to be protected containing said algorithm in said computer , loading a second key external to said software to be protected in said computer , and processing said first and second keys in said algorithm for deriving a control key , if present , for permitting the continued processing of the software being protected .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (computer software) protected by means of computer software in accordance with claim 1 . 		US5222133A
CLAIM 1 . A method of protecting computer software (computer software) from unauthorized execution using multiple keys , one of which is stored in a hardware device to produce a control key which will allow the protected software to execute comprising the steps of : storing a plurality of unique first keys in a plurality of hardware devices , each hardware device having its own unique first key , establishing a plurality of unique second keys , each having a predetermined relationship with one of each of said first keys forming a plurality of unique key pairs , storing an algorithm for processing said unique key pairs in software which is desired to be protected , supplying identical copies of said software to be protected together with said hardware devices , each having one of said first keys , one device with each of said copies , supplying said second key that forms said key pair with one of said first keys in said hardware device , inserting one of said hardware devices in an input/output port of said computer , loading said software to be protected containing said algorithm in said computer , loading a second key external to said software to be protected in said computer , and processing said first and second keys in said algorithm for deriving a control key , if present , for permitting the continued processing of the software being protected .

US7162735B2
CLAIM 7 . Computer software (hardware devices) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5222133A
CLAIM 1 . A method of protecting computer software from unauthorized execution using multiple keys , one of which is stored in a hardware device to produce a control key which will allow the protected software to execute comprising the steps of : storing a plurality of unique first keys in a plurality of hardware devices (Computer software) , each hardware device having its own unique first key , establishing a plurality of unique second keys , each having a predetermined relationship with one of each of said first keys forming a plurality of unique key pairs , storing an algorithm for processing said unique key pairs in software which is desired to be protected , supplying identical copies of said software to be protected together with said hardware devices , each having one of said first keys , one device with each of said copies , supplying said second key that forms said key pair with one of said first keys in said hardware device , inserting one of said hardware devices in an input/output port of said computer , loading said software to be protected containing said algorithm in said computer , loading a second key external to said software to be protected in said computer , and processing said first and second keys in said algorithm for deriving a control key , if present , for permitting the continued processing of the software being protected .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5140634A

Filed: 1991-10-09     Issued: 1992-08-18

Method and apparatus for authenticating accreditations and for authenticating and signing messages

(Original Assignee) US Philips Corp     (Current Assignee) SA TELEDIFFUSION DE FRANCE 10 RUE D'ORADOUR-SUR-GHANE ; Orange SA ; US Philips Corp

Louis C. Guillou, Jean-Jacques Quisquater
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code (prime factor) which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5140634A
CLAIM 1 . A system for the authentication of an accreditation information A with zero-knowledge proof , this information having been formulated by a process of the public-key type comprising the following operations : an authority issuing the accreditation chooses two prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) s , forms the product N of these two factors , keeps secret these factors , chooses an integer p that comprises at least ten bit positions and publishes N and p , for the holder of the accreditation , a digital identity I is formed , and supplemented by redundancy in order to form a shaded identity word J , accreditation information A is formulated by the authority by taking the p-th root of the shaded identity J in the ring of integers modula N , (A=J 1/p mod N=J) , said system comprising a memory for storing inverse information modulo N of the accreditation information A , i . e . the inverse accreditation information B (B P j mod N=1) , which is to be authentication , processing means for executing the authentication operation by means of a single-layer interactive and probabilistic digital process of the zero-knowledge proof type and comprising communication means for communicating between a medium containing the memory called " ;
the verified" ;
and an element called " ;
the verifier" ;
, said processing means comprising : in the verified first random number generating means for generating a first random integer r that is a member of the ring of integers modulo N , power raising means fed by the first random number generating means for raising r to the power p modulo N to produce a title T , first transmission means fed by the power raising means for transmitting at least a predetermined bit portion of the title T to the verifier , in the verifier second random number generating means for generating a second random number (D) within the interval O and (p-1) , including the limits thereof , request means cum second transmission means fed by the second random number generating means for generating and transmitting a processing request to the verified , in the verified first calculating means fed by the second transmission means to calculate the product in the ring of integers modulo N of the first random integer r , and the D-th power of the inverse accreditation information B to feed the result thereof as a marker t=r . b D mod N to the first transmission means , in the verifier second calculating means fed by the first transmission means for calculating the product of the marker t , within the ring of integers moduluo N , and the D-th power of the shaded identity J , i . e . t P j D mod N , in the verifier comparing means fed by the second calculating means and by the first transmission means for comparing said predetermined bit portion to a corresponding bit portion of t P j D mod N for in a single comparisons step upon a detected equality issuing an authenticated accreditation signal .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code (prime factor) , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5140634A
CLAIM 1 . A system for the authentication of an accreditation information A with zero-knowledge proof , this information having been formulated by a process of the public-key type comprising the following operations : an authority issuing the accreditation chooses two prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) s , forms the product N of these two factors , keeps secret these factors , chooses an integer p that comprises at least ten bit positions and publishes N and p , for the holder of the accreditation , a digital identity I is formed , and supplemented by redundancy in order to form a shaded identity word J , accreditation information A is formulated by the authority by taking the p-th root of the shaded identity J in the ring of integers modula N , (A=J 1/p mod N=J) , said system comprising a memory for storing inverse information modulo N of the accreditation information A , i . e . the inverse accreditation information B (B P j mod N=1) , which is to be authentication , processing means for executing the authentication operation by means of a single-layer interactive and probabilistic digital process of the zero-knowledge proof type and comprising communication means for communicating between a medium containing the memory called " ;
the verified" ;
and an element called " ;
the verifier" ;
, said processing means comprising : in the verified first random number generating means for generating a first random integer r that is a member of the ring of integers modulo N , power raising means fed by the first random number generating means for raising r to the power p modulo N to produce a title T , first transmission means fed by the power raising means for transmitting at least a predetermined bit portion of the title T to the verifier , in the verifier second random number generating means for generating a second random number (D) within the interval O and (p-1) , including the limits thereof , request means cum second transmission means fed by the second random number generating means for generating and transmitting a processing request to the verified , in the verified first calculating means fed by the second transmission means to calculate the product in the ring of integers modulo N of the first random integer r , and the D-th power of the inverse accreditation information B to feed the result thereof as a marker t=r . b D mod N to the first transmission means , in the verifier second calculating means fed by the first transmission means for calculating the product of the marker t , within the ring of integers moduluo N , and the D-th power of the shaded identity J , i . e . t P j D mod N , in the verifier comparing means fed by the second calculating means and by the first transmission means for comparing said predetermined bit portion to a corresponding bit portion of t P j D mod N for in a single comparisons step upon a detected equality issuing an authenticated accreditation signal .

US7162735B2
CLAIM 5 . A computer system comprising memory means (smart card) containing a digital protection (authentication operation) arrangement according to claim 4 . 		US5140634A
CLAIM 1 . A system for the authentication of an accreditation information A with zero-knowledge proof , this information having been formulated by a process of the public-key type comprising the following operations : an authority issuing the accreditation chooses two prime factors , forms the product N of these two factors , keeps secret these factors , chooses an integer p that comprises at least ten bit positions and publishes N and p , for the holder of the accreditation , a digital identity I is formed , and supplemented by redundancy in order to form a shaded identity word J , accreditation information A is formulated by the authority by taking the p-th root of the shaded identity J in the ring of integers modula N , (A=J 1/p mod N=J) , said system comprising a memory for storing inverse information modulo N of the accreditation information A , i . e . the inverse accreditation information B (B P j mod N=1) , which is to be authentication , processing means for executing the authentication operation (digital protection) by means of a single-layer interactive and probabilistic digital process of the zero-knowledge proof type and comprising communication means for communicating between a medium containing the memory called " ;
the verified" ;
and an element called " ;
the verifier" ;
, said processing means comprising : in the verified first random number generating means for generating a first random integer r that is a member of the ring of integers modulo N , power raising means fed by the first random number generating means for raising r to the power p modulo N to produce a title T , first transmission means fed by the power raising means for transmitting at least a predetermined bit portion of the title T to the verifier , in the verifier second random number generating means for generating a second random number (D) within the interval O and (p-1) , including the limits thereof , request means cum second transmission means fed by the second random number generating means for generating and transmitting a processing request to the verified , in the verified first calculating means fed by the second transmission means to calculate the product in the ring of integers modulo N of the first random integer r , and the D-th power of the inverse accreditation information B to feed the result thereof as a marker t=r . b D mod N to the first transmission means , in the verifier second calculating means fed by the first transmission means for calculating the product of the marker t , within the ring of integers moduluo N , and the D-th power of the shaded identity J , i . e . t P j D mod N , in the verifier comparing means fed by the second calculating means and by the first transmission means for comparing said predetermined bit portion to a corresponding bit portion of t P j D mod N for in a single comparisons step upon a detected equality issuing an authenticated accreditation signal .

US5140634A
CLAIM 3 . A station as claim 2 , manufactured in the shape of a smart card (memory means, memory location) .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code (prime factor) (prime factor) operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5140634A
CLAIM 9 . A system for signing a message m by a presumably accredited entity , this accreditation having been formulated by a public-key process comprising the following operations : an authority issuing the accreditation chooses two prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) s , forms the product N of these two factors , keeps secret these factors , chooses an integer p that comprises at least thirty bit positions of publishes N and p , for an entity that is a signatory a digital identity I is formed and supplemented by redundancy in order to form a shaded identity word J , accreditation in formation A is formulated by the authority by taking the p-th root of the shaded identity J in the ring of integers modulo N (A=j 1/p mod N) , said system comprising : a memory medium held by the signatory for storing inverse information modulo N of the accreditation information A , i . e . the inverse accreditation information B (i . e . , B p J mod N=1) , signature generating means for generating a signature according to a probabilistic digital process , and comprising : random number generating means for generating a randon integer r that is a member of the ring of integers modulo N , power raising means fed by the random number generating means for raising r to the power p modulo N , compression means fed by the power raising means for calculating a compression function that has as arguments the message m and r p mod N to yield a result number D , product forming means fed by the random number generator and by the compression means to form the product of r and D-th power of the inverse accreditation information B to yield a sole marker t , transmission means fed by the product forming means to transmit a signal message comprising of the message m , the identity I , the result number D , and the sole marker t .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code (prime factor) stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code (prime factor) is operable to convert each block into an executable form . 		US5140634A
CLAIM 9 . A system for signing a message m by a presumably accredited entity , this accreditation having been formulated by a public-key process comprising the following operations : an authority issuing the accreditation chooses two prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) s , forms the product N of these two factors , keeps secret these factors , chooses an integer p that comprises at least thirty bit positions of publishes N and p , for an entity that is a signatory a digital identity I is formed and supplemented by redundancy in order to form a shaded identity word J , accreditation in formation A is formulated by the authority by taking the p-th root of the shaded identity J in the ring of integers modulo N (A=j 1/p mod N) , said system comprising : a memory medium held by the signatory for storing inverse information modulo N of the accreditation information A , i . e . the inverse accreditation information B (i . e . , B p J mod N=1) , signature generating means for generating a signature according to a probabilistic digital process , and comprising : random number generating means for generating a randon integer r that is a member of the ring of integers modulo N , power raising means fed by the random number generating means for raising r to the power p modulo N , compression means fed by the power raising means for calculating a compression function that has as arguments the message m and r p mod N to yield a result number D , product forming means fed by the random number generator and by the compression means to form the product of r and D-th power of the inverse accreditation information B to yield a sole marker t , transmission means fed by the product forming means to transmit a signal message comprising of the message m , the identity I , the result number D , and the sole marker t .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code (prime factor) and/or a data file . 		US5140634A
CLAIM 9 . A system for signing a message m by a presumably accredited entity , this accreditation having been formulated by a public-key process comprising the following operations : an authority issuing the accreditation chooses two prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) s , forms the product N of these two factors , keeps secret these factors , chooses an integer p that comprises at least thirty bit positions of publishes N and p , for an entity that is a signatory a digital identity I is formed and supplemented by redundancy in order to form a shaded identity word J , accreditation in formation A is formulated by the authority by taking the p-th root of the shaded identity J in the ring of integers modulo N (A=j 1/p mod N) , said system comprising : a memory medium held by the signatory for storing inverse information modulo N of the accreditation information A , i . e . the inverse accreditation information B (i . e . , B p J mod N=1) , signature generating means for generating a signature according to a probabilistic digital process , and comprising : random number generating means for generating a randon integer r that is a member of the ring of integers modulo N , power raising means fed by the random number generating means for raising r to the power p modulo N , compression means fed by the power raising means for calculating a compression function that has as arguments the message m and r p mod N to yield a result number D , product forming means fed by the random number generator and by the compression means to form the product of r and D-th power of the inverse accreditation information B to yield a sole marker t , transmission means fed by the product forming means to transmit a signal message comprising of the message m , the identity I , the result number D , and the sole marker t .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (following operations, processing means) operable to execute code , and memory means (smart card) storing the protected data , decryption instructions and conversion code (prime factor) with a start point at a memory location (smart card) indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code (prime factor) to be executed when seeking to access the protected data . 		US5140634A
CLAIM 3 . A station as claim 2 , manufactured in the shape of a smart card (memory means, memory location) .

US5140634A
CLAIM 9 . A system for signing a message m by a presumably accredited entity , this accreditation having been formulated by a public-key process comprising the following operations (processing means) : an authority issuing the accreditation chooses two prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) s , forms the product N of these two factors , keeps secret these factors , chooses an integer p that comprises at least thirty bit positions of publishes N and p , for an entity that is a signatory a digital identity I is formed and supplemented by redundancy in order to form a shaded identity word J , accreditation in formation A is formulated by the authority by taking the p-th root of the shaded identity J in the ring of integers modulo N (A=j 1/p mod N) , said system comprising : a memory medium held by the signatory for storing inverse information modulo N of the accreditation information A , i . e . the inverse accreditation information B (i . e . , B p J mod N=1) , signature generating means for generating a signature according to a probabilistic digital process , and comprising : random number generating means for generating a randon integer r that is a member of the ring of integers modulo N , power raising means fed by the random number generating means for raising r to the power p modulo N , compression means fed by the power raising means for calculating a compression function that has as arguments the message m and r p mod N to yield a result number D , product forming means fed by the random number generator and by the compression means to form the product of r and D-th power of the inverse accreditation information B to yield a sole marker t , transmission means fed by the product forming means to transmit a signal message comprising of the message m , the identity I , the result number D , and the sole marker t .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code (prime factor) executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5140634A
CLAIM 9 . A system for signing a message m by a presumably accredited entity , this accreditation having been formulated by a public-key process comprising the following operations : an authority issuing the accreditation chooses two prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) s , forms the product N of these two factors , keeps secret these factors , chooses an integer p that comprises at least thirty bit positions of publishes N and p , for an entity that is a signatory a digital identity I is formed and supplemented by redundancy in order to form a shaded identity word J , accreditation in formation A is formulated by the authority by taking the p-th root of the shaded identity J in the ring of integers modulo N (A=j 1/p mod N) , said system comprising : a memory medium held by the signatory for storing inverse information modulo N of the accreditation information A , i . e . the inverse accreditation information B (i . e . , B p J mod N=1) , signature generating means for generating a signature according to a probabilistic digital process , and comprising : random number generating means for generating a randon integer r that is a member of the ring of integers modulo N , power raising means fed by the random number generating means for raising r to the power p modulo N , compression means fed by the power raising means for calculating a compression function that has as arguments the message m and r p mod N to yield a result number D , product forming means fed by the random number generator and by the compression means to form the product of r and D-th power of the inverse accreditation information B to yield a sole marker t , transmission means fed by the product forming means to transmit a signal message comprising of the message m , the identity I , the result number D , and the sole marker t .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code (prime factor) is executable to create the steps on each occasion that the executable instruction is to be executed . 		US5140634A
CLAIM 9 . A system for signing a message m by a presumably accredited entity , this accreditation having been formulated by a public-key process comprising the following operations : an authority issuing the accreditation chooses two prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) s , forms the product N of these two factors , keeps secret these factors , chooses an integer p that comprises at least thirty bit positions of publishes N and p , for an entity that is a signatory a digital identity I is formed and supplemented by redundancy in order to form a shaded identity word J , accreditation in formation A is formulated by the authority by taking the p-th root of the shaded identity J in the ring of integers modulo N (A=j 1/p mod N) , said system comprising : a memory medium held by the signatory for storing inverse information modulo N of the accreditation information A , i . e . the inverse accreditation information B (i . e . , B p J mod N=1) , signature generating means for generating a signature according to a probabilistic digital process , and comprising : random number generating means for generating a randon integer r that is a member of the ring of integers modulo N , power raising means fed by the random number generating means for raising r to the power p modulo N , compression means fed by the power raising means for calculating a compression function that has as arguments the message m and r p mod N to yield a result number D , product forming means fed by the random number generator and by the compression means to form the product of r and D-th power of the inverse accreditation information B to yield a sole marker t , transmission means fed by the product forming means to transmit a signal message comprising of the message m , the identity I , the result number D , and the sole marker t .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code (prime factor) executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part (following steps) of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5140634A
CLAIM 9 . A system for signing a message m by a presumably accredited entity , this accreditation having been formulated by a public-key process comprising the following operations : an authority issuing the accreditation chooses two prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) s , forms the product N of these two factors , keeps secret these factors , chooses an integer p that comprises at least thirty bit positions of publishes N and p , for an entity that is a signatory a digital identity I is formed and supplemented by redundancy in order to form a shaded identity word J , accreditation in formation A is formulated by the authority by taking the p-th root of the shaded identity J in the ring of integers modulo N (A=j 1/p mod N) , said system comprising : a memory medium held by the signatory for storing inverse information modulo N of the accreditation information A , i . e . the inverse accreditation information B (i . e . , B p J mod N=1) , signature generating means for generating a signature according to a probabilistic digital process , and comprising : random number generating means for generating a randon integer r that is a member of the ring of integers modulo N , power raising means fed by the random number generating means for raising r to the power p modulo N , compression means fed by the power raising means for calculating a compression function that has as arguments the message m and r p mod N to yield a result number D , product forming means fed by the random number generator and by the compression means to form the product of r and D-th power of the inverse accreditation information B to yield a sole marker t , transmission means fed by the product forming means to transmit a signal message comprising of the message m , the identity I , the result number D , and the sole marker t .

US5140634A
CLAIM 12 . A method for authenticating , comprising the following steps (second part) in a verifier element : a) receiving , as first comparison data , at least a predetermined multibit field of a title number T calculated according to the equation T=r . sup . p mod N ;
b) drawing a second random number D within the closed interval {O , p-1} ;
c) providing this second random number ;
d) receiving a marker number t calculated according to the equation : t=r . B . sup . D mod N e) generating second comparison data equal to T . sup . p J . sup . D mod N ;
f) comparing the first comparison data to a corresponding multibit field of the second comparison data , and g) upon correspondence directly generating an authentication approbation , where p is a first published integer p of at least ten bits ;
N is a second published integer which is a product of two secret prime factors ;
J is a second personalized digital quantity with added redundancy formed from a first personalized digital quantity I ;
B is an accreditation number stored outside the verifier element in the form of an inverse of A , A being equal to J l/p mod N , so that B p J mod N=1 ;
and r is a first random number not available to the verifier element which is a member of the ring of integers modulo N .

US7162735B2
CLAIM 36 . The arrangement of claim 34 , wherein the executable code (prime factor) is executable to create corrupt data in addition to each part of protected code . 		US5140634A
CLAIM 9 . A system for signing a message m by a presumably accredited entity , this accreditation having been formulated by a public-key process comprising the following operations : an authority issuing the accreditation chooses two prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) s , forms the product N of these two factors , keeps secret these factors , chooses an integer p that comprises at least thirty bit positions of publishes N and p , for an entity that is a signatory a digital identity I is formed and supplemented by redundancy in order to form a shaded identity word J , accreditation in formation A is formulated by the authority by taking the p-th root of the shaded identity J in the ring of integers modulo N (A=j 1/p mod N) , said system comprising : a memory medium held by the signatory for storing inverse information modulo N of the accreditation information A , i . e . the inverse accreditation information B (i . e . , B p J mod N=1) , signature generating means for generating a signature according to a probabilistic digital process , and comprising : random number generating means for generating a randon integer r that is a member of the ring of integers modulo N , power raising means fed by the random number generating means for raising r to the power p modulo N , compression means fed by the power raising means for calculating a compression function that has as arguments the message m and r p mod N to yield a result number D , product forming means fed by the random number generator and by the compression means to form the product of r and D-th power of the inverse accreditation information B to yield a sole marker t , transmission means fed by the product forming means to transmit a signal message comprising of the message m , the identity I , the result number D , and the sole marker t .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code (prime factor) and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5140634A
CLAIM 9 . A system for signing a message m by a presumably accredited entity , this accreditation having been formulated by a public-key process comprising the following operations : an authority issuing the accreditation chooses two prime factor (executable code, executable conversion code, conversion code, comprising processing means operable to execute code, digital data arrangement comprising executable code) s , forms the product N of these two factors , keeps secret these factors , chooses an integer p that comprises at least thirty bit positions of publishes N and p , for an entity that is a signatory a digital identity I is formed and supplemented by redundancy in order to form a shaded identity word J , accreditation in formation A is formulated by the authority by taking the p-th root of the shaded identity J in the ring of integers modulo N (A=j 1/p mod N) , said system comprising : a memory medium held by the signatory for storing inverse information modulo N of the accreditation information A , i . e . the inverse accreditation information B (i . e . , B p J mod N=1) , signature generating means for generating a signature according to a probabilistic digital process , and comprising : random number generating means for generating a randon integer r that is a member of the ring of integers modulo N , power raising means fed by the random number generating means for raising r to the power p modulo N , compression means fed by the power raising means for calculating a compression function that has as arguments the message m and r p mod N to yield a result number D , product forming means fed by the random number generator and by the compression means to form the product of r and D-th power of the inverse accreditation information B to yield a sole marker t , transmission means fed by the product forming means to transmit a signal message comprising of the message m , the identity I , the result number D , and the sole marker t .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5414850A

Filed: 1991-08-23     Issued: 1995-05-09

System for transparently compressing data files in a computer system

(Original Assignee) Stac Electronics Inc     (Current Assignee) HI/FN Inc

Douglas L. Whiting
US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US5414850A
CLAIM 1 . A method for maintaining compressed data files on a disk drive in a computer system (computer system) so that a user may access said data files as if they were uncompressed , said disk drive having a drive letter assigned by an operating system , said operating system storing with said assigned drive letter a device driver pointer to said disk drive , said method comprising : compressing and decompressing one or more files on said disk drive with a device driver , said compressing and decompressing device driver having a drive letter assigned by said operating system , said operating system storing with said assigned drive letter for said compressing and decompressing device driver a device driver pointer to said compressing and decompressing device driver ;
and swapping said device driver pointer stored with said drive letter assigned to said disk drive and said device driver pointer stored with said drive letter assigned to said compressing and decompressing device driver .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US5414850A
CLAIM 1 . A method for maintaining compressed data files on a disk drive in a computer system (computer system) so that a user may access said data files as if they were uncompressed , said disk drive having a drive letter assigned by an operating system , said operating system storing with said assigned drive letter a device driver pointer to said disk drive , said method comprising : compressing and decompressing one or more files on said disk drive with a device driver , said compressing and decompressing device driver having a drive letter assigned by said operating system , said operating system storing with said assigned drive letter for said compressing and decompressing device driver a device driver pointer to said compressing and decompressing device driver ;
and swapping said device driver pointer stored with said drive letter assigned to said disk drive and said device driver pointer stored with said drive letter assigned to said compressing and decompressing device driver .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5414850A
CLAIM 1 . A method for maintaining compressed data files on a disk drive in a computer system (computer system) so that a user may access said data files as if they were uncompressed , said disk drive having a drive letter assigned by an operating system , said operating system storing with said assigned drive letter a device driver pointer to said disk drive , said method comprising : compressing and decompressing one or more files on said disk drive with a device driver , said compressing and decompressing device driver having a drive letter assigned by said operating system , said operating system storing with said assigned drive letter for said compressing and decompressing device driver a device driver pointer to said compressing and decompressing device driver ;
and swapping said device driver pointer stored with said drive letter assigned to said disk drive and said device driver pointer stored with said drive letter assigned to said compressing and decompressing device driver .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5414850A
CLAIM 1 . A method for maintaining compressed data files on a disk drive in a computer system (computer system) so that a user may access said data files as if they were uncompressed , said disk drive having a drive letter assigned by an operating system , said operating system storing with said assigned drive letter a device driver pointer to said disk drive , said method comprising : compressing and decompressing one or more files on said disk drive with a device driver , said compressing and decompressing device driver having a drive letter assigned by said operating system , said operating system storing with said assigned drive letter for said compressing and decompressing device driver a device driver pointer to said compressing and decompressing device driver ;
and swapping said device driver pointer stored with said drive letter assigned to said disk drive and said device driver pointer stored with said drive letter assigned to said compressing and decompressing device driver .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code and/or a data file (more files, data file) . 		US5414850A
CLAIM 1 . A method for maintaining compressed data file (data file) s on a disk drive in a computer system so that a user may access said data files as if they were uncompressed , said disk drive having a drive letter assigned by an operating system , said operating system storing with said assigned drive letter a device driver pointer to said disk drive , said method comprising : compressing and decompressing one or more files (data file) on said disk drive with a device driver , said compressing and decompressing device driver having a drive letter assigned by said operating system , said operating system storing with said assigned drive letter for said compressing and decompressing device driver a device driver pointer to said compressing and decompressing device driver ;
and swapping said device driver pointer stored with said drive letter assigned to said disk drive and said device driver pointer stored with said drive letter assigned to said compressing and decompressing device driver .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (said first portion) will cause the executable conversion code to be executed when seeking to access the protected data . 		US5414850A
CLAIM 2 . The method of claim 1 wherein said disk drive comprises a first portion referenced directly by said drive letter assigned to said disk drive and a second portion referenced through said compressing and decompressing device driver by said drive letter assigned to said compressing and decompressing device driver , said first portion (processor means) for storing said data files uncompressed and said second portion for storing said data files compressed .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5414850A
CLAIM 1 . A method for maintaining compressed data files on a disk drive in a computer system (computer system) so that a user may access said data files as if they were uncompressed , said disk drive having a drive letter assigned by an operating system , said operating system storing with said assigned drive letter a device driver pointer to said disk drive , said method comprising : compressing and decompressing one or more files on said disk drive with a device driver , said compressing and decompressing device driver having a drive letter assigned by said operating system , said operating system storing with said assigned drive letter for said compressing and decompressing device driver a device driver pointer to said compressing and decompressing device driver ;
and swapping said device driver pointer stored with said drive letter assigned to said disk drive and said device driver pointer stored with said drive letter assigned to said compressing and decompressing device driver .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5414850A
CLAIM 1 . A method for maintaining compressed data files on a disk drive in a computer system (computer system) so that a user may access said data files as if they were uncompressed , said disk drive having a drive letter assigned by an operating system , said operating system storing with said assigned drive letter a device driver pointer to said disk drive , said method comprising : compressing and decompressing one or more files on said disk drive with a device driver , said compressing and decompressing device driver having a drive letter assigned by said operating system , said operating system storing with said assigned drive letter for said compressing and decompressing device driver a device driver pointer to said compressing and decompressing device driver ;
and swapping said device driver pointer stored with said drive letter assigned to said disk drive and said device driver pointer stored with said drive letter assigned to said compressing and decompressing device driver .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5414850A
CLAIM 1 . A method for maintaining compressed data files on a disk drive in a computer system (computer system) so that a user may access said data files as if they were uncompressed , said disk drive having a drive letter assigned by an operating system , said operating system storing with said assigned drive letter a device driver pointer to said disk drive , said method comprising : compressing and decompressing one or more files on said disk drive with a device driver , said compressing and decompressing device driver having a drive letter assigned by said operating system , said operating system storing with said assigned drive letter for said compressing and decompressing device driver a device driver pointer to said compressing and decompressing device driver ;
and swapping said device driver pointer stored with said drive letter assigned to said disk drive and said device driver pointer stored with said drive letter assigned to said compressing and decompressing device driver .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5414850A
CLAIM 1 . A method for maintaining compressed data files on a disk drive in a computer system (computer system) so that a user may access said data files as if they were uncompressed , said disk drive having a drive letter assigned by an operating system , said operating system storing with said assigned drive letter a device driver pointer to said disk drive , said method comprising : compressing and decompressing one or more files on said disk drive with a device driver , said compressing and decompressing device driver having a drive letter assigned by said operating system , said operating system storing with said assigned drive letter for said compressing and decompressing device driver a device driver pointer to said compressing and decompressing device driver ;
and swapping said device driver pointer stored with said drive letter assigned to said disk drive and said device driver pointer stored with said drive letter assigned to said compressing and decompressing device driver .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		JPH0520197A

Filed: 1991-07-09     Issued: 1993-01-29

記憶管理システム及びマイクロプロセツサ

(Original Assignee) Hitachi Ltd; 株式会社日立製作所     

Katsuaki Takagi, 克明 高木
US7162735B2
CLAIM 1 . Computer software (ハードウェア, プロセッサ) operable to provide protection for a second item of computer software (ハードウェア, プロセッサ) , the protection software (ハードウェア, プロセッサ) comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		JPH0520197A
CLAIM 1 【請求項1】 仮想記憶としての論理空間に対応する論 理アドレスを生成するマイクロプロセッサ (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) と、 論理空間に対応する物理空間としての物理空間と、 論理空間の論理アドレスを物理空間の実アドレスに変換 する情報を保持するための論理空間管理テーブルと、 論理空間管理テーブルが保有する情報を利用して論理ア ドレスを実アドレスに変換するための論理空間管理手段 と、 複数領域の集合として把握される物理空間の夫々の領域 の属性情報を当該物理空間の領域と対応づけて保持する ために前記マイクロプロセッサの外部に配置された物理 空間管理テーブルと、 この物理空間管理テーブルから属性情報を取得して管理 するために前記マイクロプロセッサに設けられた物理空 間管理手段と、 を有して成る記憶管理システム。

JPH0520197A
CLAIM 3 【請求項3】 前記属性情報は、物理空間に割り当てら れるハードウェア (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) との間でデータ転送を行うために必要 なバスのサイズを指定するためのバスサイズ情報を含む ものである請求項2記載の記憶管理システム。
US7162735B2
CLAIM 2 . A computer memory device (ハードウェア, プロセッサ) containing computer software (ハードウェア, プロセッサ) in accordance with claim 1 . 		JPH0520197A
CLAIM 1 【請求項1】 仮想記憶としての論理空間に対応する論 理アドレスを生成するマイクロプロセッサ (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) と、 論理空間に対応する物理空間としての物理空間と、 論理空間の論理アドレスを物理空間の実アドレスに変換 する情報を保持するための論理空間管理テーブルと、 論理空間管理テーブルが保有する情報を利用して論理ア ドレスを実アドレスに変換するための論理空間管理手段 と、 複数領域の集合として把握される物理空間の夫々の領域 の属性情報を当該物理空間の領域と対応づけて保持する ために前記マイクロプロセッサの外部に配置された物理 空間管理テーブルと、 この物理空間管理テーブルから属性情報を取得して管理 するために前記マイクロプロセッサに設けられた物理空 間管理手段と、 を有して成る記憶管理システム。

JPH0520197A
CLAIM 3 【請求項3】 前記属性情報は、物理空間に割り当てら れるハードウェア (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) との間でデータ転送を行うために必要 なバスのサイズを指定するためのバスサイズ情報を含む ものである請求項2記載の記憶管理システム。
US7162735B2
CLAIM 3 . A computer system containing an item of computer software (ハードウェア, プロセッサ) protected by means of computer software in accordance with claim 1 . 		JPH0520197A
CLAIM 1 【請求項1】 仮想記憶としての論理空間に対応する論 理アドレスを生成するマイクロプロセッサ (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) と、 論理空間に対応する物理空間としての物理空間と、 論理空間の論理アドレスを物理空間の実アドレスに変換 する情報を保持するための論理空間管理テーブルと、 論理空間管理テーブルが保有する情報を利用して論理ア ドレスを実アドレスに変換するための論理空間管理手段 と、 複数領域の集合として把握される物理空間の夫々の領域 の属性情報を当該物理空間の領域と対応づけて保持する ために前記マイクロプロセッサの外部に配置された物理 空間管理テーブルと、 この物理空間管理テーブルから属性情報を取得して管理 するために前記マイクロプロセッサに設けられた物理空 間管理手段と、 を有して成る記憶管理システム。

JPH0520197A
CLAIM 3 【請求項3】 前記属性情報は、物理空間に割り当てら れるハードウェア (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) との間でデータ転送を行うために必要 なバスのサイズを指定するためのバスサイズ情報を含む ものである請求項2記載の記憶管理システム。
US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions (ハードウェア, プロセッサ) to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		JPH0520197A
CLAIM 1 【請求項1】 仮想記憶としての論理空間に対応する論 理アドレスを生成するマイクロプロセッサ (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) と、 論理空間に対応する物理空間としての物理空間と、 論理空間の論理アドレスを物理空間の実アドレスに変換 する情報を保持するための論理空間管理テーブルと、 論理空間管理テーブルが保有する情報を利用して論理ア ドレスを実アドレスに変換するための論理空間管理手段 と、 複数領域の集合として把握される物理空間の夫々の領域 の属性情報を当該物理空間の領域と対応づけて保持する ために前記マイクロプロセッサの外部に配置された物理 空間管理テーブルと、 この物理空間管理テーブルから属性情報を取得して管理 するために前記マイクロプロセッサに設けられた物理空 間管理手段と、 を有して成る記憶管理システム。

JPH0520197A
CLAIM 3 【請求項3】 前記属性情報は、物理空間に割り当てら れるハードウェア (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) との間でデータ転送を行うために必要 なバスのサイズを指定するためのバスサイズ情報を含む ものである請求項2記載の記憶管理システム。
US7162735B2
CLAIM 6 . A data carrier containing software (ハードウェア, プロセッサ) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		JPH0520197A
CLAIM 1 【請求項1】 仮想記憶としての論理空間に対応する論 理アドレスを生成するマイクロプロセッサ (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) と、 論理空間に対応する物理空間としての物理空間と、 論理空間の論理アドレスを物理空間の実アドレスに変換 する情報を保持するための論理空間管理テーブルと、 論理空間管理テーブルが保有する情報を利用して論理ア ドレスを実アドレスに変換するための論理空間管理手段 と、 複数領域の集合として把握される物理空間の夫々の領域 の属性情報を当該物理空間の領域と対応づけて保持する ために前記マイクロプロセッサの外部に配置された物理 空間管理テーブルと、 この物理空間管理テーブルから属性情報を取得して管理 するために前記マイクロプロセッサに設けられた物理空 間管理手段と、 を有して成る記憶管理システム。

JPH0520197A
CLAIM 3 【請求項3】 前記属性情報は、物理空間に割り当てら れるハードウェア (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) との間でデータ転送を行うために必要 なバスのサイズを指定するためのバスサイズ情報を含む ものである請求項2記載の記憶管理システム。
US7162735B2
CLAIM 7 . Computer software (ハードウェア, プロセッサ) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		JPH0520197A
CLAIM 1 【請求項1】 仮想記憶としての論理空間に対応する論 理アドレスを生成するマイクロプロセッサ (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) と、 論理空間に対応する物理空間としての物理空間と、 論理空間の論理アドレスを物理空間の実アドレスに変換 する情報を保持するための論理空間管理テーブルと、 論理空間管理テーブルが保有する情報を利用して論理ア ドレスを実アドレスに変換するための論理空間管理手段 と、 複数領域の集合として把握される物理空間の夫々の領域 の属性情報を当該物理空間の領域と対応づけて保持する ために前記マイクロプロセッサの外部に配置された物理 空間管理テーブルと、 この物理空間管理テーブルから属性情報を取得して管理 するために前記マイクロプロセッサに設けられた物理空 間管理手段と、 を有して成る記憶管理システム。

JPH0520197A
CLAIM 3 【請求項3】 前記属性情報は、物理空間に割り当てら れるハードウェア (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) との間でデータ転送を行うために必要 なバスのサイズを指定するためのバスサイズ情報を含む ものである請求項2記載の記憶管理システム。
US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (ハードウェア, プロセッサ) for decryption . 		JPH0520197A
CLAIM 1 【請求項1】 仮想記憶としての論理空間に対応する論 理アドレスを生成するマイクロプロセッサ (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) と、 論理空間に対応する物理空間としての物理空間と、 論理空間の論理アドレスを物理空間の実アドレスに変換 する情報を保持するための論理空間管理テーブルと、 論理空間管理テーブルが保有する情報を利用して論理ア ドレスを実アドレスに変換するための論理空間管理手段 と、 複数領域の集合として把握される物理空間の夫々の領域 の属性情報を当該物理空間の領域と対応づけて保持する ために前記マイクロプロセッサの外部に配置された物理 空間管理テーブルと、 この物理空間管理テーブルから属性情報を取得して管理 するために前記マイクロプロセッサに設けられた物理空 間管理手段と、 を有して成る記憶管理システム。

JPH0520197A
CLAIM 3 【請求項3】 前記属性情報は、物理空間に割り当てら れるハードウェア (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) との間でデータ転送を行うために必要 なバスのサイズを指定するためのバスサイズ情報を含む ものである請求項2記載の記憶管理システム。
US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (ハードウェア, プロセッサ) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		JPH0520197A
CLAIM 1 【請求項1】 仮想記憶としての論理空間に対応する論 理アドレスを生成するマイクロプロセッサ (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) と、 論理空間に対応する物理空間としての物理空間と、 論理空間の論理アドレスを物理空間の実アドレスに変換 する情報を保持するための論理空間管理テーブルと、 論理空間管理テーブルが保有する情報を利用して論理ア ドレスを実アドレスに変換するための論理空間管理手段 と、 複数領域の集合として把握される物理空間の夫々の領域 の属性情報を当該物理空間の領域と対応づけて保持する ために前記マイクロプロセッサの外部に配置された物理 空間管理テーブルと、 この物理空間管理テーブルから属性情報を取得して管理 するために前記マイクロプロセッサに設けられた物理空 間管理手段と、 を有して成る記憶管理システム。

JPH0520197A
CLAIM 3 【請求項3】 前記属性情報は、物理空間に割り当てら れるハードウェア (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) との間でデータ転送を行うために必要 なバスのサイズを指定するためのバスサイズ情報を含む ものである請求項2記載の記憶管理システム。
US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (ハードウェア, プロセッサ) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		JPH0520197A
CLAIM 1 【請求項1】 仮想記憶としての論理空間に対応する論 理アドレスを生成するマイクロプロセッサ (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) と、 論理空間に対応する物理空間としての物理空間と、 論理空間の論理アドレスを物理空間の実アドレスに変換 する情報を保持するための論理空間管理テーブルと、 論理空間管理テーブルが保有する情報を利用して論理ア ドレスを実アドレスに変換するための論理空間管理手段 と、 複数領域の集合として把握される物理空間の夫々の領域 の属性情報を当該物理空間の領域と対応づけて保持する ために前記マイクロプロセッサの外部に配置された物理 空間管理テーブルと、 この物理空間管理テーブルから属性情報を取得して管理 するために前記マイクロプロセッサに設けられた物理空 間管理手段と、 を有して成る記憶管理システム。

JPH0520197A
CLAIM 3 【請求項3】 前記属性情報は、物理空間に割り当てら れるハードウェア (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) との間でデータ転送を行うために必要 なバスのサイズを指定するためのバスサイズ情報を含む ものである請求項2記載の記憶管理システム。
US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (ハードウェア, プロセッサ) . 		JPH0520197A
CLAIM 1 【請求項1】 仮想記憶としての論理空間に対応する論 理アドレスを生成するマイクロプロセッサ (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) と、 論理空間に対応する物理空間としての物理空間と、 論理空間の論理アドレスを物理空間の実アドレスに変換 する情報を保持するための論理空間管理テーブルと、 論理空間管理テーブルが保有する情報を利用して論理ア ドレスを実アドレスに変換するための論理空間管理手段 と、 複数領域の集合として把握される物理空間の夫々の領域 の属性情報を当該物理空間の領域と対応づけて保持する ために前記マイクロプロセッサの外部に配置された物理 空間管理テーブルと、 この物理空間管理テーブルから属性情報を取得して管理 するために前記マイクロプロセッサに設けられた物理空 間管理手段と、 を有して成る記憶管理システム。

JPH0520197A
CLAIM 3 【請求項3】 前記属性情報は、物理空間に割り当てら れるハードウェア (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) との間でデータ転送を行うために必要 なバスのサイズを指定するためのバスサイズ情報を含む ものである請求項2記載の記憶管理システム。
US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions (ハードウェア, プロセッサ) and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		JPH0520197A
CLAIM 1 【請求項1】 仮想記憶としての論理空間に対応する論 理アドレスを生成するマイクロプロセッサ (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) と、 論理空間に対応する物理空間としての物理空間と、 論理空間の論理アドレスを物理空間の実アドレスに変換 する情報を保持するための論理空間管理テーブルと、 論理空間管理テーブルが保有する情報を利用して論理ア ドレスを実アドレスに変換するための論理空間管理手段 と、 複数領域の集合として把握される物理空間の夫々の領域 の属性情報を当該物理空間の領域と対応づけて保持する ために前記マイクロプロセッサの外部に配置された物理 空間管理テーブルと、 この物理空間管理テーブルから属性情報を取得して管理 するために前記マイクロプロセッサに設けられた物理空 間管理手段と、 を有して成る記憶管理システム。

JPH0520197A
CLAIM 3 【請求項3】 前記属性情報は、物理空間に割り当てら れるハードウェア (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) との間でデータ転送を行うために必要 なバスのサイズを指定するためのバスサイズ情報を含む ものである請求項2記載の記憶管理システム。
US7162735B2
CLAIM 28 . A data carrier containing software (ハードウェア, プロセッサ) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 18 . 		JPH0520197A
CLAIM 1 【請求項1】 仮想記憶としての論理空間に対応する論 理アドレスを生成するマイクロプロセッサ (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) と、 論理空間に対応する物理空間としての物理空間と、 論理空間の論理アドレスを物理空間の実アドレスに変換 する情報を保持するための論理空間管理テーブルと、 論理空間管理テーブルが保有する情報を利用して論理ア ドレスを実アドレスに変換するための論理空間管理手段 と、 複数領域の集合として把握される物理空間の夫々の領域 の属性情報を当該物理空間の領域と対応づけて保持する ために前記マイクロプロセッサの外部に配置された物理 空間管理テーブルと、 この物理空間管理テーブルから属性情報を取得して管理 するために前記マイクロプロセッサに設けられた物理空 間管理手段と、 を有して成る記憶管理システム。

JPH0520197A
CLAIM 3 【請求項3】 前記属性情報は、物理空間に割り当てら れるハードウェア (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) との間でデータ転送を行うために必要 なバスのサイズを指定するためのバスサイズ情報を含む ものである請求項2記載の記憶管理システム。
US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order (システム) to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		JPH0520197A
CLAIM 1 【請求項1】 仮想記憶としての論理空間に対応する論 理アドレスを生成するマイクロプロセッサと、 論理空間に対応する物理空間としての物理空間と、 論理空間の論理アドレスを物理空間の実アドレスに変換 する情報を保持するための論理空間管理テーブルと、 論理空間管理テーブルが保有する情報を利用して論理ア ドレスを実アドレスに変換するための論理空間管理手段 と、 複数領域の集合として把握される物理空間の夫々の領域 の属性情報を当該物理空間の領域と対応づけて保持する ために前記マイクロプロセッサの外部に配置された物理 空間管理テーブルと、 この物理空間管理テーブルから属性情報を取得して管理 するために前記マイクロプロセッサに設けられた物理空 間管理手段と、 を有して成る記憶管理システム (one order)

US7162735B2
CLAIM 30 . A data carrier containing software (ハードウェア, プロセッサ) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 29 . 		JPH0520197A
CLAIM 1 【請求項1】 仮想記憶としての論理空間に対応する論 理アドレスを生成するマイクロプロセッサ (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) と、 論理空間に対応する物理空間としての物理空間と、 論理空間の論理アドレスを物理空間の実アドレスに変換 する情報を保持するための論理空間管理テーブルと、 論理空間管理テーブルが保有する情報を利用して論理ア ドレスを実アドレスに変換するための論理空間管理手段 と、 複数領域の集合として把握される物理空間の夫々の領域 の属性情報を当該物理空間の領域と対応づけて保持する ために前記マイクロプロセッサの外部に配置された物理 空間管理テーブルと、 この物理空間管理テーブルから属性情報を取得して管理 するために前記マイクロプロセッサに設けられた物理空 間管理手段と、 を有して成る記憶管理システム。

JPH0520197A
CLAIM 3 【請求項3】 前記属性情報は、物理空間に割り当てら れるハードウェア (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) との間でデータ転送を行うために必要 なバスのサイズを指定するためのバスサイズ情報を含む ものである請求項2記載の記憶管理システム。
US7162735B2
CLAIM 37 . A data carrier containing software (ハードウェア, プロセッサ) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 34 . 		JPH0520197A
CLAIM 1 【請求項1】 仮想記憶としての論理空間に対応する論 理アドレスを生成するマイクロプロセッサ (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) と、 論理空間に対応する物理空間としての物理空間と、 論理空間の論理アドレスを物理空間の実アドレスに変換 する情報を保持するための論理空間管理テーブルと、 論理空間管理テーブルが保有する情報を利用して論理ア ドレスを実アドレスに変換するための論理空間管理手段 と、 複数領域の集合として把握される物理空間の夫々の領域 の属性情報を当該物理空間の領域と対応づけて保持する ために前記マイクロプロセッサの外部に配置された物理 空間管理テーブルと、 この物理空間管理テーブルから属性情報を取得して管理 するために前記マイクロプロセッサに設けられた物理空 間管理手段と、 を有して成る記憶管理システム。

JPH0520197A
CLAIM 3 【請求項3】 前記属性情報は、物理空間に割り当てら れるハードウェア (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) との間でデータ転送を行うために必要 なバスのサイズを指定するためのバスサイズ情報を含む ものである請求項2記載の記憶管理システム。
US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions (ハードウェア, プロセッサ) to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		JPH0520197A
CLAIM 1 【請求項1】 仮想記憶としての論理空間に対応する論 理アドレスを生成するマイクロプロセッサ (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) と、 論理空間に対応する物理空間としての物理空間と、 論理空間の論理アドレスを物理空間の実アドレスに変換 する情報を保持するための論理空間管理テーブルと、 論理空間管理テーブルが保有する情報を利用して論理ア ドレスを実アドレスに変換するための論理空間管理手段 と、 複数領域の集合として把握される物理空間の夫々の領域 の属性情報を当該物理空間の領域と対応づけて保持する ために前記マイクロプロセッサの外部に配置された物理 空間管理テーブルと、 この物理空間管理テーブルから属性情報を取得して管理 するために前記マイクロプロセッサに設けられた物理空 間管理手段と、 を有して成る記憶管理システム。

JPH0520197A
CLAIM 3 【請求項3】 前記属性情報は、物理空間に割り当てら れるハードウェア (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) との間でデータ転送を行うために必要 なバスのサイズを指定するためのバスサイズ情報を含む ものである請求項2記載の記憶管理システム。
US7162735B2
CLAIM 40 . A data carrier containing software (ハードウェア, プロセッサ) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 38 . 		JPH0520197A
CLAIM 1 【請求項1】 仮想記憶としての論理空間に対応する論 理アドレスを生成するマイクロプロセッサ (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) と、 論理空間に対応する物理空間としての物理空間と、 論理空間の論理アドレスを物理空間の実アドレスに変換 する情報を保持するための論理空間管理テーブルと、 論理空間管理テーブルが保有する情報を利用して論理ア ドレスを実アドレスに変換するための論理空間管理手段 と、 複数領域の集合として把握される物理空間の夫々の領域 の属性情報を当該物理空間の領域と対応づけて保持する ために前記マイクロプロセッサの外部に配置された物理 空間管理テーブルと、 この物理空間管理テーブルから属性情報を取得して管理 するために前記マイクロプロセッサに設けられた物理空 間管理手段と、 を有して成る記憶管理システム。

JPH0520197A
CLAIM 3 【請求項3】 前記属性情報は、物理空間に割り当てら れるハードウェア (Computer software, computer software, protection software, Computer software operable to provide protection, computer memory device containing computer software, data carrier containing software, executable instructions, computer memory device, call instructions, decryption instructions) との間でデータ転送を行うために必要 なバスのサイズを指定するためのバスサイズ情報を含む ものである請求項2記載の記憶管理システム。



US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5182770A

Filed: 1991-04-19     Issued: 1993-01-26

System and apparatus for protecting computer software

(Original Assignee) Geza Medveczky; Kelvin Lunsford     (Current Assignee) Nationsbank of Texas NA

Geza Medveczky, Kelvin Lunsford
US7162735B2
CLAIM 1 . Computer software (computer program) operable to provide protection for a second item of computer software (application programs, dedicated processor) , the protection software comprising security means (processor means, key system) operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5182770A
CLAIM 3 . The system of claim 1 , wherein the encryption algorithm is a public key system (processor means, security means) , based on large prime numbers .

US5182770A
CLAIM 7 . A method for preventing unauthorized access to select computer program (Computer software) s for use on a computer installation , comprising the steps of : a) incorporating into said computer program a validation password module ;
b) incorporating into said computer installation a security device ;
c) incorporating into said computer installation a device verification module ;
d) receiving an entered password ;
e) extracting a program identification code from said validation password module ;
f) extracting an installation identification code from said security device ;
and f) confirming said entered password by comparing said password to a value representing said program identification code and said installation identification code .

US5182770A
CLAIM 10 . The method of claim 9 , wherein the encryption/decryption algorithms are asymmetrical , placing the majority of calculation burden on the less used , dedicated processor (computer software) of the security device .

US5182770A
CLAIM 11 . In combination in a data processing system for the prevention of unauthorized access to select application programs (computer software) , said system comprises : means for receiving and decrypting an unconfirmed password in digital form ;
means for recalling from said data processing system a program identification code associated with an application program stored in said data processing system ;
security device means for storing an installation identification code identifying an installation for operating said application program ;
means for communicating with said security device means and retrieving said installation identification code ;
means for comparing said unconfirmed password with a value characterized by said program identification code and installation identification code and confirming said password if a match occurs .

US5182770A
CLAIM 14 . The system of claim 13 , wherein said security device includes processor means (processor means, security means) to store said session key and set a session counter .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (application programs, dedicated processor) in accordance with claim 1 . 		US5182770A
CLAIM 10 . The method of claim 9 , wherein the encryption/decryption algorithms are asymmetrical , placing the majority of calculation burden on the less used , dedicated processor (computer software) of the security device .

US5182770A
CLAIM 11 . In combination in a data processing system for the prevention of unauthorized access to select application programs (computer software) , said system comprises : means for receiving and decrypting an unconfirmed password in digital form ;
means for recalling from said data processing system a program identification code associated with an application program stored in said data processing system ;
security device means for storing an installation identification code identifying an installation for operating said application program ;
means for communicating with said security device means and retrieving said installation identification code ;
means for comparing said unconfirmed password with a value characterized by said program identification code and installation identification code and confirming said password if a match occurs .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (application programs, dedicated processor) protected by means of computer software in accordance with claim 1 . 		US5182770A
CLAIM 10 . The method of claim 9 , wherein the encryption/decryption algorithms are asymmetrical , placing the majority of calculation burden on the less used , dedicated processor (computer software) of the security device .

US5182770A
CLAIM 11 . In combination in a data processing system for the prevention of unauthorized access to select application programs (computer software) , said system comprises : means for receiving and decrypting an unconfirmed password in digital form ;
means for recalling from said data processing system a program identification code associated with an application program stored in said data processing system ;
security device means for storing an installation identification code identifying an installation for operating said application program ;
means for communicating with said security device means and retrieving said installation identification code ;
means for comparing said unconfirmed password with a value characterized by said program identification code and installation identification code and confirming said password if a match occurs .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (unauthorized access, public key) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5182770A
CLAIM 1 . In a data processor , an integrated system for the prevention of unauthorized access (security code) to select programming , said integrated system comprising : a) means for non-volatile storage of application control parameters including a decryption value and a program identification code ;
b) means for receiving an unconfirmed system identification code in an encrypted form , wherein said unconfirmed system identification code corresponds to an unconfirmed program identification code and an unconfirmed installation identification code ;
c) means for decrypting and storing said encrypted unconfirmed system identification code ;
d) means for storing an installation identification code including logic control means and code transformation means connected to a peripheral port of said data processor ;
e) means for accessing said stored installation identification code in encrypted form and decrypting said stored installation identification code ;
and f) means for confirming whether the unconfirmed system identification code conforms with the stored installation identification code and the stored program identification code .

US5182770A
CLAIM 3 . The system of claim 1 , wherein the encryption algorithm is a public key (security code) system , based on large prime numbers .

US7162735B2
CLAIM 6 . A data carrier (n value) containing software which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5182770A
CLAIM 1 . In a data processor , an integrated system for the prevention of unauthorized access to select programming , said integrated system comprising : a) means for non-volatile storage of application control parameters including a decryption value (data carrier) and a program identification code ;
b) means for receiving an unconfirmed system identification code in an encrypted form , wherein said unconfirmed system identification code corresponds to an unconfirmed program identification code and an unconfirmed installation identification code ;
c) means for decrypting and storing said encrypted unconfirmed system identification code ;
d) means for storing an installation identification code including logic control means and code transformation means connected to a peripheral port of said data processor ;
e) means for accessing said stored installation identification code in encrypted form and decrypting said stored installation identification code ;
and f) means for confirming whether the unconfirmed system identification code conforms with the stored installation identification code and the stored program identification code .

US7162735B2
CLAIM 7 . Computer software (computer program) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5182770A
CLAIM 7 . A method for preventing unauthorized access to select computer program (Computer software) s for use on a computer installation , comprising the steps of : a) incorporating into said computer program a validation password module ;
b) incorporating into said computer installation a security device ;
c) incorporating into said computer installation a device verification module ;
d) receiving an entered password ;
e) extracting a program identification code from said validation password module ;
f) extracting an installation identification code from said security device ;
and f) confirming said entered password by comparing said password to a value representing said program identification code and said installation identification code .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (unauthorized access, public key) , when executed , is operable to detect corruption of the protected code . 		US5182770A
CLAIM 1 . In a data processor , an integrated system for the prevention of unauthorized access (security code) to select programming , said integrated system comprising : a) means for non-volatile storage of application control parameters including a decryption value and a program identification code ;
b) means for receiving an unconfirmed system identification code in an encrypted form , wherein said unconfirmed system identification code corresponds to an unconfirmed program identification code and an unconfirmed installation identification code ;
c) means for decrypting and storing said encrypted unconfirmed system identification code ;
d) means for storing an installation identification code including logic control means and code transformation means connected to a peripheral port of said data processor ;
e) means for accessing said stored installation identification code in encrypted form and decrypting said stored installation identification code ;
and f) means for confirming whether the unconfirmed system identification code conforms with the stored installation identification code and the stored program identification code .

US5182770A
CLAIM 3 . The system of claim 1 , wherein the encryption algorithm is a public key (security code) system , based on large prime numbers .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (unauthorized access, public key) is operable to delete the protected code in the event that any corruption is detected . 		US5182770A
CLAIM 1 . In a data processor , an integrated system for the prevention of unauthorized access (security code) to select programming , said integrated system comprising : a) means for non-volatile storage of application control parameters including a decryption value and a program identification code ;
b) means for receiving an unconfirmed system identification code in an encrypted form , wherein said unconfirmed system identification code corresponds to an unconfirmed program identification code and an unconfirmed installation identification code ;
c) means for decrypting and storing said encrypted unconfirmed system identification code ;
d) means for storing an installation identification code including logic control means and code transformation means connected to a peripheral port of said data processor ;
e) means for accessing said stored installation identification code in encrypted form and decrypting said stored installation identification code ;
and f) means for confirming whether the unconfirmed system identification code conforms with the stored installation identification code and the stored program identification code .

US5182770A
CLAIM 3 . The system of claim 1 , wherein the encryption algorithm is a public key (security code) system , based on large prime numbers .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (unauthorized access, public key) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US5182770A
CLAIM 1 . In a data processor , an integrated system for the prevention of unauthorized access (security code) to select programming , said integrated system comprising : a) means for non-volatile storage of application control parameters including a decryption value and a program identification code ;
b) means for receiving an unconfirmed system identification code in an encrypted form , wherein said unconfirmed system identification code corresponds to an unconfirmed program identification code and an unconfirmed installation identification code ;
c) means for decrypting and storing said encrypted unconfirmed system identification code ;
d) means for storing an installation identification code including logic control means and code transformation means connected to a peripheral port of said data processor ;
e) means for accessing said stored installation identification code in encrypted form and decrypting said stored installation identification code ;
and f) means for confirming whether the unconfirmed system identification code conforms with the stored installation identification code and the stored program identification code .

US5182770A
CLAIM 3 . The system of claim 1 , wherein the encryption algorithm is a public key (security code) system , based on large prime numbers .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (unauthorized access, public key) is embedded within the protected code . 		US5182770A
CLAIM 1 . In a data processor , an integrated system for the prevention of unauthorized access (security code) to select programming , said integrated system comprising : a) means for non-volatile storage of application control parameters including a decryption value and a program identification code ;
b) means for receiving an unconfirmed system identification code in an encrypted form , wherein said unconfirmed system identification code corresponds to an unconfirmed program identification code and an unconfirmed installation identification code ;
c) means for decrypting and storing said encrypted unconfirmed system identification code ;
d) means for storing an installation identification code including logic control means and code transformation means connected to a peripheral port of said data processor ;
e) means for accessing said stored installation identification code in encrypted form and decrypting said stored installation identification code ;
and f) means for confirming whether the unconfirmed system identification code conforms with the stored installation identification code and the stored program identification code .

US5182770A
CLAIM 3 . The system of claim 1 , wherein the encryption algorithm is a public key (security code) system , based on large prime numbers .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (unauthorized access, public key) is embedded at locations which are unused by the protected code . 		US5182770A
CLAIM 1 . In a data processor , an integrated system for the prevention of unauthorized access (security code) to select programming , said integrated system comprising : a) means for non-volatile storage of application control parameters including a decryption value and a program identification code ;
b) means for receiving an unconfirmed system identification code in an encrypted form , wherein said unconfirmed system identification code corresponds to an unconfirmed program identification code and an unconfirmed installation identification code ;
c) means for decrypting and storing said encrypted unconfirmed system identification code ;
d) means for storing an installation identification code including logic control means and code transformation means connected to a peripheral port of said data processor ;
e) means for accessing said stored installation identification code in encrypted form and decrypting said stored installation identification code ;
and f) means for confirming whether the unconfirmed system identification code conforms with the stored installation identification code and the stored program identification code .

US5182770A
CLAIM 3 . The system of claim 1 , wherein the encryption algorithm is a public key (security code) system , based on large prime numbers .

US7162735B2
CLAIM 13 . The arrangement of claim 12 , wherein at least one embedding location is identified when the protected code is executed , the security means (processor means, key system) is written to the embedding location . 		US5182770A
CLAIM 3 . The system of claim 1 , wherein the encryption algorithm is a public key system (processor means, security means) , based on large prime numbers .

US5182770A
CLAIM 14 . The system of claim 13 , wherein said security device includes processor means (processor means, security means) to store said session key and set a session counter .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (unauthorized access, public key) and to modify the call instruction to refer to the new location . 		US5182770A
CLAIM 1 . In a data processor , an integrated system for the prevention of unauthorized access (security code) to select programming , said integrated system comprising : a) means for non-volatile storage of application control parameters including a decryption value and a program identification code ;
b) means for receiving an unconfirmed system identification code in an encrypted form , wherein said unconfirmed system identification code corresponds to an unconfirmed program identification code and an unconfirmed installation identification code ;
c) means for decrypting and storing said encrypted unconfirmed system identification code ;
d) means for storing an installation identification code including logic control means and code transformation means connected to a peripheral port of said data processor ;
e) means for accessing said stored installation identification code in encrypted form and decrypting said stored installation identification code ;
and f) means for confirming whether the unconfirmed system identification code conforms with the stored installation identification code and the stored program identification code .

US5182770A
CLAIM 3 . The system of claim 1 , wherein the encryption algorithm is a public key (security code) system , based on large prime numbers .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (processor means, key system) will cause the executable conversion code to be executed when seeking to access the protected data . 		US5182770A
CLAIM 3 . The system of claim 1 , wherein the encryption algorithm is a public key system (processor means, security means) , based on large prime numbers .

US5182770A
CLAIM 14 . The system of claim 13 , wherein said security device includes processor means (processor means, security means) to store said session key and set a session counter .

US7162735B2
CLAIM 28 . A data carrier (n value) containing software which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5182770A
CLAIM 1 . In a data processor , an integrated system for the prevention of unauthorized access to select programming , said integrated system comprising : a) means for non-volatile storage of application control parameters including a decryption value (data carrier) and a program identification code ;
b) means for receiving an unconfirmed system identification code in an encrypted form , wherein said unconfirmed system identification code corresponds to an unconfirmed program identification code and an unconfirmed installation identification code ;
c) means for decrypting and storing said encrypted unconfirmed system identification code ;
d) means for storing an installation identification code including logic control means and code transformation means connected to a peripheral port of said data processor ;
e) means for accessing said stored installation identification code in encrypted form and decrypting said stored installation identification code ;
and f) means for confirming whether the unconfirmed system identification code conforms with the stored installation identification code and the stored program identification code .

US7162735B2
CLAIM 30 . A data carrier (n value) containing software which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5182770A
CLAIM 1 . In a data processor , an integrated system for the prevention of unauthorized access to select programming , said integrated system comprising : a) means for non-volatile storage of application control parameters including a decryption value (data carrier) and a program identification code ;
b) means for receiving an unconfirmed system identification code in an encrypted form , wherein said unconfirmed system identification code corresponds to an unconfirmed program identification code and an unconfirmed installation identification code ;
c) means for decrypting and storing said encrypted unconfirmed system identification code ;
d) means for storing an installation identification code including logic control means and code transformation means connected to a peripheral port of said data processor ;
e) means for accessing said stored installation identification code in encrypted form and decrypting said stored installation identification code ;
and f) means for confirming whether the unconfirmed system identification code conforms with the stored installation identification code and the stored program identification code .

US7162735B2
CLAIM 32 . The arrangement of claim 29 , wherein the steps include at least one step which initiates operation of security means (processor means, key system) operable to detect corruption of the protected data . 		US5182770A
CLAIM 3 . The system of claim 1 , wherein the encryption algorithm is a public key system (processor means, security means) , based on large prime numbers .

US5182770A
CLAIM 14 . The system of claim 13 , wherein said security device includes processor means (processor means, security means) to store said session key and set a session counter .

US7162735B2
CLAIM 37 . A data carrier (n value) containing software which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5182770A
CLAIM 1 . In a data processor , an integrated system for the prevention of unauthorized access to select programming , said integrated system comprising : a) means for non-volatile storage of application control parameters including a decryption value (data carrier) and a program identification code ;
b) means for receiving an unconfirmed system identification code in an encrypted form , wherein said unconfirmed system identification code corresponds to an unconfirmed program identification code and an unconfirmed installation identification code ;
c) means for decrypting and storing said encrypted unconfirmed system identification code ;
d) means for storing an installation identification code including logic control means and code transformation means connected to a peripheral port of said data processor ;
e) means for accessing said stored installation identification code in encrypted form and decrypting said stored installation identification code ;
and f) means for confirming whether the unconfirmed system identification code conforms with the stored installation identification code and the stored program identification code .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (unauthorized access, public key) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5182770A
CLAIM 1 . In a data processor , an integrated system for the prevention of unauthorized access (security code) to select programming , said integrated system comprising : a) means for non-volatile storage of application control parameters including a decryption value and a program identification code ;
b) means for receiving an unconfirmed system identification code in an encrypted form , wherein said unconfirmed system identification code corresponds to an unconfirmed program identification code and an unconfirmed installation identification code ;
c) means for decrypting and storing said encrypted unconfirmed system identification code ;
d) means for storing an installation identification code including logic control means and code transformation means connected to a peripheral port of said data processor ;
e) means for accessing said stored installation identification code in encrypted form and decrypting said stored installation identification code ;
and f) means for confirming whether the unconfirmed system identification code conforms with the stored installation identification code and the stored program identification code .

US5182770A
CLAIM 3 . The system of claim 1 , wherein the encryption algorithm is a public key (security code) system , based on large prime numbers .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (unauthorized access, public key) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5182770A
CLAIM 1 . In a data processor , an integrated system for the prevention of unauthorized access (security code) to select programming , said integrated system comprising : a) means for non-volatile storage of application control parameters including a decryption value and a program identification code ;
b) means for receiving an unconfirmed system identification code in an encrypted form , wherein said unconfirmed system identification code corresponds to an unconfirmed program identification code and an unconfirmed installation identification code ;
c) means for decrypting and storing said encrypted unconfirmed system identification code ;
d) means for storing an installation identification code including logic control means and code transformation means connected to a peripheral port of said data processor ;
e) means for accessing said stored installation identification code in encrypted form and decrypting said stored installation identification code ;
and f) means for confirming whether the unconfirmed system identification code conforms with the stored installation identification code and the stored program identification code .

US5182770A
CLAIM 3 . The system of claim 1 , wherein the encryption algorithm is a public key (security code) system , based on large prime numbers .

US7162735B2
CLAIM 40 . A data carrier (n value) containing software which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5182770A
CLAIM 1 . In a data processor , an integrated system for the prevention of unauthorized access to select programming , said integrated system comprising : a) means for non-volatile storage of application control parameters including a decryption value (data carrier) and a program identification code ;
b) means for receiving an unconfirmed system identification code in an encrypted form , wherein said unconfirmed system identification code corresponds to an unconfirmed program identification code and an unconfirmed installation identification code ;
c) means for decrypting and storing said encrypted unconfirmed system identification code ;
d) means for storing an installation identification code including logic control means and code transformation means connected to a peripheral port of said data processor ;
e) means for accessing said stored installation identification code in encrypted form and decrypting said stored installation identification code ;
and f) means for confirming whether the unconfirmed system identification code conforms with the stored installation identification code and the stored program identification code .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5222134A

Filed: 1991-04-09     Issued: 1993-06-22

Secure system for activating personal computer software at remote locations

(Original Assignee) Tau Systems Corp     (Current Assignee) BETANET LLC

David P. Waite, Horace G. Riddell
US7162735B2
CLAIM 2 . A computer memory device (electronic data) containing computer software in accordance with claim 1 . 		US5222134A
CLAIM 7 . The method in accordance with claim 1 , wherein said license transaction information and said overlay file are transmitted between said registration shell and said registration program through an electronic data (computer memory device, computer system) link .

US7162735B2
CLAIM 3 . A computer system (electronic data) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US5222134A
CLAIM 7 . The method in accordance with claim 1 , wherein said license transaction information and said overlay file are transmitted between said registration shell and said registration program through an electronic data (computer memory device, computer system) link .

US7162735B2
CLAIM 5 . A computer system (electronic data) comprising memory means containing a digital protection arrangement according to claim 4 . 		US5222134A
CLAIM 7 . The method in accordance with claim 1 , wherein said license transaction information and said overlay file are transmitted between said registration shell and said registration program through an electronic data (computer memory device, computer system) link .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (electronic data) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5222134A
CLAIM 7 . The method in accordance with claim 1 , wherein said license transaction information and said overlay file are transmitted between said registration shell and said registration program through an electronic data (computer memory device, computer system) link .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (electronic data) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5222134A
CLAIM 7 . The method in accordance with claim 1 , wherein said license transaction information and said overlay file are transmitted between said registration shell and said registration program through an electronic data (computer memory device, computer system) link .

US7162735B2
CLAIM 25 . The arrangement of claim 18 , wherein the or each algorithm for converting code is a CRC algorithm (cyclic redundancy check) . 		US5222134A
CLAIM 5 . The method in accordance with claim 4 , wherein said tamperproof overlay file is created by encrypting said tamperproof overlay file with an encryption key , providing a cyclic redundancy check (CRC algorithm) value within said encrypted tamperproof overlay file and providing a decryption key to said tamperproof overlay file , said encryption and decryption keys being uniquely determined by the unique contents of the overlay file .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (electronic data) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5222134A
CLAIM 7 . The method in accordance with claim 1 , wherein said license transaction information and said overlay file are transmitted between said registration shell and said registration program through an electronic data (computer memory device, computer system) link .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (electronic data) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5222134A
CLAIM 7 . The method in accordance with claim 1 , wherein said license transaction information and said overlay file are transmitted between said registration shell and said registration program through an electronic data (computer memory device, computer system) link .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part (control program) of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5222134A
CLAIM 1 . A method of controlling the use of a program file , comprising the steps of : providing a program file including a loader segment and a registration shell portion to a remote computer having a display , said program file containing a first executive control program (first part) representing a limited version of said program file ;
entering license transaction information in said registration shell portion ;
transmitting said license transaction information from said registration shell to a separate registration program provided in a registration computer , said registration program merging license transaction data with a second executive control program representing a complete version of said program file to generate a unique overlay file ;
transmitting said unique overlay file from said registration program to said registration shell , said overlay file containing said second executive control program ;
and installing said overlay file in said main program file , thereby allowing complete operation of said program file only when said license transaction information is included in said overlay file .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (electronic data) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5222134A
CLAIM 7 . The method in accordance with claim 1 , wherein said license transaction information and said overlay file are transmitted between said registration shell and said registration program through an electronic data (computer memory device, computer system) link .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (electronic data) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5222134A
CLAIM 7 . The method in accordance with claim 1 , wherein said license transaction information and said overlay file are transmitted between said registration shell and said registration program through an electronic data (computer memory device, computer system) link .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5148534A

Filed: 1991-04-03     Issued: 1992-09-15

Hardware cartridge representing verifiable, use-once authorization

(Original Assignee) International Business Machines Corp     (Current Assignee) Cisco Technology Inc

Laim D. Comerford
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software (data subsets) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5148534A
CLAIM 1 . A physically secure forgery-resistant authorization device comprising : storage means for retaining stored information comprising first and second data subsets (computer software) , each of said subsets comprising an equal quantum of data , a connector with an output terminal and a select terminal , first means responsive to select information represented at said select terminal and to said storage means for selecting and coupling to said output terminal signals representative of only a portion of said first and second data subsets and for simultaneously destroying that data from said subsets not coupled to said output terminal , wherein said first means further includes means for destroying said selected stored information , said means for destroying operating along with said first means so that after said selected information is output from said output terminal said device no longer retains either said selected or said unselected stored information .

US7162735B2
CLAIM 2 . A computer memory device (storage elements) containing computer software (data subsets) in accordance with claim 1 . 		US5148534A
CLAIM 1 . A physically secure forgery-resistant authorization device comprising : storage means for retaining stored information comprising first and second data subsets (computer software) , each of said subsets comprising an equal quantum of data , a connector with an output terminal and a select terminal , first means responsive to select information represented at said select terminal and to said storage means for selecting and coupling to said output terminal signals representative of only a portion of said first and second data subsets and for simultaneously destroying that data from said subsets not coupled to said output terminal , wherein said first means further includes means for destroying said selected stored information , said means for destroying operating along with said first means so that after said selected information is output from said output terminal said device no longer retains either said selected or said unselected stored information .

US5148534A
CLAIM 8 . The method as recited in claim 5 wherein said first set of said authorization data is stored in first and second distinct storage elements (computer memory device, computer memory device containing computer software) and wherein said step (c) comprises sequentially selecting from corresponding pairs of elementary bits of data from said distinct storage elements , one elementary bit of data for output .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (data subsets) protected by means of computer software in accordance with claim 1 . 		US5148534A
CLAIM 1 . A physically secure forgery-resistant authorization device comprising : storage means for retaining stored information comprising first and second data subsets (computer software) , each of said subsets comprising an equal quantum of data , a connector with an output terminal and a select terminal , first means responsive to select information represented at said select terminal and to said storage means for selecting and coupling to said output terminal signals representative of only a portion of said first and second data subsets and for simultaneously destroying that data from said subsets not coupled to said output terminal , wherein said first means further includes means for destroying said selected stored information , said means for destroying operating along with said first means so that after said selected information is output from said output terminal said device no longer retains either said selected or said unselected stored information .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call (later time) instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5148534A
CLAIM 5 . A method of logically securing an authorization device , for imitation or unauthorized use , said authorization device electronically storing authenticating data for output to an electronic checking device to verify authorization , said method comprising the steps of : a) storing a given quantum of authorization data ;
b) responding to a selection inquiry by destructively reading a first set of aid authorization data ;
c) selecting a subset of said first set of data for output to said checking device in response to a selection signal from said checking device which defines the subset of said first set of data for output , and d) coupling said subset of said first set of data from said authorization device to said checking device , whereby the data passing between said checking device and said authorization device comprises said selection signal and the subset of said first set of data which , taken together is inadequate as a basis to imitate operation of said authorization device at a later time (respective call) .

US7162735B2
CLAIM 5 . A computer system comprising memory (first means) means containing a digital protection (stored information, said selection) arrangement according to claim 4 . 		US5148534A
CLAIM 1 . A physically secure forgery-resistant authorization device comprising : storage means for retaining stored information (digital protection) comprising first and second data subsets , each of said subsets comprising an equal quantum of data , a connector with an output terminal and a select terminal , first means (computer system comprising memory) responsive to select information represented at said select terminal and to said storage means for selecting and coupling to said output terminal signals representative of only a portion of said first and second data subsets and for simultaneously destroying that data from said subsets not coupled to said output terminal , wherein said first means further includes means for destroying said selected stored information , said means for destroying operating along with said first means so that after said selected information is output from said output terminal said device no longer retains either said selected or said unselected stored information .

US5148534A
CLAIM 4 . A physically secure forgery-resistant authorization device comprising : an output device , storage means comprising a random access memory with a plurality of distinct storage locations , for electronically storing information and for generating signals representative of stored information , said storage means storing data in correlated sets , with each set comprising first and second subsets , a connector for coupling said output device to an external device , said connector including a select terminal and an output terminal , said output device including selection means responsive to signals on said select terminal for selecting and coupling , to said output terminal of said connector , signals generated by reading from a selected one of said storage locations in response to said signals on said select terminal , said selection (digital protection) means including address decoder means with an input coupled to said select terminal of said connector for addressing said random access memory and means responsive to addressing any of said distinct storage locations for coupling to said connector output terminal signals representative of information comprising one said subset stored in an addressed one of said distinct storage locations and for erasing information stored in at least a different one of said distinct storage locations comprising a correlated subset , and wherein said connector further includes at least a data input terminal coupled to at least one input of said random access memory .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion (corresponding pairs) key derived from a respective target block . 		US5148534A
CLAIM 8 . The method as recited in claim 5 wherein said first set of said authorization data is stored in first and second distinct storage elements and wherein said step (c) comprises sequentially selecting from corresponding pairs (respective conversion) of elementary bits of data from said distinct storage elements , one elementary bit of data for output .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order (said signals) to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5148534A
CLAIM 4 . A physically secure forgery-resistant authorization device comprising : an output device , storage means comprising a random access memory with a plurality of distinct storage locations , for electronically storing information and for generating signals representative of stored information , said storage means storing data in correlated sets , with each set comprising first and second subsets , a connector for coupling said output device to an external device , said connector including a select terminal and an output terminal , said output device including selection means responsive to signals on said select terminal for selecting and coupling , to said output terminal of said connector , signals generated by reading from a selected one of said storage locations in response to said signals (one order) on said select terminal , said selection means including address decoder means with an input coupled to said select terminal of said connector for addressing said random access memory and means responsive to addressing any of said distinct storage locations for coupling to said connector output terminal signals representative of information comprising one said subset stored in an addressed one of said distinct storage locations and for erasing information stored in at least a different one of said distinct storage locations comprising a correlated subset , and wherein said connector further includes at least a data input terminal coupled to at least one input of said random access memory .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part (said sub) of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5148534A
CLAIM 1 . A physically secure forgery-resistant authorization device comprising : storage means for retaining stored information comprising first and second data subsets , each of said sub (first part) sets comprising an equal quantum of data , a connector with an output terminal and a select terminal , first means responsive to select information represented at said select terminal and to said storage means for selecting and coupling to said output terminal signals representative of only a portion of said first and second data subsets and for simultaneously destroying that data from said subsets not coupled to said output terminal , wherein said first means further includes means for destroying said selected stored information , said means for destroying operating along with said first means so that after said selected information is output from said output terminal said device no longer retains either said selected or said unselected stored information .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5191611A

Filed: 1991-01-18     Issued: 1993-03-02

Method and apparatus for protecting material on storage media and for transferring material on storage media to various recipients

(Original Assignee) Lang Gerald S     (Current Assignee) LANRALD DATA MGMT NV LLC

Gerald S. Lang
US7162735B2
CLAIM 1 . Computer software (one computer) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5191611A
CLAIM 9 . A security system for granting user entities access to materials provided on a storage medium or media , said system comprising : a computer system including at least one computer (Computer software) and means for presenting information ;
a storage medium or media capable of erasable or non-erasable formatting and recording with stored material into a plurality of information storage and retrieval and management control and user entity material logical zones , each of said logical zones provided with particular material therein , said storage medium or media directly provided thereon with an access management control means for indicating which of said user logical zone or zones or any of said storage medium or media the user entity will be allowed to access and perform selective privileged operations of reading , writing , replacing , deleting , modifying and communicating based upon access request information provided to the system by the user , said access management control means provided in each said storage medium or media at a location remote from , and non-contiguous with , said user logical zones ;
means in each said computer system for selectively reading material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media or for selectively creating , modifying or deleting logical zones and selectively reading , writing , replacing , deleting , modifying and communicating the content of material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media ;
a personal accessing device ;
means for providing interface coupling for exchanging information between said personal accessing device and said computer system , said personal accessing device containing a security identification code , to enable said personal accessing device to be in communication with said computer system for transmitting said security identification code to said computer system ;
wherein , said security identification code is compared to or operated upon said access management control means provided on said storage medium or media to determine the particular user logical zone or zones to which the user is allowed access for purposes of selective privileged operations based upon the content and storage requirements of material provided in said user logical zones .

US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US5191611A
CLAIM 9 . A security system for granting user entities access to materials provided on a storage medium or media , said system comprising : a computer system (computer system) including at least one computer and means for presenting information ;
a storage medium or media capable of erasable or non-erasable formatting and recording with stored material into a plurality of information storage and retrieval and management control and user entity material logical zones , each of said logical zones provided with particular material therein , said storage medium or media directly provided thereon with an access management control means for indicating which of said user logical zone or zones or any of said storage medium or media the user entity will be allowed to access and perform selective privileged operations of reading , writing , replacing , deleting , modifying and communicating based upon access request information provided to the system by the user , said access management control means provided in each said storage medium or media at a location remote from , and non-contiguous with , said user logical zones ;
means in each said computer system for selectively reading material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media or for selectively creating , modifying or deleting logical zones and selectively reading , writing , replacing , deleting , modifying and communicating the content of material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media ;
a personal accessing device ;
means for providing interface coupling for exchanging information between said personal accessing device and said computer system , said personal accessing device containing a security identification code , to enable said personal accessing device to be in communication with said computer system for transmitting said security identification code to said computer system ;
wherein , said security identification code is compared to or operated upon said access management control means provided on said storage medium or media to determine the particular user logical zone or zones to which the user is allowed access for purposes of selective privileged operations based upon the content and storage requirements of material provided in said user logical zones .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (user access) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5191611A
CLAIM 14 . A method of granting user access (security code) to , and information management and control over material provided on a storage medium or media , with a means for reading or reading and writing on said storage medium or media connected to a computer system including at least one computer having means for presenting information , said storage medium or media containing one or a plurality of information management control and user material logical zones , comprising the steps of : assigning security identification codes to all users allowed access to the storage medium or media ;
preparing access management control means for indicating to which of said user logical zone or zones a particular user is allowed access and selective privileged operations corresponding to said security identification code or codes , said access management control means provided in a personal accessing device ;
encrypting access management control means and user material and recording said encrypted access management control means and user material directly on the storage medium or media by using any type or combination of types of encryption/decryption methods ;
enabling said personal accessing device by utilizing the user' ;
s correct personal identification code ;
transmitting a starter program stored in said personnel accessing device or in a means for providing interface coupling for exchanging information between said personal accessing device and said computer system or on the storage medium or media to said computer system and fetching search and retrieval programs stored on said storage medium or media to said personal accessing device ;
determining if said search and retrieval programs are encrypted ;
decrypting said search and retrieval programs , if appropriate ;
requesting the directories of the user logical zone or zones to be transmitted from said storage medium or media to said personal accessing device based upon information provided in said secure user management means ;
determining if said requested directories are encrypted ;
decrypting said requested directories if they are encrypted ;
displaying said requested directories on said means for visually presenting information ;
requesting and transmitting to said personal accessing device the user material stored on said storage medium or media in the user' ;
s privileged logical zone or zones based upon said requested directories ;
decrypting said user material in said personal accessing device ;
and transmitting the decrypted material back to the computer for use .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US5191611A
CLAIM 9 . A security system for granting user entities access to materials provided on a storage medium or media , said system comprising : a computer system (computer system) including at least one computer and means for presenting information ;
a storage medium or media capable of erasable or non-erasable formatting and recording with stored material into a plurality of information storage and retrieval and management control and user entity material logical zones , each of said logical zones provided with particular material therein , said storage medium or media directly provided thereon with an access management control means for indicating which of said user logical zone or zones or any of said storage medium or media the user entity will be allowed to access and perform selective privileged operations of reading , writing , replacing , deleting , modifying and communicating based upon access request information provided to the system by the user , said access management control means provided in each said storage medium or media at a location remote from , and non-contiguous with , said user logical zones ;
means in each said computer system for selectively reading material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media or for selectively creating , modifying or deleting logical zones and selectively reading , writing , replacing , deleting , modifying and communicating the content of material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media ;
a personal accessing device ;
means for providing interface coupling for exchanging information between said personal accessing device and said computer system , said personal accessing device containing a security identification code , to enable said personal accessing device to be in communication with said computer system for transmitting said security identification code to said computer system ;
wherein , said security identification code is compared to or operated upon said access management control means provided on said storage medium or media to determine the particular user logical zone or zones to which the user is allowed access for purposes of selective privileged operations based upon the content and storage requirements of material provided in said user logical zones .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5191611A
CLAIM 9 . A security system for granting user entities access to materials provided on a storage medium or media , said system comprising : a computer system (computer system) including at least one computer and means for presenting information ;
a storage medium or media capable of erasable or non-erasable formatting and recording with stored material into a plurality of information storage and retrieval and management control and user entity material logical zones , each of said logical zones provided with particular material therein , said storage medium or media directly provided thereon with an access management control means for indicating which of said user logical zone or zones or any of said storage medium or media the user entity will be allowed to access and perform selective privileged operations of reading , writing , replacing , deleting , modifying and communicating based upon access request information provided to the system by the user , said access management control means provided in each said storage medium or media at a location remote from , and non-contiguous with , said user logical zones ;
means in each said computer system for selectively reading material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media or for selectively creating , modifying or deleting logical zones and selectively reading , writing , replacing , deleting , modifying and communicating the content of material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media ;
a personal accessing device ;
means for providing interface coupling for exchanging information between said personal accessing device and said computer system , said personal accessing device containing a security identification code , to enable said personal accessing device to be in communication with said computer system for transmitting said security identification code to said computer system ;
wherein , said security identification code is compared to or operated upon said access management control means provided on said storage medium or media to determine the particular user logical zone or zones to which the user is allowed access for purposes of selective privileged operations based upon the content and storage requirements of material provided in said user logical zones .

US7162735B2
CLAIM 7 . Computer software (one computer) which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5191611A
CLAIM 9 . A security system for granting user entities access to materials provided on a storage medium or media , said system comprising : a computer system (computer system) including at least one computer (Computer software) and means for presenting information ;
a storage medium or media capable of erasable or non-erasable formatting and recording with stored material into a plurality of information storage and retrieval and management control and user entity material logical zones , each of said logical zones provided with particular material therein , said storage medium or media directly provided thereon with an access management control means for indicating which of said user logical zone or zones or any of said storage medium or media the user entity will be allowed to access and perform selective privileged operations of reading , writing , replacing , deleting , modifying and communicating based upon access request information provided to the system by the user , said access management control means provided in each said storage medium or media at a location remote from , and non-contiguous with , said user logical zones ;
means in each said computer system for selectively reading material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media or for selectively creating , modifying or deleting logical zones and selectively reading , writing , replacing , deleting , modifying and communicating the content of material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media ;
a personal accessing device ;
means for providing interface coupling for exchanging information between said personal accessing device and said computer system , said personal accessing device containing a security identification code , to enable said personal accessing device to be in communication with said computer system for transmitting said security identification code to said computer system ;
wherein , said security identification code is compared to or operated upon said access management control means provided on said storage medium or media to determine the particular user logical zone or zones to which the user is allowed access for purposes of selective privileged operations based upon the content and storage requirements of material provided in said user logical zones .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (user access) , when executed , is operable to detect corruption of the protected code . 		US5191611A
CLAIM 14 . A method of granting user access (security code) to , and information management and control over material provided on a storage medium or media , with a means for reading or reading and writing on said storage medium or media connected to a computer system including at least one computer having means for presenting information , said storage medium or media containing one or a plurality of information management control and user material logical zones , comprising the steps of : assigning security identification codes to all users allowed access to the storage medium or media ;
preparing access management control means for indicating to which of said user logical zone or zones a particular user is allowed access and selective privileged operations corresponding to said security identification code or codes , said access management control means provided in a personal accessing device ;
encrypting access management control means and user material and recording said encrypted access management control means and user material directly on the storage medium or media by using any type or combination of types of encryption/decryption methods ;
enabling said personal accessing device by utilizing the user' ;
s correct personal identification code ;
transmitting a starter program stored in said personnel accessing device or in a means for providing interface coupling for exchanging information between said personal accessing device and said computer system or on the storage medium or media to said computer system and fetching search and retrieval programs stored on said storage medium or media to said personal accessing device ;
determining if said search and retrieval programs are encrypted ;
decrypting said search and retrieval programs , if appropriate ;
requesting the directories of the user logical zone or zones to be transmitted from said storage medium or media to said personal accessing device based upon information provided in said secure user management means ;
determining if said requested directories are encrypted ;
decrypting said requested directories if they are encrypted ;
displaying said requested directories on said means for visually presenting information ;
requesting and transmitting to said personal accessing device the user material stored on said storage medium or media in the user' ;
s privileged logical zone or zones based upon said requested directories ;
decrypting said user material in said personal accessing device ;
and transmitting the decrypted material back to the computer for use .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (user access) is operable to delete the protected code in the event that any corruption is detected . 		US5191611A
CLAIM 14 . A method of granting user access (security code) to , and information management and control over material provided on a storage medium or media , with a means for reading or reading and writing on said storage medium or media connected to a computer system including at least one computer having means for presenting information , said storage medium or media containing one or a plurality of information management control and user material logical zones , comprising the steps of : assigning security identification codes to all users allowed access to the storage medium or media ;
preparing access management control means for indicating to which of said user logical zone or zones a particular user is allowed access and selective privileged operations corresponding to said security identification code or codes , said access management control means provided in a personal accessing device ;
encrypting access management control means and user material and recording said encrypted access management control means and user material directly on the storage medium or media by using any type or combination of types of encryption/decryption methods ;
enabling said personal accessing device by utilizing the user' ;
s correct personal identification code ;
transmitting a starter program stored in said personnel accessing device or in a means for providing interface coupling for exchanging information between said personal accessing device and said computer system or on the storage medium or media to said computer system and fetching search and retrieval programs stored on said storage medium or media to said personal accessing device ;
determining if said search and retrieval programs are encrypted ;
decrypting said search and retrieval programs , if appropriate ;
requesting the directories of the user logical zone or zones to be transmitted from said storage medium or media to said personal accessing device based upon information provided in said secure user management means ;
determining if said requested directories are encrypted ;
decrypting said requested directories if they are encrypted ;
displaying said requested directories on said means for visually presenting information ;
requesting and transmitting to said personal accessing device the user material stored on said storage medium or media in the user' ;
s privileged logical zone or zones based upon said requested directories ;
decrypting said user material in said personal accessing device ;
and transmitting the decrypted material back to the computer for use .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (user access) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US5191611A
CLAIM 14 . A method of granting user access (security code) to , and information management and control over material provided on a storage medium or media , with a means for reading or reading and writing on said storage medium or media connected to a computer system including at least one computer having means for presenting information , said storage medium or media containing one or a plurality of information management control and user material logical zones , comprising the steps of : assigning security identification codes to all users allowed access to the storage medium or media ;
preparing access management control means for indicating to which of said user logical zone or zones a particular user is allowed access and selective privileged operations corresponding to said security identification code or codes , said access management control means provided in a personal accessing device ;
encrypting access management control means and user material and recording said encrypted access management control means and user material directly on the storage medium or media by using any type or combination of types of encryption/decryption methods ;
enabling said personal accessing device by utilizing the user' ;
s correct personal identification code ;
transmitting a starter program stored in said personnel accessing device or in a means for providing interface coupling for exchanging information between said personal accessing device and said computer system or on the storage medium or media to said computer system and fetching search and retrieval programs stored on said storage medium or media to said personal accessing device ;
determining if said search and retrieval programs are encrypted ;
decrypting said search and retrieval programs , if appropriate ;
requesting the directories of the user logical zone or zones to be transmitted from said storage medium or media to said personal accessing device based upon information provided in said secure user management means ;
determining if said requested directories are encrypted ;
decrypting said requested directories if they are encrypted ;
displaying said requested directories on said means for visually presenting information ;
requesting and transmitting to said personal accessing device the user material stored on said storage medium or media in the user' ;
s privileged logical zone or zones based upon said requested directories ;
decrypting said user material in said personal accessing device ;
and transmitting the decrypted material back to the computer for use .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (user access) is embedded within the protected code . 		US5191611A
CLAIM 14 . A method of granting user access (security code) to , and information management and control over material provided on a storage medium or media , with a means for reading or reading and writing on said storage medium or media connected to a computer system including at least one computer having means for presenting information , said storage medium or media containing one or a plurality of information management control and user material logical zones , comprising the steps of : assigning security identification codes to all users allowed access to the storage medium or media ;
preparing access management control means for indicating to which of said user logical zone or zones a particular user is allowed access and selective privileged operations corresponding to said security identification code or codes , said access management control means provided in a personal accessing device ;
encrypting access management control means and user material and recording said encrypted access management control means and user material directly on the storage medium or media by using any type or combination of types of encryption/decryption methods ;
enabling said personal accessing device by utilizing the user' ;
s correct personal identification code ;
transmitting a starter program stored in said personnel accessing device or in a means for providing interface coupling for exchanging information between said personal accessing device and said computer system or on the storage medium or media to said computer system and fetching search and retrieval programs stored on said storage medium or media to said personal accessing device ;
determining if said search and retrieval programs are encrypted ;
decrypting said search and retrieval programs , if appropriate ;
requesting the directories of the user logical zone or zones to be transmitted from said storage medium or media to said personal accessing device based upon information provided in said secure user management means ;
determining if said requested directories are encrypted ;
decrypting said requested directories if they are encrypted ;
displaying said requested directories on said means for visually presenting information ;
requesting and transmitting to said personal accessing device the user material stored on said storage medium or media in the user' ;
s privileged logical zone or zones based upon said requested directories ;
decrypting said user material in said personal accessing device ;
and transmitting the decrypted material back to the computer for use .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (user access) is embedded at locations which are unused by the protected code . 		US5191611A
CLAIM 14 . A method of granting user access (security code) to , and information management and control over material provided on a storage medium or media , with a means for reading or reading and writing on said storage medium or media connected to a computer system including at least one computer having means for presenting information , said storage medium or media containing one or a plurality of information management control and user material logical zones , comprising the steps of : assigning security identification codes to all users allowed access to the storage medium or media ;
preparing access management control means for indicating to which of said user logical zone or zones a particular user is allowed access and selective privileged operations corresponding to said security identification code or codes , said access management control means provided in a personal accessing device ;
encrypting access management control means and user material and recording said encrypted access management control means and user material directly on the storage medium or media by using any type or combination of types of encryption/decryption methods ;
enabling said personal accessing device by utilizing the user' ;
s correct personal identification code ;
transmitting a starter program stored in said personnel accessing device or in a means for providing interface coupling for exchanging information between said personal accessing device and said computer system or on the storage medium or media to said computer system and fetching search and retrieval programs stored on said storage medium or media to said personal accessing device ;
determining if said search and retrieval programs are encrypted ;
decrypting said search and retrieval programs , if appropriate ;
requesting the directories of the user logical zone or zones to be transmitted from said storage medium or media to said personal accessing device based upon information provided in said secure user management means ;
determining if said requested directories are encrypted ;
decrypting said requested directories if they are encrypted ;
displaying said requested directories on said means for visually presenting information ;
requesting and transmitting to said personal accessing device the user material stored on said storage medium or media in the user' ;
s privileged logical zone or zones based upon said requested directories ;
decrypting said user material in said personal accessing device ;
and transmitting the decrypted material back to the computer for use .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (user access) and to modify the call instruction to refer to the new location . 		US5191611A
CLAIM 14 . A method of granting user access (security code) to , and information management and control over material provided on a storage medium or media , with a means for reading or reading and writing on said storage medium or media connected to a computer system including at least one computer having means for presenting information , said storage medium or media containing one or a plurality of information management control and user material logical zones , comprising the steps of : assigning security identification codes to all users allowed access to the storage medium or media ;
preparing access management control means for indicating to which of said user logical zone or zones a particular user is allowed access and selective privileged operations corresponding to said security identification code or codes , said access management control means provided in a personal accessing device ;
encrypting access management control means and user material and recording said encrypted access management control means and user material directly on the storage medium or media by using any type or combination of types of encryption/decryption methods ;
enabling said personal accessing device by utilizing the user' ;
s correct personal identification code ;
transmitting a starter program stored in said personnel accessing device or in a means for providing interface coupling for exchanging information between said personal accessing device and said computer system or on the storage medium or media to said computer system and fetching search and retrieval programs stored on said storage medium or media to said personal accessing device ;
determining if said search and retrieval programs are encrypted ;
decrypting said search and retrieval programs , if appropriate ;
requesting the directories of the user logical zone or zones to be transmitted from said storage medium or media to said personal accessing device based upon information provided in said secure user management means ;
determining if said requested directories are encrypted ;
decrypting said requested directories if they are encrypted ;
displaying said requested directories on said means for visually presenting information ;
requesting and transmitting to said personal accessing device the user material stored on said storage medium or media in the user' ;
s privileged logical zone or zones based upon said requested directories ;
decrypting said user material in said personal accessing device ;
and transmitting the decrypted material back to the computer for use .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5191611A
CLAIM 9 . A security system for granting user entities access to materials provided on a storage medium or media , said system comprising : a computer system (computer system) including at least one computer and means for presenting information ;
a storage medium or media capable of erasable or non-erasable formatting and recording with stored material into a plurality of information storage and retrieval and management control and user entity material logical zones , each of said logical zones provided with particular material therein , said storage medium or media directly provided thereon with an access management control means for indicating which of said user logical zone or zones or any of said storage medium or media the user entity will be allowed to access and perform selective privileged operations of reading , writing , replacing , deleting , modifying and communicating based upon access request information provided to the system by the user , said access management control means provided in each said storage medium or media at a location remote from , and non-contiguous with , said user logical zones ;
means in each said computer system for selectively reading material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media or for selectively creating , modifying or deleting logical zones and selectively reading , writing , replacing , deleting , modifying and communicating the content of material provided in said plurality of logical zones as well as material provided in said access management control means of said storage medium or media ;
a personal accessing device ;
means for providing interface coupling for exchanging information between said personal accessing device and said computer system , said personal accessing device containing a security identification code , to enable said personal accessing device to be in communication with said computer system for transmitting said security identification code to said computer system ;
wherein , said security identification code is compared to or operated upon said access management control means provided on said storage medium or media to determine the particular user logical zone or zones to which the user is allowed access for purposes of selective privileged operations based upon the content and storage requirements of material provided in said user logical zones .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5191611A
CLAIM 25 . The method in accordance with claim 24 wherein only updated material belonging to a particular user' ;
s privileged logical zone or zones is encrypted/decrypted in the user' ;
s said personal accessing device using the user' ;
s encryption/decryption key or keys and then transmitted to the computer system (computer system) for recording in the secure storage medium or media .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5191611A
CLAIM 25 . The method in accordance with claim 24 wherein only updated material belonging to a particular user' ;
s privileged logical zone or zones is encrypted/decrypted in the user' ;
s said personal accessing device using the user' ;
s encryption/decryption key or keys and then transmitted to the computer system (computer system) for recording in the secure storage medium or media .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5191611A
CLAIM 25 . The method in accordance with claim 24 wherein only updated material belonging to a particular user' ;
s privileged logical zone or zones is encrypted/decrypted in the user' ;
s said personal accessing device using the user' ;
s encryption/decryption key or keys and then transmitted to the computer system (computer system) for recording in the secure storage medium or media .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5491804A

Filed: 1991-01-04     Issued: 1996-02-13

Method and apparatus for automatic initialization of pluggable option cards

(Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp

Chester A. Heath, John K. Langgood, Ronald E. Valli
US7162735B2
CLAIM 1 . Computer software (address space) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5491804A
CLAIM 5 . A method for initializing and configuring a computer system having a set of peripheral devices attached thereto via a set of adapter cards , wherein each card in said set of adapter cards has a unique card type ID value associated therewith and means for transmitting said ID value located thereon , said computer system including a plurality of sockets into which each card in said set of adapter cards may be interchangeably plugged , nonvolatile memory means , coupled to said plurality of sockets , for storing said card ID values , together with parameter information signals pertaining to said plurality of sockets and any cards plugged therein , in predefined portions of said nonvolatile memory means , where each of said predefined portions is associated with a particular one of said plurality of sockets and software-adjustable parameter storage means , located on each card and coupled to said nonvolatile memory means via said plurality of sockets , used for configuring said system to support said set of peripheral devices , comprising the steps of : (a) disabling all sockets ;
(b) scanning the I/O address space (Computer software) to determine if a non-compatible feature card is attached to said system ;
(c) sequentially enabling all sockets so long as no non-compatible feature cards are attached to the system ;
(d) sequentially obtaining card ID values , transmitted by said means for transmitting located on each card , for the set of cards plugged into said plurality of sockets ;
(e) comparing each ID value obtained with a set of ID values known to the system and , for each ID value known to the system , creating parameter information signals for the card that transmitted the known ID value ;
(f) signalling the system user whenever a transmitted card ID value is not known to the system (g) receiving user input parameter information signals pertaining to any card having an ID value unknown to the system ;
(h) creating a configuration table from the card ID values obtained and parameter information signals created by the system , together with any parameter information signals received from the user , via steps (d) , (e) and (g) , and storing said configuration table on a diskette ;
(i) storing the parameter information signals and ID values located in said configuration table into said predefined portions of said nonvolatile memory means so that the configuration information for the card attached to a particular socket is stored in the portion of nonvolatile memory associated with said socket ;
and (j) transferring the parameter information signals stored in said nonvolatile memory means pertaining to each socket and attached card , to the said parameter storage means on each card to thereby initialize and configure said system .

US7162735B2
CLAIM 5 . A computer system comprising memory (first means) means containing a digital protection arrangement (system parameter) according to claim 4 . 		US5491804A
CLAIM 1 . A method for operating a computer system to facilitate user transparent establishment of variable system parameter (digital protection arrangement, digital data protection arrangement) s , including addressing for a first configuration of adapter cards attached to said system , wherein each card in said first configuration is of a predetermined card type and has a predefined unique card type ID value associated therewith , and further wherein said system includes a plurality of sockets into which each card in said set of adapter cards may be interchangeable plugged , nonvolatile memory means , coupled to said plurality of sockets , for storing in locations thereof , ID values and parameter information signals pertaining to each of said plurality of sockets and any card plugged into a given socket when the system is powered down , and software-adjustable parameter storage means on each card , coupled to said nonvolatile memory means , utilized in the process of automatically configuring said system on power up to support said first configuration of adapter cards , comprising the steps of : (a) individually addressing each of said sockets ;
(b) determining if a socket is vacant ;
(c) terminating further operations relative to any socket determined to be vacant ;
(d) conditioning each card attached to a socket to transmit its predefined card type ID value ;
(e) determining if said first configuration has changed since the system was last powered down by comparing the transmitted ID value returned by each card attached to any one of said plurality of sockets with the ID value stored in the corresponding memory location in nonvolatile memory for each socket ;
and (f) transferring , so long as said first configuration has not changed , the parameter information signals stored in said nonvolatile memory means pertaining to each socket and attached card , to the aforesaid parameter storage means on each card to thereby automatically configure said system .

US5491804A
CLAIM 38 . A computer system as set forth in claim 37 wherein said first system configuration means further comprises : (a) first means (computer system comprising memory) for sequentially obtaining card ID values , transmitted by said means for transmitting located on each card , from the set of cards plugged into said plurality of sockets ;
(b) means for determining if said first configuration has changed since the system was last powered down by comparing the transmitted ID value obtained from each card attached to any one of said plurality of sockets with the ID value stored in nonvolatile memory for each socket ;
and (c) means for transferring , so long as said first configuration has not changed , the parameter information signals stored in said nonvolatile memory means pertaining to each socket and attached card , to the aforesaid parameter storage means on each card to thereby automatically configure said system .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system , is operable as a digital data protection arrangement (system parameter) in accordance with claim 4 . 		US5491804A
CLAIM 1 . A method for operating a computer system to facilitate user transparent establishment of variable system parameter (digital protection arrangement, digital data protection arrangement) s , including addressing for a first configuration of adapter cards attached to said system , wherein each card in said first configuration is of a predetermined card type and has a predefined unique card type ID value associated therewith , and further wherein said system includes a plurality of sockets into which each card in said set of adapter cards may be interchangeable plugged , nonvolatile memory means , coupled to said plurality of sockets , for storing in locations thereof , ID values and parameter information signals pertaining to each of said plurality of sockets and any card plugged into a given socket when the system is powered down , and software-adjustable parameter storage means on each card , coupled to said nonvolatile memory means , utilized in the process of automatically configuring said system on power up to support said first configuration of adapter cards , comprising the steps of : (a) individually addressing each of said sockets ;
(b) determining if a socket is vacant ;
(c) terminating further operations relative to any socket determined to be vacant ;
(d) conditioning each card attached to a socket to transmit its predefined card type ID value ;
(e) determining if said first configuration has changed since the system was last powered down by comparing the transmitted ID value returned by each card attached to any one of said plurality of sockets with the ID value stored in the corresponding memory location in nonvolatile memory for each socket ;
and (f) transferring , so long as said first configuration has not changed , the parameter information signals stored in said nonvolatile memory means pertaining to each socket and attached card , to the aforesaid parameter storage means on each card to thereby automatically configure said system .

US7162735B2
CLAIM 7 . Computer software (address space) which , when installed on a computer system , is operable as a digital data protection arrangement (system parameter) in accordance with claim 4 . 		US5491804A
CLAIM 1 . A method for operating a computer system to facilitate user transparent establishment of variable system parameter (digital protection arrangement, digital data protection arrangement) s , including addressing for a first configuration of adapter cards attached to said system , wherein each card in said first configuration is of a predetermined card type and has a predefined unique card type ID value associated therewith , and further wherein said system includes a plurality of sockets into which each card in said set of adapter cards may be interchangeable plugged , nonvolatile memory means , coupled to said plurality of sockets , for storing in locations thereof , ID values and parameter information signals pertaining to each of said plurality of sockets and any card plugged into a given socket when the system is powered down , and software-adjustable parameter storage means on each card , coupled to said nonvolatile memory means , utilized in the process of automatically configuring said system on power up to support said first configuration of adapter cards , comprising the steps of : (a) individually addressing each of said sockets ;
(b) determining if a socket is vacant ;
(c) terminating further operations relative to any socket determined to be vacant ;
(d) conditioning each card attached to a socket to transmit its predefined card type ID value ;
(e) determining if said first configuration has changed since the system was last powered down by comparing the transmitted ID value returned by each card attached to any one of said plurality of sockets with the ID value stored in the corresponding memory location in nonvolatile memory for each socket ;
and (f) transferring , so long as said first configuration has not changed , the parameter information signals stored in said nonvolatile memory means pertaining to each socket and attached card , to the aforesaid parameter storage means on each card to thereby automatically configure said system .

US5491804A
CLAIM 5 . A method for initializing and configuring a computer system having a set of peripheral devices attached thereto via a set of adapter cards , wherein each card in said set of adapter cards has a unique card type ID value associated therewith and means for transmitting said ID value located thereon , said computer system including a plurality of sockets into which each card in said set of adapter cards may be interchangeably plugged , nonvolatile memory means , coupled to said plurality of sockets , for storing said card ID values , together with parameter information signals pertaining to said plurality of sockets and any cards plugged therein , in predefined portions of said nonvolatile memory means , where each of said predefined portions is associated with a particular one of said plurality of sockets and software-adjustable parameter storage means , located on each card and coupled to said nonvolatile memory means via said plurality of sockets , used for configuring said system to support said set of peripheral devices , comprising the steps of : (a) disabling all sockets ;
(b) scanning the I/O address space (Computer software) to determine if a non-compatible feature card is attached to said system ;
(c) sequentially enabling all sockets so long as no non-compatible feature cards are attached to the system ;
(d) sequentially obtaining card ID values , transmitted by said means for transmitting located on each card , for the set of cards plugged into said plurality of sockets ;
(e) comparing each ID value obtained with a set of ID values known to the system and , for each ID value known to the system , creating parameter information signals for the card that transmitted the known ID value ;
(f) signalling the system user whenever a transmitted card ID value is not known to the system (g) receiving user input parameter information signals pertaining to any card having an ID value unknown to the system ;
(h) creating a configuration table from the card ID values obtained and parameter information signals created by the system , together with any parameter information signals received from the user , via steps (d) , (e) and (g) , and storing said configuration table on a diskette ;
(i) storing the parameter information signals and ID values located in said configuration table into said predefined portions of said nonvolatile memory means so that the configuration information for the card attached to a particular socket is stored in the portion of nonvolatile memory associated with said socket ;
and (j) transferring the parameter information signals stored in said nonvolatile memory means pertaining to each socket and attached card , to the said parameter storage means on each card to thereby initialize and configure said system .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (source information) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		US5491804A
CLAIM 43 . A device card for a central processing system , the central processing system having an I/O socket for attaching said device card to the central processing system , a bus for electrically connecting said card to the central processing system , a central processor unit , and a nonvolatile memory , the nonvolatile memory including a first identity value associated with said device card , the nonvolatile memory further including corresponding parameter data for said card , the parameter data being representative of variable system resource information (relocation code) to enable said card to operate within the central processing system , said device card comprising : storage means provided on said card for permanently storing a second identity value for indicating a respective card type ;
decoding means for decoding on said card , said decoding means being responsive to a first control signal initiated from the central processing unit for effecting the transfer of the second identity value to the central processing unit , a driver circuit means responsive to said decoding means for transmitting the second identity value to the central processing system , wherein the central processing unit generates a second control signal when the second identity value of said card then connected to the central processing system matches the first identity value stored in the nonvolatile memory , the central processing unit further transferring the parameter data to the bus upon a successful comparison of said identity values ;
card programming means for transferring the parameter data from said bus to said card in response to the second control signal initiated from the central processing unit ;
and parameter storage means provided on said card for storing the parameter data from the central processing unit .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (source information) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US5491804A
CLAIM 43 . A device card for a central processing system , the central processing system having an I/O socket for attaching said device card to the central processing system , a bus for electrically connecting said card to the central processing system , a central processor unit , and a nonvolatile memory , the nonvolatile memory including a first identity value associated with said device card , the nonvolatile memory further including corresponding parameter data for said card , the parameter data being representative of variable system resource information (relocation code) to enable said card to operate within the central processing system , said device card comprising : storage means provided on said card for permanently storing a second identity value for indicating a respective card type ;
decoding means for decoding on said card , said decoding means being responsive to a first control signal initiated from the central processing unit for effecting the transfer of the second identity value to the central processing unit , a driver circuit means responsive to said decoding means for transmitting the second identity value to the central processing system , wherein the central processing unit generates a second control signal when the second identity value of said card then connected to the central processing system matches the first identity value stored in the nonvolatile memory , the central processing unit further transferring the parameter data to the bus upon a successful comparison of said identity values ;
card programming means for transferring the parameter data from said bus to said card in response to the second control signal initiated from the central processing unit ;
and parameter storage means provided on said card for storing the parameter data from the central processing unit .

US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (memory location) for decryption . 		US5491804A
CLAIM 1 . A method for operating a computer system to facilitate user transparent establishment of variable system parameters , including addressing for a first configuration of adapter cards attached to said system , wherein each card in said first configuration is of a predetermined card type and has a predefined unique card type ID value associated therewith , and further wherein said system includes a plurality of sockets into which each card in said set of adapter cards may be interchangeable plugged , nonvolatile memory means , coupled to said plurality of sockets , for storing in locations thereof , ID values and parameter information signals pertaining to each of said plurality of sockets and any card plugged into a given socket when the system is powered down , and software-adjustable parameter storage means on each card , coupled to said nonvolatile memory means , utilized in the process of automatically configuring said system on power up to support said first configuration of adapter cards , comprising the steps of : (a) individually addressing each of said sockets ;
(b) determining if a socket is vacant ;
(c) terminating further operations relative to any socket determined to be vacant ;
(d) conditioning each card attached to a socket to transmit its predefined card type ID value ;
(e) determining if said first configuration has changed since the system was last powered down by comparing the transmitted ID value returned by each card attached to any one of said plurality of sockets with the ID value stored in the corresponding memory location (executable instructions, executable instruction, decryption instructions, memory location) in nonvolatile memory for each socket ;
and (f) transferring , so long as said first configuration has not changed , the parameter information signals stored in said nonvolatile memory means pertaining to each socket and attached card , to the aforesaid parameter storage means on each card to thereby automatically configure said system .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (memory location) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5491804A
CLAIM 1 . A method for operating a computer system to facilitate user transparent establishment of variable system parameters , including addressing for a first configuration of adapter cards attached to said system , wherein each card in said first configuration is of a predetermined card type and has a predefined unique card type ID value associated therewith , and further wherein said system includes a plurality of sockets into which each card in said set of adapter cards may be interchangeable plugged , nonvolatile memory means , coupled to said plurality of sockets , for storing in locations thereof , ID values and parameter information signals pertaining to each of said plurality of sockets and any card plugged into a given socket when the system is powered down , and software-adjustable parameter storage means on each card , coupled to said nonvolatile memory means , utilized in the process of automatically configuring said system on power up to support said first configuration of adapter cards , comprising the steps of : (a) individually addressing each of said sockets ;
(b) determining if a socket is vacant ;
(c) terminating further operations relative to any socket determined to be vacant ;
(d) conditioning each card attached to a socket to transmit its predefined card type ID value ;
(e) determining if said first configuration has changed since the system was last powered down by comparing the transmitted ID value returned by each card attached to any one of said plurality of sockets with the ID value stored in the corresponding memory location (executable instructions, executable instruction, decryption instructions, memory location) in nonvolatile memory for each socket ;
and (f) transferring , so long as said first configuration has not changed , the parameter information signals stored in said nonvolatile memory means pertaining to each socket and attached card , to the aforesaid parameter storage means on each card to thereby automatically configure said system .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (memory location) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		US5491804A
CLAIM 1 . A method for operating a computer system to facilitate user transparent establishment of variable system parameters , including addressing for a first configuration of adapter cards attached to said system , wherein each card in said first configuration is of a predetermined card type and has a predefined unique card type ID value associated therewith , and further wherein said system includes a plurality of sockets into which each card in said set of adapter cards may be interchangeable plugged , nonvolatile memory means , coupled to said plurality of sockets , for storing in locations thereof , ID values and parameter information signals pertaining to each of said plurality of sockets and any card plugged into a given socket when the system is powered down , and software-adjustable parameter storage means on each card , coupled to said nonvolatile memory means , utilized in the process of automatically configuring said system on power up to support said first configuration of adapter cards , comprising the steps of : (a) individually addressing each of said sockets ;
(b) determining if a socket is vacant ;
(c) terminating further operations relative to any socket determined to be vacant ;
(d) conditioning each card attached to a socket to transmit its predefined card type ID value ;
(e) determining if said first configuration has changed since the system was last powered down by comparing the transmitted ID value returned by each card attached to any one of said plurality of sockets with the ID value stored in the corresponding memory location (executable instructions, executable instruction, decryption instructions, memory location) in nonvolatile memory for each socket ;
and (f) transferring , so long as said first configuration has not changed , the parameter information signals stored in said nonvolatile memory means pertaining to each socket and attached card , to the aforesaid parameter storage means on each card to thereby automatically configure said system .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (memory location) . 		US5491804A
CLAIM 1 . A method for operating a computer system to facilitate user transparent establishment of variable system parameters , including addressing for a first configuration of adapter cards attached to said system , wherein each card in said first configuration is of a predetermined card type and has a predefined unique card type ID value associated therewith , and further wherein said system includes a plurality of sockets into which each card in said set of adapter cards may be interchangeable plugged , nonvolatile memory means , coupled to said plurality of sockets , for storing in locations thereof , ID values and parameter information signals pertaining to each of said plurality of sockets and any card plugged into a given socket when the system is powered down , and software-adjustable parameter storage means on each card , coupled to said nonvolatile memory means , utilized in the process of automatically configuring said system on power up to support said first configuration of adapter cards , comprising the steps of : (a) individually addressing each of said sockets ;
(b) determining if a socket is vacant ;
(c) terminating further operations relative to any socket determined to be vacant ;
(d) conditioning each card attached to a socket to transmit its predefined card type ID value ;
(e) determining if said first configuration has changed since the system was last powered down by comparing the transmitted ID value returned by each card attached to any one of said plurality of sockets with the ID value stored in the corresponding memory location (executable instructions, executable instruction, decryption instructions, memory location) in nonvolatile memory for each socket ;
and (f) transferring , so long as said first configuration has not changed , the parameter information signals stored in said nonvolatile memory means pertaining to each socket and attached card , to the aforesaid parameter storage means on each card to thereby automatically configure said system .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions (memory location) and conversion code with a start point at a memory location (memory location) indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US5491804A
CLAIM 1 . A method for operating a computer system to facilitate user transparent establishment of variable system parameters , including addressing for a first configuration of adapter cards attached to said system , wherein each card in said first configuration is of a predetermined card type and has a predefined unique card type ID value associated therewith , and further wherein said system includes a plurality of sockets into which each card in said set of adapter cards may be interchangeable plugged , nonvolatile memory means , coupled to said plurality of sockets , for storing in locations thereof , ID values and parameter information signals pertaining to each of said plurality of sockets and any card plugged into a given socket when the system is powered down , and software-adjustable parameter storage means on each card , coupled to said nonvolatile memory means , utilized in the process of automatically configuring said system on power up to support said first configuration of adapter cards , comprising the steps of : (a) individually addressing each of said sockets ;
(b) determining if a socket is vacant ;
(c) terminating further operations relative to any socket determined to be vacant ;
(d) conditioning each card attached to a socket to transmit its predefined card type ID value ;
(e) determining if said first configuration has changed since the system was last powered down by comparing the transmitted ID value returned by each card attached to any one of said plurality of sockets with the ID value stored in the corresponding memory location (executable instructions, executable instruction, decryption instructions, memory location) in nonvolatile memory for each socket ;
and (f) transferring , so long as said first configuration has not changed , the parameter information signals stored in said nonvolatile memory means pertaining to each socket and attached card , to the aforesaid parameter storage means on each card to thereby automatically configure said system .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system , is operable as a digital data protection arrangement (system parameter) in accordance with claim 18 . 		US5491804A
CLAIM 1 . A method for operating a computer system to facilitate user transparent establishment of variable system parameter (digital protection arrangement, digital data protection arrangement) s , including addressing for a first configuration of adapter cards attached to said system , wherein each card in said first configuration is of a predetermined card type and has a predefined unique card type ID value associated therewith , and further wherein said system includes a plurality of sockets into which each card in said set of adapter cards may be interchangeable plugged , nonvolatile memory means , coupled to said plurality of sockets , for storing in locations thereof , ID values and parameter information signals pertaining to each of said plurality of sockets and any card plugged into a given socket when the system is powered down , and software-adjustable parameter storage means on each card , coupled to said nonvolatile memory means , utilized in the process of automatically configuring said system on power up to support said first configuration of adapter cards , comprising the steps of : (a) individually addressing each of said sockets ;
(b) determining if a socket is vacant ;
(c) terminating further operations relative to any socket determined to be vacant ;
(d) conditioning each card attached to a socket to transmit its predefined card type ID value ;
(e) determining if said first configuration has changed since the system was last powered down by comparing the transmitted ID value returned by each card attached to any one of said plurality of sockets with the ID value stored in the corresponding memory location in nonvolatile memory for each socket ;
and (f) transferring , so long as said first configuration has not changed , the parameter information signals stored in said nonvolatile memory means pertaining to each socket and attached card , to the aforesaid parameter storage means on each card to thereby automatically configure said system .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction (memory location) which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5491804A
CLAIM 1 . A method for operating a computer system to facilitate user transparent establishment of variable system parameters , including addressing for a first configuration of adapter cards attached to said system , wherein each card in said first configuration is of a predetermined card type and has a predefined unique card type ID value associated therewith , and further wherein said system includes a plurality of sockets into which each card in said set of adapter cards may be interchangeable plugged , nonvolatile memory means , coupled to said plurality of sockets , for storing in locations thereof , ID values and parameter information signals pertaining to each of said plurality of sockets and any card plugged into a given socket when the system is powered down , and software-adjustable parameter storage means on each card , coupled to said nonvolatile memory means , utilized in the process of automatically configuring said system on power up to support said first configuration of adapter cards , comprising the steps of : (a) individually addressing each of said sockets ;
(b) determining if a socket is vacant ;
(c) terminating further operations relative to any socket determined to be vacant ;
(d) conditioning each card attached to a socket to transmit its predefined card type ID value ;
(e) determining if said first configuration has changed since the system was last powered down by comparing the transmitted ID value returned by each card attached to any one of said plurality of sockets with the ID value stored in the corresponding memory location (executable instructions, executable instruction, decryption instructions, memory location) in nonvolatile memory for each socket ;
and (f) transferring , so long as said first configuration has not changed , the parameter information signals stored in said nonvolatile memory means pertaining to each socket and attached card , to the aforesaid parameter storage means on each card to thereby automatically configure said system .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system , is operable as a digital data protection arrangement (system parameter) in accordance with claim 29 . 		US5491804A
CLAIM 1 . A method for operating a computer system to facilitate user transparent establishment of variable system parameter (digital protection arrangement, digital data protection arrangement) s , including addressing for a first configuration of adapter cards attached to said system , wherein each card in said first configuration is of a predetermined card type and has a predefined unique card type ID value associated therewith , and further wherein said system includes a plurality of sockets into which each card in said set of adapter cards may be interchangeable plugged , nonvolatile memory means , coupled to said plurality of sockets , for storing in locations thereof , ID values and parameter information signals pertaining to each of said plurality of sockets and any card plugged into a given socket when the system is powered down , and software-adjustable parameter storage means on each card , coupled to said nonvolatile memory means , utilized in the process of automatically configuring said system on power up to support said first configuration of adapter cards , comprising the steps of : (a) individually addressing each of said sockets ;
(b) determining if a socket is vacant ;
(c) terminating further operations relative to any socket determined to be vacant ;
(d) conditioning each card attached to a socket to transmit its predefined card type ID value ;
(e) determining if said first configuration has changed since the system was last powered down by comparing the transmitted ID value returned by each card attached to any one of said plurality of sockets with the ID value stored in the corresponding memory location in nonvolatile memory for each socket ;
and (f) transferring , so long as said first configuration has not changed , the parameter information signals stored in said nonvolatile memory means pertaining to each socket and attached card , to the aforesaid parameter storage means on each card to thereby automatically configure said system .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code is executable to create the steps on each occasion that the executable instruction (memory location) is to be executed . 		US5491804A
CLAIM 1 . A method for operating a computer system to facilitate user transparent establishment of variable system parameters , including addressing for a first configuration of adapter cards attached to said system , wherein each card in said first configuration is of a predetermined card type and has a predefined unique card type ID value associated therewith , and further wherein said system includes a plurality of sockets into which each card in said set of adapter cards may be interchangeable plugged , nonvolatile memory means , coupled to said plurality of sockets , for storing in locations thereof , ID values and parameter information signals pertaining to each of said plurality of sockets and any card plugged into a given socket when the system is powered down , and software-adjustable parameter storage means on each card , coupled to said nonvolatile memory means , utilized in the process of automatically configuring said system on power up to support said first configuration of adapter cards , comprising the steps of : (a) individually addressing each of said sockets ;
(b) determining if a socket is vacant ;
(c) terminating further operations relative to any socket determined to be vacant ;
(d) conditioning each card attached to a socket to transmit its predefined card type ID value ;
(e) determining if said first configuration has changed since the system was last powered down by comparing the transmitted ID value returned by each card attached to any one of said plurality of sockets with the ID value stored in the corresponding memory location (executable instructions, executable instruction, decryption instructions, memory location) in nonvolatile memory for each socket ;
and (f) transferring , so long as said first configuration has not changed , the parameter information signals stored in said nonvolatile memory means pertaining to each socket and attached card , to the aforesaid parameter storage means on each card to thereby automatically configure said system .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system , is operable as a digital data protection arrangement (system parameter) in accordance with claim 34 . 		US5491804A
CLAIM 1 . A method for operating a computer system to facilitate user transparent establishment of variable system parameter (digital protection arrangement, digital data protection arrangement) s , including addressing for a first configuration of adapter cards attached to said system , wherein each card in said first configuration is of a predetermined card type and has a predefined unique card type ID value associated therewith , and further wherein said system includes a plurality of sockets into which each card in said set of adapter cards may be interchangeable plugged , nonvolatile memory means , coupled to said plurality of sockets , for storing in locations thereof , ID values and parameter information signals pertaining to each of said plurality of sockets and any card plugged into a given socket when the system is powered down , and software-adjustable parameter storage means on each card , coupled to said nonvolatile memory means , utilized in the process of automatically configuring said system on power up to support said first configuration of adapter cards , comprising the steps of : (a) individually addressing each of said sockets ;
(b) determining if a socket is vacant ;
(c) terminating further operations relative to any socket determined to be vacant ;
(d) conditioning each card attached to a socket to transmit its predefined card type ID value ;
(e) determining if said first configuration has changed since the system was last powered down by comparing the transmitted ID value returned by each card attached to any one of said plurality of sockets with the ID value stored in the corresponding memory location in nonvolatile memory for each socket ;
and (f) transferring , so long as said first configuration has not changed , the parameter information signals stored in said nonvolatile memory means pertaining to each socket and attached card , to the aforesaid parameter storage means on each card to thereby automatically configure said system .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code (source information) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5491804A
CLAIM 43 . A device card for a central processing system , the central processing system having an I/O socket for attaching said device card to the central processing system , a bus for electrically connecting said card to the central processing system , a central processor unit , and a nonvolatile memory , the nonvolatile memory including a first identity value associated with said device card , the nonvolatile memory further including corresponding parameter data for said card , the parameter data being representative of variable system resource information (relocation code) to enable said card to operate within the central processing system , said device card comprising : storage means provided on said card for permanently storing a second identity value for indicating a respective card type ;
decoding means for decoding on said card , said decoding means being responsive to a first control signal initiated from the central processing unit for effecting the transfer of the second identity value to the central processing unit , a driver circuit means responsive to said decoding means for transmitting the second identity value to the central processing system , wherein the central processing unit generates a second control signal when the second identity value of said card then connected to the central processing system matches the first identity value stored in the nonvolatile memory , the central processing unit further transferring the parameter data to the bus upon a successful comparison of said identity values ;
card programming means for transferring the parameter data from said bus to said card in response to the second control signal initiated from the central processing unit ;
and parameter storage means provided on said card for storing the parameter data from the central processing unit .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (source information) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5491804A
CLAIM 43 . A device card for a central processing system , the central processing system having an I/O socket for attaching said device card to the central processing system , a bus for electrically connecting said card to the central processing system , a central processor unit , and a nonvolatile memory , the nonvolatile memory including a first identity value associated with said device card , the nonvolatile memory further including corresponding parameter data for said card , the parameter data being representative of variable system resource information (relocation code) to enable said card to operate within the central processing system , said device card comprising : storage means provided on said card for permanently storing a second identity value for indicating a respective card type ;
decoding means for decoding on said card , said decoding means being responsive to a first control signal initiated from the central processing unit for effecting the transfer of the second identity value to the central processing unit , a driver circuit means responsive to said decoding means for transmitting the second identity value to the central processing system , wherein the central processing unit generates a second control signal when the second identity value of said card then connected to the central processing system matches the first identity value stored in the nonvolatile memory , the central processing unit further transferring the parameter data to the bus upon a successful comparison of said identity values ;
card programming means for transferring the parameter data from said bus to said card in response to the second control signal initiated from the central processing unit ;
and parameter storage means provided on said card for storing the parameter data from the central processing unit .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system , is operable as a digital data protection arrangement (system parameter) in accordance with claim 38 . 		US5491804A
CLAIM 1 . A method for operating a computer system to facilitate user transparent establishment of variable system parameter (digital protection arrangement, digital data protection arrangement) s , including addressing for a first configuration of adapter cards attached to said system , wherein each card in said first configuration is of a predetermined card type and has a predefined unique card type ID value associated therewith , and further wherein said system includes a plurality of sockets into which each card in said set of adapter cards may be interchangeable plugged , nonvolatile memory means , coupled to said plurality of sockets , for storing in locations thereof , ID values and parameter information signals pertaining to each of said plurality of sockets and any card plugged into a given socket when the system is powered down , and software-adjustable parameter storage means on each card , coupled to said nonvolatile memory means , utilized in the process of automatically configuring said system on power up to support said first configuration of adapter cards , comprising the steps of : (a) individually addressing each of said sockets ;
(b) determining if a socket is vacant ;
(c) terminating further operations relative to any socket determined to be vacant ;
(d) conditioning each card attached to a socket to transmit its predefined card type ID value ;
(e) determining if said first configuration has changed since the system was last powered down by comparing the transmitted ID value returned by each card attached to any one of said plurality of sockets with the ID value stored in the corresponding memory location in nonvolatile memory for each socket ;
and (f) transferring , so long as said first configuration has not changed , the parameter information signals stored in said nonvolatile memory means pertaining to each socket and attached card , to the aforesaid parameter storage means on each card to thereby automatically configure said system .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5050213A

Filed: 1990-08-06     Issued: 1991-09-17

Database usage metering and protection system and method

(Original Assignee) Electronic Publishing Resources Inc     (Current Assignee) Electronic Publishing Resources Inc

Victor H. Shear
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form (communicating means, restricting means) by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5050213A
CLAIM 20 . A secure database access system comprising : at least one storage medium located at a customer site and storing database information on at least one removable , optical storage disc , with at least one part of said database information being stored encrypted form ;
input means for providing database search criteria in response , at least in part , to user input ;
searching means , operatively connected to said at least one storage medium and to said input means , for searching at least one portion of said database information so as to identify database portions corresponding to said search criteria ;
additional functions means , operatively connected to said searching means , for performing at least one of the additional functions of copying , storing , printing , and communicating at least one part of said identified database information ;
decrypting means , operatively connected to at least one of (a) said searching means , and (b) said at least one storage medium , for decrypting identified database information ;
displaying means , operatively connected to at least one of (a) said searching means , and (b) said decrypting means , for displaying database information ;
and selectively restricting means (executable form) , operatively connected to said additional function means , for restricting the use of at least one database portion by permitting said displaying means to display , but precluding said additional functions means from at least one of copying , storing , printing and communicating , at least one part of identified database information .

US5050213A
CLAIM 24 . A secure digital access system for distributing properties in digital form , said system comprising : first storage means physically disposed at a client site and including an optical storage device , said storage means for storing plural properties thereon in digital from , rights in said properties being owned by plural property owners , the contents of at least a part of at least one of said plural properties being secured by at least one of (a) encryption , and (b) a password ;
digital processor means , operatively connected to said first storage means , for allowing at least one client user to select and electronically retrieve at least one part of at least one of said stored properties , said digital processor means also including means for allowing said client user to at least one of (a) access and (b) use , at least one secured part of said plural properties through use of at least one key ;
usage means , operatively connected to at least one of (a) said digital processor means , and (b) said first storage means , for providing digital usage information representing at least one aspect of user usage of properties ;
communicating means (executable form) , operatively connected to at least one of (a) said further storage means , and (b) said digital processor means , for facilitating communication of indicia of said usage information to at least one location distant from said client site ;
determining means , operatively connected to said communicating means , for determining any client payments due ;
requiring means , operatively connected to at least one of (a) said digital processor means , (b) said determining means , (c) said communicating means , and (d) said usage means , for requiring payment from said client ;
and means , operatively connected to receive at least part of said digital usage information , to at least in part apportion amongst plural property owners at least a portion of said user payment , at least in part , at least one of (a) in response to said digital usage information , and (b) according to respective ownership rights of said plural property owners .

US7162735B2
CLAIM 3 . A computer system (stored data, reading device) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US5050213A
CLAIM 5 . A system for permitting a client user to access and retrieve from stored digitally encoded database information of a type that is specially adapted for being searched and retrieved from in response to user-provided search criteria , said system also preventing unlimited user access to said stored data (computer system, computer system comprising memory) base information so as to prevent said client user from at least one of (a) copying , (b) otherwise using , and (c) otherwise processing , said stored database information in a manner at least one of (a) not authorized by the publisher of said database information , and (b) so as to ensure that the publisher of said database information is adequately compensated for at least one of (i) client user access , and (ii) client user use , said system including in combination : at least one housing located at said client site ;
at least one portable storage medium adapted to be accepted by said housing , said at least one storage medium storing , at least in part , at least one database having at least a part that is encrypted and stored in a form making said part unintelligible to said client user unless said part is decrypted , said database being at least in part indexed by at least one index ;
digital processor means operatively connected to said at least one storage medium so as to (a) generate a database access request , (b) read index information from said at least one storage medium so as to provide corresponding digital index signals , (c) identify , at least partially in response to said digital index signals , portions of said at least one database which satisfy the access request , and (d) read an identified database portion from the at least one storage medium so as to provide corresponding digital signals for at least one of (a) processing , and (b) usage ;
and control means operatively connected to at least one of (a) said digital processor means , and (b) said at least one storage medium , for metering at least one aspect of at least one of (a) processing , and (b) usage , of said at least one database , for storing digital signals indicative of at least one part of said metered at least one aspect in a form not easily modified by said client user , and for selectively limiting , in response to said at least one of metered (a) processing , and (b) usage , the further at least one of (a) processing , and (b) usage , of at least a part of said at least one database .

US5050213A
CLAIM 17 . A method of providing information responsive to search criteria for use by a client at a physical client site , said method comprising the steps of : (1) providing , for insertion into a reading device (computer system, computer system comprising memory) at said physical client site , at least one portable optical storage medium , said optical storage medium storing database information adapted to be searchable ;
(2) inserting said optical storage medium into said reading device ;
(3) searching said database information to identify database information which corresponds , at least in part , to said search criteria ;
(4) reading and processing identified database information from said optical storage medium using a key ;
and (5) metering at least one aspect of client usage of said database information and generating at least one parameter reflecting said usage .

US7162735B2
CLAIM 4 . A digital data (digital data) arrangement comprising protected code and security code (unauthorized access, user access) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5050213A
CLAIM 5 . A system for permitting a client user to access and retrieve from stored digitally encoded database information of a type that is specially adapted for being searched and retrieved from in response to user-provided search criteria , said system also preventing unlimited user access (security code) to said stored database information so as to prevent said client user from at least one of (a) copying , (b) otherwise using , and (c) otherwise processing , said stored database information in a manner at least one of (a) not authorized by the publisher of said database information , and (b) so as to ensure that the publisher of said database information is adequately compensated for at least one of (i) client user access , and (ii) client user use , said system including in combination : at least one housing located at said client site ;
at least one portable storage medium adapted to be accepted by said housing , said at least one storage medium storing , at least in part , at least one database having at least a part that is encrypted and stored in a form making said part unintelligible to said client user unless said part is decrypted , said database being at least in part indexed by at least one index ;
digital processor means operatively connected to said at least one storage medium so as to (a) generate a database access request , (b) read index information from said at least one storage medium so as to provide corresponding digital index signals , (c) identify , at least partially in response to said digital index signals , portions of said at least one database which satisfy the access request , and (d) read an identified database portion from the at least one storage medium so as to provide corresponding digital signals for at least one of (a) processing , and (b) usage ;
and control means operatively connected to at least one of (a) said digital processor means , and (b) said at least one storage medium , for metering at least one aspect of at least one of (a) processing , and (b) usage , of said at least one database , for storing digital signals indicative of at least one part of said metered at least one aspect in a form not easily modified by said client user , and for selectively limiting , in response to said at least one of metered (a) processing , and (b) usage , the further at least one of (a) processing , and (b) usage , of at least a part of said at least one database .

US5050213A
CLAIM 10 . A method of securing access to at least one database comprising the steps of : providing at least one portable medium located at a client site and storing at least one database composed , at least in part , of information organized as digital indicia in database searchable form , said at least one database having at least one encrypted part in order to preclude at least one of (a) unauthorized use , and (b) unauthorized access (security code) ;
generating database search criteria ;
searching at least one part of said at least one database to identify digital indicia corresponding to portions of said at least one database which satisfy said generated search criteria ;
decrypting at least one of (a) digital electronic signals corresponding to desired , identified , encrypted database portions , and (b) at least one digital electronic signal corresponding to an identified encrypted portion of said at least one database , to produce corresponding decrypted information ;
measuring at least one of (a) the quantity , and (b) the duration , of use of at least one portion of said at least one database and generating a result corresponding to said measurement ;
storing an indication of said generated result on a storage medium in a form which deters client tampering therewith ;
and selectively inhibiting at least one of (a) searching , (b) decrypting , and (c) otherwise using , in response to said result .

US5050213A
CLAIM 14 . A database access system which is capable of being operated by a user at a user site so as to electronically search digital data (digital data) base information in response to a search request , said system including the following combination of elements all located at said user site ;
an optical storage device storing thereon digitally encoded database information at least some of which is in a form that is unintelligible unless said information is processed using a key ;
a search/retrieval arrangement operatively coupled to said optical storage device , said search/retrieval arrangement causing a subset of said database information responsive , at least in part , to said search request to be retrieved from said storage device , processed using said key , and presented to said user ;
and a metering arrangement operatively associated with said optical storage device , said metering arrangement monitoring usage of said database information , storing information indicative of at least a portion of said usage , and selectively inhibiting said database information from being processed to said user in response to comparison of monitored usage with a predetermined limit .

US7162735B2
CLAIM 5 . A computer system (stored data, reading device) comprising memory means (memory means) containing a digital protection arrangement according to claim 4 . 		US5050213A
CLAIM 5 . A system for permitting a client user to access and retrieve from stored digitally encoded database information of a type that is specially adapted for being searched and retrieved from in response to user-provided search criteria , said system also preventing unlimited user access to said stored data (computer system, computer system comprising memory) base information so as to prevent said client user from at least one of (a) copying , (b) otherwise using , and (c) otherwise processing , said stored database information in a manner at least one of (a) not authorized by the publisher of said database information , and (b) so as to ensure that the publisher of said database information is adequately compensated for at least one of (i) client user access , and (ii) client user use , said system including in combination : at least one housing located at said client site ;
at least one portable storage medium adapted to be accepted by said housing , said at least one storage medium storing , at least in part , at least one database having at least a part that is encrypted and stored in a form making said part unintelligible to said client user unless said part is decrypted , said database being at least in part indexed by at least one index ;
digital processor means operatively connected to said at least one storage medium so as to (a) generate a database access request , (b) read index information from said at least one storage medium so as to provide corresponding digital index signals , (c) identify , at least partially in response to said digital index signals , portions of said at least one database which satisfy the access request , and (d) read an identified database portion from the at least one storage medium so as to provide corresponding digital signals for at least one of (a) processing , and (b) usage ;
and control means operatively connected to at least one of (a) said digital processor means , and (b) said at least one storage medium , for metering at least one aspect of at least one of (a) processing , and (b) usage , of said at least one database , for storing digital signals indicative of at least one part of said metered at least one aspect in a form not easily modified by said client user , and for selectively limiting , in response to said at least one of metered (a) processing , and (b) usage , the further at least one of (a) processing , and (b) usage , of at least a part of said at least one database .

US5050213A
CLAIM 17 . A method of providing information responsive to search criteria for use by a client at a physical client site , said method comprising the steps of : (1) providing , for insertion into a reading device (computer system, computer system comprising memory) at said physical client site , at least one portable optical storage medium , said optical storage medium storing database information adapted to be searchable ;
(2) inserting said optical storage medium into said reading device ;
(3) searching said database information to identify database information which corresponds , at least in part , to said search criteria ;
(4) reading and processing identified database information from said optical storage medium using a key ;
and (5) metering at least one aspect of client usage of said database information and generating at least one parameter reflecting said usage .

US5050213A
CLAIM 19 . A method of securing access to a database comprising the steps of : providing at a client site at least one mass storage medium including optical memory means (memory means) , said storage medium storing at least one searchable database , said database having at least some inaccessible contents ;
providing database search criteria determined at least in part by user input ;
searching at least one part of said at least one database in response to said database search criteria and locating any database portions which corresponds to said search criteria ;
making accessible at least one of (a) at least one portions of the inaccessible database contents resulting from said searching , and (b) any user desired ones of inaccessible database contents resulting from said searching , so as to provide corresponding useable information , including the step of processing said contents through the use of a key ;
and selectively restricting use of at least one portion of said at least one database by preventing , under at least one circumstance , at least one of copying , storing , printing and communicating .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (stored data, reading device) , is operable as a digital data (digital data) protection arrangement in accordance with claim 4 . 		US5050213A
CLAIM 5 . A system for permitting a client user to access and retrieve from stored digitally encoded database information of a type that is specially adapted for being searched and retrieved from in response to user-provided search criteria , said system also preventing unlimited user access to said stored data (computer system, computer system comprising memory) base information so as to prevent said client user from at least one of (a) copying , (b) otherwise using , and (c) otherwise processing , said stored database information in a manner at least one of (a) not authorized by the publisher of said database information , and (b) so as to ensure that the publisher of said database information is adequately compensated for at least one of (i) client user access , and (ii) client user use , said system including in combination : at least one housing located at said client site ;
at least one portable storage medium adapted to be accepted by said housing , said at least one storage medium storing , at least in part , at least one database having at least a part that is encrypted and stored in a form making said part unintelligible to said client user unless said part is decrypted , said database being at least in part indexed by at least one index ;
digital processor means operatively connected to said at least one storage medium so as to (a) generate a database access request , (b) read index information from said at least one storage medium so as to provide corresponding digital index signals , (c) identify , at least partially in response to said digital index signals , portions of said at least one database which satisfy the access request , and (d) read an identified database portion from the at least one storage medium so as to provide corresponding digital signals for at least one of (a) processing , and (b) usage ;
and control means operatively connected to at least one of (a) said digital processor means , and (b) said at least one storage medium , for metering at least one aspect of at least one of (a) processing , and (b) usage , of said at least one database , for storing digital signals indicative of at least one part of said metered at least one aspect in a form not easily modified by said client user , and for selectively limiting , in response to said at least one of metered (a) processing , and (b) usage , the further at least one of (a) processing , and (b) usage , of at least a part of said at least one database .

US5050213A
CLAIM 14 . A database access system which is capable of being operated by a user at a user site so as to electronically search digital data (digital data) base information in response to a search request , said system including the following combination of elements all located at said user site ;
an optical storage device storing thereon digitally encoded database information at least some of which is in a form that is unintelligible unless said information is processed using a key ;
a search/retrieval arrangement operatively coupled to said optical storage device , said search/retrieval arrangement causing a subset of said database information responsive , at least in part , to said search request to be retrieved from said storage device , processed using said key , and presented to said user ;
and a metering arrangement operatively associated with said optical storage device , said metering arrangement monitoring usage of said database information , storing information indicative of at least a portion of said usage , and selectively inhibiting said database information from being processed to said user in response to comparison of monitored usage with a predetermined limit .

US5050213A
CLAIM 17 . A method of providing information responsive to search criteria for use by a client at a physical client site , said method comprising the steps of : (1) providing , for insertion into a reading device (computer system, computer system comprising memory) at said physical client site , at least one portable optical storage medium , said optical storage medium storing database information adapted to be searchable ;
(2) inserting said optical storage medium into said reading device ;
(3) searching said database information to identify database information which corresponds , at least in part , to said search criteria ;
(4) reading and processing identified database information from said optical storage medium using a key ;
and (5) metering at least one aspect of client usage of said database information and generating at least one parameter reflecting said usage .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (stored data, reading device) , is operable as a digital data (digital data) protection arrangement in accordance with claim 4 . 		US5050213A
CLAIM 5 . A system for permitting a client user to access and retrieve from stored digitally encoded database information of a type that is specially adapted for being searched and retrieved from in response to user-provided search criteria , said system also preventing unlimited user access to said stored data (computer system, computer system comprising memory) base information so as to prevent said client user from at least one of (a) copying , (b) otherwise using , and (c) otherwise processing , said stored database information in a manner at least one of (a) not authorized by the publisher of said database information , and (b) so as to ensure that the publisher of said database information is adequately compensated for at least one of (i) client user access , and (ii) client user use , said system including in combination : at least one housing located at said client site ;
at least one portable storage medium adapted to be accepted by said housing , said at least one storage medium storing , at least in part , at least one database having at least a part that is encrypted and stored in a form making said part unintelligible to said client user unless said part is decrypted , said database being at least in part indexed by at least one index ;
digital processor means operatively connected to said at least one storage medium so as to (a) generate a database access request , (b) read index information from said at least one storage medium so as to provide corresponding digital index signals , (c) identify , at least partially in response to said digital index signals , portions of said at least one database which satisfy the access request , and (d) read an identified database portion from the at least one storage medium so as to provide corresponding digital signals for at least one of (a) processing , and (b) usage ;
and control means operatively connected to at least one of (a) said digital processor means , and (b) said at least one storage medium , for metering at least one aspect of at least one of (a) processing , and (b) usage , of said at least one database , for storing digital signals indicative of at least one part of said metered at least one aspect in a form not easily modified by said client user , and for selectively limiting , in response to said at least one of metered (a) processing , and (b) usage , the further at least one of (a) processing , and (b) usage , of at least a part of said at least one database .

US5050213A
CLAIM 14 . A database access system which is capable of being operated by a user at a user site so as to electronically search digital data (digital data) base information in response to a search request , said system including the following combination of elements all located at said user site ;
an optical storage device storing thereon digitally encoded database information at least some of which is in a form that is unintelligible unless said information is processed using a key ;
a search/retrieval arrangement operatively coupled to said optical storage device , said search/retrieval arrangement causing a subset of said database information responsive , at least in part , to said search request to be retrieved from said storage device , processed using said key , and presented to said user ;
and a metering arrangement operatively associated with said optical storage device , said metering arrangement monitoring usage of said database information , storing information indicative of at least a portion of said usage , and selectively inhibiting said database information from being processed to said user in response to comparison of monitored usage with a predetermined limit .

US5050213A
CLAIM 17 . A method of providing information responsive to search criteria for use by a client at a physical client site , said method comprising the steps of : (1) providing , for insertion into a reading device (computer system, computer system comprising memory) at said physical client site , at least one portable optical storage medium , said optical storage medium storing database information adapted to be searchable ;
(2) inserting said optical storage medium into said reading device ;
(3) searching said database information to identify database information which corresponds , at least in part , to said search criteria ;
(4) reading and processing identified database information from said optical storage medium using a key ;
and (5) metering at least one aspect of client usage of said database information and generating at least one parameter reflecting said usage .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (unauthorized access, user access) , when executed , is operable to detect corruption of the protected code . 		US5050213A
CLAIM 5 . A system for permitting a client user to access and retrieve from stored digitally encoded database information of a type that is specially adapted for being searched and retrieved from in response to user-provided search criteria , said system also preventing unlimited user access (security code) to said stored database information so as to prevent said client user from at least one of (a) copying , (b) otherwise using , and (c) otherwise processing , said stored database information in a manner at least one of (a) not authorized by the publisher of said database information , and (b) so as to ensure that the publisher of said database information is adequately compensated for at least one of (i) client user access , and (ii) client user use , said system including in combination : at least one housing located at said client site ;
at least one portable storage medium adapted to be accepted by said housing , said at least one storage medium storing , at least in part , at least one database having at least a part that is encrypted and stored in a form making said part unintelligible to said client user unless said part is decrypted , said database being at least in part indexed by at least one index ;
digital processor means operatively connected to said at least one storage medium so as to (a) generate a database access request , (b) read index information from said at least one storage medium so as to provide corresponding digital index signals , (c) identify , at least partially in response to said digital index signals , portions of said at least one database which satisfy the access request , and (d) read an identified database portion from the at least one storage medium so as to provide corresponding digital signals for at least one of (a) processing , and (b) usage ;
and control means operatively connected to at least one of (a) said digital processor means , and (b) said at least one storage medium , for metering at least one aspect of at least one of (a) processing , and (b) usage , of said at least one database , for storing digital signals indicative of at least one part of said metered at least one aspect in a form not easily modified by said client user , and for selectively limiting , in response to said at least one of metered (a) processing , and (b) usage , the further at least one of (a) processing , and (b) usage , of at least a part of said at least one database .

US5050213A
CLAIM 10 . A method of securing access to at least one database comprising the steps of : providing at least one portable medium located at a client site and storing at least one database composed , at least in part , of information organized as digital indicia in database searchable form , said at least one database having at least one encrypted part in order to preclude at least one of (a) unauthorized use , and (b) unauthorized access (security code) ;
generating database search criteria ;
searching at least one part of said at least one database to identify digital indicia corresponding to portions of said at least one database which satisfy said generated search criteria ;
decrypting at least one of (a) digital electronic signals corresponding to desired , identified , encrypted database portions , and (b) at least one digital electronic signal corresponding to an identified encrypted portion of said at least one database , to produce corresponding decrypted information ;
measuring at least one of (a) the quantity , and (b) the duration , of use of at least one portion of said at least one database and generating a result corresponding to said measurement ;
storing an indication of said generated result on a storage medium in a form which deters client tampering therewith ;
and selectively inhibiting at least one of (a) searching , (b) decrypting , and (c) otherwise using , in response to said result .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (unauthorized access, user access) is operable to delete the protected code in the event that any corruption is detected . 		US5050213A
CLAIM 5 . A system for permitting a client user to access and retrieve from stored digitally encoded database information of a type that is specially adapted for being searched and retrieved from in response to user-provided search criteria , said system also preventing unlimited user access (security code) to said stored database information so as to prevent said client user from at least one of (a) copying , (b) otherwise using , and (c) otherwise processing , said stored database information in a manner at least one of (a) not authorized by the publisher of said database information , and (b) so as to ensure that the publisher of said database information is adequately compensated for at least one of (i) client user access , and (ii) client user use , said system including in combination : at least one housing located at said client site ;
at least one portable storage medium adapted to be accepted by said housing , said at least one storage medium storing , at least in part , at least one database having at least a part that is encrypted and stored in a form making said part unintelligible to said client user unless said part is decrypted , said database being at least in part indexed by at least one index ;
digital processor means operatively connected to said at least one storage medium so as to (a) generate a database access request , (b) read index information from said at least one storage medium so as to provide corresponding digital index signals , (c) identify , at least partially in response to said digital index signals , portions of said at least one database which satisfy the access request , and (d) read an identified database portion from the at least one storage medium so as to provide corresponding digital signals for at least one of (a) processing , and (b) usage ;
and control means operatively connected to at least one of (a) said digital processor means , and (b) said at least one storage medium , for metering at least one aspect of at least one of (a) processing , and (b) usage , of said at least one database , for storing digital signals indicative of at least one part of said metered at least one aspect in a form not easily modified by said client user , and for selectively limiting , in response to said at least one of metered (a) processing , and (b) usage , the further at least one of (a) processing , and (b) usage , of at least a part of said at least one database .

US5050213A
CLAIM 10 . A method of securing access to at least one database comprising the steps of : providing at least one portable medium located at a client site and storing at least one database composed , at least in part , of information organized as digital indicia in database searchable form , said at least one database having at least one encrypted part in order to preclude at least one of (a) unauthorized use , and (b) unauthorized access (security code) ;
generating database search criteria ;
searching at least one part of said at least one database to identify digital indicia corresponding to portions of said at least one database which satisfy said generated search criteria ;
decrypting at least one of (a) digital electronic signals corresponding to desired , identified , encrypted database portions , and (b) at least one digital electronic signal corresponding to an identified encrypted portion of said at least one database , to produce corresponding decrypted information ;
measuring at least one of (a) the quantity , and (b) the duration , of use of at least one portion of said at least one database and generating a result corresponding to said measurement ;
storing an indication of said generated result on a storage medium in a form which deters client tampering therewith ;
and selectively inhibiting at least one of (a) searching , (b) decrypting , and (c) otherwise using , in response to said result .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (unauthorized access, user access) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US5050213A
CLAIM 5 . A system for permitting a client user to access and retrieve from stored digitally encoded database information of a type that is specially adapted for being searched and retrieved from in response to user-provided search criteria , said system also preventing unlimited user access (security code) to said stored database information so as to prevent said client user from at least one of (a) copying , (b) otherwise using , and (c) otherwise processing , said stored database information in a manner at least one of (a) not authorized by the publisher of said database information , and (b) so as to ensure that the publisher of said database information is adequately compensated for at least one of (i) client user access , and (ii) client user use , said system including in combination : at least one housing located at said client site ;
at least one portable storage medium adapted to be accepted by said housing , said at least one storage medium storing , at least in part , at least one database having at least a part that is encrypted and stored in a form making said part unintelligible to said client user unless said part is decrypted , said database being at least in part indexed by at least one index ;
digital processor means operatively connected to said at least one storage medium so as to (a) generate a database access request , (b) read index information from said at least one storage medium so as to provide corresponding digital index signals , (c) identify , at least partially in response to said digital index signals , portions of said at least one database which satisfy the access request , and (d) read an identified database portion from the at least one storage medium so as to provide corresponding digital signals for at least one of (a) processing , and (b) usage ;
and control means operatively connected to at least one of (a) said digital processor means , and (b) said at least one storage medium , for metering at least one aspect of at least one of (a) processing , and (b) usage , of said at least one database , for storing digital signals indicative of at least one part of said metered at least one aspect in a form not easily modified by said client user , and for selectively limiting , in response to said at least one of metered (a) processing , and (b) usage , the further at least one of (a) processing , and (b) usage , of at least a part of said at least one database .

US5050213A
CLAIM 10 . A method of securing access to at least one database comprising the steps of : providing at least one portable medium located at a client site and storing at least one database composed , at least in part , of information organized as digital indicia in database searchable form , said at least one database having at least one encrypted part in order to preclude at least one of (a) unauthorized use , and (b) unauthorized access (security code) ;
generating database search criteria ;
searching at least one part of said at least one database to identify digital indicia corresponding to portions of said at least one database which satisfy said generated search criteria ;
decrypting at least one of (a) digital electronic signals corresponding to desired , identified , encrypted database portions , and (b) at least one digital electronic signal corresponding to an identified encrypted portion of said at least one database , to produce corresponding decrypted information ;
measuring at least one of (a) the quantity , and (b) the duration , of use of at least one portion of said at least one database and generating a result corresponding to said measurement ;
storing an indication of said generated result on a storage medium in a form which deters client tampering therewith ;
and selectively inhibiting at least one of (a) searching , (b) decrypting , and (c) otherwise using , in response to said result .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (unauthorized access, user access) is embedded within the protected code . 		US5050213A
CLAIM 5 . A system for permitting a client user to access and retrieve from stored digitally encoded database information of a type that is specially adapted for being searched and retrieved from in response to user-provided search criteria , said system also preventing unlimited user access (security code) to said stored database information so as to prevent said client user from at least one of (a) copying , (b) otherwise using , and (c) otherwise processing , said stored database information in a manner at least one of (a) not authorized by the publisher of said database information , and (b) so as to ensure that the publisher of said database information is adequately compensated for at least one of (i) client user access , and (ii) client user use , said system including in combination : at least one housing located at said client site ;
at least one portable storage medium adapted to be accepted by said housing , said at least one storage medium storing , at least in part , at least one database having at least a part that is encrypted and stored in a form making said part unintelligible to said client user unless said part is decrypted , said database being at least in part indexed by at least one index ;
digital processor means operatively connected to said at least one storage medium so as to (a) generate a database access request , (b) read index information from said at least one storage medium so as to provide corresponding digital index signals , (c) identify , at least partially in response to said digital index signals , portions of said at least one database which satisfy the access request , and (d) read an identified database portion from the at least one storage medium so as to provide corresponding digital signals for at least one of (a) processing , and (b) usage ;
and control means operatively connected to at least one of (a) said digital processor means , and (b) said at least one storage medium , for metering at least one aspect of at least one of (a) processing , and (b) usage , of said at least one database , for storing digital signals indicative of at least one part of said metered at least one aspect in a form not easily modified by said client user , and for selectively limiting , in response to said at least one of metered (a) processing , and (b) usage , the further at least one of (a) processing , and (b) usage , of at least a part of said at least one database .

US5050213A
CLAIM 10 . A method of securing access to at least one database comprising the steps of : providing at least one portable medium located at a client site and storing at least one database composed , at least in part , of information organized as digital indicia in database searchable form , said at least one database having at least one encrypted part in order to preclude at least one of (a) unauthorized use , and (b) unauthorized access (security code) ;
generating database search criteria ;
searching at least one part of said at least one database to identify digital indicia corresponding to portions of said at least one database which satisfy said generated search criteria ;
decrypting at least one of (a) digital electronic signals corresponding to desired , identified , encrypted database portions , and (b) at least one digital electronic signal corresponding to an identified encrypted portion of said at least one database , to produce corresponding decrypted information ;
measuring at least one of (a) the quantity , and (b) the duration , of use of at least one portion of said at least one database and generating a result corresponding to said measurement ;
storing an indication of said generated result on a storage medium in a form which deters client tampering therewith ;
and selectively inhibiting at least one of (a) searching , (b) decrypting , and (c) otherwise using , in response to said result .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (unauthorized access, user access) is embedded at locations which are unused by the protected code . 		US5050213A
CLAIM 5 . A system for permitting a client user to access and retrieve from stored digitally encoded database information of a type that is specially adapted for being searched and retrieved from in response to user-provided search criteria , said system also preventing unlimited user access (security code) to said stored database information so as to prevent said client user from at least one of (a) copying , (b) otherwise using , and (c) otherwise processing , said stored database information in a manner at least one of (a) not authorized by the publisher of said database information , and (b) so as to ensure that the publisher of said database information is adequately compensated for at least one of (i) client user access , and (ii) client user use , said system including in combination : at least one housing located at said client site ;
at least one portable storage medium adapted to be accepted by said housing , said at least one storage medium storing , at least in part , at least one database having at least a part that is encrypted and stored in a form making said part unintelligible to said client user unless said part is decrypted , said database being at least in part indexed by at least one index ;
digital processor means operatively connected to said at least one storage medium so as to (a) generate a database access request , (b) read index information from said at least one storage medium so as to provide corresponding digital index signals , (c) identify , at least partially in response to said digital index signals , portions of said at least one database which satisfy the access request , and (d) read an identified database portion from the at least one storage medium so as to provide corresponding digital signals for at least one of (a) processing , and (b) usage ;
and control means operatively connected to at least one of (a) said digital processor means , and (b) said at least one storage medium , for metering at least one aspect of at least one of (a) processing , and (b) usage , of said at least one database , for storing digital signals indicative of at least one part of said metered at least one aspect in a form not easily modified by said client user , and for selectively limiting , in response to said at least one of metered (a) processing , and (b) usage , the further at least one of (a) processing , and (b) usage , of at least a part of said at least one database .

US5050213A
CLAIM 10 . A method of securing access to at least one database comprising the steps of : providing at least one portable medium located at a client site and storing at least one database composed , at least in part , of information organized as digital indicia in database searchable form , said at least one database having at least one encrypted part in order to preclude at least one of (a) unauthorized use , and (b) unauthorized access (security code) ;
generating database search criteria ;
searching at least one part of said at least one database to identify digital indicia corresponding to portions of said at least one database which satisfy said generated search criteria ;
decrypting at least one of (a) digital electronic signals corresponding to desired , identified , encrypted database portions , and (b) at least one digital electronic signal corresponding to an identified encrypted portion of said at least one database , to produce corresponding decrypted information ;
measuring at least one of (a) the quantity , and (b) the duration , of use of at least one portion of said at least one database and generating a result corresponding to said measurement ;
storing an indication of said generated result on a storage medium in a form which deters client tampering therewith ;
and selectively inhibiting at least one of (a) searching , (b) decrypting , and (c) otherwise using , in response to said result .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (identifying portions) operable to change the location of the security code (unauthorized access, user access) and to modify the call instruction to refer to the new location . 		US5050213A
CLAIM 3 . A secure database access system operable by at least one user at a user site , said system comprising : an optical storage arrangement located at said at least one user site , said storage arrangement storing at least one database and at least one scrambled database component , said database being specially adapted for being searched and retrieved in response to search criteria ;
input means for providing database search criteria in response , at least in part , to user input ;
searching means , operatively connected to said storage arrangement and to said input means , for searching at least one part of said at least one database , including means for identifying portions (relocation code) of said at least one database in response to said search criteria ;
reading means , operatively connected to said searching means , for reading an identified database portion so as to provide digital electrical signals ;
descrambling means , operatively connected to receive provided digital electrical signals , for descrambling at least a portion of at least one scrambled database component so as to produce database information is useable form ;
and control means operatively connected to at least one of (a) said storage arrangement , (b) said searching means , (c) said reading means , and (d) said decrypting means , for metering at least one of (a) processing , and (b) usage , of descrambled database components and for facilitating communication of information representing said metered at least one of (a) processing , and (b) usage , to at least one location distant from said user .

US5050213A
CLAIM 9 . A secure database access system for permitting a client user to access and retrieve from digitally encoded database contents stored in a form at least in part specially adapted for being searched , said system also preventing unlimited user access (security code) to said stored database contents so as to prevent said user from at least one of (a) copying , (b) otherwise using , and (c) otherwise processing , said stored database contents in a manner at least one of (a) not authorized by the publisher of said database , and (b) so as to ensure that the publisher of said database is adequately compensated for at least one of (i) user access , and (ii) user use , said system comprising : at least one housing ;
at least one storage medium adapted to be accepted by said housing and storing at least part of at least one database , said at least one database having at least one encrypted component , said at least one database also comprising a digital collection of information , said digital collection of information having been processed at least in part so as to be searchable ;
at least one processor , operatively connected to said at least one storage medium , said at least one processor preprogrammed so as to : (a) accept search criteria at least in part specified by a user , (b) search at least one part of said at least one database in response to said search criteria , (c) identify , in accordance with said search , any portions of said at least one database which satisfy said search criteria , (d) read information from said at least one storage medium , and (e) provide signals corresponding at least in part to an identified database portion ;
decrypting means for decrypting signals provided by said processor so as to provide corresponding database contents in useable form ;
and control means , coupled to at least one of (a) said at least one processor , and (b) said decrypting means , for measuring the percentage of at least one part of said information collection decrypted by said decrypting means , for storing said measured percentage in a form not readily modifiable by said client user , and for preventing at least one part of said at least one information collection from being provided in useable form .

US5050213A
CLAIM 10 . A method of securing access to at least one database comprising the steps of : providing at least one portable medium located at a client site and storing at least one database composed , at least in part , of information organized as digital indicia in database searchable form , said at least one database having at least one encrypted part in order to preclude at least one of (a) unauthorized use , and (b) unauthorized access (security code) ;
generating database search criteria ;
searching at least one part of said at least one database to identify digital indicia corresponding to portions of said at least one database which satisfy said generated search criteria ;
decrypting at least one of (a) digital electronic signals corresponding to desired , identified , encrypted database portions , and (b) at least one digital electronic signal corresponding to an identified encrypted portion of said at least one database , to produce corresponding decrypted information ;
measuring at least one of (a) the quantity , and (b) the duration , of use of at least one portion of said at least one database and generating a result corresponding to said measurement ;
storing an indication of said generated result on a storage medium in a form which deters client tampering therewith ;
and selectively inhibiting at least one of (a) searching , (b) decrypting , and (c) otherwise using , in response to said result .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (identifying portions) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US5050213A
CLAIM 3 . A secure database access system operable by at least one user at a user site , said system comprising : an optical storage arrangement located at said at least one user site , said storage arrangement storing at least one database and at least one scrambled database component , said database being specially adapted for being searched and retrieved in response to search criteria ;
input means for providing database search criteria in response , at least in part , to user input ;
searching means , operatively connected to said storage arrangement and to said input means , for searching at least one part of said at least one database , including means for identifying portions (relocation code) of said at least one database in response to said search criteria ;
reading means , operatively connected to said searching means , for reading an identified database portion so as to provide digital electrical signals ;
descrambling means , operatively connected to receive provided digital electrical signals , for descrambling at least a portion of at least one scrambled database component so as to produce database information is useable form ;
and control means operatively connected to at least one of (a) said storage arrangement , (b) said searching means , (c) said reading means , and (d) said decrypting means , for metering at least one of (a) processing , and (b) usage , of descrambled database components and for facilitating communication of information representing said metered at least one of (a) processing , and (b) usage , to at least one location distant from said user .

US7162735B2
CLAIM 18 . A digital data (digital data) arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form (communicating means, restricting means) by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5050213A
CLAIM 14 . A database access system which is capable of being operated by a user at a user site so as to electronically search digital data (digital data) base information in response to a search request , said system including the following combination of elements all located at said user site ;
an optical storage device storing thereon digitally encoded database information at least some of which is in a form that is unintelligible unless said information is processed using a key ;
a search/retrieval arrangement operatively coupled to said optical storage device , said search/retrieval arrangement causing a subset of said database information responsive , at least in part , to said search request to be retrieved from said storage device , processed using said key , and presented to said user ;
and a metering arrangement operatively associated with said optical storage device , said metering arrangement monitoring usage of said database information , storing information indicative of at least a portion of said usage , and selectively inhibiting said database information from being processed to said user in response to comparison of monitored usage with a predetermined limit .

US5050213A
CLAIM 20 . A secure database access system comprising : at least one storage medium located at a customer site and storing database information on at least one removable , optical storage disc , with at least one part of said database information being stored encrypted form ;
input means for providing database search criteria in response , at least in part , to user input ;
searching means , operatively connected to said at least one storage medium and to said input means , for searching at least one portion of said database information so as to identify database portions corresponding to said search criteria ;
additional functions means , operatively connected to said searching means , for performing at least one of the additional functions of copying , storing , printing , and communicating at least one part of said identified database information ;
decrypting means , operatively connected to at least one of (a) said searching means , and (b) said at least one storage medium , for decrypting identified database information ;
displaying means , operatively connected to at least one of (a) said searching means , and (b) said decrypting means , for displaying database information ;
and selectively restricting means (executable form) , operatively connected to said additional function means , for restricting the use of at least one database portion by permitting said displaying means to display , but precluding said additional functions means from at least one of copying , storing , printing and communicating , at least one part of identified database information .

US5050213A
CLAIM 24 . A secure digital access system for distributing properties in digital form , said system comprising : first storage means physically disposed at a client site and including an optical storage device , said storage means for storing plural properties thereon in digital from , rights in said properties being owned by plural property owners , the contents of at least a part of at least one of said plural properties being secured by at least one of (a) encryption , and (b) a password ;
digital processor means , operatively connected to said first storage means , for allowing at least one client user to select and electronically retrieve at least one part of at least one of said stored properties , said digital processor means also including means for allowing said client user to at least one of (a) access and (b) use , at least one secured part of said plural properties through use of at least one key ;
usage means , operatively connected to at least one of (a) said digital processor means , and (b) said first storage means , for providing digital usage information representing at least one aspect of user usage of properties ;
communicating means (executable form) , operatively connected to at least one of (a) said further storage means , and (b) said digital processor means , for facilitating communication of indicia of said usage information to at least one location distant from said client site ;
determining means , operatively connected to said communicating means , for determining any client payments due ;
requiring means , operatively connected to at least one of (a) said digital processor means , (b) said determining means , (c) said communicating means , and (d) said usage means , for requiring payment from said client ;
and means , operatively connected to receive at least part of said digital usage information , to at least in part apportion amongst plural property owners at least a portion of said user payment , at least in part , at least one of (a) in response to said digital usage information , and (b) according to respective ownership rights of said plural property owners .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form (communicating means, restricting means) . 		US5050213A
CLAIM 20 . A secure database access system comprising : at least one storage medium located at a customer site and storing database information on at least one removable , optical storage disc , with at least one part of said database information being stored encrypted form ;
input means for providing database search criteria in response , at least in part , to user input ;
searching means , operatively connected to said at least one storage medium and to said input means , for searching at least one portion of said database information so as to identify database portions corresponding to said search criteria ;
additional functions means , operatively connected to said searching means , for performing at least one of the additional functions of copying , storing , printing , and communicating at least one part of said identified database information ;
decrypting means , operatively connected to at least one of (a) said searching means , and (b) said at least one storage medium , for decrypting identified database information ;
displaying means , operatively connected to at least one of (a) said searching means , and (b) said decrypting means , for displaying database information ;
and selectively restricting means (executable form) , operatively connected to said additional function means , for restricting the use of at least one database portion by permitting said displaying means to display , but precluding said additional functions means from at least one of copying , storing , printing and communicating , at least one part of identified database information .

US5050213A
CLAIM 24 . A secure digital access system for distributing properties in digital form , said system comprising : first storage means physically disposed at a client site and including an optical storage device , said storage means for storing plural properties thereon in digital from , rights in said properties being owned by plural property owners , the contents of at least a part of at least one of said plural properties being secured by at least one of (a) encryption , and (b) a password ;
digital processor means , operatively connected to said first storage means , for allowing at least one client user to select and electronically retrieve at least one part of at least one of said stored properties , said digital processor means also including means for allowing said client user to at least one of (a) access and (b) use , at least one secured part of said plural properties through use of at least one key ;
usage means , operatively connected to at least one of (a) said digital processor means , and (b) said first storage means , for providing digital usage information representing at least one aspect of user usage of properties ;
communicating means (executable form) , operatively connected to at least one of (a) said further storage means , and (b) said digital processor means , for facilitating communication of indicia of said usage information to at least one location distant from said client site ;
determining means , operatively connected to said communicating means , for determining any client payments due ;
requiring means , operatively connected to at least one of (a) said digital processor means , (b) said determining means , (c) said communicating means , and (d) said usage means , for requiring payment from said client ;
and means , operatively connected to receive at least part of said digital usage information , to at least in part apportion amongst plural property owners at least a portion of said user payment , at least in part , at least one of (a) in response to said digital usage information , and (b) according to respective ownership rights of said plural property owners .

US7162735B2
CLAIM 21 . The arrangement of claim 19 , wherein at least one block is operable , upon execution , to convert another block into an executable form (communicating means, restricting means) for subsequent execution . 		US5050213A
CLAIM 20 . A secure database access system comprising : at least one storage medium located at a customer site and storing database information on at least one removable , optical storage disc , with at least one part of said database information being stored encrypted form ;
input means for providing database search criteria in response , at least in part , to user input ;
searching means , operatively connected to said at least one storage medium and to said input means , for searching at least one portion of said database information so as to identify database portions corresponding to said search criteria ;
additional functions means , operatively connected to said searching means , for performing at least one of the additional functions of copying , storing , printing , and communicating at least one part of said identified database information ;
decrypting means , operatively connected to at least one of (a) said searching means , and (b) said at least one storage medium , for decrypting identified database information ;
displaying means , operatively connected to at least one of (a) said searching means , and (b) said decrypting means , for displaying database information ;
and selectively restricting means (executable form) , operatively connected to said additional function means , for restricting the use of at least one database portion by permitting said displaying means to display , but precluding said additional functions means from at least one of copying , storing , printing and communicating , at least one part of identified database information .

US7162735B2
CLAIM 22 . The arrangement of claim 21 , wherein each block is operable , upon execution , to convert another block to an executable form (communicating means, restricting means) for subsequent execution . 		US5050213A
CLAIM 20 . A secure database access system comprising : at least one storage medium located at a customer site and storing database information on at least one removable , optical storage disc , with at least one part of said database information being stored encrypted form ;
input means for providing database search criteria in response , at least in part , to user input ;
searching means , operatively connected to said at least one storage medium and to said input means , for searching at least one portion of said database information so as to identify database portions corresponding to said search criteria ;
additional functions means , operatively connected to said searching means , for performing at least one of the additional functions of copying , storing , printing , and communicating at least one part of said identified database information ;
decrypting means , operatively connected to at least one of (a) said searching means , and (b) said at least one storage medium , for decrypting identified database information ;
displaying means , operatively connected to at least one of (a) said searching means , and (b) said decrypting means , for displaying database information ;
and selectively restricting means (executable form) , operatively connected to said additional function means , for restricting the use of at least one database portion by permitting said displaying means to display , but precluding said additional functions means from at least one of copying , storing , printing and communicating , at least one part of identified database information .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (memory means) storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (processor means) will cause the executable conversion code to be executed when seeking to access the protected data . 		US5050213A
CLAIM 19 . A method of securing access to a database comprising the steps of : providing at a client site at least one mass storage medium including optical memory means (memory means) , said storage medium storing at least one searchable database , said database having at least some inaccessible contents ;
providing database search criteria determined at least in part by user input ;
searching at least one part of said at least one database in response to said database search criteria and locating any database portions which corresponds to said search criteria ;
making accessible at least one of (a) at least one portions of the inaccessible database contents resulting from said searching , and (b) any user desired ones of inaccessible database contents resulting from said searching , so as to provide corresponding useable information , including the step of processing said contents through the use of a key ;
and selectively restricting use of at least one portion of said at least one database by preventing , under at least one circumstance , at least one of copying , storing , printing and communicating .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (stored data, reading device) , is operable as a digital data (digital data) protection arrangement in accordance with claim 18 . 		US5050213A
CLAIM 11 . A database access system comprising : a storage arrangement storing at least one database at a customer site , said at least one database having at least one encrypted part , and also storing information representing at least one database usage ceiling corresponding to at least one portion of said at least one database ;
updating means , operatively connected to said storage arrangement for updating at least one part of said stored data (computer system, computer system comprising memory) base usage ceiling information ;
input means , operatively connected to said storage arrangement , for generating database search criteria at least in part in response to user input ;
searching means , operatively connected to said storage arrangement and operatively connected to receive said generated search criteria , for searching at least one part of said at least one database and for identifying any portions of said at least one part of said at least one database which correspond to said search criteria ;
retrieving means for retrieving an identified portion of said database from said storage arrangement ;
decrypting means operatively connected to said retrieving means for decrypting a retrieved database portion ;
and control means operatively connected to at least said storage arrangement , for metering at least one parameter of usage of at least one portion of said at least one database , for comparing said metered usage to said at least one database usage ceiling , and for selectively preventing decrypting of at least one part of said encrypted database in response to the result of said comparison .

US5050213A
CLAIM 14 . A database access system which is capable of being operated by a user at a user site so as to electronically search digital data (digital data) base information in response to a search request , said system including the following combination of elements all located at said user site ;
an optical storage device storing thereon digitally encoded database information at least some of which is in a form that is unintelligible unless said information is processed using a key ;
a search/retrieval arrangement operatively coupled to said optical storage device , said search/retrieval arrangement causing a subset of said database information responsive , at least in part , to said search request to be retrieved from said storage device , processed using said key , and presented to said user ;
and a metering arrangement operatively associated with said optical storage device , said metering arrangement monitoring usage of said database information , storing information indicative of at least a portion of said usage , and selectively inhibiting said database information from being processed to said user in response to comparison of monitored usage with a predetermined limit .

US5050213A
CLAIM 17 . A method of providing information responsive to search criteria for use by a client at a physical client site , said method comprising the steps of : (1) providing , for insertion into a reading device (computer system, computer system comprising memory) at said physical client site , at least one portable optical storage medium , said optical storage medium storing database information adapted to be searchable ;
(2) inserting said optical storage medium into said reading device ;
(3) searching said database information to identify database information which corresponds , at least in part , to said search criteria ;
(4) reading and processing identified database information from said optical storage medium using a key ;
and (5) metering at least one aspect of client usage of said database information and generating at least one parameter reflecting said usage .

US7162735B2
CLAIM 29 . A digital data (digital data) arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order (metering means, said signals) to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5050213A
CLAIM 14 . A database access system which is capable of being operated by a user at a user site so as to electronically search digital data (digital data) base information in response to a search request , said system including the following combination of elements all located at said user site ;
an optical storage device storing thereon digitally encoded database information at least some of which is in a form that is unintelligible unless said information is processed using a key ;
a search/retrieval arrangement operatively coupled to said optical storage device , said search/retrieval arrangement causing a subset of said database information responsive , at least in part , to said search request to be retrieved from said storage device , processed using said key , and presented to said user ;
and a metering arrangement operatively associated with said optical storage device , said metering arrangement monitoring usage of said database information , storing information indicative of at least a portion of said usage , and selectively inhibiting said database information from being processed to said user in response to comparison of monitored usage with a predetermined limit .

US5050213A
CLAIM 21 . A secure database access system of the type for electronically searching digital database information in response to a user search request , said system including a data processor arrangement coupled to writable volatile storage , writable non-volatile storage , a user input device , and a display , said system further including : at least one optical disk having encrypted digitally encoded database information stored thereon ;
an optical disk drive directly connected to and local with said data processor arrangement and adapted to physically accept and interact with said optical disk , said optical disk drive reading stored database information from said optical disk and providing corresponding signals to said data processor arrangement ;
said data processor arrangement being connected to receive said signals (one order) generated by said optical disk drive , said data processor arrangement being preprogrammed so as to perform the following functions : (a) cooperate with said optical disk drive so as to search said digitally encoded database information , at least in part , in response to a user search request inputted via said user input device and to retrieve signals representing at least some of said stored digitally encoded database information in response to said search , (b) decrypt at least some of said retrieved signals so as to provide corresponding decrypted signals , (c) display information responsive to at least some of said retrieved signals , (d) update at least one indication related to at least one of (a) processing , and (b) usage , of database information , (e) selectively permit , at least in part in response to said updated indication , information corresponding to at least some of said decrypted signals to be recorded on a non-volatile medium .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (stored data, reading device) , is operable as a digital data (digital data) protection arrangement in accordance with claim 29 . 		US5050213A
CLAIM 11 . A database access system comprising : a storage arrangement storing at least one database at a customer site , said at least one database having at least one encrypted part , and also storing information representing at least one database usage ceiling corresponding to at least one portion of said at least one database ;
updating means , operatively connected to said storage arrangement for updating at least one part of said stored data (computer system, computer system comprising memory) base usage ceiling information ;
input means , operatively connected to said storage arrangement , for generating database search criteria at least in part in response to user input ;
searching means , operatively connected to said storage arrangement and operatively connected to receive said generated search criteria , for searching at least one part of said at least one database and for identifying any portions of said at least one part of said at least one database which correspond to said search criteria ;
retrieving means for retrieving an identified portion of said database from said storage arrangement ;
decrypting means operatively connected to said retrieving means for decrypting a retrieved database portion ;
and control means operatively connected to at least said storage arrangement , for metering at least one parameter of usage of at least one portion of said at least one database , for comparing said metered usage to said at least one database usage ceiling , and for selectively preventing decrypting of at least one part of said encrypted database in response to the result of said comparison .

US5050213A
CLAIM 14 . A database access system which is capable of being operated by a user at a user site so as to electronically search digital data (digital data) base information in response to a search request , said system including the following combination of elements all located at said user site ;
an optical storage device storing thereon digitally encoded database information at least some of which is in a form that is unintelligible unless said information is processed using a key ;
a search/retrieval arrangement operatively coupled to said optical storage device , said search/retrieval arrangement causing a subset of said database information responsive , at least in part , to said search request to be retrieved from said storage device , processed using said key , and presented to said user ;
and a metering arrangement operatively associated with said optical storage device , said metering arrangement monitoring usage of said database information , storing information indicative of at least a portion of said usage , and selectively inhibiting said database information from being processed to said user in response to comparison of monitored usage with a predetermined limit .

US5050213A
CLAIM 17 . A method of providing information responsive to search criteria for use by a client at a physical client site , said method comprising the steps of : (1) providing , for insertion into a reading device (computer system, computer system comprising memory) at said physical client site , at least one portable optical storage medium , said optical storage medium storing database information adapted to be searchable ;
(2) inserting said optical storage medium into said reading device ;
(3) searching said database information to identify database information which corresponds , at least in part , to said search criteria ;
(4) reading and processing identified database information from said optical storage medium using a key ;
and (5) metering at least one aspect of client usage of said database information and generating at least one parameter reflecting said usage .

US7162735B2
CLAIM 34 . A digital data (digital data) arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5050213A
CLAIM 14 . A database access system which is capable of being operated by a user at a user site so as to electronically search digital data (digital data) base information in response to a search request , said system including the following combination of elements all located at said user site ;
an optical storage device storing thereon digitally encoded database information at least some of which is in a form that is unintelligible unless said information is processed using a key ;
a search/retrieval arrangement operatively coupled to said optical storage device , said search/retrieval arrangement causing a subset of said database information responsive , at least in part , to said search request to be retrieved from said storage device , processed using said key , and presented to said user ;
and a metering arrangement operatively associated with said optical storage device , said metering arrangement monitoring usage of said database information , storing information indicative of at least a portion of said usage , and selectively inhibiting said database information from being processed to said user in response to comparison of monitored usage with a predetermined limit .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (stored data, reading device) , is operable as a digital data (digital data) protection arrangement in accordance with claim 34 . 		US5050213A
CLAIM 11 . A database access system comprising : a storage arrangement storing at least one database at a customer site , said at least one database having at least one encrypted part , and also storing information representing at least one database usage ceiling corresponding to at least one portion of said at least one database ;
updating means , operatively connected to said storage arrangement for updating at least one part of said stored data (computer system, computer system comprising memory) base usage ceiling information ;
input means , operatively connected to said storage arrangement , for generating database search criteria at least in part in response to user input ;
searching means , operatively connected to said storage arrangement and operatively connected to receive said generated search criteria , for searching at least one part of said at least one database and for identifying any portions of said at least one part of said at least one database which correspond to said search criteria ;
retrieving means for retrieving an identified portion of said database from said storage arrangement ;
decrypting means operatively connected to said retrieving means for decrypting a retrieved database portion ;
and control means operatively connected to at least said storage arrangement , for metering at least one parameter of usage of at least one portion of said at least one database , for comparing said metered usage to said at least one database usage ceiling , and for selectively preventing decrypting of at least one part of said encrypted database in response to the result of said comparison .

US5050213A
CLAIM 14 . A database access system which is capable of being operated by a user at a user site so as to electronically search digital data (digital data) base information in response to a search request , said system including the following combination of elements all located at said user site ;
an optical storage device storing thereon digitally encoded database information at least some of which is in a form that is unintelligible unless said information is processed using a key ;
a search/retrieval arrangement operatively coupled to said optical storage device , said search/retrieval arrangement causing a subset of said database information responsive , at least in part , to said search request to be retrieved from said storage device , processed using said key , and presented to said user ;
and a metering arrangement operatively associated with said optical storage device , said metering arrangement monitoring usage of said database information , storing information indicative of at least a portion of said usage , and selectively inhibiting said database information from being processed to said user in response to comparison of monitored usage with a predetermined limit .

US5050213A
CLAIM 17 . A method of providing information responsive to search criteria for use by a client at a physical client site , said method comprising the steps of : (1) providing , for insertion into a reading device (computer system, computer system comprising memory) at said physical client site , at least one portable optical storage medium , said optical storage medium storing database information adapted to be searchable ;
(2) inserting said optical storage medium into said reading device ;
(3) searching said database information to identify database information which corresponds , at least in part , to said search criteria ;
(4) reading and processing identified database information from said optical storage medium using a key ;
and (5) metering at least one aspect of client usage of said database information and generating at least one parameter reflecting said usage .

US7162735B2
CLAIM 38 . A digital data (digital data) arrangement comprising protected code , security code (unauthorized access, user access) and relocation code (identifying portions) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5050213A
CLAIM 3 . A secure database access system operable by at least one user at a user site , said system comprising : an optical storage arrangement located at said at least one user site , said storage arrangement storing at least one database and at least one scrambled database component , said database being specially adapted for being searched and retrieved in response to search criteria ;
input means for providing database search criteria in response , at least in part , to user input ;
searching means , operatively connected to said storage arrangement and to said input means , for searching at least one part of said at least one database , including means for identifying portions (relocation code) of said at least one database in response to said search criteria ;
reading means , operatively connected to said searching means , for reading an identified database portion so as to provide digital electrical signals ;
descrambling means , operatively connected to receive provided digital electrical signals , for descrambling at least a portion of at least one scrambled database component so as to produce database information is useable form ;
and control means operatively connected to at least one of (a) said storage arrangement , (b) said searching means , (c) said reading means , and (d) said decrypting means , for metering at least one of (a) processing , and (b) usage , of descrambled database components and for facilitating communication of information representing said metered at least one of (a) processing , and (b) usage , to at least one location distant from said user .

US5050213A
CLAIM 10 . A method of securing access to at least one database comprising the steps of : providing at least one portable medium located at a client site and storing at least one database composed , at least in part , of information organized as digital indicia in database searchable form , said at least one database having at least one encrypted part in order to preclude at least one of (a) unauthorized use , and (b) unauthorized access (security code) ;
generating database search criteria ;
searching at least one part of said at least one database to identify digital indicia corresponding to portions of said at least one database which satisfy said generated search criteria ;
decrypting at least one of (a) digital electronic signals corresponding to desired , identified , encrypted database portions , and (b) at least one digital electronic signal corresponding to an identified encrypted portion of said at least one database , to produce corresponding decrypted information ;
measuring at least one of (a) the quantity , and (b) the duration , of use of at least one portion of said at least one database and generating a result corresponding to said measurement ;
storing an indication of said generated result on a storage medium in a form which deters client tampering therewith ;
and selectively inhibiting at least one of (a) searching , (b) decrypting , and (c) otherwise using , in response to said result .

US5050213A
CLAIM 14 . A database access system which is capable of being operated by a user at a user site so as to electronically search digital data (digital data) base information in response to a search request , said system including the following combination of elements all located at said user site ;
an optical storage device storing thereon digitally encoded database information at least some of which is in a form that is unintelligible unless said information is processed using a key ;
a search/retrieval arrangement operatively coupled to said optical storage device , said search/retrieval arrangement causing a subset of said database information responsive , at least in part , to said search request to be retrieved from said storage device , processed using said key , and presented to said user ;
and a metering arrangement operatively associated with said optical storage device , said metering arrangement monitoring usage of said database information , storing information indicative of at least a portion of said usage , and selectively inhibiting said database information from being processed to said user in response to comparison of monitored usage with a predetermined limit .

US5050213A
CLAIM 15 . A method for permitting user access (security code) to , and retrieval from , stored digitally encoded database contents , said database contents being adapted for searching and retrieving , said method comprising the steps of : (a) storing database information on an optical storage device physically located at a client site in an encrypted form that is unintelligible to said user unless said information is processed using at least one key ;
(b) selecting at least one portion of said stored database information based on selection criteria determined at least in part by user input and providing digital electrical signals corresponding to selected information ;
(c) decrypting said provided digital electrical signals through the use of said at least one key so as to permit use of at least a part of said selected database portion ;
(d) metering information representing at least part of at least one of (a) use , and (b) processing , of said database portion processed by said step (c) ;
(e) storing said representative information in a manner inaccessible to the typical user ;
and (f) selectively preventing decryption of at least one encrypted part of said database in response to said metered information .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (unauthorized access, user access) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (identifying portions) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5050213A
CLAIM 3 . A secure database access system operable by at least one user at a user site , said system comprising : an optical storage arrangement located at said at least one user site , said storage arrangement storing at least one database and at least one scrambled database component , said database being specially adapted for being searched and retrieved in response to search criteria ;
input means for providing database search criteria in response , at least in part , to user input ;
searching means , operatively connected to said storage arrangement and to said input means , for searching at least one part of said at least one database , including means for identifying portions (relocation code) of said at least one database in response to said search criteria ;
reading means , operatively connected to said searching means , for reading an identified database portion so as to provide digital electrical signals ;
descrambling means , operatively connected to receive provided digital electrical signals , for descrambling at least a portion of at least one scrambled database component so as to produce database information is useable form ;
and control means operatively connected to at least one of (a) said storage arrangement , (b) said searching means , (c) said reading means , and (d) said decrypting means , for metering at least one of (a) processing , and (b) usage , of descrambled database components and for facilitating communication of information representing said metered at least one of (a) processing , and (b) usage , to at least one location distant from said user .

US5050213A
CLAIM 10 . A method of securing access to at least one database comprising the steps of : providing at least one portable medium located at a client site and storing at least one database composed , at least in part , of information organized as digital indicia in database searchable form , said at least one database having at least one encrypted part in order to preclude at least one of (a) unauthorized use , and (b) unauthorized access (security code) ;
generating database search criteria ;
searching at least one part of said at least one database to identify digital indicia corresponding to portions of said at least one database which satisfy said generated search criteria ;
decrypting at least one of (a) digital electronic signals corresponding to desired , identified , encrypted database portions , and (b) at least one digital electronic signal corresponding to an identified encrypted portion of said at least one database , to produce corresponding decrypted information ;
measuring at least one of (a) the quantity , and (b) the duration , of use of at least one portion of said at least one database and generating a result corresponding to said measurement ;
storing an indication of said generated result on a storage medium in a form which deters client tampering therewith ;
and selectively inhibiting at least one of (a) searching , (b) decrypting , and (c) otherwise using , in response to said result .

US5050213A
CLAIM 15 . A method for permitting user access (security code) to , and retrieval from , stored digitally encoded database contents , said database contents being adapted for searching and retrieving , said method comprising the steps of : (a) storing database information on an optical storage device physically located at a client site in an encrypted form that is unintelligible to said user unless said information is processed using at least one key ;
(b) selecting at least one portion of said stored database information based on selection criteria determined at least in part by user input and providing digital electrical signals corresponding to selected information ;
(c) decrypting said provided digital electrical signals through the use of said at least one key so as to permit use of at least a part of said selected database portion ;
(d) metering information representing at least part of at least one of (a) use , and (b) processing , of said database portion processed by said step (c) ;
(e) storing said representative information in a manner inaccessible to the typical user ;
and (f) selectively preventing decryption of at least one encrypted part of said database in response to said metered information .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (stored data, reading device) , is operable as a digital data (digital data) protection arrangement in accordance with claim 38 . 		US5050213A
CLAIM 11 . A database access system comprising : a storage arrangement storing at least one database at a customer site , said at least one database having at least one encrypted part , and also storing information representing at least one database usage ceiling corresponding to at least one portion of said at least one database ;
updating means , operatively connected to said storage arrangement for updating at least one part of said stored data (computer system, computer system comprising memory) base usage ceiling information ;
input means , operatively connected to said storage arrangement , for generating database search criteria at least in part in response to user input ;
searching means , operatively connected to said storage arrangement and operatively connected to receive said generated search criteria , for searching at least one part of said at least one database and for identifying any portions of said at least one part of said at least one database which correspond to said search criteria ;
retrieving means for retrieving an identified portion of said database from said storage arrangement ;
decrypting means operatively connected to said retrieving means for decrypting a retrieved database portion ;
and control means operatively connected to at least said storage arrangement , for metering at least one parameter of usage of at least one portion of said at least one database , for comparing said metered usage to said at least one database usage ceiling , and for selectively preventing decrypting of at least one part of said encrypted database in response to the result of said comparison .

US5050213A
CLAIM 14 . A database access system which is capable of being operated by a user at a user site so as to electronically search digital data (digital data) base information in response to a search request , said system including the following combination of elements all located at said user site ;
an optical storage device storing thereon digitally encoded database information at least some of which is in a form that is unintelligible unless said information is processed using a key ;
a search/retrieval arrangement operatively coupled to said optical storage device , said search/retrieval arrangement causing a subset of said database information responsive , at least in part , to said search request to be retrieved from said storage device , processed using said key , and presented to said user ;
and a metering arrangement operatively associated with said optical storage device , said metering arrangement monitoring usage of said database information , storing information indicative of at least a portion of said usage , and selectively inhibiting said database information from being processed to said user in response to comparison of monitored usage with a predetermined limit .

US5050213A
CLAIM 17 . A method of providing information responsive to search criteria for use by a client at a physical client site , said method comprising the steps of : (1) providing , for insertion into a reading device (computer system, computer system comprising memory) at said physical client site , at least one portable optical storage medium , said optical storage medium storing database information adapted to be searchable ;
(2) inserting said optical storage medium into said reading device ;
(3) searching said database information to identify database information which corresponds , at least in part , to said search criteria ;
(4) reading and processing identified database information from said optical storage medium using a key ;
and (5) metering at least one aspect of client usage of said database information and generating at least one parameter reflecting said usage .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5027396A

Filed: 1990-05-07     Issued: 1991-06-25

Execution protection for floppy disks

(Original Assignee) Xerox Corp     (Current Assignee) Xerox Corp

Dale T. Platteter, Robert S. Westfall, Jeff C. Carter
US7162735B2
CLAIM 5 . A computer system comprising memory means (writing data) containing a digital protection arrangement according to claim 4 . 		US5027396A
CLAIM 12 . In a control system for an image processing apparatus including a main memory and a disk drive , the method of permitting the execution of a disk loaded into the disk drive , the disk having a plurality of tracks , comprising the steps of : writing data (memory means, memory location) in non-standard format and length to a normally unaccessible track of the disk , the data including an encrypted password , the password being located at an arbitrary location within the data , reading the data resulting in an error signal , locating a starting position and applying an offset to identify the password , and unencrypting and authenticating the password in order to execute the disk .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (error signal) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		US5027396A
CLAIM 1 . In a control system for an image processing apparatus including a main memory and a floppy disk drive , the method of inhibiting the execution of a floppy disk loaded into the floppy disk drive , the floppy disk having a predetermined key track , the key track including random data unrecognizable to the control but including an arbitrarily positioned index pattern and a password related to the index pattern , comprising the steps of : transferring the contents of the key track from the floppy disk to the main memory , recognizing an error signal (relocation code) manifesting the unrecognizable random data , ignoring the error signal and scanning the random data to find the arbitrarily positioned index pattern , locating the password related to the index pattern among the random data , and comparing the password to a second password stored in the main memory to be able to execute the instructions stored on the floppy disk .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (error signal) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US5027396A
CLAIM 1 . In a control system for an image processing apparatus including a main memory and a floppy disk drive , the method of inhibiting the execution of a floppy disk loaded into the floppy disk drive , the floppy disk having a predetermined key track , the key track including random data unrecognizable to the control but including an arbitrarily positioned index pattern and a password related to the index pattern , comprising the steps of : transferring the contents of the key track from the floppy disk to the main memory , recognizing an error signal (relocation code) manifesting the unrecognizable random data , ignoring the error signal and scanning the random data to find the arbitrarily positioned index pattern , locating the password related to the index pattern among the random data , and comparing the password to a second password stored in the main memory to be able to execute the instructions stored on the floppy disk .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion (image processing) code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5027396A
CLAIM 1 . In a control system for an image processing (executable conversion) apparatus including a main memory and a floppy disk drive , the method of inhibiting the execution of a floppy disk loaded into the floppy disk drive , the floppy disk having a predetermined key track , the key track including random data unrecognizable to the control but including an arbitrarily positioned index pattern and a password related to the index pattern , comprising the steps of : transferring the contents of the key track from the floppy disk to the main memory , recognizing an error signal manifesting the unrecognizable random data , ignoring the error signal and scanning the random data to find the arbitrarily positioned index pattern , locating the password related to the index pattern among the random data , and comparing the password to a second password stored in the main memory to be able to execute the instructions stored on the floppy disk .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code and/or a data file (data file) . 		US5027396A
CLAIM 6 . In a control system for an image processing apparatus including a main memory and a disk drive , the method of permitting the execution of a disk loaded into the disk drive , the disk having a plurality of tracks , comprising the steps of : placing a data file (data file) including arbitrary data and a password on a normally unaccessible track of the disk , reading the data file from the normally unaccessible track of the disk and storing in main memory , decoding the password and comparing the password to a default password , and upon a permissible comparison of the password with the default password , permitting execution of the disk .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (writing data) storing the protected data , decryption instructions and conversion code with a start point (starting position) at a memory location (writing data) indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion (image processing) code to be executed when seeking to access the protected data . 		US5027396A
CLAIM 1 . In a control system for an image processing (executable conversion) apparatus including a main memory and a floppy disk drive , the method of inhibiting the execution of a floppy disk loaded into the floppy disk drive , the floppy disk having a predetermined key track , the key track including random data unrecognizable to the control but including an arbitrarily positioned index pattern and a password related to the index pattern , comprising the steps of : transferring the contents of the key track from the floppy disk to the main memory , recognizing an error signal manifesting the unrecognizable random data , ignoring the error signal and scanning the random data to find the arbitrarily positioned index pattern , locating the password related to the index pattern among the random data , and comparing the password to a second password stored in the main memory to be able to execute the instructions stored on the floppy disk .

US5027396A
CLAIM 12 . In a control system for an image processing apparatus including a main memory and a disk drive , the method of permitting the execution of a disk loaded into the disk drive , the disk having a plurality of tracks , comprising the steps of : writing data (memory means, memory location) in non-standard format and length to a normally unaccessible track of the disk , the data including an encrypted password , the password being located at an arbitrary location within the data , reading the data resulting in an error signal , locating a starting position (start point) and applying an offset to identify the password , and unencrypting and authenticating the password in order to execute the disk .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code (error signal) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5027396A
CLAIM 1 . In a control system for an image processing apparatus including a main memory and a floppy disk drive , the method of inhibiting the execution of a floppy disk loaded into the floppy disk drive , the floppy disk having a predetermined key track , the key track including random data unrecognizable to the control but including an arbitrarily positioned index pattern and a password related to the index pattern , comprising the steps of : transferring the contents of the key track from the floppy disk to the main memory , recognizing an error signal (relocation code) manifesting the unrecognizable random data , ignoring the error signal and scanning the random data to find the arbitrarily positioned index pattern , locating the password related to the index pattern among the random data , and comparing the password to a second password stored in the main memory to be able to execute the instructions stored on the floppy disk .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (error signal) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5027396A
CLAIM 1 . In a control system for an image processing apparatus including a main memory and a floppy disk drive , the method of inhibiting the execution of a floppy disk loaded into the floppy disk drive , the floppy disk having a predetermined key track , the key track including random data unrecognizable to the control but including an arbitrarily positioned index pattern and a password related to the index pattern , comprising the steps of : transferring the contents of the key track from the floppy disk to the main memory , recognizing an error signal (relocation code) manifesting the unrecognizable random data , ignoring the error signal and scanning the random data to find the arbitrarily positioned index pattern , locating the password related to the index pattern among the random data , and comparing the password to a second password stored in the main memory to be able to execute the instructions stored on the floppy disk .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5123045A

Filed: 1990-02-07     Issued: 1992-06-16

Comprehensive software protection system

(Original Assignee) Massachusetts Institute of Technology     (Current Assignee) Massachusetts Institute of Technology

Rafail Ostrovsky, Oded Goldreich
US7162735B2
CLAIM 1 . Computer software (address space) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key (function value) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5123045A
CLAIM 29 . In a data processing system having a memory and physically protected CPU , a method of preventing an adversary from replacing contents of a physical memory location with contents from another physical memory location during execution of a program comprising the steps of : a) storing a seed for a pseudo-random function in a memory ;
b) storing in each memory location a data value , a virtual address and a value of a pseudo-random function of the data value , wherein a seed of the pseudo-random function is the seed stored in the physically protected memory space ;
c) checking using the CPU after each memory access to the memory locations in the memory whether a proper pseudo-random function value (conversion key) was stored in the accessed memory location ;
and d) if an improper pseudo-random function value was stored , terminating execution of the program .

US5123045A
CLAIM 32 . In a data processing system , a memory for protecting a program from adversaries , comprising : a) a lowest level buffer comprised of X buckets of memory ;
b) a highest level buffer comprised of X N buckets of memory wherein N is a total number of buffers ;
c) N-2 buffers each having a unique level between the lowest level and the highest level and each having X L buckets where L is a level of the buffer ;
wherein address space (Computer software) s of the buffers pseudo-randomly map from virtual addresses of the program and data that the program uses , and virtual memory locations of the program and the data are stored in the buffers in accordance with the pseudo-random mappings .

US7162735B2
CLAIM 7 . Computer software (address space) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5123045A
CLAIM 32 . In a data processing system , a memory for protecting a program from adversaries , comprising : a) a lowest level buffer comprised of X buckets of memory ;
b) a highest level buffer comprised of X N buckets of memory wherein N is a total number of buffers ;
c) N-2 buffers each having a unique level between the lowest level and the highest level and each having X L buckets where L is a level of the buffer ;
wherein address space (Computer software) s of the buffers pseudo-randomly map from virtual addresses of the program and data that the program uses , and virtual memory locations of the program and the data are stored in the buffers in accordance with the pseudo-random mappings .

US7162735B2
CLAIM 13 . The arrangement of claim 12 , wherein at least one embedding location (physical memory locations) is identified when the protected code is executed , the security means is written to the embedding location . 		US5123045A
CLAIM 18 . In a data processing system a method of protecting a virtual address pattern of a program to a memory from an observer such that a physical address pattern of access of the program to the memory exhibited during execution of the program reveals no information about the virtual address pattern of the program to the memory , comprising the steps of : a) storing the program and the data , said program and data being comprised of a plurality of virtual memory locations specified by virtual addresses , in a level N buffer of a set of N buffers held in the memory , each buffer comprised of X L buckets where L is the level of the buffer and X is the number of buckets in a level 1 buffer , and for each virtual memory location , a physical address of a bucket comprised of physical memory locations (embedding location) in a buffer in which it is stored is specified by a pseudo-random function of its virtual address ;
b) scanning at least one bucket in each buffer when seeking a virtual memory location required for execution ;
c) moving the contents of a virtual memory location of a bucket in a buffer required for execution when it is found to a bucket in the level 1 buffer ;
and d) periodically during program execution , moving contents of a level L buffer to a level L+1 buffer such that each memory location is stored at an address in the level L+1 buffer that is a pseudo-random function of a virtual address .

US7162735B2
CLAIM 14 . The arrangement of claim 13 , wherein an embedding location (physical memory locations) is identified by decompiling the protected code , and analyzing the decompiled code . 		US5123045A
CLAIM 18 . In a data processing system a method of protecting a virtual address pattern of a program to a memory from an observer such that a physical address pattern of access of the program to the memory exhibited during execution of the program reveals no information about the virtual address pattern of the program to the memory , comprising the steps of : a) storing the program and the data , said program and data being comprised of a plurality of virtual memory locations specified by virtual addresses , in a level N buffer of a set of N buffers held in the memory , each buffer comprised of X L buckets where L is the level of the buffer and X is the number of buckets in a level 1 buffer , and for each virtual memory location , a physical address of a bucket comprised of physical memory locations (embedding location) in a buffer in which it is stored is specified by a pseudo-random function of its virtual address ;
b) scanning at least one bucket in each buffer when seeking a virtual memory location required for execution ;
c) moving the contents of a virtual memory location of a bucket in a buffer required for execution when it is found to a bucket in the level 1 buffer ;
and d) periodically during program execution , moving contents of a level L buffer to a level L+1 buffer such that each memory location is stored at an address in the level L+1 buffer that is a pseudo-random function of a virtual address .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key (function value) from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5123045A
CLAIM 29 . In a data processing system having a memory and physically protected CPU , a method of preventing an adversary from replacing contents of a physical memory location with contents from another physical memory location during execution of a program comprising the steps of : a) storing a seed for a pseudo-random function in a memory ;
b) storing in each memory location a data value , a virtual address and a value of a pseudo-random function of the data value , wherein a seed of the pseudo-random function is the seed stored in the physically protected memory space ;
c) checking using the CPU after each memory access to the memory locations in the memory whether a proper pseudo-random function value (conversion key) was stored in the accessed memory location ;
and d) if an improper pseudo-random function value was stored , terminating execution of the program .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (function value) derived from a respective target block . 		US5123045A
CLAIM 29 . In a data processing system having a memory and physically protected CPU , a method of preventing an adversary from replacing contents of a physical memory location with contents from another physical memory location during execution of a program comprising the steps of : a) storing a seed for a pseudo-random function in a memory ;
b) storing in each memory location a data value , a virtual address and a value of a pseudo-random function of the data value , wherein a seed of the pseudo-random function is the seed stored in the physically protected memory space ;
c) checking using the CPU after each memory access to the memory locations in the memory whether a proper pseudo-random function value (conversion key) was stored in the accessed memory location ;
and d) if an improper pseudo-random function value was stored , terminating execution of the program .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5109413A

Filed: 1989-11-28     Issued: 1992-04-28

Manipulating rights-to-execute in connection with a software copy protection mechanism

(Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp

Liam D. Comerford, Steve R. White
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item (second processors) of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5109413A
CLAIM 38 . A method of identifying first and second processors (second item) to each other as companion processors which companion processors are characterized by storing a set of keys , which set includes a number of keys greater than one , comprising the steps of : a) at a fist processor , generating a first random number , concatenating said first random number with a message authentication code , to produce a concatenated result and encrypting said concatenated result under one key of said set of keys to produce a first identifier , b) at a second processor , generating a second random number , concatenating said second random number with a message authentication code , to produce a concatenated result and encrypting said concatenated result under another key , said another key selected by said second processor from said set of keys , to produce another identifier , c) transmitting said first and another identifiers to said second and first processors , respectively , d) determining , at said processors that said identifiers were generated by companion processors by : 1) decrypting said identifiers with keys selected from said set of keys until a decrypted result includes a valid message authentication code as a portion , or e) determining that said first and second processors are not companion processors if all keys in said set are employed without any decrypted result including a valid message authentication code .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (key information) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5109413A
CLAIM 39 . A method of inter-processor communication which restricts exchange of key information (security code) to within a class of companion processors which are characterized by storage of a set of keys greater in number than one , said method comprising the steps : i) using a method of identification as recited in claim 38 , ii) combining said first and another identifiers at both said processors to produce a session key , and iii) exchanging key information by first encrypting said key information under said session key and transmitting said encrypted key information from said first to said second or from said second to said first processor .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (key information) , when executed , is operable to detect corruption of the protected code . 		US5109413A
CLAIM 39 . A method of inter-processor communication which restricts exchange of key information (security code) to within a class of companion processors which are characterized by storage of a set of keys greater in number than one , said method comprising the steps : i) using a method of identification as recited in claim 38 , ii) combining said first and another identifiers at both said processors to produce a session key , and iii) exchanging key information by first encrypting said key information under said session key and transmitting said encrypted key information from said first to said second or from said second to said first processor .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (key information) is operable to delete the protected code in the event that any corruption is detected . 		US5109413A
CLAIM 39 . A method of inter-processor communication which restricts exchange of key information (security code) to within a class of companion processors which are characterized by storage of a set of keys greater in number than one , said method comprising the steps : i) using a method of identification as recited in claim 38 , ii) combining said first and another identifiers at both said processors to produce a session key , and iii) exchanging key information by first encrypting said key information under said session key and transmitting said encrypted key information from said first to said second or from said second to said first processor .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (key information) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US5109413A
CLAIM 39 . A method of inter-processor communication which restricts exchange of key information (security code) to within a class of companion processors which are characterized by storage of a set of keys greater in number than one , said method comprising the steps : i) using a method of identification as recited in claim 38 , ii) combining said first and another identifiers at both said processors to produce a session key , and iii) exchanging key information by first encrypting said key information under said session key and transmitting said encrypted key information from said first to said second or from said second to said first processor .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (key information) is embedded within the protected code . 		US5109413A
CLAIM 39 . A method of inter-processor communication which restricts exchange of key information (security code) to within a class of companion processors which are characterized by storage of a set of keys greater in number than one , said method comprising the steps : i) using a method of identification as recited in claim 38 , ii) combining said first and another identifiers at both said processors to produce a session key , and iii) exchanging key information by first encrypting said key information under said session key and transmitting said encrypted key information from said first to said second or from said second to said first processor .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (key information) is embedded at locations which are unused by the protected code . 		US5109413A
CLAIM 39 . A method of inter-processor communication which restricts exchange of key information (security code) to within a class of companion processors which are characterized by storage of a set of keys greater in number than one , said method comprising the steps : i) using a method of identification as recited in claim 38 , ii) combining said first and another identifiers at both said processors to produce a session key , and iii) exchanging key information by first encrypting said key information under said session key and transmitting said encrypted key information from said first to said second or from said second to said first processor .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code (key information) and to modify the call instruction to refer to the new location . 		US5109413A
CLAIM 39 . A method of inter-processor communication which restricts exchange of key information (security code) to within a class of companion processors which are characterized by storage of a set of keys greater in number than one , said method comprising the steps : i) using a method of identification as recited in claim 38 , ii) combining said first and another identifiers at both said processors to produce a session key , and iii) exchanging key information by first encrypting said key information under said session key and transmitting said encrypted key information from said first to said second or from said second to said first processor .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code and/or a data file (data file) . 		US5109413A
CLAIM 30 . A method of safely distributing demonstration software only for demonstration use on composite computing systems comprising a host computer and a logically and physically secure coprocessor , wherein the coprocessor stores at least a specific key , said method comprising the steps of : a) distributing said demonstration software in a form in which at least a portion thereof is encrypted under a software key , b) distributing , along with said demonstration software said software key encrypted under said specific key and a null token data file (data file) , encrypted under said software key , said software key including at least a condition of use flag inhibiting any coprocessor from erasing said software key , c) installing said software key on a coprocessor by : c1) decrypting said software key under said specific key , and c2) searching permanent memory of said coprocessor to determine if said software key had previously been installed , c3) writing said software key to said permanent memory only if said step c2) indicates that said software key had never been previously installed , whereafter said demonstration software can be executed on said composite computing system by decrypting encrypted portions by said coprocessor , or c4) inhibiting said writing step c3) in the event said software key had been previously installed wherefore said demonstration software cannot be executed on said composite computing system , whereby a user may install said demonstration software into a composite computing system only on a single occasion thereby protecting software vendors from users repeatedly installing demonstration software .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part (following steps) of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5109413A
CLAIM 10 . A method as recited in claim 9 in which said method includes the following steps (second part) performed at said second coprocessor if said second coprocessor is a trusted recipient : b1a) generating a second random number and selecting a key from said set of cryptographic keys , b2a) concatenating said second random number of step b1a) and a message authentication code to produce a concatenated result , b3a) encrypting said concatenated result of step b2a) to produce said message and transmitting said message to said first coprocessor .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code (key information) and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5109413A
CLAIM 39 . A method of inter-processor communication which restricts exchange of key information (security code) to within a class of companion processors which are characterized by storage of a set of keys greater in number than one , said method comprising the steps : i) using a method of identification as recited in claim 38 , ii) combining said first and another identifiers at both said processors to produce a session key , and iii) exchanging key information by first encrypting said key information under said session key and transmitting said encrypted key information from said first to said second or from said second to said first processor .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (key information) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5109413A
CLAIM 39 . A method of inter-processor communication which restricts exchange of key information (security code) to within a class of companion processors which are characterized by storage of a set of keys greater in number than one , said method comprising the steps : i) using a method of identification as recited in claim 38 , ii) combining said first and another identifiers at both said processors to produce a session key , and iii) exchanging key information by first encrypting said key information under said session key and transmitting said encrypted key information from said first to said second or from said second to said first processor .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5155680A

Filed: 1989-04-27     Issued: 1992-10-13

Billing system for computing software

(Original Assignee) Signal Security Technology     (Current Assignee) Signal Security Technology

John D. Wiedemer
US7162735B2
CLAIM 1 . Computer software (computer means, hardware key) operable to provide protection for a second item of computer software (computer means, hardware key) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5155680A
CLAIM 7 . A security system for deciphering information for a personal computer including a central microprocessor and a bus through which other devices may be connected to it comprising : security circuit means connected to the bus of the personal computer for controlling data access and telecommunications capability of the personal computer ;
a fixed unalterable memory circuit in the security circuit containing therein a computer unique internal code ;
an alterable memory module electrically inserted into the security circuit means including thereon a computer unique external code ;
microcomputer means (Computer software, computer software, computer memory device containing computer software) in the security circuit means for controlling access to the memory module ;
memory means of the computer for containing therein information in the form of both data and programs , both enciphered and unenciphered ;
and a storage medium for the computer carrying at least one code thereon and security program means for causing the central microprocessor to read the code from the storage medium and present that code to the microcomputer means in the security circuit means ;
the microcomputer means using the code presented to it from the central microprocessor , the internal code obtained from the fixed memory circuit , and the external code obtained from the memory module to generate a decipher code to be used by the security program means to decipher the enciphered information from the memory means and return the unenciphered information to the memory means .

US5155680A
CLAIM 14 . A security system for a personal computer including a central microprocessor and a bus to which other peripherals may be connected comprising : security circuit means connected to the personal computer for controlling data access and telecommunications capability of the personal computer ;
a fixed unalterable memory circuit on the security circuit means containing therein a computer unique internal code ;
a security module electrically inserted into the security circuit means , the security module including thereon (1) a non-volatile , alterable code memory module containing a fixed computer unique external code , and (2) microcomputer means for controlling access to the memory module ;
a hardware key (Computer software, computer software, computer memory device containing computer software) module connectable to the personal computer and carrying a user unique hardware key code therein ;
and a storage medium for the computer carrying security program means for causing the central microprocessor to read the code from the hardware key and present that code to the microcomputer means on the security module ;
the microcomputer means using the code presented to it from the central microprocessor , the internal code obtained from the fixed memory circuit , and the external code obtained from the security module to generate decipher codes to be used by the security program means to decipher data .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (computer means, hardware key) in accordance with claim 1 . 		US5155680A
CLAIM 7 . A security system for deciphering information for a personal computer including a central microprocessor and a bus through which other devices may be connected to it comprising : security circuit means connected to the bus of the personal computer for controlling data access and telecommunications capability of the personal computer ;
a fixed unalterable memory circuit in the security circuit containing therein a computer unique internal code ;
an alterable memory module electrically inserted into the security circuit means including thereon a computer unique external code ;
microcomputer means (Computer software, computer software, computer memory device containing computer software) in the security circuit means for controlling access to the memory module ;
memory means of the computer for containing therein information in the form of both data and programs , both enciphered and unenciphered ;
and a storage medium for the computer carrying at least one code thereon and security program means for causing the central microprocessor to read the code from the storage medium and present that code to the microcomputer means in the security circuit means ;
the microcomputer means using the code presented to it from the central microprocessor , the internal code obtained from the fixed memory circuit , and the external code obtained from the memory module to generate a decipher code to be used by the security program means to decipher the enciphered information from the memory means and return the unenciphered information to the memory means .

US5155680A
CLAIM 14 . A security system for a personal computer including a central microprocessor and a bus to which other peripherals may be connected comprising : security circuit means connected to the personal computer for controlling data access and telecommunications capability of the personal computer ;
a fixed unalterable memory circuit on the security circuit means containing therein a computer unique internal code ;
a security module electrically inserted into the security circuit means , the security module including thereon (1) a non-volatile , alterable code memory module containing a fixed computer unique external code , and (2) microcomputer means for controlling access to the memory module ;
a hardware key (Computer software, computer software, computer memory device containing computer software) module connectable to the personal computer and carrying a user unique hardware key code therein ;
and a storage medium for the computer carrying security program means for causing the central microprocessor to read the code from the hardware key and present that code to the microcomputer means on the security module ;
the microcomputer means using the code presented to it from the central microprocessor , the internal code obtained from the fixed memory circuit , and the external code obtained from the security module to generate decipher codes to be used by the security program means to decipher data .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (computer means, hardware key) protected by means of computer software in accordance with claim 1 . 		US5155680A
CLAIM 7 . A security system for deciphering information for a personal computer including a central microprocessor and a bus through which other devices may be connected to it comprising : security circuit means connected to the bus of the personal computer for controlling data access and telecommunications capability of the personal computer ;
a fixed unalterable memory circuit in the security circuit containing therein a computer unique internal code ;
an alterable memory module electrically inserted into the security circuit means including thereon a computer unique external code ;
microcomputer means (Computer software, computer software, computer memory device containing computer software) in the security circuit means for controlling access to the memory module ;
memory means of the computer for containing therein information in the form of both data and programs , both enciphered and unenciphered ;
and a storage medium for the computer carrying at least one code thereon and security program means for causing the central microprocessor to read the code from the storage medium and present that code to the microcomputer means in the security circuit means ;
the microcomputer means using the code presented to it from the central microprocessor , the internal code obtained from the fixed memory circuit , and the external code obtained from the memory module to generate a decipher code to be used by the security program means to decipher the enciphered information from the memory means and return the unenciphered information to the memory means .

US5155680A
CLAIM 14 . A security system for a personal computer including a central microprocessor and a bus to which other peripherals may be connected comprising : security circuit means connected to the personal computer for controlling data access and telecommunications capability of the personal computer ;
a fixed unalterable memory circuit on the security circuit means containing therein a computer unique internal code ;
a security module electrically inserted into the security circuit means , the security module including thereon (1) a non-volatile , alterable code memory module containing a fixed computer unique external code , and (2) microcomputer means for controlling access to the memory module ;
a hardware key (Computer software, computer software, computer memory device containing computer software) module connectable to the personal computer and carrying a user unique hardware key code therein ;
and a storage medium for the computer carrying security program means for causing the central microprocessor to read the code from the hardware key and present that code to the microcomputer means on the security module ;
the microcomputer means using the code presented to it from the central microprocessor , the internal code obtained from the fixed memory circuit , and the external code obtained from the security module to generate decipher codes to be used by the security program means to decipher data .

US7162735B2
CLAIM 5 . A computer system comprising memory means (memory means) containing a digital protection arrangement according to claim 4 . 		US5155680A
CLAIM 1 . A security system for deciphering information in the form of programs or data for a personal computer including a central microprocessor and a bus for communication with other devices and components comprising : security circuit means connected into the personal computer bus for controlling data access and telecommunications capability of the personal computer ;
a security module electrically inserted into the security circuit , the security module including thereon a non-volatile , alterable code memory module containing a computer unique external code ;
permuter circuit means located in the security circuit for performing permutation and exclusive-or operation on blocks of data presented to it ;
memory means (memory means) of the personal computer for containing therein information in the form of both data and programs , both enciphered and unenciphered ;
and a storage medium for the computer carrying security program means for causing the central microprocessor to read the external code from the memory module on the security module an to use that code and their permuter circuit means in the security circuit to decipher enciphered information received from the memory means in a fashion that is dependent on both the permuter circuit means and on the external code so that unenciphered information may be returned to the memory means .

US7162735B2
CLAIM 7 . Computer software (computer means, hardware key) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5155680A
CLAIM 7 . A security system for deciphering information for a personal computer including a central microprocessor and a bus through which other devices may be connected to it comprising : security circuit means connected to the bus of the personal computer for controlling data access and telecommunications capability of the personal computer ;
a fixed unalterable memory circuit in the security circuit containing therein a computer unique internal code ;
an alterable memory module electrically inserted into the security circuit means including thereon a computer unique external code ;
microcomputer means (Computer software, computer software, computer memory device containing computer software) in the security circuit means for controlling access to the memory module ;
memory means of the computer for containing therein information in the form of both data and programs , both enciphered and unenciphered ;
and a storage medium for the computer carrying at least one code thereon and security program means for causing the central microprocessor to read the code from the storage medium and present that code to the microcomputer means in the security circuit means ;
the microcomputer means using the code presented to it from the central microprocessor , the internal code obtained from the fixed memory circuit , and the external code obtained from the memory module to generate a decipher code to be used by the security program means to decipher the enciphered information from the memory means and return the unenciphered information to the memory means .

US5155680A
CLAIM 14 . A security system for a personal computer including a central microprocessor and a bus to which other peripherals may be connected comprising : security circuit means connected to the personal computer for controlling data access and telecommunications capability of the personal computer ;
a fixed unalterable memory circuit on the security circuit means containing therein a computer unique internal code ;
a security module electrically inserted into the security circuit means , the security module including thereon (1) a non-volatile , alterable code memory module containing a fixed computer unique external code , and (2) microcomputer means for controlling access to the memory module ;
a hardware key (Computer software, computer software, computer memory device containing computer software) module connectable to the personal computer and carrying a user unique hardware key code therein ;
and a storage medium for the computer carrying security program means for causing the central microprocessor to read the code from the hardware key and present that code to the microcomputer means on the security module ;
the microcomputer means using the code presented to it from the central microprocessor , the internal code obtained from the fixed memory circuit , and the external code obtained from the security module to generate decipher codes to be used by the security program means to decipher data .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion (commencing operation) code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5155680A
CLAIM 13 . A method of operating a computer data and access security system for transferring data and allowing access to information in the form of data or programs to users who have installed on their computers a hardware security circuit including a microcomputer and into which a security module is removably received , the security circuit including a fixed memory portion thereon which carries an enciphered internal code and the security module including an electrically alterable memory which carries an enciphered external code , the computer of the user also being provided with a security program , the method comprising the steps of : (a) commencing operation (executable conversion) of the security program by the computer by means of access codes supplied to the computer with the information to be deciphered , the access codes being provided to the microcomputer in the hardware security circuit ;
(b) the microcomputer in the hardware security circuit accessing the internal and the external codes and deciphering these codes with the codes passed to it by the computer and then combining the deciphered external and internal codes to device a decipher code which it passes back to the counter ;
and (c) the computer using the decipher code passed to it by the microcomputer in the hardware security circuit to decipher the information to which access is sought .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (memory means) storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (memory circuit) will cause the executable conversion (commencing operation) code to be executed when seeking to access the protected data . 		US5155680A
CLAIM 1 . A security system for deciphering information in the form of programs or data for a personal computer including a central microprocessor and a bus for communication with other devices and components comprising : security circuit means connected into the personal computer bus for controlling data access and telecommunications capability of the personal computer ;
a security module electrically inserted into the security circuit , the security module including thereon a non-volatile , alterable code memory module containing a computer unique external code ;
permuter circuit means located in the security circuit for performing permutation and exclusive-or operation on blocks of data presented to it ;
memory means (memory means) of the personal computer for containing therein information in the form of both data and programs , both enciphered and unenciphered ;
and a storage medium for the computer carrying security program means for causing the central microprocessor to read the external code from the memory module on the security module an to use that code and their permuter circuit means in the security circuit to decipher enciphered information received from the memory means in a fashion that is dependent on both the permuter circuit means and on the external code so that unenciphered information may be returned to the memory means .

US5155680A
CLAIM 7 . A security system for deciphering information for a personal computer including a central microprocessor and a bus through which other devices may be connected to it comprising : security circuit means connected to the bus of the personal computer for controlling data access and telecommunications capability of the personal computer ;
a fixed unalterable memory circuit (processor means) in the security circuit containing therein a computer unique internal code ;
an alterable memory module electrically inserted into the security circuit means including thereon a computer unique external code ;
microcomputer means in the security circuit means for controlling access to the memory module ;
memory means of the computer for containing therein information in the form of both data and programs , both enciphered and unenciphered ;
and a storage medium for the computer carrying at least one code thereon and security program means for causing the central microprocessor to read the code from the storage medium and present that code to the microcomputer means in the security circuit means ;
the microcomputer means using the code presented to it from the central microprocessor , the internal code obtained from the fixed memory circuit , and the external code obtained from the memory module to generate a decipher code to be used by the security program means to decipher the enciphered information from the memory means and return the unenciphered information to the memory means .

US5155680A
CLAIM 13 . A method of operating a computer data and access security system for transferring data and allowing access to information in the form of data or programs to users who have installed on their computers a hardware security circuit including a microcomputer and into which a security module is removably received , the security circuit including a fixed memory portion thereon which carries an enciphered internal code and the security module including an electrically alterable memory which carries an enciphered external code , the computer of the user also being provided with a security program , the method comprising the steps of : (a) commencing operation (executable conversion) of the security program by the computer by means of access codes supplied to the computer with the information to be deciphered , the access codes being provided to the microcomputer in the hardware security circuit ;
(b) the microcomputer in the hardware security circuit accessing the internal and the external codes and deciphering these codes with the codes passed to it by the computer and then combining the deciphered external and internal codes to device a decipher code which it passes back to the counter ;
and (c) the computer using the decipher code passed to it by the microcomputer in the hardware security circuit to decipher the information to which access is sought .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5199066A

Filed: 1989-04-18     Issued: 1993-03-30

Method and apparatus for protecting software

(Original Assignee) Special Effects Software Inc     (Current Assignee) LOGAN ANDREW J PO BOX 314 HAVERFORD PA 19041 ; SPECIAL EFFECTS SOFTWARE Inc A CORP OF ; Special Effects Software Inc

Andrew J. Logan
US7162735B2
CLAIM 1 . Computer software (particular hardware, computer means, computer software) operable to provide protection for a second item of computer software (particular hardware, computer means, computer software) , the protection software (particular hardware, computer means, computer software) comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5199066A
CLAIM 1 . A method of protecting a software program recorded within a storage medium for use with or transmission to computer or processor based hardware , the method comprising : inputting a hardware code uniquely associated with the particular hardware (Computer software, computer software, protection software) with which the software is to be employed ;
inputting a first software code uniquely associated with the particular embodiment of the software being employed ;
performing a first predetermined operation upon the hardware code and the first software code to produce a first intermediate code ;
inputting a unique activation code for the particular embodiment of the software being employed , the activation code being received from a software supplier ;
performing a second predetermined operation upon the first intermediate code and the activation code to produce a second intermediate code ;
comparing the second intermediate code with a second software code uniquely associated with the particular embodiment of the software being employed and stored at a hidden location within the software , the second software code not being ascertainable by the user ;
and enabling the use of the software if the second intermediate code and the second software code are identical .

US5199066A
CLAIM 10 . A method of preventing use of an unauthorized copy of a computer software (Computer software, computer software, protection software) program recorded within a storage medium for use in computer hardware by preventing the software from operating in the absence of a proper activation code , the method comprising : inputting a numeric hardware code uniquely associated with the particular hardware with which the software is to be employed ;
inputting a first numeric software code uniquely associated with the particular software storage medium ;
performing a first predetermined mathematical operation upon the hardware code and the first software code to produce a first numeric intermediate code ;
inputting a numeric activation code received from a software supplier , the activation code being uniquely determined for activation of the software having the particular first software code for use with hardware having the particular hardware code ;
performing a second predetermined mathematic operation upon the first numeric intermediate code and the numeric activation code to produce a second numeric intermediate code ;
comparing the second numeric intermediate code with a second numeric software code uniquely associated with the particular storage medium and stored at a hidden location within the software , the second numeric software code not being ascertainable by the user , the second numeric software code being changed in a predetermined manner each time the software is copied ;
and enabling the use of the software if the second numeric intermediate code and the second numeric software code are identical .

US5199066A
CLAIM 15 . A system for protecting a software program recorded within a storage medium for use with , or transmission to , computer or processor based hardware , the system comprising : means for inputting a hardware code uniquely associated with the particular hardware with which the software is to be employed ;
means for inputting a first software code uniquely associated with the particular embodiment of the software being employed ;
computer means (Computer software, computer software, protection software) for performing a first predetermined operation upon the hardware code and the first software code to produce a first intermediate code ;
means for inputting a unique activation code for the particular embodiment of the software being employed , the activation code being received from a software supplier ;
computer means for performing a second predetermined operation upon the first intermediate code and the activation code to produce a second intermediate code ;
computer means for comparing the second intermediate code with a second software code uniquely associated with the particular embodiment of the software and stored at a hidden location within the software , the second software code not being ascertainable by the user ;
and means for enabling the use of the software if the second intermediate code and the second software code are identical .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (particular hardware, computer means, computer software) in accordance with claim 1 . 		US5199066A
CLAIM 1 . A method of protecting a software program recorded within a storage medium for use with or transmission to computer or processor based hardware , the method comprising : inputting a hardware code uniquely associated with the particular hardware (Computer software, computer software, protection software) with which the software is to be employed ;
inputting a first software code uniquely associated with the particular embodiment of the software being employed ;
performing a first predetermined operation upon the hardware code and the first software code to produce a first intermediate code ;
inputting a unique activation code for the particular embodiment of the software being employed , the activation code being received from a software supplier ;
performing a second predetermined operation upon the first intermediate code and the activation code to produce a second intermediate code ;
comparing the second intermediate code with a second software code uniquely associated with the particular embodiment of the software being employed and stored at a hidden location within the software , the second software code not being ascertainable by the user ;
and enabling the use of the software if the second intermediate code and the second software code are identical .

US5199066A
CLAIM 10 . A method of preventing use of an unauthorized copy of a computer software (Computer software, computer software, protection software) program recorded within a storage medium for use in computer hardware by preventing the software from operating in the absence of a proper activation code , the method comprising : inputting a numeric hardware code uniquely associated with the particular hardware with which the software is to be employed ;
inputting a first numeric software code uniquely associated with the particular software storage medium ;
performing a first predetermined mathematical operation upon the hardware code and the first software code to produce a first numeric intermediate code ;
inputting a numeric activation code received from a software supplier , the activation code being uniquely determined for activation of the software having the particular first software code for use with hardware having the particular hardware code ;
performing a second predetermined mathematic operation upon the first numeric intermediate code and the numeric activation code to produce a second numeric intermediate code ;
comparing the second numeric intermediate code with a second numeric software code uniquely associated with the particular storage medium and stored at a hidden location within the software , the second numeric software code not being ascertainable by the user , the second numeric software code being changed in a predetermined manner each time the software is copied ;
and enabling the use of the software if the second numeric intermediate code and the second numeric software code are identical .

US5199066A
CLAIM 15 . A system for protecting a software program recorded within a storage medium for use with , or transmission to , computer or processor based hardware , the system comprising : means for inputting a hardware code uniquely associated with the particular hardware with which the software is to be employed ;
means for inputting a first software code uniquely associated with the particular embodiment of the software being employed ;
computer means (Computer software, computer software, protection software) for performing a first predetermined operation upon the hardware code and the first software code to produce a first intermediate code ;
means for inputting a unique activation code for the particular embodiment of the software being employed , the activation code being received from a software supplier ;
computer means for performing a second predetermined operation upon the first intermediate code and the activation code to produce a second intermediate code ;
computer means for comparing the second intermediate code with a second software code uniquely associated with the particular embodiment of the software and stored at a hidden location within the software , the second software code not being ascertainable by the user ;
and means for enabling the use of the software if the second intermediate code and the second software code are identical .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (particular hardware, computer means, computer software) protected by means of computer software in accordance with claim 1 . 		US5199066A
CLAIM 1 . A method of protecting a software program recorded within a storage medium for use with or transmission to computer or processor based hardware , the method comprising : inputting a hardware code uniquely associated with the particular hardware (Computer software, computer software, protection software) with which the software is to be employed ;
inputting a first software code uniquely associated with the particular embodiment of the software being employed ;
performing a first predetermined operation upon the hardware code and the first software code to produce a first intermediate code ;
inputting a unique activation code for the particular embodiment of the software being employed , the activation code being received from a software supplier ;
performing a second predetermined operation upon the first intermediate code and the activation code to produce a second intermediate code ;
comparing the second intermediate code with a second software code uniquely associated with the particular embodiment of the software being employed and stored at a hidden location within the software , the second software code not being ascertainable by the user ;
and enabling the use of the software if the second intermediate code and the second software code are identical .

US5199066A
CLAIM 10 . A method of preventing use of an unauthorized copy of a computer software (Computer software, computer software, protection software) program recorded within a storage medium for use in computer hardware by preventing the software from operating in the absence of a proper activation code , the method comprising : inputting a numeric hardware code uniquely associated with the particular hardware with which the software is to be employed ;
inputting a first numeric software code uniquely associated with the particular software storage medium ;
performing a first predetermined mathematical operation upon the hardware code and the first software code to produce a first numeric intermediate code ;
inputting a numeric activation code received from a software supplier , the activation code being uniquely determined for activation of the software having the particular first software code for use with hardware having the particular hardware code ;
performing a second predetermined mathematic operation upon the first numeric intermediate code and the numeric activation code to produce a second numeric intermediate code ;
comparing the second numeric intermediate code with a second numeric software code uniquely associated with the particular storage medium and stored at a hidden location within the software , the second numeric software code not being ascertainable by the user , the second numeric software code being changed in a predetermined manner each time the software is copied ;
and enabling the use of the software if the second numeric intermediate code and the second numeric software code are identical .

US5199066A
CLAIM 15 . A system for protecting a software program recorded within a storage medium for use with , or transmission to , computer or processor based hardware , the system comprising : means for inputting a hardware code uniquely associated with the particular hardware with which the software is to be employed ;
means for inputting a first software code uniquely associated with the particular embodiment of the software being employed ;
computer means (Computer software, computer software, protection software) for performing a first predetermined operation upon the hardware code and the first software code to produce a first intermediate code ;
means for inputting a unique activation code for the particular embodiment of the software being employed , the activation code being received from a software supplier ;
computer means for performing a second predetermined operation upon the first intermediate code and the activation code to produce a second intermediate code ;
computer means for comparing the second intermediate code with a second software code uniquely associated with the particular embodiment of the software and stored at a hidden location within the software , the second software code not being ascertainable by the user ;
and means for enabling the use of the software if the second intermediate code and the second software code are identical .

US7162735B2
CLAIM 5 . A computer system comprising memory means containing a digital protection (stored information) arrangement according to claim 4 . 		US5199066A
CLAIM 14 . A method of generating an activation code for enabling the use of a software program with particular computer or processor based hardware , the method comprising : obtaining from the user a hardware code uniquely associated with the particular hardware with which the software is to be employed ;
obtaining from the user a first software code uniquely associated with the particular embodiment of the software being employed ;
performing a predetermined operation upon the hardware code and the first software code to produce a first intermediate code ;
obtaining a second software code uniquely associated with the particular embodiment of the software from stored information (digital protection) corresponding to the first software code ;
and performing a predetermined operation upon the first intermediate code and the second software code to produce the activation code .

US7162735B2
CLAIM 7 . Computer software (particular hardware, computer means, computer software) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5199066A
CLAIM 1 . A method of protecting a software program recorded within a storage medium for use with or transmission to computer or processor based hardware , the method comprising : inputting a hardware code uniquely associated with the particular hardware (Computer software, computer software, protection software) with which the software is to be employed ;
inputting a first software code uniquely associated with the particular embodiment of the software being employed ;
performing a first predetermined operation upon the hardware code and the first software code to produce a first intermediate code ;
inputting a unique activation code for the particular embodiment of the software being employed , the activation code being received from a software supplier ;
performing a second predetermined operation upon the first intermediate code and the activation code to produce a second intermediate code ;
comparing the second intermediate code with a second software code uniquely associated with the particular embodiment of the software being employed and stored at a hidden location within the software , the second software code not being ascertainable by the user ;
and enabling the use of the software if the second intermediate code and the second software code are identical .

US5199066A
CLAIM 10 . A method of preventing use of an unauthorized copy of a computer software (Computer software, computer software, protection software) program recorded within a storage medium for use in computer hardware by preventing the software from operating in the absence of a proper activation code , the method comprising : inputting a numeric hardware code uniquely associated with the particular hardware with which the software is to be employed ;
inputting a first numeric software code uniquely associated with the particular software storage medium ;
performing a first predetermined mathematical operation upon the hardware code and the first software code to produce a first numeric intermediate code ;
inputting a numeric activation code received from a software supplier , the activation code being uniquely determined for activation of the software having the particular first software code for use with hardware having the particular hardware code ;
performing a second predetermined mathematic operation upon the first numeric intermediate code and the numeric activation code to produce a second numeric intermediate code ;
comparing the second numeric intermediate code with a second numeric software code uniquely associated with the particular storage medium and stored at a hidden location within the software , the second numeric software code not being ascertainable by the user , the second numeric software code being changed in a predetermined manner each time the software is copied ;
and enabling the use of the software if the second numeric intermediate code and the second numeric software code are identical .

US5199066A
CLAIM 15 . A system for protecting a software program recorded within a storage medium for use with , or transmission to , computer or processor based hardware , the system comprising : means for inputting a hardware code uniquely associated with the particular hardware with which the software is to be employed ;
means for inputting a first software code uniquely associated with the particular embodiment of the software being employed ;
computer means (Computer software, computer software, protection software) for performing a first predetermined operation upon the hardware code and the first software code to produce a first intermediate code ;
means for inputting a unique activation code for the particular embodiment of the software being employed , the activation code being received from a software supplier ;
computer means for performing a second predetermined operation upon the first intermediate code and the activation code to produce a second intermediate code ;
computer means for comparing the second intermediate code with a second software code uniquely associated with the particular embodiment of the software and stored at a hidden location within the software , the second software code not being ascertainable by the user ;
and means for enabling the use of the software if the second intermediate code and the second software code are identical .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5155837A

Filed: 1989-03-02     Issued: 1992-10-13

Methods and apparatus for software retrofitting

(Original Assignee) Telcordia Technologies Inc     (Current Assignee) TTI Inventions B LLC

Cheng-Chung Liu, Daniel S. Lo, Zaher A. Nazif, Fu-Lin Wu, Donald W. Zobre
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software (application programs) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5155837A
CLAIM 2 . The software retrofitting facility according to claim 1 wherein said software comprises a system of application programs (computer software) .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (application programs) in accordance with claim 1 . 		US5155837A
CLAIM 2 . The software retrofitting facility according to claim 1 wherein said software comprises a system of application programs (computer software) .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (application programs) protected by means of computer software in accordance with claim 1 . 		US5155837A
CLAIM 2 . The software retrofitting facility according to claim 1 wherein said software comprises a system of application programs (computer software) .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions (application processor) to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5155837A
CLAIM 5 . The software retrofitting facility according to claim 4 wherein said interdependent processing units comprise at least two classes of processors including communications processors and application processor (call instructions) s .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (processing unit) will cause the executable conversion code to be executed when seeking to access the protected data . 		US5155837A
CLAIM 4 . The software retrofitting facility according to claim 1 wherein said at least one central processor comprises a plurality of interdependent processing unit (processor means) s .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions (application processor) to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5155837A
CLAIM 5 . The software retrofitting facility according to claim 4 wherein said interdependent processing units comprise at least two classes of processors including communications processors and application processor (call instructions) s .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5023907A

Filed: 1988-09-30     Issued: 1991-06-11

Network license server

(Original Assignee) Apollo Computer Inc     (Current Assignee) HP Inc ; Apollo Computer Inc

Herrick J. Johnson, Margaret Olson, Stuart Jones, Stephanie Bodoff, Stephen C. Bertrand, Paul H. Levine
US7162735B2
CLAIM 1 . Computer software (computer program) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5023907A
CLAIM 13 . The network license server of claim 12 , wherein said user is a computer program (Computer software) .

US7162735B2
CLAIM 4 . A digital data (said signal) arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5023907A
CLAIM 1 . A network license server comprising : a license database ;
a user database ;
means for generating a digital signal in response to a user' ;
s request for access to selected software , said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) being transmitted via a network to which said license server is connected ;
a license server daemon having access to said license database and said user database ;
said license server daemon operative to compare said signal generated by said means for generating a digital signal with information in said license and user databases to determine whether access to said selected software should be granted to said user ;
and means for generating a second digital signal permitting access to said selected software if access is permitted , said second digital signal being transmitted via a network to which said license server is connected .

US7162735B2
CLAIM 5 . A computer system comprising memory means containing a digital protection (said signal) arrangement according to claim 4 . 		US5023907A
CLAIM 1 . A network license server comprising : a license database ;
a user database ;
means for generating a digital signal in response to a user' ;
s request for access to selected software , said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) being transmitted via a network to which said license server is connected ;
a license server daemon having access to said license database and said user database ;
said license server daemon operative to compare said signal generated by said means for generating a digital signal with information in said license and user databases to determine whether access to said selected software should be granted to said user ;
and means for generating a second digital signal permitting access to said selected software if access is permitted , said second digital signal being transmitted via a network to which said license server is connected .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said signal) protection arrangement in accordance with claim 4 . 		US5023907A
CLAIM 1 . A network license server comprising : a license database ;
a user database ;
means for generating a digital signal in response to a user' ;
s request for access to selected software , said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) being transmitted via a network to which said license server is connected ;
a license server daemon having access to said license database and said user database ;
said license server daemon operative to compare said signal generated by said means for generating a digital signal with information in said license and user databases to determine whether access to said selected software should be granted to said user ;
and means for generating a second digital signal permitting access to said selected software if access is permitted , said second digital signal being transmitted via a network to which said license server is connected .

US7162735B2
CLAIM 7 . Computer software (computer program) which , when installed on a computer system , is operable as a digital data (said signal) protection arrangement in accordance with claim 4 . 		US5023907A
CLAIM 1 . A network license server comprising : a license database ;
a user database ;
means for generating a digital signal in response to a user' ;
s request for access to selected software , said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) being transmitted via a network to which said license server is connected ;
a license server daemon having access to said license database and said user database ;
said license server daemon operative to compare said signal generated by said means for generating a digital signal with information in said license and user databases to determine whether access to said selected software should be granted to said user ;
and means for generating a second digital signal permitting access to said selected software if access is permitted , said second digital signal being transmitted via a network to which said license server is connected .

US5023907A
CLAIM 13 . The network license server of claim 12 , wherein said user is a computer program (Computer software) .

US7162735B2
CLAIM 18 . A digital data (said signal) arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5023907A
CLAIM 1 . A network license server comprising : a license database ;
a user database ;
means for generating a digital signal in response to a user' ;
s request for access to selected software , said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) being transmitted via a network to which said license server is connected ;
a license server daemon having access to said license database and said user database ;
said license server daemon operative to compare said signal generated by said means for generating a digital signal with information in said license and user databases to determine whether access to said selected software should be granted to said user ;
and means for generating a second digital signal permitting access to said selected software if access is permitted , said second digital signal being transmitted via a network to which said license server is connected .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said signal) protection arrangement in accordance with claim 18 . 		US5023907A
CLAIM 1 . A network license server comprising : a license database ;
a user database ;
means for generating a digital signal in response to a user' ;
s request for access to selected software , said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) being transmitted via a network to which said license server is connected ;
a license server daemon having access to said license database and said user database ;
said license server daemon operative to compare said signal generated by said means for generating a digital signal with information in said license and user databases to determine whether access to said selected software should be granted to said user ;
and means for generating a second digital signal permitting access to said selected software if access is permitted , said second digital signal being transmitted via a network to which said license server is connected .

US7162735B2
CLAIM 29 . A digital data (said signal) arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5023907A
CLAIM 1 . A network license server comprising : a license database ;
a user database ;
means for generating a digital signal in response to a user' ;
s request for access to selected software , said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) being transmitted via a network to which said license server is connected ;
a license server daemon having access to said license database and said user database ;
said license server daemon operative to compare said signal generated by said means for generating a digital signal with information in said license and user databases to determine whether access to said selected software should be granted to said user ;
and means for generating a second digital signal permitting access to said selected software if access is permitted , said second digital signal being transmitted via a network to which said license server is connected .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said signal) protection arrangement in accordance with claim 29 . 		US5023907A
CLAIM 1 . A network license server comprising : a license database ;
a user database ;
means for generating a digital signal in response to a user' ;
s request for access to selected software , said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) being transmitted via a network to which said license server is connected ;
a license server daemon having access to said license database and said user database ;
said license server daemon operative to compare said signal generated by said means for generating a digital signal with information in said license and user databases to determine whether access to said selected software should be granted to said user ;
and means for generating a second digital signal permitting access to said selected software if access is permitted , said second digital signal being transmitted via a network to which said license server is connected .

US7162735B2
CLAIM 34 . A digital data (said signal) arrangement comprising executable code executable to create a first part (said sub) of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5023907A
CLAIM 1 . A network license server comprising : a license database ;
a user database ;
means for generating a digital signal in response to a user' ;
s request for access to selected software , said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) being transmitted via a network to which said license server is connected ;
a license server daemon having access to said license database and said user database ;
said license server daemon operative to compare said signal generated by said means for generating a digital signal with information in said license and user databases to determine whether access to said selected software should be granted to said user ;
and means for generating a second digital signal permitting access to said selected software if access is permitted , said second digital signal being transmitted via a network to which said license server is connected .

US5023907A
CLAIM 25 . The network license server of claims 1 or 11 , further comprising : renewal means for providing a notification signal operative to notify a program that it must renew use of a currently held license before a time that a subsequent notification signal is provided by said means ;
and scanning means for periodically scanning a list that contains information on when each license was last renewed , and for choosing to release a license for acquisition by another user when said license has not been renewed by said program prior to receiving said sub (first part) sequent notification signal .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said signal) protection arrangement in accordance with claim 34 . 		US5023907A
CLAIM 1 . A network license server comprising : a license database ;
a user database ;
means for generating a digital signal in response to a user' ;
s request for access to selected software , said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) being transmitted via a network to which said license server is connected ;
a license server daemon having access to said license database and said user database ;
said license server daemon operative to compare said signal generated by said means for generating a digital signal with information in said license and user databases to determine whether access to said selected software should be granted to said user ;
and means for generating a second digital signal permitting access to said selected software if access is permitted , said second digital signal being transmitted via a network to which said license server is connected .

US7162735B2
CLAIM 38 . A digital data (said signal) arrangement comprising protected code , security code and relocation code , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5023907A
CLAIM 1 . A network license server comprising : a license database ;
a user database ;
means for generating a digital signal in response to a user' ;
s request for access to selected software , said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) being transmitted via a network to which said license server is connected ;
a license server daemon having access to said license database and said user database ;
said license server daemon operative to compare said signal generated by said means for generating a digital signal with information in said license and user databases to determine whether access to said selected software should be granted to said user ;
and means for generating a second digital signal permitting access to said selected software if access is permitted , said second digital signal being transmitted via a network to which said license server is connected .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said signal) protection arrangement in accordance with claim 38 . 		US5023907A
CLAIM 1 . A network license server comprising : a license database ;
a user database ;
means for generating a digital signal in response to a user' ;
s request for access to selected software , said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) being transmitted via a network to which said license server is connected ;
a license server daemon having access to said license database and said user database ;
said license server daemon operative to compare said signal generated by said means for generating a digital signal with information in said license and user databases to determine whether access to said selected software should be granted to said user ;
and means for generating a second digital signal permitting access to said selected software if access is permitted , said second digital signal being transmitted via a network to which said license server is connected .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5155847A

Filed: 1988-08-03     Issued: 1992-10-13

Method and apparatus for updating software at remote locations

(Original Assignee) Minicom Data Corp     (Current Assignee) Dot Assets No 9 LLC

Donald L. Kirouac, William A. Porrett, Marek J. Czerwinski
US7162735B2
CLAIM 1 . Computer software (first version, one computer) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5155847A
CLAIM 14 . A method as defined in claim 13 wherein said central computer system stores a first version (Computer software) of executable code and at least one different of the same executable code , said at least one different version being used in said remote computer systems , and wherein a patch made to said first version can be applied to said at least one different version , further comprising the steps of : comparing automatically at said central computer system the first checksum assigned to said patch with the second checksum of the last patch applied to said at least one different version ;
applying said patch to said at least one different version when said first and second checksums correspond ;
making a copy of said at least one different version and applying said patch to said copy , when said checksums do not correspond ;
determining a first set of differences between said copy and a patched first version ;
determining a second set of differences between the unpatched first version and said at least one different version ;
and applying the patch to said at least one different version when said first and second sets of differences are equivalent .

US5155847A
CLAIM 21 . A system for upgrading , from a central computer system , the executable code used in at least one remote computer system comprising : storage means located in said central computer system for storing a record of the executable code in use at said at least one remote computer system and executable code corresponding to the executable code used in said at least one remote computer system ;
input means located at said central computer system for allowing the corresponding executable code stored therein to be upgraded ;
upgrade detection means located in said central computer system for detecting and recording automatically each change made to the corresponding executable code stored therein , wherein said changes are in the form of patches with each patch including at least one change to said corresponding executable code ;
checksum assignor means in said central computer system and said at least one remote computer system for assigning each patch a pair of checksums , said checksums representing an image of the corresponding executable code with and without the patch applied thereto ;
communication means for establishing a communication link between said at least one remote computer system and the central computer system ;
first identifying means located in said central computer system to identify said at least one remote computer system and to examine said record to determine the executable code used therein ;
second identifying means for examining said record to identify the changes that have been made to the corresponding executable code stored in said central computer system which have not been made tot he executable code in said at least one remote computer system ;
transmission means for transmitting the identified changes from said central computer system to said at least one remote computer system ;
and verification means at one of said central computer system and said at least one remote computer system for comparing the checksums assigned to said patch by said central computer system with those assigned by said at least one remote computer system thereby to ensure that each patch is received at said at least one computer (Computer software) system correctly .

US7162735B2
CLAIM 7 . Computer software (first version, one computer) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5155847A
CLAIM 14 . A method as defined in claim 13 wherein said central computer system stores a first version (Computer software) of executable code and at least one different of the same executable code , said at least one different version being used in said remote computer systems , and wherein a patch made to said first version can be applied to said at least one different version , further comprising the steps of : comparing automatically at said central computer system the first checksum assigned to said patch with the second checksum of the last patch applied to said at least one different version ;
applying said patch to said at least one different version when said first and second checksums correspond ;
making a copy of said at least one different version and applying said patch to said copy , when said checksums do not correspond ;
determining a first set of differences between said copy and a patched first version ;
determining a second set of differences between the unpatched first version and said at least one different version ;
and applying the patch to said at least one different version when said first and second sets of differences are equivalent .

US5155847A
CLAIM 21 . A system for upgrading , from a central computer system , the executable code used in at least one remote computer system comprising : storage means located in said central computer system for storing a record of the executable code in use at said at least one remote computer system and executable code corresponding to the executable code used in said at least one remote computer system ;
input means located at said central computer system for allowing the corresponding executable code stored therein to be upgraded ;
upgrade detection means located in said central computer system for detecting and recording automatically each change made to the corresponding executable code stored therein , wherein said changes are in the form of patches with each patch including at least one change to said corresponding executable code ;
checksum assignor means in said central computer system and said at least one remote computer system for assigning each patch a pair of checksums , said checksums representing an image of the corresponding executable code with and without the patch applied thereto ;
communication means for establishing a communication link between said at least one remote computer system and the central computer system ;
first identifying means located in said central computer system to identify said at least one remote computer system and to examine said record to determine the executable code used therein ;
second identifying means for examining said record to identify the changes that have been made to the corresponding executable code stored in said central computer system which have not been made tot he executable code in said at least one remote computer system ;
transmission means for transmitting the identified changes from said central computer system to said at least one remote computer system ;
and verification means at one of said central computer system and said at least one remote computer system for comparing the checksums assigned to said patch by said central computer system with those assigned by said at least one remote computer system thereby to ensure that each patch is received at said at least one computer (Computer software) system correctly .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key derived from a respective target (different times) block . 		US5155847A
CLAIM 19 . A method as defined in claim 1 further comprising the step of releasing said patches to different remote computer systems at different times (respective target) .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US4959861A

Filed: 1988-07-13     Issued: 1990-09-25

Security system for computer software

(Original Assignee) Howlette Edward L     

Edward L. Howlette
US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US4959861A
CLAIM 1 . A computer system (computer system) comprising : a permanent memory ;
a program stored in said permanent memory ;
a computer having a second memory , and instructions for loading said program into said second memory ;
means for securing said program from use by an unauthorized user , comprising an input port of said computer system , a key for releasably attaching to said input port , said key including means for generating a coded signal wherein said generation of said coded signal is independent of said program ;
means for commencing execution of said program ;
means for transmitting said coded signal to said second memory ;
means for evaluating said coded signal according to security criteria ;
means for generating a command signal which causes said computer to complete execution of said program only if said coded signal satisfies the security criteria .

US7162735B2
CLAIM 4 . A digital data (said signal) arrangement comprising protected code and security code (user access) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US4959861A
CLAIM 3 . The computer according to claim 1 wherein said computer includes a power source , said key includes means for connecting the power source to said key for generating said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US4959861A
CLAIM 13 . A method of protecting software where a user access (security code) es a host system , comprising the steps of : (1) attaching a key for generating a predetermined coded signal to an input port of a user terminal or computer ;
(2) transmitting said coded signal from the user port to which the key is attached to said host system wherein said host system is coded such that accesses to various software program/databases are determined by said coded signal generated by said key ;
(3) evaluating the coded signal for permission for program execution by said host ;
and (4) once evaluation of step (3) is completed evaluating said coded signal to determine access to said data bases .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection (said signal) arrangement according to claim 4 . 		US4959861A
CLAIM 1 . A computer system (computer system) comprising : a permanent memory ;
a program stored in said permanent memory ;
a computer having a second memory , and instructions for loading said program into said second memory ;
means for securing said program from use by an unauthorized user , comprising an input port of said computer system , a key for releasably attaching to said input port , said key including means for generating a coded signal wherein said generation of said coded signal is independent of said program ;
means for commencing execution of said program ;
means for transmitting said coded signal to said second memory ;
means for evaluating said coded signal according to security criteria ;
means for generating a command signal which causes said computer to complete execution of said program only if said coded signal satisfies the security criteria .

US4959861A
CLAIM 3 . The computer according to claim 1 wherein said computer includes a power source , said key includes means for connecting the power source to said key for generating said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data (said signal) protection arrangement in accordance with claim 4 . 		US4959861A
CLAIM 1 . A computer system (computer system) comprising : a permanent memory ;
a program stored in said permanent memory ;
a computer having a second memory , and instructions for loading said program into said second memory ;
means for securing said program from use by an unauthorized user , comprising an input port of said computer system , a key for releasably attaching to said input port , said key including means for generating a coded signal wherein said generation of said coded signal is independent of said program ;
means for commencing execution of said program ;
means for transmitting said coded signal to said second memory ;
means for evaluating said coded signal according to security criteria ;
means for generating a command signal which causes said computer to complete execution of said program only if said coded signal satisfies the security criteria .

US4959861A
CLAIM 3 . The computer according to claim 1 wherein said computer includes a power source , said key includes means for connecting the power source to said key for generating said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data (said signal) protection arrangement in accordance with claim 4 . 		US4959861A
CLAIM 1 . A computer system (computer system) comprising : a permanent memory ;
a program stored in said permanent memory ;
a computer having a second memory , and instructions for loading said program into said second memory ;
means for securing said program from use by an unauthorized user , comprising an input port of said computer system , a key for releasably attaching to said input port , said key including means for generating a coded signal wherein said generation of said coded signal is independent of said program ;
means for commencing execution of said program ;
means for transmitting said coded signal to said second memory ;
means for evaluating said coded signal according to security criteria ;
means for generating a command signal which causes said computer to complete execution of said program only if said coded signal satisfies the security criteria .

US4959861A
CLAIM 3 . The computer according to claim 1 wherein said computer includes a power source , said key includes means for connecting the power source to said key for generating said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US7162735B2
CLAIM 8 . The arrangement of claim 4 , wherein the security code (user access) , when executed , is operable to detect corruption of the protected code . 		US4959861A
CLAIM 13 . A method of protecting software where a user access (security code) es a host system , comprising the steps of : (1) attaching a key for generating a predetermined coded signal to an input port of a user terminal or computer ;
(2) transmitting said coded signal from the user port to which the key is attached to said host system wherein said host system is coded such that accesses to various software program/databases are determined by said coded signal generated by said key ;
(3) evaluating the coded signal for permission for program execution by said host ;
and (4) once evaluation of step (3) is completed evaluating said coded signal to determine access to said data bases .

US7162735B2
CLAIM 9 . The arrangement of claim 8 , wherein the security code (user access) is operable to delete the protected code in the event that any corruption is detected . 		US4959861A
CLAIM 13 . A method of protecting software where a user access (security code) es a host system , comprising the steps of : (1) attaching a key for generating a predetermined coded signal to an input port of a user terminal or computer ;
(2) transmitting said coded signal from the user port to which the key is attached to said host system wherein said host system is coded such that accesses to various software program/databases are determined by said coded signal generated by said key ;
(3) evaluating the coded signal for permission for program execution by said host ;
and (4) once evaluation of step (3) is completed evaluating said coded signal to determine access to said data bases .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction and the security code (user access) , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US4959861A
CLAIM 13 . A method of protecting software where a user access (security code) es a host system , comprising the steps of : (1) attaching a key for generating a predetermined coded signal to an input port of a user terminal or computer ;
(2) transmitting said coded signal from the user port to which the key is attached to said host system wherein said host system is coded such that accesses to various software program/databases are determined by said coded signal generated by said key ;
(3) evaluating the coded signal for permission for program execution by said host ;
and (4) once evaluation of step (3) is completed evaluating said coded signal to determine access to said data bases .

US7162735B2
CLAIM 11 . The arrangement of claim 4 , wherein the security code (user access) is embedded within the protected code . 		US4959861A
CLAIM 13 . A method of protecting software where a user access (security code) es a host system , comprising the steps of : (1) attaching a key for generating a predetermined coded signal to an input port of a user terminal or computer ;
(2) transmitting said coded signal from the user port to which the key is attached to said host system wherein said host system is coded such that accesses to various software program/databases are determined by said coded signal generated by said key ;
(3) evaluating the coded signal for permission for program execution by said host ;
and (4) once evaluation of step (3) is completed evaluating said coded signal to determine access to said data bases .

US7162735B2
CLAIM 12 . The arrangement of claim 11 , wherein the security code (user access) is embedded at locations which are unused by the protected code . 		US4959861A
CLAIM 13 . A method of protecting software where a user access (security code) es a host system , comprising the steps of : (1) attaching a key for generating a predetermined coded signal to an input port of a user terminal or computer ;
(2) transmitting said coded signal from the user port to which the key is attached to said host system wherein said host system is coded such that accesses to various software program/databases are determined by said coded signal generated by said key ;
(3) evaluating the coded signal for permission for program execution by said host ;
and (4) once evaluation of step (3) is completed evaluating said coded signal to determine access to said data bases .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code (user access) and to modify the call instruction to refer to the new location . 		US4959861A
CLAIM 4 . A method for securing software used in a computer having a memory , comprising the steps of : (1) attaching a key for generating a predetermined coded signal to an input port of said computer said generation of said coded signal being independent of said software ;
(2) loading a program into said memory (relocation code) , said program containing an algorithm for evaluating said signal generated by said key , and instructions for (i) accessing the signal being evaluated and (ii) allowing execution of said program according to predetermined security criteria ;
(3) commencing execution of said program ;
(4) transmitting said coded signal from said key to said memory ;
(5) evaluating said coded signal according to the security criteria ;
and (6) allowing said computer to complete the execution of said program only if said coded signal from said key satisfies the predetermined security criteria .

US4959861A
CLAIM 13 . A method of protecting software where a user access (security code) es a host system , comprising the steps of : (1) attaching a key for generating a predetermined coded signal to an input port of a user terminal or computer ;
(2) transmitting said coded signal from the user port to which the key is attached to said host system wherein said host system is coded such that accesses to various software program/databases are determined by said coded signal generated by said key ;
(3) evaluating the coded signal for permission for program execution by said host ;
and (4) once evaluation of step (3) is completed evaluating said coded signal to determine access to said data bases .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US4959861A
CLAIM 4 . A method for securing software used in a computer having a memory , comprising the steps of : (1) attaching a key for generating a predetermined coded signal to an input port of said computer said generation of said coded signal being independent of said software ;
(2) loading a program into said memory (relocation code) , said program containing an algorithm for evaluating said signal generated by said key , and instructions for (i) accessing the signal being evaluated and (ii) allowing execution of said program according to predetermined security criteria ;
(3) commencing execution of said program ;
(4) transmitting said coded signal from said key to said memory ;
(5) evaluating said coded signal according to the security criteria ;
and (6) allowing said computer to complete the execution of said program only if said coded signal from said key satisfies the predetermined security criteria .

US7162735B2
CLAIM 18 . A digital data (said signal) arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US4959861A
CLAIM 3 . The computer according to claim 1 wherein said computer includes a power source , said key includes means for connecting the power source to said key for generating said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data (said signal) protection arrangement in accordance with claim 18 . 		US4959861A
CLAIM 1 . A computer system (computer system) comprising : a permanent memory ;
a program stored in said permanent memory ;
a computer having a second memory , and instructions for loading said program into said second memory ;
means for securing said program from use by an unauthorized user , comprising an input port of said computer system , a key for releasably attaching to said input port , said key including means for generating a coded signal wherein said generation of said coded signal is independent of said program ;
means for commencing execution of said program ;
means for transmitting said coded signal to said second memory ;
means for evaluating said coded signal according to security criteria ;
means for generating a command signal which causes said computer to complete execution of said program only if said coded signal satisfies the security criteria .

US4959861A
CLAIM 3 . The computer according to claim 1 wherein said computer includes a power source , said key includes means for connecting the power source to said key for generating said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US7162735B2
CLAIM 29 . A digital data (said signal) arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order (command signal) to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US4959861A
CLAIM 1 . A computer system comprising : a permanent memory ;
a program stored in said permanent memory ;
a computer having a second memory , and instructions for loading said program into said second memory ;
means for securing said program from use by an unauthorized user , comprising an input port of said computer system , a key for releasably attaching to said input port , said key including means for generating a coded signal wherein said generation of said coded signal is independent of said program ;
means for commencing execution of said program ;
means for transmitting said coded signal to said second memory ;
means for evaluating said coded signal according to security criteria ;
means for generating a command signal (one order) which causes said computer to complete execution of said program only if said coded signal satisfies the security criteria .

US4959861A
CLAIM 3 . The computer according to claim 1 wherein said computer includes a power source , said key includes means for connecting the power source to said key for generating said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data (said signal) protection arrangement in accordance with claim 29 . 		US4959861A
CLAIM 1 . A computer system (computer system) comprising : a permanent memory ;
a program stored in said permanent memory ;
a computer having a second memory , and instructions for loading said program into said second memory ;
means for securing said program from use by an unauthorized user , comprising an input port of said computer system , a key for releasably attaching to said input port , said key including means for generating a coded signal wherein said generation of said coded signal is independent of said program ;
means for commencing execution of said program ;
means for transmitting said coded signal to said second memory ;
means for evaluating said coded signal according to security criteria ;
means for generating a command signal which causes said computer to complete execution of said program only if said coded signal satisfies the security criteria .

US4959861A
CLAIM 3 . The computer according to claim 1 wherein said computer includes a power source , said key includes means for connecting the power source to said key for generating said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US7162735B2
CLAIM 34 . A digital data (said signal) arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US4959861A
CLAIM 3 . The computer according to claim 1 wherein said computer includes a power source , said key includes means for connecting the power source to said key for generating said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data (said signal) protection arrangement in accordance with claim 34 . 		US4959861A
CLAIM 1 . A computer system (computer system) comprising : a permanent memory ;
a program stored in said permanent memory ;
a computer having a second memory , and instructions for loading said program into said second memory ;
means for securing said program from use by an unauthorized user , comprising an input port of said computer system , a key for releasably attaching to said input port , said key including means for generating a coded signal wherein said generation of said coded signal is independent of said program ;
means for commencing execution of said program ;
means for transmitting said coded signal to said second memory ;
means for evaluating said coded signal according to security criteria ;
means for generating a command signal which causes said computer to complete execution of said program only if said coded signal satisfies the security criteria .

US4959861A
CLAIM 3 . The computer according to claim 1 wherein said computer includes a power source , said key includes means for connecting the power source to said key for generating said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US7162735B2
CLAIM 38 . A digital data (said signal) arrangement comprising protected code , security code (user access) and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US4959861A
CLAIM 3 . The computer according to claim 1 wherein said computer includes a power source , said key includes means for connecting the power source to said key for generating said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .

US4959861A
CLAIM 4 . A method for securing software used in a computer having a memory , comprising the steps of : (1) attaching a key for generating a predetermined coded signal to an input port of said computer said generation of said coded signal being independent of said software ;
(2) loading a program into said memory (relocation code) , said program containing an algorithm for evaluating said signal generated by said key , and instructions for (i) accessing the signal being evaluated and (ii) allowing execution of said program according to predetermined security criteria ;
(3) commencing execution of said program ;
(4) transmitting said coded signal from said key to said memory ;
(5) evaluating said coded signal according to the security criteria ;
and (6) allowing said computer to complete the execution of said program only if said coded signal from said key satisfies the predetermined security criteria .

US4959861A
CLAIM 13 . A method of protecting software where a user access (security code) es a host system , comprising the steps of : (1) attaching a key for generating a predetermined coded signal to an input port of a user terminal or computer ;
(2) transmitting said coded signal from the user port to which the key is attached to said host system wherein said host system is coded such that accesses to various software program/databases are determined by said coded signal generated by said key ;
(3) evaluating the coded signal for permission for program execution by said host ;
and (4) once evaluation of step (3) is completed evaluating said coded signal to determine access to said data bases .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code (user access) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US4959861A
CLAIM 4 . A method for securing software used in a computer having a memory , comprising the steps of : (1) attaching a key for generating a predetermined coded signal to an input port of said computer said generation of said coded signal being independent of said software ;
(2) loading a program into said memory (relocation code) , said program containing an algorithm for evaluating said signal generated by said key , and instructions for (i) accessing the signal being evaluated and (ii) allowing execution of said program according to predetermined security criteria ;
(3) commencing execution of said program ;
(4) transmitting said coded signal from said key to said memory ;
(5) evaluating said coded signal according to the security criteria ;
and (6) allowing said computer to complete the execution of said program only if said coded signal from said key satisfies the predetermined security criteria .

US4959861A
CLAIM 13 . A method of protecting software where a user access (security code) es a host system , comprising the steps of : (1) attaching a key for generating a predetermined coded signal to an input port of a user terminal or computer ;
(2) transmitting said coded signal from the user port to which the key is attached to said host system wherein said host system is coded such that accesses to various software program/databases are determined by said coded signal generated by said key ;
(3) evaluating the coded signal for permission for program execution by said host ;
and (4) once evaluation of step (3) is completed evaluating said coded signal to determine access to said data bases .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data (said signal) protection arrangement in accordance with claim 38 . 		US4959861A
CLAIM 1 . A computer system (computer system) comprising : a permanent memory ;
a program stored in said permanent memory ;
a computer having a second memory , and instructions for loading said program into said second memory ;
means for securing said program from use by an unauthorized user , comprising an input port of said computer system , a key for releasably attaching to said input port , said key including means for generating a coded signal wherein said generation of said coded signal is independent of said program ;
means for commencing execution of said program ;
means for transmitting said coded signal to said second memory ;
means for evaluating said coded signal according to security criteria ;
means for generating a command signal which causes said computer to complete execution of said program only if said coded signal satisfies the security criteria .

US4959861A
CLAIM 3 . The computer according to claim 1 wherein said computer includes a power source , said key includes means for connecting the power source to said key for generating said signal (digital data, digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement) .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5113518A

Filed: 1988-06-03     Issued: 1992-05-12

Method and system for preventing unauthorized use of software

(Original Assignee) Pitney Bowes Inc     (Current Assignee) Pitney Bowes Inc

Robert T. Durst, Jr., Kevin D. Hunter
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item (elapsed time) of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US5113518A
CLAIM 11 . A system for reducing unauthorized use by data processing apparatus of a software program having , as a portion thereof , predetermined values of selected inherent , system independent characteristic of authorized data processing apparatus , said system comprising : means for determining actual values of said selected characteristics for data processing apparatus attempting to run said software program ;
means , responsive to said means for determining , for comparing said determined actual values with said predetermined values ;
means , responsive to said means for comparing , for selectively running said software program ;
wherein said data processing apparatus includes a disk drive , and said predetermined values include a rotary speed value for said disk drive : and wherein said means for determining further comprises : reading means for reading a predetermined sector from said disk drive at least twice in succession ;
and means , responsive to said reading means , for measuring elapsed time (second item) between successive reading operations .

US7162735B2
CLAIM 4 . A digital data (said time) arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US5113518A
CLAIM 10 . The system of claim 9 further comprising additional means for measuring the time for said disk to make m complete rotations ;
and wherein said re-read timing means comprises delay adding means for adding a preset time delay between the time that said read/write head returns to said particular track and the time that said predetermined sector is re-read , total timing means for measuring the total time , including said time (digital data) delay , for said read/write head to re-read said predetermined sector , incrementing means , responsive to said determining means , for incrementally increasing said time delay until said total time is greater than the time for said disk to make m complete rotations , and means for dividing by twice the number of tracks across which said read/write head is moved the difference between the time for said disk to make m complete rotations and said incrementally increased time delay .

US7162735B2
CLAIM 5 . A computer system comprising memory means (writing data) containing a digital protection arrangement according to claim 4 . 		US5113518A
CLAIM 17 . A system for reducing unauthorized use by data processing apparatus of a software program having , as a portion thereof , predetermined values of selected inherent , system independent characteristics of authorized data processing apparatus , said system comprising : means for determining actual values of said selected characteristics for data processing apparatus attempting to run said software program ;
means , responsive to said means for determining , for comparing said determined actual values with said predetermined values ;
means , responsive to said means for comparing , for selectively running said software program ;
wherein said data processing apparatus attempting to run said software program includes a disk drive having a disk and a read/write head for reading/writing data (memory means, memory location) in interleaved sectors ;
and said predetermined values include a sector interleave value ;
wherein said sector interleave value is a measure of the number of sectors which separate logically sequential sectors on said disk : and wherein said means for determining further comprises : rotation timing means for measuring a time for accessing a logical first sector and a logical M-th sector , wherein m is an integer preset to the value " ;
2" ;
;
access timing means , response to said accessing means , for measuring a time to access the logical M-th sector ;
M determining means , responsive to said rotation timing and said access timing means , for determining if the difference between said time for said disk to make one complete rotation and said time to access the logical M-th sector is equal to said time for one complete sector to rotate past said head ;
M incrementing means , responsive to said M determining means , for incrementing the value of M until said difference is equal to said time for one complete sector to rotate past said head ;
and means , responsive to said M incrementing means , for determining said interleave value as a function of M .

US7162735B2
CLAIM 6 . A data carrier (n value) containing software which , when installed on a computer system , is operable as a digital data (said time) protection arrangement in accordance with claim 4 . 		US5113518A
CLAIM 1 . A system for reducing unauthorized use by data processing apparatus of a software program having , as a portion thereof , predetermined values of selected inherent , system independent characteristics of authorized data processing apparatus , said system comprising : means for determining actual values of said selected characteristics for operating data processing apparatus attempting to run said software program ;
means , response to said means for determining , for comparing said determined actual values with said predetermined values ;
means , responsive to said means for comparing , for selectively running said software program ;
wherein said data processing apparatus includes a read only memory (ROM) , and said predetermined values include an identification value (data carrier) for said ROM , and said identification value for said ROM comprises a cyclic redundancy check (CRC) value of contents of said ROM ;
and wherein said data processing apparatus includes a processor having at least one register , and wherein said means for determining further comprises : means for multiplying a value contained in said register by a first constant (C) ;
addressing means for addressing successive locations of said ROM ;
means , responsive to said successive locations , for then successively adding to said register values contained in said successive locations ;
means for then dividing said values contained in said register by a second constant (D) to produce a quotient and a remainder value ;
and means for loading said register with said remainder value , whereby said register then contains said CRC value .

US5113518A
CLAIM 10 . The system of claim 9 further comprising additional means for measuring the time for said disk to make m complete rotations ;
and wherein said re-read timing means comprises delay adding means for adding a preset time delay between the time that said read/write head returns to said particular track and the time that said predetermined sector is re-read , total timing means for measuring the total time , including said time (digital data) delay , for said read/write head to re-read said predetermined sector , incrementing means , responsive to said determining means , for incrementally increasing said time delay until said total time is greater than the time for said disk to make m complete rotations , and means for dividing by twice the number of tracks across which said read/write head is moved the difference between the time for said disk to make m complete rotations and said incrementally increased time delay .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system , is operable as a digital data (said time) protection arrangement in accordance with claim 4 . 		US5113518A
CLAIM 10 . The system of claim 9 further comprising additional means for measuring the time for said disk to make m complete rotations ;
and wherein said re-read timing means comprises delay adding means for adding a preset time delay between the time that said read/write head returns to said particular track and the time that said predetermined sector is re-read , total timing means for measuring the total time , including said time (digital data) delay , for said read/write head to re-read said predetermined sector , incrementing means , responsive to said determining means , for incrementally increasing said time delay until said total time is greater than the time for said disk to make m complete rotations , and means for dividing by twice the number of tracks across which said read/write head is moved the difference between the time for said disk to make m complete rotations and said incrementally increased time delay .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		US5113518A
CLAIM 16 . A system for reducing unauthorized use by data processing apparatus of a software program having , as a portion thereof , predetermined values of selected , inherent , system independent characteristics of authorized data processing apparatus , said system comprising : means for determining actual values of said selected characteristics for operating data processing apparatus attempting to run said software program ;
means , responsive to said means for determining for comparing said determined actual values with said predetermined values ;
means , responsive to said means for comparing , for selectively running said software program ;
wherein said data processing apparatus includes : a processor ;
and said predetermined values include an identification value for said processor ;
a data bus coupled to said processor , and said identification value for said processor includes a predetermined size value for said data bus ;
and a memory device coupled to said data bus ;
and wherein said means for determining further comprises : first exchanging means for exchanging an n-bit data character between said processor and said memory (relocation code) device a predetermined number of times ;
first measuring means for measuring a first time duration for said predetermined number of times n-bit characters are exchanged ;
second exchanging means for exchanging a 2n-bit data character between said processor and said memory device said predetermined number of times ;
second measuring means for measuring a second time duration for said predetermined number of times 2n-bit characters are exchanged ;
and means for determining that said data bus is 2n-bit wide if said first and second measured time durations are substantially equal and for determining that said data bus is n-bits wide if said first and second measured time durations are not substantially equal .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US5113518A
CLAIM 16 . A system for reducing unauthorized use by data processing apparatus of a software program having , as a portion thereof , predetermined values of selected , inherent , system independent characteristics of authorized data processing apparatus , said system comprising : means for determining actual values of said selected characteristics for operating data processing apparatus attempting to run said software program ;
means , responsive to said means for determining for comparing said determined actual values with said predetermined values ;
means , responsive to said means for comparing , for selectively running said software program ;
wherein said data processing apparatus includes : a processor ;
and said predetermined values include an identification value for said processor ;
a data bus coupled to said processor , and said identification value for said processor includes a predetermined size value for said data bus ;
and a memory device coupled to said data bus ;
and wherein said means for determining further comprises : first exchanging means for exchanging an n-bit data character between said processor and said memory (relocation code) device a predetermined number of times ;
first measuring means for measuring a first time duration for said predetermined number of times n-bit characters are exchanged ;
second exchanging means for exchanging a 2n-bit data character between said processor and said memory device said predetermined number of times ;
second measuring means for measuring a second time duration for said predetermined number of times 2n-bit characters are exchanged ;
and means for determining that said data bus is 2n-bit wide if said first and second measured time durations are substantially equal and for determining that said data bus is n-bits wide if said first and second measured time durations are not substantially equal .

US7162735B2
CLAIM 18 . A digital data (said time) arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code (bit data) operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5113518A
CLAIM 10 . The system of claim 9 further comprising additional means for measuring the time for said disk to make m complete rotations ;
and wherein said re-read timing means comprises delay adding means for adding a preset time delay between the time that said read/write head returns to said particular track and the time that said predetermined sector is re-read , total timing means for measuring the total time , including said time (digital data) delay , for said read/write head to re-read said predetermined sector , incrementing means , responsive to said determining means , for incrementally increasing said time delay until said total time is greater than the time for said disk to make m complete rotations , and means for dividing by twice the number of tracks across which said read/write head is moved the difference between the time for said disk to make m complete rotations and said incrementally increased time delay .

US5113518A
CLAIM 16 . A system for reducing unauthorized use by data processing apparatus of a software program having , as a portion thereof , predetermined values of selected , inherent , system independent characteristics of authorized data processing apparatus , said system comprising : means for determining actual values of said selected characteristics for operating data processing apparatus attempting to run said software program ;
means , responsive to said means for determining for comparing said determined actual values with said predetermined values ;
means , responsive to said means for comparing , for selectively running said software program ;
wherein said data processing apparatus includes : a processor ;
and said predetermined values include an identification value for said processor ;
a data bus coupled to said processor , and said identification value for said processor includes a predetermined size value for said data bus ;
and a memory device coupled to said data bus ;
and wherein said means for determining further comprises : first exchanging means for exchanging an n-bit data (conversion code) character between said processor and said memory device a predetermined number of times ;
first measuring means for measuring a first time duration for said predetermined number of times n-bit characters are exchanged ;
second exchanging means for exchanging a 2n-bit data character between said processor and said memory device said predetermined number of times ;
second measuring means for measuring a second time duration for said predetermined number of times 2n-bit characters are exchanged ;
and means for determining that said data bus is 2n-bit wide if said first and second measured time durations are substantially equal and for determining that said data bus is n-bits wide if said first and second measured time durations are not substantially equal .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code (bit data) is operable to convert each block into an executable form . 		US5113518A
CLAIM 16 . A system for reducing unauthorized use by data processing apparatus of a software program having , as a portion thereof , predetermined values of selected , inherent , system independent characteristics of authorized data processing apparatus , said system comprising : means for determining actual values of said selected characteristics for operating data processing apparatus attempting to run said software program ;
means , responsive to said means for determining for comparing said determined actual values with said predetermined values ;
means , responsive to said means for comparing , for selectively running said software program ;
wherein said data processing apparatus includes : a processor ;
and said predetermined values include an identification value for said processor ;
a data bus coupled to said processor , and said identification value for said processor includes a predetermined size value for said data bus ;
and a memory device coupled to said data bus ;
and wherein said means for determining further comprises : first exchanging means for exchanging an n-bit data (conversion code) character between said processor and said memory device a predetermined number of times ;
first measuring means for measuring a first time duration for said predetermined number of times n-bit characters are exchanged ;
second exchanging means for exchanging a 2n-bit data character between said processor and said memory device said predetermined number of times ;
second measuring means for measuring a second time duration for said predetermined number of times 2n-bit characters are exchanged ;
and means for determining that said data bus is 2n-bit wide if said first and second measured time durations are substantially equal and for determining that said data bus is n-bits wide if said first and second measured time durations are not substantially equal .

US7162735B2
CLAIM 25 . The arrangement of claim 18 , wherein the or each algorithm for converting code is a CRC algorithm (cyclic redundancy check) . 		US5113518A
CLAIM 1 . A system for reducing unauthorized use by data processing apparatus of a software program having , as a portion thereof , predetermined values of selected inherent , system independent characteristics of authorized data processing apparatus , said system comprising : means for determining actual values of said selected characteristics for operating data processing apparatus attempting to run said software program ;
means , response to said means for determining , for comparing said determined actual values with said predetermined values ;
means , responsive to said means for comparing , for selectively running said software program ;
wherein said data processing apparatus includes a read only memory (ROM) , and said predetermined values include an identification value for said ROM , and said identification value for said ROM comprises a cyclic redundancy check (CRC algorithm) (CRC) value of contents of said ROM ;
and wherein said data processing apparatus includes a processor having at least one register , and wherein said means for determining further comprises : means for multiplying a value contained in said register by a first constant (C) ;
addressing means for addressing successive locations of said ROM ;
means , responsive to said successive locations , for then successively adding to said register values contained in said successive locations ;
means for then dividing said values contained in said register by a second constant (D) to produce a quotient and a remainder value ;
and means for loading said register with said remainder value , whereby said register then contains said CRC value .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (writing data) storing the protected data , decryption instructions and conversion code (bit data) with a start point at a memory location (writing data) indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US5113518A
CLAIM 16 . A system for reducing unauthorized use by data processing apparatus of a software program having , as a portion thereof , predetermined values of selected , inherent , system independent characteristics of authorized data processing apparatus , said system comprising : means for determining actual values of said selected characteristics for operating data processing apparatus attempting to run said software program ;
means , responsive to said means for determining for comparing said determined actual values with said predetermined values ;
means , responsive to said means for comparing , for selectively running said software program ;
wherein said data processing apparatus includes : a processor ;
and said predetermined values include an identification value for said processor ;
a data bus coupled to said processor , and said identification value for said processor includes a predetermined size value for said data bus ;
and a memory device coupled to said data bus ;
and wherein said means for determining further comprises : first exchanging means for exchanging an n-bit data (conversion code) character between said processor and said memory device a predetermined number of times ;
first measuring means for measuring a first time duration for said predetermined number of times n-bit characters are exchanged ;
second exchanging means for exchanging a 2n-bit data character between said processor and said memory device said predetermined number of times ;
second measuring means for measuring a second time duration for said predetermined number of times 2n-bit characters are exchanged ;
and means for determining that said data bus is 2n-bit wide if said first and second measured time durations are substantially equal and for determining that said data bus is n-bits wide if said first and second measured time durations are not substantially equal .

US5113518A
CLAIM 17 . A system for reducing unauthorized use by data processing apparatus of a software program having , as a portion thereof , predetermined values of selected inherent , system independent characteristics of authorized data processing apparatus , said system comprising : means for determining actual values of said selected characteristics for data processing apparatus attempting to run said software program ;
means , responsive to said means for determining , for comparing said determined actual values with said predetermined values ;
means , responsive to said means for comparing , for selectively running said software program ;
wherein said data processing apparatus attempting to run said software program includes a disk drive having a disk and a read/write head for reading/writing data (memory means, memory location) in interleaved sectors ;
and said predetermined values include a sector interleave value ;
wherein said sector interleave value is a measure of the number of sectors which separate logically sequential sectors on said disk : and wherein said means for determining further comprises : rotation timing means for measuring a time for accessing a logical first sector and a logical M-th sector , wherein m is an integer preset to the value " ;
2" ;
;
access timing means , response to said accessing means , for measuring a time to access the logical M-th sector ;
M determining means , responsive to said rotation timing and said access timing means , for determining if the difference between said time for said disk to make one complete rotation and said time to access the logical M-th sector is equal to said time for one complete sector to rotate past said head ;
M incrementing means , responsive to said M determining means , for incrementing the value of M until said difference is equal to said time for one complete sector to rotate past said head ;
and means , responsive to said M incrementing means , for determining said interleave value as a function of M .

US7162735B2
CLAIM 28 . A data carrier (n value) containing software which , when installed on a computer system , is operable as a digital data (said time) protection arrangement in accordance with claim 18 . 		US5113518A
CLAIM 1 . A system for reducing unauthorized use by data processing apparatus of a software program having , as a portion thereof , predetermined values of selected inherent , system independent characteristics of authorized data processing apparatus , said system comprising : means for determining actual values of said selected characteristics for operating data processing apparatus attempting to run said software program ;
means , response to said means for determining , for comparing said determined actual values with said predetermined values ;
means , responsive to said means for comparing , for selectively running said software program ;
wherein said data processing apparatus includes a read only memory (ROM) , and said predetermined values include an identification value (data carrier) for said ROM , and said identification value for said ROM comprises a cyclic redundancy check (CRC) value of contents of said ROM ;
and wherein said data processing apparatus includes a processor having at least one register , and wherein said means for determining further comprises : means for multiplying a value contained in said register by a first constant (C) ;
addressing means for addressing successive locations of said ROM ;
means , responsive to said successive locations , for then successively adding to said register values contained in said successive locations ;
means for then dividing said values contained in said register by a second constant (D) to produce a quotient and a remainder value ;
and means for loading said register with said remainder value , whereby said register then contains said CRC value .

US5113518A
CLAIM 10 . The system of claim 9 further comprising additional means for measuring the time for said disk to make m complete rotations ;
and wherein said re-read timing means comprises delay adding means for adding a preset time delay between the time that said read/write head returns to said particular track and the time that said predetermined sector is re-read , total timing means for measuring the total time , including said time (digital data) delay , for said read/write head to re-read said predetermined sector , incrementing means , responsive to said determining means , for incrementally increasing said time delay until said total time is greater than the time for said disk to make m complete rotations , and means for dividing by twice the number of tracks across which said read/write head is moved the difference between the time for said disk to make m complete rotations and said incrementally increased time delay .

US7162735B2
CLAIM 29 . A digital data (said time) arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order (said predetermined number) to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US5113518A
CLAIM 5 . The system of claim 4 wherein said means for determining said difference between said measured amounts of time includes means for dividing said difference by said predetermined number (one order) to produce a quotient representing said wait time .

US5113518A
CLAIM 10 . The system of claim 9 further comprising additional means for measuring the time for said disk to make m complete rotations ;
and wherein said re-read timing means comprises delay adding means for adding a preset time delay between the time that said read/write head returns to said particular track and the time that said predetermined sector is re-read , total timing means for measuring the total time , including said time (digital data) delay , for said read/write head to re-read said predetermined sector , incrementing means , responsive to said determining means , for incrementally increasing said time delay until said total time is greater than the time for said disk to make m complete rotations , and means for dividing by twice the number of tracks across which said read/write head is moved the difference between the time for said disk to make m complete rotations and said incrementally increased time delay .

US7162735B2
CLAIM 30 . A data carrier (n value) containing software which , when installed on a computer system , is operable as a digital data (said time) protection arrangement in accordance with claim 29 . 		US5113518A
CLAIM 1 . A system for reducing unauthorized use by data processing apparatus of a software program having , as a portion thereof , predetermined values of selected inherent , system independent characteristics of authorized data processing apparatus , said system comprising : means for determining actual values of said selected characteristics for operating data processing apparatus attempting to run said software program ;
means , response to said means for determining , for comparing said determined actual values with said predetermined values ;
means , responsive to said means for comparing , for selectively running said software program ;
wherein said data processing apparatus includes a read only memory (ROM) , and said predetermined values include an identification value (data carrier) for said ROM , and said identification value for said ROM comprises a cyclic redundancy check (CRC) value of contents of said ROM ;
and wherein said data processing apparatus includes a processor having at least one register , and wherein said means for determining further comprises : means for multiplying a value contained in said register by a first constant (C) ;
addressing means for addressing successive locations of said ROM ;
means , responsive to said successive locations , for then successively adding to said register values contained in said successive locations ;
means for then dividing said values contained in said register by a second constant (D) to produce a quotient and a remainder value ;
and means for loading said register with said remainder value , whereby said register then contains said CRC value .

US5113518A
CLAIM 10 . The system of claim 9 further comprising additional means for measuring the time for said disk to make m complete rotations ;
and wherein said re-read timing means comprises delay adding means for adding a preset time delay between the time that said read/write head returns to said particular track and the time that said predetermined sector is re-read , total timing means for measuring the total time , including said time (digital data) delay , for said read/write head to re-read said predetermined sector , incrementing means , responsive to said determining means , for incrementally increasing said time delay until said total time is greater than the time for said disk to make m complete rotations , and means for dividing by twice the number of tracks across which said read/write head is moved the difference between the time for said disk to make m complete rotations and said incrementally increased time delay .

US7162735B2
CLAIM 34 . A digital data (said time) arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US5113518A
CLAIM 10 . The system of claim 9 further comprising additional means for measuring the time for said disk to make m complete rotations ;
and wherein said re-read timing means comprises delay adding means for adding a preset time delay between the time that said read/write head returns to said particular track and the time that said predetermined sector is re-read , total timing means for measuring the total time , including said time (digital data) delay , for said read/write head to re-read said predetermined sector , incrementing means , responsive to said determining means , for incrementally increasing said time delay until said total time is greater than the time for said disk to make m complete rotations , and means for dividing by twice the number of tracks across which said read/write head is moved the difference between the time for said disk to make m complete rotations and said incrementally increased time delay .

US7162735B2
CLAIM 37 . A data carrier (n value) containing software which , when installed on a computer system , is operable as a digital data (said time) protection arrangement in accordance with claim 34 . 		US5113518A
CLAIM 1 . A system for reducing unauthorized use by data processing apparatus of a software program having , as a portion thereof , predetermined values of selected inherent , system independent characteristics of authorized data processing apparatus , said system comprising : means for determining actual values of said selected characteristics for operating data processing apparatus attempting to run said software program ;
means , response to said means for determining , for comparing said determined actual values with said predetermined values ;
means , responsive to said means for comparing , for selectively running said software program ;
wherein said data processing apparatus includes a read only memory (ROM) , and said predetermined values include an identification value (data carrier) for said ROM , and said identification value for said ROM comprises a cyclic redundancy check (CRC) value of contents of said ROM ;
and wherein said data processing apparatus includes a processor having at least one register , and wherein said means for determining further comprises : means for multiplying a value contained in said register by a first constant (C) ;
addressing means for addressing successive locations of said ROM ;
means , responsive to said successive locations , for then successively adding to said register values contained in said successive locations ;
means for then dividing said values contained in said register by a second constant (D) to produce a quotient and a remainder value ;
and means for loading said register with said remainder value , whereby said register then contains said CRC value .

US5113518A
CLAIM 10 . The system of claim 9 further comprising additional means for measuring the time for said disk to make m complete rotations ;
and wherein said re-read timing means comprises delay adding means for adding a preset time delay between the time that said read/write head returns to said particular track and the time that said predetermined sector is re-read , total timing means for measuring the total time , including said time (digital data) delay , for said read/write head to re-read said predetermined sector , incrementing means , responsive to said determining means , for incrementally increasing said time delay until said total time is greater than the time for said disk to make m complete rotations , and means for dividing by twice the number of tracks across which said read/write head is moved the difference between the time for said disk to make m complete rotations and said incrementally increased time delay .

US7162735B2
CLAIM 38 . A digital data (said time) arrangement comprising protected code , security code and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US5113518A
CLAIM 10 . The system of claim 9 further comprising additional means for measuring the time for said disk to make m complete rotations ;
and wherein said re-read timing means comprises delay adding means for adding a preset time delay between the time that said read/write head returns to said particular track and the time that said predetermined sector is re-read , total timing means for measuring the total time , including said time (digital data) delay , for said read/write head to re-read said predetermined sector , incrementing means , responsive to said determining means , for incrementally increasing said time delay until said total time is greater than the time for said disk to make m complete rotations , and means for dividing by twice the number of tracks across which said read/write head is moved the difference between the time for said disk to make m complete rotations and said incrementally increased time delay .

US5113518A
CLAIM 16 . A system for reducing unauthorized use by data processing apparatus of a software program having , as a portion thereof , predetermined values of selected , inherent , system independent characteristics of authorized data processing apparatus , said system comprising : means for determining actual values of said selected characteristics for operating data processing apparatus attempting to run said software program ;
means , responsive to said means for determining for comparing said determined actual values with said predetermined values ;
means , responsive to said means for comparing , for selectively running said software program ;
wherein said data processing apparatus includes : a processor ;
and said predetermined values include an identification value for said processor ;
a data bus coupled to said processor , and said identification value for said processor includes a predetermined size value for said data bus ;
and a memory device coupled to said data bus ;
and wherein said means for determining further comprises : first exchanging means for exchanging an n-bit data character between said processor and said memory (relocation code) device a predetermined number of times ;
first measuring means for measuring a first time duration for said predetermined number of times n-bit characters are exchanged ;
second exchanging means for exchanging a 2n-bit data character between said processor and said memory device said predetermined number of times ;
second measuring means for measuring a second time duration for said predetermined number of times 2n-bit characters are exchanged ;
and means for determining that said data bus is 2n-bit wide if said first and second measured time durations are substantially equal and for determining that said data bus is n-bits wide if said first and second measured time durations are not substantially equal .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US5113518A
CLAIM 16 . A system for reducing unauthorized use by data processing apparatus of a software program having , as a portion thereof , predetermined values of selected , inherent , system independent characteristics of authorized data processing apparatus , said system comprising : means for determining actual values of said selected characteristics for operating data processing apparatus attempting to run said software program ;
means , responsive to said means for determining for comparing said determined actual values with said predetermined values ;
means , responsive to said means for comparing , for selectively running said software program ;
wherein said data processing apparatus includes : a processor ;
and said predetermined values include an identification value for said processor ;
a data bus coupled to said processor , and said identification value for said processor includes a predetermined size value for said data bus ;
and a memory device coupled to said data bus ;
and wherein said means for determining further comprises : first exchanging means for exchanging an n-bit data character between said processor and said memory (relocation code) device a predetermined number of times ;
first measuring means for measuring a first time duration for said predetermined number of times n-bit characters are exchanged ;
second exchanging means for exchanging a 2n-bit data character between said processor and said memory device said predetermined number of times ;
second measuring means for measuring a second time duration for said predetermined number of times 2n-bit characters are exchanged ;
and means for determining that said data bus is 2n-bit wide if said first and second measured time durations are substantially equal and for determining that said data bus is n-bits wide if said first and second measured time durations are not substantially equal .

US7162735B2
CLAIM 40 . A data carrier (n value) containing software which , when installed on a computer system , is operable as a digital data (said time) protection arrangement in accordance with claim 38 . 		US5113518A
CLAIM 1 . A system for reducing unauthorized use by data processing apparatus of a software program having , as a portion thereof , predetermined values of selected inherent , system independent characteristics of authorized data processing apparatus , said system comprising : means for determining actual values of said selected characteristics for operating data processing apparatus attempting to run said software program ;
means , response to said means for determining , for comparing said determined actual values with said predetermined values ;
means , responsive to said means for comparing , for selectively running said software program ;
wherein said data processing apparatus includes a read only memory (ROM) , and said predetermined values include an identification value (data carrier) for said ROM , and said identification value for said ROM comprises a cyclic redundancy check (CRC) value of contents of said ROM ;
and wherein said data processing apparatus includes a processor having at least one register , and wherein said means for determining further comprises : means for multiplying a value contained in said register by a first constant (C) ;
addressing means for addressing successive locations of said ROM ;
means , responsive to said successive locations , for then successively adding to said register values contained in said successive locations ;
means for then dividing said values contained in said register by a second constant (D) to produce a quotient and a remainder value ;
and means for loading said register with said remainder value , whereby said register then contains said CRC value .

US5113518A
CLAIM 10 . The system of claim 9 further comprising additional means for measuring the time for said disk to make m complete rotations ;
and wherein said re-read timing means comprises delay adding means for adding a preset time delay between the time that said read/write head returns to said particular track and the time that said predetermined sector is re-read , total timing means for measuring the total time , including said time (digital data) delay , for said read/write head to re-read said predetermined sector , incrementing means , responsive to said determining means , for incrementally increasing said time delay until said total time is greater than the time for said disk to make m complete rotations , and means for dividing by twice the number of tracks across which said read/write head is moved the difference between the time for said disk to make m complete rotations and said incrementally increased time delay .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US4888800A

Filed: 1988-03-01     Issued: 1989-12-19

Secure messaging systems

(Original Assignee) HP Inc     (Current Assignee) HP Inc

Alan D. Marshall, Christopher J. Mitchell, Graeme J. Proudler
US7162735B2
CLAIM 1 . Computer software (associated data) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US4888800A
CLAIM 4 . A messaging system according to claim 3 wherein a terminal comprises : means for measuring the usage of its associated data (Computer software) transport key ;
means for changing the key when it has been used a predetermined amount in communication with another terminal ;
and means for causing the changed key to be sent to the other terminal .

US7162735B2
CLAIM 7 . Computer software (associated data) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US4888800A
CLAIM 4 . A messaging system according to claim 3 wherein a terminal comprises : means for measuring the usage of its associated data (Computer software) transport key ;
means for changing the key when it has been used a predetermined amount in communication with another terminal ;
and means for causing the changed key to be sent to the other terminal .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location (backup information) indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US4888800A
CLAIM 10 . A messaging system according to claim 1 and further comprising : means for keeping a log of any messages received and sent by the key distribution center ;
means for storing from time to time backup information (memory location) indicative of the status of the center ;
and means , operative if there is a failure in the center , to restore the center according to the stored backup information and to cause the center to again generate and transmit any keys which were sent subsequent to the last storage of the backup information .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US4916637A

Filed: 1987-11-18     Issued: 1990-04-10

Customized instruction generator

(Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp

LindaMay P. Allen, Ronald G. Elshaug, Carrie L. Harney, Wayne L. Lemmon, Irwin Miller, Irving L. Miller, Gerald D. Murray, Michael L. Nordstrom, LaVern F. Peterson, Glen E. Rollings, James A. Schablitsky, Johnnie D. Shanklin, Anthony V. Steinman, Thomas W. Suther, III, Deanna C. Taylor, Darrel C. Walberg, Eugene P. Wojtczak
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software (specified component, media components) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US4916637A
CLAIM 5 . The system of claim 2 wherein the topology file comprises a set of records , each record corresponding to a component , one of said records being divided into at least five versions , comprising : a rack version for a rack component ;
a storage media version for storage media components (computer software) within a rack ;
a card cage version for card cage components within the rack ;
a card version for card components within a card cage ;
and a cable version for cables connecting the racks , card cages and cards .

US4916637A
CLAIM 37 . A system for generating installation instructions for devices made up of a variable number of specified component (computer software) s having different characteristics , the comprising : means for identifying a sequenced series of tasks related to installing each of the components ;
translator means coupled to the means for identifying the sequenced tasks for further defining the individual assembly instructions ;
and memory means for storing multiple versions of assembly instructions for some components , wherein the translator means selects one of the instructions for a component based on characteristics of the component .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (specified component, media components) in accordance with claim 1 . 		US4916637A
CLAIM 5 . The system of claim 2 wherein the topology file comprises a set of records , each record corresponding to a component , one of said records being divided into at least five versions , comprising : a rack version for a rack component ;
a storage media version for storage media components (computer software) within a rack ;
a card cage version for card cage components within the rack ;
a card version for card components within a card cage ;
and a cable version for cables connecting the racks , card cages and cards .

US4916637A
CLAIM 37 . A system for generating installation instructions for devices made up of a variable number of specified component (computer software) s having different characteristics , the comprising : means for identifying a sequenced series of tasks related to installing each of the components ;
translator means coupled to the means for identifying the sequenced tasks for further defining the individual assembly instructions ;
and memory means for storing multiple versions of assembly instructions for some components , wherein the translator means selects one of the instructions for a component based on characteristics of the component .

US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software (specified component, media components) protected by means of computer software in accordance with claim 1 . 		US4916637A
CLAIM 2 . The system of claim 1 wherein the means for specifying desired components for a device comprises a topology file which comprises representations corresponding to a complete set of components for installation of a complete computer system (computer system) .

US4916637A
CLAIM 5 . The system of claim 2 wherein the topology file comprises a set of records , each record corresponding to a component , one of said records being divided into at least five versions , comprising : a rack version for a rack component ;
a storage media version for storage media components (computer software) within a rack ;
a card cage version for card cage components within the rack ;
a card version for card components within a card cage ;
and a cable version for cables connecting the racks , card cages and cards .

US4916637A
CLAIM 37 . A system for generating installation instructions for devices made up of a variable number of specified component (computer software) s having different characteristics , the comprising : means for identifying a sequenced series of tasks related to installing each of the components ;
translator means coupled to the means for identifying the sequenced tasks for further defining the individual assembly instructions ;
and memory means for storing multiple versions of assembly instructions for some components , wherein the translator means selects one of the instructions for a component based on characteristics of the component .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means (memory means) containing a digital protection arrangement according to claim 4 . 		US4916637A
CLAIM 1 . A system for generating installation instructions for a device made up of a variable number of components , comprising : means for specifying desired components for a device ;
sorting means coupled to the specifying means for identifying a plurality of installation tasks dependent on the components specified ;
sequencing means for sequencing the tasks in a desired order for installation of the components ;
memory means (memory means) for storing individual assembly instructions corresponding to each task ;
and instruction generation means coupled to the sequencing means and to the memory means for assembling the individual assembly instructions for installation of the components , said assembled instructions being different dependent on the particular components specified .

US4916637A
CLAIM 2 . The system of claim 1 wherein the means for specifying desired components for a device comprises a topology file which comprises representations corresponding to a complete set of components for installation of a complete computer system (computer system) .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US4916637A
CLAIM 2 . The system of claim 1 wherein the means for specifying desired components for a device comprises a topology file which comprises representations corresponding to a complete set of components for installation of a complete computer system (computer system) .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US4916637A
CLAIM 2 . The system of claim 1 wherein the means for specifying desired components for a device comprises a topology file which comprises representations corresponding to a complete set of components for installation of a complete computer system (computer system) .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key derived from a respective target block (d line) . 		US4916637A
CLAIM 25 . The system of claim 24 wherein the variable information comprises the physical characteristics of a component , and the task to graphics manager further comprises means coupled to the element description file to create scaled line (respective target block) drawing definitions from the information .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (memory means) storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US4916637A
CLAIM 1 . A system for generating installation instructions for a device made up of a variable number of components , comprising : means for specifying desired components for a device ;
sorting means coupled to the specifying means for identifying a plurality of installation tasks dependent on the components specified ;
sequencing means for sequencing the tasks in a desired order for installation of the components ;
memory means (memory means) for storing individual assembly instructions corresponding to each task ;
and instruction generation means coupled to the sequencing means and to the memory means for assembling the individual assembly instructions for installation of the components , said assembled instructions being different dependent on the particular components specified .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US4916637A
CLAIM 2 . The system of claim 1 wherein the means for specifying desired components for a device comprises a topology file which comprises representations corresponding to a complete set of components for installation of a complete computer system (computer system) .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US4916637A
CLAIM 2 . The system of claim 1 wherein the means for specifying desired components for a device comprises a topology file which comprises representations corresponding to a complete set of components for installation of a complete computer system (computer system) .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US4916637A
CLAIM 2 . The system of claim 1 wherein the means for specifying desired components for a device comprises a topology file which comprises representations corresponding to a complete set of components for installation of a complete computer system (computer system) .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US4916637A
CLAIM 2 . The system of claim 1 wherein the means for specifying desired components for a device comprises a topology file which comprises representations corresponding to a complete set of components for installation of a complete computer system (computer system) .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US4864616A

Filed: 1987-10-15     Issued: 1989-09-05

Cryptographic labeling of electronically stored data

(Original Assignee) Micronyx Inc     (Current Assignee) MICRONYX Inc 1901 N CENTRAL EXPRESSWAY SUITE 400 RICHARDSON TEXAS 75080 ; Micronyx Inc

Eugene W. Pond, Jeffrey R. Rush, John D. Watson, Bruce A. Woodall, Walter M. Goode, George E. Goode
US7162735B2
CLAIM 1 . Computer software (second computer) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key (encrypting data) , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US4864616A
CLAIM 4 . A method of labeling and encrypting data (conversion key) file of electronically stored non-executable data , comprising : generating a file label comprising a first field containing control variables for encrypting and decrpyting the file and a second field containing control variables for encrypting and decrypting said label ;
providing a key stream for encrypting and decrypting the file and said label ;
prefixing said label to the file ;
encrypting the file by combining said key stream with file data using a reversible function in accordance with control variables in said first field of said label ;
and encrypting said first field of said label in accordance with instructions in said second field of said label .

US4864616A
CLAIM 12 . The method of claim 11 , further comprising : removing said label-is-present flag from said label of said encrypted file ;
transferring the encrypted file to a second computer (Computer software) having the same configuration ID , wherein said transfer is accomplished without further encryption by said second computer ;
and resetting said label-is-present flag after transferring said encrypted file .

US7162735B2
CLAIM 3 . A computer system (stored data) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US4864616A
CLAIM 7 . A method of labeling and controlling access to a file of electronically stored data (computer system, computer system comprising memory) , comprising : generating a file label having fields containing control variables for encrypting and decrypting the file and said label , said fields including a label size , a key mix , an access check , an initialization vector , and a checksum ;
prefixing said label to the file ;
providing identifiers for identifying a computer and each user logged-on to said computer ;
deriving said access check from a combination of said identifiers corresponding to a creator of the file ;
generating an ID key stream corresponding to each of said identifiers for encrypting and decrypting the file ;
providing a mandatory key stream for encrypting and decrypting the file and said label ;
obtaining an initial point for each of said key streams from said initialization vector ;
encrypting the file by combining said mandatory key stream and each of said ID key streams designated by said key mix with the file data using a reversible function and said initialization vector ;
encrypting said key mix , said access check , and said initialization vector using said mandatory key stream initiated at a point designated by said checksum ;
storing said encrypted file and encrypted label in said computer ;
decrypting said key mix , said access check , and said initialization vector of said label using said mandatory key stream and said checksum in response to a request for access to said file by a user logged-on to said computer ;
deriving an access code from said identifiers corresponding to said user ;
comparing said access check of said label to said access code of said user ;
and decrypting the file using said initialization vector , said reversible function , and said key streams designated by said key mix only if said access check of said label equals said access code of said user .

US7162735B2
CLAIM 5 . A computer system (stored data) comprising memory means containing a digital protection arrangement according to claim 4 . 		US4864616A
CLAIM 7 . A method of labeling and controlling access to a file of electronically stored data (computer system, computer system comprising memory) , comprising : generating a file label having fields containing control variables for encrypting and decrypting the file and said label , said fields including a label size , a key mix , an access check , an initialization vector , and a checksum ;
prefixing said label to the file ;
providing identifiers for identifying a computer and each user logged-on to said computer ;
deriving said access check from a combination of said identifiers corresponding to a creator of the file ;
generating an ID key stream corresponding to each of said identifiers for encrypting and decrypting the file ;
providing a mandatory key stream for encrypting and decrypting the file and said label ;
obtaining an initial point for each of said key streams from said initialization vector ;
encrypting the file by combining said mandatory key stream and each of said ID key streams designated by said key mix with the file data using a reversible function and said initialization vector ;
encrypting said key mix , said access check , and said initialization vector using said mandatory key stream initiated at a point designated by said checksum ;
storing said encrypted file and encrypted label in said computer ;
decrypting said key mix , said access check , and said initialization vector of said label using said mandatory key stream and said checksum in response to a request for access to said file by a user logged-on to said computer ;
deriving an access code from said identifiers corresponding to said user ;
comparing said access check of said label to said access code of said user ;
and decrypting the file using said initialization vector , said reversible function , and said key streams designated by said key mix only if said access check of said label equals said access code of said user .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (stored data) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US4864616A
CLAIM 7 . A method of labeling and controlling access to a file of electronically stored data (computer system, computer system comprising memory) , comprising : generating a file label having fields containing control variables for encrypting and decrypting the file and said label , said fields including a label size , a key mix , an access check , an initialization vector , and a checksum ;
prefixing said label to the file ;
providing identifiers for identifying a computer and each user logged-on to said computer ;
deriving said access check from a combination of said identifiers corresponding to a creator of the file ;
generating an ID key stream corresponding to each of said identifiers for encrypting and decrypting the file ;
providing a mandatory key stream for encrypting and decrypting the file and said label ;
obtaining an initial point for each of said key streams from said initialization vector ;
encrypting the file by combining said mandatory key stream and each of said ID key streams designated by said key mix with the file data using a reversible function and said initialization vector ;
encrypting said key mix , said access check , and said initialization vector using said mandatory key stream initiated at a point designated by said checksum ;
storing said encrypted file and encrypted label in said computer ;
decrypting said key mix , said access check , and said initialization vector of said label using said mandatory key stream and said checksum in response to a request for access to said file by a user logged-on to said computer ;
deriving an access code from said identifiers corresponding to said user ;
comparing said access check of said label to said access code of said user ;
and decrypting the file using said initialization vector , said reversible function , and said key streams designated by said key mix only if said access check of said label equals said access code of said user .

US7162735B2
CLAIM 7 . Computer software (second computer) which , when installed on a computer system (stored data) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US4864616A
CLAIM 7 . A method of labeling and controlling access to a file of electronically stored data (computer system, computer system comprising memory) , comprising : generating a file label having fields containing control variables for encrypting and decrypting the file and said label , said fields including a label size , a key mix , an access check , an initialization vector , and a checksum ;
prefixing said label to the file ;
providing identifiers for identifying a computer and each user logged-on to said computer ;
deriving said access check from a combination of said identifiers corresponding to a creator of the file ;
generating an ID key stream corresponding to each of said identifiers for encrypting and decrypting the file ;
providing a mandatory key stream for encrypting and decrypting the file and said label ;
obtaining an initial point for each of said key streams from said initialization vector ;
encrypting the file by combining said mandatory key stream and each of said ID key streams designated by said key mix with the file data using a reversible function and said initialization vector ;
encrypting said key mix , said access check , and said initialization vector using said mandatory key stream initiated at a point designated by said checksum ;
storing said encrypted file and encrypted label in said computer ;
decrypting said key mix , said access check , and said initialization vector of said label using said mandatory key stream and said checksum in response to a request for access to said file by a user logged-on to said computer ;
deriving an access code from said identifiers corresponding to said user ;
comparing said access check of said label to said access code of said user ;
and decrypting the file using said initialization vector , said reversible function , and said key streams designated by said key mix only if said access check of said label equals said access code of said user .

US4864616A
CLAIM 12 . The method of claim 11 , further comprising : removing said label-is-present flag from said label of said encrypted file ;
transferring the encrypted file to a second computer (Computer software) having the same configuration ID , wherein said transfer is accomplished without further encryption by said second computer ;
and resetting said label-is-present flag after transferring said encrypted file .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key (encrypting data) from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US4864616A
CLAIM 4 . A method of labeling and encrypting data (conversion key) file of electronically stored non-executable data , comprising : generating a file label comprising a first field containing control variables for encrypting and decrpyting the file and a second field containing control variables for encrypting and decrypting said label ;
providing a key stream for encrypting and decrypting the file and said label ;
prefixing said label to the file ;
encrypting the file by combining said key stream with file data using a reversible function in accordance with control variables in said first field of said label ;
and encrypting said first field of said label in accordance with instructions in said second field of said label .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (encrypting data) derived from a respective target block . 		US4864616A
CLAIM 4 . A method of labeling and encrypting data (conversion key) file of electronically stored non-executable data , comprising : generating a file label comprising a first field containing control variables for encrypting and decrpyting the file and a second field containing control variables for encrypting and decrypting said label ;
providing a key stream for encrypting and decrypting the file and said label ;
prefixing said label to the file ;
encrypting the file by combining said key stream with file data using a reversible function in accordance with control variables in said first field of said label ;
and encrypting said first field of said label in accordance with instructions in said second field of said label .

US7162735B2
CLAIM 26 . The arrangement of claim 18 , wherein the protected data contains executable code and/or a data file (data file) . 		US4864616A
CLAIM 1 . A method of cryptographically labeling a data file (data file) of electronically stored nonexecutable data , comprising : generating a file label comprising a first field containing control variables for encrypting and decrypting said data file ;
prefixing said label to the file ;
and encrypting the file in accordance with the control variables in said first field .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (stored data) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US4864616A
CLAIM 7 . A method of labeling and controlling access to a file of electronically stored data (computer system, computer system comprising memory) , comprising : generating a file label having fields containing control variables for encrypting and decrypting the file and said label , said fields including a label size , a key mix , an access check , an initialization vector , and a checksum ;
prefixing said label to the file ;
providing identifiers for identifying a computer and each user logged-on to said computer ;
deriving said access check from a combination of said identifiers corresponding to a creator of the file ;
generating an ID key stream corresponding to each of said identifiers for encrypting and decrypting the file ;
providing a mandatory key stream for encrypting and decrypting the file and said label ;
obtaining an initial point for each of said key streams from said initialization vector ;
encrypting the file by combining said mandatory key stream and each of said ID key streams designated by said key mix with the file data using a reversible function and said initialization vector ;
encrypting said key mix , said access check , and said initialization vector using said mandatory key stream initiated at a point designated by said checksum ;
storing said encrypted file and encrypted label in said computer ;
decrypting said key mix , said access check , and said initialization vector of said label using said mandatory key stream and said checksum in response to a request for access to said file by a user logged-on to said computer ;
deriving an access code from said identifiers corresponding to said user ;
comparing said access check of said label to said access code of said user ;
and decrypting the file using said initialization vector , said reversible function , and said key streams designated by said key mix only if said access check of said label equals said access code of said user .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (stored data) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US4864616A
CLAIM 7 . A method of labeling and controlling access to a file of electronically stored data (computer system, computer system comprising memory) , comprising : generating a file label having fields containing control variables for encrypting and decrypting the file and said label , said fields including a label size , a key mix , an access check , an initialization vector , and a checksum ;
prefixing said label to the file ;
providing identifiers for identifying a computer and each user logged-on to said computer ;
deriving said access check from a combination of said identifiers corresponding to a creator of the file ;
generating an ID key stream corresponding to each of said identifiers for encrypting and decrypting the file ;
providing a mandatory key stream for encrypting and decrypting the file and said label ;
obtaining an initial point for each of said key streams from said initialization vector ;
encrypting the file by combining said mandatory key stream and each of said ID key streams designated by said key mix with the file data using a reversible function and said initialization vector ;
encrypting said key mix , said access check , and said initialization vector using said mandatory key stream initiated at a point designated by said checksum ;
storing said encrypted file and encrypted label in said computer ;
decrypting said key mix , said access check , and said initialization vector of said label using said mandatory key stream and said checksum in response to a request for access to said file by a user logged-on to said computer ;
deriving an access code from said identifiers corresponding to said user ;
comparing said access check of said label to said access code of said user ;
and decrypting the file using said initialization vector , said reversible function , and said key streams designated by said key mix only if said access check of said label equals said access code of said user .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part (said sub) of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US4864616A
CLAIM 6 . The method of claim 5 , further comprising : receiving a request for access to the data file from a subsequent user ;
decrypting said first field of said label in accordance with control variables in said second field of said label upon receipt of said request for access ;
generating an access code from a combination of subsequent identifiers corresponding to said sub (first part) sequent user ;
comparing said access code to the combination of said identifiers in said first field of said label ;
and decrypting the file in accordance with the control variables in said first field of said label only if said access code matches the combination of said identifiers in said first field .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (stored data) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US4864616A
CLAIM 7 . A method of labeling and controlling access to a file of electronically stored data (computer system, computer system comprising memory) , comprising : generating a file label having fields containing control variables for encrypting and decrypting the file and said label , said fields including a label size , a key mix , an access check , an initialization vector , and a checksum ;
prefixing said label to the file ;
providing identifiers for identifying a computer and each user logged-on to said computer ;
deriving said access check from a combination of said identifiers corresponding to a creator of the file ;
generating an ID key stream corresponding to each of said identifiers for encrypting and decrypting the file ;
providing a mandatory key stream for encrypting and decrypting the file and said label ;
obtaining an initial point for each of said key streams from said initialization vector ;
encrypting the file by combining said mandatory key stream and each of said ID key streams designated by said key mix with the file data using a reversible function and said initialization vector ;
encrypting said key mix , said access check , and said initialization vector using said mandatory key stream initiated at a point designated by said checksum ;
storing said encrypted file and encrypted label in said computer ;
decrypting said key mix , said access check , and said initialization vector of said label using said mandatory key stream and said checksum in response to a request for access to said file by a user logged-on to said computer ;
deriving an access code from said identifiers corresponding to said user ;
comparing said access check of said label to said access code of said user ;
and decrypting the file using said initialization vector , said reversible function , and said key streams designated by said key mix only if said access check of said label equals said access code of said user .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (stored data) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US4864616A
CLAIM 7 . A method of labeling and controlling access to a file of electronically stored data (computer system, computer system comprising memory) , comprising : generating a file label having fields containing control variables for encrypting and decrypting the file and said label , said fields including a label size , a key mix , an access check , an initialization vector , and a checksum ;
prefixing said label to the file ;
providing identifiers for identifying a computer and each user logged-on to said computer ;
deriving said access check from a combination of said identifiers corresponding to a creator of the file ;
generating an ID key stream corresponding to each of said identifiers for encrypting and decrypting the file ;
providing a mandatory key stream for encrypting and decrypting the file and said label ;
obtaining an initial point for each of said key streams from said initialization vector ;
encrypting the file by combining said mandatory key stream and each of said ID key streams designated by said key mix with the file data using a reversible function and said initialization vector ;
encrypting said key mix , said access check , and said initialization vector using said mandatory key stream initiated at a point designated by said checksum ;
storing said encrypted file and encrypted label in said computer ;
decrypting said key mix , said access check , and said initialization vector of said label using said mandatory key stream and said checksum in response to a request for access to said file by a user logged-on to said computer ;
deriving an access code from said identifiers corresponding to said user ;
comparing said access check of said label to said access code of said user ;
and decrypting the file using said initialization vector , said reversible function , and said key streams designated by said key mix only if said access check of said label equals said access code of said user .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US4817140A

Filed: 1986-11-05     Issued: 1989-03-28

Software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocessor

(Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp

Ashileshwari N. Chandra, Liam D. Comerford, Steve R. White
US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order (first relation) to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US4817140A
CLAIM 15 . The method of claim 14 which includes the further steps of : (c) transferring an encrypted token to said coprocessor , (d) decrypting said encrypted token to produce a clear text token , (e) applying said random number to said clear text token to generate in response a clear text token portion , (f) comparing said selected token portion , generated in said step (b) with said clear text token portion , generated in step (e) , and (g) considering said token source authentic if a result of said step (f) identifies a first relation (one order) and considering said token source not authentic if said step (f) identifies any other relation .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part (following steps) of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US4817140A
CLAIM 30 . A method as recited in claim 29 in which said software as distributed in said step (c) has at least a portion encrypted and said second privilege level subsequent to performance of said step (f) has access to a decryption key and in which said step (h) comprises performing the following steps (second part) on each subsequent request by said user to execute said protected software : (1) responding , at said second privilege level to check for said alteration of said second level secure memory , if said alteration is present honoring said request by ;
(a) initiating decryption of said protected software and storage of said decrypted software in said first privilege level secure memory , (b) authorizing execution of said decrypted software by said first privilege level and initiating operation of said first privilege level , and , if said alteration is not present , refusing said request .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US4827508A

Filed: 1986-10-14     Issued: 1989-05-02

Database usage metering and protection system and method

(Original Assignee) Personal Library Software Inc     (Current Assignee) Electronic Publishing Resources Inc

Victor H. Shear
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item (signal processor) of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US4827508A
CLAIM 5 . A secure data base access system comprising : a storage medium storing a textual data base comprising characters in encrypted form , said storage medium also storing index information , said index information correlating portions of said encrypted database with unencrypted search information ;
a host digital signal processor (second item) , operatively connected to said storage medium , said processor pre-programmed so as to : (a) generate unencrypted search information , (b) read said index information from said storage medium , (c) identify , in accordance with said index information , the portions of said encrypted database which satisfy said search information , and (d) read said identified encrypted database portions from said storage medium ;
a non-volatile memory device ;
means for decrypting portions of said encrypted database to produce corresponding decrypted information ;
decoder control logic means , coupled to said host processor , said decrypting means , and said memory device , for receiving said encrypted database portions read by said host processor , for controlling said decrypting means to decrypt said portions , for measuring the quantity of information decrypted by said decrypting means , and for storing said measured quantity in said memory device ;
and telecommunications means connected to said non-volatile memory for periodically communicating said stored measured quantity to a distant location over a telecommunications network , for transmitting said same search information over said network , and for accessing a further , related portion of said same database over said telecommunication network in accordance with said same search information .

US7162735B2
CLAIM 3 . A computer system (communicating means, stored data) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US4827508A
CLAIM 3 . A secure database access system comprising : a storage medium storing encrypted textual information ;
means connected to said storage medium for selecting portions of said encrypted information and for reading said selected portions from said storage medium ;
means , connected to said selecting and reading means , for decrypting said read encrypted information ;
and control means connected to said decrypting means for metering usage of information decrypted by said decrypting means and for communicating said metered usage to a remote location , said control means including means for preventing said decrypting means from decrypting more than a certain quantity of information stored on said storage medium , said control means including : means for communicating signals over a communications path to said centralized billing facility ;
and electronic monitoring means , connected to said decrypting means and to said communicating means (computer system, computer system comprising memory) , for counting the number of predetermined length blocks of information decrypted by said decrypting means and for controlling said signal communicating means to communicate said count to said billing facility , wherein said monitoring means also determines identifying characteristics of said selected portions and controls said signal communicating means to communicate said identifying characteristics to said billing facility .

US4827508A
CLAIM 4 . A secure database access system comprising : non-volatile storage means for storing a text-oriented database in digital form ;
means connected to said storage means for selecting and reading portions of said stored data (computer system, computer system comprising memory) base ;
means connected to said selecting and reading means for determining the percentage of said stored database read by said selecting and reading means ;
further non-volatile storage means connected to said determining means for storing information representing said determined quantity ;
communicating means connected to said further storage means for periodically transmitting said stored information to a location remote thereto ;
and means connected to receive said stored quantity information for preventing said reading and selecting means from reading and selecting further information when said determined percentage indicated by said stored information exceeds a predetermined percentage of said database .

US7162735B2
CLAIM 4 . A digital data (electronic monitoring, stored information, said signal) arrangement (electronic monitoring, stored information, said signal) comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US4827508A
CLAIM 3 . A secure database access system comprising : a storage medium storing encrypted textual information ;
means connected to said storage medium for selecting portions of said encrypted information and for reading said selected portions from said storage medium ;
means , connected to said selecting and reading means , for decrypting said read encrypted information ;
and control means connected to said decrypting means for metering usage of information decrypted by said decrypting means and for communicating said metered usage to a remote location , said control means including means for preventing said decrypting means from decrypting more than a certain quantity of information stored on said storage medium , said control means including : means for communicating signals over a communications path to said centralized billing facility ;
and electronic monitoring (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) means , connected to said decrypting means and to said communicating means , for counting the number of predetermined length blocks of information decrypted by said decrypting means and for controlling said signal (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) communicating means to communicate said count to said billing facility , wherein said monitoring means also determines identifying characteristics of said selected portions and controls said signal communicating means to communicate said identifying characteristics to said billing facility .

US4827508A
CLAIM 4 . A secure database access system comprising : non-volatile storage means for storing a text-oriented database in digital form ;
means connected to said storage means for selecting and reading portions of said stored database ;
means connected to said selecting and reading means for determining the percentage of said stored database read by said selecting and reading means ;
further non-volatile storage means connected to said determining means for storing information representing said determined quantity ;
communicating means connected to said further storage means for periodically transmitting said stored information (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) to a location remote thereto ;
and means connected to receive said stored quantity information for preventing said reading and selecting means from reading and selecting further information when said determined percentage indicated by said stored information exceeds a predetermined percentage of said database .

US7162735B2
CLAIM 5 . A computer system (communicating means, stored data) comprising memory means (non-volatile memory device, memory means) containing a digital protection (electronic monitoring, stored information, said signal) arrangement according to claim 4 . 		US4827508A
CLAIM 3 . A secure database access system comprising : a storage medium storing encrypted textual information ;
means connected to said storage medium for selecting portions of said encrypted information and for reading said selected portions from said storage medium ;
means , connected to said selecting and reading means , for decrypting said read encrypted information ;
and control means connected to said decrypting means for metering usage of information decrypted by said decrypting means and for communicating said metered usage to a remote location , said control means including means for preventing said decrypting means from decrypting more than a certain quantity of information stored on said storage medium , said control means including : means for communicating signals over a communications path to said centralized billing facility ;
and electronic monitoring (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) means , connected to said decrypting means and to said communicating means (computer system, computer system comprising memory) , for counting the number of predetermined length blocks of information decrypted by said decrypting means and for controlling said signal (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) communicating means to communicate said count to said billing facility , wherein said monitoring means also determines identifying characteristics of said selected portions and controls said signal communicating means to communicate said identifying characteristics to said billing facility .

US4827508A
CLAIM 4 . A secure database access system comprising : non-volatile storage means for storing a text-oriented database in digital form ;
means connected to said storage means for selecting and reading portions of said stored data (computer system, computer system comprising memory) base ;
means connected to said selecting and reading means for determining the percentage of said stored database read by said selecting and reading means ;
further non-volatile storage means connected to said determining means for storing information representing said determined quantity ;
communicating means connected to said further storage means for periodically transmitting said stored information (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) to a location remote thereto ;
and means connected to receive said stored quantity information for preventing said reading and selecting means from reading and selecting further information when said determined percentage indicated by said stored information exceeds a predetermined percentage of said database .

US4827508A
CLAIM 5 . A secure data base access system comprising : a storage medium storing a textual data base comprising characters in encrypted form , said storage medium also storing index information , said index information correlating portions of said encrypted database with unencrypted search information ;
a host digital signal processor , operatively connected to said storage medium , said processor pre-programmed so as to : (a) generate unencrypted search information , (b) read said index information from said storage medium , (c) identify , in accordance with said index information , the portions of said encrypted database which satisfy said search information , and (d) read said identified encrypted database portions from said storage medium ;
a non-volatile memory device (memory means) ;
means for decrypting portions of said encrypted database to produce corresponding decrypted information ;
decoder control logic means , coupled to said host processor , said decrypting means , and said memory device , for receiving said encrypted database portions read by said host processor , for controlling said decrypting means to decrypt said portions , for measuring the quantity of information decrypted by said decrypting means , and for storing said measured quantity in said memory device ;
and telecommunications means connected to said non-volatile memory for periodically communicating said stored measured quantity to a distant location over a telecommunications network , for transmitting said same search information over said network , and for accessing a further , related portion of said same database over said telecommunication network in accordance with said same search information .

US4827508A
CLAIM 30 . A workstation as in claim 28 further including : non-volatile memory means (memory means) for storing said billing information and said predetermined credit ;
and means for communicating said stored billing information to a location remote from said browsing workstation location and for communicating said credit from said remote location to said non-volatile memory means .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (communicating means, stored data) , is operable as a digital data (electronic monitoring, stored information, said signal) protection arrangement (electronic monitoring, stored information, said signal) in accordance with claim 4 . 		US4827508A
CLAIM 3 . A secure database access system comprising : a storage medium storing encrypted textual information ;
means connected to said storage medium for selecting portions of said encrypted information and for reading said selected portions from said storage medium ;
means , connected to said selecting and reading means , for decrypting said read encrypted information ;
and control means connected to said decrypting means for metering usage of information decrypted by said decrypting means and for communicating said metered usage to a remote location , said control means including means for preventing said decrypting means from decrypting more than a certain quantity of information stored on said storage medium , said control means including : means for communicating signals over a communications path to said centralized billing facility ;
and electronic monitoring (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) means , connected to said decrypting means and to said communicating means (computer system, computer system comprising memory) , for counting the number of predetermined length blocks of information decrypted by said decrypting means and for controlling said signal (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) communicating means to communicate said count to said billing facility , wherein said monitoring means also determines identifying characteristics of said selected portions and controls said signal communicating means to communicate said identifying characteristics to said billing facility .

US4827508A
CLAIM 4 . A secure database access system comprising : non-volatile storage means for storing a text-oriented database in digital form ;
means connected to said storage means for selecting and reading portions of said stored data (computer system, computer system comprising memory) base ;
means connected to said selecting and reading means for determining the percentage of said stored database read by said selecting and reading means ;
further non-volatile storage means connected to said determining means for storing information representing said determined quantity ;
communicating means connected to said further storage means for periodically transmitting said stored information (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) to a location remote thereto ;
and means connected to receive said stored quantity information for preventing said reading and selecting means from reading and selecting further information when said determined percentage indicated by said stored information exceeds a predetermined percentage of said database .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (communicating means, stored data) , is operable as a digital data (electronic monitoring, stored information, said signal) protection arrangement (electronic monitoring, stored information, said signal) in accordance with claim 4 . 		US4827508A
CLAIM 3 . A secure database access system comprising : a storage medium storing encrypted textual information ;
means connected to said storage medium for selecting portions of said encrypted information and for reading said selected portions from said storage medium ;
means , connected to said selecting and reading means , for decrypting said read encrypted information ;
and control means connected to said decrypting means for metering usage of information decrypted by said decrypting means and for communicating said metered usage to a remote location , said control means including means for preventing said decrypting means from decrypting more than a certain quantity of information stored on said storage medium , said control means including : means for communicating signals over a communications path to said centralized billing facility ;
and electronic monitoring (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) means , connected to said decrypting means and to said communicating means (computer system, computer system comprising memory) , for counting the number of predetermined length blocks of information decrypted by said decrypting means and for controlling said signal (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) communicating means to communicate said count to said billing facility , wherein said monitoring means also determines identifying characteristics of said selected portions and controls said signal communicating means to communicate said identifying characteristics to said billing facility .

US4827508A
CLAIM 4 . A secure database access system comprising : non-volatile storage means for storing a text-oriented database in digital form ;
means connected to said storage means for selecting and reading portions of said stored data (computer system, computer system comprising memory) base ;
means connected to said selecting and reading means for determining the percentage of said stored database read by said selecting and reading means ;
further non-volatile storage means connected to said determining means for storing information representing said determined quantity ;
communicating means connected to said further storage means for periodically transmitting said stored information (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) to a location remote thereto ;
and means connected to receive said stored quantity information for preventing said reading and selecting means from reading and selecting further information when said determined percentage indicated by said stored information exceeds a predetermined percentage of said database .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (identifying portions, source information) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		US4827508A
CLAIM 17 . A method as in claim 14 wherein : said storage medium also stores unencrypted index information thereon ;
and said selecting step includes the following steps : (a) inputting an unencrypted , user-defined search request , (b) reading said unencrypted index information from said storage medium , and (c) identifying portions (relocation code) of said stored encrypted information in response to said read index information and said inputted request .

US4827508A
CLAIM 21 . A method of securing access to a database comprising the steps of : providing a random access mass storage medium having a database stored thereon and also having index information correlating portions of said database with encrypted source information (relocation code) stored thereon ;
generating search information ;
reading said index information from said storage medium ;
identifying , in accordance with said index information , the specific portions of said database which correspond to said generated search information ;
reading said specific identified database portions from said storage medium ;
decrypting said specific identified portions of said encrypted source to produce corresponding decrypted information ;
measuring the quantity of information decrypted by said decrypting step ;
storing said measured quantity in a non-volatile memory device ;
and inhibiting said decrypting step from decrypting more than a predetermined percentage of said source in response to said quantity measured by said measuring step , thereby preventing copying of a significant portion of said database .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (identifying portions, source information) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US4827508A
CLAIM 17 . A method as in claim 14 wherein : said storage medium also stores unencrypted index information thereon ;
and said selecting step includes the following steps : (a) inputting an unencrypted , user-defined search request , (b) reading said unencrypted index information from said storage medium , and (c) identifying portions (relocation code) of said stored encrypted information in response to said read index information and said inputted request .

US4827508A
CLAIM 21 . A method of securing access to a database comprising the steps of : providing a random access mass storage medium having a database stored thereon and also having index information correlating portions of said database with encrypted source information (relocation code) stored thereon ;
generating search information ;
reading said index information from said storage medium ;
identifying , in accordance with said index information , the specific portions of said database which correspond to said generated search information ;
reading said specific identified database portions from said storage medium ;
decrypting said specific identified portions of said encrypted source to produce corresponding decrypted information ;
measuring the quantity of information decrypted by said decrypting step ;
storing said measured quantity in a non-volatile memory device ;
and inhibiting said decrypting step from decrypting more than a predetermined percentage of said source in response to said quantity measured by said measuring step , thereby preventing copying of a significant portion of said database .

US7162735B2
CLAIM 18 . A digital data (electronic monitoring, stored information, said signal) arrangement (electronic monitoring, stored information, said signal) comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US4827508A
CLAIM 3 . A secure database access system comprising : a storage medium storing encrypted textual information ;
means connected to said storage medium for selecting portions of said encrypted information and for reading said selected portions from said storage medium ;
means , connected to said selecting and reading means , for decrypting said read encrypted information ;
and control means connected to said decrypting means for metering usage of information decrypted by said decrypting means and for communicating said metered usage to a remote location , said control means including means for preventing said decrypting means from decrypting more than a certain quantity of information stored on said storage medium , said control means including : means for communicating signals over a communications path to said centralized billing facility ;
and electronic monitoring (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) means , connected to said decrypting means and to said communicating means , for counting the number of predetermined length blocks of information decrypted by said decrypting means and for controlling said signal (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) communicating means to communicate said count to said billing facility , wherein said monitoring means also determines identifying characteristics of said selected portions and controls said signal communicating means to communicate said identifying characteristics to said billing facility .

US4827508A
CLAIM 4 . A secure database access system comprising : non-volatile storage means for storing a text-oriented database in digital form ;
means connected to said storage means for selecting and reading portions of said stored database ;
means connected to said selecting and reading means for determining the percentage of said stored database read by said selecting and reading means ;
further non-volatile storage means connected to said determining means for storing information representing said determined quantity ;
communicating means connected to said further storage means for periodically transmitting said stored information (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) to a location remote thereto ;
and means connected to receive said stored quantity information for preventing said reading and selecting means from reading and selecting further information when said determined percentage indicated by said stored information exceeds a predetermined percentage of said database .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (non-volatile memory device, memory means) storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (calculating step) will cause the executable conversion code to be executed when seeking to access the protected data . 		US4827508A
CLAIM 5 . A secure data base access system comprising : a storage medium storing a textual data base comprising characters in encrypted form , said storage medium also storing index information , said index information correlating portions of said encrypted database with unencrypted search information ;
a host digital signal processor , operatively connected to said storage medium , said processor pre-programmed so as to : (a) generate unencrypted search information , (b) read said index information from said storage medium , (c) identify , in accordance with said index information , the portions of said encrypted database which satisfy said search information , and (d) read said identified encrypted database portions from said storage medium ;
a non-volatile memory device (memory means) ;
means for decrypting portions of said encrypted database to produce corresponding decrypted information ;
decoder control logic means , coupled to said host processor , said decrypting means , and said memory device , for receiving said encrypted database portions read by said host processor , for controlling said decrypting means to decrypt said portions , for measuring the quantity of information decrypted by said decrypting means , and for storing said measured quantity in said memory device ;
and telecommunications means connected to said non-volatile memory for periodically communicating said stored measured quantity to a distant location over a telecommunications network , for transmitting said same search information over said network , and for accessing a further , related portion of said same database over said telecommunication network in accordance with said same search information .

US4827508A
CLAIM 16 . A method as in claim 14 wherein said method further includes the steps of : counting the number of predetermined length blocks of information decrypted by said decrypting step (vi) ;
storing said count in a non-volatile memory device ;
periodically telecommunicating said stored count information to a centralized billing facility , said facility performing said calculating step (processor means) (vi) in response to said telecommunicated information ;
periodically telecommunicating further information from said centralized billing facility and storing said further information in said memory device ;
and conditioning performance of said reading step (iii) on the presence of said further information stored in said memory device .

US4827508A
CLAIM 30 . A workstation as in claim 28 further including : non-volatile memory means (memory means) for storing said billing information and said predetermined credit ;
and means for communicating said stored billing information to a location remote from said browsing workstation location and for communicating said credit from said remote location to said non-volatile memory means .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (communicating means, stored data) , is operable as a digital data (electronic monitoring, stored information, said signal) protection arrangement (electronic monitoring, stored information, said signal) in accordance with claim 18 . 		US4827508A
CLAIM 3 . A secure database access system comprising : a storage medium storing encrypted textual information ;
means connected to said storage medium for selecting portions of said encrypted information and for reading said selected portions from said storage medium ;
means , connected to said selecting and reading means , for decrypting said read encrypted information ;
and control means connected to said decrypting means for metering usage of information decrypted by said decrypting means and for communicating said metered usage to a remote location , said control means including means for preventing said decrypting means from decrypting more than a certain quantity of information stored on said storage medium , said control means including : means for communicating signals over a communications path to said centralized billing facility ;
and electronic monitoring (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) means , connected to said decrypting means and to said communicating means (computer system, computer system comprising memory) , for counting the number of predetermined length blocks of information decrypted by said decrypting means and for controlling said signal (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) communicating means to communicate said count to said billing facility , wherein said monitoring means also determines identifying characteristics of said selected portions and controls said signal communicating means to communicate said identifying characteristics to said billing facility .

US4827508A
CLAIM 4 . A secure database access system comprising : non-volatile storage means for storing a text-oriented database in digital form ;
means connected to said storage means for selecting and reading portions of said stored data (computer system, computer system comprising memory) base ;
means connected to said selecting and reading means for determining the percentage of said stored database read by said selecting and reading means ;
further non-volatile storage means connected to said determining means for storing information representing said determined quantity ;
communicating means connected to said further storage means for periodically transmitting said stored information (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) to a location remote thereto ;
and means connected to receive said stored quantity information for preventing said reading and selecting means from reading and selecting further information when said determined percentage indicated by said stored information exceeds a predetermined percentage of said database .

US7162735B2
CLAIM 29 . A digital data (electronic monitoring, stored information, said signal) arrangement (electronic monitoring, stored information, said signal) comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction (textual information) which contains a plurality of steps , the steps being executable in more than one order (metering means) to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US4827508A
CLAIM 1 . A secure database access system comprising : a storage medium storing encrypted textual information (executable instruction) ;
means connected to said storage medium for selecting portions of said encrypted information and for reading said selected portions from said storage medium ;
means , connected to said selecting and reading means , for decrypting said read encrypted information ;
and control means connected to said decrypting means for metering usage of information decrypted by said decrypting means and for communicating said metered usage to a remote location , said control means including means for preventing said decrypting means from decrypting more than a certain quantity of information stored on said storage medium , wherein said control means measures the number of contiguous blocks of said textual information decrypted by said decrypting means and prevents said decrypting means from decrypting more than a certain number of said contiguous blocks .

US4827508A
CLAIM 2 . A system as in claim 1 wherein said control means measures the time at which said decrypting means decrypts said information and the duration of usage of said decrypted information , and wherein said metering means (one order) includes means for storing said measured time and duration .

US4827508A
CLAIM 3 . A secure database access system comprising : a storage medium storing encrypted textual information ;
means connected to said storage medium for selecting portions of said encrypted information and for reading said selected portions from said storage medium ;
means , connected to said selecting and reading means , for decrypting said read encrypted information ;
and control means connected to said decrypting means for metering usage of information decrypted by said decrypting means and for communicating said metered usage to a remote location , said control means including means for preventing said decrypting means from decrypting more than a certain quantity of information stored on said storage medium , said control means including : means for communicating signals over a communications path to said centralized billing facility ;
and electronic monitoring (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) means , connected to said decrypting means and to said communicating means , for counting the number of predetermined length blocks of information decrypted by said decrypting means and for controlling said signal (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) communicating means to communicate said count to said billing facility , wherein said monitoring means also determines identifying characteristics of said selected portions and controls said signal communicating means to communicate said identifying characteristics to said billing facility .

US4827508A
CLAIM 4 . A secure database access system comprising : non-volatile storage means for storing a text-oriented database in digital form ;
means connected to said storage means for selecting and reading portions of said stored database ;
means connected to said selecting and reading means for determining the percentage of said stored database read by said selecting and reading means ;
further non-volatile storage means connected to said determining means for storing information representing said determined quantity ;
communicating means connected to said further storage means for periodically transmitting said stored information (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) to a location remote thereto ;
and means connected to receive said stored quantity information for preventing said reading and selecting means from reading and selecting further information when said determined percentage indicated by said stored information exceeds a predetermined percentage of said database .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (communicating means, stored data) , is operable as a digital data (electronic monitoring, stored information, said signal) protection arrangement (electronic monitoring, stored information, said signal) in accordance with claim 29 . 		US4827508A
CLAIM 3 . A secure database access system comprising : a storage medium storing encrypted textual information ;
means connected to said storage medium for selecting portions of said encrypted information and for reading said selected portions from said storage medium ;
means , connected to said selecting and reading means , for decrypting said read encrypted information ;
and control means connected to said decrypting means for metering usage of information decrypted by said decrypting means and for communicating said metered usage to a remote location , said control means including means for preventing said decrypting means from decrypting more than a certain quantity of information stored on said storage medium , said control means including : means for communicating signals over a communications path to said centralized billing facility ;
and electronic monitoring (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) means , connected to said decrypting means and to said communicating means (computer system, computer system comprising memory) , for counting the number of predetermined length blocks of information decrypted by said decrypting means and for controlling said signal (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) communicating means to communicate said count to said billing facility , wherein said monitoring means also determines identifying characteristics of said selected portions and controls said signal communicating means to communicate said identifying characteristics to said billing facility .

US4827508A
CLAIM 4 . A secure database access system comprising : non-volatile storage means for storing a text-oriented database in digital form ;
means connected to said storage means for selecting and reading portions of said stored data (computer system, computer system comprising memory) base ;
means connected to said selecting and reading means for determining the percentage of said stored database read by said selecting and reading means ;
further non-volatile storage means connected to said determining means for storing information representing said determined quantity ;
communicating means connected to said further storage means for periodically transmitting said stored information (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) to a location remote thereto ;
and means connected to receive said stored quantity information for preventing said reading and selecting means from reading and selecting further information when said determined percentage indicated by said stored information exceeds a predetermined percentage of said database .

US7162735B2
CLAIM 33 . The arrangement of claim 29 , wherein the executable code is executable to create the steps on each occasion that the executable instruction (textual information) is to be executed . 		US4827508A
CLAIM 1 . A secure database access system comprising : a storage medium storing encrypted textual information (executable instruction) ;
means connected to said storage medium for selecting portions of said encrypted information and for reading said selected portions from said storage medium ;
means , connected to said selecting and reading means , for decrypting said read encrypted information ;
and control means connected to said decrypting means for metering usage of information decrypted by said decrypting means and for communicating said metered usage to a remote location , said control means including means for preventing said decrypting means from decrypting more than a certain quantity of information stored on said storage medium , wherein said control means measures the number of contiguous blocks of said textual information decrypted by said decrypting means and prevents said decrypting means from decrypting more than a certain number of said contiguous blocks .

US7162735B2
CLAIM 34 . A digital data (electronic monitoring, stored information, said signal) arrangement (electronic monitoring, stored information, said signal) comprising executable code executable to create a first part of protected code and to execute the first part of protected code , and to subsequently create a second part (following steps) of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US4827508A
CLAIM 3 . A secure database access system comprising : a storage medium storing encrypted textual information ;
means connected to said storage medium for selecting portions of said encrypted information and for reading said selected portions from said storage medium ;
means , connected to said selecting and reading means , for decrypting said read encrypted information ;
and control means connected to said decrypting means for metering usage of information decrypted by said decrypting means and for communicating said metered usage to a remote location , said control means including means for preventing said decrypting means from decrypting more than a certain quantity of information stored on said storage medium , said control means including : means for communicating signals over a communications path to said centralized billing facility ;
and electronic monitoring (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) means , connected to said decrypting means and to said communicating means , for counting the number of predetermined length blocks of information decrypted by said decrypting means and for controlling said signal (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) communicating means to communicate said count to said billing facility , wherein said monitoring means also determines identifying characteristics of said selected portions and controls said signal communicating means to communicate said identifying characteristics to said billing facility .

US4827508A
CLAIM 4 . A secure database access system comprising : non-volatile storage means for storing a text-oriented database in digital form ;
means connected to said storage means for selecting and reading portions of said stored database ;
means connected to said selecting and reading means for determining the percentage of said stored database read by said selecting and reading means ;
further non-volatile storage means connected to said determining means for storing information representing said determined quantity ;
communicating means connected to said further storage means for periodically transmitting said stored information (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) to a location remote thereto ;
and means connected to receive said stored quantity information for preventing said reading and selecting means from reading and selecting further information when said determined percentage indicated by said stored information exceeds a predetermined percentage of said database .

US4827508A
CLAIM 17 . A method as in claim 14 wherein : said storage medium also stores unencrypted index information thereon ;
and said selecting step includes the following steps (second part) : (a) inputting an unencrypted , user-defined search request , (b) reading said unencrypted index information from said storage medium , and (c) identifying portions of said stored encrypted information in response to said read index information and said inputted request .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (communicating means, stored data) , is operable as a digital data (electronic monitoring, stored information, said signal) protection arrangement (electronic monitoring, stored information, said signal) in accordance with claim 34 . 		US4827508A
CLAIM 3 . A secure database access system comprising : a storage medium storing encrypted textual information ;
means connected to said storage medium for selecting portions of said encrypted information and for reading said selected portions from said storage medium ;
means , connected to said selecting and reading means , for decrypting said read encrypted information ;
and control means connected to said decrypting means for metering usage of information decrypted by said decrypting means and for communicating said metered usage to a remote location , said control means including means for preventing said decrypting means from decrypting more than a certain quantity of information stored on said storage medium , said control means including : means for communicating signals over a communications path to said centralized billing facility ;
and electronic monitoring (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) means , connected to said decrypting means and to said communicating means (computer system, computer system comprising memory) , for counting the number of predetermined length blocks of information decrypted by said decrypting means and for controlling said signal (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) communicating means to communicate said count to said billing facility , wherein said monitoring means also determines identifying characteristics of said selected portions and controls said signal communicating means to communicate said identifying characteristics to said billing facility .

US4827508A
CLAIM 4 . A secure database access system comprising : non-volatile storage means for storing a text-oriented database in digital form ;
means connected to said storage means for selecting and reading portions of said stored data (computer system, computer system comprising memory) base ;
means connected to said selecting and reading means for determining the percentage of said stored database read by said selecting and reading means ;
further non-volatile storage means connected to said determining means for storing information representing said determined quantity ;
communicating means connected to said further storage means for periodically transmitting said stored information (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) to a location remote thereto ;
and means connected to receive said stored quantity information for preventing said reading and selecting means from reading and selecting further information when said determined percentage indicated by said stored information exceeds a predetermined percentage of said database .

US7162735B2
CLAIM 38 . A digital data (electronic monitoring, stored information, said signal) arrangement (electronic monitoring, stored information, said signal) comprising protected code , security code and relocation code (identifying portions, source information) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US4827508A
CLAIM 3 . A secure database access system comprising : a storage medium storing encrypted textual information ;
means connected to said storage medium for selecting portions of said encrypted information and for reading said selected portions from said storage medium ;
means , connected to said selecting and reading means , for decrypting said read encrypted information ;
and control means connected to said decrypting means for metering usage of information decrypted by said decrypting means and for communicating said metered usage to a remote location , said control means including means for preventing said decrypting means from decrypting more than a certain quantity of information stored on said storage medium , said control means including : means for communicating signals over a communications path to said centralized billing facility ;
and electronic monitoring (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) means , connected to said decrypting means and to said communicating means , for counting the number of predetermined length blocks of information decrypted by said decrypting means and for controlling said signal (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) communicating means to communicate said count to said billing facility , wherein said monitoring means also determines identifying characteristics of said selected portions and controls said signal communicating means to communicate said identifying characteristics to said billing facility .

US4827508A
CLAIM 4 . A secure database access system comprising : non-volatile storage means for storing a text-oriented database in digital form ;
means connected to said storage means for selecting and reading portions of said stored database ;
means connected to said selecting and reading means for determining the percentage of said stored database read by said selecting and reading means ;
further non-volatile storage means connected to said determining means for storing information representing said determined quantity ;
communicating means connected to said further storage means for periodically transmitting said stored information (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) to a location remote thereto ;
and means connected to receive said stored quantity information for preventing said reading and selecting means from reading and selecting further information when said determined percentage indicated by said stored information exceeds a predetermined percentage of said database .

US4827508A
CLAIM 17 . A method as in claim 14 wherein : said storage medium also stores unencrypted index information thereon ;
and said selecting step includes the following steps : (a) inputting an unencrypted , user-defined search request , (b) reading said unencrypted index information from said storage medium , and (c) identifying portions (relocation code) of said stored encrypted information in response to said read index information and said inputted request .

US4827508A
CLAIM 21 . A method of securing access to a database comprising the steps of : providing a random access mass storage medium having a database stored thereon and also having index information correlating portions of said database with encrypted source information (relocation code) stored thereon ;
generating search information ;
reading said index information from said storage medium ;
identifying , in accordance with said index information , the specific portions of said database which correspond to said generated search information ;
reading said specific identified database portions from said storage medium ;
decrypting said specific identified portions of said encrypted source to produce corresponding decrypted information ;
measuring the quantity of information decrypted by said decrypting step ;
storing said measured quantity in a non-volatile memory device ;
and inhibiting said decrypting step from decrypting more than a predetermined percentage of said source in response to said quantity measured by said measuring step , thereby preventing copying of a significant portion of said database .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (identifying portions, source information) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US4827508A
CLAIM 17 . A method as in claim 14 wherein : said storage medium also stores unencrypted index information thereon ;
and said selecting step includes the following steps : (a) inputting an unencrypted , user-defined search request , (b) reading said unencrypted index information from said storage medium , and (c) identifying portions (relocation code) of said stored encrypted information in response to said read index information and said inputted request .

US4827508A
CLAIM 21 . A method of securing access to a database comprising the steps of : providing a random access mass storage medium having a database stored thereon and also having index information correlating portions of said database with encrypted source information (relocation code) stored thereon ;
generating search information ;
reading said index information from said storage medium ;
identifying , in accordance with said index information , the specific portions of said database which correspond to said generated search information ;
reading said specific identified database portions from said storage medium ;
decrypting said specific identified portions of said encrypted source to produce corresponding decrypted information ;
measuring the quantity of information decrypted by said decrypting step ;
storing said measured quantity in a non-volatile memory device ;
and inhibiting said decrypting step from decrypting more than a predetermined percentage of said source in response to said quantity measured by said measuring step , thereby preventing copying of a significant portion of said database .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system (communicating means, stored data) , is operable as a digital data (electronic monitoring, stored information, said signal) protection arrangement (electronic monitoring, stored information, said signal) in accordance with claim 38 . 		US4827508A
CLAIM 3 . A secure database access system comprising : a storage medium storing encrypted textual information ;
means connected to said storage medium for selecting portions of said encrypted information and for reading said selected portions from said storage medium ;
means , connected to said selecting and reading means , for decrypting said read encrypted information ;
and control means connected to said decrypting means for metering usage of information decrypted by said decrypting means and for communicating said metered usage to a remote location , said control means including means for preventing said decrypting means from decrypting more than a certain quantity of information stored on said storage medium , said control means including : means for communicating signals over a communications path to said centralized billing facility ;
and electronic monitoring (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) means , connected to said decrypting means and to said communicating means (computer system, computer system comprising memory) , for counting the number of predetermined length blocks of information decrypted by said decrypting means and for controlling said signal (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) communicating means to communicate said count to said billing facility , wherein said monitoring means also determines identifying characteristics of said selected portions and controls said signal communicating means to communicate said identifying characteristics to said billing facility .

US4827508A
CLAIM 4 . A secure database access system comprising : non-volatile storage means for storing a text-oriented database in digital form ;
means connected to said storage means for selecting and reading portions of said stored data (computer system, computer system comprising memory) base ;
means connected to said selecting and reading means for determining the percentage of said stored database read by said selecting and reading means ;
further non-volatile storage means connected to said determining means for storing information representing said determined quantity ;
communicating means connected to said further storage means for periodically transmitting said stored information (digital protection, digital data arrangement, digital protection arrangement, digital data protection arrangement, digital data) to a location remote thereto ;
and means connected to receive said stored quantity information for preventing said reading and selecting means from reading and selecting further information when said determined percentage indicated by said stored information exceeds a predetermined percentage of said database .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US5021997A

Filed: 1986-09-29     Issued: 1991-06-04

Test automation system

(Original Assignee) Nokia Bell Labs     (Current Assignee) Nokia Bell Labs ; AT&T Information Systems Inc ; AT&T Corp

Kent C. Archie, Owen R. Fonorow, Mary C. McGould, Robert E. McLear, III, Edward C. Read, Edwin M. Schaefer, III, Suzanne E. Schwab, Dennis Wodarz
US7162735B2
CLAIM 6 . A data carrier containing software (database records) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US5021997A
CLAIM 17 . A test automation system comprising : a storage arrangement comprising a hierarchical file structure for storing files of tests , each test comprising at least one file including at least one executable file ;
a first database comprising records each record for storing information describing a test ;
a second database comprising records each record for storing information describing results of execution of a test ;
first means for creating first database records (data carrier containing software) by prompting users for information describing tests and for storing received information in the first database ;
second means for updating first database records by extracting information describing test from files of tests stored in the storage arrangement and storing extracted information in the records of the first database ;
third means , responsive to a user request for first database records of descriptions of tests having certain characteristics , for searching the records in the first database for the requested records and providing the requested records to the user , and further responsive to a user request for tests having certain characteristics , for searching the records in the first database to identify therefrom the requested tests and listing the requested tests in a first file means ;
fourth means , responsive to a request , for extracting from the storage arrangement the files of tests listed in the first file means and storing extracted files of tests in a second file means ;
fifth means for executing executable files of the tests stored in the second file means and storing results of execution of the tests' ;
files in a third file means ;
and sixth means for creating second database records by storing in the second database test execution results stored in the third file means .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion (adding information) code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US5021997A
CLAIM 4 . The system of claim 1 further comprising sixth means for prompting a user for test program description information and for storing information received in response to the prompts in the second means ;
and wherein the fifth means are for adding information (executable conversion) extracted from the test programs stored in the first means to information stored by the sixth means in the second means .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion (adding information) code to be executed when seeking to access the protected data . 		US5021997A
CLAIM 4 . The system of claim 1 further comprising sixth means for prompting a user for test program description information and for storing information received in response to the prompts in the second means ;
and wherein the fifth means are for adding information (executable conversion) extracted from the test programs stored in the first means to information stored by the sixth means in the second means .

US7162735B2
CLAIM 28 . A data carrier containing software (database records) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 18 . 		US5021997A
CLAIM 17 . A test automation system comprising : a storage arrangement comprising a hierarchical file structure for storing files of tests , each test comprising at least one file including at least one executable file ;
a first database comprising records each record for storing information describing a test ;
a second database comprising records each record for storing information describing results of execution of a test ;
first means for creating first database records (data carrier containing software) by prompting users for information describing tests and for storing received information in the first database ;
second means for updating first database records by extracting information describing test from files of tests stored in the storage arrangement and storing extracted information in the records of the first database ;
third means , responsive to a user request for first database records of descriptions of tests having certain characteristics , for searching the records in the first database for the requested records and providing the requested records to the user , and further responsive to a user request for tests having certain characteristics , for searching the records in the first database to identify therefrom the requested tests and listing the requested tests in a first file means ;
fourth means , responsive to a request , for extracting from the storage arrangement the files of tests listed in the first file means and storing extracted files of tests in a second file means ;
fifth means for executing executable files of the tests stored in the second file means and storing results of execution of the tests' ;
files in a third file means ;
and sixth means for creating second database records by storing in the second database test execution results stored in the third file means .

US7162735B2
CLAIM 30 . A data carrier containing software (database records) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 29 . 		US5021997A
CLAIM 17 . A test automation system comprising : a storage arrangement comprising a hierarchical file structure for storing files of tests , each test comprising at least one file including at least one executable file ;
a first database comprising records each record for storing information describing a test ;
a second database comprising records each record for storing information describing results of execution of a test ;
first means for creating first database records (data carrier containing software) by prompting users for information describing tests and for storing received information in the first database ;
second means for updating first database records by extracting information describing test from files of tests stored in the storage arrangement and storing extracted information in the records of the first database ;
third means , responsive to a user request for first database records of descriptions of tests having certain characteristics , for searching the records in the first database for the requested records and providing the requested records to the user , and further responsive to a user request for tests having certain characteristics , for searching the records in the first database to identify therefrom the requested tests and listing the requested tests in a first file means ;
fourth means , responsive to a request , for extracting from the storage arrangement the files of tests listed in the first file means and storing extracted files of tests in a second file means ;
fifth means for executing executable files of the tests stored in the second file means and storing results of execution of the tests' ;
files in a third file means ;
and sixth means for creating second database records by storing in the second database test execution results stored in the third file means .

US7162735B2
CLAIM 37 . A data carrier containing software (database records) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 34 . 		US5021997A
CLAIM 17 . A test automation system comprising : a storage arrangement comprising a hierarchical file structure for storing files of tests , each test comprising at least one file including at least one executable file ;
a first database comprising records each record for storing information describing a test ;
a second database comprising records each record for storing information describing results of execution of a test ;
first means for creating first database records (data carrier containing software) by prompting users for information describing tests and for storing received information in the first database ;
second means for updating first database records by extracting information describing test from files of tests stored in the storage arrangement and storing extracted information in the records of the first database ;
third means , responsive to a user request for first database records of descriptions of tests having certain characteristics , for searching the records in the first database for the requested records and providing the requested records to the user , and further responsive to a user request for tests having certain characteristics , for searching the records in the first database to identify therefrom the requested tests and listing the requested tests in a first file means ;
fourth means , responsive to a request , for extracting from the storage arrangement the files of tests listed in the first file means and storing extracted files of tests in a second file means ;
fifth means for executing executable files of the tests stored in the second file means and storing results of execution of the tests' ;
files in a third file means ;
and sixth means for creating second database records by storing in the second database test execution results stored in the third file means .

US7162735B2
CLAIM 40 . A data carrier containing software (database records) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 38 . 		US5021997A
CLAIM 17 . A test automation system comprising : a storage arrangement comprising a hierarchical file structure for storing files of tests , each test comprising at least one file including at least one executable file ;
a first database comprising records each record for storing information describing a test ;
a second database comprising records each record for storing information describing results of execution of a test ;
first means for creating first database records (data carrier containing software) by prompting users for information describing tests and for storing received information in the first database ;
second means for updating first database records by extracting information describing test from files of tests stored in the storage arrangement and storing extracted information in the records of the first database ;
third means , responsive to a user request for first database records of descriptions of tests having certain characteristics , for searching the records in the first database for the requested records and providing the requested records to the user , and further responsive to a user request for tests having certain characteristics , for searching the records in the first database to identify therefrom the requested tests and listing the requested tests in a first file means ;
fourth means , responsive to a request , for extracting from the storage arrangement the files of tests listed in the first file means and storing extracted files of tests in a second file means ;
fifth means for executing executable files of the tests stored in the second file means and storing results of execution of the tests' ;
files in a third file means ;
and sixth means for creating second database records by storing in the second database test execution results stored in the third file means .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US4888798A

Filed: 1986-08-07     Issued: 1989-12-19

Modular software security

(Original Assignee) Oms Inc     (Current Assignee) QMS Inc A DE CORP ; Oms Inc

Lester D. Earnest
US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key derived from a respective target (more operation) block . 		US4888798A
CLAIM 10 . A protection method for restricting access by a user to authorized ones of a plurality of software elements in a computer system where the computer system permanently stores an identity key , I k distinguishing the computer system from other computer system having the same software elements , comprising , inputting a capability key , C k , into the computer system for unlocking a selected one of said plurality of software elements , accessing an identity key , I k , stored in the computer system for identifying the computer system , transforming the capability key with the identity key to form a transformed key , T k , including , transforming the identity key , I k , by at least one operation to form two numbers , B 1 and B 2 , wherein the step of transforming the identity key , I k , by one or more operation (respective target, respective target block) includes multiplying I k by constants , to form B 1 and B 2 as follows : (I . sub . k)(J . sub . 1)=B . sub . 1 (I . sub . k)(J . sub . 2)=B . sub . 2 transforming the first control number , B 1 , with the capability key , C k , to yield an intermediate transform , X k , as follows : B . sub . 1 ⊕C . sub . k =X . sub . k transforming the intermediate transform , X k , using the second control number , B 2 , to form the transformed capability key , T k , as follows : B . sub . 2 ⊕X . sub . k =T . sub . k accessing a stored key , S k , for said selected software element , compairing said transformed key T k and said stored key , S k , unlocking said selected software element if the transformed key corresponding to said selected software element matches said stored key .

US7162735B2
CLAIM 29 . A digital data arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order (said element) to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US4888798A
CLAIM 11 . A protection method for restricting access by a user to authorized ones of a plurality of software elements in a computer system where said computer system includes storage for storing said software elements and for storing an element directory , said element (one order) directory having for each software element a name field for identifying the software element , having a location field for identifying the location in storage of the software element having the corresponding name in the element directory , and having a capability key field for storing a capability key and where the computer system permanently stores an identity key , I k , distinguishing the computer system from other computer systems having the same software elements , comprising , inputting a capability key , C k , into the computer system for unlocking a selected software element where said selected software element is one said plurability of software elements , said capability key specifying authorization being possessed by the user with respect to said selected software element in said system , accessing the identity key , I k , stored in the computer system for identifying the computer system , transforming the capability key , C k , with the identity key , I k , to form a transformed key , T k , accessing a stored key , S k , for said selected software element , said stored key defining authorization for unlocking said selected software element , compairing said transformed key , T k , and said stored key , S k , allowing access to said selected software element if the stored key corresponding to said selected element matches said transformed key , storing said capability key in the corresponding capability key field of the element directory if said transformed key matches said stored key corresponding to said selected one element .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US4685055A

Filed: 1985-07-01     Issued: 1987-08-04

Method and system for controlling use of protected software

(Original Assignee) CORBAN INTERNATIONAL Ltd A CORP OF ANGUILLA     (Current Assignee) CORBAN INTERNATIONAL Ltd A CORP OF ANGUILLA

Richard B. Thomas
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software (computer software) , the protection software comprising security means (working memory) operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US4685055A
CLAIM 1 . A central control system for protecting computer software (computer software) , comprising : (A) a protected software package , including (1) a software unit having an ascertainable serial number , (2) a protection subroutine having a unique reference code , including (a) means for establishing communication with an ESD , (b) means for generating ESD interrogation signals , and (c) means for causing completion of execution of said protected software by a host computer in communication with said ESD only if said protection subroutine recognizes an identifier signal generated by said ESD , and (3) a validation program which communicates a validation code to said ESD ;
(B) an ESD having an ascertainable identification number electronically connected to said software package , including means for generating identifier signals in response to said interrogation signals ;
(C) a secure computer having a working memory (security means) electronically connected to said host computer containing (1) said software serial number and the corresponding unique reference code , and (2) means for generating said validation code in response to inputs of said software serial number and said ESD identifier ;
and (D) communication means electronically interconnecting said secure computer , said ESD and said protected software package for transmiting said validation code to said protected software package .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (computer software) in accordance with claim 1 . 		US4685055A
CLAIM 1 . A central control system for protecting computer software (computer software) , comprising : (A) a protected software package , including (1) a software unit having an ascertainable serial number , (2) a protection subroutine having a unique reference code , including (a) means for establishing communication with an ESD , (b) means for generating ESD interrogation signals , and (c) means for causing completion of execution of said protected software by a host computer in communication with said ESD only if said protection subroutine recognizes an identifier signal generated by said ESD , and (3) a validation program which communicates a validation code to said ESD ;
(B) an ESD having an ascertainable identification number electronically connected to said software package , including means for generating identifier signals in response to said interrogation signals ;
(C) a secure computer having a working memory electronically connected to said host computer containing (1) said software serial number and the corresponding unique reference code , and (2) means for generating said validation code in response to inputs of said software serial number and said ESD identifier ;
and (D) communication means electronically interconnecting said secure computer , said ESD and said protected software package for transmiting said validation code to said protected software package .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (computer software) protected by means of computer software in accordance with claim 1 . 		US4685055A
CLAIM 1 . A central control system for protecting computer software (computer software) , comprising : (A) a protected software package , including (1) a software unit having an ascertainable serial number , (2) a protection subroutine having a unique reference code , including (a) means for establishing communication with an ESD , (b) means for generating ESD interrogation signals , and (c) means for causing completion of execution of said protected software by a host computer in communication with said ESD only if said protection subroutine recognizes an identifier signal generated by said ESD , and (3) a validation program which communicates a validation code to said ESD ;
(B) an ESD having an ascertainable identification number electronically connected to said software package , including means for generating identifier signals in response to said interrogation signals ;
(C) a secure computer having a working memory electronically connected to said host computer containing (1) said software serial number and the corresponding unique reference code , and (2) means for generating said validation code in response to inputs of said software serial number and said ESD identifier ;
and (D) communication means electronically interconnecting said secure computer , said ESD and said protected software package for transmiting said validation code to said protected software package .

US7162735B2
CLAIM 13 . The arrangement of claim 12 , wherein at least one embedding location is identified when the protected code is executed , the security means (working memory) is written to the embedding location . 		US4685055A
CLAIM 1 . A central control system for protecting computer software , comprising : (A) a protected software package , including (1) a software unit having an ascertainable serial number , (2) a protection subroutine having a unique reference code , including (a) means for establishing communication with an ESD , (b) means for generating ESD interrogation signals , and (c) means for causing completion of execution of said protected software by a host computer in communication with said ESD only if said protection subroutine recognizes an identifier signal generated by said ESD , and (3) a validation program which communicates a validation code to said ESD ;
(B) an ESD having an ascertainable identification number electronically connected to said software package , including means for generating identifier signals in response to said interrogation signals ;
(C) a secure computer having a working memory (security means) electronically connected to said host computer containing (1) said software serial number and the corresponding unique reference code , and (2) means for generating said validation code in response to inputs of said software serial number and said ESD identifier ;
and (D) communication means electronically interconnecting said secure computer , said ESD and said protected software package for transmiting said validation code to said protected software package .

US7162735B2
CLAIM 32 . The arrangement of claim 29 , wherein the steps include at least one step which initiates operation of security means (working memory) operable to detect corruption of the protected data . 		US4685055A
CLAIM 1 . A central control system for protecting computer software , comprising : (A) a protected software package , including (1) a software unit having an ascertainable serial number , (2) a protection subroutine having a unique reference code , including (a) means for establishing communication with an ESD , (b) means for generating ESD interrogation signals , and (c) means for causing completion of execution of said protected software by a host computer in communication with said ESD only if said protection subroutine recognizes an identifier signal generated by said ESD , and (3) a validation program which communicates a validation code to said ESD ;
(B) an ESD having an ascertainable identification number electronically connected to said software package , including means for generating identifier signals in response to said interrogation signals ;
(C) a secure computer having a working memory (security means) electronically connected to said host computer containing (1) said software serial number and the corresponding unique reference code , and (2) means for generating said validation code in response to inputs of said software serial number and said ESD identifier ;
and (D) communication means electronically interconnecting said secure computer , said ESD and said protected software package for transmiting said validation code to said protected software package .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US4688169A

Filed: 1985-05-30     Issued: 1987-08-18

Computer software security system

(Original Assignee) Joshi Bhagirath S     

Bhagirath S. Joshi
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software (computer software) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US4688169A
CLAIM 1 . A computer software (computer software) security system for restricting execution of a program to a particular machine comprising : first storage means for storing a machine identification code unique to said machine ;
second storage means for storing a machine identification code in said program ;
means , responsive to said second storage means , for determining the presence of said machine identification code in said second storage means during execution of said program ;
means , responsive to said first storage means , for retrieving said unique machine identification code from said first storage means ;
means , responsive to said means for determining and said means for retrieving , for comparing said unique machine identification code from said first storage means with said machine identification code in said second storage means ;
and means , responsive to said means for comparing , for preventing further execution of said program unless both said machine identification codes are present and match .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (computer software) in accordance with claim 1 . 		US4688169A
CLAIM 1 . A computer software (computer software) security system for restricting execution of a program to a particular machine comprising : first storage means for storing a machine identification code unique to said machine ;
second storage means for storing a machine identification code in said program ;
means , responsive to said second storage means , for determining the presence of said machine identification code in said second storage means during execution of said program ;
means , responsive to said first storage means , for retrieving said unique machine identification code from said first storage means ;
means , responsive to said means for determining and said means for retrieving , for comparing said unique machine identification code from said first storage means with said machine identification code in said second storage means ;
and means , responsive to said means for comparing , for preventing further execution of said program unless both said machine identification codes are present and match .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (computer software) protected by means of computer software in accordance with claim 1 . 		US4688169A
CLAIM 1 . A computer software (computer software) security system for restricting execution of a program to a particular machine comprising : first storage means for storing a machine identification code unique to said machine ;
second storage means for storing a machine identification code in said program ;
means , responsive to said second storage means , for determining the presence of said machine identification code in said second storage means during execution of said program ;
means , responsive to said first storage means , for retrieving said unique machine identification code from said first storage means ;
means , responsive to said means for determining and said means for retrieving , for comparing said unique machine identification code from said first storage means with said machine identification code in said second storage means ;
and means , responsive to said means for comparing , for preventing further execution of said program unless both said machine identification codes are present and match .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		US4688169A
CLAIM 3 . The software system of claim 2 in which said memory (relocation code) circuit includes a storage circuit printed on a circuit board in said machine .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US4688169A
CLAIM 3 . The software system of claim 2 in which said memory (relocation code) circuit includes a storage circuit printed on a circuit board in said machine .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (memory circuit) will cause the executable conversion code to be executed when seeking to access the protected data . 		US4688169A
CLAIM 2 . The software security system of claim 1 in which said first storage means is a memory circuit (processor means) .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US4688169A
CLAIM 3 . The software system of claim 2 in which said memory (relocation code) circuit includes a storage circuit printed on a circuit board in said machine .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US4688169A
CLAIM 3 . The software system of claim 2 in which said memory (relocation code) circuit includes a storage circuit printed on a circuit board in said machine .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US4577289A

Filed: 1983-12-30     Issued: 1986-03-18

Hardware key-on-disk system for copy-protecting magnetic storage media

(Original Assignee) International Business Machines Corp     (Current Assignee) International Business Machines Corp

Liam D. Comerford, Steve R. White
US7162735B2
CLAIM 1 . Computer software (hardware key) operable to provide protection for a second item of computer software (hardware key) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US4577289A
CLAIM 49 . A method of forming a hardware key (Computer software, computer software, computer memory device containing computer software) on a magnetic medium to indicate that said magnetic medium is an original and not a copy , said method comprising the step of : introducing indicia into predetermined areas of said magnetic medium to create said key , with data read from said areas differing from data written to said areas , due to the presence of said indicia , as said indicia do not respond to a magnetic field by changing the pattern of magnetic domains therein .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (hardware key) in accordance with claim 1 . 		US4577289A
CLAIM 49 . A method of forming a hardware key (Computer software, computer software, computer memory device containing computer software) on a magnetic medium to indicate that said magnetic medium is an original and not a copy , said method comprising the step of : introducing indicia into predetermined areas of said magnetic medium to create said key , with data read from said areas differing from data written to said areas , due to the presence of said indicia , as said indicia do not respond to a magnetic field by changing the pattern of magnetic domains therein .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (hardware key) protected by means of computer software in accordance with claim 1 . 		US4577289A
CLAIM 49 . A method of forming a hardware key (Computer software, computer software, computer memory device containing computer software) on a magnetic medium to indicate that said magnetic medium is an original and not a copy , said method comprising the step of : introducing indicia into predetermined areas of said magnetic medium to create said key , with data read from said areas differing from data written to said areas , due to the presence of said indicia , as said indicia do not respond to a magnetic field by changing the pattern of magnetic domains therein .

US7162735B2
CLAIM 7 . Computer software (hardware key) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US4577289A
CLAIM 49 . A method of forming a hardware key (Computer software, computer software, computer memory device containing computer software) on a magnetic medium to indicate that said magnetic medium is an original and not a copy , said method comprising the step of : introducing indicia into predetermined areas of said magnetic medium to create said key , with data read from said areas differing from data written to said areas , due to the presence of said indicia , as said indicia do not respond to a magnetic field by changing the pattern of magnetic domains therein .

US7162735B2
CLAIM 25 . The arrangement of claim 18 , wherein the or each algorithm for converting code (third storage) is a CRC algorithm . 		US4577289A
CLAIM 29 . The combination claimed in claim 26 , including : a binary coded masking pattern which is stored in said portions of said medium ;
means for reading said masking pattern from said portions and storing it in a third storage (converting code) location prior to said test pattern being written therein ;
and means for rewriting said masking pattern into said portions , subsequent to the reading of said stored pattern therefrom , to hide the operation used to test if said particular medium is an original .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US4573119A

Filed: 1983-07-11     Issued: 1986-02-25

Computer software protection system

(Original Assignee) Westheimer Thomas O; Hipson Peter D     

Thomas O. Westheimer, Peter D. Hipson
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item (encoding scheme) of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US4573119A
CLAIM 5 . A method for protecting software encoded in accordance with a predetermined encoding scheme (second item) from unauthorized use , alteration , misappropriation and the like , for use on a computer system having a central processing unit a main memory and a bi-directional data transform circuit and an address transform circuit which respectively transform address and data words in accordance with a predetermined transform arrangement , while at the same time in no way interfering with the ability of said computer system to use non-encoded software without impediment , comprising the steps of : including in said software to be protected an operation code sequence in accordance with said predetermined encoding scheme , including in said sequence a transform operation code followed by an upper and a lower memory boundary address , which boundary addresses define a transform area of said main memory , operating said central processing unit with said protected software , detecting in said computer system the presence of said transform operation code and thereupon enabling a boundary address latch circuit and reading into said enabled boundary address latch circuit said upper and lower memory boundary addresses which follow said transform operation code and which define said transform area of main memory , comparing each address of each subsequent operation code word of said sequence with said latched upper and lower memory boundary addresses , and enabling said bi-directional data transform circuit and said address transform circuit upon determination that the address of the operation code being compared lies within said transform area , during CPU read operations from said main memory , decoding with said data transform circuit each data word and decoding with said address transform circuit each address word which follows said transform operation code in accordance with a predetermined inverse of said predetermined transform arrangement whenever each such data word and each such address word also lie within said transform area , and during CPU write operations to said main memory , encoding with said bi-directional data transform circuit each data word put out which follows said transform enabling operation code in accordance with said transform arrangement in the event that each such data word also is to be stored within said transform area .

US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US4573119A
CLAIM 5 . A method for protecting software encoded in accordance with a predetermined encoding scheme from unauthorized use , alteration , misappropriation and the like , for use on a computer system (computer system) having a central processing unit a main memory and a bi-directional data transform circuit and an address transform circuit which respectively transform address and data words in accordance with a predetermined transform arrangement , while at the same time in no way interfering with the ability of said computer system to use non-encoded software without impediment , comprising the steps of : including in said software to be protected an operation code sequence in accordance with said predetermined encoding scheme , including in said sequence a transform operation code followed by an upper and a lower memory boundary address , which boundary addresses define a transform area of said main memory , operating said central processing unit with said protected software , detecting in said computer system the presence of said transform operation code and thereupon enabling a boundary address latch circuit and reading into said enabled boundary address latch circuit said upper and lower memory boundary addresses which follow said transform operation code and which define said transform area of main memory , comparing each address of each subsequent operation code word of said sequence with said latched upper and lower memory boundary addresses , and enabling said bi-directional data transform circuit and said address transform circuit upon determination that the address of the operation code being compared lies within said transform area , during CPU read operations from said main memory , decoding with said data transform circuit each data word and decoding with said address transform circuit each address word which follows said transform operation code in accordance with a predetermined inverse of said predetermined transform arrangement whenever each such data word and each such address word also lie within said transform area , and during CPU write operations to said main memory , encoding with said bi-directional data transform circuit each data word put out which follows said transform enabling operation code in accordance with said transform arrangement in the event that each such data word also is to be stored within said transform area .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code (unauthorized access) , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions (memory boundary, first way) to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US4573119A
CLAIM 5 . A method for protecting software encoded in accordance with a predetermined encoding scheme from unauthorized use , alteration , misappropriation and the like , for use on a computer system having a central processing unit a main memory and a bi-directional data transform circuit and an address transform circuit which respectively transform address and data words in accordance with a predetermined transform arrangement , while at the same time in no way interfering with the ability of said computer system to use non-encoded software without impediment , comprising the steps of : including in said software to be protected an operation code sequence in accordance with said predetermined encoding scheme , including in said sequence a transform operation code followed by an upper and a lower memory boundary (executable instructions, call instructions, decryption instructions, remaining call instructions) address , which boundary addresses define a transform area of said main memory , operating said central processing unit with said protected software , detecting in said computer system the presence of said transform operation code and thereupon enabling a boundary address latch circuit and reading into said enabled boundary address latch circuit said upper and lower memory boundary addresses which follow said transform operation code and which define said transform area of main memory , comparing each address of each subsequent operation code word of said sequence with said latched upper and lower memory boundary addresses , and enabling said bi-directional data transform circuit and said address transform circuit upon determination that the address of the operation code being compared lies within said transform area , during CPU read operations from said main memory , decoding with said data transform circuit each data word and decoding with said address transform circuit each address word which follows said transform operation code in accordance with a predetermined inverse of said predetermined transform arrangement whenever each such data word and each such address word also lie within said transform area , and during CPU write operations to said main memory , encoding with said bi-directional data transform circuit each data word put out which follows said transform enabling operation code in accordance with said transform arrangement in the event that each such data word also is to be stored within said transform area .

US4573119A
CLAIM 8 . A method for operating a computing system including a central processing unit , a main memory and a selectively operable transform circuit intercepting data and address buses interconnecting said central processing unit and said main memory in at least two ways : a first way (executable instructions, call instructions, decryption instructions, remaining call instructions) for use with an unencrypted software control program , and a second way for use with a software control program which has been encrypted in accordance with a predetermined encryption scheme to prevent unauthorized use , said encrypted software control program including a unique transform operation code word , followed with two memory address boundary words one of which identifies an upper boundary of a transform region of main memory and the other of which indentifies a lower boundary of the transform region , said second way of said method comprising the steps of : detecting the occurrence of the transform operation code word during program execution , and thereupon recording the two memory address boundary words to fix the transform region of main memory , testing each subsequent operation code word to determine whether it addresses main memory within the transform region and thereupon operating the transformation circuit by decoding each address word addressing a location within the transform region in accordance with a predetermined address decoding scheme of the transform circuit which correlates to the encryption of the software and decoding each data word read at a location within the transform region in accordance with a predetermined data decoding scheme of the transform circuit which correlates to the encryption of the software during memory read operations of the system , and encoding each word to be written at a location within the transform region in accordance with a predetermined encoding scheme of the transform circuit which correlates to the encryption of the software during memory write operations of the system .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means (writing data) containing a digital protection arrangement according to claim 4 . 		US4573119A
CLAIM 5 . A method for protecting software encoded in accordance with a predetermined encoding scheme from unauthorized use , alteration , misappropriation and the like , for use on a computer system (computer system) having a central processing unit a main memory and a bi-directional data transform circuit and an address transform circuit which respectively transform address and data words in accordance with a predetermined transform arrangement , while at the same time in no way interfering with the ability of said computer system to use non-encoded software without impediment , comprising the steps of : including in said software to be protected an operation code sequence in accordance with said predetermined encoding scheme , including in said sequence a transform operation code followed by an upper and a lower memory boundary address , which boundary addresses define a transform area of said main memory , operating said central processing unit with said protected software , detecting in said computer system the presence of said transform operation code and thereupon enabling a boundary address latch circuit and reading into said enabled boundary address latch circuit said upper and lower memory boundary addresses which follow said transform operation code and which define said transform area of main memory , comparing each address of each subsequent operation code word of said sequence with said latched upper and lower memory boundary addresses , and enabling said bi-directional data transform circuit and said address transform circuit upon determination that the address of the operation code being compared lies within said transform area , during CPU read operations from said main memory , decoding with said data transform circuit each data word and decoding with said address transform circuit each address word which follows said transform operation code in accordance with a predetermined inverse of said predetermined transform arrangement whenever each such data word and each such address word also lie within said transform area , and during CPU write operations to said main memory , encoding with said bi-directional data transform circuit each data word put out which follows said transform enabling operation code in accordance with said transform arrangement in the event that each such data word also is to be stored within said transform area .

US7162735B2
CLAIM 6 . A data carrier (n value) containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US4573119A
CLAIM 3 . The digital computing system set forth in claim 1 in which said address transformation means comprises : read only memory (ROM) means for storing said predetermined address word transform as a secret , predetermined set of address transformation words ;
table lookup means for using selected bits of the digital address word corresponding to a data word put out by said CPU in order to select a transformed address word stored within said ROM for putting out said transformed address word onto said address bus to address said RAM ;
whereby said digital address is transformed into said transformed address as a function of its own value (data carrier) .

US4573119A
CLAIM 5 . A method for protecting software encoded in accordance with a predetermined encoding scheme from unauthorized use , alteration , misappropriation and the like , for use on a computer system (computer system) having a central processing unit a main memory and a bi-directional data transform circuit and an address transform circuit which respectively transform address and data words in accordance with a predetermined transform arrangement , while at the same time in no way interfering with the ability of said computer system to use non-encoded software without impediment , comprising the steps of : including in said software to be protected an operation code sequence in accordance with said predetermined encoding scheme , including in said sequence a transform operation code followed by an upper and a lower memory boundary address , which boundary addresses define a transform area of said main memory , operating said central processing unit with said protected software , detecting in said computer system the presence of said transform operation code and thereupon enabling a boundary address latch circuit and reading into said enabled boundary address latch circuit said upper and lower memory boundary addresses which follow said transform operation code and which define said transform area of main memory , comparing each address of each subsequent operation code word of said sequence with said latched upper and lower memory boundary addresses , and enabling said bi-directional data transform circuit and said address transform circuit upon determination that the address of the operation code being compared lies within said transform area , during CPU read operations from said main memory , decoding with said data transform circuit each data word and decoding with said address transform circuit each address word which follows said transform operation code in accordance with a predetermined inverse of said predetermined transform arrangement whenever each such data word and each such address word also lie within said transform area , and during CPU write operations to said main memory , encoding with said bi-directional data transform circuit each data word put out which follows said transform enabling operation code in accordance with said transform arrangement in the event that each such data word also is to be stored within said transform area .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US4573119A
CLAIM 5 . A method for protecting software encoded in accordance with a predetermined encoding scheme from unauthorized use , alteration , misappropriation and the like , for use on a computer system (computer system) having a central processing unit a main memory and a bi-directional data transform circuit and an address transform circuit which respectively transform address and data words in accordance with a predetermined transform arrangement , while at the same time in no way interfering with the ability of said computer system to use non-encoded software without impediment , comprising the steps of : including in said software to be protected an operation code sequence in accordance with said predetermined encoding scheme , including in said sequence a transform operation code followed by an upper and a lower memory boundary address , which boundary addresses define a transform area of said main memory , operating said central processing unit with said protected software , detecting in said computer system the presence of said transform operation code and thereupon enabling a boundary address latch circuit and reading into said enabled boundary address latch circuit said upper and lower memory boundary addresses which follow said transform operation code and which define said transform area of main memory , comparing each address of each subsequent operation code word of said sequence with said latched upper and lower memory boundary addresses , and enabling said bi-directional data transform circuit and said address transform circuit upon determination that the address of the operation code being compared lies within said transform area , during CPU read operations from said main memory , decoding with said data transform circuit each data word and decoding with said address transform circuit each address word which follows said transform operation code in accordance with a predetermined inverse of said predetermined transform arrangement whenever each such data word and each such address word also lie within said transform area , and during CPU write operations to said main memory , encoding with said bi-directional data transform circuit each data word put out which follows said transform enabling operation code in accordance with said transform arrangement in the event that each such data word also is to be stored within said transform area .

US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (memory boundary, first way) for decryption . 		US4573119A
CLAIM 5 . A method for protecting software encoded in accordance with a predetermined encoding scheme from unauthorized use , alteration , misappropriation and the like , for use on a computer system having a central processing unit a main memory and a bi-directional data transform circuit and an address transform circuit which respectively transform address and data words in accordance with a predetermined transform arrangement , while at the same time in no way interfering with the ability of said computer system to use non-encoded software without impediment , comprising the steps of : including in said software to be protected an operation code sequence in accordance with said predetermined encoding scheme , including in said sequence a transform operation code followed by an upper and a lower memory boundary (executable instructions, call instructions, decryption instructions, remaining call instructions) address , which boundary addresses define a transform area of said main memory , operating said central processing unit with said protected software , detecting in said computer system the presence of said transform operation code and thereupon enabling a boundary address latch circuit and reading into said enabled boundary address latch circuit said upper and lower memory boundary addresses which follow said transform operation code and which define said transform area of main memory , comparing each address of each subsequent operation code word of said sequence with said latched upper and lower memory boundary addresses , and enabling said bi-directional data transform circuit and said address transform circuit upon determination that the address of the operation code being compared lies within said transform area , during CPU read operations from said main memory , decoding with said data transform circuit each data word and decoding with said address transform circuit each address word which follows said transform operation code in accordance with a predetermined inverse of said predetermined transform arrangement whenever each such data word and each such address word also lie within said transform area , and during CPU write operations to said main memory , encoding with said bi-directional data transform circuit each data word put out which follows said transform enabling operation code in accordance with said transform arrangement in the event that each such data word also is to be stored within said transform area .

US4573119A
CLAIM 8 . A method for operating a computing system including a central processing unit , a main memory and a selectively operable transform circuit intercepting data and address buses interconnecting said central processing unit and said main memory in at least two ways : a first way (executable instructions, call instructions, decryption instructions, remaining call instructions) for use with an unencrypted software control program , and a second way for use with a software control program which has been encrypted in accordance with a predetermined encryption scheme to prevent unauthorized use , said encrypted software control program including a unique transform operation code word , followed with two memory address boundary words one of which identifies an upper boundary of a transform region of main memory and the other of which indentifies a lower boundary of the transform region , said second way of said method comprising the steps of : detecting the occurrence of the transform operation code word during program execution , and thereupon recording the two memory address boundary words to fix the transform region of main memory , testing each subsequent operation code word to determine whether it addresses main memory within the transform region and thereupon operating the transformation circuit by decoding each address word addressing a location within the transform region in accordance with a predetermined address decoding scheme of the transform circuit which correlates to the encryption of the software and decoding each data word read at a location within the transform region in accordance with a predetermined data decoding scheme of the transform circuit which correlates to the encryption of the software during memory read operations of the system , and encoding each word to be written at a location within the transform region in accordance with a predetermined encoding scheme of the transform circuit which correlates to the encryption of the software during memory write operations of the system .

US7162735B2
CLAIM 18 . A digital data arrangement comprising : protected data provided in encrypted form ;

decryption instructions (memory boundary, first way) for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US4573119A
CLAIM 5 . A method for protecting software encoded in accordance with a predetermined encoding scheme from unauthorized use , alteration , misappropriation and the like , for use on a computer system having a central processing unit a main memory and a bi-directional data transform circuit and an address transform circuit which respectively transform address and data words in accordance with a predetermined transform arrangement , while at the same time in no way interfering with the ability of said computer system to use non-encoded software without impediment , comprising the steps of : including in said software to be protected an operation code sequence in accordance with said predetermined encoding scheme , including in said sequence a transform operation code followed by an upper and a lower memory boundary (executable instructions, call instructions, decryption instructions, remaining call instructions) address , which boundary addresses define a transform area of said main memory , operating said central processing unit with said protected software , detecting in said computer system the presence of said transform operation code and thereupon enabling a boundary address latch circuit and reading into said enabled boundary address latch circuit said upper and lower memory boundary addresses which follow said transform operation code and which define said transform area of main memory , comparing each address of each subsequent operation code word of said sequence with said latched upper and lower memory boundary addresses , and enabling said bi-directional data transform circuit and said address transform circuit upon determination that the address of the operation code being compared lies within said transform area , during CPU read operations from said main memory , decoding with said data transform circuit each data word and decoding with said address transform circuit each address word which follows said transform operation code in accordance with a predetermined inverse of said predetermined transform arrangement whenever each such data word and each such address word also lie within said transform area , and during CPU write operations to said main memory , encoding with said bi-directional data transform circuit each data word put out which follows said transform enabling operation code in accordance with said transform arrangement in the event that each such data word also is to be stored within said transform area .

US4573119A
CLAIM 8 . A method for operating a computing system including a central processing unit , a main memory and a selectively operable transform circuit intercepting data and address buses interconnecting said central processing unit and said main memory in at least two ways : a first way (executable instructions, call instructions, decryption instructions, remaining call instructions) for use with an unencrypted software control program , and a second way for use with a software control program which has been encrypted in accordance with a predetermined encryption scheme to prevent unauthorized use , said encrypted software control program including a unique transform operation code word , followed with two memory address boundary words one of which identifies an upper boundary of a transform region of main memory and the other of which indentifies a lower boundary of the transform region , said second way of said method comprising the steps of : detecting the occurrence of the transform operation code word during program execution , and thereupon recording the two memory address boundary words to fix the transform region of main memory , testing each subsequent operation code word to determine whether it addresses main memory within the transform region and thereupon operating the transformation circuit by decoding each address word addressing a location within the transform region in accordance with a predetermined address decoding scheme of the transform circuit which correlates to the encryption of the software and decoding each data word read at a location within the transform region in accordance with a predetermined data decoding scheme of the transform circuit which correlates to the encryption of the software during memory read operations of the system , and encoding each word to be written at a location within the transform region in accordance with a predetermined encoding scheme of the transform circuit which correlates to the encryption of the software during memory write operations of the system .

US7162735B2
CLAIM 19 . The arrangement of claim 18 , wherein the decryption instructions (memory boundary, first way) comprise a plurality of blocks of executable code stored in non-executable form , each of which requires execution to decrypt the protected data , and the conversion code is operable to convert each block into an executable form . 		US4573119A
CLAIM 5 . A method for protecting software encoded in accordance with a predetermined encoding scheme from unauthorized use , alteration , misappropriation and the like , for use on a computer system having a central processing unit a main memory and a bi-directional data transform circuit and an address transform circuit which respectively transform address and data words in accordance with a predetermined transform arrangement , while at the same time in no way interfering with the ability of said computer system to use non-encoded software without impediment , comprising the steps of : including in said software to be protected an operation code sequence in accordance with said predetermined encoding scheme , including in said sequence a transform operation code followed by an upper and a lower memory boundary (executable instructions, call instructions, decryption instructions, remaining call instructions) address , which boundary addresses define a transform area of said main memory , operating said central processing unit with said protected software , detecting in said computer system the presence of said transform operation code and thereupon enabling a boundary address latch circuit and reading into said enabled boundary address latch circuit said upper and lower memory boundary addresses which follow said transform operation code and which define said transform area of main memory , comparing each address of each subsequent operation code word of said sequence with said latched upper and lower memory boundary addresses , and enabling said bi-directional data transform circuit and said address transform circuit upon determination that the address of the operation code being compared lies within said transform area , during CPU read operations from said main memory , decoding with said data transform circuit each data word and decoding with said address transform circuit each address word which follows said transform operation code in accordance with a predetermined inverse of said predetermined transform arrangement whenever each such data word and each such address word also lie within said transform area , and during CPU write operations to said main memory , encoding with said bi-directional data transform circuit each data word put out which follows said transform enabling operation code in accordance with said transform arrangement in the event that each such data word also is to be stored within said transform area .

US4573119A
CLAIM 8 . A method for operating a computing system including a central processing unit , a main memory and a selectively operable transform circuit intercepting data and address buses interconnecting said central processing unit and said main memory in at least two ways : a first way (executable instructions, call instructions, decryption instructions, remaining call instructions) for use with an unencrypted software control program , and a second way for use with a software control program which has been encrypted in accordance with a predetermined encryption scheme to prevent unauthorized use , said encrypted software control program including a unique transform operation code word , followed with two memory address boundary words one of which identifies an upper boundary of a transform region of main memory and the other of which indentifies a lower boundary of the transform region , said second way of said method comprising the steps of : detecting the occurrence of the transform operation code word during program execution , and thereupon recording the two memory address boundary words to fix the transform region of main memory , testing each subsequent operation code word to determine whether it addresses main memory within the transform region and thereupon operating the transformation circuit by decoding each address word addressing a location within the transform region in accordance with a predetermined address decoding scheme of the transform circuit which correlates to the encryption of the software and decoding each data word read at a location within the transform region in accordance with a predetermined data decoding scheme of the transform circuit which correlates to the encryption of the software during memory read operations of the system , and encoding each word to be written at a location within the transform region in accordance with a predetermined encoding scheme of the transform circuit which correlates to the encryption of the software during memory write operations of the system .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block is contained within the decryption instructions (memory boundary, first way) . 		US4573119A
CLAIM 5 . A method for protecting software encoded in accordance with a predetermined encoding scheme from unauthorized use , alteration , misappropriation and the like , for use on a computer system having a central processing unit a main memory and a bi-directional data transform circuit and an address transform circuit which respectively transform address and data words in accordance with a predetermined transform arrangement , while at the same time in no way interfering with the ability of said computer system to use non-encoded software without impediment , comprising the steps of : including in said software to be protected an operation code sequence in accordance with said predetermined encoding scheme , including in said sequence a transform operation code followed by an upper and a lower memory boundary (executable instructions, call instructions, decryption instructions, remaining call instructions) address , which boundary addresses define a transform area of said main memory , operating said central processing unit with said protected software , detecting in said computer system the presence of said transform operation code and thereupon enabling a boundary address latch circuit and reading into said enabled boundary address latch circuit said upper and lower memory boundary addresses which follow said transform operation code and which define said transform area of main memory , comparing each address of each subsequent operation code word of said sequence with said latched upper and lower memory boundary addresses , and enabling said bi-directional data transform circuit and said address transform circuit upon determination that the address of the operation code being compared lies within said transform area , during CPU read operations from said main memory , decoding with said data transform circuit each data word and decoding with said address transform circuit each address word which follows said transform operation code in accordance with a predetermined inverse of said predetermined transform arrangement whenever each such data word and each such address word also lie within said transform area , and during CPU write operations to said main memory , encoding with said bi-directional data transform circuit each data word put out which follows said transform enabling operation code in accordance with said transform arrangement in the event that each such data word also is to be stored within said transform area .

US4573119A
CLAIM 8 . A method for operating a computing system including a central processing unit , a main memory and a selectively operable transform circuit intercepting data and address buses interconnecting said central processing unit and said main memory in at least two ways : a first way (executable instructions, call instructions, decryption instructions, remaining call instructions) for use with an unencrypted software control program , and a second way for use with a software control program which has been encrypted in accordance with a predetermined encryption scheme to prevent unauthorized use , said encrypted software control program including a unique transform operation code word , followed with two memory address boundary words one of which identifies an upper boundary of a transform region of main memory and the other of which indentifies a lower boundary of the transform region , said second way of said method comprising the steps of : detecting the occurrence of the transform operation code word during program execution , and thereupon recording the two memory address boundary words to fix the transform region of main memory , testing each subsequent operation code word to determine whether it addresses main memory within the transform region and thereupon operating the transformation circuit by decoding each address word addressing a location within the transform region in accordance with a predetermined address decoding scheme of the transform circuit which correlates to the encryption of the software and decoding each data word read at a location within the transform region in accordance with a predetermined data decoding scheme of the transform circuit which correlates to the encryption of the software during memory read operations of the system , and encoding each word to be written at a location within the transform region in accordance with a predetermined encoding scheme of the transform circuit which correlates to the encryption of the software during memory write operations of the system .

US7162735B2
CLAIM 25 . The arrangement of claim 18 , wherein the or each algorithm for converting code (ring C) is a CRC algorithm . 		US4573119A
CLAIM 5 . A method for protecting software encoded in accordance with a predetermined encoding scheme from unauthorized use , alteration , misappropriation and the like , for use on a computer system having a central processing unit a main memory and a bi-directional data transform circuit and an address transform circuit which respectively transform address and data words in accordance with a predetermined transform arrangement , while at the same time in no way interfering with the ability of said computer system to use non-encoded software without impediment , comprising the steps of : including in said software to be protected an operation code sequence in accordance with said predetermined encoding scheme , including in said sequence a transform operation code followed by an upper and a lower memory boundary address , which boundary addresses define a transform area of said main memory , operating said central processing unit with said protected software , detecting in said computer system the presence of said transform operation code and thereupon enabling a boundary address latch circuit and reading into said enabled boundary address latch circuit said upper and lower memory boundary addresses which follow said transform operation code and which define said transform area of main memory , comparing each address of each subsequent operation code word of said sequence with said latched upper and lower memory boundary addresses , and enabling said bi-directional data transform circuit and said address transform circuit upon determination that the address of the operation code being compared lies within said transform area , during C (converting code) PU read operations from said main memory , decoding with said data transform circuit each data word and decoding with said address transform circuit each address word which follows said transform operation code in accordance with a predetermined inverse of said predetermined transform arrangement whenever each such data word and each such address word also lie within said transform area , and during CPU write operations to said main memory , encoding with said bi-directional data transform circuit each data word put out which follows said transform enabling operation code in accordance with said transform arrangement in the event that each such data word also is to be stored within said transform area .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means (writing data) storing the protected data , decryption instructions (memory boundary, first way) and conversion code with a start point at a memory location (writing data) indicated within the arrangement as the start point for the protected data , whereby the processor means (processing unit) will cause the executable conversion code to be executed when seeking to access the protected data . 		US4573119A
CLAIM 5 . A method for protecting software encoded in accordance with a predetermined encoding scheme from unauthorized use , alteration , misappropriation and the like , for use on a computer system having a central processing unit (processor means) a main memory and a bi-directional data transform circuit and an address transform circuit which respectively transform address and data words in accordance with a predetermined transform arrangement , while at the same time in no way interfering with the ability of said computer system to use non-encoded software without impediment , comprising the steps of : including in said software to be protected an operation code sequence in accordance with said predetermined encoding scheme , including in said sequence a transform operation code followed by an upper and a lower memory boundary (executable instructions, call instructions, decryption instructions, remaining call instructions) address , which boundary addresses define a transform area of said main memory , operating said central processing unit with said protected software , detecting in said computer system the presence of said transform operation code and thereupon enabling a boundary address latch circuit and reading into said enabled boundary address latch circuit said upper and lower memory boundary addresses which follow said transform operation code and which define said transform area of main memory , comparing each address of each subsequent operation code word of said sequence with said latched upper and lower memory boundary addresses , and enabling said bi-directional data transform circuit and said address transform circuit upon determination that the address of the operation code being compared lies within said transform area , during CPU read operations from said main memory , decoding with said data transform circuit each data word and decoding with said address transform circuit each address word which follows said transform operation code in accordance with a predetermined inverse of said predetermined transform arrangement whenever each such data word and each such address word also lie within said transform area , and during CPU write operations to said main memory , encoding with said bi-directional data transform circuit each data word put out which follows said transform enabling operation code in accordance with said transform arrangement in the event that each such data word also is to be stored within said transform area .

US4573119A
CLAIM 8 . A method for operating a computing system including a central processing unit , a main memory and a selectively operable transform circuit intercepting data and address buses interconnecting said central processing unit and said main memory in at least two ways : a first way (executable instructions, call instructions, decryption instructions, remaining call instructions) for use with an unencrypted software control program , and a second way for use with a software control program which has been encrypted in accordance with a predetermined encryption scheme to prevent unauthorized use , said encrypted software control program including a unique transform operation code word , followed with two memory address boundary words one of which identifies an upper boundary of a transform region of main memory and the other of which indentifies a lower boundary of the transform region , said second way of said method comprising the steps of : detecting the occurrence of the transform operation code word during program execution , and thereupon recording the two memory address boundary words to fix the transform region of main memory , testing each subsequent operation code word to determine whether it addresses main memory within the transform region and thereupon operating the transformation circuit by decoding each address word addressing a location within the transform region in accordance with a predetermined address decoding scheme of the transform circuit which correlates to the encryption of the software and decoding each data word read at a location within the transform region in accordance with a predetermined data decoding scheme of the transform circuit which correlates to the encryption of the software during memory read operations of the system , and encoding each word to be written at a location within the transform region in accordance with a predetermined encoding scheme of the transform circuit which correlates to the encryption of the software during memory write operations of the system .

US7162735B2
CLAIM 28 . A data carrier (n value) containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US4573119A
CLAIM 3 . The digital computing system set forth in claim 1 in which said address transformation means comprises : read only memory (ROM) means for storing said predetermined address word transform as a secret , predetermined set of address transformation words ;
table lookup means for using selected bits of the digital address word corresponding to a data word put out by said CPU in order to select a transformed address word stored within said ROM for putting out said transformed address word onto said address bus to address said RAM ;
whereby said digital address is transformed into said transformed address as a function of its own value (data carrier) .

US4573119A
CLAIM 5 . A method for protecting software encoded in accordance with a predetermined encoding scheme from unauthorized use , alteration , misappropriation and the like , for use on a computer system (computer system) having a central processing unit a main memory and a bi-directional data transform circuit and an address transform circuit which respectively transform address and data words in accordance with a predetermined transform arrangement , while at the same time in no way interfering with the ability of said computer system to use non-encoded software without impediment , comprising the steps of : including in said software to be protected an operation code sequence in accordance with said predetermined encoding scheme , including in said sequence a transform operation code followed by an upper and a lower memory boundary address , which boundary addresses define a transform area of said main memory , operating said central processing unit with said protected software , detecting in said computer system the presence of said transform operation code and thereupon enabling a boundary address latch circuit and reading into said enabled boundary address latch circuit said upper and lower memory boundary addresses which follow said transform operation code and which define said transform area of main memory , comparing each address of each subsequent operation code word of said sequence with said latched upper and lower memory boundary addresses , and enabling said bi-directional data transform circuit and said address transform circuit upon determination that the address of the operation code being compared lies within said transform area , during CPU read operations from said main memory , decoding with said data transform circuit each data word and decoding with said address transform circuit each address word which follows said transform operation code in accordance with a predetermined inverse of said predetermined transform arrangement whenever each such data word and each such address word also lie within said transform area , and during CPU write operations to said main memory , encoding with said bi-directional data transform circuit each data word put out which follows said transform enabling operation code in accordance with said transform arrangement in the event that each such data word also is to be stored within said transform area .

US7162735B2
CLAIM 30 . A data carrier (n value) containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US4573119A
CLAIM 3 . The digital computing system set forth in claim 1 in which said address transformation means comprises : read only memory (ROM) means for storing said predetermined address word transform as a secret , predetermined set of address transformation words ;
table lookup means for using selected bits of the digital address word corresponding to a data word put out by said CPU in order to select a transformed address word stored within said ROM for putting out said transformed address word onto said address bus to address said RAM ;
whereby said digital address is transformed into said transformed address as a function of its own value (data carrier) .

US4573119A
CLAIM 5 . A method for protecting software encoded in accordance with a predetermined encoding scheme from unauthorized use , alteration , misappropriation and the like , for use on a computer system (computer system) having a central processing unit a main memory and a bi-directional data transform circuit and an address transform circuit which respectively transform address and data words in accordance with a predetermined transform arrangement , while at the same time in no way interfering with the ability of said computer system to use non-encoded software without impediment , comprising the steps of : including in said software to be protected an operation code sequence in accordance with said predetermined encoding scheme , including in said sequence a transform operation code followed by an upper and a lower memory boundary address , which boundary addresses define a transform area of said main memory , operating said central processing unit with said protected software , detecting in said computer system the presence of said transform operation code and thereupon enabling a boundary address latch circuit and reading into said enabled boundary address latch circuit said upper and lower memory boundary addresses which follow said transform operation code and which define said transform area of main memory , comparing each address of each subsequent operation code word of said sequence with said latched upper and lower memory boundary addresses , and enabling said bi-directional data transform circuit and said address transform circuit upon determination that the address of the operation code being compared lies within said transform area , during CPU read operations from said main memory , decoding with said data transform circuit each data word and decoding with said address transform circuit each address word which follows said transform operation code in accordance with a predetermined inverse of said predetermined transform arrangement whenever each such data word and each such address word also lie within said transform area , and during CPU write operations to said main memory , encoding with said bi-directional data transform circuit each data word put out which follows said transform enabling operation code in accordance with said transform arrangement in the event that each such data word also is to be stored within said transform area .

US7162735B2
CLAIM 34 . A digital data arrangement comprising executable code executable to create a first part (control program, said sub) of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US4573119A
CLAIM 8 . A method for operating a computing system including a central processing unit , a main memory and a selectively operable transform circuit intercepting data and address buses interconnecting said central processing unit and said main memory in at least two ways : a first way for use with an unencrypted software control program (first part) , and a second way for use with a software control program which has been encrypted in accordance with a predetermined encryption scheme to prevent unauthorized use , said encrypted software control program including a unique transform operation code word , followed with two memory address boundary words one of which identifies an upper boundary of a transform region of main memory and the other of which indentifies a lower boundary of the transform region , said second way of said method comprising the steps of : detecting the occurrence of the transform operation code word during program execution , and thereupon recording the two memory address boundary words to fix the transform region of main memory , testing each subsequent operation code word to determine whether it addresses main memory within the transform region and thereupon operating the transformation circuit by decoding each address word addressing a location within the transform region in accordance with a predetermined address decoding scheme of the transform circuit which correlates to the encryption of the software and decoding each data word read at a location within the transform region in accordance with a predetermined data decoding scheme of the transform circuit which correlates to the encryption of the software during memory read operations of the system , and encoding each word to be written at a location within the transform region in accordance with a predetermined encoding scheme of the transform circuit which correlates to the encryption of the software during memory write operations of the system .

US7162735B2
CLAIM 37 . A data carrier (n value) containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US4573119A
CLAIM 3 . The digital computing system set forth in claim 1 in which said address transformation means comprises : read only memory (ROM) means for storing said predetermined address word transform as a secret , predetermined set of address transformation words ;
table lookup means for using selected bits of the digital address word corresponding to a data word put out by said CPU in order to select a transformed address word stored within said ROM for putting out said transformed address word onto said address bus to address said RAM ;
whereby said digital address is transformed into said transformed address as a function of its own value (data carrier) .

US4573119A
CLAIM 5 . A method for protecting software encoded in accordance with a predetermined encoding scheme from unauthorized use , alteration , misappropriation and the like , for use on a computer system (computer system) having a central processing unit a main memory and a bi-directional data transform circuit and an address transform circuit which respectively transform address and data words in accordance with a predetermined transform arrangement , while at the same time in no way interfering with the ability of said computer system to use non-encoded software without impediment , comprising the steps of : including in said software to be protected an operation code sequence in accordance with said predetermined encoding scheme , including in said sequence a transform operation code followed by an upper and a lower memory boundary address , which boundary addresses define a transform area of said main memory , operating said central processing unit with said protected software , detecting in said computer system the presence of said transform operation code and thereupon enabling a boundary address latch circuit and reading into said enabled boundary address latch circuit said upper and lower memory boundary addresses which follow said transform operation code and which define said transform area of main memory , comparing each address of each subsequent operation code word of said sequence with said latched upper and lower memory boundary addresses , and enabling said bi-directional data transform circuit and said address transform circuit upon determination that the address of the operation code being compared lies within said transform area , during CPU read operations from said main memory , decoding with said data transform circuit each data word and decoding with said address transform circuit each address word which follows said transform operation code in accordance with a predetermined inverse of said predetermined transform arrangement whenever each such data word and each such address word also lie within said transform area , and during CPU write operations to said main memory , encoding with said bi-directional data transform circuit each data word put out which follows said transform enabling operation code in accordance with said transform arrangement in the event that each such data word also is to be stored within said transform area .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions (memory boundary, first way) to the security code (unauthorized access) ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US4573119A
CLAIM 6 . The software protection method set forth in claim 5 further comprising the step of selectively disabling said transform circuits of said computer system by executing in said CPU a transform operation code followed by an upper and a lower memory boundary (executable instructions, call instructions, decryption instructions, remaining call instructions) , which boundaries are equal values and indicate the lowest addressable location in main memory .

US4573119A
CLAIM 8 . A method for operating a computing system including a central processing unit , a main memory and a selectively operable transform circuit intercepting data and address buses interconnecting said central processing unit and said main memory in at least two ways : a first way (executable instructions, call instructions, decryption instructions, remaining call instructions) for use with an unencrypted software control program , and a second way for use with a software control program which has been encrypted in accordance with a predetermined encryption scheme to prevent unauthorized use , said encrypted software control program including a unique transform operation code word , followed with two memory address boundary words one of which identifies an upper boundary of a transform region of main memory and the other of which indentifies a lower boundary of the transform region , said second way of said method comprising the steps of : detecting the occurrence of the transform operation code word during program execution , and thereupon recording the two memory address boundary words to fix the transform region of main memory , testing each subsequent operation code word to determine whether it addresses main memory within the transform region and thereupon operating the transformation circuit by decoding each address word addressing a location within the transform region in accordance with a predetermined address decoding scheme of the transform circuit which correlates to the encryption of the software and decoding each data word read at a location within the transform region in accordance with a predetermined data decoding scheme of the transform circuit which correlates to the encryption of the software during memory read operations of the system , and encoding each word to be written at a location within the transform region in accordance with a predetermined encoding scheme of the transform circuit which correlates to the encryption of the software during memory write operations of the system .

US7162735B2
CLAIM 40 . A data carrier (n value) containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 38 . 		US4573119A
CLAIM 3 . The digital computing system set forth in claim 1 in which said address transformation means comprises : read only memory (ROM) means for storing said predetermined address word transform as a secret , predetermined set of address transformation words ;
table lookup means for using selected bits of the digital address word corresponding to a data word put out by said CPU in order to select a transformed address word stored within said ROM for putting out said transformed address word onto said address bus to address said RAM ;
whereby said digital address is transformed into said transformed address as a function of its own value (data carrier) .

US4573119A
CLAIM 6 . The software protection method set forth in claim 5 further comprising the step of selectively disabling said transform circuits of said computer system (computer system) by executing in said CPU a transform operation code followed by an upper and a lower memory boundary , which boundaries are equal values and indicate the lowest addressable location in main memory .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		GB2119978A

Filed: 1983-04-29     Issued: 1983-11-23

Device for protection against the unauthorized reading of program words stored in a memory

(Original Assignee) Koninklijke Philips NV     (Current Assignee) Koninklijke Philips NV

Hendrik Vrielink
US7162735B2
CLAIM 5 . A computer system comprising memory (first means) means containing a digital protection (said selection) arrangement according to claim 4 . 		GB2119978A
CLAIM 1 . An arrangement for protection against the unauthorized reading of program words stored in a memory , notably a program memory , which forms part of a memory unit , said protection 25 arrangement comprising a data processor unit having an address output which is connected to an address input of the memory in order to address the stored program words during a processing operation in a given sequence which is determined by the data processor unit , characterised in that the memory unit comprises a selection unit , a verification unit , and a data source which is separate from the memory and serves to supply at least one nuisance word which is unrelated to said program words , said selection (digital protection) unit comprising a first input which is connected to a first output of the memory and a second input which is connected to the output of the data source , additional information being added to each program word stored in the memory , a second output of the memory being connected to a first input of the verification unit in order to present said additional information thereto , a second input of the verification unit being connected to a connection of of the memory in order to present program information , said verification unit comprising first means (computer system comprising memory) for storing said additional information when a first program word is read from the memory , said additional information pertaining to a subsequent program word which is determined by said sequence and which succeeds the first program word , said verification unit comprising second means for verifying , when a second program word is read from the memory , whether the program information of the read second program word corresponds to the stored additional information pertaining to the subsequent program word , and for generating a first signal when said verification results in correspondence and , a second singal when said verification results in non-correspondence , the selection unit ' ;
comprising a control input for receiving said first and second signals in order to supply the read program 45 word from the memory on an output under the control of said first signal and to block the supply of the read program word from the memory under the control of said second signal and to replace this read program word on the output by a nuisance word from the data source .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US4558176A

Filed: 1982-09-20     Issued: 1985-12-10

Computer systems to inhibit unauthorized copying, unauthorized usage, and automated cracking of protected software

(Original Assignee) Arnold Mark G; Winkel Mark D     

Mark G. Arnold, Mark D. Winkel
US7162735B2
CLAIM 3 . A computer system (computer system) containing an item of computer software protected by means of computer software in accordance with claim 1 . 		US4558176A
CLAIM 1 . A general purpose computer system (computer system) for executing a plurality of encrypted software packages having provisions that inhibit unauthorized usage of encrypted software instructions comprising : storage means for storing information ;
processing means for executing re-encrypted software instructions from the current package using an execution key common to all re-encrypted software instructions , and for executing unencrypted software instructions ;
said processing means including register/flag means for storing information being processed by said processing means under the control of said software instructions ;
translation means , coupled to said processing means , operative for re-encrypting said plurality of encrypted software packages using said execution key to form a plurality of re-encrypted software packages ;
said translation means including multiple translation prevention means for preventing said translation means from storing a second re-encrypted software package into locations of said storage means occupied by a first re-encrypted software package ;
secure communication means , coupled to said processing means and said translation means , operative for buffering information between said processing means and said translation means , including information describing the region of said storage means occupied by said plurality of re-encrypted software packages ;
said processing means including destruction means for destroying said execution key and the contents of said register/flag means upon receiving a destroy signal ;
package description means for indicating the region of said storage means occupied by said current package ;
violation recognition means , coupled to said destruction means , operative for generating said destroy signal if a re-encrypted software instruction came from a region of said storage means other than the region of said storage means indicated by said package description means ;
and branch allowing means , coupled to said violation recognition means and to said package description means , operative for preventing said violation recognition means from generating said destroy signal when a re-encrypted software instruction executing in said processing means is a handshake instruction originating from a region of said storage means other than the region of said storage means indicated by said package description means , and further for establishing the region of said storage means that contains said handshake instruction as the current package in said package description means , and additionally for erasing a portion of the information contained in said register/flag means .

US7162735B2
CLAIM 4 . A digital data arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions (return address) to the security code , and the security code , when executed , replaces a respective call instruction (call instruction) with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US4558176A
CLAIM 5 . The device of claim 4 , wherein said branch allowing means further comprises : bounds re-establishing means , coupled to said lower bounds memory means , to said upper bounds memory means , to said lower transmitting means , and to said upper transmitting means , operative for replacing a first lower bound in said lower transmitting means with a second lower bound from said lower bounds memory means when said processing means changes control from a first package to a second package , and for additionally replacing a first upper bound in said upper transmitting means with a second upper bound from said upper bounds memory means when said processing means changes control from said first package to said second package ;
control stack means for storing a plurality of return address (respective call, respective target, call instructions) es in secret ;
package calling means , coupled to said control stack means and to said bounds re-establishing means , operative for storing into said control stack means the address of the re-encrypted software instruction immeditely following a package call instruction (call instruction) , and for additionally causing said processing means to branch to the target address of the package call instruction ;
call permitting means , coupled to said bounds destruction means and to said bounds re-establishing means , operative for preventing said bounds destruction means from generating a destroy signal when the current re-encrypted software instruction being executed by said processing means is a handshake instruction branched to by a package call instruction , and for additionally causing said bounds re-establishing means to replace the bounds in said package description means with the bounds of the region containing the handshake instruction that lies at the target address of said package call instruction ;
and package returning means , coupled to said control stack means and to said bounds re-establishing means , operative for recalling and removing the last return address from said control stack means , and for additionally causing said processing means to branch to the return address recalled from said control stack means , and for causing said bounds re-establishing means to replace the bounds in said package description means with the bounds of the region inside of which the return address lies .

US7162735B2
CLAIM 5 . A computer system (computer system) comprising memory means containing a digital protection arrangement according to claim 4 . 		US4558176A
CLAIM 1 . A general purpose computer system (computer system) for executing a plurality of encrypted software packages having provisions that inhibit unauthorized usage of encrypted software instructions comprising : storage means for storing information ;
processing means for executing re-encrypted software instructions from the current package using an execution key common to all re-encrypted software instructions , and for executing unencrypted software instructions ;
said processing means including register/flag means for storing information being processed by said processing means under the control of said software instructions ;
translation means , coupled to said processing means , operative for re-encrypting said plurality of encrypted software packages using said execution key to form a plurality of re-encrypted software packages ;
said translation means including multiple translation prevention means for preventing said translation means from storing a second re-encrypted software package into locations of said storage means occupied by a first re-encrypted software package ;
secure communication means , coupled to said processing means and said translation means , operative for buffering information between said processing means and said translation means , including information describing the region of said storage means occupied by said plurality of re-encrypted software packages ;
said processing means including destruction means for destroying said execution key and the contents of said register/flag means upon receiving a destroy signal ;
package description means for indicating the region of said storage means occupied by said current package ;
violation recognition means , coupled to said destruction means , operative for generating said destroy signal if a re-encrypted software instruction came from a region of said storage means other than the region of said storage means indicated by said package description means ;
and branch allowing means , coupled to said violation recognition means and to said package description means , operative for preventing said violation recognition means from generating said destroy signal when a re-encrypted software instruction executing in said processing means is a handshake instruction originating from a region of said storage means other than the region of said storage means indicated by said package description means , and further for establishing the region of said storage means that contains said handshake instruction as the current package in said package description means , and additionally for erasing a portion of the information contained in said register/flag means .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US4558176A
CLAIM 1 . A general purpose computer system (computer system) for executing a plurality of encrypted software packages having provisions that inhibit unauthorized usage of encrypted software instructions comprising : storage means for storing information ;
processing means for executing re-encrypted software instructions from the current package using an execution key common to all re-encrypted software instructions , and for executing unencrypted software instructions ;
said processing means including register/flag means for storing information being processed by said processing means under the control of said software instructions ;
translation means , coupled to said processing means , operative for re-encrypting said plurality of encrypted software packages using said execution key to form a plurality of re-encrypted software packages ;
said translation means including multiple translation prevention means for preventing said translation means from storing a second re-encrypted software package into locations of said storage means occupied by a first re-encrypted software package ;
secure communication means , coupled to said processing means and said translation means , operative for buffering information between said processing means and said translation means , including information describing the region of said storage means occupied by said plurality of re-encrypted software packages ;
said processing means including destruction means for destroying said execution key and the contents of said register/flag means upon receiving a destroy signal ;
package description means for indicating the region of said storage means occupied by said current package ;
violation recognition means , coupled to said destruction means , operative for generating said destroy signal if a re-encrypted software instruction came from a region of said storage means other than the region of said storage means indicated by said package description means ;
and branch allowing means , coupled to said violation recognition means and to said package description means , operative for preventing said violation recognition means from generating said destroy signal when a re-encrypted software instruction executing in said processing means is a handshake instruction originating from a region of said storage means other than the region of said storage means indicated by said package description means , and further for establishing the region of said storage means that contains said handshake instruction as the current package in said package description means , and additionally for erasing a portion of the information contained in said register/flag means .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 4 . 		US4558176A
CLAIM 1 . A general purpose computer system (computer system) for executing a plurality of encrypted software packages having provisions that inhibit unauthorized usage of encrypted software instructions comprising : storage means for storing information ;
processing means for executing re-encrypted software instructions from the current package using an execution key common to all re-encrypted software instructions , and for executing unencrypted software instructions ;
said processing means including register/flag means for storing information being processed by said processing means under the control of said software instructions ;
translation means , coupled to said processing means , operative for re-encrypting said plurality of encrypted software packages using said execution key to form a plurality of re-encrypted software packages ;
said translation means including multiple translation prevention means for preventing said translation means from storing a second re-encrypted software package into locations of said storage means occupied by a first re-encrypted software package ;
secure communication means , coupled to said processing means and said translation means , operative for buffering information between said processing means and said translation means , including information describing the region of said storage means occupied by said plurality of re-encrypted software packages ;
said processing means including destruction means for destroying said execution key and the contents of said register/flag means upon receiving a destroy signal ;
package description means for indicating the region of said storage means occupied by said current package ;
violation recognition means , coupled to said destruction means , operative for generating said destroy signal if a re-encrypted software instruction came from a region of said storage means other than the region of said storage means indicated by said package description means ;
and branch allowing means , coupled to said violation recognition means and to said package description means , operative for preventing said violation recognition means from generating said destroy signal when a re-encrypted software instruction executing in said processing means is a handshake instruction originating from a region of said storage means other than the region of said storage means indicated by said package description means , and further for establishing the region of said storage means that contains said handshake instruction as the current package in said package description means , and additionally for erasing a portion of the information contained in said register/flag means .

US7162735B2
CLAIM 10 . The arrangement of claim 4 , wherein the protected code comprises encrypted code associated with each call instruction (call instruction) and the security code , upon execution by a call instruction , is operable to decrypt the associated encrypted code and to replace the call instruction and encrypted code with corresponding decrypted code . 		US4558176A
CLAIM 5 . The device of claim 4 , wherein said branch allowing means further comprises : bounds re-establishing means , coupled to said lower bounds memory means , to said upper bounds memory means , to said lower transmitting means , and to said upper transmitting means , operative for replacing a first lower bound in said lower transmitting means with a second lower bound from said lower bounds memory means when said processing means changes control from a first package to a second package , and for additionally replacing a first upper bound in said upper transmitting means with a second upper bound from said upper bounds memory means when said processing means changes control from said first package to said second package ;
control stack means for storing a plurality of return addresses in secret ;
package calling means , coupled to said control stack means and to said bounds re-establishing means , operative for storing into said control stack means the address of the re-encrypted software instruction immeditely following a package call instruction (call instruction) , and for additionally causing said processing means to branch to the target address of the package call instruction ;
call permitting means , coupled to said bounds destruction means and to said bounds re-establishing means , operative for preventing said bounds destruction means from generating a destroy signal when the current re-encrypted software instruction being executed by said processing means is a handshake instruction branched to by a package call instruction , and for additionally causing said bounds re-establishing means to replace the bounds in said package description means with the bounds of the region containing the handshake instruction that lies at the target address of said package call instruction ;
and package returning means , coupled to said control stack means and to said bounds re-establishing means , operative for recalling and removing the last return address from said control stack means , and for additionally causing said processing means to branch to the return address recalled from said control stack means , and for causing said bounds re-establishing means to replace the bounds in said package description means with the bounds of the region inside of which the return address lies .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code operable to change the location of the security code and to modify the call instruction (call instruction) to refer to the new location . 		US4558176A
CLAIM 5 . The device of claim 4 , wherein said branch allowing means further comprises : bounds re-establishing means , coupled to said lower bounds memory means , to said upper bounds memory means , to said lower transmitting means , and to said upper transmitting means , operative for replacing a first lower bound in said lower transmitting means with a second lower bound from said lower bounds memory means when said processing means changes control from a first package to a second package , and for additionally replacing a first upper bound in said upper transmitting means with a second upper bound from said upper bounds memory means when said processing means changes control from said first package to said second package ;
control stack means for storing a plurality of return addresses in secret ;
package calling means , coupled to said control stack means and to said bounds re-establishing means , operative for storing into said control stack means the address of the re-encrypted software instruction immeditely following a package call instruction (call instruction) , and for additionally causing said processing means to branch to the target address of the package call instruction ;
call permitting means , coupled to said bounds destruction means and to said bounds re-establishing means , operative for preventing said bounds destruction means from generating a destroy signal when the current re-encrypted software instruction being executed by said processing means is a handshake instruction branched to by a package call instruction , and for additionally causing said bounds re-establishing means to replace the bounds in said package description means with the bounds of the region containing the handshake instruction that lies at the target address of said package call instruction ;
and package returning means , coupled to said control stack means and to said bounds re-establishing means , operative for recalling and removing the last return address from said control stack means , and for additionally causing said processing means to branch to the return address recalled from said control stack means , and for causing said bounds re-establishing means to replace the bounds in said package description means with the bounds of the region inside of which the return address lies .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key derived from a respective target (return address) block . 		US4558176A
CLAIM 5 . The device of claim 4 , wherein said branch allowing means further comprises : bounds re-establishing means , coupled to said lower bounds memory means , to said upper bounds memory means , to said lower transmitting means , and to said upper transmitting means , operative for replacing a first lower bound in said lower transmitting means with a second lower bound from said lower bounds memory means when said processing means changes control from a first package to a second package , and for additionally replacing a first upper bound in said upper transmitting means with a second upper bound from said upper bounds memory means when said processing means changes control from said first package to said second package ;
control stack means for storing a plurality of return address (respective call, respective target, call instructions) es in secret ;
package calling means , coupled to said control stack means and to said bounds re-establishing means , operative for storing into said control stack means the address of the re-encrypted software instruction immeditely following a package call instruction , and for additionally causing said processing means to branch to the target address of the package call instruction ;
call permitting means , coupled to said bounds destruction means and to said bounds re-establishing means , operative for preventing said bounds destruction means from generating a destroy signal when the current re-encrypted software instruction being executed by said processing means is a handshake instruction branched to by a package call instruction , and for additionally causing said bounds re-establishing means to replace the bounds in said package description means with the bounds of the region containing the handshake instruction that lies at the target address of said package call instruction ;
and package returning means , coupled to said control stack means and to said bounds re-establishing means , operative for recalling and removing the last return address from said control stack means , and for additionally causing said processing means to branch to the return address recalled from said control stack means , and for causing said bounds re-establishing means to replace the bounds in said package description means with the bounds of the region inside of which the return address lies .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 18 . 		US4558176A
CLAIM 1 . A general purpose computer system (computer system) for executing a plurality of encrypted software packages having provisions that inhibit unauthorized usage of encrypted software instructions comprising : storage means for storing information ;
processing means for executing re-encrypted software instructions from the current package using an execution key common to all re-encrypted software instructions , and for executing unencrypted software instructions ;
said processing means including register/flag means for storing information being processed by said processing means under the control of said software instructions ;
translation means , coupled to said processing means , operative for re-encrypting said plurality of encrypted software packages using said execution key to form a plurality of re-encrypted software packages ;
said translation means including multiple translation prevention means for preventing said translation means from storing a second re-encrypted software package into locations of said storage means occupied by a first re-encrypted software package ;
secure communication means , coupled to said processing means and said translation means , operative for buffering information between said processing means and said translation means , including information describing the region of said storage means occupied by said plurality of re-encrypted software packages ;
said processing means including destruction means for destroying said execution key and the contents of said register/flag means upon receiving a destroy signal ;
package description means for indicating the region of said storage means occupied by said current package ;
violation recognition means , coupled to said destruction means , operative for generating said destroy signal if a re-encrypted software instruction came from a region of said storage means other than the region of said storage means indicated by said package description means ;
and branch allowing means , coupled to said violation recognition means and to said package description means , operative for preventing said violation recognition means from generating said destroy signal when a re-encrypted software instruction executing in said processing means is a handshake instruction originating from a region of said storage means other than the region of said storage means indicated by said package description means , and further for establishing the region of said storage means that contains said handshake instruction as the current package in said package description means , and additionally for erasing a portion of the information contained in said register/flag means .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 29 . 		US4558176A
CLAIM 1 . A general purpose computer system (computer system) for executing a plurality of encrypted software packages having provisions that inhibit unauthorized usage of encrypted software instructions comprising : storage means for storing information ;
processing means for executing re-encrypted software instructions from the current package using an execution key common to all re-encrypted software instructions , and for executing unencrypted software instructions ;
said processing means including register/flag means for storing information being processed by said processing means under the control of said software instructions ;
translation means , coupled to said processing means , operative for re-encrypting said plurality of encrypted software packages using said execution key to form a plurality of re-encrypted software packages ;
said translation means including multiple translation prevention means for preventing said translation means from storing a second re-encrypted software package into locations of said storage means occupied by a first re-encrypted software package ;
secure communication means , coupled to said processing means and said translation means , operative for buffering information between said processing means and said translation means , including information describing the region of said storage means occupied by said plurality of re-encrypted software packages ;
said processing means including destruction means for destroying said execution key and the contents of said register/flag means upon receiving a destroy signal ;
package description means for indicating the region of said storage means occupied by said current package ;
violation recognition means , coupled to said destruction means , operative for generating said destroy signal if a re-encrypted software instruction came from a region of said storage means other than the region of said storage means indicated by said package description means ;
and branch allowing means , coupled to said violation recognition means and to said package description means , operative for preventing said violation recognition means from generating said destroy signal when a re-encrypted software instruction executing in said processing means is a handshake instruction originating from a region of said storage means other than the region of said storage means indicated by said package description means , and further for establishing the region of said storage means that contains said handshake instruction as the current package in said package description means , and additionally for erasing a portion of the information contained in said register/flag means .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system (computer system) , is operable as a digital data protection arrangement in accordance with claim 34 . 		US4558176A
CLAIM 1 . A general purpose computer system (computer system) for executing a plurality of encrypted software packages having provisions that inhibit unauthorized usage of encrypted software instructions comprising : storage means for storing information ;
processing means for executing re-encrypted software instructions from the current package using an execution key common to all re-encrypted software instructions , and for executing unencrypted software instructions ;
said processing means including register/flag means for storing information being processed by said processing means under the control of said software instructions ;
translation means , coupled to said processing means , operative for re-encrypting said plurality of encrypted software packages using said execution key to form a plurality of re-encrypted software packages ;
said translation means including multiple translation prevention means for preventing said translation means from storing a second re-encrypted software package into locations of said storage means occupied by a first re-encrypted software package ;
secure communication means , coupled to said processing means and said translation means , operative for buffering information between said processing means and said translation means , including information describing the region of said storage means occupied by said plurality of re-encrypted software packages ;
said processing means including destruction means for destroying said execution key and the contents of said register/flag means upon receiving a destroy signal ;
package description means for indicating the region of said storage means occupied by said current package ;
violation recognition means , coupled to said destruction means , operative for generating said destroy signal if a re-encrypted software instruction came from a region of said storage means other than the region of said storage means indicated by said package description means ;
and branch allowing means , coupled to said violation recognition means and to said package description means , operative for preventing said violation recognition means from generating said destroy signal when a re-encrypted software instruction executing in said processing means is a handshake instruction originating from a region of said storage means other than the region of said storage means indicated by said package description means , and further for establishing the region of said storage means that contains said handshake instruction as the current package in said package description means , and additionally for erasing a portion of the information contained in said register/flag means .

US7162735B2
CLAIM 38 . A digital data arrangement comprising protected code , security code and relocation code , wherein : the protected code comprises at least one call instruction (call instruction) to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US4558176A
CLAIM 5 . The device of claim 4 , wherein said branch allowing means further comprises : bounds re-establishing means , coupled to said lower bounds memory means , to said upper bounds memory means , to said lower transmitting means , and to said upper transmitting means , operative for replacing a first lower bound in said lower transmitting means with a second lower bound from said lower bounds memory means when said processing means changes control from a first package to a second package , and for additionally replacing a first upper bound in said upper transmitting means with a second upper bound from said upper bounds memory means when said processing means changes control from said first package to said second package ;
control stack means for storing a plurality of return addresses in secret ;
package calling means , coupled to said control stack means and to said bounds re-establishing means , operative for storing into said control stack means the address of the re-encrypted software instruction immeditely following a package call instruction (call instruction) , and for additionally causing said processing means to branch to the target address of the package call instruction ;
call permitting means , coupled to said bounds destruction means and to said bounds re-establishing means , operative for preventing said bounds destruction means from generating a destroy signal when the current re-encrypted software instruction being executed by said processing means is a handshake instruction branched to by a package call instruction , and for additionally causing said bounds re-establishing means to replace the bounds in said package description means with the bounds of the region containing the handshake instruction that lies at the target address of said package call instruction ;
and package returning means , coupled to said control stack means and to said bounds re-establishing means , operative for recalling and removing the last return address from said control stack means , and for additionally causing said processing means to branch to the return address recalled from said control stack means , and for causing said bounds re-establishing means to replace the bounds in said package description means with the bounds of the region inside of which the return address lies .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions (return address) to the security code ;

the security code , when called by a call instruction (call instruction) , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US4558176A
CLAIM 5 . The device of claim 4 , wherein said branch allowing means further comprises : bounds re-establishing means , coupled to said lower bounds memory means , to said upper bounds memory means , to said lower transmitting means , and to said upper transmitting means , operative for replacing a first lower bound in said lower transmitting means with a second lower bound from said lower bounds memory means when said processing means changes control from a first package to a second package , and for additionally replacing a first upper bound in said upper transmitting means with a second upper bound from said upper bounds memory means when said processing means changes control from said first package to said second package ;
control stack means for storing a plurality of return address (respective call, respective target, call instructions) es in secret ;
package calling means , coupled to said control stack means and to said bounds re-establishing means , operative for storing into said control stack means the address of the re-encrypted software instruction immeditely following a package call instruction (call instruction) , and for additionally causing said processing means to branch to the target address of the package call instruction ;
call permitting means , coupled to said bounds destruction means and to said bounds re-establishing means , operative for preventing said bounds destruction means from generating a destroy signal when the current re-encrypted software instruction being executed by said processing means is a handshake instruction branched to by a package call instruction , and for additionally causing said bounds re-establishing means to replace the bounds in said package description means with the bounds of the region containing the handshake instruction that lies at the target address of said package call instruction ;
and package returning means , coupled to said control stack means and to said bounds re-establishing means , operative for recalling and removing the last return address from said control stack means , and for additionally causing said processing means to branch to the return address recalled from said control stack means , and for causing said bounds re-establishing means to replace the bounds in said package description means with the bounds of the region inside of which the return address lies .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US4593353A

Filed: 1981-10-26     Issued: 1986-06-03

Software protection method and apparatus

(Original Assignee) TELECOMMUNICATIONS ASSOC Inc     (Current Assignee) Rainbow Technologies Inc

Andrew Pickholtz
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software (computer software) , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US4593353A
CLAIM 1 . A software protection apparatus using first and second authorization codes and a pseudorandom number , said software protection apparatus for use with a computer , comprising : an external memory device having computer software (computer software) and a first authorization code and a second authorization code at selected data locations , wherein said second authorization code is part of a pseudorandom sequence ;
means for reading said external memory device , said reading means located in the computer ;
pseudorandom number generator device located in the computer and coupled to said reading means , for generating a pseudorandom number in response to said reading means reading said first authorization code from said external memory device , said first authorization code being read prior to execution of said computer software , said pseudorandom number generator device including a sealed casing , thereby preventing identification of the pseudorandom number generator algorthim ;
processing means located in the computer and coupled to said reading means and said pseudorandom number generator device , for comparing the pseudorandom number generated by said pseudorandom number generator device with the second authorization code read from selected data locations in said external memory device , said processing means generating an enable signal in response to a positive comparison of the pseudorandom number with the second authorization code for enabling execution of the computer software stored in said external memory device .

US7162735B2
CLAIM 2 . A computer memory device containing computer software (computer software) in accordance with claim 1 . 		US4593353A
CLAIM 1 . A software protection apparatus using first and second authorization codes and a pseudorandom number , said software protection apparatus for use with a computer , comprising : an external memory device having computer software (computer software) and a first authorization code and a second authorization code at selected data locations , wherein said second authorization code is part of a pseudorandom sequence ;
means for reading said external memory device , said reading means located in the computer ;
pseudorandom number generator device located in the computer and coupled to said reading means , for generating a pseudorandom number in response to said reading means reading said first authorization code from said external memory device , said first authorization code being read prior to execution of said computer software , said pseudorandom number generator device including a sealed casing , thereby preventing identification of the pseudorandom number generator algorthim ;
processing means located in the computer and coupled to said reading means and said pseudorandom number generator device , for comparing the pseudorandom number generated by said pseudorandom number generator device with the second authorization code read from selected data locations in said external memory device , said processing means generating an enable signal in response to a positive comparison of the pseudorandom number with the second authorization code for enabling execution of the computer software stored in said external memory device .

US7162735B2
CLAIM 3 . A computer system containing an item of computer software (computer software) protected by means of computer software in accordance with claim 1 . 		US4593353A
CLAIM 1 . A software protection apparatus using first and second authorization codes and a pseudorandom number , said software protection apparatus for use with a computer , comprising : an external memory device having computer software (computer software) and a first authorization code and a second authorization code at selected data locations , wherein said second authorization code is part of a pseudorandom sequence ;
means for reading said external memory device , said reading means located in the computer ;
pseudorandom number generator device located in the computer and coupled to said reading means , for generating a pseudorandom number in response to said reading means reading said first authorization code from said external memory device , said first authorization code being read prior to execution of said computer software , said pseudorandom number generator device including a sealed casing , thereby preventing identification of the pseudorandom number generator algorthim ;
processing means located in the computer and coupled to said reading means and said pseudorandom number generator device , for comparing the pseudorandom number generated by said pseudorandom number generator device with the second authorization code read from selected data locations in said external memory device , said processing means generating an enable signal in response to a positive comparison of the pseudorandom number with the second authorization code for enabling execution of the computer software stored in said external memory device .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key (random sequence) derived from a respective target block . 		US4593353A
CLAIM 1 . A software protection apparatus using first and second authorization codes and a pseudorandom number , said software protection apparatus for use with a computer , comprising : an external memory device having computer software and a first authorization code and a second authorization code at selected data locations , wherein said second authorization code is part of a pseudorandom sequence (respective conversion key) ;
means for reading said external memory device , said reading means located in the computer ;
pseudorandom number generator device located in the computer and coupled to said reading means , for generating a pseudorandom number in response to said reading means reading said first authorization code from said external memory device , said first authorization code being read prior to execution of said computer software , said pseudorandom number generator device including a sealed casing , thereby preventing identification of the pseudorandom number generator algorthim ;
processing means located in the computer and coupled to said reading means and said pseudorandom number generator device , for comparing the pseudorandom number generated by said pseudorandom number generator device with the second authorization code read from selected data locations in said external memory device , said processing means generating an enable signal in response to a positive comparison of the pseudorandom number with the second authorization code for enabling execution of the computer software stored in said external memory device .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (processing means) operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US4593353A
CLAIM 1 . A software protection apparatus using first and second authorization codes and a pseudorandom number , said software protection apparatus for use with a computer , comprising : an external memory device having computer software and a first authorization code and a second authorization code at selected data locations , wherein said second authorization code is part of a pseudorandom sequence ;
means for reading said external memory device , said reading means located in the computer ;
pseudorandom number generator device located in the computer and coupled to said reading means , for generating a pseudorandom number in response to said reading means reading said first authorization code from said external memory device , said first authorization code being read prior to execution of said computer software , said pseudorandom number generator device including a sealed casing , thereby preventing identification of the pseudorandom number generator algorthim ;
processing means (processing means) located in the computer and coupled to said reading means and said pseudorandom number generator device , for comparing the pseudorandom number generated by said pseudorandom number generator device with the second authorization code read from selected data locations in said external memory device , said processing means generating an enable signal in response to a positive comparison of the pseudorandom number with the second authorization code for enabling execution of the computer software stored in said external memory device .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US4471163A

Filed: 1981-10-05     Issued: 1984-09-11

Software protection system

(Original Assignee) Donald Thomas C; Donald Henry W     (Current Assignee) CHRONOGUARD LLC ; DONALD LYNN DUTY & DONALD THOMAS CLAUDE AS TRUSTEES OF CHRONOGUARD TRUST ; DONALD LYNN DUTY AS TRUSTEE OF DUTY TRUST ; DONALD SARAH HOLLIS ; DONALD THOMAS CHRISTOPHER

Thomas C. Donald, Henry W. Donald
US7162735B2
CLAIM 1 . Computer software operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block (locking means) of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US4471163A
CLAIM 2 . A system as set forth in claim 1 wherein : said system includes lock identity code generating means for generating a selected class of electrical identification signals C' ;
representative of identification symbols C ;
said symbols to which said key generating means is responsive have a common derivative to that of said identification symbols C ;
said process limiting means includes electronic locking means (target block) in turn including memory means responsive to said lock identity code generating means for storing said signals C' ;
;
said correlation means comprises a portion of said electronic locking means , and includes means further responsive to a selected correlation between signals C' ;
and K' ;
for providing said correlation output signal .

US7162735B2
CLAIM 4 . A digital data (said time) arrangement comprising protected code and security code , wherein the protected code comprises incomplete executable code , the executable code including one or more call instructions to the security code , and the security code , when executed , replaces a respective call instruction with executable code such that the executable code of the protected code is completed upon execution of all call instructions . 		US4471163A
CLAIM 3 . A system as set forth in claim 2 wherein : said key generating means includes means for generating symbols A and B , representative of a selected real time period , and includable in said symbols K ;
signals A' ;
and B" ;
, representative of said symbols A and B and said selected real time period , are stored via said second translation and memory means ;
said electronic locking means includes time generating means for generating signals T" ;
indicative of current time ;
and said correlation means comprises means responsive to a correlation between the said T" ;
signal , output of said time (digital data) generating means , and said A" ;
and B" ;
signals , aspects of said signals K' ;
, for enabling said correlation output signal of said correlation means .

US7162735B2
CLAIM 6 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said time) protection arrangement in accordance with claim 4 . 		US4471163A
CLAIM 3 . A system as set forth in claim 2 wherein : said key generating means includes means for generating symbols A and B , representative of a selected real time period , and includable in said symbols K ;
signals A' ;
and B" ;
, representative of said symbols A and B and said selected real time period , are stored via said second translation and memory means ;
said electronic locking means includes time generating means for generating signals T" ;
indicative of current time ;
and said correlation means comprises means responsive to a correlation between the said T" ;
signal , output of said time (digital data) generating means , and said A" ;
and B" ;
signals , aspects of said signals K' ;
, for enabling said correlation output signal of said correlation means .

US7162735B2
CLAIM 7 . Computer software which , when installed on a computer system , is operable as a digital data (said time) protection arrangement in accordance with claim 4 . 		US4471163A
CLAIM 3 . A system as set forth in claim 2 wherein : said key generating means includes means for generating symbols A and B , representative of a selected real time period , and includable in said symbols K ;
signals A' ;
and B" ;
, representative of said symbols A and B and said selected real time period , are stored via said second translation and memory means ;
said electronic locking means includes time generating means for generating signals T" ;
indicative of current time ;
and said correlation means comprises means responsive to a correlation between the said T" ;
signal , output of said time (digital data) generating means , and said A" ;
and B" ;
signals , aspects of said signals K' ;
, for enabling said correlation output signal of said correlation means .

US7162735B2
CLAIM 15 . The arrangement of claim 4 , the arrangement further comprising relocation code (said memory) operable to change the location of the security code and to modify the call instruction to refer to the new location . 		US4471163A
CLAIM 7 . A system as set forth in claim 2 wherein : said electronic locking means includes a container means for enclosing at least said memory (relocation code) means , and electrical control means coupled to said container means and said memory means for altering said signal C' ;
upon an entry into said container .

US7162735B2
CLAIM 16 . The arrangement of claim 15 , wherein the relocation code (said memory) is contained within the protected code , to operate repeatedly while the protected code is in use . 		US4471163A
CLAIM 7 . A system as set forth in claim 2 wherein : said electronic locking means includes a container means for enclosing at least said memory (relocation code) means , and electrical control means coupled to said container means and said memory means for altering said signal C' ;
upon an entry into said container .

US7162735B2
CLAIM 18 . A digital data (said time) arrangement comprising : protected data provided in encrypted form ;

decryption instructions for decrypting the protected data , the decryption instructions being provided in a non-executable form ;

and executable conversion code operable to : derive a conversion key from a target block (locking means) of data of the arrangement ;

convert the decryption instructions into an executable form by means of an algorithm that employs the conversion key ;

and execute the decryption instructions to decrypt the protected data , wherein the decryption instructions are converted into an executable form only in the event that the target block of data is unmodified . 		US4471163A
CLAIM 2 . A system as set forth in claim 1 wherein : said system includes lock identity code generating means for generating a selected class of electrical identification signals C' ;
representative of identification symbols C ;
said symbols to which said key generating means is responsive have a common derivative to that of said identification symbols C ;
said process limiting means includes electronic locking means (target block) in turn including memory means responsive to said lock identity code generating means for storing said signals C' ;
;
said correlation means comprises a portion of said electronic locking means , and includes means further responsive to a selected correlation between signals C' ;
and K' ;
for providing said correlation output signal .

US4471163A
CLAIM 3 . A system as set forth in claim 2 wherein : said key generating means includes means for generating symbols A and B , representative of a selected real time period , and includable in said symbols K ;
signals A' ;
and B" ;
, representative of said symbols A and B and said selected real time period , are stored via said second translation and memory means ;
said electronic locking means includes time generating means for generating signals T" ;
indicative of current time ;
and said correlation means comprises means responsive to a correlation between the said T" ;
signal , output of said time (digital data) generating means , and said A" ;
and B" ;
signals , aspects of said signals K' ;
, for enabling said correlation output signal of said correlation means .

US7162735B2
CLAIM 20 . The arrangement of claim 19 , wherein conversion of each block is achieved by a respective conversion key derived from a respective target block (locking means) . 		US4471163A
CLAIM 2 . A system as set forth in claim 1 wherein : said system includes lock identity code generating means for generating a selected class of electrical identification signals C' ;
representative of identification symbols C ;
said symbols to which said key generating means is responsive have a common derivative to that of said identification symbols C ;
said process limiting means includes electronic locking means (target block) in turn including memory means responsive to said lock identity code generating means for storing said signals C' ;
;
said correlation means comprises a portion of said electronic locking means , and includes means further responsive to a selected correlation between signals C' ;
and K' ;
for providing said correlation output signal .

US7162735B2
CLAIM 23 . The arrangement of claim 18 , wherein the or each target block (locking means) is contained within the protected data . 		US4471163A
CLAIM 2 . A system as set forth in claim 1 wherein : said system includes lock identity code generating means for generating a selected class of electrical identification signals C' ;
representative of identification symbols C ;
said symbols to which said key generating means is responsive have a common derivative to that of said identification symbols C ;
said process limiting means includes electronic locking means (target block) in turn including memory means responsive to said lock identity code generating means for storing said signals C' ;
;
said correlation means comprises a portion of said electronic locking means , and includes means further responsive to a selected correlation between signals C' ;
and K' ;
for providing said correlation output signal .

US7162735B2
CLAIM 24 . The arrangement of claim 18 , wherein the or each target block (locking means) is contained within the decryption instructions . 		US4471163A
CLAIM 2 . A system as set forth in claim 1 wherein : said system includes lock identity code generating means for generating a selected class of electrical identification signals C' ;
representative of identification symbols C ;
said symbols to which said key generating means is responsive have a common derivative to that of said identification symbols C ;
said process limiting means includes electronic locking means (target block) in turn including memory means responsive to said lock identity code generating means for storing said signals C' ;
;
said correlation means comprises a portion of said electronic locking means , and includes means further responsive to a selected correlation between signals C' ;
and K' ;
for providing said correlation output signal .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means (processing means) operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means will cause the executable conversion code to be executed when seeking to access the protected data . 		US4471163A
CLAIM 1 . A system for limiting reproduction of an electrically representable process comprising : process means for storing symbols U representative of a series of operations performable by a plurality of electrical signals U' ;
;
symbol generating and storage means for generating and storing a plurality of test symbols V representative of a go/no-go test and performable by a plurality of signals V' ;
;
storage means responsive to said process means and said symbol generating and storage means for storing a composite W of symbols U and V ;
first translation and memory means for translating said symbols W , stored by said storage means into digitally encoded electrical signals W' ;
, including signals U' ;
and V' ;
, representative of symbols U and V , respectively , and storing these signals ;
key generating means comprising means responsive to symbols having , in part , a common derivative to that of said test symbols V for generating key symbols K ;
second translation and memory means for translating symbols K , from said key generating means , into electrical signals K' ;
and storing same ;
signal processing means (processing means) responsive to the receipt of said signals U' ;
for the performance of said series of operations ;
coupling means responsive to a selected input signal for coupling said signals U' ;
from said first translation and memory means to said signal processing means ;
and a process limiting means comprising : correlation means including means for effecting a selected correlation between aspects of said signals V' ;
, from said first translation and memory means , and signals K' ;
, from said second translation and memory means , and for providing a correlation output signal which is a function of said correlation ;
and signal means responsive to a selected output of said correlation means for providing an input signal to said coupling means ;
whereby , upon said selected output of said correlation means , the performance of said series of operations is enabled .

US7162735B2
CLAIM 28 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said time) protection arrangement in accordance with claim 18 . 		US4471163A
CLAIM 3 . A system as set forth in claim 2 wherein : said key generating means includes means for generating symbols A and B , representative of a selected real time period , and includable in said symbols K ;
signals A' ;
and B" ;
, representative of said symbols A and B and said selected real time period , are stored via said second translation and memory means ;
said electronic locking means includes time generating means for generating signals T" ;
indicative of current time ;
and said correlation means comprises means responsive to a correlation between the said T" ;
signal , output of said time (digital data) generating means , and said A" ;
and B" ;
signals , aspects of said signals K' ;
, for enabling said correlation output signal of said correlation means .

US7162735B2
CLAIM 29 . A digital data (said time) arrangement comprising executable code executable to create protected data , wherein the protected data contains at least one executable instruction which contains a plurality of steps , the steps being executable in more than one order to implement the instruction , and the executable code being operable to create the protected data by creating the steps in an order which changes on each execution of the executable code . 		US4471163A
CLAIM 3 . A system as set forth in claim 2 wherein : said key generating means includes means for generating symbols A and B , representative of a selected real time period , and includable in said symbols K ;
signals A' ;
and B" ;
, representative of said symbols A and B and said selected real time period , are stored via said second translation and memory means ;
said electronic locking means includes time generating means for generating signals T" ;
indicative of current time ;
and said correlation means comprises means responsive to a correlation between the said T" ;
signal , output of said time (digital data) generating means , and said A" ;
and B" ;
signals , aspects of said signals K' ;
, for enabling said correlation output signal of said correlation means .

US7162735B2
CLAIM 30 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said time) protection arrangement in accordance with claim 29 . 		US4471163A
CLAIM 3 . A system as set forth in claim 2 wherein : said key generating means includes means for generating symbols A and B , representative of a selected real time period , and includable in said symbols K ;
signals A' ;
and B" ;
, representative of said symbols A and B and said selected real time period , are stored via said second translation and memory means ;
said electronic locking means includes time generating means for generating signals T" ;
indicative of current time ;
and said correlation means comprises means responsive to a correlation between the said T" ;
signal , output of said time (digital data) generating means , and said A" ;
and B" ;
signals , aspects of said signals K' ;
, for enabling said correlation output signal of said correlation means .

US7162735B2
CLAIM 34 . A digital data (said time) arrangement comprising executable code executable to create a first part (said series) of protected code and to execute the first part of protected code , and to subsequently create a second part of protected code and to execute the second part of protected code , wherein the first part of protected code is corrupted upon creation of the second part of protected code . 		US4471163A
CLAIM 1 . A system for limiting reproduction of an electrically representable process comprising : process means for storing symbols U representative of a series of operations performable by a plurality of electrical signals U' ;
;
symbol generating and storage means for generating and storing a plurality of test symbols V representative of a go/no-go test and performable by a plurality of signals V' ;
;
storage means responsive to said process means and said symbol generating and storage means for storing a composite W of symbols U and V ;
first translation and memory means for translating said symbols W , stored by said storage means into digitally encoded electrical signals W' ;
, including signals U' ;
and V' ;
, representative of symbols U and V , respectively , and storing these signals ;
key generating means comprising means responsive to symbols having , in part , a common derivative to that of said test symbols V for generating key symbols K ;
second translation and memory means for translating symbols K , from said key generating means , into electrical signals K' ;
and storing same ;
signal processing means responsive to the receipt of said signals U' ;
for the performance of said series (first part) of operations ;
coupling means responsive to a selected input signal for coupling said signals U' ;
from said first translation and memory means to said signal processing means ;
and a process limiting means comprising : correlation means including means for effecting a selected correlation between aspects of said signals V' ;
, from said first translation and memory means , and signals K' ;
, from said second translation and memory means , and for providing a correlation output signal which is a function of said correlation ;
and signal means responsive to a selected output of said correlation means for providing an input signal to said coupling means ;
whereby , upon said selected output of said correlation means , the performance of said series of operations is enabled .

US4471163A
CLAIM 3 . A system as set forth in claim 2 wherein : said key generating means includes means for generating symbols A and B , representative of a selected real time period , and includable in said symbols K ;
signals A' ;
and B" ;
, representative of said symbols A and B and said selected real time period , are stored via said second translation and memory means ;
said electronic locking means includes time generating means for generating signals T" ;
indicative of current time ;
and said correlation means comprises means responsive to a correlation between the said T" ;
signal , output of said time (digital data) generating means , and said A" ;
and B" ;
signals , aspects of said signals K' ;
, for enabling said correlation output signal of said correlation means .

US7162735B2
CLAIM 37 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said time) protection arrangement in accordance with claim 34 . 		US4471163A
CLAIM 3 . A system as set forth in claim 2 wherein : said key generating means includes means for generating symbols A and B , representative of a selected real time period , and includable in said symbols K ;
signals A' ;
and B" ;
, representative of said symbols A and B and said selected real time period , are stored via said second translation and memory means ;
said electronic locking means includes time generating means for generating signals T" ;
indicative of current time ;
and said correlation means comprises means responsive to a correlation between the said T" ;
signal , output of said time (digital data) generating means , and said A" ;
and B" ;
signals , aspects of said signals K' ;
, for enabling said correlation output signal of said correlation means .

US7162735B2
CLAIM 38 . A digital data (said time) arrangement comprising protected code , security code and relocation code (said memory) , wherein : the protected code comprises at least one call instruction to the security code ;

the security code , when executed , detects corruption of the protected code and executes the relocation code in the event that no corruption is detected ;

and the relocation code , when executed , changes the location of the security code and modifies the call instruction to refer to the new location . 		US4471163A
CLAIM 3 . A system as set forth in claim 2 wherein : said key generating means includes means for generating symbols A and B , representative of a selected real time period , and includable in said symbols K ;
signals A' ;
and B" ;
, representative of said symbols A and B and said selected real time period , are stored via said second translation and memory means ;
said electronic locking means includes time generating means for generating signals T" ;
indicative of current time ;
and said correlation means comprises means responsive to a correlation between the said T" ;
signal , output of said time (digital data) generating means , and said A" ;
and B" ;
signals , aspects of said signals K' ;
, for enabling said correlation output signal of said correlation means .

US4471163A
CLAIM 7 . A system as set forth in claim 2 wherein : said electronic locking means includes a container means for enclosing at least said memory (relocation code) means , and electrical control means coupled to said container means and said memory means for altering said signal C' ;
upon an entry into said container .

US7162735B2
CLAIM 39 . The arrangement of claim 38 , wherein : the protected code comprises a plurality of call instructions to the security code ;

the security code , when called by a call instruction , detects corruption of the protected code and , in the event that no corruption is detected , replaces the call instruction with executable code and executes the relocation code (said memory) ;

and the relocation code , when executed , changes the location of the security code and modifies the remaining call instructions to refer to the new location . 		US4471163A
CLAIM 7 . A system as set forth in claim 2 wherein : said electronic locking means includes a container means for enclosing at least said memory (relocation code) means , and electrical control means coupled to said container means and said memory means for altering said signal C' ;
upon an entry into said container .

US7162735B2
CLAIM 40 . A data carrier containing software which , when installed on a computer system , is operable as a digital data (said time) protection arrangement in accordance with claim 38 . 		US4471163A
CLAIM 3 . A system as set forth in claim 2 wherein : said key generating means includes means for generating symbols A and B , representative of a selected real time period , and includable in said symbols K ;
signals A' ;
and B" ;
, representative of said symbols A and B and said selected real time period , are stored via said second translation and memory means ;
said electronic locking means includes time generating means for generating signals T" ;
indicative of current time ;
and said correlation means comprises means responsive to a correlation between the said T" ;
signal , output of said time (digital data) generating means , and said A" ;
and B" ;
signals , aspects of said signals K' ;
, for enabling said correlation output signal of said correlation means .




US7162735B2

Filed: 2000-07-18     Issued: 2007-01-09

Digital data protection arrangement

(Original Assignee) SIMPLEX MAJOR Sdn Bhd     (Current Assignee) Simplex Patents Corp

John Aram Safa		US4433207A

Filed: 1981-09-10     Issued: 1984-02-21

Cryptographic decoder for computer programs

(Original Assignee) Best Robert M     (Current Assignee) Dallas Semiconductor Corp

Robert M. Best
US7162735B2
CLAIM 1 . Computer software (computer program) operable to provide protection for a second item of computer software , the protection software comprising security means operable to authorise execution of the protected software in response to successful completion of one or more security checks , and having at least one block of executable code which is stored in non-executable form and which requires execution to authorise execution of the protected software , and the protection software further comprising conversion means operable to convert the said block of code to an executable form by means of an algorithm which requires at least one conversion key , the conversion means being further operable to derive a conversion key , for use in the algorithm , by reference to a target block of code in executable or non-executable form , whereby an appropriate conversion key will be derived only if the target block is unmodified . 		US4433207A
CLAIM 1 . A cryptographic apparatus for deterring unauthorized execution of computer program (Computer software) s of instructions , the apparatus comprising : table means for storing a plurality of digital addresses and a corresponding plurality of multiple-bit digital words ;
means for determining whether a memory address matches one of the digital addresses in said table means ;
means for enciphering a plurality of instructions or portions of instructions in a selected program to produce enciphered instructions to be stored at memory locations specified by memory addresses , the enciphering being performed on an instruction or portion thereof if said determining means determines that the memory address of the instruction matches one of the digital addresses in said table means , the enciphering being a function of the digital word in said table means corresponding to the matching digital address ;
and means for deciphering one of said enciphered instructions whenever the instruction is fetched for execution from a memory location specified by a memory address matching one of the digital addresses in said table means , the deciphering being performed as a function of the digital word in said table means corresponding to the digital address that matches the memory address of the instruction , thereby restoring enciphered instructions to unenciphered form during execution of said selected program .

US7162735B2
CLAIM 5 . A computer system comprising memory (program key) means containing a digital protection arrangement according to claim 4 . 		US4433207A
CLAIM 14 . A cryptographic apparatus for deterring unauthorized execution of computer programs of instructions stored in enciphered form as a plurality of portions of enciphered information , the apparatus comprising : means for deciphering an enciphered program key (computer system comprising memory) as a function of a secret chip key to produce a deciphered program key corresponding to a selected program ;
means for deciphering portions of said enciphered information as a function of said deciphered program key to produce deciphered instructions in said selected program ;
table means for storing a plurality of digital addresses and a corresponding plurality of multiple-bit digital words ;
means for determining whether a memory address matches one of the digital addresses in said table means ;
means for reenciphering a plurality of said deciphered instructions or portions thereof to produce reenciphered instructions to be stored at memory locations specified by memory addresses , the reenciphering being performed on an instruction or portion thereof if said determining means determines that the memory address of the instruction matches one of the digital addresses in said table means , the reenciphering being a function of the digital word in said table means corresponding to the matching digital address ;
and means for redeciphering one of said reenciphered instructions whenever the instruction is fetched for execution from a memory location specified by a memory address matching one of the digital addresses in said table means , the redeciphering being performed as a function of the digital words in said table means corresponding to the digital address that matches the memory address of the instruction , thereby restoring reenciphered instructions to unenciphered form during execution of said selected program .

US7162735B2
CLAIM 7 . Computer software (computer program) which , when installed on a computer system , is operable as a digital data protection arrangement in accordance with claim 4 . 		US4433207A
CLAIM 1 . A cryptographic apparatus for deterring unauthorized execution of computer program (Computer software) s of instructions , the apparatus comprising : table means for storing a plurality of digital addresses and a corresponding plurality of multiple-bit digital words ;
means for determining whether a memory address matches one of the digital addresses in said table means ;
means for enciphering a plurality of instructions or portions of instructions in a selected program to produce enciphered instructions to be stored at memory locations specified by memory addresses , the enciphering being performed on an instruction or portion thereof if said determining means determines that the memory address of the instruction matches one of the digital addresses in said table means , the enciphering being a function of the digital word in said table means corresponding to the matching digital address ;
and means for deciphering one of said enciphered instructions whenever the instruction is fetched for execution from a memory location specified by a memory address matching one of the digital addresses in said table means , the deciphering being performed as a function of the digital word in said table means corresponding to the digital address that matches the memory address of the instruction , thereby restoring enciphered instructions to unenciphered form during execution of said selected program .

US7162735B2
CLAIM 17 . The arrangement of claim 4 , wherein the protected code is provided in encrypted form , and the arrangement further comprises executable instructions (next sequential instruction) for decryption . 		US4433207A
CLAIM 15 . A cryptographic apparatus for deterring unauthorized execution of computer programs of instructions stored in enciphered form as a plurality of portions of enciphered information , the apparatus comprising : means for deciphering portions of said enciphered information to produce deciphered instructions in a selected program stored at memory locations specified by digital addresses , some of the deciphered instructions being erroneous instructions ;
table means for specifying the digital addresses of said erroneous instructions ;
means for suppressing execution of a fetched instruction whenever the instruction is being fetched from a memory location specified by an address in said table means ;
and means for incrementing the digital address of said suppressed instruction to produce the address of the next sequential instruction (executable instructions) whenever the instruction is being fetched from a memory location specified by an address in said table means , thereby bypassing said erroneous instructions during execution of the selected program .

US7162735B2
CLAIM 25 . The arrangement of claim 18 , wherein the or each algorithm for converting code (digital words) is a CRC algorithm . 		US4433207A
CLAIM 1 . A cryptographic apparatus for deterring unauthorized execution of computer programs of instructions , the apparatus comprising : table means for storing a plurality of digital addresses and a corresponding plurality of multiple-bit digital words (converting code) ;
means for determining whether a memory address matches one of the digital addresses in said table means ;
means for enciphering a plurality of instructions or portions of instructions in a selected program to produce enciphered instructions to be stored at memory locations specified by memory addresses , the enciphering being performed on an instruction or portion thereof if said determining means determines that the memory address of the instruction matches one of the digital addresses in said table means , the enciphering being a function of the digital word in said table means corresponding to the matching digital address ;
and means for deciphering one of said enciphered instructions whenever the instruction is fetched for execution from a memory location specified by a memory address matching one of the digital addresses in said table means , the deciphering being performed as a function of the digital word in said table means corresponding to the digital address that matches the memory address of the instruction , thereby restoring enciphered instructions to unenciphered form during execution of said selected program .

US7162735B2
CLAIM 27 . The arrangement of claim 18 , comprising processing means operable to execute code , and memory means storing the protected data , decryption instructions and conversion code with a start point at a memory location indicated within the arrangement as the start point for the protected data , whereby the processor means (processor means) will cause the executable conversion code to be executed when seeking to access the protected data . 		US4433207A
CLAIM 2 . The apparatus of claim 1 further including microprocessor means (processor means) for fetching and executing said programs of instructions .