CN105468940A - Software protection method and apparatus - Google Patents
Software protection method and apparatus Download PDFInfo
- Publication number
- CN105468940A CN105468940A CN201510857401.3A CN201510857401A CN105468940A CN 105468940 A CN105468940 A CN 105468940A CN 201510857401 A CN201510857401 A CN 201510857401A CN 105468940 A CN105468940 A CN 105468940A
- Authority
- CN
- China
- Prior art keywords
- code
- protected
- application program
- encryption
- driver
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 39
- 230000005540 biological transmission Effects 0.000 claims description 9
- 230000007547 defect Effects 0.000 abstract description 4
- 238000005336 cracking Methods 0.000 abstract description 2
- 238000002054 transplantation Methods 0.000 abstract 11
- 230000002452 interceptive effect Effects 0.000 description 4
- 239000000203 mixture Substances 0.000 description 3
- 238000012795 verification Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000004321 preservation Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a software protection method and apparatus, relates to the field of software protection, and mainly aims to overcome the defects of inconvenient use and poor protection effect due to software protection by an encryption lock in the prior art. The method comprises: obtaining transplantation codes from codes of a to-be-protected application, and encrypting the transplantation codes to obtain encrypted transplantation codes; creating a driving program interacting with the to-be-protected application, wherein the driving program is used for decrypting the encrypted transplantation codes and executing the transplantation codes; receiving a transplantation code execution request sent by the to-be-protected application through the driving program, wherein the transplantation code execution request carries the encrypted transplantation codes; and decrypting the encrypted transplantation codes by the driving program and determining whether the transplantation codes are executed or not according to a decryption result. According to the software protection method and apparatus, the to-be-protected application (software) can be protected by codes with complicated code logic and codes with the number higher than that of codes carried by the encryption lock as transplantation codes, so that the cracking difficulty of the to-be-protected application (software) is greatly increased.
Description
Technical field
The present invention relates to field of software protection, particularly relate to a kind of method for protecting software and device.
Background technology
Software is a series of according to the computer data of particular order tissue and the set of instruction, is developed in order to certain specific purposes.Along with the development of computer technology, increasing software is developed, and wherein a large amount of office softwares, due to the work that people can be helped to complete various complexity, therefore has important commercial value.But because the current software field piracy of many reasons is walked crosswise, the legitimate interests of software developer are invaded always.
In order to the legitimate interests of protection software developer, the software cryptography scheme of prior art many employings high strength is protected software, and these software cryptography schemes generally all use encryption lock.Encryption lock is a kind of security product of the software and hardware combining be inserted in parallel port of computer or USB port, general have tens or the nonvolatile storage space of hundreds of byte can for read-write, software developer can carry out exchanges data by interface function and encryption lock, namely encryption lock is read and write, check whether encryption lock is inserted on interface; Or the exe file of the instrument encryption directly using encryption lock subsidiary oneself.Such software developer can arrange many places software locks in software, utilizes encryption lock as key to open these locks; If do not insert encryption lock or encryption lock not corresponding, software can not normally perform.
Although encryption lock can be protected software to a certain extent, must encryption lock be carried when using software in this way, to make troubles to user and encryption lock is also easily lost.In addition, adopt the cost of hardware encipher lock high, encryption lock causes the size of code of its actual transplanting limited due to limited storage space, and what this reduced encryption lock to a certain extent cracks difficulty.
Summary of the invention
The embodiment of the present invention provides a kind of method for protecting software and device, in order to solve the use inconvenience that brought software protection by encryption lock in prior art and the low defect of protection intensity.
According to first aspect of the present invention, the embodiment of the present invention provides a kind of method for protecting software, comprising:
From the code of application program to be protected, obtain P-code and encrypt for described P-code and obtain encrypting P-code;
Create and carry out mutual driver with described application program to be protected, described driver is for deciphering described encryption P-code and performing described P-code;
Described driver receives the execution P-code request that described application program to be protected sends, and carries described encryption P-code in the request of described execution P-code;
Described driver is decrypted described encryption P-code, determines whether to perform described P-code according to decrypted result.
According to second aspect of the present invention, the embodiment of the present invention provides a kind of software protecting equipment, comprising:
Acquiring unit, obtains encrypting P-code for obtaining P-code in the code from application program to be protected and encrypting for described P-code;
Creating unit, carry out mutual driver for creating with described application program to be protected, described driver is for deciphering described encryption P-code and performing described P-code;
Receiving element, for the execution P-code request making described driver receive described application program transmission to be protected, carries described encryption P-code in the request of described execution P-code;
Decryption unit, for making described driver be decrypted described encryption P-code, determines whether to perform described P-code according to decrypted result.
The method for protecting software that the embodiment of the present invention provides and device; can create and carry out mutual driver with application program to be protected; after this driver receives the execution P-code request of application program to be protected transmission, the encryption P-code treated in protection application program is decrypted and performs P-code; determined whether to perform described P-code according to the decrypted result of encryption P-code by driver, thus do not need to treat protection application program (software) by the encryption lock storing P-code of the prior art and protect.Simultaneously; because driver is to the hardware execution efficiency of the operational efficiency of complicated algorithm far above encryption lock itself; and not by the restriction of encryption lock storage space; therefore the code of code logic complexity and the more code of the size of code carried than encryption lock can be protected as P-code to treat protection application program (software) by the present invention, and what considerably increase application program to be protected (software) cracks difficulty.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
The process flow diagram of a kind of method for protecting software that Fig. 1 provides for the embodiment of the present invention;
The composition frame chart of a kind of software protecting equipment that Fig. 2 provides for the embodiment of the present invention;
The composition frame chart of the another kind of software protecting equipment that Fig. 3 provides for the embodiment of the present invention;
The composition frame chart of the another kind of software protecting equipment that Fig. 4 provides for the embodiment of the present invention.
Embodiment
For making the object of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
In the existing mode that software is protected; main use encryption lock is protected software; encryption lock is a kind of security product of the software and hardware combining be inserted in parallel port of computer or USB port; general have tens or the nonvolatile storage space of hundreds of byte can for read-write; the partial code in software is preserved in this storage space; software developer can carry out exchanges data by interface function and encryption lock, namely reads and writes the code in encryption lock.But must encryption lock be carried when using software in this way, to make troubles to user and encryption lock is also easily lost.In addition, adopt the cost of hardware encipher lock high, encryption lock causes the size of code of its actual transplanting limited due to limited storage space, and what this reduced encryption lock to a certain extent cracks difficulty.
In order to solve by the problem that use is inconvenient and protection intensity is low that encryption lock brings software protection in prior art, the embodiment of the present invention provides a kind of method for protecting software, and as shown in Figure 1, the method comprises:
101, from the code of application program to be protected, obtain P-code and encrypt for P-code and obtain encrypting P-code.
When protecting the application program of software; do not used by unwarranted user to make the application program of software; needing to transplant in a part of code to encryption lock from the code of application program to protect, only having through authorizing the user of (having encryption lock) just normally can use software by the P-code in encryption lock.But after encryption lock is lost, other users undelegated can be caused to use protected software.In order to overcome above-mentioned defect, the embodiment of the present invention needs to perform step 101 and from the code of application program to be protected, obtains P-code also for P-code encryption obtains encrypting P-code.
102, establishment and application program to be protected carry out mutual driver, and driver is used for enabling decryption of encrypted P-code and performs P-code.
Because the encryption lock cost carrying partial code in application program to be protected is higher and easily lose; and the storage space of encryption lock and operational efficiency limited; the actual size of code transplanted from application program to be protected is very limited, and what this also reduced code to a certain extent cracks difficulty.Therefore, the embodiment of the present invention does not use encryption lock, but needs the establishment of execution step 102 to carry out mutual driver with application program to be protected, and driver is used for enabling decryption of encrypted P-code and performs P-code.Wherein, between described driver and described application program to be protected, create the program of interactive interface; Described driver can be explained encryption P-code and perform P-code under kernel mode i.e. system model.Perform because the partial code in application program to be protected is transplanted in driver by the embodiment of the present invention; and almost exist not used for the debugger cracking driver at present; adding the virtual machine protection (shell being added to code as used VMProtect) of code, making to analyze very difficulty to transplanting code.
103, driver receives the execution P-code request that application program to be protected sends, and performs in P-code request and carries encryption P-code.
From the code of application program to be protected, get P-code in a step 101 due to the embodiment of the present invention and obtained encrypting P-code for P-code encryption, and create in a step 102 and carry out mutual driver with application program to be protected, described driver is for deciphering described encryption P-code and performing described P-code; Therefore, when needs use application program to be protected, need to be sent to driver by the interactive interface between application program to be protected and driver to perform P-code request, request driver performs P-code.Therefore the embodiment of the present invention after step 102, needs to perform the execution P-code request that step 103 driver receives application program to be protected transmission, performs in P-code request and carry encryption P-code.
104, driver is decrypted encryption P-code, determines whether to perform P-code according to decrypted result.
After driver receives the execution P-code request of application program to be protected transmission; driver obtains the encryption P-code carried in this request from the request of execution P-code; and encryption P-code is decrypted, determine whether to perform P-code according to decrypted result.If decrypted result is correct, then performs described P-code by driver, if decrypted result is incorrect, then cannot performs described P-code thus described application program to be protected cannot be used.Driver is when being decrypted encryption P-code, can be decrypted it according to the encryption rule of encryption P-code, described encryption rule can be carried out in advance setting by software developer and can set this encryption rule in driver when creating driver.
The method for protecting software that the embodiment of the present invention provides; can create and carry out mutual driver with application program to be protected; after this driver receives the execution P-code request of application program to be protected transmission, the encryption P-code treated in protection application program is decrypted and performs P-code; determined whether to perform described P-code according to the decrypted result of encryption P-code by driver, thus do not need to treat protection application program (software) by the encryption lock storing P-code of the prior art and protect.Simultaneously; because driver is to the hardware execution efficiency of the operational efficiency of complicated algorithm far above encryption lock itself; and not by the restriction of encryption lock storage space; therefore the code of code logic complexity and the more code of the size of code carried than encryption lock can be protected as P-code to treat protection application program (software) by the present invention, and what considerably increase application program to be protected (software) cracks difficulty.
Understand the method shown in above-mentioned Fig. 1 in order to better, the embodiment of the present invention is described in detail for each step in Fig. 1.
Due in prior art in order to protect the application program of software, the partial code in application program to be protected can be transplanted in encryption lock, authorized use the user of software normally can use software by encryption lock.But the limited storage space due to encryption lock and the operational efficiency to complicated algorithm lower, therefore the code logic great majority transplanting code in encryption lock all relatively simple and in encryption lock the actual size of code transplanted relatively little, what this reduced code to a certain extent cracks difficulty.In order to overcome above-mentioned defect, the mode that the embodiment of the present invention does not re-use encryption lock carrys out the P-code in protection application program, but carries out mutual driver, by performing described P-code in driver by creating with application program to be protected.Due to driver not by storage space restriction and the operational efficiency of driver to complicated algorithm is higher, therefore the embodiment of the present invention can obtain the P-code of code logic complexity and can obtain the larger P-code of size of code from application program to be protected.When the embodiment of the present invention obtains P-code the code of reality from application program to be protected; the obtain manner of dot-dividing type can be adopted from the code of application program to be protected to obtain P-code, and the diverse location namely in the code of application program to be protected obtains multiple P-code.The embodiment of the present invention obtains P-code by dot-dividing type can not only obtain the larger P-code of size of code; but also the code of the different code logic of diverse location in application source code to be protected can be got; by improving the size of code of P-code and the complexity of P-code, thus improve P-code crack difficulty.
Because the P-code obtained in the code from application program to be protected is just stored in encryption lock by prior art; P-code is not encrypted; therefore, after encryption lock is lost, any user getting encryption lock can normally use application program to be protected.Therefore, after the embodiment of the present invention gets P-code in the code from application program to be protected, also need to be encrypted P-code.Owing to embodiments providing a kind of mode adopting dot-dividing type to obtain P-code, entanglement is there will not be in order to make the P-code of acquisition, therefore the P-code of the different code logic obtained by dot-dividing type can be built into code block by the embodiment of the present invention, the P-code of different code logic can be distinguished by code block, thus avoid the P-code of different code logic to occur entanglement.After P-code is built into code block, need to be encrypted code block to obtain encrypting P-code.When being encrypted code block, embodiments providing a kind of optional embodiment, asymmetric encryption can be carried out to described code block and obtaining encrypting P-code.When using asymmet-ric encryption method to be encrypted code block, need use two keys: public-key cryptography and private cipher key.Public-key cryptography and private cipher key are a pair, if use public-key cryptography to be encrypted code block, so only have corresponding private cipher key to decipher; If use private cipher key to be encrypted code block, corresponding public-key cryptography is so only had to decipher.Such as; the embodiment of the present invention can by the public-key cryptography in pair of secret keys to code block be encrypted obtain encrypt P-code; and when creating driver; described encryption rule can be set in driver; therefore when the external world needs to perform application program to be protected; the execution P-code request carrying encryption P-code can be sent to driver; driver, after receiving the request of described execution P-code, needs to use private cipher key to be decrypted encryption P-code according to the encryption rule of setting.Owing to there is interactive interface between application program to be protected and driver; if therefore driver needs to reply enciphered message to application program to be protected; so need driver to use the public-key cryptography in the pair of secret keys of application setting to be protected to be encrypted return information, use private cipher key to be decrypted the enciphered message of replying by application program to be protected.Above by mode just a kind of optional embodiment that asymmetric encryption mode is encrypted code block, certainly other cipher modes can also be used, such as use symmetric cryptography mode to be encrypted code block, namely use same double secret key code block to encrypt and decrypt.Although adopt symmetric cryptography mode can reach encryption and decryption speed faster, but the process due to encryption and decryption adopts same key, the security of enciphered message just cannot be ensured after either party Key Exposure, although therefore adopt symmetric cryptography mode also can play the object of encrypted code block, its cryptographic security is not so good as symmetric cryptography mode.Because the embodiment of the present invention does not use encryption lock to preserve encryption P-code, therefore after being encrypted by code block by each mode above-mentioned and obtaining encryption P-code, encryption P-code can be carried out this locality preservation by the embodiment of the present invention.Preserve in the process of encryption P-code in reality; under encryption P-code can being stored in the catalogue of application program to be protected; so that when using application program to be protected; encryption P-code can be obtained fast from its catalogue, and encryption P-code is carried in execution P-code request and send to driver.Or, also encryption P-code can be stored in other storage spaces of application program place to be protected client.
In order to improve the degree of protection treating protection application program; driver is enable to perform except P-code except being encrypted P-code and realizing a set of code interpretative device in driver; the embodiment of the present invention also needs in driver, realize a set of empowerment management logic; namely arrange the rights of using of application program to be protected, the machine only with rights of using can run described application program to be protected.Concrete when arranging the rights of using of application program to be protected, the embodiment of the present invention can be realized by the mode of digital signature.Its process comprises: the hardware information with the machine of rights of using is generated machine code, such as the hard disk serial number of machine, mainboard information etc. are formed a string sequence number through a series of encryption, hash, described sequence number is exactly can the machine code of unique recognition machine; After acquisition has the machine code of the machine of rights of using, need to carry out Hash operation to described machine code and obtain cryptographic hash, cryptographic hash is used for the unique value of the fixed size representing described machine code.SHA256 algorithm can be adopted to carry out to described machine code the cryptographic hash that Hash operation obtains 256 when reality carries out Hash operation to machine code, other hash algorithms can certainly be adopted to carry out Hash operation to machine code.After obtaining unique cryptographic hash; the embodiment of the present invention also need the private key by presetting to described cryptographic hash be encrypted obtain described in there is the digital signature of the hardware information of the machine of rights of using; namely be encrypted by hardware information summary (carrying out Hash operation to hardware information to obtain) of private key to the machine with rights of using of application program to be protected; and the cryptographic hash (digital signature) of encryption is sent to driver, driver only has could decipher encrypted cryptographic hash (digital signature) with the PKI of application program to be protected.Owing to providing this processing mode of rights of using arranging application program to be protected in the embodiment of the present invention; and when arranging the rights of using of application program to be protected, digital signature process is carried out to the cryptographic hash of the machine hardware information with rights of using; therefore the described driver in the embodiment of the present invention, in the execution P-code request receiving described application program transmission to be protected, has the digital signature of the cryptographic hash of the machine hardware information of rights of using in the request of described execution P-code described in also comprising.
After by the way P-code being encrypted and treat protection application programming rights of using; the embodiment of the present invention not only needs to be decrypted described P-code according to the encryption rule of P-code by driver; but also need to be verified (namely verifying described digital signature) by the authorization privilege of driver to machine, judge its rights of using whether with application program to be protected (namely judging that whether digital signature is legal).Concrete is verified by the digital signature of driver to the machine code of current machine exactly, and determines whether to perform described P-code according to the result.Such as; when using application program to be protected; application program to be protected can send the request of execution P-code by the interactive interface between itself and driver to driver, carries the digital signature of the cryptographic hash of the machine hardware information of encrypting P-code and having rights of using in the request of described execution P-code.After driver receives the request of described execution P-code, can first be verified the digital signature of carrying in the request of described execution P-code by the PKI matched with the private key used when carrying out digital signature process, if certifying digital signature is legal, then illustrate that the transmit leg of the cryptographic hash of machine hardware information is legal, but because the cryptographic hash of the machine hardware information obtained by hash algorithm is irreversible, therefore after certifying digital signature is legal, the embodiment of the present invention also needs to use same hash algorithm to calculate the cryptographic hash of the machine code of current machine, if the cryptographic hash calculated is identical with the cryptographic hash demonstrating digital signature before, then can be decrypted according to the encryption rule of P-code encryption P-code and perform described P-code by driver, thus can normally use application program to be protected, if the cryptographic hash calculated is not identical with the cryptographic hash demonstrating digital signature before, then machine does not have the rights of using of application program to be protected, cannot normally use application program to be protected.
The embodiment of the present invention is by arranging the rights of using of application program to be protected; Hash operation is carried out to the hardware information of authorized machine and carries out digital signature process; the encryption using software developer to preset by driver and the hash signature of verification method to the machine code of current machine are verified; the encryption method that only software developer could be used to preset by driver when signing legal is decrypted encryption P-code and performs described P-code, thus can normally use application program to be protected.The high strength protection treating protection application program is realized by encryption P-code and authorized signature.
As the application to method shown in above-mentioned Fig. 1, embodiments provide a kind of software protecting equipment, as shown in Figure 2, described device comprises: acquiring unit 21, creating unit 22, receiving element 23 and decryption unit 24, wherein,
Acquiring unit 21, obtains encrypting P-code for obtaining P-code in the code from application program to be protected and encrypting for described P-code;
Creating unit 22, carry out mutual driver for creating with described application program to be protected, described driver is for deciphering described encryption P-code and performing described P-code;
Receiving element 23, for receiving the execution P-code request that described application program to be protected sends, carries described encryption P-code in the request of described execution P-code;
Decryption unit 24, for being decrypted described encryption P-code, determines whether to perform described P-code according to decrypted result.
Further, acquiring unit 21 obtains P-code for dot-dividing type in the code from application program to be protected, and described dot-dividing type obtains the P-code that the P-code diverse location be included in the code of application program to be protected obtains different code logic.
Further, as shown in Figure 3, acquiring unit 21 comprises:
Build module 211, for described P-code is built into code block;
Encrypting module 212, obtains encrypting P-code for carrying out asymmetric encryption to described code block;
Preserving module 213, preserving for described encryption P-code being carried out this locality.
Further, as shown in Figure 4, described device also comprises:
Setting unit 25, for arranging the rights of using of application program to be protected.
Further, setting unit 25 comprises:
Generation module 251, the hardware information for the machine by having rights of using generates machine code;
Computing module 252, obtains cryptographic hash for carrying out Hash operation to described machine code;
Signature blocks 253, for the private key by presetting to described cryptographic hash be encrypted obtain described in there is the digital signature of the hardware information of the machine of rights of using.
Further, decryption unit 24 is also verified described digital signature for the PKI that the private key used with preset is corresponding, determines whether to perform described P-code according to the result.
The software protecting equipment that the embodiment of the present invention provides; can create and carry out mutual driver with application program to be protected; after this driver receives the execution P-code request of application program to be protected transmission, the encryption P-code treated in protection application program is decrypted and performs P-code; determined whether to perform described P-code according to the decrypted result of encryption P-code by driver, thus do not need to treat protection application program (software) by the encryption lock storing P-code of the prior art and protect.Simultaneously; because driver is to the hardware execution efficiency of the operational efficiency of complicated algorithm far above encryption lock itself; and not by the restriction of encryption lock storage space; therefore the code of code logic complexity and the more code of the size of code carried than encryption lock can be protected as P-code to treat protection application program (software) by the present invention, and what considerably increase application program to be protected (software) cracks difficulty.
In addition; the software protecting equipment that the embodiment of the present invention provides can by arranging the rights of using of application program to be protected; Hash operation is carried out to the hardware information of authorized machine and carries out digital signature process; the encryption using software developer to preset by driver and the hash signature of verification method to the machine code of current machine are verified; the encryption method that only software developer could be used to preset by driver when signing legal is decrypted encryption P-code and performs described P-code, thus can normally use application program to be protected.The high strength protection treating protection application program is realized by encryption P-code and authorized signature.
It should be noted that for above-mentioned software protecting equipment, the function of the unit module used in every embodiment of the present invention can be realized by hardware processor (hardwareprocessor).
Device embodiment described above is only schematic, the wherein said unit illustrated as separating component or can may not be and physically separates, parts as unit display can be or may not be physical location, namely can be positioned at a place, or also can be distributed in multiple network element.Some or all of module wherein can be selected according to the actual needs to realize the object of the present embodiment scheme.Those of ordinary skill in the art, when not paying performing creative labour, are namely appreciated that and implement.
Through the above description of the embodiments, those skilled in the art can be well understood to the mode that each embodiment can add required general hardware platform by software and realize, and can certainly pass through hardware.Based on such understanding, technique scheme can embody with the form of software product the part that prior art contributes in essence in other words, this computer software product can store in a computer-readable storage medium, as ROM/RAM, magnetic disc, CD etc., comprising some instructions in order to make a computer equipment (can be personal computer, server, or the network equipment etc.) perform the method described in some part of each embodiment or embodiment.
Last it is noted that above embodiment is only in order to illustrate technical scheme of the present invention, be not intended to limit; Although with reference to previous embodiment to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (12)
1. a method for protecting software, is characterized in that, described method comprises:
From the code of application program to be protected, obtain P-code and encrypt for described P-code and obtain encrypting P-code;
Create and carry out mutual driver with described application program to be protected, described driver is for deciphering described encryption P-code and performing described P-code;
Described driver receives the execution P-code request that described application program to be protected sends, and carries described encryption P-code in the request of described execution P-code;
Described driver is decrypted described encryption P-code, determines whether to perform described P-code according to decrypted result.
2. method according to claim 1, is characterized in that, describedly from the code of application program to be protected, obtains P-code comprise:
From the code of application program to be protected, dot-dividing type obtains P-code, and described dot-dividing type obtains the P-code that the P-code diverse location be included in the code of application program to be protected obtains different code logic.
3. method according to claim 1, is characterized in that, describedly comprises for the encryption of described P-code obtains encryption P-code:
Described P-code is built into code block;
Carry out asymmetric encryption to described code block to obtain encrypting P-code;
Described encryption P-code is carried out this locality to preserve.
4. method according to claim 1, is characterized in that, described method also comprises:
The rights of using of application program to be protected are set.
5. method according to claim 4, is characterized in that, the described rights of using arranging application program to be protected comprise:
The hardware information with the machine of rights of using is generated machine code;
Hash operation is carried out to described machine code and obtains cryptographic hash;
By the private key preset to described cryptographic hash be encrypted obtain described in there is the digital signature of the hardware information of the machine of rights of using;
Receive at described driver in the execution P-code request of described application program transmission to be protected, the request of described execution P-code also comprises: described digital signature.
6. method according to claim 5, is characterized in that, described driver is decrypted described encryption P-code, determines whether that performing described P-code also comprises according to decrypted result:
Described driver uses the PKI corresponding with the private key preset to verify described digital signature, determines whether to perform described P-code according to the result.
7. a software protecting equipment, is characterized in that, described device comprises:
Acquiring unit, obtains encrypting P-code for obtaining P-code in the code from application program to be protected and encrypting for described P-code;
Creating unit, carry out mutual driver for creating with described application program to be protected, described driver is for deciphering described encryption P-code and performing described P-code;
Receiving element, for the execution P-code request making described driver receive described application program transmission to be protected, carries described encryption P-code in the request of described execution P-code;
Decryption unit, for making described driver be decrypted described encryption P-code, determines whether to perform described P-code according to decrypted result.
8. device according to claim 7; it is characterized in that; described acquiring unit is used for dot-dividing type from the code of application program to be protected and obtains P-code, and described dot-dividing type obtains the P-code that the P-code diverse location be included in the code of application program to be protected obtains different code logic.
9. device according to claim 7, is characterized in that, described acquiring unit comprises:
Build module, for described P-code is built into code block;
Encrypting module, obtains encrypting P-code for carrying out asymmetric encryption to described code block;
Preserving module, preserving for described encryption P-code being carried out this locality.
10. device according to claim 7, is characterized in that, described device also comprises:
Setting unit, for arranging the rights of using of application program to be protected.
11. devices according to claim 10, is characterized in that, described setting unit comprises:
Generation module, the hardware information for the machine by having rights of using generates machine code;
Computing module, obtains cryptographic hash for carrying out Hash operation to described machine code;
Signature blocks, for the private key by presetting to described cryptographic hash be encrypted obtain described in there is the digital signature of the hardware information of the machine of rights of using.
12. devices according to claim 11, is characterized in that, described decryption unit is also verified described digital signature for the PKI that the private key used with preset is corresponding, determines whether to perform described P-code according to the result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510857401.3A CN105468940B (en) | 2015-11-30 | 2015-11-30 | Method for protecting software and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510857401.3A CN105468940B (en) | 2015-11-30 | 2015-11-30 | Method for protecting software and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105468940A true CN105468940A (en) | 2016-04-06 |
| CN105468940B CN105468940B (en) | 2019-01-01 |
Family
ID=55606630
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510857401.3A Active CN105468940B (en) | 2015-11-30 | 2015-11-30 | Method for protecting software and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105468940B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106407751A (en) * | 2016-08-31 | 2017-02-15 | 北京深思数盾科技股份有限公司 | Method and device for protecting executable file |
| CN106789088A (en) * | 2017-02-08 | 2017-05-31 | 上海诺行信息技术有限公司 | A kind of software version signature mechanism |
| CN106951744A (en) * | 2017-03-15 | 2017-07-14 | 北京深思数盾科技股份有限公司 | The guard method of executable program and device |
| CN107526947A (en) * | 2017-09-26 | 2017-12-29 | 重庆市珞宾信息技术有限公司 | A kind of embedded software active control method |
| CN107678875A (en) * | 2017-09-29 | 2018-02-09 | 北京深思数盾科技股份有限公司 | A kind of fault detect and self-repairing method, device, terminal and storage medium |
| CN109727134A (en) * | 2018-12-29 | 2019-05-07 | 北京奇虎科技有限公司 | A kind of copyright transaction method and device for pictures |
| CN111164593A (en) * | 2019-12-27 | 2020-05-15 | 威创集团股份有限公司 | Registration authorization method and system |
| CN112651031A (en) * | 2020-12-14 | 2021-04-13 | 展讯半导体(成都)有限公司 | Digital signature method, digital signature verification method, electronic device and storage medium |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US12273362B2 (en) | 2022-06-10 | 2025-04-08 | Bank Of America Corporation | Securing data in a metaverse environment using simulated data interactions |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1776563A (en) * | 2005-12-19 | 2006-05-24 | 清华紫光股份有限公司 | File encrypting device based on USB interface |
| CN101261666A (en) * | 2008-04-10 | 2008-09-10 | 北京深思洛克数据保护中心 | A method for realizing software copyright protection based on encrypted executable program file |
| CN102915411A (en) * | 2011-08-02 | 2013-02-06 | 张景彬 | Dereplication encryption lock for software and hardware of embedded system |
| CN103425911A (en) * | 2013-08-07 | 2013-12-04 | 北京深思数盾科技有限公司 | Method for enhancing software protection usability |
-
2015
- 2015-11-30 CN CN201510857401.3A patent/CN105468940B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1776563A (en) * | 2005-12-19 | 2006-05-24 | 清华紫光股份有限公司 | File encrypting device based on USB interface |
| CN101261666A (en) * | 2008-04-10 | 2008-09-10 | 北京深思洛克数据保护中心 | A method for realizing software copyright protection based on encrypted executable program file |
| CN102915411A (en) * | 2011-08-02 | 2013-02-06 | 张景彬 | Dereplication encryption lock for software and hardware of embedded system |
| CN103425911A (en) * | 2013-08-07 | 2013-12-04 | 北京深思数盾科技有限公司 | Method for enhancing software protection usability |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106407751A (en) * | 2016-08-31 | 2017-02-15 | 北京深思数盾科技股份有限公司 | Method and device for protecting executable file |
| CN106407751B (en) * | 2016-08-31 | 2018-11-27 | 北京深思数盾科技股份有限公司 | The method and apparatus that executable file is protected |
| CN106789088A (en) * | 2017-02-08 | 2017-05-31 | 上海诺行信息技术有限公司 | A kind of software version signature mechanism |
| CN106951744A (en) * | 2017-03-15 | 2017-07-14 | 北京深思数盾科技股份有限公司 | The guard method of executable program and device |
| CN106951744B (en) * | 2017-03-15 | 2019-12-13 | 北京深思数盾科技股份有限公司 | protection method and device for executable program |
| CN107526947A (en) * | 2017-09-26 | 2017-12-29 | 重庆市珞宾信息技术有限公司 | A kind of embedded software active control method |
| CN107678875A (en) * | 2017-09-29 | 2018-02-09 | 北京深思数盾科技股份有限公司 | A kind of fault detect and self-repairing method, device, terminal and storage medium |
| CN109727134A (en) * | 2018-12-29 | 2019-05-07 | 北京奇虎科技有限公司 | A kind of copyright transaction method and device for pictures |
| CN109727134B (en) * | 2018-12-29 | 2024-04-05 | 三六零科技集团有限公司 | Picture copyright trading method and device |
| CN111164593A (en) * | 2019-12-27 | 2020-05-15 | 威创集团股份有限公司 | Registration authorization method and system |
| CN112651031A (en) * | 2020-12-14 | 2021-04-13 | 展讯半导体(成都)有限公司 | Digital signature method, digital signature verification method, electronic device and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105468940B (en) | 2019-01-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9673975B1 (en) | Cryptographic key splitting for offline and online data protection | |
| CN107959567B (en) | Data storage method, data acquisition method, device and system | |
| CN105468940B (en) | Method for protecting software and device | |
| US10020939B2 (en) | Device, server and method for providing secret key encryption and restoration | |
| CN102271037B (en) | Based on the key protectors of online key | |
| US9735962B1 (en) | Three layer key wrapping for securing encryption keys in a data storage system | |
| US11575501B2 (en) | Preserving aggregation using homomorphic encryption and trusted execution environment, secure against malicious aggregator | |
| US8850206B2 (en) | Client-server system with security for untrusted server | |
| US9171145B2 (en) | Protecting cryptographic secrets using file system attributes | |
| CN110008745B (en) | Encryption method, computer equipment and computer storage medium | |
| CN101950347B (en) | Method and system for encrypting data | |
| CN105450620A (en) | Information processing method and device | |
| CN110214440A (en) | Address credible performing environment | |
| KR20120079639A (en) | Contents protection, encryption and decryption apparatus using white-box cryptography | |
| CN101311942A (en) | Software encryption and decryption method and encryption and decryption device | |
| CN109274644A (en) | Data processing method, terminal and watermark server | |
| EP2629223A1 (en) | System, devices and methods for collaborative execution of a software application comprising at least one encrypted instruction | |
| CN117240625A (en) | Tamper-resistant data processing method and device and electronic equipment | |
| CN102135944A (en) | Method for safe data storage in mobile communication equipment | |
| CN112866216B (en) | Method and system for encrypting file | |
| US11496287B2 (en) | Privacy preserving fully homomorphic encryption with circuit verification | |
| CN109255225A (en) | Hard disc data security control apparatus based on dual-identity authentication | |
| CN104392153A (en) | Software protection method and system | |
| CN107483187A (en) | A data protection method and device based on a trusted cryptographic module | |
| CN112115491A (en) | Symmetric encryption key protection method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100193 Beijing, Haidian District, East West Road, No. 10, East Hospital, building No. 5, floor 5, layer 510 Applicant after: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. Address before: 100872 room 1706, building 59, Zhongguancun street, Haidian District, Beijing Applicant before: BEIJING SHENSI SHUDUN TECHNOLOGY Co.,Ltd. |
|
| COR | Change of bibliographic data | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee after: Beijing Shendun Technology Co.,Ltd. Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |