Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site hp-pcd.UUCP
Path: utzoo!linus!decvax!harpo!seismo!hao!hplabs!hp-pcd!john
From: john@hp-pcd.UUCP (John Eaton)
Newsgroups: net.crypt
Subject: Re: Re: software piracy and coupons - (nf)
Message-ID: <2432@hp-pcd.UUCP>
Date: Sun, 13-Nov-83 03:27:15 EST
Article-I.D.: hp-pcd.2432
Posted: Sun Nov 13 03:27:15 1983
Date-Received: Mon, 14-Nov-83 09:55:33 EST
Sender: netnews@hp-pcd.UUCP
Organization: Hewlett-Packard, Corvallis OR
Lines: 30

#R:ariel:-51500:hp-pcd:42000003:000:1385
hp-pcd!john    Nov 12 22:36:00 1983

The easiest way to install serial numbers is with proms or eproms that most
pirates can find and duplicate. While not perfect it does limit your losses
to those who are willing to modify their hardware. The user who would bootleg
a program that could run on a unmodified machine might not do so if he had to
change his hardware.

To be truely effective, serial numbers should not reside in comercially 
available components and especially not in proms. The best method would be
to take a DES encryption IC and add a second key register to it. The first
key register would be the normal write only that allows you to encrypt 
different keys. The second would be a one time programmable (fused link) that
would be programmed with the units serial number. When a copy protected 
program is installed in a machine, it encrypts a number of bytes using the
units serial number as the key and saves the results. When running it can then
repeat this and self destruct if the results change.

One problem with this (and any other serial number scheme) is how do you handle
a failure of the serial number IC. Any scheme must make it hard for a pirate
to duplicate this IC but easy for a field repair center to do it. By the way,
I am now expecting some pirate to write in and tell me how easy it is to pop
the top off an IC and read the fused links using a SEM.


John Eaton

hplabs!hp-pcd!john