jhs@mitre-bedford.ARPA (01/27/88)
Several ideas (patents and actual products) have appeared in recent years that enforce copy protection not by appeal to honesty or the legal system but by providing a physical "doohickey" that has to be plugged in for the software to work. Such a device can be serial numbered and can use crypto- graphic techniques based on the serial number to enforce access to the software. It must perform a necessary function, so that the software actually *HAS* to access it, and get the right answer, which is a function of -- among other things -- the user's ID or serial number, in order for the program to function correctly. If "public key" cryptographic techniques are used, it should be feasible to make the contents of the "doohickey", including the cryptographic key, insensitive to discovery. I.e. the factory knows how to encrypt critical data and the doohickey knows how to decrypt it to get the necessary data values (branch addresses or whatever). I suggest that what the industry needs is a standard for just such a doohickey that can then be routinely sold to computer buyers. Some enterprising company could sell the things and maintain the registry of users, charging a fee to the software vendors. Software dealers could be given the wherewithal to customize a program to run with a given individual's doohickey. I.e. a sealed-up PC type workstation with a magic ROM in it, or whatever. Some details would need to be worked out, but what I am proposing is that the necessary thinking and haggling be done to select a workable standard and get it accepted by the industry. Then everybody who wants their software protected against ripoff could subscribe to the standard and anybody who wanted to run their software would have to buy the doohickey and give the dealer their serial number in order to get a working program. I think it would even be possible to sell programs that check the date and work only for, say, a month. Thus "evaluation" copies could be given away. This would probably require that the doohickey contain a realtime clock, but that should not add more than a couple of dollars to its cost. In my opinion, adoption of such a standard would solve all of the problems being lamented here, at relatively small cost to the consumer. Does anybody know if one of the standards-loving bodies such as IEEE or ANSI is in fact working on a software protection standard? -John Sangster / jhs@mitre-bedford.arpa
exodus@uop.edu (G.Onufer) (02/02/88)
There _could_ be a standard "doohickey" as the originator of this discussion wants... A company named Software Security has an add in Dr. Dobbs journal. They have a devie which plugs into the parrallel port of _any_ computer that has one (good for the ST's and such since a parallel port is standard equipment!). It does not interfere with normal parallel port use since it is daisy-chained (and even allows more then one such 'key' device in that chain!). Each 'key' has a number readable by software in it. Drawbacks: this company has it patented..they will make all the money. But since it is patented...pirates will have a helluva time making duplicates. Correct me if I am wrong, but patent laws are far more enforcable than Copyright laws!!! For info: Software Security, 870 High Ridge Rd, Stamford Connecticut 06905 203-329-8870 DISCLAIMER: I only saw their ad. I will not be making money off of this nor do I want to. In fact, although I think this is a great idea, I do not own the patents....so I could care less. Greg Onufer