[go: up one dir, main page]

CN105224829B - Embedded system and content protection method - Google Patents

Embedded system and content protection method Download PDF

Info

Publication number
CN105224829B
CN105224829B CN201410259364.1A CN201410259364A CN105224829B CN 105224829 B CN105224829 B CN 105224829B CN 201410259364 A CN201410259364 A CN 201410259364A CN 105224829 B CN105224829 B CN 105224829B
Authority
CN
China
Prior art keywords
key
embedded system
embedded
function
content protecting
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201410259364.1A
Other languages
Chinese (zh)
Other versions
CN105224829A (en
Inventor
谢思谦
阮腾辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Weintek Labs Inc
Original Assignee
Weintek Labs Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Weintek Labs Inc filed Critical Weintek Labs Inc
Priority to CN201410259364.1A priority Critical patent/CN105224829B/en
Publication of CN105224829A publication Critical patent/CN105224829A/en
Application granted granted Critical
Publication of CN105224829B publication Critical patent/CN105224829B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

本发明是有关于一种具内容保护能力的嵌入式系统,包含安全集成电路,设有识别钥储存装置,用以储存识别钥;及系统装置,设有系统钥储存装置,用以储存系统钥。系统钥是由识别钥与功能数组进行数学运算而得到。当嵌入式系统要启动功能时,将识别钥与系统钥进行数学运算,因而得到功能数组,据以启动所需求的所述功能。

The present invention relates to an embedded system with content protection capability, comprising a security integrated circuit, provided with an identification key storage device for storing an identification key; and a system device, provided with a system key storage device for storing a system key. The system key is obtained by performing mathematical operations on the identification key and a function array. When the embedded system is to activate a function, the identification key and the system key are mathematically operated to obtain a function array, thereby activating the required function.

Description

嵌入式系统及内容保护方法Embedded system and content protection method

技术领域technical field

本发明是涉及一种内容保护机制,特别是涉及一种嵌入式系统的软件保护架构。The invention relates to a content protection mechanism, in particular to a software protection architecture of an embedded system.

背景技术Background technique

由于软件开发的成本一般较大于硬件,因此需要使用适当的机制来保护软件,以降低软件被非法使用或复制。图1A显示一种传统的软件保护机制,对于某软件功能(或版本)A会有一对应的通行码A。当通行码A被确认为有效时,才能启动软件功能A。当软件升级为功能B时,如图1B所示,则需要另一对应的新通行码B才能启动软件功能B。用户必须将系统送回工厂以更换为新通行码B,因此造成成本的增加及使用者的不便。Since the cost of software development is generally greater than that of hardware, it is necessary to use appropriate mechanisms to protect software to reduce illegal use or copying of software. FIG. 1A shows a traditional software protection mechanism. For a certain software function (or version) A, there is a corresponding passcode A. As shown in FIG. When the pass code A is confirmed as valid, the software function A can be started. When the software is upgraded to function B, as shown in FIG. 1B , another corresponding new passcode B is needed to start the software function B. The user has to send the system back to the factory to replace it with the new passcode B, thus causing increased cost and inconvenience to the user.

为了改善上述的传统软件保护机制(图1A、图1B)当中,用户需将系统送回工厂的不便利,因此有另一种软件保护机制的提出,如图2所例示。在此种软件保护机制中,用户仅使用单一通行码C,不同的软件功能储存有不同的相应码。如果系统内为软件功能C1,当通行码C被确认为有效时,即会启动软件功能C1;如果系统内为软件功能C2,当通行码C被确认为有效时,即会启动软件功能C2。对于图2所示的软件保护机制,软件盗版者(亦即,未合法购买升级软件功能C2者)很容易藉由复制软件功能C2并配合原来的通行码C而非法使用软件功能C2。In order to improve the above-mentioned traditional software protection mechanism ( FIG. 1A , FIG. 1B ), the user needs to send the system back to the factory, so another software protection mechanism is proposed, as shown in FIG. 2 . In this software protection mechanism, the user only uses a single passcode C, and different software functions store different corresponding codes. If the system is software function C1, when the passcode C is confirmed to be valid, the software function C1 will be activated; if the system is software function C2, when the passcode C is confirmed to be valid, the software function C2 will be activated. For the software protection mechanism shown in FIG. 2 , software pirates (that is, those who have not legally purchased and upgraded the software function C2) can easily illegally use the software function C2 by copying the software function C2 and matching the original passcode C.

鉴于传统软件保护机制无法有效防止软件被非法使用或复制,因此亟需提出一种新颖的软件保护机制,以改善传统软件保护机制的缺点。Since traditional software protection mechanisms cannot effectively prevent software from being illegally used or copied, it is urgent to propose a novel software protection mechanism to improve the shortcomings of traditional software protection mechanisms.

有鉴于上述现有的软件保护机制存在的问题,本发明人基于从事此类产品设计制造多年丰富的实务经验及专业知识,并配合学理的运用,积极加以研究创新,以期创设一种新的嵌入式系统及内容保护方法,能够改进一般现有的软件保护机制,使其更具有实用性。经过不断的研究、设计,并经过反复试作样品及改进后,终于创设出确具实用价值的本发明。In view of the problems existing in the above-mentioned existing software protection mechanism, the inventor actively researches and innovates based on years of rich practical experience and professional knowledge engaged in the design and manufacture of such products, and cooperates with the application of academic theories, in order to create a new embedded system. The system and content protection method can improve the general existing software protection mechanism and make it more practical. Through continuous research, design, and after repeated trial samples and improvements, the present invention with practical value is finally created.

发明内容Contents of the invention

鉴于上述,本发明的主要目的在于,克服现有的软件保护机制存在的问题,而提出一种具内容保护能力的嵌入式系统,所要解决的技术问题是防止内容被盗用。In view of the above, the main purpose of the present invention is to overcome the problems existing in the existing software protection mechanism, and propose an embedded system with content protection capability, and the technical problem to be solved is to prevent the content from being embezzled.

本发明的目的及解决其技术问题是采用以下技术方案来实现的。依据本发明提出的一种具内容保护能力的嵌入式系统,包含安全集成电路及系统装置。安全集成电路设有识别钥储存装置,用以储存识别钥。系统装置设有系统钥储存装置,用以储存系统钥。其中系统钥系由识别钥与功能数组进行数学运算而得到,该功能数组代表嵌入式系统所需求的一或多个功能。当嵌入式系统要启动所述功能时,将识别钥与系统钥进行另一次数学运算,因而得到功能数组,据以启动所需求的所述功能。The purpose of the present invention and the solution to its technical problems are achieved by adopting the following technical solutions. An embedded system with content protection capability proposed according to the present invention includes a security integrated circuit and a system device. The security integrated circuit is provided with an identification key storage device for storing the identification key. The system device is provided with a system key storage device for storing the system key. The system key is obtained by performing mathematical operations on the identification key and the function array, and the function array represents one or more functions required by the embedded system. When the embedded system wants to activate the function, another mathematical operation is performed on the identification key and the system key to obtain a function array, and the required function is activated accordingly.

本发明的目的及解决其技术问题还可采用以下技术措施进一步实现。The purpose of the present invention and its technical problems can also be further realized by adopting the following technical measures.

前述的具内容保护能力的嵌入式系统,其中该识别钥储存装置包含光罩只读存储器或单次可编程内存。In the aforementioned embedded system with content protection capability, the identification key storage device includes a mask read-only memory or a one-time programmable memory.

前述的具内容保护能力的嵌入式系统,其中系统钥储存装置包含闪存或电子可抹除可程序只读存储器。In the aforementioned embedded system with content protection capability, the system key storage device includes a flash memory or an electronically erasable programmable read-only memory.

前述的具内容保护能力的嵌入式系统,其中该内容包含软件。In the aforementioned embedded system with content protection capability, the content includes software.

前述的具内容保护能力的嵌入式系统,其中为了得到该系统钥所进行的数学运算及为了得到该功能数组所进行的另一次数学运算包含加密运算。In the aforementioned embedded system with content protection capability, the mathematical operation performed to obtain the system key and another mathematical operation performed to obtain the function array include encryption operations.

前述的具内容保护能力的嵌入式系统,其中该功能数组表示为二进制数值,并以位元位置表示所述功能的有效性。In the aforementioned embedded system with content protection capability, the function array is expressed as a binary value, and the validity of the function is represented by a bit position.

前述的具内容保护能力的嵌入式系统,更包含:该嵌入式系统检查该安全集成电路是否存在。The aforementioned embedded system with content protection capability further includes: the embedded system checks whether the security integrated circuit exists.

前述的具内容保护能力的嵌入式系统,其中为了得到该功能数组而进行的另一次数学运算的步骤更包含:检视为了得到该功能数组而进行的另一次数学运算所得到的功能数组是否为正确。In the aforementioned embedded system with content protection capability, the step of performing another mathematical operation to obtain the functional array further includes: checking whether the functional array obtained by performing another mathematical operation to obtain the functional array is correct .

前述的具内容保护能力的嵌入式系统,其中不同嵌入式系统的识别钥彼此不同,且系统钥也彼此不同。In the aforementioned embedded system with content protection capability, the identification keys of different embedded systems are different from each other, and the system keys are also different from each other.

前述的具内容保护能力的嵌入式系统,其中同一嵌入式系统的识别钥为固定不变,且其系统钥会因软件升级后而改变。In the aforementioned embedded system with content protection capability, the identification key of the same embedded system is fixed, and its system key will be changed after software upgrade.

本发明的目的及解决其技术问题还采用以下技术方案来实现。依据本发明提出的一种嵌入式系统的内容保护方法,包含:将识别钥与功能数组进行数学运算以得到系统钥,该功能数组代表该嵌入式系统所需求的一或多个功能;储存该识别钥在安全集成电路内;储存该系统钥在系统装置内;及当该嵌入式系统要启动所述功能时,将该识别钥与该系统钥进行另一次数学运算,因而得到该功能数组,据以启动所需求的所述功能。The purpose of the present invention and the solution to its technical problem also adopt the following technical solutions to achieve. A content protection method for an embedded system according to the present invention includes: performing a mathematical operation on an identification key and a function array to obtain a system key, the function array representing one or more functions required by the embedded system; storing the the identification key is in the security integrated circuit; the system key is stored in the system device; and when the embedded system is to activate the function, another mathematical operation is performed on the identification key and the system key, thereby obtaining the function array, Accordingly, the required function is activated.

本发明的目的及解决其技术问题还可采用以下技术措施进一步实现。The purpose of the present invention and its technical problems can also be further realized by adopting the following technical measures.

前述的嵌入式系统的内容保护方法,其中该识别钥储存于光罩只读存储器或单次可编程内存。In the foregoing content protection method for an embedded system, the identification key is stored in a mask read-only memory or a one-time programmable memory.

前述的嵌入式系统的内容保护方法,其中该系统钥储存于闪存或电子可抹除可程序只读存储器。In the aforementioned content protection method for an embedded system, the system key is stored in a flash memory or an electronically erasable programmable read-only memory.

前述的嵌入式系统的内容保护方法,其中该内容包含软件。The foregoing content protection method for an embedded system, wherein the content includes software.

前述的嵌入式系统的内容保护方法,其中为了得到该系统钥所进行的数学运算及为了得到该功能数组所进行的另一次数学运算包含加密运算。In the foregoing content protection method for an embedded system, the mathematical operation performed to obtain the system key and another mathematical operation performed to obtain the functional array include encryption operations.

前述的嵌入式系统的内容保护方法,其中该功能数组表示为二进制数值,并以位元位置表示所述功能的有效性。In the aforementioned content protection method for an embedded system, the function array is expressed as a binary value, and the validity of the function is represented by a bit position.

前述的嵌入式系统的内容保护方法,更包含:该嵌入式系统检查该安全集成电路是否存在。The foregoing content protection method for an embedded system further includes: the embedded system checks whether the security integrated circuit exists.

前述的嵌入式系统的内容保护方法,其中为了得到该功能数组而进行的另一次数学运算的步骤更包含:检视为了得到该功能数组而进行的另一次数学运算所得到的功能数组是否为正确。In the aforementioned content protection method for an embedded system, the step of performing another mathematical operation to obtain the functional array further includes: checking whether the functional array obtained by performing another mathematical operation to obtain the functional array is correct.

前述的嵌入式系统的内容保护方法,其中不同嵌入式系统的识别钥彼此不同,且系统钥也彼此不同。In the aforementioned content protection method for embedded systems, the identification keys of different embedded systems are different from each other, and the system keys are also different from each other.

前述的嵌入式系统的内容保护方法,其中同一嵌入式系统的识别钥为固定不变,且其系统钥会因软件升级后而改变。In the aforementioned content protection method for an embedded system, the identification key of the same embedded system is fixed, and its system key will be changed after software upgrade.

本发明与现有技术相比具有明显的优点和有益效果。借由上述技术方案,本发明嵌入式系统及内容保护方法至少具有下列优点及有益效果:本发明将识别钥与功能数组进行数学运算以得到系统钥。当嵌入式系统要启动功能时,将识别钥与系统钥进行数学运算可得到功能数组,据以启动用户所需求的功能。由于不同的嵌入式系统中储存有不同的识别钥与系统钥,因而可以防止内容被盗用。此外,当进行升级时,使用者不需要更换识别钥而可直接使用升级后的功能。Compared with the prior art, the present invention has obvious advantages and beneficial effects. By virtue of the above technical solution, the embedded system and content protection method of the present invention have at least the following advantages and beneficial effects: The present invention performs mathematical operations on the identification key and the function array to obtain the system key. When the embedded system wants to start a function, the function array can be obtained by performing mathematical operations on the identification key and the system key, so as to start the function required by the user. Since different identification keys and system keys are stored in different embedded systems, content can be prevented from being embezzled. In addition, when upgrading, the user does not need to change the identification key and can directly use the upgraded function.

上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其他目的、特征和优点能够更明显易懂,以下特举较佳实施例,并配合附图,详细说明如下。The above description is only an overview of the technical solution of the present invention. In order to better understand the technical means of the present invention, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and understandable , the following preferred embodiments are specifically cited, and in conjunction with the accompanying drawings, the detailed description is as follows.

附图说明Description of drawings

图1A与图1B显示一种传统的软件保护机制。FIG. 1A and FIG. 1B show a traditional software protection mechanism.

图2显示另一种传统的软件保护机制。Figure 2 shows another traditional software protection mechanism.

图3A显示本发明实施例的嵌入式系统的系统方框图。FIG. 3A shows a system block diagram of an embedded system according to an embodiment of the present invention.

图3B例示于图3A的识别钥储存装置内储存有识别钥,而在系统钥储存装置内储存有系统钥。FIG. 3B illustrates that the identification key is stored in the identification key storage device in FIG. 3A , and the system key is stored in the system key storage device.

图3C显示识别钥与系统钥的相应关系。FIG. 3C shows the corresponding relationship between the identification key and the system key.

图4显示本发明实施例的嵌入式系统的内容保护方法的流程图。FIG. 4 shows a flowchart of a content protection method for an embedded system according to an embodiment of the present invention.

图5分别例示三个用户的嵌入式系统的系统方框图。FIG. 5 illustrates system block diagrams of embedded systems of three users respectively.

图6例示本实施例的嵌入式系统应用于软件升级的系统方框图。FIG. 6 illustrates a system block diagram of the embedded system of this embodiment applied to software upgrades.

【主要元件符号说明】[Description of main component symbols]

300:嵌入式系统 300X:嵌入式系统300: Embedded Systems 300X: Embedded Systems

300Y:嵌入式系统 300Z:嵌入式系统300Y: Embedded System 300Z: Embedded System

31:安全集成电路 311:识别钥储存装置31: Security integrated circuit 311: Identification key storage device

32:系统装置 321:系统钥储存装置32: system device 321: system key storage device

41:安全集成电路是否存在 42:数学运算41: Whether the safety integrated circuit exists or not 42: Mathematical operation

43:运算结果是否正确 44:判断软件的功能43: Whether the operation result is correct or not 44: Judging the function of the software

具体实施方式detailed description

为更进一步阐述本发明为达成预定发明目的所采取的技术手段及功效,以下结合附图及较佳实施例,对依据本发明提出的嵌入式系统及内容保护方法其具体实施方式、方法、特征及其功效,详细说明如后。In order to further explain the technical means and effects of the present invention to achieve the intended purpose of the invention, the specific implementation methods, methods, and features of the embedded system and content protection method proposed according to the present invention will be described below in conjunction with the accompanying drawings and preferred embodiments. and its efficacy are described in detail below.

图3A显示本发明实施例的嵌入式(embedded)系统300的系统方框图,其具有保护内容(例如软件)的能力。在本实施例中,嵌入式系统300主要包含安全集成电路(securityIC)31与系统装置32。虽然图3A所示的安全集成电路31与系统装置32为分开的,然而,其也可以整合在一起。FIG. 3A shows a system block diagram of an embedded system 300 according to an embodiment of the present invention, which has the capability of protecting content (eg, software). In this embodiment, the embedded system 300 mainly includes a security integrated circuit (securityIC) 31 and a system device 32 . Although the security integrated circuit 31 and the system device 32 shown in FIG. 3A are separated, they can also be integrated together.

安全集成电路31包含有识别钥(ID key)储存装置311,用以储存识别钥。系统装置32包含有系统钥(system key)储存装置321,用以储存系统钥,其相应于识别钥。在本实施例中,识别钥储存装置311可使用光罩只读存储器(Mask ROM)来实施,或者使用单次可编程(one time programming,OTP)内存来实施。系统钥储存装置321可使用闪存(flash)或电子可抹除可程序只读存储器(EEPROM)来实施。The security integrated circuit 31 includes an identification key (ID key) storage device 311 for storing the identification key. The system device 32 includes a system key storage device 321 for storing the system key, which corresponds to the identification key. In this embodiment, the identification key storage device 311 can be implemented using a mask read-only memory (Mask ROM), or a one-time programmable (one time programming, OTP) memory. The system key storage device 321 can be implemented using a flash memory (flash) or an electronically erasable programmable read-only memory (EEPROM).

图3B例示于识别钥储存装置311内储存有识别钥A,而在系统钥储存装置321内储存有系统钥B。本实施例的识别钥A与系统钥B具有相应关系,但是,一般来说,两者的内容是相异的。图3C显示识别钥A与系统钥B的相应关系。详而言之,根据使用者所需求的一或多个功能F0、F1、F2…Fn,因而指派得到功能数组(function array),其可使用二进制数值来表示。例如,如果用户需求功能F0、F1与F4,则功能数组的值可表示为00…0010011(位0、1、4为“1”,而其他位为“0”)。换句话说,功能数组表示为二进制数值,并以位元位置表示所述功能的有效性。将功能数组与识别钥A进行数学运算,例如加密(encryption)运算,因而得到系统钥B。当嵌入式系统300要启动软件功能时,将识别钥A与系统钥B进行数学运算,例如加密运算,因而可以得到功能数组,据以启动用户所需求的一或多个软件功能。FIG. 3B shows that the identification key A is stored in the identification key storage device 311 , and the system key B is stored in the system key storage device 321 . The identification key A in this embodiment has a corresponding relationship with the system key B, but generally speaking, the contents of the two are different. FIG. 3C shows the corresponding relationship between the identification key A and the system key B. In detail, according to one or more functions F0, F1, F2...Fn required by the user, a function array (function array) is assigned, which can be represented by binary values. For example, if the user requires functions F0, F1 and F4, the value of the function array can be expressed as 00...0010011 (bits 0, 1, 4 are "1", and other bits are "0"). In other words, an array of functions is represented as a binary value with a bit position indicating the availability of said function. Mathematical operations, such as encryption operations, are performed on the function array and the identification key A, thereby obtaining the system key B. When the embedded system 300 wants to activate software functions, the identification key A and the system key B are subjected to mathematical operations, such as encryption operations, so that a function array can be obtained to activate one or more software functions required by the user.

图4显示本发明实施例的嵌入式系统300的内容保护方法的流程图。系统装置32在执行软件之前,在步骤41检查安全集成电路31是否存在。如果存在,则进入步骤42,使用算法(algorithm),例如加密算法,对识别钥A与系统钥B进行数学运算。接着,在步骤43,检视数学运算结果(亦即,功能数组)是否为正确。例如,检视循环冗余检查码(cyclicredundancy check,CRC))是否为正确。如果为正确,则进入步骤44,根据(步骤42的)数学运算结果,以判断使用者需求的为哪一种或多种软件功能。举例而言,如果步骤42所得到的数学运算结果的二进制数值表示为“00…0010011”,经检视其位0、1、4为“1”,因而得知需求的软件功能为F0、F1与F4。FIG. 4 shows a flow chart of the content protection method of the embedded system 300 according to the embodiment of the present invention. Before executing the software, the system device 32 checks in step 41 whether the security integrated circuit 31 is present. If it exists, go to step 42 and use an algorithm, such as an encryption algorithm, to perform mathematical operations on the identification key A and the system key B. Next, in step 43, it is checked whether the result of the mathematical operation (that is, the function array) is correct. For example, it is checked whether the cyclic redundancy check code (cyclic redundancy check, CRC) is correct. If it is correct, then enter step 44, according to the mathematical operation result (in step 42), to judge which one or more software functions the user needs. For example, if the binary value of the mathematical operation result obtained in step 42 is represented as "00...0010011", after checking that the bits 0, 1, and 4 are "1", it is known that the required software functions are F0, F1 and F4.

图5分别例示三个使用者X、Y、Z的嵌入式系统300X、300Y、300Z的系统方框图。在这个例子中,使用者X的识别钥储存装置311储存有识别钥A1,而系统钥储存装置321则储存有相应的系统钥B1。用户Y的识别钥储存装置311储存有识别钥A2,而系统钥储存装置321则储存有相应的系统钥B2。用户Z的识别钥储存装置311储存有识别钥A3,而系统钥储存装置321则储存有相应的系统钥B3。一般来说,识别钥A1、A2、A3彼此不同,且系统钥B1、B2、B3也彼此不同。根据图5所例示的实施例,由于不同的嵌入式系统300X、300Y、300Z中储存有不同的识别钥与系统钥,因此软件盗版者无法借由复制他人的系统钥或软件功能而非法使用软件。FIG. 5 illustrates system block diagrams of embedded systems 300X, 300Y, and 300Z of three users X, Y, and Z, respectively. In this example, the identification key storage device 311 of the user X stores the identification key A1, and the system key storage device 321 stores the corresponding system key B1. The identification key storage device 311 of the user Y stores the identification key A2, and the system key storage device 321 stores the corresponding system key B2. The identification key storage device 311 of the user Z stores the identification key A3, and the system key storage device 321 stores the corresponding system key B3. Generally, the identification keys A1, A2, A3 are different from each other, and the system keys B1, B2, B3 are also different from each other. According to the embodiment illustrated in FIG. 5 , since different identification keys and system keys are stored in different embedded systems 300X, 300Y, and 300Z, software pirates cannot illegally use the software by copying other people's system keys or software functions. .

图6例示本实施例的嵌入式系统300应用于软件升级的系统方框图。在这个例子中,软件功能FI的相应系统钥为B1,而升级后的软件功能FII的相应系统钥为B2。当用户合法升级后,其系统钥储存装置321将改为储存系统钥B2,然而识别钥储存装置311仍然储存原来的识别钥A1。FIG. 6 illustrates a system block diagram of the embedded system 300 of this embodiment applied to software upgrades. In this example, the corresponding system key of the software function FI is B1, and the corresponding system key of the upgraded software function FII is B2. When the user legally upgrades, the system key storage device 321 will store the system key B2 instead, but the identification key storage device 311 still stores the original identification key A1.

根据图6所示实施例,当进行软件升级时,用户不需要更换识别钥(亦即,不需要将嵌入式系统300送回工厂以替换安全集成电路31),而可直接使用升级后的软件功能。此外,如前所述,由于不同的嵌入式系统储存有不同的识别钥与系统钥,因此软件盗版者(亦即,未合法购买升级软件功能者)不容易借由复制而轻易盗用软件。According to the embodiment shown in Figure 6, when performing software upgrades, the user does not need to change the identification key (that is, does not need to send the embedded system 300 back to the factory to replace the security integrated circuit 31), but can directly use the upgraded software Function. In addition, as mentioned above, because different embedded systems store different identification keys and system keys, software pirates (that is, those who have not legally purchased upgrade software functions) are not easy to steal software by copying.

以上所述,仅是本发明的较佳实施例而已,并非对本发明作任何形式上的限制,虽然本发明已以较佳实施例揭露如上,然而并非用以限定本发明,任何熟悉本专业的技术人员,在不脱离本发明技术方案范围内,当可利用上述揭示的技术内容作出些许更动或修饰为等同变化的等效实施例,但凡是未脱离本发明技术方案的内容,依据本发明的技术实质对以上实施例所作的任何简单修改、等同变化与修饰,均仍属于本发明技术方案的范围内。The above description is only a preferred embodiment of the present invention, and does not limit the present invention in any form. Although the present invention has been disclosed as above with preferred embodiments, it is not intended to limit the present invention. Anyone familiar with this field Those skilled in the art, without departing from the scope of the technical solution of the present invention, can use the technical content disclosed above to make some changes or modify them into equivalent embodiments with equivalent changes, but any content that does not depart from the technical solution of the present invention, according to the present invention Any simple modifications, equivalent changes and modifications made to the above embodiments by the technical essence still belong to the scope of the technical solution of the present invention.

Claims (20)

1. a kind of embedded system for having content protecting ability, it is characterised in that include:
Safety integrated circuit, provided with identification key storage device, to store identification key;And
System and device, provided with system key storage device, to stocking system key;
Wherein the system key is to be performed mathematical calculations by the identification key and obtained with function array, and the function array represents the insertion One or more required functions of formula system;
When the embedded system will start the function, the identification key and the system key are subjected to another secondary mathematical operation, because And the function array is obtained, start the required function according to this.
2. the embedded system of tool content protecting ability according to claim 1, it is characterised in that wherein the identification key stores up Cryopreservation device includes light shield read-only storage or single programmable internal memory.
3. the embedded system of tool content protecting ability according to claim 1, it is characterised in that wherein system key stores Device can erase comprising flash memory or electronics can program read-only memory.
4. the embedded system of tool content protecting ability according to claim 1, it is characterised in that wherein the content includes Software.
5. the embedded system of tool content protecting ability according to claim 1, it is characterised in that wherein in order to be somebody's turn to do Mathematical operation that system key is carried out and another secondary mathematical operation carried out to obtain the function array include cryptographic calculation.
6. the embedded system of tool content protecting ability according to claim 1, it is characterised in that the wherein function array Binary numeral is expressed as, and the validity of the function is represented with bit position.
7. the embedded system of tool content protecting ability according to claim 1, it is characterised in that further include:
The embedded system checks that the safety integrated circuit whether there is.
8. the embedded system of tool content protecting ability according to claim 1, it is characterised in that wherein in order to be somebody's turn to do Function array and further include the step of another secondary mathematical operation carried out:
Whether the function array inspected obtained by another secondary mathematical operation carried out to obtain the function array is correct.
9. the embedded system of tool content protecting ability according to claim 1, it is characterised in that wherein different embedded The identification key of system is different from each other, and system key is also different from each other.
10. the embedded system of tool content protecting ability according to claim 1, it is characterised in that wherein same embedded The identification key of system is immobilizes, and its system key can be because changing after software upgrading.
11. a kind of content protecting method of embedded system, it is characterised in that include:
Identification key is performed mathematical calculations to obtain system key with function array, the function array is represented needed for the embedded system One or more functions of asking;
The identification key is stored in safety integrated circuit;
The system key is stored in system and device;And
When the embedded system will start the function, the identification key and the system key are subjected to another secondary mathematical operation, because And the function array is obtained, start the required function according to this.
12. the content protecting method of embedded system according to claim 11, it is characterised in that wherein the identification key stores up It is stored in light shield read-only storage or single programmable internal memory.
13. the content protecting method of embedded system according to claim 11, it is characterised in that wherein the system key stores up Be stored in flash memory or electronics can erase can program read-only memory.
14. the content protecting method of embedded system according to claim 11, it is characterised in that wherein the content includes Software.
15. the content protecting method of embedded system according to claim 11, it is characterised in that wherein in order to be somebody's turn to do Mathematical operation that system key is carried out and another secondary mathematical operation carried out to obtain the function array include cryptographic calculation.
16. the content protecting method of embedded system according to claim 11, it is characterised in that the wherein function array Binary numeral is expressed as, and the validity of the function is represented with bit position.
17. the content protecting method of embedded system according to claim 11, it is characterised in that further include:
The embedded system checks that the safety integrated circuit whether there is.
18. the content protecting method of embedded system according to claim 11, it is characterised in that wherein in order to be somebody's turn to do Function array and further include the step of another secondary mathematical operation carried out:
Whether the function array inspected obtained by another secondary mathematical operation carried out to obtain the function array is correct.
19. the content protecting method of embedded system according to claim 11, it is characterised in that wherein different embedded The identification key of system is different from each other, and system key is also different from each other.
20. the content protecting method of embedded system according to claim 11, it is characterised in that wherein same embedded The identification key of system is immobilizes, and its system key can be because changing after software upgrading.
CN201410259364.1A 2014-06-11 2014-06-11 Embedded system and content protection method Expired - Fee Related CN105224829B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410259364.1A CN105224829B (en) 2014-06-11 2014-06-11 Embedded system and content protection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410259364.1A CN105224829B (en) 2014-06-11 2014-06-11 Embedded system and content protection method

Publications (2)

Publication Number Publication Date
CN105224829A CN105224829A (en) 2016-01-06
CN105224829B true CN105224829B (en) 2017-12-08

Family

ID=54993794

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410259364.1A Expired - Fee Related CN105224829B (en) 2014-06-11 2014-06-11 Embedded system and content protection method

Country Status (1)

Country Link
CN (1) CN105224829B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1103728A (en) * 1994-05-03 1995-06-14 陈龙森 Enciphering protection method and apparatus for software of computer
US6587842B1 (en) * 1999-10-01 2003-07-01 Keith Watts Software-based protection system for software products distributed on copyable media, or downloaded over a communications link
CN1561026A (en) * 2004-02-20 2005-01-05 胡祥义 Method for preventing pirate based on ciphered algorithmic technique
CN1987882A (en) * 2005-12-23 2007-06-27 联想(北京)有限公司 Software protecting method and system based on safety chip
CN102708310A (en) * 2012-01-12 2012-10-03 苏州百正信息科技有限公司 Registration code anti-piracy encryption method for computer software in batch production
EP2525301A1 (en) * 2011-05-19 2012-11-21 Thomson Licensing Syntax-preserving software protection

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1103728A (en) * 1994-05-03 1995-06-14 陈龙森 Enciphering protection method and apparatus for software of computer
US6587842B1 (en) * 1999-10-01 2003-07-01 Keith Watts Software-based protection system for software products distributed on copyable media, or downloaded over a communications link
CN1561026A (en) * 2004-02-20 2005-01-05 胡祥义 Method for preventing pirate based on ciphered algorithmic technique
CN1987882A (en) * 2005-12-23 2007-06-27 联想(北京)有限公司 Software protecting method and system based on safety chip
EP2525301A1 (en) * 2011-05-19 2012-11-21 Thomson Licensing Syntax-preserving software protection
CN102708310A (en) * 2012-01-12 2012-10-03 苏州百正信息科技有限公司 Registration code anti-piracy encryption method for computer software in batch production

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
"基于RSA数字签名的软件保护方案";周书锋,孙玉真;《计算机应用与软件》;20080331;第25卷(第3期);全文 *

Also Published As

Publication number Publication date
CN105224829A (en) 2016-01-06

Similar Documents

Publication Publication Date Title
EP3779745B1 (en) Code pointer authentication for hardware flow control
EP2854066B1 (en) System and method for firmware integrity verification using multiple keys and OTP memory
CN103329095B (en) Authenticate a hypervisor with encoded information
US8930710B2 (en) Using a manifest to record presence of valid software and calibration
CN104008342A (en) Method for achieving safe and trusted authentication through BIOS and kernel
US8683212B2 (en) Method and system for securely loading code in a security processor
US20080181407A1 (en) Method for protecting a control device against manipulation
EP3522049B1 (en) Data protection method for chip rewriting equipment, electronic equipment and storage medium
KR20080100674A (en) Method and device for checking the integrity of the firmware
US10120987B2 (en) Device and method for executing protected iOS software modules
TW200515241A (en) Data management apparatus, data management method and computer program
CN104486355A (en) Method and device for preventing codes from being maliciously tampered with
CN109086578A (en) A kind of method that soft ware authorization uses, equipment and storage medium
CN107194237A (en) Method, device, computer equipment and the storage medium of application security certification
WO2016198831A1 (en) Apparatus and methods for transitioning between a secure area and a less-secure area
CN107636672A (en) Electronic device and method in electronic device
US20200074077A1 (en) Method for Providing a Security-Critical Software Application on a Computer Unit
JP2007507020A (en) Method for reloading software into the boot sector of a programmable read-only memory
CN102970414A (en) Cell phone password protection method based on Android system
CN105224829B (en) Embedded system and content protection method
KR101638257B1 (en) Method for protecting source code of application and apparatus for performing the method
KR102002109B1 (en) Installation for preventing ecu manipulation using rsa signature and method for emergency engine driving using thereof
CN110619219B (en) Application program source code protection method and device, computer equipment and storage medium
CN111357003A (en) Data protection in a pre-operating system environment
WO2014135989A2 (en) Localized pin management with reader verification and no disclosure

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20171208

Termination date: 20190611