CN100340937C - Software protecting method and device - Google Patents
Software protecting method and device Download PDFInfo
- Publication number
- CN100340937C CN100340937C CNB2004100310625A CN200410031062A CN100340937C CN 100340937 C CN100340937 C CN 100340937C CN B2004100310625 A CNB2004100310625 A CN B2004100310625A CN 200410031062 A CN200410031062 A CN 200410031062A CN 100340937 C CN100340937 C CN 100340937C
- Authority
- CN
- China
- Prior art keywords
- result
- software
- scrambling
- verification
- transformation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
本发明公开了一种软件保护方法,选取扰码结果存储单元,该方法包括以下步骤:在所述软件启动时生成验证值,根据所述验证值生成扰码结果,所述扰码结果存储于所述扰码结果存储单元中;判断验证值是否为预定值或者验证扰码结果是否正确;如是,则运行所述软件,并启动定时器;判断前述定时器是否到达预定周期;如达到预定周期,对前述扰码结果进行校验,判断校验是否通过;如果通过,则继续检测定时器;如果未通过,则退出所述软件的运行或进行所述软件的受限运行。
The invention discloses a software protection method. A scrambling result storage unit is selected. The method includes the following steps: generating a verification value when the software is started, generating a scrambling result according to the verification value, and storing the scrambling result in In the scrambling code result storage unit; judge whether the verification value is a predetermined value or verify that the scrambling code result is correct; if so, run the software and start the timer; judge whether the aforementioned timer reaches the predetermined period; if the predetermined period is reached , verifying the aforementioned scrambling code result, and judging whether the verification is passed; if it is passed, continue to detect the timer; if not, exit the operation of the software or perform the limited operation of the software.
Description
Technical field
The present invention relates to the software protection field, particularly relate to a kind of method and device by proof procedure protection software.
Background technology
Along with the development of infotech, software industry also more and more is subject to people's attention, and various system softwares and application software emerge in an endless stream.Usually, the software developer need drop into the research and development that huge manpower and materials are carried out software.But in case the software development success, the bootlegger only need spend a spot of energy just can copy also sale at a low price, greatly hits the development that people are engaged in the enthusiasm and the serious obstruction software industry of software development.
Pirate to protect the intellectual property in order to contain, industry has been released a series of Software Protection Technique.Wherein, when software startup, carrying out the rights of using checking according to the sign of user profile, product ID, digital signature and/or running software carrier is method for protecting software commonly used at present, if the verification passes, then allows to carry out the operation of software; If checking can't pass, then return information, do not allow to move the limited operation that described software or masked segment function only allow software.
Seeing also Fig. 1, is a kind of flow process of method for protecting software of prior art.
When protected software initialization, will trigger authentication unit and start proof procedure: at first, obtain the information such as sign of user profile, product ID, digital signature and/or running software carrier; Secondly, the rreturn value generation unit is verified according to the sign of user profile, product ID, digital signature and/or running software carrier, generates rreturn value; Whether subsequently, comparing unit compares according to described rreturn value, pass through to judge checking, if then allow the described software of operation to carry out business processing; If not, then carry out authentication failed and handle, as return information, do not allow to move the limited operation that described software or masked segment function only allow software.
The method for protecting software of described prior art has some defectives: owing to only handle when software initialization; and directly judge by comparing unit usually according to rreturn value; if the assailant follows the tracks of the proof procedure of software; just can be by revising the rreturn value of these proof procedures; perhaps change some compare operation; make and always return checking in the proof procedure and pass through, thereby cause the assailant can thoroughly walk around proof procedure, and need not to pay close attention to other verification operation details.
Summary of the invention
The technical matters that the present invention solves is to provide a kind of increasing to attack difficulty to improve the method for protecting software and the device of security.
For this reason, the technical scheme of technical solution problem of the present invention is: a kind of method for protecting software is provided, chooses scrambler storage unit as a result, this method may further comprise the steps:
1) generate validation value when described software startup, generate the scrambler result according to described validation value, described scrambler result is stored in described scrambler as a result in the storage unit;
2) judge that whether validation value is whether predetermined value or checking scrambler result be correct, in this way, then enters step 3); As not, then carry out the limited operation of described software or do not allow to move described software;
3) move described software, and start timer;
4) judge whether aforementioned timer arrives predetermined period, in this way, then enter step 5); As not, then do not operate;
5) aforementioned scrambler result is carried out verification, judge whether verification is passed through, in this way, then return step 4); As not, then withdraw from the operation of described software or carry out the limited operation of described software.
Wherein, in the described step 1), generate the scrambler result and specifically comprise:
11) generate pseudo random number;
12) utilize described pseudo random number that validation value is carried out conversion, generate first transformation results.
Wherein, described step 12) specifically comprises pseudo random number and validation value addition; Addition result is carried out hash conversion.
Wherein, be character string with the hash conversion result as character string or with hash conversion result's value transform, described character string i.e. first transformation results.
Wherein, described step 5) specifically comprises:
51) the scrambler result is carried out map function, generate second transformation results;
52) obtain check results according to aforementioned first transformation results and second transformation results;
53) judge whether check results is predetermined value.
Wherein, map function is a hash conversion described step 51); Described step 52) in first transformation results and second transformation results are carried out the step-by-step XOR.
The present invention also provides a kind of software protecting equipment that is used to realize the described method for protecting software of claim 1, comprising: the validation value generation unit is used for generating validation value when described software startup; Comparing unit, whether be used for the comparatively validate value is predetermined value; Also comprise: scrambler is generation unit as a result, is used for generating the scrambler result according to the aforementioned authentication value; Scrambler is storage unit as a result, is used to store described scrambler result; Timer is used for triggering verification unit when described running software; Verification unit is used for when software startup or timer arrival predetermined period aforementioned scrambler result being carried out verification.
Wherein, described validation value generation unit and comparing unit become one.
With respect to prior art; the invention has the beneficial effects as follows: at first; because carrying out scrambler to the validation value that returns, the present invention handles; generate the scrambler result; and timer is set when running software, when timer arrives predetermined period, the scrambler result is carried out verification, promptly regularly the scrambler result is carried out verification; carry out difficulty of attacking and improve security at the validation value that returns thereby increase the assailant, realize software protection.Secondly, because the present invention carries out timing verification to the scrambler result, rather than regenerate validation value and validation value is judged the speed of timing verification is higher.Secondly, in an embodiment of the invention, when software startup the scrambler result is carried out verification, prior art is verified rreturn value when software startup relatively, has increased at the rreturn value difficulty of attacking.
Description of drawings
Fig. 1 is a kind of process flow diagram of method for protecting software of prior art;
Fig. 2 is the theory diagram of software protecting equipment of the present invention;
Fig. 3 is the process flow diagram of method for protecting software of the present invention;
Fig. 4 is the process flow diagram of method for protecting software embodiment of the present invention;
Fig. 5 is the process flow diagram that scrambler is handled in the flow process shown in Figure 4;
Fig. 6 is the process flow diagram of scrambler verification as a result in the flow process shown in Figure 4.
Embodiment
Method for protecting software of the present invention and device be by carrying out scrambler and handle and the scrambler result is carried out timing verification to the validation value that returns, the effectively attack carried out at rreturn value of defensive attack person, thus realization is to the protection of software.
Seeing also Fig. 2, is the theory diagram of using the software protecting equipment of method for protecting software of the present invention.Described software protecting equipment comprises validation value generation unit 110, comparing unit 120, scrambler generation unit 130, timer 140 and verification unit 150 as a result; Described validation value generation unit 110 is used for obtaining information and generating validation value from data handling system 200 when protected software startup; Whether described comparing unit 120 is used for the comparatively validate value is predetermined value and the operation that influences data handling system 200; Described scrambler generation unit 130 as a result is used for generating the scrambler result according to the aforementioned authentication value; Described timer 140 is used for triggering verification unit 150 when described running software; Described verification unit 150 is used for when software startup or timer arrival predetermined period aforementioned scrambler result being carried out verification, and influences the operation of data handling system 200.
Need to prove that described validation value generation unit 110 and comparing unit 120 can integrate.
Seeing also Fig. 3, is the process flow diagram of method for protecting software of the present invention.
At first, implementation step S1, validation value generation unit 110 generate validation value when described software startup, and scrambler as a result generation unit 130 generate the scrambler result according to described validation value;
Step S2 judges that whether checking is passed through, and in this way, then enters step S3; As not, then do not allow the data handling system 200 described softwares of operation or carry out the limited operation of described software;
Step S3 allows the described software of operation, and starts timer 140;
Step S4 judges whether aforementioned timer 140 arrives predetermined period, in this way, then enters step S5, as not, does not then operate;
Step S5,150 couples of aforementioned scrambler results of verification unit carry out verification, judge whether verification is passed through, and in this way, then return step S4; As not, then data handling system 200 withdraws from the operation of described software or carries out the limited operation of described software.
Need to prove, among the described step S2, judge when whether checking is passed through, can adopt 120 pairs of validation values of comparing unit to compare, also can adopt 150 couples of scrambler results of verification unit to carry out verification.
For the ease of the understanding of the present invention, the present invention is described in further detail below in conjunction with embodiment.
See also Fig. 4, when protected software initialization, at first execution in step S11 selectes scrambler storage unit as a result, and described scrambler storage unit as a result comprises first memory block and second memory block.
Subsequently, among the step S12, the validation value generation unit generates validation value rtValue according to the sign of user profile, product ID, digital signature and/or running software carrier.
Consult Fig. 5 in the lump, scrambler generation unit as a result produces a length and the first memory block width consistent (as 32 s') pseudo random number rtResult.ulData1, and it is kept at first memory block; Utilize described pseudo random number rtResult.ulData1 that validation value rtValue is carried out conversion, generate the first transformation results rtResult.ulData2, the described first transformation results rtResult.ulData2 is kept at second memory block.The described pseudo random number rtResult.ulData1 and the first transformation results rtResult.ulData2 form scrambler rtResult as a result.
In the present embodiment, H (rtResult.ulData1+rtValue) _ 32 is adopted in described map function, be about to pseudo random number rtResult.ulData1 and validation value rtValue addition, its result carried out the HASH conversion, get at last HASH result preceding 32 as a signless integer.
Be understandable that two kinds of processing modes to be arranged for the raw data of HASH conversion: one, with 32 integer rtResult.ulData1+rtValue as one 4 byte long character string; Its two, be a character string with the value transform of 32 integer rtResult.ulData1+rtValue.
Step S13, comparing unit compares validation value rtValue, judges whether validation value rtValue is predetermined value, and in this way, then execution in step S14 is passed through in the expression checking; As not, represent then to verify and do not pass through that will carry out authentication failed and handle, the partial function that withdraws from running software or shielding software carries out the limited operation of software.
Step S14 allows running software to carry out business processing, starts timer.The cycle of timer can be selected voluntarily according to the characteristics of software runtime environment.
Step S15 judges whether timer arrives predetermined period, in this way, then enters step S16; As not, then do not carry out any operation, do not influence the normal operation of software.
Consult Fig. 6 in the lump, step S16 when timer arrives predetermined period, carries out verification to the scrambler result.Concrete checking procedure comprises: at first, from scrambler as a result storage unit read the scrambler result; Carry out map function, generate the second transformation results H (rtResult.ulData1+1) _ 32, be about to pseudo random number rtResult.ulData1 and add 1, its result is carried out the HASH conversion, get at last HASH result preceding 32 as a signless integer; Then the second transformation results H (rtResult.ulData1+1) _ 32 and the first transformation results rtResult.ulData2 are carried out " step-by-step XOR ", generate check results H (rtResult.ulData1+1) _ 32^rtResult.ulData2; At last, judge that whether check results is predetermined value, judges whether verification is passed through, and in this way, then returns step S15; As not, then withdraw from the operation of described software or carry out the limited operation of described software.
In the present embodiment, set and have only when protected validation value rtValue is 1, scrambler verification does not as a result pass through.Therefore,, represent that then protected validation value is 1, just mean that also the scrambler check results do not pass through if last check results is 0.
The above only is a preferred implementation of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also should be considered as protection scope of the present invention.
Claims (8)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100310625A CN100340937C (en) | 2004-04-12 | 2004-04-12 | Software protecting method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2004100310625A CN100340937C (en) | 2004-04-12 | 2004-04-12 | Software protecting method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1684017A CN1684017A (en) | 2005-10-19 |
| CN100340937C true CN100340937C (en) | 2007-10-03 |
Family
ID=35263382
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100310625A Expired - Fee Related CN100340937C (en) | 2004-04-12 | 2004-04-12 | Software protecting method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100340937C (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8452984B2 (en) * | 2008-08-28 | 2013-05-28 | Alcatel Lucent | Message authentication code pre-computation with applications to secure memory |
| US8839458B2 (en) * | 2009-05-12 | 2014-09-16 | Nokia Corporation | Method, apparatus, and computer program for providing application security |
| CN104134035B (en) * | 2013-08-06 | 2016-03-30 | 腾讯科技(深圳)有限公司 | The method of controlling operation thereof of software and device |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5014234A (en) * | 1986-08-25 | 1991-05-07 | Ncr Corporation | System with software usage timer and counter for allowing limited use but preventing continued unauthorized use of protected software |
| US5199066A (en) * | 1989-04-18 | 1993-03-30 | Special Effects Software, Inc. | Method and apparatus for protecting software |
| CN1103728A (en) * | 1994-05-03 | 1995-06-14 | 陈龙森 | Enciphering protection method and apparatus for software of computer |
| US5771347A (en) * | 1994-05-20 | 1998-06-23 | International Business Machines Corp. | Apparatus and method to allow a user a trial period before licensing a software program product |
| US5910989A (en) * | 1995-04-20 | 1999-06-08 | Gemplus | Method for the generation of electronic signatures, in particular for smart cards |
-
2004
- 2004-04-12 CN CNB2004100310625A patent/CN100340937C/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5014234A (en) * | 1986-08-25 | 1991-05-07 | Ncr Corporation | System with software usage timer and counter for allowing limited use but preventing continued unauthorized use of protected software |
| US5199066A (en) * | 1989-04-18 | 1993-03-30 | Special Effects Software, Inc. | Method and apparatus for protecting software |
| CN1103728A (en) * | 1994-05-03 | 1995-06-14 | 陈龙森 | Enciphering protection method and apparatus for software of computer |
| US5771347A (en) * | 1994-05-20 | 1998-06-23 | International Business Machines Corp. | Apparatus and method to allow a user a trial period before licensing a software program product |
| US5910989A (en) * | 1995-04-20 | 1999-06-08 | Gemplus | Method for the generation of electronic signatures, in particular for smart cards |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1684017A (en) | 2005-10-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Van Gundy et al. | Catch Me, If You Can: Evading Network Signatures with Web-based Polymorphic Worms. | |
| CN1205521C (en) | Methods to detect malicious code | |
| Collberg et al. | Dynamic path-based software watermarking | |
| Horne et al. | Dynamic self-checking techniques for improved tamper resistance | |
| US9202051B2 (en) | Auditing a device | |
| CN1842757A (en) | Method and apparatus for incremental code signing | |
| US8949989B2 (en) | Auditing a device | |
| Caballero et al. | Input generation via decomposition and re-stitching: Finding bugs in malware | |
| Chen et al. | Secure and efficient software-based attestation for industrial control devices with arm processors | |
| Zeng et al. | Heaptherapy: An efficient end-to-end solution against heap buffer overflows | |
| Protsenko et al. | Pandora applies non-deterministic obfuscation randomly to android | |
| Li et al. | {RegexScalpel}: Regular Expression Denial of Service ({{{{{ReDoS}}}}}) Defense by {Localize-and-Fix} | |
| CN100340937C (en) | Software protecting method and device | |
| Weiss et al. | Known/chosen key attacks against software instruction set randomization | |
| US20120311338A1 (en) | Secure authentication of identification for computing devices | |
| CN100343775C (en) | Licensing file generating method, software product protection method and system | |
| Ho et al. | PERG: A scalable FPGA-based pattern-matching engine with consolidated bloomier filters | |
| KR20230137423A (en) | Enhanced encoding message inspection for RSA signature verification | |
| Hua et al. | Mmguard: Automatically protecting on-device deep learning models in android apps | |
| CN1547136A (en) | Data once writing method and database safety management method based on the same method | |
| CN103902856B (en) | Software protecting system and method in virtual environment | |
| CN108121899B (en) | Method and system for anti-repackaging of applications | |
| US12445303B2 (en) | Processor to accelerate and secure hash-based signature computations | |
| US20240430099A1 (en) | Processor to accelerate and secure hash-based signature computations | |
| Abdel-Hamid et al. | A tool for automatic watermarking of IP designs |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20071003 Termination date: 20170412 |