|Publication number||USRE42861 E1|
|Application number||US 11/400,074|
|Publication date||Oct 18, 2011|
|Filing date||Apr 7, 2006|
|Priority date||Mar 29, 1999|
|Also published as||US6721891|
|Publication number||11400074, 400074, US RE42861 E1, US RE42861E1, US-E1-RE42861, USRE42861 E1, USRE42861E1|
|Inventors||Stephen J. Borza|
|Original Assignee||Activcard Ireland, Ltd.|
|Export Citation||BiBTeX, EndNote, RefMan|
|Patent Citations (35), Non-Patent Citations (3), Referenced by (1), Classifications (16), Legal Events (4)|
|External Links: USPTO, USPTO Assignment, Espacenet|
This invention relates generally to a method for disabling execution of a software application stored within a computer absent data indicative of an authorised use of the software application and more particularly relates to a method for disabling execution of a software application using a smart card.
Software piracy is causing huge losses in profits for companies developing and selling computer software. The sale and distribution of software designed for general use is based on the assumption that a software provider only wishes to sell a right to use the software to one person or to a select group of people. The seller specifically does not wish the purchaser to distribute the software to other users or to resell the software. Various methods are employed to prevent the purchaser from distributing the software. The most common method of software distribution is via a storage medium. The user is often unrestricted from either copying the software from this storage medium to another one or installing the software from a same storage medium on different computers. This results in undesirable software piracy.
In the past, piracy protection schemes were implemented to prevent a purchaser from making a back up copy of a software application. When a storage medium, such as a floppy disk, that is copy protected becomes damaged, the software provider must replace the storage medium. Some software providers have included a backup copy of the software application along with the original copy to lessen inconvenience when the original copy is damaged, but sometimes even these “backup” copies fail.
Some software providers have avoided software copy protection schemes. Instead these software providers rely on the honesty of the purchaser, the fact that the documentation is difficult to duplicate, and/or a license agreement that the purchaser is expected to honour. The license agreement makes it illicit to distribute the software. Many software providers view convenience as essential for software users and therefore are wary of software piracy protection methods that inconvenience users in any way.
Another method of software protection involves writing to an installation disk to indicate that installation has occurred. This limits a disk to one use. This has many of the aforementioned drawbacks and also is unworkable with CD ROM technology. Using CD ROM technology, a software provider writes a program and other information to a CD ROM which can be written to only once using special hardware for that purpose. Therefore, adding information to a CD ROM during installation is not possible.
With the increasing use of digital communications such as the Internet, computer software is now commonly distributed using these means. In this case, the aforementioned methods of preventing undesired proliferation of pirated software can not be applied; users require some form of backup and this backup is easily distributed to other users. Also, interception of software by unauthorised third parties is a significant risk to software providers.
Computer security is fast becoming an important issue. With the proliferation of computers and computer networks into all aspects of business and daily life—financial, medical, education, government, and communications—the concern over secure file access is growing. Using passwords is a common method of providing security. Password protection is employed for computer network security, automatic teller machines, telephone banking, calling cards, and telephone answering services. These systems generally require knowledge of an entry code that has been selected by a user or has been configured in advance. Examples of commonly used security codes for preventing software piracy include information from a user's manual and a serial number. Unfortunately for use in copy protection, security codes are unworkable since the software is easily transferred with the security code.
A security access system that provides substantially secure access and does not require a password or access code is a biometric identification system. A biometric identification system accepts unique biometric information from a user and identifies the user by matching the information against information belonging to registered users of the system. One such biometric identification system is a fingerprint recognition system.
The use of a biometric imaging device with a personal computer is becoming widespread. In a fingerprint input transducer or sensor, the finger under investigation is usually pressed against a flat surface, such as a side of a glass plate; the ridge and valley pattern of the finger tip is sensed by a sensing means such as an interrogating light beam. Various optical devices are known which employ prisms upon which a finger whose print is to be identified is placed. The prism has a first surface, a platen, upon which a finger is placed, a second surface disposed at an acute angle to the first surface through which the fingerprint is viewed and a third illumination surface through which light is directed into the prism. In some cases, the illumination surface is at an acute angle to the first surface, as seen for example, in U.S. Pat. Nos. 5,187,482 and 5,187,748. In other cases, the illumination surface is parallel to the first surface, as seen for example, in U.S. Pat. Nos. 5,109,427 and 5,233,404. Fingerprint identification devices of this nature are generally used to control the building-access or information-access of individuals to buildings, rooms, and devices such as computer terminals.
U.S. Pat. No. 4,353,056 in the name of Tsikos issued Oct. 5, 1982, discloses an alternative kind of fingerprint sensor that uses a capacitive sensing approach. The described sensor has a two dimensional, row and column, array of capacitors, each comprising a pair of spaced electrodes, carried in a sensing member and covered by an insulating film. The sensors rely upon deformation to the sensing member caused by a finger being placed thereon so as to vary locally the spacing between capacitor electrodes, according to the ridge/trough pattern of the fingerprint, and hence, the capacitance of the capacitors. In one arrangement, the capacitors of each column are connected in series with the columns of capacitors connected in parallel and a voltage is applied across the columns. In another arrangement, a voltage is applied to each individual capacitor in the array. Sensing in the respective two arrangements is accomplished by detecting the change of voltage distribution in the series connected capacitors or by measuring the voltage values of the individual capacitances resulting from local deformation. To achieve this, an individual connection is required from the detection circuit to each capacitor.
Before the advent of computers and imaging devices, research was conducted into fingerprint characterisation and identification. Today, much of the research focus in biometrics has been directed toward improving the input transducer and the quality of the biometric input data. Fingerprint characterisation is well known and can involve many aspects of fingerprint analysis. The analysis of fingerprints is discussed in the following references, which are hereby incorporated by reference:
It is an object of this invention to disable execution of a software application stored within a computer absent data indicative of an authorised use of the software application using a smart card.
In accordance with the invention there is provided a method for protecting a software application from piracy comprising the steps of:
In accordance with the invention there is also provided a method for protecting a software application from piracy comprising the steps of:
In accordance with another aspect of the invention there is provided a system for protecting a software application from piracy comprising:
Preferably the peripheral device comprises a smart card reader and a smart card. More preferably, the peripheral device also comprises a biometric sensor in the form of a fingerprint imager.
An exemplary embodiment of the invention will now be described in conjunction with the attached drawings, in which:
FIG: 4a is a simplified diagram of a system according to the invention for protecting a software application from piracy comprising a smart card reader and a contact imager connected to a computer;
With the advent of personal computers, software piracy—copying software in which copyright exists—proliferated. With the implementation of graphical user interfaces, copying software has become a matter of dragging files from an original diskette to a blank diskette. In fact, software piracy is so prolific that it is estimated that more than one half of software in use today is pirated. Obviously, it is in the best interests of software providers to reduce software piracy.
In the specification and claims that follow all items peripheral to computer functionality such as disk drives including hard disk drives, smart card readers, scanners, keyboards, printers, imaging devices, etc. are referred to as peripheral devices.
The invention provides a unique method for distribution of piracy-protected software. The method relies on a peripheral device such as a smart card to unlock software in order to permit execution thereof. The smart card is a credit card sized electronic device comprising memory, a processor and an interface. The processor provides for predetermined and/or flexible execution of software within the smart card. The memory comprises RAM for use during software execution and ROM for long term storage of information. Preferably, some electrically erasable ROM is provided to allow for reprogramming of the smart card. A smart card is a suitable storage medium for storing data related to an authorised use of a software application. The data are stored in ROM within the smart card and the ROM are only accessible to the software application. Such a smart card is immutable and therefore, prevents software piracy. As such, only an individual with the smart card for a particular software package may execute the software. In an embodiment, each software application is customised to operate with only one unique smart card thereby restricting use of the application to systems in communication with the one unique smart card.
In a further embodiment, the smart card is provided with security such as a password or biometric information verification to prevent theft of the software or unauthorised use thereof. Though the method according to the invention is described with reference to fingerprint registration, it is applicable to other biometric information and methods of user authentication using that biometric information. An individual's biometric information in the form of a fingerprint, retinal scan, palm print, voice print, etc. from a biometric information source in the form of a fingertip, eye, hand, voice, etc. is captured using a biometric information input device in the form of a contact imager, eye scanner, or a microphone. Contact imager, as described above, are known in the art of electronic security. Using a contact imager, a fingerprint is digitised and, using a processor, the digitised fingerprint is characterised. Characterisation of fingerprints is known in the art of fingerprint analysis and, in general involves extracting features in a substantially global reference frame for comparison against template features.
The characterised digitised biometric information is registered with stored templates to locate a template that, within a predetermined level of security in the form of a predetermined false acceptance rate, matches the characterised information. When a match is detected, the individual is identified and a corresponding action is performed. Alternatively, when identification is not necessary the individual is authenticated. Some known actions performed based on biometric authentication include system access, unlocking a door, logging access, providing personal information, billing an individual, etc. Referring to
Such a software package is not easily pirated. Either the software instructions requiring the presence of the smart card are removed, or the smart card is duplicated. Neither of these is easily accomplished. Therefore, simple drag and drop piracy is prevented greatly reducing the amount of piracy. Further, pirated copies are more easily detected for enforcement of copyright in software.
The software application 20 is installed on a computer 10 to which a smart card reader 30 is connected. In order to execute the software application 20 the smart card 40 is inserted into the smart card reader 30 in order to validate an authorised use of the software. The validation occurs during start up of the software application 20 or every so often during start up or normal use. The validation merely verifies a presence of the smart card 40 associated with the software application 20. When the correct smart card 40 is not present, the user is prompted to insert the correct smart card 40 and software execution is paused until the correct smart card 40 is detected.
Optionally, a processor is disposed within the smart card reader 50. Fingerprint information is received from the contact imager 60 and compared with fingerprint information transmitted from the smart card 40 using the processor disposed within the smart card reader 50 to produce a comparison result. If the comparison result is indicative of an authorised user of the software application 20, data indicating an authorised use of the software application are transmitted from the smart card 40 via the smart card reader 50 to the computer 10.
Alternatively, security is further enhanced by encrypting the data indicating an authorised use of the software application 20 with asymmetric encryption using the processor 42 of the smart card 40 prior to the transfer to the computer 10. Using the processor 42 of the smart card 40 for encryption provides a secure communication link for transferring the data and allows alterations to the encryption key for each data transfer, thus preventing tampering with the data.
In another embodiment according to the invention the smart card reader 30 and the contact imager 60 are included in a computer pointing device such as a mouse.
Optionally, the smart card reader 50 and the contact imager 60 are disposed within a keyboard connected to the computer 10.
Further optionally, the smart card reader 50 is included in a track pad, wherein the pointing device of the track pad is used as a capacitive contact imager to provide fingerprint information.
The system shown in
The method shown in
Alternatively, some of the additional data and some commands for execution on a processor are programmable by an authorised user. For example, a system administrator programs smart cards for use by employees of a company with a time limitation in order to prevent the employees from using the software application outside their work hours.
It is evident to those of skill in the art that prompting a user is realised in different ways depending on design criteria. One embodiment is to prompt the user for biometric information only during the installation of the software and to require a presence of a smart card during execution. This embodiment protects a software application from piracy and increases user convenience by prompting only once for biometric information but it allows execution of the software application to any user in possession of the smart card. Other methods include prompting a user for biometric information at the start-up of the software application and/or during the execution of the software application. Prompting during the execution of the software application is performed according to one of the following methods: one prompt at the beginning of software execution, several prompts at intervals during the use of the software application, and after breaks in use of the software application. Prompting the user several times during execution of a software application creates user inconvenience but may be desirable, for example in computer networks, to prevent unauthorised use of a software application on a workstation within the network. When user authorisation information in the form of biometric information is to be provided frequently, transparent biometric data collection, i.e. the user is identified by collecting biometric information such as voice recognition, facial recognition, keystroke intervals etc., avoids the inconvenience of a plurality of pauses in software application execution and prompts during the pauses which increase user convenience.
As is evident to those of skill in the art, there are numerous methods to distribute a piracy protected software application according to the invention. For example a user sends biometric information to a software provider. The software provider then customises the software application by packaging the biometric information in a smart card and sends the software application together with the smart card to the user. The software application is executed only in presence of the smart card and the biometric information provided by the user. In another method a software provider sells the software application together with a smart card, the smart card comprising write once ROM. Upon installation, the user is prompted to store the biometric information in the smart card before completing same. Of course, when the smart card comprises rewritable ROM, the software application is transferable. It is evident to those of skill in the art, that because the smart card is needed to execute the software application, a number of executable copies of a software application is effectively limited to a number of interworking smart cards.
Alternatively, a software provider distributes a software application together with a smart card for a trial period and provides a user after registration with a registration file which is stored in the smart card.
Numerous other embodiments may be envisaged without departing from the spirit and scope of the invention.
|Cited Patent||Filing date||Publication date||Applicant||Title|
|US4658093||Jul 11, 1983||Apr 14, 1987||Hellman Martin E||Software distribution system|
|US4683553||Feb 5, 1986||Jul 28, 1987||Cii Honeywell Bull (Societe Anonyme)||Method and device for protecting software delivered to a user by a supplier|
|US4791565||Jun 20, 1984||Dec 13, 1988||Effective Security Systems, Inc.||Apparatus for controlling the use of computer software|
|US5260999||Sep 15, 1992||Nov 9, 1993||Digital Equipment Corporation||Filters in license management system|
|US5495411||Dec 22, 1993||Feb 27, 1996||Ananda; Mohan||Secure software rental system using continuous asynchronous password verification|
|US5509070||Dec 15, 1992||Apr 16, 1996||Softlock Services Inc.||Method for encouraging purchase of executable and non-executable software|
|US5566327 *||Jul 8, 1994||Oct 15, 1996||Sehr; Richard P.||Computerized theme park information management system utilizing partitioned smart cards and biometric verification|
|US5615061||Sep 29, 1994||Mar 25, 1997||Singh; Jitendra K.||Method of preventng software piracy by uniquely identifying the specific magnetic storage device the software is stored on|
|US5625690||Nov 15, 1993||Apr 29, 1997||Lucent Technologies Inc.||Software pay per use system|
|US5692917||Apr 18, 1996||Dec 2, 1997||Trw Inc.||Computer hardware insert device for software authorization|
|US5745879||Sep 6, 1995||Apr 28, 1998||Digital Equipment Corporation||Method and system for managing execution of licensed programs|
|US5754646||Jul 19, 1995||May 19, 1998||Cable Television Laboratories, Inc.||Method for protecting publicly distributed software|
|US5757907||Apr 25, 1994||May 26, 1998||International Business Machines Corporation||Method and apparatus for enabling trial period use of software products: method and apparatus for generating a machine-dependent identification|
|US5790663||Mar 28, 1996||Aug 4, 1998||Advanced Micro Devices, Inc.||Method and apparatus for software access to a microprocessor serial number|
|US5790668||Dec 19, 1995||Aug 4, 1998||Mytec Technologies Inc.||Method and apparatus for securely handling data in a database of biometrics and associated data|
|US5796824||Feb 20, 1996||Aug 18, 1998||Fujitsu Limited||Storage medium for preventing an irregular use by a third party|
|US5841868||Sep 21, 1993||Nov 24, 1998||Helbig, Sr.; Walter Allen||Trusted computer system|
|US5848231||Dec 24, 1996||Dec 8, 1998||Teitelbaum; Neil||System configuration contingent upon secure input|
|US5893910||Jan 4, 1996||Apr 13, 1999||Softguard Enterprises Inc.||Method and apparatus for establishing the legitimacy of use of a block of digitally represented information|
|US5923884 *||Aug 30, 1996||Jul 13, 1999||Gemplus S.C.A.||System and method for loading applications onto a smart card|
|US5933498||Nov 5, 1997||Aug 3, 1999||Mrj, Inc.||System for controlling access and distribution of digital property|
|US6044471 *||Jun 4, 1998||Mar 28, 2000||Z4 Technologies, Inc.||Method and apparatus for securing software to reduce unauthorized use|
|US6067621 *||Oct 6, 1997||May 23, 2000||Samsung Electronics Co., Ltd.||User authentication system for authenticating an authorized user of an IC card|
|US6087955||Jul 29, 1998||Jul 11, 2000||Litronic, Inc.||Apparatus and method for providing an authentication system|
|US6134659 *||Nov 16, 1999||Oct 17, 2000||Sprong; Katherine A.||Controlled usage software|
|US6314409||Oct 26, 1998||Nov 6, 2001||Veridian Information Solutions||System for controlling access and distribution of digital property|
|US6655585 *||May 10, 1999||Dec 2, 2003||Citicorp Development Center, Inc.||System and method of biometric smart card user authentication|
|US7366918 *||May 14, 2004||Apr 29, 2008||Microsoft Corporation||Configuring and managing resources on a multi-purpose integrated circuit card using a personal computer|
|US7552340 *||Oct 30, 2007||Jun 23, 2009||Trek 2000 International Ltd.||Method and apparatus of storage anti-piracy key encryption (SAKE) device to control data access for networks|
|US20030149877 *||Dec 27, 2002||Aug 7, 2003||Winbond Electronics Corporation||Smart card with keypro function|
|US20050091507 *||Oct 22, 2004||Apr 28, 2005||Samsung Electronics Co., Ltd.||Method and apparatus for managing digital rights using portable storage device|
|US20050139685 *||Jul 6, 2004||Jun 30, 2005||Douglas Kozlay||Design & method for manufacturing low-cost smartcards with embedded fingerprint authentication system modules|
|US20050144446 *||Dec 20, 2004||Jun 30, 2005||Canon Kabushiki Kaisha||Authentication method, program for implementing the method, and storage medium storing the program|
|US20050216739 *||Mar 29, 2005||Sep 29, 2005||Samsung Electronics Co., Ltd.||Portable storage device and method of managing files in the portable storage device|
|US20050216763 *||Mar 28, 2005||Sep 29, 2005||Samsung Electronics Co., Ltd.||Method and apparatus for playing back content based on digital rights management between portable storage and device, and portable storage for the same|
|1||Harvey, Mike. "Why veins could replace fingerprints and retinas as most secure form of ID." Times Online Nov. 11, 2008, 2 pages .|
|2||Harvey, Mike. "Why veins could replace fingerprints and retinas as most secure form of ID." Times Online Nov. 11, 2008, 2 pages <http://technology.timesonline.co.uk/tol/news/tech—and—web/articles5129384.ece>.|
|3||Sanderson, "Distributed file systems: stepping stone to distributed computing," LAN Technology, May 1991, 7(5), 41-50.|
|Citing Patent||Filing date||Publication date||Applicant||Title|
|US20150033307 *||Jul 14, 2014||Jan 29, 2015||Koji Ishikura||Information processing apparatus and information processing system|
|U.S. Classification||726/20, 726/7, 726/19, 726/27, 726/9, 713/186|
|International Classification||G06F21/00, G06F21/22, H04L9/32, G06F7/04|
|Cooperative Classification||G06F21/32, G06F21/123, G06F21/10|
|European Classification||G06F21/10, G06F21/32, G06F21/12A2|
|Mar 17, 2011||AS||Assignment|
Owner name: ACTIVCARD IRELAND LIMITED, IRELAND
Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:DEW ENGINEERING AND DEVELOPMENT LIMITED;REEL/FRAME:025977/0055
Effective date: 20020830
|Nov 1, 2011||CC||Certificate of correction|
|Jun 26, 2012||CC||Certificate of correction|
|Sep 24, 2015||FPAY||Fee payment|
Year of fee payment: 12