- Email: [email protected]
Protection of software
Protectionof software by NICK COOK
T
here is a natural desire within us to protect that which we see as ~ghtfully ours. This desire is challenged by a strong determination in some others to ‘cash in’ unlawfully on our property or the benefits of our labours. In modern Western society the observation applies, whether talking of property, riches, ideas or irmovations. Most aspects of ‘ownership’ are protected by law - but one area remaining with special problems is the computer software industry. Problems are logon across the spectrum of the industry - from games packages produced for the home microcomputer to sophisticated mainframe software packages that operate in most major computer installations. The temptation to ‘piracy’ of new software has been prompted Abstract: Software piracy is a problem not &y fw suppliers of software but alsofor BP ~~~ where ~~~~.ali~ of infmtkm is vital. The article discussesthe approach of both micro and mainframe sofreare sup#krs to software protection. The use of ‘do&es’ and cj%tgerprinting’are outlined and the usefulness of data encryptti to the DP manager is atgxed. data processing, computer sofceuare,sofrularepiracy, data encyptkm.
Km&:
Nick Cook is general manager, engineering, Petertmrough Software.
40
~11-684x/84/060040-02$03.00
0
by the high cost of software development. The threat of piracy has become a major concern for the whole of the software industry, which is now having to respond as best it can by creating obstacles to the unauthorized copying or use of its products. Every act of piracy diminishes the return accruing to the innovator for his/her skill and investment. Software products are not covered by patent laws. The intangible nature of computer software means that there is no physical design which could be patented. Copyright law is a better way of protecting programs. However, there are many ways of writing a program to produce the same result - so even program code subjected to copyright could be amended by pirates in such a way that much of the original content is still included, whilst obliterating totally the true origins of the program. Attempting to prove ownership of such an amended software package could prove an expensive and complex legal exercise.
Approaches to security It is not feasible for software producers to ensure their products are unassailable. The only realistic path they can take is to defend their property as best they can, making piracy as difficult as possible by in-
1984 Butterworth & Co (Publishers) Ltd.
corporating ‘obstacles’ into the overall design much as our medieval ancestors sur~~d~ their fortresses with high walls and deep moats of water. The approaches to security differ between the producers of microcomputer and mainframe software. Microcomputer software suppliers concentrate on preventing customers from physically copying programs, and on restricting the use of packages to one machine only. A common method for achieving this is through use of a ‘dongle’, involving both hardware and software. A hardware device containing a unique circuit pattern is plugged into one of the computer ports, and the corresponding piece of applications software checks for its presence whenever the program is loaded. The program will not run should the dongle not be present, or the pattern be incorrect. Ma~fr~e software suppliers, on the other hand, have to allow for multiple copies of the software to be made at a customer site - if only to allow safeguards for recovery in the event of machine failure or other disaster - and, therefore, have to evolve other techniques to protect their products. Some software houses only supply programs in object code format. Using the format in which the computer reads the programs, rather than the source code used to write them, immediately gives some security to the program. This is because it is considerably more difficult to amend object code, but it may also restrict legitimate access to the software. Lack of source code could present serious operational difficulties if an authorized change to the software is urgently required. The types of security most commonly written into programs are those which cause the software to fail at some predetermined date unless action is taken to extend the authorized usage, or to check the serial
data processing
policy number of the central processing unit in which it is running. Obviously, such checks are only as successful as the skill of the developer in hiding the validation routines amidst the program code performing more orthodox functions. Since it is relatively easy to amend a program so that it is apparently a different product, the original program supplier can have considerable difficulties in proving ownership.
Fingerprinting A common technique which helps with owner-identification is code ‘fingerprinting’. This involves entering a piece of program code into every part of the supplied system. Without detailed examination of each individual line of program code - and bearing in mind that a software product will consist of many thousands of lines - it would be extremely hard for a potential pirate to identify the fingerprint. Even an unintentional
Leasing IBM ~uipment ~~ti~~d
from page 39
France Leasing in France has been very difficult for many years as a result of credit restraints which make the establishing of a finance leasing operation somewhat difficult. Operating leasing still persists but the caution shown by lessors in this market has restrained growth. A weak franc has made France an attractive country in which to purchase second-user machines which, coupled with the fact that it is the second largest European market, has resulted in a pro~eration of local brokering companies in the last few years. Other European countries Most of the other EEC countries, together with Scandinavia and Switzerland, have local characteristics
~0126
no 6 july/august 1984
fingerprint such as a program ‘bug’ could help in identifying a program, if necessary. There is no foolproof protection that a supplier can apply to a product, and the increase in international use and marketing of software products mean that the task of catching potential pirates is being made an ever more difficult task. However, all major software suppliers are aware of the threat and are taking every possible action, not only to safeguard their products from piracy, but also to make them ‘secure’ information records for the authorized users.
Inhouse data encryption Once a software product is onsite, with the users, it is the responsibility of the company DP manager to ensure that information is made safe between one department and another. If confidential material needs to be protected from internal ‘prying’, it is a relatively
which have encouraged the growth of third party suppliers. Switzerland has low tax rates and a high incidence of purchased equipment. Denmark has a weak currency and a cooperative approach from IBM personnel. Sweden, throughout 1982 and 1983, provided substantial tax incentives, the rationale for which is still unclear, and Holland has had a local tax credit system which has allowed several foreign lessors to flourish. The decision as to whether to shortterm lease or buy in today’s environment is a function of many decisions of which the estimated length of equipment retention is only one. Budget constraints, sourcing or availability of the equipment, taxation factors and flexibility are only some of the inputs to be considered before committing to a particular strategy.
Summary The IBM
computer
leasing
and
easy task to code information to safeguard it. It is curious to note that few inhouse DP departments take the trouble to introduce data encryption, especially when considering that the very nature of the computer makes it the perfect tool for coding and decoding. With simple methods of encrypting data readily available - such as the use of algorithms with key access codes - there is no reason why DP managers should not encode their confidential records to safeguard their security against unauthorized use by other inhouse DP departments. The whole area of protecting software systems, and the data they store, from invasion and theft commands much experimentation and attention. The software industry continues its work in pursuit of solutions to the problem. 0 Peterborough Software (UK) Ltd, Borough House, Newark Road, Peterborough PEl SYJ, UK. Tel (0733) 41010.
brokerage industry has been established in Europe for about 17 years. There have been many watersheds, some of which have led forward and some to the doors of liquidators. In all probability the industry is approaching a new crossroads. The increasing internationalism of the business, changes in tax law, rapid increases in customer’s hardware requirements and above all IBM’s own marketing perspective ensures that the future is uncertain. By early 1985 the picture will be clearer. What is certain is that the third party supplier will need to be even tougher, more professional and creative in order to compete. The fact that we will survive and compete even more successfully is also inevitable. The intellectual and business talent within the industry is exceptionally strong and that alone will guarantee continued success. q United Leasing plc, 14 Welbeck Street, London Wl, UK. Tel: 01-935 7fO4.
41
T
here is a natural desire within us to protect that which we see as ~ghtfully ours. This desire is challenged by a strong determination in some others to ‘cash in’ unlawfully on our property or the benefits of our labours. In modern Western society the observation applies, whether talking of property, riches, ideas or irmovations. Most aspects of ‘ownership’ are protected by law - but one area remaining with special problems is the computer software industry. Problems are logon across the spectrum of the industry - from games packages produced for the home microcomputer to sophisticated mainframe software packages that operate in most major computer installations. The temptation to ‘piracy’ of new software has been prompted Abstract: Software piracy is a problem not &y fw suppliers of software but alsofor BP ~~~ where ~~~~.ali~ of infmtkm is vital. The article discussesthe approach of both micro and mainframe sofreare sup#krs to software protection. The use of ‘do&es’ and cj%tgerprinting’are outlined and the usefulness of data encryptti to the DP manager is atgxed. data processing, computer sofceuare,sofrularepiracy, data encyptkm.
Km&:
Nick Cook is general manager, engineering, Petertmrough Software.
40
~11-684x/84/060040-02$03.00
0
by the high cost of software development. The threat of piracy has become a major concern for the whole of the software industry, which is now having to respond as best it can by creating obstacles to the unauthorized copying or use of its products. Every act of piracy diminishes the return accruing to the innovator for his/her skill and investment. Software products are not covered by patent laws. The intangible nature of computer software means that there is no physical design which could be patented. Copyright law is a better way of protecting programs. However, there are many ways of writing a program to produce the same result - so even program code subjected to copyright could be amended by pirates in such a way that much of the original content is still included, whilst obliterating totally the true origins of the program. Attempting to prove ownership of such an amended software package could prove an expensive and complex legal exercise.
Approaches to security It is not feasible for software producers to ensure their products are unassailable. The only realistic path they can take is to defend their property as best they can, making piracy as difficult as possible by in-
1984 Butterworth & Co (Publishers) Ltd.
corporating ‘obstacles’ into the overall design much as our medieval ancestors sur~~d~ their fortresses with high walls and deep moats of water. The approaches to security differ between the producers of microcomputer and mainframe software. Microcomputer software suppliers concentrate on preventing customers from physically copying programs, and on restricting the use of packages to one machine only. A common method for achieving this is through use of a ‘dongle’, involving both hardware and software. A hardware device containing a unique circuit pattern is plugged into one of the computer ports, and the corresponding piece of applications software checks for its presence whenever the program is loaded. The program will not run should the dongle not be present, or the pattern be incorrect. Ma~fr~e software suppliers, on the other hand, have to allow for multiple copies of the software to be made at a customer site - if only to allow safeguards for recovery in the event of machine failure or other disaster - and, therefore, have to evolve other techniques to protect their products. Some software houses only supply programs in object code format. Using the format in which the computer reads the programs, rather than the source code used to write them, immediately gives some security to the program. This is because it is considerably more difficult to amend object code, but it may also restrict legitimate access to the software. Lack of source code could present serious operational difficulties if an authorized change to the software is urgently required. The types of security most commonly written into programs are those which cause the software to fail at some predetermined date unless action is taken to extend the authorized usage, or to check the serial
data processing
policy number of the central processing unit in which it is running. Obviously, such checks are only as successful as the skill of the developer in hiding the validation routines amidst the program code performing more orthodox functions. Since it is relatively easy to amend a program so that it is apparently a different product, the original program supplier can have considerable difficulties in proving ownership.
Fingerprinting A common technique which helps with owner-identification is code ‘fingerprinting’. This involves entering a piece of program code into every part of the supplied system. Without detailed examination of each individual line of program code - and bearing in mind that a software product will consist of many thousands of lines - it would be extremely hard for a potential pirate to identify the fingerprint. Even an unintentional
Leasing IBM ~uipment ~~ti~~d
from page 39
France Leasing in France has been very difficult for many years as a result of credit restraints which make the establishing of a finance leasing operation somewhat difficult. Operating leasing still persists but the caution shown by lessors in this market has restrained growth. A weak franc has made France an attractive country in which to purchase second-user machines which, coupled with the fact that it is the second largest European market, has resulted in a pro~eration of local brokering companies in the last few years. Other European countries Most of the other EEC countries, together with Scandinavia and Switzerland, have local characteristics
~0126
no 6 july/august 1984
fingerprint such as a program ‘bug’ could help in identifying a program, if necessary. There is no foolproof protection that a supplier can apply to a product, and the increase in international use and marketing of software products mean that the task of catching potential pirates is being made an ever more difficult task. However, all major software suppliers are aware of the threat and are taking every possible action, not only to safeguard their products from piracy, but also to make them ‘secure’ information records for the authorized users.
Inhouse data encryption Once a software product is onsite, with the users, it is the responsibility of the company DP manager to ensure that information is made safe between one department and another. If confidential material needs to be protected from internal ‘prying’, it is a relatively
which have encouraged the growth of third party suppliers. Switzerland has low tax rates and a high incidence of purchased equipment. Denmark has a weak currency and a cooperative approach from IBM personnel. Sweden, throughout 1982 and 1983, provided substantial tax incentives, the rationale for which is still unclear, and Holland has had a local tax credit system which has allowed several foreign lessors to flourish. The decision as to whether to shortterm lease or buy in today’s environment is a function of many decisions of which the estimated length of equipment retention is only one. Budget constraints, sourcing or availability of the equipment, taxation factors and flexibility are only some of the inputs to be considered before committing to a particular strategy.
Summary The IBM
computer
leasing
and
easy task to code information to safeguard it. It is curious to note that few inhouse DP departments take the trouble to introduce data encryption, especially when considering that the very nature of the computer makes it the perfect tool for coding and decoding. With simple methods of encrypting data readily available - such as the use of algorithms with key access codes - there is no reason why DP managers should not encode their confidential records to safeguard their security against unauthorized use by other inhouse DP departments. The whole area of protecting software systems, and the data they store, from invasion and theft commands much experimentation and attention. The software industry continues its work in pursuit of solutions to the problem. 0 Peterborough Software (UK) Ltd, Borough House, Newark Road, Peterborough PEl SYJ, UK. Tel (0733) 41010.
brokerage industry has been established in Europe for about 17 years. There have been many watersheds, some of which have led forward and some to the doors of liquidators. In all probability the industry is approaching a new crossroads. The increasing internationalism of the business, changes in tax law, rapid increases in customer’s hardware requirements and above all IBM’s own marketing perspective ensures that the future is uncertain. By early 1985 the picture will be clearer. What is certain is that the third party supplier will need to be even tougher, more professional and creative in order to compete. The fact that we will survive and compete even more successfully is also inevitable. The intellectual and business talent within the industry is exceptionally strong and that alone will guarantee continued success. q United Leasing plc, 14 Welbeck Street, London Wl, UK. Tel: 01-935 7fO4.
41