CA2308755A1 - Reconfigurable secure hardware apparatus and method of operation - Google Patents
Reconfigurable secure hardware apparatus and method of operation Download PDFInfo
- Publication number
- CA2308755A1 CA2308755A1 CA002308755A CA2308755A CA2308755A1 CA 2308755 A1 CA2308755 A1 CA 2308755A1 CA 002308755 A CA002308755 A CA 002308755A CA 2308755 A CA2308755 A CA 2308755A CA 2308755 A1 CA2308755 A1 CA 2308755A1
- Authority
- CA
- Canada
- Prior art keywords
- hardware apparatus
- computer system
- code
- unique identification
- level
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 238000000034 method Methods 0.000 title claims abstract description 63
- 238000013475 authorization Methods 0.000 claims description 16
- 230000004224 protection Effects 0.000 claims description 15
- 238000004891 communication Methods 0.000 claims description 14
- 230000006870 function Effects 0.000 claims description 7
- 238000012546 transfer Methods 0.000 claims description 3
- 238000004806 packaging method and process Methods 0.000 claims 1
- 238000004519 manufacturing process Methods 0.000 description 36
- 238000010586 diagram Methods 0.000 description 11
- 230000008569 process Effects 0.000 description 10
- 230000008901 benefit Effects 0.000 description 9
- 238000012795 verification Methods 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 5
- 229940022416 quickflex Drugs 0.000 description 4
- 238000003860 storage Methods 0.000 description 4
- 238000012360 testing method Methods 0.000 description 4
- 230000000295 complement effect Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- DIWRORZWFLOCLC-UHFFFAOYSA-N Lorazepam Chemical compound C12=CC(Cl)=CC=C2NC(=O)C(O)N=C1C1=CC=CC=C1Cl DIWRORZWFLOCLC-UHFFFAOYSA-N 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000013479 data entry Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 238000002592 echocardiography Methods 0.000 description 1
- JEIPFZHSYJVQDO-UHFFFAOYSA-N ferric oxide Chemical compound O=[Fe]O[Fe]=O JEIPFZHSYJVQDO-UHFFFAOYSA-N 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- AMEKQAFGQBKLKX-UHFFFAOYSA-N oxycarboxin Chemical compound O=S1(=O)CCOC(C)=C1C(=O)NC1=CC=CC=C1 AMEKQAFGQBKLKX-UHFFFAOYSA-N 0.000 description 1
- 230000008672 reprogramming Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 230000001755 vocal effect Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/73—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information by creating or determining hardware identification, e.g. serial numbers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/006—Identification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2207/00—Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F2207/72—Indexing scheme relating to groups G06F7/72 - G06F7/729
- G06F2207/7219—Countermeasures against side channel or fault attacks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2211/00—Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
- G06F2211/007—Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
- G06F2211/008—Public Key, Asymmetric Key, Asymmetric Encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2117—User registration
Abstract
A system and method of ensuring that a hardware apparatus in a data-link system can be operated only by an authorized user. The method comprises the steps of assigning (14) a unique identification number (32) to the hardware apparatus (34), generating (16) at least one security information set (30) for the hardware apparatus which is based on the unique identification number of the hardware apparatus, distributing to an authorized user at least one data string from which the security information set for the hardware apparatus can be derived to functionally enable the hardware apparatus, and inputting the data string into the hardware apparatus to either disable at least one level of functionality of the hardware apparatus if an incorrect security information set is derived from the data string, or to enable at least one level of functionality of the hardware apparatus if a correct security information set is derived from the data string.
Description
WO 99121094 PCT/US98/2Z062 _ RECONFIGURABLE SECURE HARDWARE APPARATUS..
AND METHOD OF OPERATION
TECHNICAL FIELD OF THE TNVFNTT(~N
This invention relates generally to the field of computer hardware apparatus configuration and more specifically to a system and method of programming and reprogramming a computer hardware apparatus utilizing an encryption key system.
,0 BACKGROUND OF THE NVEIVTTTnm Computer systems today incorporate and interface with a growing number of other devices. Ascertaining with a measure of accuracy that the interface 15 established is between an authorized party or device is often desirable to ensure proper use of computer hardware, software and data.
Solutions have been developed to ensure that data transferred between persons utilizing a computer 20 is only available to authorized parties. One such method of ensuring proper authorization is public key cryptography. Public key cryptography utilizes an encryption key set consisting of two keys. Generally available software can encrypt computer files using 25 either of the keys, such that the computer files are inoperable and unreadable until decrypted. Generally available software can similarly decrypt such encrypted files as long as a user can provide the appropriate complement to the key used to encrypt the 30 files.
SUBSTITUTE SHEET (RULE 26y Each key in the encryption/decryption key set ' can be used to encrypt data and its complement key can be used to decrypt data. However, it can be very difficult and very time consuming to determine one key in the set from knowledge of the other. This fact allows a user to make one key of the set public so that others can use this "public key" to encrypt messages prior to sending them to the user. The user keeps the complement, or "private key", secret so that only the user has the means to decrypt messages sent by someone using the public key.
Conversely, a user may use the private key to encrypt a message to be sent to another person. The message can only be decrypted if the recipient has access to the public key. In this way, the recipient can be assured that the author of the message was the holder of the private key. Additionally, if the sender of the message has disclosed the public key to only a small set of recipients, the sender of the message can be reasonably assured that only the intended recipients can decrypt the message, provided that care is taken to limit access to the decryption key.
Software providers can use this same encryption technology to control access to software. programs.
By encrypting files with one key, and providing the other key on a limited basis, software providers can prevent unauthorized use or copying of their product.
The above solutions, however, only address controlling access to data or a set of software objects. They fail to address security issues SU9ST1TUTE SHEET (RULE 26) surrounding computer peripherals and their interfaces.
One such peripheral is a Personal Computer Memory Card International Association (PCMCIA) card.
These computer cards meet the minimum compliance requirements of the PCMCIA standard (which is hereby incorporated by reference). PCMCIA cards are typically used to add functionality or memory to a personal, portable, or desktop computer ;i.e., host 10 computer), as described in the PCMCIA Standard. Many types cf PCMCIA cards are available, including input/output (I/O) PCMCIA cards that transfer data between a host computer system and an I/O bus, and data acquisition PCMCIA cards. Typically, data 15 acquisition cards receive and digitize analog information from sensors and temporarily store the information before transferring it to the host computer.
A typical PCMCIA card includes a standard PCMCIA
20 connector connected to a PCMCIA interface circuit through a standard PCMCIA bus. The PCMCIA interface circuit operates according to the standard PCMCIA
protocol to send data to and receive data from a host computer. The typical PCMCIA card also may include a 25 PCMCIA card controller that sends data to and receives data from the PCMCIA interface circuit and controls the operation of the functional hardware on the card. For example, if the PCMCIA card is a memory card, then the functional hardware is memory 30 (e.g., a bank of random access memory (RAM) chips or SU8ST1TUTE SHE~T (PULE 26) 4 PCTIUS98/22062 _ a hard disk drive) and the PCMCIA card controller controls reading and writing to the memory.
PCMCIA card controllers and interface circuits can be implemented as hardwired logic or as 5 programmable logic (e. g., one or more field programmable gate arrays (FPGAs). The programmable architecture of FPGAs is provided through programmable logic blocks interconnected by a hierarchy of routing resources. The devices are 10 customized by loading programming data into internal static rnem~ry cells. FPGA programming data are design-specific data that define the functional operation of the FPGA's internal blocks and their interconnections. Typically, when a PCMCIA card, 15 having the PCMCIA card controller and interface circuit implemented in an FPGA(s), is inserted in an operating (i.e., powered) host computer or is inserted in a powered down host computer that is then powered-up, the FPGA is programmed with FPGA
20 programming data stored in non-volatile memory (e. g., EPROM, EEPROM, Flash memory, etc.) on the PCMCIA
card. However, the memory required to store the FPGA
programming data generally consumes a measurable area of the PCMCIA card which could be used to provide 25 other functions within the PCMCIA card.
Additionally, since these cards are highly pilferable, security protocols should be established to ensure authorized use and programming of these configurable computer hardware devices, especially if 30 the device is intended to be used for and contains key information used to protect data or data access.
SUBSTITUTE SHEET' (RULE 26) WO 99/21094 PCT/US98/22062 _ Thus there is a need for an improved system and method of ensuring authorized and secure uselof a computer hardware apparatus.
There is also a need for an improved system of 5 ensuring authorized and secure programming of configurable computer hardware apparatus.
Additionally, there is a need for an improved system of ensuring authorized and secure programming of re-configurable computer hardware apparatus.
10 There is also need for an improved system of ensuring authorized and secure communication between re-configurable computer hardware appara~us and host computer systems.
Moreover, there is a need for a system of 15 preventing unauthorized execution of software programs on unauthorized hardware apparatus.
There is also a need for a system that fulf ills each of the described needs together in a single system solution.
SUBSTITUTE SHEET (RULE 26) WO 99121094 PCTIUS98/22062 _ SUMMARY OF INVENTION
The present invention provides a system and method for reconfiguring a secure hardware apparatus in a data-link system, wherein a data link system, 5 comprises a plurality of objects which exchange data, that substantially eliminates or reduces disadvantages and problems associated with previously developed systems and methods for reconfiguring hardware apparatus.
More specifically, the present invention provides a system and method of ensuring that a hardware apparatus in a data-link system can be operated cr.ly by an authorized user. The method comprises the steps of assigning a unique number, 15 possibly a serial number, to the hardware apparatus, generating at least one key or key set for the hardware apparatus which is based on the unique serial number of the hardware apparatus, distributing to an authorized user at least one data string from which the key set for the hardware apparatus can be derived to functionally enable the hardware apparatus, and inputting the data string into the hardware apparatus to either disable at least one level of functionality of the hardware apparatus if 25 an incorrect key set is derived from the data string, or to enable at least one level of functionality of the hardware apparatus if a correct key set is derived from the data string.
Additional embodiments of the reconfigurable 30 secure hardware apparatus of the present invention provide a method and system to ensure that the SUBSTITUTE SHEET (RULE 26) hardware apparatus can be utilized only by an authorized computer system or group of computer systems and a method and system for ensuring that the reconfigurable secure hardware apparatus can be 5 programmed only by an authorized user utilizing an authorized host computer system.
A further embodiment of the present invention ensures that neither the reconfigurable secure hardware apparatus nor the host computer system will .0 alone have sufficient information to allow a person who has obtained access to only one of either of the host computer system or the reconfigurable secure hardware apparatus to successfully operate the reconfigurable secure hardware apparatus with another 15 unauthorized computer system.
In a still further embodiment of the present invention, a portion of an encrypted code is recorded in a memory location within the reconfiaurable secure hardware apparatus and another portion cf the 20 encrypted code is recorded in the host computer.
This prevents an unauthorized person who obtains access to either the reconfigurable secure hardware apparatus or the host computer database, from discovering more than a portion of the correlating 25 relationship between an account number and the related personal serial number. The present invention also provides for the use of a changeable personal encryption key stored in a memory location.
A further embodiment of the present invention can 30 store multiple keys, one for each key set encompassed by the present invention. The storage takes place in SUBSTITUTE SHEET (RULE 26) WO 99/21094 PCT/US98/22062 _ an extension of the standard CIS (Card Information Structure) storage space of the PC-card.
Accordingly, it is an object of this invention to substantially improve the security protocols of a 5 computer hardware apparatus. A technical advantage of the present invention is that it provides a personal identity verification method wherein only part of the information necessary to correlate an account number to characteristic information is 10 available at any one accessible place within the terminal. system.
Another technical advantage of the present invention is that it can store an encrypted typed in password for apparatus operation authorization for 15 the entire device key sets, or additional passwords for individual key sets, that may be chosen by the user.
A still further technical advantage of the present invention is the combination of the ability 20 to prevent softcaare piracy and the ability to allow secure user communication via accelerated encryption in a single device.
SUBSTTTUTE SHEET (RULE 26) WO 99/21094 PCTIUS98/22062 _ BRIEF DESCRIPTION OF THE D~,B, TW_NCS
A more complete understanding of the present invention and advantages thereof may be acquired by referring to the following description taken in 5 conjunction with the accompanying drawings in which like referAnce numbers indicate like features and wherein:
FIGURE 1 is a system overview of one embodiment of the reconfigurable secure hardware apparatus of the present invention;
FIGURE 2 is a flow diagram of a method of assigning manufacturing key sets;
FIGURE 3 is « flow diagram of a user registration process according to one embodiment of the present invention;
FIGURE 4 is a flow diagram of a method of registration of software to enable the ~ase of the reconfigurable secure hardware apparatus of the present invention for piracy protection;
FIGURE 5 is a description of a method of machine registration;
FIGURE 6 is a flow diagram of a QARD plug-in procedure according to one embodiment of the present invention;
25 FIGURE 7 is a description of a method of password protection according to one embodiment of the present invention; and FIGURE 8 is diagram illustrating an embodiment of the reconfigurable secure hardware apparatus of the present invention.
SUBSTITUTE SHEET (RULE 26) IO
FIGURE 9 is a diagram illustrating a functional block of the reconfigurable computer hardware apparatus.
SUBSTITUTE SHEET (RULE 26) WO 99/21094 PCT/US98l22062 DETAILED DESCRIPTION OF THE INVE,NTTON _ Several embodiments of the present =nvention are described in detail below and in the FIGUREs, =ike numerals being used to refer to like and 5 corresponding parts of the various drawings.
However, ~,. should be understood that various changes, substitutions and alterations can be made hereto without departing from the spirit and scope of the inventicn.
.0 The present invention can be implemented using detachable cards teat are operable to be used on various c~mputi.~.g devices. For example, a detachable card could be used on a personal computer through a PCMCIA slot. The following description refers to i5 detachable cards used for personal computers (hereafter called "PC-Cards"), but the present invention can be applied to other types of computing devices as well.
One example of a PC-Card that could implement 20 the present invention is a reconfiaurabie secure hardware apparatus, or Reconfigurable-Computing (RC) card, such as those designed by QUICKFLEX INC., of Austin, Texas. Quick Qard Technology (QQT? is comprised of a family of several PC-Card products 25 that allow different software applications to define the hardware within the PC-Card specific for each application at the time that it is executed. These RC PC-Cards are nicknamed "QUICK QARDS" or "QARDS"
and can be used for a variety of standard or custom 30 interfaces, as well as for hardware accelerating software applications. Applications that can benefit SUBSTITUTE SHEET (RULE 26) from QQT include personal digital assistant interfaces, PC interfaces, industrial, emulation, video, audio, encryption, computer games, etc.
The security features of the reconfigurable 5 secure hardware apparatus of the present invention described herein can be used for access or piracy protection of third-party software. This third-party software may be comprised of configuration files of hardware apparatus for use within the PC-Cards, or i0 may be aeneral software not targeted to use the reconfigurable computing aspects of the PC-Cards.
The securit~~ features of the present invention can be implemented as a security system that can be adapted to other types of implementations beyond the QQT
15 products.
Protection of files containing documents, data, executable code, interpretive code or other intellectual property or information which must be protected is achievable using the described security 20 features of the present invention. Protection can be achieved by the use of various sets of public keys.
Half of each of the public key sets are stored in the PC-card, which is detachable and thus physically protectable, and half can be stored on the host 25 computer system. Additional security levels of flexible software defined adaptable encryption/decryption algorithms and flexible reconfigurable hardware implementable encryption/decryption algorithms can be implemented 30 within the reconfigurable computing PC-card that allow for customization of the security features.
SUBSTtTUTE SHEET (RULE 2B) For purposes of a complete understanding of the scope of the present invention, although reference is made to encryption/decryption algorithms, it should be clear that these are algorithms that are implemented in the reconfigurable computing functional circuits described more completely below for the purpose of hardware accelerating said algorithms. This may be separate from 'check word' algorithms implemented for the 10 purpose of enabling the different levels of security.
The later is used to enable the present invention to perform the final functionality of the reconfigurable computing platform for the device.
FIGURE 1 shows a system overview of one 15 embodiment of the present invention that provides protections for information in any form, whether to be kept internal or to be shipped externally, for individual users, groups of users and organizations.
FIGURE 1 demonstrates how Quick Qards 1, when used 20 with Anti-Piracy Software 3 and/or Communications &
Data Security software 5, result in a Secure Qard system 7. This Secure Qard system 7 can be further used with encryption/decryption key management and authentication software 9 to form an overall Quick 25 Secure system 11.
FIGURE 2 is a flow diagram for a method of assigning unique manufacturing key sets 30 to individual hardware apparatuses 34. Manufacturing key sets 30 can be used to ensure authorized feature 30 enablement of the various features offered by Quick Secure system 11 of FIGURE 1. At step 14 of SUBSTTtUTE SHEET (RUtE 26) FIGURE 4, a unique manufacturing serial number 32 is assigned to each hardware apparatus 34 at manufacture. Unique manufacturing serial number 32 is programmed into the CIS non-volitile memory at manufacturing. The seed value for generating manufacturing key set 30 can be based on unique manufacturing serial number 32 or can be derived by a variety of other methods or algorithms. Step 15 of FIGURE 2 corresponds to manufacturing key set 30 being generated from unique manufacturing serial number 32. Manufacturing key set 30 is the first of the multiple key sets used by the reconfigurable secure hardware apparatus of the present invention and may be referred to as level-zero key set (LOKS) 36 as shown in step 16. Manufacturing key set 30 can be generated and programmed into hardware apparatus 34 at the time it is manufactured. LOKS 36 comprises an encryption key (LOEK) 38 and decryption key (LODK) 40.
20 At step 18 of FIGURE 2 the unique manufacturing serial number 32 and the LODK 40 for a group of manufactured hardware apparatuses can be stored in step 18 in list file 42 for future use. Step 20 creates a registry data file 43 which comprises unique manufacturing serial number 32 and LOEK 38.
Registry data file 43 complements list file 42 in that LODK 40 and LOEK 38 must both be used to enable hardware apparatus 34. Registry data file 43 should be stored in a remote location from hardware 30 apparatus 34 to be accessed by the end user at a later time. This remote location may include a SUBSTITUTE SHEET (RULE 28) remote host computer system 86 as shown in step -50 of FIGURE 3 which may be accessed via a communication path such as the Internet.
It should be noted that a list of serial numbers 5 and key list for programming into the hardware apparatus could just as easily be generated in advance and given to the manufacturer so that generation of the information is no done on the site of a contract manufacturer who has no need for 0 knowledge cf the information that is not to be programmed into the physical hardware apparatus. At step 22, each hardware apparatus 34 is assigned a unique barcode 45 for manufacturing tracking purposes. Barcode 45 may be incorporated into list 1S file 42 and made to correspond to a particular unique serial number 32 and LODK 40 combination. Barcode 45 will ensure that the correct manufacturing serial number 32 and LODK 40 pair are programmed into hardware apparatus 34 during testing of hardware apparatus 34 in step 24. Following testing, hardware apparatus 34 can be packaged in step 26 with a certificate 46 containing the unique manufacturing serial number 32, LODK 40 and barcode 45. This will allow a hardware apparatus 34 designer to ensure that 25 a hardware apparatus 34 registered after purchase was authorized for manufacture by the designer to prevent manufacture of copies of the design by an unauthorized manufacturing house. In step 28 the product is shipped.
30 During product registration and enablement, which can occur by mail, e-mail, or other electronic SUBSTITUTE SHEET (RULE 26) means, unique manufacturing serial number 32 and LOEK
38 (or the manufacturing encryption public key of the set) can be given back to the card designer. This allows the registration information to be checked 5 against registry data file 43 (which comprises a list of approved manufactured PC-Cards) for validity.
Also, a card designer can ascertain if a given PC-Card has been previously registered to insure that no un-authorized PC-Card copies with copies of the CIS
.0 are being manufactured, as each PC-Card should have a unique code.
FIGURE 3 illustrates one potential registration process for the present invention. In step SO a communication data patr. is established between a 15 local computer system 84 and a host computer system 86 wherein hardware apparatus 34 is installed in the local computer system 84. The communication data path may take the form of an Internet connection to a "QUICKFLEX" website. A software object operating 20 within host computer system 86 may offer the user a variety of options concerning hardware apparatus 34 wherein the user can select to register the hardware apparatus 34 with the designer in step 52.
Step 54 of FIGURE 3 corresponds to a 25 registration process that can require the user to supply registration information 88 comprising name, email address, information regarding where the hardware apparatus 34 was purchased, and the like.
This will allow tracing back to the source of 30 unauthorized hardware apparatus 34 manufacturing.
Most importantly, the user will be prompted to supply SUBSTITUTE SHEET (RULE 26) WO 99/21094 PCT/US98I22062 _ either a certificate number which corresponds to.
barcode 45 of FIGURE 2 or to unique manufacturing serial number 32 and LODK 40.
In step 56 a check is performed to determine if 5 hardware apparatus 34 support software 90 is installed on local computer system 84. 3ased on the results of this check a decision is made in step 58 to either download and install the necessary software support 90 at step 60 or to proceed to step 62. Step 10 62 provides for establishing a secure link 92 between hardware apparatus 34 and host computer system 86 i~
software 90 is present on local computer system 84.
Secure ?ink 92 provides for the transfer of unique manufacturing serial number 32 and LODK 40 from a 15 programmed memory location within hardware apparatus 34 to host computer system 86.
At step 64 of FIGURE 3 the user is required to manually enter barcode 45 or the unique manufacturing serial number 32 and LODK 40 pair. At step 66, a 20 verification is performed on manually entered barcode 45 or unique manufacturing serial number 32 and LODK
40 pair against a copy of unique manufacturing serial number 32 and LODK 40 transferred from a programmed memory location within hardware apparatus 34. If the 25 verification fails the user is prompted with an error message at steep 68 to return to registration data entry process step 54. If the verification is successful, additional verifications are made in step 70 to verify that unique manufacturing serial number 30 32 is contained within registry data file 43 and in step 72 to verify that hardware apparatus 34 has not SUBSTITUTE SHEET (RULE 26) WO 99/21094 PCTIITS98/22062 _ been previously registered. Any problems associated .
with these verifications force the user ~o contact the designers concerning the registration error as shown in step 74 so that the problem can be identified and resolved.
Registry data file 45 is updated in step 76 of FIGURE 3 to include the information associated with unique manufacturing serial number provided in step 54. To further prevent misappropriation or 10 unauthorized use of hardware apparatus 34, step 78 generates a new LCKS 36 comprising a new LODK 40 and a new LOEK 33. At step 80, a secure link is again established between hardware apparatus 34 and host computer system 86 allowing host computer system 86 to reprogram new LODK 40 into a memory location of hardware apparatus 34. A new LOEK 38 is also downloaded to the user that can be recorded on certificate 46 or programmed directly into a memory location of hardware apparatus 34. Registry data file 43 is also updated with the new LOKS 36 in step 82.
An important technical advantage associated with the present invention allows a software vendor to prevent unauthorized use of its proprietary software.
Software or configuration file vendors or authors can use the LOKS 36 encryption key for providing an access code for licensing or allowing their Intellectual Property (IP) contained in virtual hardware objects for the RC system to be accessed by 30 one and only one Secure Qard user. They may also limit the time span in which their IP is accessible SUBSTITUTE SHEET (RULE 28) or limit the number of times their IP is accessible to the user with other security provisicns. Vendors can also use an on-line card designer's public key listing of users, provided that users allow this at S registration time, to verify that a given user is registered for utilizing the secure authorization code.
FIGURE 4 is a flow diagram of a method of registration of software to enable the ~~;se of the i0 current inventicn for software piracy protection.
The user establishes a communication path in step 90 via the Internet or other means between local computer syrstem 84 containing hardware apparatus 34 and a vendor (host) computer system 86. In step 92, 15 the user is prompted by software vendor computer system 86 to select an option allowing the user to register a software application 434. Step 94 requires the user to supply registration information 120 which may be comprised of name, emaii address, 20 information regarding where software application 434 was purchased, the unique software registration number 124 and the like to vendor computer system 86.
Vendor computer system 86 can access unique manufacturing serial number 32 of hardware apparatus 25 34 directly from a memory location within hardware apparatus 34 as shown in step 96. In step 98, vendor computer system 86 establishes a communication path to software registry database 122. Software registry database 122 may be contained in a third computer 30 system 424 and can comprise a website, such as QUICKFLEX INC.'s registry website. At step 102, SUBSTITUTE SHEET tRULE 26) WO 99121094 PCT/ITS981Z2062 _ unique software registration number 124 ~.s submitted to the third computer system 424 software registry database 122.
In step 104 unique software registration number 5 124 is compared to the entries in software registry database 122 to determine if it is a valid unique software registration number 124. If unique software registration number 124 is not valid, an error message will be generated at step 106 that is echoed 10 by ;rendor computer system 86 to the user in step 108.
If unique software registration number '_24 is valid, vendor computer system 86 can supply a software authorization code 326 in step 110 to be sent to third computer system 424.
15 At step 112, third computer system 424 generates a software run code 128 for hardware apparatus 34.
Software run code 128 is transmitted to vendor computer system 86 which echoes it to hardware apparatus 34. Software run code 128 can allow the 20 vendor software to be installed on the ocal computer system or the vendor software can verify the presence of software run code 128 on hardware apparatus 34 before executing the vendor software. Both the authorized installation of the vendor software on a 25 given local computer system 32 and the authorized execution of the vendor software are thus ensured.
At step 116, a counter 750 counts upward by one for each software run code 128 sent to vendor computer system 86 to account for possible royalty 30 payments. In step 118, software vendor computer SUBSTITUTE SHEET (RULE 26) WO 99/21094 PCT/US9$/22062 system 86 sets a license in place for the user to use the software.
An important technical advantage associated with the present invention allows hardware apparatus 34 to 5 be operated not only by a specific user but also only on a specific local computer system 84. vocal computer system 84 may comprise a group of individual computers. FIGURE 5 is a method of ensuring that hardware apparatus 34 is utilized only by authorized 10 local computer systems 84. FIGURE 5 uses the QUICK
QARD system of FIGURE 1 for illustrative purposes, but any secure hardware apparatus, reccnfigurable or not, of the present invention can be used instead.
Support software 90 of hardware apparatus 34 is 15 installed and executed on the local computer system 84. A communication path is established between hardware apparatus 34 and local computer system 84.
A verification is made to determine if hardware apparatus 34 is password protected. If so, a valid 20 password must be supplied before proceeding. Support software.90 will verify if unique manufacturing serial number 32 of hardware apparatus 34 is in a registry list 130 maintained on local computer system 84. If unique manufacturing serial number 32 of 25 hardware apparatus 34 is not in registry list 130, the user must register hardware apparatus 34. The list of authorized host ID's permutated with the unique serial number or key set information could also be stored within the EEPROM memory of the 30 apparatus for allowing apparatus enabling on a SU8ST1TUTE SHEET (RULE 26) particular machine as well. In this case the host IE
must be registered with the apparatus.
One such registration method is described in FIGURE 5. Both software and hardware must be 5 installed and registered for each computer in local computer system 84. This feature allows a PC-Card to be locked for use on one or a group of r-,achines.
Registration with a card designer can insure that if a LOEK 3B certificate or a password is forgotten or 10 lost, the PC-Card can be reprogrammed to erase the password and create a new manufacturing LOKS 36 for the PC-Card, or to program a recoverable SN & Keyset on the registered user's request. This -insures that no encrypted data may be compromised.
15 Memory space in the CIS memory device can be made available for the purpose of holding an encrypted password defined by the user. In such fashion, the present invention can insure that the PC-Card is only used by that user. This memory space 20 can be left cleared at test (all zero's; and can be enabled for password protection if the purchaser decides to activate that feature. Users may define any password they wish and the entry can then be encrypted using the LOEK 38 that resides on the 25 machine during the initial setup of the. PC-Card after purchase. When password checks are made, the encrypted password programmed into the PC-Card can be decrypted using LODK 40 and can be checked against the typed in value.
30 PC-Cards implementing the current invention can also be configured to only execute on a specific SUBSTITUTE SHEET (RULE 26) WO 99/21094 PCT/US98I22062 _ machine or group of machines with the use of _ passwords, thus making the PC-Card hardware of little use in the event it is stolen. FIGURE 5 provides a detailed description of one method of machine registration.
FIGURE 6 is a flow diagram of a QARD plug-in procedure according to one embodiment oz the present invention. Ir. step 150, hardware apparatus 34 is installed in a local computer system 84. A check is 10 performed in step 152 to determine the presence in local computer system 84 of the necessary support software 90. If support software 90 is not present, the QARD plug-ir. procedure terminates and the support software 90 must be installed before resuming with the QARD plug-in procedure.
Hardware apparatus 34 may be protected by a password and step 154 tests to determine if password protection is enabled. If password protection is enabled, the password must be provided -n step 156.
20 At step I58 the provided password is encrypted using LOEK 38. If the provided password matches the password stored in a memory location on hardware apparatus 34, then at step 160 the plug in procedure is allowed to proceed. Furthermore, hardware 25 apparatus 34 may be protected by a verification step, to verify authorization by local computer system 84, requiring the input of a match to unique serial number 174 provided by local computer system 84 (such as by a hard disk drive serial number). Hardware 30 apparatus 34's use is not permitted unless the unique serial number 174 inputted at step 162 matches the SUHSTiTUTE SHEET tRULE 26) unique serial number 174 stored in local computer system 84. Step 164 determines if the inputted serial :umber 174 is a match. If it is, than the QARD plug-in procedure is complete.
5 Unique serial number 174 is generated during the user registration process as described above for FIGURE 3. It can be stored either in hardware apparatus 34 memory or in local computer system 84 memory. If unique serial number 174 does not match w0 at step 164, then the user registration process of FIGURE 3 must be performed in steps 168-172 of FIGURE
5 to complete the QARD plug in procedure.
FIGURE 7 is a description of a method of password protection according to one embodiment of 15 the present invention which additionally is illustrated as part of the flow diagram presented in FIGURE 6. Steps 1S4-160 of FIGURE 6 correspond to this method of password protection.
FIGURE 8 illustrates another embodiment of the 20 reconfigurable secure hardware apparatus of the present invention. Reconfigurable hardware apparatus 100 interfaces with a host computer system 200 or with another hardware apparatus. Reconfigurable hardware apparatus 100 may be divided into three 25 modules, a configuration control module 300, a configuration status module 400 and a functional module 500. Host computer system 200 interfaces with reconfigurable hardware apparatus 100 by way of data input/output bus 202. Input/output bus 202 is shown 30 accessing four control data registers, 304a, 304b, 304c and 304d, inside configuration control module suesr~u~ sHeFr ~AUC.s 2s~
300 and two status data registers, 306a and 306b_, inside configuration status module 400. Control data registers 304a-304d provide a temporary storage location for data transmitted or received from data 5 input/output bus 202. While this embodiment of the reconfigurable secure hardware apparatus of the present invention has been described with four data registers, it can have more or less registers, as needed.
.0 Code Generator (CG) 310 accepts input data from data register 304b to generate a check data word.
The check data word generated by CG 310 can be LOKS
36. Multiple generated check words can be generated for different security features for enabling the 15 separate security features of the invention. Since the features described are security related, a process or algorithm for generating the check data words should be kept as a trade secret for an organization producing reconfigurable hardware 20 apparatus 100. The process chosen should yield as output check data words that are not easily determined from the input data to the process, which could be comprised of manufacturing serial number 32, and should have properties that output a pseudo-25 random sequence that is sufficient in length to not easily be guessed by trial and error.
The embodiment of the reconfigurable secure hardware apparatus of the present invention described herein is only one of many possible implementations 30 and is provided for illustrative purposes only. The focus of this embodiment of the present invention is SUBSTITUTE SHEET (RULE 26) the way in which CG 310 is used to realize the security features described. The check data words outputted by CG 310 can be checked with code comparator (CC) 312 against an input check value 5 stored in data registers 304c and 304d, which together comprise the Code Check Register (CCR) 314.
The input check value stored in CCR 314 can be comprised oz LOEK 38 and LODK 40 and can also be user inputted. CCR 314 can be a register having a length 20 equal to the iengLh of the CG 310 check data word output and can be written to allow an authorization check of the reconfigurable hardware apparatus 100 feature being used. Longer check data words may require multiple CCRs 314 if they extend beyond the 15 host computer system 200 data bus width. The values written to CCR 314 may be provided in several different manners depending on what feature of reconfigurable hardware apparatus 100 is being authorized.
20 CC 312 performs a bit-by-bit check of the CG 310 check data word output and the entered CCR 314 value to determine if the feature authorization check passes or fails. If the feature authorization check passes, CC 312 generates a high digital bit output (a 25 digital "1") and forwards it to configuration and control gates 318, which is comprised of a plurality of "AND" logic gates 700 corresponding to the plurality of features of reconfigurable hardware apparatus 100. These features include, but are not 30 limited to, product enable check 319, HDD ID enable SU6ST~TUTE SHEET (RULE 26) WO 99121094 PCT/US98/22062 _ Check 320, Flash write enable 322, password enable 324 and Configuration File Vendor Enable 326.
Control register 316 receives an input from host computer system 200 through data registers 304a and 304b to select one or more of the features of reconfigurable hardware apparatus 100. Based on the input received from data registers 304a and 304b, control register 316 will generate a high digital bit output (""'; as an input for the selected features 10 and a low digital bit output ("0"? as an input for alI the other features. The AND gates 700 for the selected features will therefore have two high digital b=t inputs and will output a high digital bit as an input to their corresponding pull-down 15 resistors 350 in configuration status module 400, thereby allowing access to the corresponding feature in functionality circuit 500 as directed by host computer system 200. The pull down resistors are necessary _~ it is possible that the Security Login 20 Module 300 disappears due to the module being implemented within the FPGA of the RC hardware apparatus 100.
In this manner, configuration status module 400 can be instructed to reprogram and enable the various 25 features of functionality circuit 500 depending on which features are so selected. Functional Module 500 may receive virtual hardware objects for performing applications specific tasks within the reconfigurable computing hardware apparatus FPGA.
30 Additionally, status data registers 306a and 306b can interface with host computer system 200 through data SUBSTITUTE SHEET (RULE 26) input/output bus 202 to communicate the configuration of functionality circuit 500 to host computer system 200.
Representative input check value sources for the 5 various features of reconfigurable secure hardware apparatus 100 for the various embodiments of the present invention are shown in the following table:
Security Feature: CCR 14 Source:
Product Operation finable 1 portion cf Product Enable Cert=~icate Code (After 1st authorization, the code is programmed into FLASH memory of the hardware apparatus for automated driver access) New Machine Operation 2nd portion of Product Registration Enable Cert'_yicate Code (never programmed into FLASH memorr of t he hardware apparatus, always required to be typed in) Machine Operation Enable Read by driver from a list of HDD codes entered in FLASH memory of the hardware apparatus and each checked until a match is found or the list is exhausted. The HDD ID's are obtainable by reading this list, as the values are the results of CG's of SUBSTITUTE SHEET (RULE 26) previously authoriz~d~
machines.
Password Operation Enable Read by the driver from the FLASH attribute memory and programmed into the CCR. The password is not obtainable =rpm looking at the CG result of the password.
Anti-Piracy Operation Written by application Enable (this feature may software program contain. a vendor defined specific CG different from what is used in QQT
features) FIGURE 9 provides a functional block diagram 400 of the reconfigurable computing hardware apparatus used to illustrate the reconfigurable computing 5 operations that the present invention makes possible.
EEPROM 410 provides CIS memory, key memory, and password storage functions. Programmable Logic Device 420, which may be an application specific integrated circuit provides interface/configuration/and status 10 register functions. In addition, the security feature circuit (block 300, FIGURE 8), which may be within FPGA 420 or within PLD configuration register 430, provides the necessary implementation for these functions. Field programmable gate array 420 SUBSTITUTE SHEET (RULE 26) implements security feature circuit functions of the present embodiment. Either a programmable logic device or field programmable gate array 420 may make possible the reconfigurable computing functional 5 circuits. Virtual hardware objects 500 of FIGURE 8, attentively, may also provide Chese functions. Host bus interface socket 440 includes a 68-pin PCMCIA
connector. Other components of FIGURE 9, including the various generic items such as oscillators 450, 10 expansion connectors 460 and 470, RAM 480, or other features provide the ability to apply the reconfigurable computing to a desired application.
The _o~liowina paragraphs provide a descr~.ption of several additional features and terms fcr the 15 different embodiments of the reconfigurable secure hardware apparatus of the present invention and their operation.
20 Level -One :Cey set . ; ~~ x. ~ ~ ~Jser Publ~ c KPv A L1KS space can be provided for a user to generate and define a key set specific for that user which is not registered with the card designer and is kept secret by the user. The L1KS can be stored just 25 like LOKS 36. Password space for a level-one password (L1PW) can also be allocated in the CIS and can execute in the same manner as the level-zero password (LOPW) .
The LIKS can be generated by the user and thus 30 there are no guarantees that the code is unique. The bit length can be long enough, however, to insure SU6STtTUTE SHEET (RULE 26) that it is improbable that the key set is in use by , another user. The bit length of this ke~r can differ in length from LOKS 36. The user public key _s a secure key set and may be changed by the user over time.
This key is useful when the information is intended only for the user. Even so, however, a further advantage of the present invention is that several PC-Cards may be programmed with the same LiKS
10 for project sharing access. The key set for the group could be common to all PC-Cards used by the group. An example of usage of this key is for encrypting and decrypting information regardi:.g a common project where access is required by multiple 15 project members. Members of the group may be local or remote and may securely exchange data utilizing this key.
Additional Key sets The present invention contemplates that the number of key sets can be expanded beyond the two sets defined in the above sections.
File Header Information This section describes how one embodiment of the present invention uses header information of an encrypted file which utilizes the security features of the present invention.
SUBSTITUTE SHEET (RULE 2B) A file header can contain the following -_ information in addition to the normal file header information normally found in files for a particular operating system. The present embodiment could wrap this additional header information around the information indicated.
The following is a description of an embodiment of the present invention implemented USING a QQT card of QUICKFLEX INC. with two encryption levels.
QQTSL: (0,1) Quick PC-Card Technology Security Level 0 or 1 KIND Kind of file AN The name of the encryption algorithm used in encrypting the file.
LnEK Level-n Encryption Key used for encrypting the file EMD Encrypted Message Data EFD Encrypted File Data OOTSL ( 1 or 1 ) : QUICK P~'-Ca;r~ Technology SP,~ur Level 0 or 1:
This information can indicate the security level of the key used for the encryption process. QQTSLO
and QQTSL1 correspond to the LOKS and L1KS, respectively, used in the PC-Card.
KIND: Kind of File This information indicates one of the following kinds of files:
SUHST1TUTE SHEET (RULE 26) WO 99/Z1094 PGT/US98/22062 _ QQT: model Quick PC-Card Technology configuration file for specified PC-Card model.
EXE: type Executable file for defined type of machine and operating system.
OTHER Other kind of file.
The QQT PCMCIA driver during a configuration load can automatically decrypt QQT files using the .. specified algorithm. During the load process by an application program, information in the file for a window message can be displayed indicating information the author wishes to be displayed and the user must respond to the window to continue 10 execution. Notices such as "QQT Module: name ~.s the property of Company XYZ and may not be sold or distributed without the prior written consent of Company XYZ". This enables the author to freely distribute hardware apparatuses for PC-Cards, 15 allowing possible developers who may be interested in licensing the hardware apparatuss the ability to evaluate the work prior to agreeing to license rights to the work. Encrypted configuration files may be encrypted for use only with certain PC-Cards to 20 protect against mass unauthorized distribution of the intellectual property. Generation of unique encrypted hardware apparatuss for target evaluation PC-Cards can be done automatically and transparently through a web site. The requesting party can be SUBSTtTUTE SHEET (RULE 26) WO 99/21094 PCT/US98I22062 _ required to have a PC-Card and register the PC-Card at the site in order to build an encrypted configuration file of the hardware apparatus for evaluation purposes.
AN: Algorithm Name Encryption algorithms used to encrypt or decrypt files can be changed over time. Groups of users or a software vendor may develop their own custom 10 algorithm. Algorithms may be executed as software or as hardware within a RC PC-Card, provided the RC PC-Card has enough gate capacity to execute the defined algorithm in hardware. For example, the QQT driver has a default algorithm built into it that is 15 executed in software as data is passed through the PC-Card for configuration file protection purposes.
Algorithms utilizing run time authorization codes, date expiration codes, or other access limits may utilize additional external information other 20 than that found in the encrypted file Lhat needs to be supplied by the source of the encrypted data for access.
suesTiru~ sHFF-r tRU~ Zs~
Level i 0 or 1 ) En ryt~t i ~~n K
This information is the Public Key encryption Key used for encrypting the file. This key can be originally supplied by a receiver and made public.
5 The key length can be derived from the QQT SECURE
FILE indication on the first line. It is included in the file so that an easy and fast determination of the target destination for the data can be verified.
i0 FMD: ~'ncr;.Tpted Message Data The EMD contains information regarding the contents o= the file that may be decrypted and looked at quicklfT without decrypting the entire EFD. For example, the EMD for a QQT configuration file is 15 displayed in a window whenever the file is loaded.
Certain algorithms may also utilize the ~MD to transmit an additional encrypted key for decr~~pting the EFD with a non -public key algorithm. In other words, the security system may use public key to 20 secretly transmit a separate secure key.
OFD: Encry~ted Fi1_e Data The EFD contains the encrypted file data including original operating system header 25 information.
Purchased Autho_r,_'zat,_'ons of Software An additional technical advantage the present invention is to allow flexibility for software 30 distributors. For example, the software distributor could freely distribute software or provide the SUBSTITUTE SHEET (RULE 26) software in a freely downloadable format to the_ public, but in order for the software to be executed, a valid authorization code must be present. The software vendor could create an authorization code 5 that corresponds to a specific PC-Card encompassing the present invention. Just as configuration files for the PC-Cards can be obtained via a web page, authorization codes to run software can be purchased via a web page. Each user would need only one PC-~0 Card to allow authorization of running any software utilizing r_he piracy aspects of the invention. Each software vendor may also define their own algorithms for protecting their software using the PC-Cards. A
machine could run the software as long as the 15 authorization codes for the particular QARD used in this system is present to validate the execution of the software. A further embodiment of the invention would allow a database of authorized QARD users to be made available to software vendors.
20 A further embodiment of the invention cculd use RC aspects of a PC-Card in order to allow the user to define hardware encryption / decryption algorithms that could be changed over time.
Although the present invention has been 25 described in detail herein with reference to the illustrative embodiments, it should be unders~ood that the description is by way of example only and is not to be construed in a limiting sense. It is to be further understood, therefore, that numerous changes 30 in the details of the embodiments of the invention and additional embodiments of the invention will be SU6STITUTE SHEET (RULE 26) apparent to, and may be made by, persons of ordinary skill in the art having reference to this descriFtion. It is contemplated that all such changes and additional embodiments are within the 5 spirit and true scope of the invention as claimed below.
SUBSTITUTE SHEET (RULE 28)
AND METHOD OF OPERATION
TECHNICAL FIELD OF THE TNVFNTT(~N
This invention relates generally to the field of computer hardware apparatus configuration and more specifically to a system and method of programming and reprogramming a computer hardware apparatus utilizing an encryption key system.
,0 BACKGROUND OF THE NVEIVTTTnm Computer systems today incorporate and interface with a growing number of other devices. Ascertaining with a measure of accuracy that the interface 15 established is between an authorized party or device is often desirable to ensure proper use of computer hardware, software and data.
Solutions have been developed to ensure that data transferred between persons utilizing a computer 20 is only available to authorized parties. One such method of ensuring proper authorization is public key cryptography. Public key cryptography utilizes an encryption key set consisting of two keys. Generally available software can encrypt computer files using 25 either of the keys, such that the computer files are inoperable and unreadable until decrypted. Generally available software can similarly decrypt such encrypted files as long as a user can provide the appropriate complement to the key used to encrypt the 30 files.
SUBSTITUTE SHEET (RULE 26y Each key in the encryption/decryption key set ' can be used to encrypt data and its complement key can be used to decrypt data. However, it can be very difficult and very time consuming to determine one key in the set from knowledge of the other. This fact allows a user to make one key of the set public so that others can use this "public key" to encrypt messages prior to sending them to the user. The user keeps the complement, or "private key", secret so that only the user has the means to decrypt messages sent by someone using the public key.
Conversely, a user may use the private key to encrypt a message to be sent to another person. The message can only be decrypted if the recipient has access to the public key. In this way, the recipient can be assured that the author of the message was the holder of the private key. Additionally, if the sender of the message has disclosed the public key to only a small set of recipients, the sender of the message can be reasonably assured that only the intended recipients can decrypt the message, provided that care is taken to limit access to the decryption key.
Software providers can use this same encryption technology to control access to software. programs.
By encrypting files with one key, and providing the other key on a limited basis, software providers can prevent unauthorized use or copying of their product.
The above solutions, however, only address controlling access to data or a set of software objects. They fail to address security issues SU9ST1TUTE SHEET (RULE 26) surrounding computer peripherals and their interfaces.
One such peripheral is a Personal Computer Memory Card International Association (PCMCIA) card.
These computer cards meet the minimum compliance requirements of the PCMCIA standard (which is hereby incorporated by reference). PCMCIA cards are typically used to add functionality or memory to a personal, portable, or desktop computer ;i.e., host 10 computer), as described in the PCMCIA Standard. Many types cf PCMCIA cards are available, including input/output (I/O) PCMCIA cards that transfer data between a host computer system and an I/O bus, and data acquisition PCMCIA cards. Typically, data 15 acquisition cards receive and digitize analog information from sensors and temporarily store the information before transferring it to the host computer.
A typical PCMCIA card includes a standard PCMCIA
20 connector connected to a PCMCIA interface circuit through a standard PCMCIA bus. The PCMCIA interface circuit operates according to the standard PCMCIA
protocol to send data to and receive data from a host computer. The typical PCMCIA card also may include a 25 PCMCIA card controller that sends data to and receives data from the PCMCIA interface circuit and controls the operation of the functional hardware on the card. For example, if the PCMCIA card is a memory card, then the functional hardware is memory 30 (e.g., a bank of random access memory (RAM) chips or SU8ST1TUTE SHE~T (PULE 26) 4 PCTIUS98/22062 _ a hard disk drive) and the PCMCIA card controller controls reading and writing to the memory.
PCMCIA card controllers and interface circuits can be implemented as hardwired logic or as 5 programmable logic (e. g., one or more field programmable gate arrays (FPGAs). The programmable architecture of FPGAs is provided through programmable logic blocks interconnected by a hierarchy of routing resources. The devices are 10 customized by loading programming data into internal static rnem~ry cells. FPGA programming data are design-specific data that define the functional operation of the FPGA's internal blocks and their interconnections. Typically, when a PCMCIA card, 15 having the PCMCIA card controller and interface circuit implemented in an FPGA(s), is inserted in an operating (i.e., powered) host computer or is inserted in a powered down host computer that is then powered-up, the FPGA is programmed with FPGA
20 programming data stored in non-volatile memory (e. g., EPROM, EEPROM, Flash memory, etc.) on the PCMCIA
card. However, the memory required to store the FPGA
programming data generally consumes a measurable area of the PCMCIA card which could be used to provide 25 other functions within the PCMCIA card.
Additionally, since these cards are highly pilferable, security protocols should be established to ensure authorized use and programming of these configurable computer hardware devices, especially if 30 the device is intended to be used for and contains key information used to protect data or data access.
SUBSTITUTE SHEET' (RULE 26) WO 99/21094 PCT/US98/22062 _ Thus there is a need for an improved system and method of ensuring authorized and secure uselof a computer hardware apparatus.
There is also a need for an improved system of 5 ensuring authorized and secure programming of configurable computer hardware apparatus.
Additionally, there is a need for an improved system of ensuring authorized and secure programming of re-configurable computer hardware apparatus.
10 There is also need for an improved system of ensuring authorized and secure communication between re-configurable computer hardware appara~us and host computer systems.
Moreover, there is a need for a system of 15 preventing unauthorized execution of software programs on unauthorized hardware apparatus.
There is also a need for a system that fulf ills each of the described needs together in a single system solution.
SUBSTITUTE SHEET (RULE 26) WO 99121094 PCTIUS98/22062 _ SUMMARY OF INVENTION
The present invention provides a system and method for reconfiguring a secure hardware apparatus in a data-link system, wherein a data link system, 5 comprises a plurality of objects which exchange data, that substantially eliminates or reduces disadvantages and problems associated with previously developed systems and methods for reconfiguring hardware apparatus.
More specifically, the present invention provides a system and method of ensuring that a hardware apparatus in a data-link system can be operated cr.ly by an authorized user. The method comprises the steps of assigning a unique number, 15 possibly a serial number, to the hardware apparatus, generating at least one key or key set for the hardware apparatus which is based on the unique serial number of the hardware apparatus, distributing to an authorized user at least one data string from which the key set for the hardware apparatus can be derived to functionally enable the hardware apparatus, and inputting the data string into the hardware apparatus to either disable at least one level of functionality of the hardware apparatus if 25 an incorrect key set is derived from the data string, or to enable at least one level of functionality of the hardware apparatus if a correct key set is derived from the data string.
Additional embodiments of the reconfigurable 30 secure hardware apparatus of the present invention provide a method and system to ensure that the SUBSTITUTE SHEET (RULE 26) hardware apparatus can be utilized only by an authorized computer system or group of computer systems and a method and system for ensuring that the reconfigurable secure hardware apparatus can be 5 programmed only by an authorized user utilizing an authorized host computer system.
A further embodiment of the present invention ensures that neither the reconfigurable secure hardware apparatus nor the host computer system will .0 alone have sufficient information to allow a person who has obtained access to only one of either of the host computer system or the reconfigurable secure hardware apparatus to successfully operate the reconfigurable secure hardware apparatus with another 15 unauthorized computer system.
In a still further embodiment of the present invention, a portion of an encrypted code is recorded in a memory location within the reconfiaurable secure hardware apparatus and another portion cf the 20 encrypted code is recorded in the host computer.
This prevents an unauthorized person who obtains access to either the reconfigurable secure hardware apparatus or the host computer database, from discovering more than a portion of the correlating 25 relationship between an account number and the related personal serial number. The present invention also provides for the use of a changeable personal encryption key stored in a memory location.
A further embodiment of the present invention can 30 store multiple keys, one for each key set encompassed by the present invention. The storage takes place in SUBSTITUTE SHEET (RULE 26) WO 99/21094 PCT/US98/22062 _ an extension of the standard CIS (Card Information Structure) storage space of the PC-card.
Accordingly, it is an object of this invention to substantially improve the security protocols of a 5 computer hardware apparatus. A technical advantage of the present invention is that it provides a personal identity verification method wherein only part of the information necessary to correlate an account number to characteristic information is 10 available at any one accessible place within the terminal. system.
Another technical advantage of the present invention is that it can store an encrypted typed in password for apparatus operation authorization for 15 the entire device key sets, or additional passwords for individual key sets, that may be chosen by the user.
A still further technical advantage of the present invention is the combination of the ability 20 to prevent softcaare piracy and the ability to allow secure user communication via accelerated encryption in a single device.
SUBSTTTUTE SHEET (RULE 26) WO 99/21094 PCTIUS98/22062 _ BRIEF DESCRIPTION OF THE D~,B, TW_NCS
A more complete understanding of the present invention and advantages thereof may be acquired by referring to the following description taken in 5 conjunction with the accompanying drawings in which like referAnce numbers indicate like features and wherein:
FIGURE 1 is a system overview of one embodiment of the reconfigurable secure hardware apparatus of the present invention;
FIGURE 2 is a flow diagram of a method of assigning manufacturing key sets;
FIGURE 3 is « flow diagram of a user registration process according to one embodiment of the present invention;
FIGURE 4 is a flow diagram of a method of registration of software to enable the ~ase of the reconfigurable secure hardware apparatus of the present invention for piracy protection;
FIGURE 5 is a description of a method of machine registration;
FIGURE 6 is a flow diagram of a QARD plug-in procedure according to one embodiment of the present invention;
25 FIGURE 7 is a description of a method of password protection according to one embodiment of the present invention; and FIGURE 8 is diagram illustrating an embodiment of the reconfigurable secure hardware apparatus of the present invention.
SUBSTITUTE SHEET (RULE 26) IO
FIGURE 9 is a diagram illustrating a functional block of the reconfigurable computer hardware apparatus.
SUBSTITUTE SHEET (RULE 26) WO 99/21094 PCT/US98l22062 DETAILED DESCRIPTION OF THE INVE,NTTON _ Several embodiments of the present =nvention are described in detail below and in the FIGUREs, =ike numerals being used to refer to like and 5 corresponding parts of the various drawings.
However, ~,. should be understood that various changes, substitutions and alterations can be made hereto without departing from the spirit and scope of the inventicn.
.0 The present invention can be implemented using detachable cards teat are operable to be used on various c~mputi.~.g devices. For example, a detachable card could be used on a personal computer through a PCMCIA slot. The following description refers to i5 detachable cards used for personal computers (hereafter called "PC-Cards"), but the present invention can be applied to other types of computing devices as well.
One example of a PC-Card that could implement 20 the present invention is a reconfiaurabie secure hardware apparatus, or Reconfigurable-Computing (RC) card, such as those designed by QUICKFLEX INC., of Austin, Texas. Quick Qard Technology (QQT? is comprised of a family of several PC-Card products 25 that allow different software applications to define the hardware within the PC-Card specific for each application at the time that it is executed. These RC PC-Cards are nicknamed "QUICK QARDS" or "QARDS"
and can be used for a variety of standard or custom 30 interfaces, as well as for hardware accelerating software applications. Applications that can benefit SUBSTITUTE SHEET (RULE 26) from QQT include personal digital assistant interfaces, PC interfaces, industrial, emulation, video, audio, encryption, computer games, etc.
The security features of the reconfigurable 5 secure hardware apparatus of the present invention described herein can be used for access or piracy protection of third-party software. This third-party software may be comprised of configuration files of hardware apparatus for use within the PC-Cards, or i0 may be aeneral software not targeted to use the reconfigurable computing aspects of the PC-Cards.
The securit~~ features of the present invention can be implemented as a security system that can be adapted to other types of implementations beyond the QQT
15 products.
Protection of files containing documents, data, executable code, interpretive code or other intellectual property or information which must be protected is achievable using the described security 20 features of the present invention. Protection can be achieved by the use of various sets of public keys.
Half of each of the public key sets are stored in the PC-card, which is detachable and thus physically protectable, and half can be stored on the host 25 computer system. Additional security levels of flexible software defined adaptable encryption/decryption algorithms and flexible reconfigurable hardware implementable encryption/decryption algorithms can be implemented 30 within the reconfigurable computing PC-card that allow for customization of the security features.
SUBSTtTUTE SHEET (RULE 2B) For purposes of a complete understanding of the scope of the present invention, although reference is made to encryption/decryption algorithms, it should be clear that these are algorithms that are implemented in the reconfigurable computing functional circuits described more completely below for the purpose of hardware accelerating said algorithms. This may be separate from 'check word' algorithms implemented for the 10 purpose of enabling the different levels of security.
The later is used to enable the present invention to perform the final functionality of the reconfigurable computing platform for the device.
FIGURE 1 shows a system overview of one 15 embodiment of the present invention that provides protections for information in any form, whether to be kept internal or to be shipped externally, for individual users, groups of users and organizations.
FIGURE 1 demonstrates how Quick Qards 1, when used 20 with Anti-Piracy Software 3 and/or Communications &
Data Security software 5, result in a Secure Qard system 7. This Secure Qard system 7 can be further used with encryption/decryption key management and authentication software 9 to form an overall Quick 25 Secure system 11.
FIGURE 2 is a flow diagram for a method of assigning unique manufacturing key sets 30 to individual hardware apparatuses 34. Manufacturing key sets 30 can be used to ensure authorized feature 30 enablement of the various features offered by Quick Secure system 11 of FIGURE 1. At step 14 of SUBSTTtUTE SHEET (RUtE 26) FIGURE 4, a unique manufacturing serial number 32 is assigned to each hardware apparatus 34 at manufacture. Unique manufacturing serial number 32 is programmed into the CIS non-volitile memory at manufacturing. The seed value for generating manufacturing key set 30 can be based on unique manufacturing serial number 32 or can be derived by a variety of other methods or algorithms. Step 15 of FIGURE 2 corresponds to manufacturing key set 30 being generated from unique manufacturing serial number 32. Manufacturing key set 30 is the first of the multiple key sets used by the reconfigurable secure hardware apparatus of the present invention and may be referred to as level-zero key set (LOKS) 36 as shown in step 16. Manufacturing key set 30 can be generated and programmed into hardware apparatus 34 at the time it is manufactured. LOKS 36 comprises an encryption key (LOEK) 38 and decryption key (LODK) 40.
20 At step 18 of FIGURE 2 the unique manufacturing serial number 32 and the LODK 40 for a group of manufactured hardware apparatuses can be stored in step 18 in list file 42 for future use. Step 20 creates a registry data file 43 which comprises unique manufacturing serial number 32 and LOEK 38.
Registry data file 43 complements list file 42 in that LODK 40 and LOEK 38 must both be used to enable hardware apparatus 34. Registry data file 43 should be stored in a remote location from hardware 30 apparatus 34 to be accessed by the end user at a later time. This remote location may include a SUBSTITUTE SHEET (RULE 28) remote host computer system 86 as shown in step -50 of FIGURE 3 which may be accessed via a communication path such as the Internet.
It should be noted that a list of serial numbers 5 and key list for programming into the hardware apparatus could just as easily be generated in advance and given to the manufacturer so that generation of the information is no done on the site of a contract manufacturer who has no need for 0 knowledge cf the information that is not to be programmed into the physical hardware apparatus. At step 22, each hardware apparatus 34 is assigned a unique barcode 45 for manufacturing tracking purposes. Barcode 45 may be incorporated into list 1S file 42 and made to correspond to a particular unique serial number 32 and LODK 40 combination. Barcode 45 will ensure that the correct manufacturing serial number 32 and LODK 40 pair are programmed into hardware apparatus 34 during testing of hardware apparatus 34 in step 24. Following testing, hardware apparatus 34 can be packaged in step 26 with a certificate 46 containing the unique manufacturing serial number 32, LODK 40 and barcode 45. This will allow a hardware apparatus 34 designer to ensure that 25 a hardware apparatus 34 registered after purchase was authorized for manufacture by the designer to prevent manufacture of copies of the design by an unauthorized manufacturing house. In step 28 the product is shipped.
30 During product registration and enablement, which can occur by mail, e-mail, or other electronic SUBSTITUTE SHEET (RULE 26) means, unique manufacturing serial number 32 and LOEK
38 (or the manufacturing encryption public key of the set) can be given back to the card designer. This allows the registration information to be checked 5 against registry data file 43 (which comprises a list of approved manufactured PC-Cards) for validity.
Also, a card designer can ascertain if a given PC-Card has been previously registered to insure that no un-authorized PC-Card copies with copies of the CIS
.0 are being manufactured, as each PC-Card should have a unique code.
FIGURE 3 illustrates one potential registration process for the present invention. In step SO a communication data patr. is established between a 15 local computer system 84 and a host computer system 86 wherein hardware apparatus 34 is installed in the local computer system 84. The communication data path may take the form of an Internet connection to a "QUICKFLEX" website. A software object operating 20 within host computer system 86 may offer the user a variety of options concerning hardware apparatus 34 wherein the user can select to register the hardware apparatus 34 with the designer in step 52.
Step 54 of FIGURE 3 corresponds to a 25 registration process that can require the user to supply registration information 88 comprising name, email address, information regarding where the hardware apparatus 34 was purchased, and the like.
This will allow tracing back to the source of 30 unauthorized hardware apparatus 34 manufacturing.
Most importantly, the user will be prompted to supply SUBSTITUTE SHEET (RULE 26) WO 99/21094 PCT/US98I22062 _ either a certificate number which corresponds to.
barcode 45 of FIGURE 2 or to unique manufacturing serial number 32 and LODK 40.
In step 56 a check is performed to determine if 5 hardware apparatus 34 support software 90 is installed on local computer system 84. 3ased on the results of this check a decision is made in step 58 to either download and install the necessary software support 90 at step 60 or to proceed to step 62. Step 10 62 provides for establishing a secure link 92 between hardware apparatus 34 and host computer system 86 i~
software 90 is present on local computer system 84.
Secure ?ink 92 provides for the transfer of unique manufacturing serial number 32 and LODK 40 from a 15 programmed memory location within hardware apparatus 34 to host computer system 86.
At step 64 of FIGURE 3 the user is required to manually enter barcode 45 or the unique manufacturing serial number 32 and LODK 40 pair. At step 66, a 20 verification is performed on manually entered barcode 45 or unique manufacturing serial number 32 and LODK
40 pair against a copy of unique manufacturing serial number 32 and LODK 40 transferred from a programmed memory location within hardware apparatus 34. If the 25 verification fails the user is prompted with an error message at steep 68 to return to registration data entry process step 54. If the verification is successful, additional verifications are made in step 70 to verify that unique manufacturing serial number 30 32 is contained within registry data file 43 and in step 72 to verify that hardware apparatus 34 has not SUBSTITUTE SHEET (RULE 26) WO 99/21094 PCTIITS98/22062 _ been previously registered. Any problems associated .
with these verifications force the user ~o contact the designers concerning the registration error as shown in step 74 so that the problem can be identified and resolved.
Registry data file 45 is updated in step 76 of FIGURE 3 to include the information associated with unique manufacturing serial number provided in step 54. To further prevent misappropriation or 10 unauthorized use of hardware apparatus 34, step 78 generates a new LCKS 36 comprising a new LODK 40 and a new LOEK 33. At step 80, a secure link is again established between hardware apparatus 34 and host computer system 86 allowing host computer system 86 to reprogram new LODK 40 into a memory location of hardware apparatus 34. A new LOEK 38 is also downloaded to the user that can be recorded on certificate 46 or programmed directly into a memory location of hardware apparatus 34. Registry data file 43 is also updated with the new LOKS 36 in step 82.
An important technical advantage associated with the present invention allows a software vendor to prevent unauthorized use of its proprietary software.
Software or configuration file vendors or authors can use the LOKS 36 encryption key for providing an access code for licensing or allowing their Intellectual Property (IP) contained in virtual hardware objects for the RC system to be accessed by 30 one and only one Secure Qard user. They may also limit the time span in which their IP is accessible SUBSTITUTE SHEET (RULE 28) or limit the number of times their IP is accessible to the user with other security provisicns. Vendors can also use an on-line card designer's public key listing of users, provided that users allow this at S registration time, to verify that a given user is registered for utilizing the secure authorization code.
FIGURE 4 is a flow diagram of a method of registration of software to enable the ~~;se of the i0 current inventicn for software piracy protection.
The user establishes a communication path in step 90 via the Internet or other means between local computer syrstem 84 containing hardware apparatus 34 and a vendor (host) computer system 86. In step 92, 15 the user is prompted by software vendor computer system 86 to select an option allowing the user to register a software application 434. Step 94 requires the user to supply registration information 120 which may be comprised of name, emaii address, 20 information regarding where software application 434 was purchased, the unique software registration number 124 and the like to vendor computer system 86.
Vendor computer system 86 can access unique manufacturing serial number 32 of hardware apparatus 25 34 directly from a memory location within hardware apparatus 34 as shown in step 96. In step 98, vendor computer system 86 establishes a communication path to software registry database 122. Software registry database 122 may be contained in a third computer 30 system 424 and can comprise a website, such as QUICKFLEX INC.'s registry website. At step 102, SUBSTITUTE SHEET tRULE 26) WO 99121094 PCT/ITS981Z2062 _ unique software registration number 124 ~.s submitted to the third computer system 424 software registry database 122.
In step 104 unique software registration number 5 124 is compared to the entries in software registry database 122 to determine if it is a valid unique software registration number 124. If unique software registration number 124 is not valid, an error message will be generated at step 106 that is echoed 10 by ;rendor computer system 86 to the user in step 108.
If unique software registration number '_24 is valid, vendor computer system 86 can supply a software authorization code 326 in step 110 to be sent to third computer system 424.
15 At step 112, third computer system 424 generates a software run code 128 for hardware apparatus 34.
Software run code 128 is transmitted to vendor computer system 86 which echoes it to hardware apparatus 34. Software run code 128 can allow the 20 vendor software to be installed on the ocal computer system or the vendor software can verify the presence of software run code 128 on hardware apparatus 34 before executing the vendor software. Both the authorized installation of the vendor software on a 25 given local computer system 32 and the authorized execution of the vendor software are thus ensured.
At step 116, a counter 750 counts upward by one for each software run code 128 sent to vendor computer system 86 to account for possible royalty 30 payments. In step 118, software vendor computer SUBSTITUTE SHEET (RULE 26) WO 99/21094 PCT/US9$/22062 system 86 sets a license in place for the user to use the software.
An important technical advantage associated with the present invention allows hardware apparatus 34 to 5 be operated not only by a specific user but also only on a specific local computer system 84. vocal computer system 84 may comprise a group of individual computers. FIGURE 5 is a method of ensuring that hardware apparatus 34 is utilized only by authorized 10 local computer systems 84. FIGURE 5 uses the QUICK
QARD system of FIGURE 1 for illustrative purposes, but any secure hardware apparatus, reccnfigurable or not, of the present invention can be used instead.
Support software 90 of hardware apparatus 34 is 15 installed and executed on the local computer system 84. A communication path is established between hardware apparatus 34 and local computer system 84.
A verification is made to determine if hardware apparatus 34 is password protected. If so, a valid 20 password must be supplied before proceeding. Support software.90 will verify if unique manufacturing serial number 32 of hardware apparatus 34 is in a registry list 130 maintained on local computer system 84. If unique manufacturing serial number 32 of 25 hardware apparatus 34 is not in registry list 130, the user must register hardware apparatus 34. The list of authorized host ID's permutated with the unique serial number or key set information could also be stored within the EEPROM memory of the 30 apparatus for allowing apparatus enabling on a SU8ST1TUTE SHEET (RULE 26) particular machine as well. In this case the host IE
must be registered with the apparatus.
One such registration method is described in FIGURE 5. Both software and hardware must be 5 installed and registered for each computer in local computer system 84. This feature allows a PC-Card to be locked for use on one or a group of r-,achines.
Registration with a card designer can insure that if a LOEK 3B certificate or a password is forgotten or 10 lost, the PC-Card can be reprogrammed to erase the password and create a new manufacturing LOKS 36 for the PC-Card, or to program a recoverable SN & Keyset on the registered user's request. This -insures that no encrypted data may be compromised.
15 Memory space in the CIS memory device can be made available for the purpose of holding an encrypted password defined by the user. In such fashion, the present invention can insure that the PC-Card is only used by that user. This memory space 20 can be left cleared at test (all zero's; and can be enabled for password protection if the purchaser decides to activate that feature. Users may define any password they wish and the entry can then be encrypted using the LOEK 38 that resides on the 25 machine during the initial setup of the. PC-Card after purchase. When password checks are made, the encrypted password programmed into the PC-Card can be decrypted using LODK 40 and can be checked against the typed in value.
30 PC-Cards implementing the current invention can also be configured to only execute on a specific SUBSTITUTE SHEET (RULE 26) WO 99/21094 PCT/US98I22062 _ machine or group of machines with the use of _ passwords, thus making the PC-Card hardware of little use in the event it is stolen. FIGURE 5 provides a detailed description of one method of machine registration.
FIGURE 6 is a flow diagram of a QARD plug-in procedure according to one embodiment oz the present invention. Ir. step 150, hardware apparatus 34 is installed in a local computer system 84. A check is 10 performed in step 152 to determine the presence in local computer system 84 of the necessary support software 90. If support software 90 is not present, the QARD plug-ir. procedure terminates and the support software 90 must be installed before resuming with the QARD plug-in procedure.
Hardware apparatus 34 may be protected by a password and step 154 tests to determine if password protection is enabled. If password protection is enabled, the password must be provided -n step 156.
20 At step I58 the provided password is encrypted using LOEK 38. If the provided password matches the password stored in a memory location on hardware apparatus 34, then at step 160 the plug in procedure is allowed to proceed. Furthermore, hardware 25 apparatus 34 may be protected by a verification step, to verify authorization by local computer system 84, requiring the input of a match to unique serial number 174 provided by local computer system 84 (such as by a hard disk drive serial number). Hardware 30 apparatus 34's use is not permitted unless the unique serial number 174 inputted at step 162 matches the SUHSTiTUTE SHEET tRULE 26) unique serial number 174 stored in local computer system 84. Step 164 determines if the inputted serial :umber 174 is a match. If it is, than the QARD plug-in procedure is complete.
5 Unique serial number 174 is generated during the user registration process as described above for FIGURE 3. It can be stored either in hardware apparatus 34 memory or in local computer system 84 memory. If unique serial number 174 does not match w0 at step 164, then the user registration process of FIGURE 3 must be performed in steps 168-172 of FIGURE
5 to complete the QARD plug in procedure.
FIGURE 7 is a description of a method of password protection according to one embodiment of 15 the present invention which additionally is illustrated as part of the flow diagram presented in FIGURE 6. Steps 1S4-160 of FIGURE 6 correspond to this method of password protection.
FIGURE 8 illustrates another embodiment of the 20 reconfigurable secure hardware apparatus of the present invention. Reconfigurable hardware apparatus 100 interfaces with a host computer system 200 or with another hardware apparatus. Reconfigurable hardware apparatus 100 may be divided into three 25 modules, a configuration control module 300, a configuration status module 400 and a functional module 500. Host computer system 200 interfaces with reconfigurable hardware apparatus 100 by way of data input/output bus 202. Input/output bus 202 is shown 30 accessing four control data registers, 304a, 304b, 304c and 304d, inside configuration control module suesr~u~ sHeFr ~AUC.s 2s~
300 and two status data registers, 306a and 306b_, inside configuration status module 400. Control data registers 304a-304d provide a temporary storage location for data transmitted or received from data 5 input/output bus 202. While this embodiment of the reconfigurable secure hardware apparatus of the present invention has been described with four data registers, it can have more or less registers, as needed.
.0 Code Generator (CG) 310 accepts input data from data register 304b to generate a check data word.
The check data word generated by CG 310 can be LOKS
36. Multiple generated check words can be generated for different security features for enabling the 15 separate security features of the invention. Since the features described are security related, a process or algorithm for generating the check data words should be kept as a trade secret for an organization producing reconfigurable hardware 20 apparatus 100. The process chosen should yield as output check data words that are not easily determined from the input data to the process, which could be comprised of manufacturing serial number 32, and should have properties that output a pseudo-25 random sequence that is sufficient in length to not easily be guessed by trial and error.
The embodiment of the reconfigurable secure hardware apparatus of the present invention described herein is only one of many possible implementations 30 and is provided for illustrative purposes only. The focus of this embodiment of the present invention is SUBSTITUTE SHEET (RULE 26) the way in which CG 310 is used to realize the security features described. The check data words outputted by CG 310 can be checked with code comparator (CC) 312 against an input check value 5 stored in data registers 304c and 304d, which together comprise the Code Check Register (CCR) 314.
The input check value stored in CCR 314 can be comprised oz LOEK 38 and LODK 40 and can also be user inputted. CCR 314 can be a register having a length 20 equal to the iengLh of the CG 310 check data word output and can be written to allow an authorization check of the reconfigurable hardware apparatus 100 feature being used. Longer check data words may require multiple CCRs 314 if they extend beyond the 15 host computer system 200 data bus width. The values written to CCR 314 may be provided in several different manners depending on what feature of reconfigurable hardware apparatus 100 is being authorized.
20 CC 312 performs a bit-by-bit check of the CG 310 check data word output and the entered CCR 314 value to determine if the feature authorization check passes or fails. If the feature authorization check passes, CC 312 generates a high digital bit output (a 25 digital "1") and forwards it to configuration and control gates 318, which is comprised of a plurality of "AND" logic gates 700 corresponding to the plurality of features of reconfigurable hardware apparatus 100. These features include, but are not 30 limited to, product enable check 319, HDD ID enable SU6ST~TUTE SHEET (RULE 26) WO 99121094 PCT/US98/22062 _ Check 320, Flash write enable 322, password enable 324 and Configuration File Vendor Enable 326.
Control register 316 receives an input from host computer system 200 through data registers 304a and 304b to select one or more of the features of reconfigurable hardware apparatus 100. Based on the input received from data registers 304a and 304b, control register 316 will generate a high digital bit output (""'; as an input for the selected features 10 and a low digital bit output ("0"? as an input for alI the other features. The AND gates 700 for the selected features will therefore have two high digital b=t inputs and will output a high digital bit as an input to their corresponding pull-down 15 resistors 350 in configuration status module 400, thereby allowing access to the corresponding feature in functionality circuit 500 as directed by host computer system 200. The pull down resistors are necessary _~ it is possible that the Security Login 20 Module 300 disappears due to the module being implemented within the FPGA of the RC hardware apparatus 100.
In this manner, configuration status module 400 can be instructed to reprogram and enable the various 25 features of functionality circuit 500 depending on which features are so selected. Functional Module 500 may receive virtual hardware objects for performing applications specific tasks within the reconfigurable computing hardware apparatus FPGA.
30 Additionally, status data registers 306a and 306b can interface with host computer system 200 through data SUBSTITUTE SHEET (RULE 26) input/output bus 202 to communicate the configuration of functionality circuit 500 to host computer system 200.
Representative input check value sources for the 5 various features of reconfigurable secure hardware apparatus 100 for the various embodiments of the present invention are shown in the following table:
Security Feature: CCR 14 Source:
Product Operation finable 1 portion cf Product Enable Cert=~icate Code (After 1st authorization, the code is programmed into FLASH memory of the hardware apparatus for automated driver access) New Machine Operation 2nd portion of Product Registration Enable Cert'_yicate Code (never programmed into FLASH memorr of t he hardware apparatus, always required to be typed in) Machine Operation Enable Read by driver from a list of HDD codes entered in FLASH memory of the hardware apparatus and each checked until a match is found or the list is exhausted. The HDD ID's are obtainable by reading this list, as the values are the results of CG's of SUBSTITUTE SHEET (RULE 26) previously authoriz~d~
machines.
Password Operation Enable Read by the driver from the FLASH attribute memory and programmed into the CCR. The password is not obtainable =rpm looking at the CG result of the password.
Anti-Piracy Operation Written by application Enable (this feature may software program contain. a vendor defined specific CG different from what is used in QQT
features) FIGURE 9 provides a functional block diagram 400 of the reconfigurable computing hardware apparatus used to illustrate the reconfigurable computing 5 operations that the present invention makes possible.
EEPROM 410 provides CIS memory, key memory, and password storage functions. Programmable Logic Device 420, which may be an application specific integrated circuit provides interface/configuration/and status 10 register functions. In addition, the security feature circuit (block 300, FIGURE 8), which may be within FPGA 420 or within PLD configuration register 430, provides the necessary implementation for these functions. Field programmable gate array 420 SUBSTITUTE SHEET (RULE 26) implements security feature circuit functions of the present embodiment. Either a programmable logic device or field programmable gate array 420 may make possible the reconfigurable computing functional 5 circuits. Virtual hardware objects 500 of FIGURE 8, attentively, may also provide Chese functions. Host bus interface socket 440 includes a 68-pin PCMCIA
connector. Other components of FIGURE 9, including the various generic items such as oscillators 450, 10 expansion connectors 460 and 470, RAM 480, or other features provide the ability to apply the reconfigurable computing to a desired application.
The _o~liowina paragraphs provide a descr~.ption of several additional features and terms fcr the 15 different embodiments of the reconfigurable secure hardware apparatus of the present invention and their operation.
20 Level -One :Cey set . ; ~~ x. ~ ~ ~Jser Publ~ c KPv A L1KS space can be provided for a user to generate and define a key set specific for that user which is not registered with the card designer and is kept secret by the user. The L1KS can be stored just 25 like LOKS 36. Password space for a level-one password (L1PW) can also be allocated in the CIS and can execute in the same manner as the level-zero password (LOPW) .
The LIKS can be generated by the user and thus 30 there are no guarantees that the code is unique. The bit length can be long enough, however, to insure SU6STtTUTE SHEET (RULE 26) that it is improbable that the key set is in use by , another user. The bit length of this ke~r can differ in length from LOKS 36. The user public key _s a secure key set and may be changed by the user over time.
This key is useful when the information is intended only for the user. Even so, however, a further advantage of the present invention is that several PC-Cards may be programmed with the same LiKS
10 for project sharing access. The key set for the group could be common to all PC-Cards used by the group. An example of usage of this key is for encrypting and decrypting information regardi:.g a common project where access is required by multiple 15 project members. Members of the group may be local or remote and may securely exchange data utilizing this key.
Additional Key sets The present invention contemplates that the number of key sets can be expanded beyond the two sets defined in the above sections.
File Header Information This section describes how one embodiment of the present invention uses header information of an encrypted file which utilizes the security features of the present invention.
SUBSTITUTE SHEET (RULE 2B) A file header can contain the following -_ information in addition to the normal file header information normally found in files for a particular operating system. The present embodiment could wrap this additional header information around the information indicated.
The following is a description of an embodiment of the present invention implemented USING a QQT card of QUICKFLEX INC. with two encryption levels.
QQTSL: (0,1) Quick PC-Card Technology Security Level 0 or 1 KIND Kind of file AN The name of the encryption algorithm used in encrypting the file.
LnEK Level-n Encryption Key used for encrypting the file EMD Encrypted Message Data EFD Encrypted File Data OOTSL ( 1 or 1 ) : QUICK P~'-Ca;r~ Technology SP,~ur Level 0 or 1:
This information can indicate the security level of the key used for the encryption process. QQTSLO
and QQTSL1 correspond to the LOKS and L1KS, respectively, used in the PC-Card.
KIND: Kind of File This information indicates one of the following kinds of files:
SUHST1TUTE SHEET (RULE 26) WO 99/Z1094 PGT/US98/22062 _ QQT: model Quick PC-Card Technology configuration file for specified PC-Card model.
EXE: type Executable file for defined type of machine and operating system.
OTHER Other kind of file.
The QQT PCMCIA driver during a configuration load can automatically decrypt QQT files using the .. specified algorithm. During the load process by an application program, information in the file for a window message can be displayed indicating information the author wishes to be displayed and the user must respond to the window to continue 10 execution. Notices such as "QQT Module: name ~.s the property of Company XYZ and may not be sold or distributed without the prior written consent of Company XYZ". This enables the author to freely distribute hardware apparatuses for PC-Cards, 15 allowing possible developers who may be interested in licensing the hardware apparatuss the ability to evaluate the work prior to agreeing to license rights to the work. Encrypted configuration files may be encrypted for use only with certain PC-Cards to 20 protect against mass unauthorized distribution of the intellectual property. Generation of unique encrypted hardware apparatuss for target evaluation PC-Cards can be done automatically and transparently through a web site. The requesting party can be SUBSTtTUTE SHEET (RULE 26) WO 99/21094 PCT/US98I22062 _ required to have a PC-Card and register the PC-Card at the site in order to build an encrypted configuration file of the hardware apparatus for evaluation purposes.
AN: Algorithm Name Encryption algorithms used to encrypt or decrypt files can be changed over time. Groups of users or a software vendor may develop their own custom 10 algorithm. Algorithms may be executed as software or as hardware within a RC PC-Card, provided the RC PC-Card has enough gate capacity to execute the defined algorithm in hardware. For example, the QQT driver has a default algorithm built into it that is 15 executed in software as data is passed through the PC-Card for configuration file protection purposes.
Algorithms utilizing run time authorization codes, date expiration codes, or other access limits may utilize additional external information other 20 than that found in the encrypted file Lhat needs to be supplied by the source of the encrypted data for access.
suesTiru~ sHFF-r tRU~ Zs~
Level i 0 or 1 ) En ryt~t i ~~n K
This information is the Public Key encryption Key used for encrypting the file. This key can be originally supplied by a receiver and made public.
5 The key length can be derived from the QQT SECURE
FILE indication on the first line. It is included in the file so that an easy and fast determination of the target destination for the data can be verified.
i0 FMD: ~'ncr;.Tpted Message Data The EMD contains information regarding the contents o= the file that may be decrypted and looked at quicklfT without decrypting the entire EFD. For example, the EMD for a QQT configuration file is 15 displayed in a window whenever the file is loaded.
Certain algorithms may also utilize the ~MD to transmit an additional encrypted key for decr~~pting the EFD with a non -public key algorithm. In other words, the security system may use public key to 20 secretly transmit a separate secure key.
OFD: Encry~ted Fi1_e Data The EFD contains the encrypted file data including original operating system header 25 information.
Purchased Autho_r,_'zat,_'ons of Software An additional technical advantage the present invention is to allow flexibility for software 30 distributors. For example, the software distributor could freely distribute software or provide the SUBSTITUTE SHEET (RULE 26) software in a freely downloadable format to the_ public, but in order for the software to be executed, a valid authorization code must be present. The software vendor could create an authorization code 5 that corresponds to a specific PC-Card encompassing the present invention. Just as configuration files for the PC-Cards can be obtained via a web page, authorization codes to run software can be purchased via a web page. Each user would need only one PC-~0 Card to allow authorization of running any software utilizing r_he piracy aspects of the invention. Each software vendor may also define their own algorithms for protecting their software using the PC-Cards. A
machine could run the software as long as the 15 authorization codes for the particular QARD used in this system is present to validate the execution of the software. A further embodiment of the invention would allow a database of authorized QARD users to be made available to software vendors.
20 A further embodiment of the invention cculd use RC aspects of a PC-Card in order to allow the user to define hardware encryption / decryption algorithms that could be changed over time.
Although the present invention has been 25 described in detail herein with reference to the illustrative embodiments, it should be unders~ood that the description is by way of example only and is not to be construed in a limiting sense. It is to be further understood, therefore, that numerous changes 30 in the details of the embodiments of the invention and additional embodiments of the invention will be SU6STITUTE SHEET (RULE 26) apparent to, and may be made by, persons of ordinary skill in the art having reference to this descriFtion. It is contemplated that all such changes and additional embodiments are within the 5 spirit and true scope of the invention as claimed below.
SUBSTITUTE SHEET (RULE 28)
Claims (27)
1. A reconfigurable computing system for incorporating into a personal computer Portable removable interface, comprising:
reconfigurable computing circuitry comprising flexibly configurable circuitry for enabling a plurality of security features;
memory circuitry associated with said reconfigurable computing circuitry for storing a plurality of personal security information, and said reconfigurable computing circuitry and said memory circuitry packaged for portable association along with a personal computer.
reconfigurable computing circuitry comprising flexibly configurable circuitry for enabling a plurality of security features;
memory circuitry associated with said reconfigurable computing circuitry for storing a plurality of personal security information, and said reconfigurable computing circuitry and said memory circuitry packaged for portable association along with a personal computer.
2. The reconfigurable computing system of Claim 1, further comprising circuitry for changing data protection cryptography algorithmic hardware for accelerating the operation of hardware implementation security algorithms associated with said reconfigurable computing circuitry.
3. The reconfigurable computing system of Claim 1, wherein said personal security information comprises a public key set.
4. The reconfigurable computing system of Claim 1, wherein said personal security information comprises a private key set.
5. The reconfigurable computing system of Claim 1, further comprising:
a data input/output system to allow a transfer of data between the reconfigurable secure hardware apparatus and a first host computer system;
a plurality of data registers to accept at least one data input from the data input/output system;
a code generator to accept at least one data input from at least one data register and generate an output code;
a code comparator to compare an authorization code stored in at least one data register to the output code of the code generator and send a signal representing whether the authorization code and the output code are identical;
a control register which specifies to a plurality of logic circuits which functions of the reconfigurable secure hardware apparatus are to be examined for enablement wherein the plurality of logic circuits provide at least one signal to a configuration register based on the input of the code comparator and control register; and at least one functionality circuit operably connected to the configuration register wherein the functionality of the functionality is specified by the configuration register.
a data input/output system to allow a transfer of data between the reconfigurable secure hardware apparatus and a first host computer system;
a plurality of data registers to accept at least one data input from the data input/output system;
a code generator to accept at least one data input from at least one data register and generate an output code;
a code comparator to compare an authorization code stored in at least one data register to the output code of the code generator and send a signal representing whether the authorization code and the output code are identical;
a control register which specifies to a plurality of logic circuits which functions of the reconfigurable secure hardware apparatus are to be examined for enablement wherein the plurality of logic circuits provide at least one signal to a configuration register based on the input of the code comparator and control register; and at least one functionality circuit operably connected to the configuration register wherein the functionality of the functionality is specified by the configuration register.
6. The reconfigurable secure hardware apparatus of Claim 5, wherein the at least one functionality circuit further comprises at least one external input/output bus connector.
7. The reconfigurable secure hardware apparatus of Claim 5, wherein reconfigurable secure hardware apparatus comprises a PCMCIA card.
8. The reconfigurable secure hardware apparatus of Claim 5, wherein at least one data register is used as a code check register to provide an input to the code comparator.
9. A method for reconfigurable computing security features for a personal computer modem card interface for ensuring hardware apparatus operation in a data-link system only by an authorized user, comprising:
enabling a plurality of security features using a reconfigurable computing circuitry comprising flexibly configurable circuitry;
storing a plurality of personal security information sets using a memory circuitry associated with said reconfigurable computing circuitry; and packaging said reconfigurable computing circuitry and said memory circuitry for association within a personal computer.
enabling a plurality of security features using a reconfigurable computing circuitry comprising flexibly configurable circuitry;
storing a plurality of personal security information sets using a memory circuitry associated with said reconfigurable computing circuitry; and packaging said reconfigurable computing circuitry and said memory circuitry for association within a personal computer.
10. The method of Claim 9, further comprising the steps of changing data protection cryptography algorithmic hardware for accelerating the operation of hardware implementation security algorithms associated with said reconfigurable computing circuitry.
11. The method of Claim 9, further comprising the steps of:
assigning a unique identification number to the hardware apparatus;
generating a first level-zero security information set for the hardware apparatus wherein the first level-zero security information set is based on the unique identification number of the hardware apparatus;
distributing to an authorized user at least one data string from which can be derived the first level-zero security information set for the hardware apparatus to functionally enable the hardware apparatus; and inputting into the hardware apparatus the at least one data string wherein at least one level of functionality of the hardware apparatus is disabled if an incorrect first level-zero security information set is derived from the data string and at least one level of functionality of the hardware apparatus is enabled if a correct first level-zero security information set is derived from the data string.
assigning a unique identification number to the hardware apparatus;
generating a first level-zero security information set for the hardware apparatus wherein the first level-zero security information set is based on the unique identification number of the hardware apparatus;
distributing to an authorized user at least one data string from which can be derived the first level-zero security information set for the hardware apparatus to functionally enable the hardware apparatus; and inputting into the hardware apparatus the at least one data string wherein at least one level of functionality of the hardware apparatus is disabled if an incorrect first level-zero security information set is derived from the data string and at least one level of functionality of the hardware apparatus is enabled if a correct first level-zero security information set is derived from the data string.
12. The method of Claim 11, further comprising the steps of:
forming the first level-zero security information set with a first encryption code data string and a first decryption code data string;
programming the unique identification number and the first level-zero security information set into a memory location of the hardware apparatus;
distributing the unique identification number and the first decryption code to the authorized user of the hardware apparatus;
separately distributing the first encryption code to the authorized user;
entering the unique identification number, the first encryption code, and the first decryption code into at least one data register of the hardware apparatus;
verifying the unique identification number entered into the at least one data register of the hardware apparatus matches the unique identification number programmed into the memory location of the hardware apparatus disabling at least one level of functionality of the hardware apparatus if the entered unique identification number does not match the programmed unique identification number; and combining the entered first encryption code and the entered first decryption code to form the data string through the use of an algorithm.
forming the first level-zero security information set with a first encryption code data string and a first decryption code data string;
programming the unique identification number and the first level-zero security information set into a memory location of the hardware apparatus;
distributing the unique identification number and the first decryption code to the authorized user of the hardware apparatus;
separately distributing the first encryption code to the authorized user;
entering the unique identification number, the first encryption code, and the first decryption code into at least one data register of the hardware apparatus;
verifying the unique identification number entered into the at least one data register of the hardware apparatus matches the unique identification number programmed into the memory location of the hardware apparatus disabling at least one level of functionality of the hardware apparatus if the entered unique identification number does not match the programmed unique identification number; and combining the entered first encryption code and the entered first decryption code to form the data string through the use of an algorithm.
13. The method of Claim 11, wherein the algorithm utilized to combine the first encryption code and the first decryption code is an adaptable encryption/decryption algorithm.
14. The method of Claim 11, further comprising registering the hardware apparatus, comprising the steps of:
establishing a communication path from the hardware apparatus to a host computer system;
choosing an option to register the hardware apparatus from a plurality of options offered by a software object operating on the host computer system;
supplying registration information which identifies the authorized user and the unique identification number for the hardware apparatus;
determining if a software application to operate the hardware apparatus is present on an authorized user's computer;
transferring the software application to the authorized user's computer if the software application is not present on the authorized user's computer;
establishing a secure link utilizing the software application from the memory location of the hardware apparatus to the host computer system;
transferring the unique identification number for the hardware apparatus and the first decryption code to an encryption/decryption database inside the host computer system;
verifying that the hardware apparatus has not been previously registered with a registration database located on the host computer system, and wherein at least one level of functionality will be disabled if the hardware apparatus has been previously registered;
updating the registration database located on the host computer with the registration information;
and transferring the first encryption code to the hardware apparatus.
establishing a communication path from the hardware apparatus to a host computer system;
choosing an option to register the hardware apparatus from a plurality of options offered by a software object operating on the host computer system;
supplying registration information which identifies the authorized user and the unique identification number for the hardware apparatus;
determining if a software application to operate the hardware apparatus is present on an authorized user's computer;
transferring the software application to the authorized user's computer if the software application is not present on the authorized user's computer;
establishing a secure link utilizing the software application from the memory location of the hardware apparatus to the host computer system;
transferring the unique identification number for the hardware apparatus and the first decryption code to an encryption/decryption database inside the host computer system;
verifying that the hardware apparatus has not been previously registered with a registration database located on the host computer system, and wherein at least one level of functionality will be disabled if the hardware apparatus has been previously registered;
updating the registration database located on the host computer with the registration information;
and transferring the first encryption code to the hardware apparatus.
15. The method of Claim 11, wherein the step of separately distributing the first encryption code to the authorized user is accomplished after the authorized user has registered the hardware apparatus.
16. The method of Claim 11, wherein the step of establishing a communication path from the hardware apparatus to a host computer system comprises utilizing a local computer system to navigate to an Internet web site operated by a host computer system.
17. The method of Claim 11, wherein the step of establishing a communication path from the hardware apparatus to the host computer system comprises a secure communication path utilizing an Internet connection to the host computer system.
18. The method of Claim 11, wherein registration of the hardware apparatus further comprises the steps of:
generating a second level-zero security information set from a second data string that is different from the first level-zero security information set generated using the first data string;
generating a second encryption code and a second decryption code based on the second level-zero security information set;
updating the encryption/decryption database inside the host computer system with the second level-zero security information set, the second encryption code and the second decryption code associated with the unique identification number for the hardware apparatus;
erasing the first level-zero security information set from the memory location of the hardware apparatus;
programming the hardware apparatus with the second level-zero security information set wherein the second level-zero security information set may be used in place of the first level-zero security information set for any later registration events;
and distributing to an authorized user a second decryption code comprising at least one data string from which can be derived the second level-zero security information set for the hardware apparatus which may be used in place of the first level-zero security information set for any later registration events.
generating a second level-zero security information set from a second data string that is different from the first level-zero security information set generated using the first data string;
generating a second encryption code and a second decryption code based on the second level-zero security information set;
updating the encryption/decryption database inside the host computer system with the second level-zero security information set, the second encryption code and the second decryption code associated with the unique identification number for the hardware apparatus;
erasing the first level-zero security information set from the memory location of the hardware apparatus;
programming the hardware apparatus with the second level-zero security information set wherein the second level-zero security information set may be used in place of the first level-zero security information set for any later registration events;
and distributing to an authorized user a second decryption code comprising at least one data string from which can be derived the second level-zero security information set for the hardware apparatus which may be used in place of the first level-zero security information set for any later registration events.
19. The method of Claim 11, wherein the communication path between the hardware apparatus and the host computer system is contained within a secure connection.
20. A method of ensuring that a hardware apparatus in a data linked system can be operated only with an authorized local computer system comprising the steps of:
assigning a first unique identification number to the hardware apparatus;
assigning a second unique identification number to the authorized local computer system that can be accessed by the hardware apparatus;
generating a first level-zero security information set for the hardware apparatus which is formed from a first decryption code and a first encryption code;
distributing to the authorized user the first decryption code from which can be derived the first level-zero security information set for she hardware apparatus which is based on the first unique identification number to functionally enable the hardware apparatus;
programming the first unique identification number, the first decryption code, a copy of the second unique identification number and the first level-zero security information set into a memory location of the hardware apparatus;
inputting into the hardware apparatus the first encryption code which combines with the first decryption code to form a data string corresponding to the first level-zero security information set wherein at least one level of functionality of the hardware apparatus is disabled if the data string does not exactly match the first level-zero security information set;
verifying that the second unique identification number or the authorized local computer system exactly matches the copy of the second unique identification number programmed into the memory location of the hardware apparatus wherein at least one level of functionality of the hardware apparatus is disabled if the second unique identification number of the authorized local computer system that can be accessed by the hardware apparatus does not exactly match the copy of the second unique identification number programmed into the memory location of the hardware apparatus.
assigning a first unique identification number to the hardware apparatus;
assigning a second unique identification number to the authorized local computer system that can be accessed by the hardware apparatus;
generating a first level-zero security information set for the hardware apparatus which is formed from a first decryption code and a first encryption code;
distributing to the authorized user the first decryption code from which can be derived the first level-zero security information set for she hardware apparatus which is based on the first unique identification number to functionally enable the hardware apparatus;
programming the first unique identification number, the first decryption code, a copy of the second unique identification number and the first level-zero security information set into a memory location of the hardware apparatus;
inputting into the hardware apparatus the first encryption code which combines with the first decryption code to form a data string corresponding to the first level-zero security information set wherein at least one level of functionality of the hardware apparatus is disabled if the data string does not exactly match the first level-zero security information set;
verifying that the second unique identification number or the authorized local computer system exactly matches the copy of the second unique identification number programmed into the memory location of the hardware apparatus wherein at least one level of functionality of the hardware apparatus is disabled if the second unique identification number of the authorized local computer system that can be accessed by the hardware apparatus does not exactly match the copy of the second unique identification number programmed into the memory location of the hardware apparatus.
21. The method of Claim 20, further comprising the steps of:
separately distributing the first encryption code to the authorized user;
entering the first unique identification number, the first encryption code, and the first decryption code into the hardware apparatus; and combining the first encryption code and the first decryption code to form the data string corresponding to the first level-zero security information set through the use of an algorithm.
separately distributing the first encryption code to the authorized user;
entering the first unique identification number, the first encryption code, and the first decryption code into the hardware apparatus; and combining the first encryption code and the first decryption code to form the data string corresponding to the first level-zero security information set through the use of an algorithm.
22. The method of Claim 20, wherein the algorithm utilized to combine the first encryption code and the first decryption code is an adaptable encryption/ decryption algorithm.
23. The method of Claim 20, wherein the step of verifying the second unique identification number of the authorized local computer system further comprises verifying that the second unique identification number that can be accessed by the hardware apparatus exactly matches one cf a group of second unique identification codes wherein the group of second unique identification codes corresponds to a group of local computer systems wherein the group of second unique identification codes are programmed into a memory location of the hardware apparatus wherein at least one level of functionality of the hardware apparatus is disabled if the second unique identification number of the authorized local computer system that can be accessed by the hardware apparatus does not exactly match one of the group of second unique identification codes.
24. The method of Claim 20, wherein the hardware apparatus is a reconfigurable secure hardware apparatus.
25. A method of ensuring that a software application cannot be installed or executed on an unauthorized local computer system comprising the steps of:
establishing a data path between a hardware apparatus and a host computer system;
choosing an option to register the software application from a plurality of options offered by a software object operated on the host computer system;
transferring a unique identification number for the software application collected during the option to register the software application from the host computer system to a software vendor computer system containing a software registry database;
verifying the unique identification number entered for the software application matches information contained in the software registry database; and providing a software run code from the software vendor computer system to the local computer system via the host computer system wherein at least one level of functionality will be disabled if the unique identification number does not match information contained in the software registry database.
establishing a data path between a hardware apparatus and a host computer system;
choosing an option to register the software application from a plurality of options offered by a software object operated on the host computer system;
transferring a unique identification number for the software application collected during the option to register the software application from the host computer system to a software vendor computer system containing a software registry database;
verifying the unique identification number entered for the software application matches information contained in the software registry database; and providing a software run code from the software vendor computer system to the local computer system via the host computer system wherein at least one level of functionality will be disabled if the unique identification number does not match information contained in the software registry database.
26. The method of Claim 25, wherein the step of establishing a data path between the hardware apparatus and the host computer system comprises utilizing a local computer system which contains the hardware apparatus to navigate to an internet web site operated on the host computer system.
27. The method of Claim 25, wherein the data path between the hardware apparatus and the host computer system is contained within a secure connection.
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US6318897P | 1997-10-20 | 1997-10-20 | |
| US60/063,188 | 1997-10-20 | ||
| PCT/US1998/022062 WO1999021094A2 (en) | 1997-10-20 | 1998-10-19 | Reconfigurable secure hardware apparatus and method of operation |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2308755A1 true CA2308755A1 (en) | 1999-04-29 |
Family
ID=22047550
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA002308755A Abandoned CA2308755A1 (en) | 1997-10-20 | 1998-10-19 | Reconfigurable secure hardware apparatus and method of operation |
Country Status (4)
| Country | Link |
|---|---|
| EP (1) | EP1025503A4 (en) |
| CA (1) | CA2308755A1 (en) |
| TW (1) | TW456103B (en) |
| WO (1) | WO1999021094A2 (en) |
Families Citing this family (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6615344B1 (en) * | 1999-09-03 | 2003-09-02 | Infineon Technologies North America Corp. | System and method for tracking selectively enabling modules used in an integrated processor using a tracking register providing configuration information to an external pin |
| KR20000017956A (en) * | 1999-12-30 | 2000-04-06 | 김월영 | Security & Wildly Administration from Hardware-Lock |
| NL1014274C2 (en) * | 2000-02-03 | 2001-08-16 | Tele Atlas Bv | System for securing data present on a data carrier. |
| GB2363218A (en) * | 2000-06-07 | 2001-12-12 | Ubinetics Ltd | A method of accessing application data for a peripheral device |
| JP3874593B2 (en) * | 2000-06-12 | 2007-01-31 | 株式会社日立製作所 | Computer identification device |
| CA2420889A1 (en) * | 2000-09-01 | 2002-03-07 | Conleth Buckley | Method and system for preventing unwanted alterations of data and programs stored in a computer system |
| US20040128145A1 (en) * | 2000-10-26 | 2004-07-01 | Kenji Sato | Digital content selling method and system using communication network |
| US7962716B2 (en) | 2001-03-22 | 2011-06-14 | Qst Holdings, Inc. | Adaptive integrated circuitry with heterogeneous and reconfigurable matrices of diverse and adaptive computational units having fixed, application specific computational elements |
| US7653710B2 (en) | 2002-06-25 | 2010-01-26 | Qst Holdings, Llc. | Hardware task manager |
| US7752419B1 (en) | 2001-03-22 | 2010-07-06 | Qst Holdings, Llc | Method and system for managing hardware resources to implement system functions using an adaptive computing architecture |
| US7249242B2 (en) | 2002-10-28 | 2007-07-24 | Nvidia Corporation | Input pipeline registers for a node in an adaptive computing engine |
| US6836839B2 (en) | 2001-03-22 | 2004-12-28 | Quicksilver Technology, Inc. | Adaptive integrated circuitry with heterogeneous and reconfigurable matrices of diverse and adaptive computational units having fixed, application specific computational elements |
| US6577678B2 (en) | 2001-05-08 | 2003-06-10 | Quicksilver Technology | Method and system for reconfigurable channel coding |
| DE10139610A1 (en) * | 2001-08-11 | 2003-03-06 | Daimler Chrysler Ag | Universal computer architecture |
| US7046635B2 (en) * | 2001-11-28 | 2006-05-16 | Quicksilver Technology, Inc. | System for authorizing functionality in adaptable hardware devices |
| US8412915B2 (en) | 2001-11-30 | 2013-04-02 | Altera Corporation | Apparatus, system and method for configuration of adaptive integrated circuitry having heterogeneous computational elements |
| US6986021B2 (en) | 2001-11-30 | 2006-01-10 | Quick Silver Technology, Inc. | Apparatus, method, system and executable module for configuration and operation of adaptive integrated circuitry having fixed, application specific computational elements |
| US7215701B2 (en) | 2001-12-12 | 2007-05-08 | Sharad Sambhwani | Low I/O bandwidth method and system for implementing detection and identification of scrambling codes |
| US7403981B2 (en) | 2002-01-04 | 2008-07-22 | Quicksilver Technology, Inc. | Apparatus and method for adaptive multimedia reception and transmission in communication environments |
| JP3735300B2 (en) | 2002-01-31 | 2006-01-18 | 富士通株式会社 | Information recording / reproducing system capable of restricting access and access restriction method thereof |
| US7328414B1 (en) | 2003-05-13 | 2008-02-05 | Qst Holdings, Llc | Method and system for creating and programming an adaptive computing engine |
| US7660984B1 (en) | 2003-05-13 | 2010-02-09 | Quicksilver Technology | Method and system for achieving individualized protected space in an operating system |
| US8108656B2 (en) | 2002-08-29 | 2012-01-31 | Qst Holdings, Llc | Task definition for specifying resource requirements |
| US7937591B1 (en) | 2002-10-25 | 2011-05-03 | Qst Holdings, Llc | Method and system for providing a device which can be adapted on an ongoing basis |
| US8276135B2 (en) | 2002-11-07 | 2012-09-25 | Qst Holdings Llc | Profiling of software and circuit designs utilizing data operation analyses |
| US7225301B2 (en) | 2002-11-22 | 2007-05-29 | Quicksilver Technologies | External memory controller node |
| US7894606B2 (en) * | 2005-11-28 | 2011-02-22 | Panasonic Electric Works Co., Ltd. | Systems and methods for facilitating secure key distribution to an embedded device |
| CN112328975A (en) * | 2020-10-29 | 2021-02-05 | 上海金仕达软件科技有限公司 | Product software authorization management method, terminal device and medium |
Family Cites Families (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| AU3777593A (en) * | 1992-02-26 | 1993-09-13 | Paul C. Clark | System for protecting computers via intelligent tokens or smart cards |
| US5432934A (en) * | 1993-07-26 | 1995-07-11 | Gensym Corporation | Access restrictions as a means of configuring a user interface and making an application secure |
| US5473692A (en) * | 1994-09-07 | 1995-12-05 | Intel Corporation | Roving software license for a hardware agent |
| FR2736448B1 (en) * | 1995-07-05 | 1997-09-19 | Antonini Pierre | METHOD AND DEVICE FOR TEMPORARY AUTHORIZATION OF USE OF A PROGRAM PROTECTED BY AN ELECTRONIC CARTRIDGE |
| US5825876A (en) * | 1995-12-04 | 1998-10-20 | Northern Telecom | Time based availability to content of a storage medium |
| US5790664A (en) * | 1996-02-26 | 1998-08-04 | Network Engineering Software, Inc. | Automated system for management of licensed software |
-
1998
- 1998-10-19 WO PCT/US1998/022062 patent/WO1999021094A2/en not_active Application Discontinuation
- 1998-10-19 CA CA002308755A patent/CA2308755A1/en not_active Abandoned
- 1998-10-19 EP EP98953711A patent/EP1025503A4/en not_active Withdrawn
- 1998-10-20 TW TW87117334A patent/TW456103B/en active
Also Published As
| Publication number | Publication date |
|---|---|
| WO1999021094A2 (en) | 1999-04-29 |
| TW456103B (en) | 2001-09-21 |
| EP1025503A2 (en) | 2000-08-09 |
| EP1025503A4 (en) | 2002-03-27 |
| WO1999021094A3 (en) | 1999-07-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2308755A1 (en) | Reconfigurable secure hardware apparatus and method of operation | |
| White | ABYSS: ATrusted Architecture for Software Protection | |
| US6904527B1 (en) | Intellectual property protection in a programmable logic device | |
| CN1312876C (en) | Encrypted/deencrypted stored data by utilizing disaccessible only secret key | |
| US4817140A (en) | Software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocessor | |
| CN100354786C (en) | Open type general-purpose attack-resistant CPU and application system thereof | |
| CN100424678C (en) | System and method for authenticating software using hidden intermediate keys | |
| US9195806B1 (en) | Security server for configuring and programming secure microprocessors | |
| US7313828B2 (en) | Method and apparatus for protecting software against unauthorized use | |
| US6233567B1 (en) | Method and apparatus for software licensing electronically distributed programs | |
| US6704872B1 (en) | Processor with a function to prevent illegal execution of a program, an instruction executed by a processor and a method of preventing illegal execution of a program | |
| Maes et al. | A pay-per-use licensing scheme for hardware IP cores in recent SRAM-based FPGAs | |
| CN104252881B (en) | Semiconductor integrated circuit and system | |
| RU2289157C2 (en) | Method and system for distributed program development for programmable portable information medium | |
| US7096370B1 (en) | Data security for digital data storage | |
| US7975151B2 (en) | Decryption key table access control on ASIC or ASSP | |
| US20070055892A1 (en) | Concealment of information in electronic design automation | |
| US20040255119A1 (en) | Memory device and passcode generator | |
| US20080270805A1 (en) | Method for Protecting Intellectual Property Cores on Field Programmable Gate Array | |
| EP0266748B1 (en) | A software protection system using a single-key cryptosystem, a hardware-based authorization system and a secure coprocessor | |
| CN101142599A (en) | Digital rights management system based on hardware identification | |
| CN101523399A (en) | Methods and systems for modifying an integrity measurement based on user athentication | |
| US20090222927A1 (en) | Concealment of Information in Electronic Design Automation | |
| US7269259B1 (en) | Methods and apparatus for authenticating data as originating from a storage and processing device and for securing software and data stored on the storage and processing device | |
| Khan et al. | Utilizing and extending trusted execution environment in heterogeneous SoCs for a pay-per-device IP licensing scheme |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FZDE | Discontinued |