Protecting Soft IP

April 14, 2005
Much of the important intellectual property is soft, but it can be hard to protect.

When it comes to intellectual property (IP), software protection covers programs as well as content like music. Both can be easily copied and distributed electronically, which is good in most, but not all, instances. Programs and content can be easily modified, too, which presents another good/bad scenario. On top of that, anyone can use programs and content if they're in a suitable format.

Typically, protection, authentication, and encryption control how software IP is used. Protection can include encryption, but it also may involve copyrights, patents, and licensing. It can be addressed via legal means, as well as through additional hardware and software support. One extreme example of protection would be an actual locked box, while at the other extreme, digital rights management (DRM) systems employ encryption keys stored in a secure system on a chip (SoC).

Authentication comes into play in various ways. For example, a designer may want to remotely program a networked microcontroller. But the microcontroller's software may first require user authentication, user rights authentication, and authentication that the downloaded software wasn't modified. These operations can all take place securely on an open network like the Internet, even though the information is sent "in the clear." To keep the transaction from prying eyes, the information must be encrypted.

Hard Security Software-only solutions have been the norm, but the more-available hardware-based encryption is gaining in stature. It addresses problems that software can't solve alone.

Keep in mind that hardware-based security actually pinpoints two parts of the puzzle. The first involves secure storage and manipulation of keys needed for encryption on which authentication is based. The second is hardware acceleration required to perform the necessary encryption and decryption in a reasonable amount of time.

A number of different products are available. Atmel's Secure Memory devices store small amounts of information (typically only the keys themselves) in an EEPROM and perform password and authentication protection. M-Systems' DiskOnKey and DiskOnChip implement security to protect flash memory that may contain applications and data. Going even further is Cirrus Logic's ARM9 series of microcontrollers. Its security on-chip uses the Maverick Key memory and the MaverickCrunch encryption engine.

The Security Builder GSE crafted by Certicom is part of the company's Security Architecture software, which runs on top of secure hardware. It provides a standard interface for applications to the underlying encryption and key management hardware. Very few standards exist in this area, even though encryption methods like the Advanced Encryption Standard (AES) are well accepted.

Encrypted memory and enhanced processors enable applications to communicate securely, but they don't guarantee the operation of the software running on the processor. The Trusted Computing Group (TCG) is pushing one approach that guarantees such an operation. Hardware controls the initial system startup and then authenticates the operating system before it runs. Subsequently, the trusted operating system can use the hardware for further communication and program execution. Not everyone is enthralled with TCG's "trusted computing," but some type of secure system will emerge in the near future. At this point, TCG implementations have the edge.

Securing Transmission Regardless of how trusted the underlying system is, secure communication is where it's at. Secure sockets layer (SSL) and IPsec (that's Internet Protocol, not intellectual property) are used to implement virtual-private-network (VPN) connections. These protocols are standardized, and a host of products are available to take advantage of them. Performance Technology's PMC8300 storage and security accelerator module is an example of the latest technology designed to handle high-bandwidth, secure transmissions.

Software can be secured through encryption. Some microprocessors take this a step further by preventing prying eyes from getting a peek, even if the packaging is breached. These processors are primarily found in smart cards.

Software protection of a different kind can be handled using copyrights, patents, and licensing, in addition to the usual trade-secret approach. Open-source licenses like the General Public License (GPL) protect software if the intent is to keep changes public. The Open Source Initiative is a strong source of information for a range of open-source licenses.

Remember, not all secrets are good.

About the Author

William G. Wong | Senior Content Director - Electronic Design and Microwaves & RF

I am Editor of Electronic Design focusing on embedded, software, and systems. As Senior Content Director, I also manage Microwaves & RF and I work with a great team of editors to provide engineers, programmers, developers and technical managers with interesting and useful articles and videos on a regular basis. Check out our free newsletters to see the latest content.

You can send press releases for new products for possible coverage on the website. I am also interested in receiving contributed articles for publishing on our website. Use our template and send to me along with a signed release form. 

Check out my blog, AltEmbedded on Electronic Design, as well as his latest articles on this site that are listed below. 

You can visit my social media via these links:

I earned a Bachelor of Electrical Engineering at the Georgia Institute of Technology and a Masters in Computer Science from Rutgers University. I still do a bit of programming using everything from C and C++ to Rust and Ada/SPARK. I do a bit of PHP programming for Drupal websites. I have posted a few Drupal modules.  

I still get a hand on software and electronic hardware. Some of this can be found on our Kit Close-Up video series. You can also see me on many of our TechXchange Talk videos. I am interested in a range of projects from robotics to artificial intelligence. 

Sponsored Recommendations

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!