Browse Prior Art Database

Concealing Data within Executable Code

IP.com Disclosure Number: IPCOM000112765D
Original Publication Date: 1994-Jun-01
Included in the Prior Art Database: 2005-Mar-27
Document File: 2 page(s) / 64K

Publishing Venue

IBM

Related People

Key, A: AUTHOR [+2]

Abstract

Disclosed is a method of concealing data by encoding a bit string within a compiled program, e.g., to allow infringing copies to be detected by means of fingerprints. Novelty is by the choice of instructions, using alternative operand types, and the way the bit string is set/reset. A conventional difficulty of distinguishing between code, where the technique can be applied, and data where it cannot, works to the advantage of the legitimate owner of the program, since typically only they will know the respective locations of the code and data.

This text was extracted from an ASCII text file.
This is the abbreviated version, containing approximately 52% of the total text.

Concealing Data within Executable Code

      Disclosed is a method of concealing data by encoding a bit
string within a compiled program, e.g., to allow infringing copies to
be detected by means of fingerprints.  Novelty is by the choice of
instructions, using alternative operand types, and the way the bit
string is set/reset.   A conventional difficulty of distinguishing
between code, where the technique can be applied, and data where it
cannot, works to the advantage of the legitimate owner of the
program, since typically only they will know the respective locations
of the code and data.

      It is common practice to conceal 'fingerprints' within software
products to prevent competitors copying all or part of the software
and selling it as their own.  In a court of law the original author
can extract his own copyright message, or other fingerprint, from the
competitors product, thus proving that the competitor has copied the
code.  The justification being, that a competitor, had they written
the code themselves, would not have added a fingerprint identifying
the work as being someone elses.   Ideally the fingerprint should not
increase the disk or memory requirements of the product, as this may
result in the need to ship more disks in the product, and so make
production costs higher, or eliminate machines with smaller amounts
of memory from the target audience.

      On Intel 8086 and follow on processors, many machine code
instructions are of the form:

             op   r,r/m

             op   r/m,r
 op can be MOV, ADD, ADC, OR, XOR, CMP, ...  etc...
 r means register operand, such as AX,BX,SI,AL, etc...
 m means memory operand, such as [SI],{BX+SI], [offset], etc...
 r/m means register or memory operand.

 ...