Abstract: A method and apparatus for securing a token from unauthorized use is disclosed. The method comprises the steps of receiving a first message transmitted from a host processing device and addressed to a PIN entry device according to a universal serial bus (USB) protocol; accepting a PIN entered into the PIN entry device; and transmitting a second message comprising at least a portion of the first message and the PIN from the PIN entry device to the token along a secure communication path.

Abstract: A method and/or system for providing grace licensing to disconnected network license users provides a server with a grace enabled license having a grace criteria, provides a client computer with an application operable with the grace enabled license, provides the grace enabled license from the server to the client computer when the client computer is communicatively connected to the server, and operates the application on the client computer according to the grace criteria when the client computer is disconnected from the server. The grace criteria can include a parameter(s) including a number of times the application is operable on a client computer when the client computer is disconnected from the server, a total number of hours the application is operable on a client computer when the client computer is disconnected, and/or a maximum number of days the application is operable on a client computer when the client computer is disconnected.

Abstract: A method of securing communications between a host computer and a token having a smart card processor, which token is communicatively coupled to the host computer via a USB-compliant interface, includes the steps of requesting token information when the token is coupled to the host computer, and initializing communications with the token, including establishing an encryption key between the token and the host computer. The encryption key is established between the token and the host computer by the steps of receiving a token public key Kpu from the token, encrypting a random key Kr with the token public key Kpu and transmitting the encrypted random key EKpu(Kr) to the token.

Abstract: A bending token for providing conditional access to data stored therein is disclosed. The token comprises a first member, for insertion into a USB-compliant host computer female connector along a first longitudinal axis, USB-compliant host computer female connector having a plurality of host conductive surfaces; a second member, disposed along a second longitudinal axis, the second member having a processor providing conditional access to data stored in a memory; a flexible conductor, electrically coupling the processor and the plurality of host conductive surfaces when the first member is inserted into the USB-compliant host computer female connector; and a bendable member, coupled to the first member and the second member, the bendable member permitting the second longitudinal axis rotated away from the first longitudinal axis.

Abstract: A method, apparatus, and article of manufacture for protecting a shelled computer program with a startup code featuring multiple-route execution. In one embodiment, the startup code comprises a sequence of tasks, collectively executing a startup code, wherein one or more of the tasks is selectably performed by one of a plurality of task code variations as selected by a selection code associated with the task.

Abstract: A method and apparatus for communicating information between a token and a host computer having a host computer operating system (OS) supplied inherent driver for communicating with an OS-supported USB-compliant device. The method comprising the steps of coupling to the host computer, and emulating the OS-supported USB-compliant device. In one embodiment, the step of emulating the OS-supported USB-compliant device comprises the steps of accepting a message from the OS-supplied inherent driver in the token, the message transmitted according to a format and protocol for the OS-supported USB-compliant device; generating a second message from the accepted first message; and providing a second message from the token to the OS-supplied inherent driver.

Abstract: A method and apparatus for secure authentication of a hardware token is disclosed. In one embodiment, a host computer fingerprint is used to generate a partial seed for a challenge-response authentication which is performed on the hardware token. In another embodiment, the host computer fingerprint is used as a personal identification number for the hardware token.

Abstract: A method and apparatus for booting a computer. The method comprises the steps of emulating a floppy disk drive communicatively coupled to a computer in a token via a USB-compatible interface, and booting the computer using the token. The apparatus comprises means for performing these functions, including a token with a processor having one or more memories storing processor instructions and data for performing the method steps. The memory may also securely store sensitive data.

Abstract: A “dual” personal key/token is disclosed. The “dual” personal key is useful for installing drivers and other command interfaces which allow the personal key to be coupled to and used with a host computer. In a first embodiment, the personal key operates as a USB hub, and reports two devices, a storage device and a personal key, to the host computer. In a second embodiment presents a single device, and different portions of the personal key are activated as required.

Abstract: A system and method in which the operating system of the user computer loads the software application and a DLL having a portion of the application execution code stored therein into memory is disclosed. At selected points during its execution, the software application calls the DLL to execute a portion of the application code that was saved into the DLL before delivery to the end user. Since this code is encrypted and the encryption key is stored in a hardware security device and not in the DLL or the software application, the application code portion cannot be executed without recovering the key.

Abstract: The computer-based software protection systems are provided using methods that improve the protection of vendor's software against unauthorized use. A code generator generates randomized protection code, which is then used to protect the application software. Because the code is unique for each protected software, potential crackers have to analyze and crack every instance of the protection, so that generic hack is almost impossible. Some embodiments of the present invention also randomize license verification module, add and randomize a specific anti-hacking code, and randomize the protection code execution sequence(s). The same embodiments can also select which instructions and how many instructions are randomized. Moreover, these embodiments select where the data is being stored, in which register, memory address and stack position, and also randomize variable offsets. Other embodiments of the present invention are used for interpreted code.

Abstract: A device that secures a token from unauthorized use is disclosed. The device comprises a user interface for accepting a personal identifier, a processor, communicatively coupled to the user interface device, and a token interface. The token interface includes a token interface IR emitter that produces an IR signal having information included in the PIN. The token IR emitter is coupled to the processor and is further communicatively coupled to a token IR sensor when the token is physically coupled with the token interface. The token interface also includes a shield, substantially opaque to the IR signal, for substantially confining the reception of the IR signal to the token IR sensor. In one embodiment, the shield substantially circumscribes the IR emitter. In another embodiment, the interface also comprises a token interface IR sensor, which allows communications from the token to the device as well.

Abstract: A method and apparatus for securing a token from unauthorized use is disclosed. The method comprises the steps of receiving a first message transmitted from a host processing device and addressed to a PIN entry device according to a universal serial bus (USB) protocol; accepting a PIN entered into the PIN entry device; and transmitting a second message comprising at least a portion of the first message and the PIN from the PIN entry device to the token along a secure communication path.

Abstract: Apparatus and method for discouraging computer theft. The apparatus and method requires that a password or other unique information be supplied to the computer before the computer BIOS routines can be completely executed. A BIOS memory storing the BIOS routines includes a security routine which will determine whether or not the required password entered by the user, or a known quantity read from an externally connected memory device is present. The security function stored within the BIOS memory also includes an administration function which permits the computer to be either placed in a locked state, thereby requiring password or the known quantity read from an externally connected memory device to be present each time the computer is booted up. The administration function also permits an unlock state which permits the computer boot up process to complete without entering any password or externally supplied quantity.

Abstract: A method of protecting computer software on installation is provided by providing an installation media containing an installation program supplied to the user along with an hardware security electrical device (HSED). The HSED must be connected to the user's computer before the software from the installation media can be entered on the user's computer. The HSED contains a variety of secret installation data which is used to install a program to be protected. In general the secret installation data is checked to see if a specific HSED is present and if it contains information to enable the installation process for that particular piece of software to continue. The exact nature of the secret installation data will depend on the process used for protection. The HSED is also used in a method of metering the amount of computer service used such that payment can be made at the time of delivery of the HSED to the end user.

Abstract: A method and system for secure distribution of protected data using elliptic curve systems includes a program to unlock software. The user obtains an encrypted unlocking code from a processing center and enters it into the unlocking program, which decrypts the message, yielding the unlocking code, then uses the unlocking code to unlock the software. To encrypt the unlocking code, the processing center selects an appropriate unlocking code using information received from the user, selects an elliptic curve to use, selects a first point on the elliptic curve having an index corresponding to the information to be encrypted, generates a delta key and a center key and the finite field inverse of the center key, selects a second point on the elliptic curve which is the product of the inverse of the center key and the first point, and generates an index of the second point, which, with the delta key, is the encrypted information.

Abstract: A method is provided for protecting distributed software which relies on a unique factor such as an accessible serial number or the generation of a profile or fingerprint of the computer of the user which is entered individually and/or with a random factor to generate a unique first key which will differ for different computers. The first key is sent to a processing center which then generates a second key. The user applies the second key which compares the unique and/or random factors. If the comparison matches, the first and second keys are used in an algorithm in the software to generate a decrypting key permitting the customer to purchase the selected program(s).