CN1295682A - Simultaneous protection for several types of software of several software designers - Google Patents

Abstract

The invention concerns the protection of several types of software against unauthorized use, consisting in a reader apparatus (LCL) for simultaneously protecting several types of software of several software designers and comprising at least one communication peripheral (network, I/O port), a microcontroller programmable only once which integrates on the same silicon chip two parts separated by an interface. The integrated circuit is logically and physically protected against all attempts of unauthorized intrusion. The invention also concerns a portable apparatus of relatively small size with respect to the chip card connected for its use with the LCL apparatus, comprising at least a detachable recording module with high storage capacity, a microcontroller made secure against all attempts at unauthorized intrusion into its internal circuits. Thus the invention provides protection for several types of software independently of their editors with a single apparatus.

Description

Protection in the time of from a plurality of software developers' multistage software

Invention field

The present invention relates to protect software not used by unauthorized.

Background technology

Software industry is undoubtedly the easiest field that is replicated of product.The storage density of the information storage medium of general using optics or magnetic device becomes more and more higher.In addition, copying to the time required on this medium also is fast.And the cost of handling powerful information-storing device (software, data) also realized fully popular, thereby make the new version software put on market just face the problem of bootlegging very fast.And, utilize the CD-ROM bootlegging not to be dealt with according to law on a large scale in some country.If this situation spreads down, the whole software industry will be collapsed.Software developer's (also abbreviating the deviser as) has developed program.Sell the usage license of its software subsequently to the client.As general rule, software Design, Inc. is by selling its software product and/or selling permission and obtain profit.

The illegal use of software is that relative authorization is used software.Therefore the implication of authorizing is that the software developer prepares to authorize the user with the permission that law relates to, and authorizes the product that uses the deviser under the Business agreement clause.

The software marketing price is calculated according to the number of users that may buy software.Therefore the profit of software Design, Inc.'s earning is mutually as depending on the degree that the client buys the mode that software is used in the back.The user can freely duplicate the content that comprises the software medium of purchasing to a certain extent, depends on client's honesty degree on software developer's the livelihood certain degree.

Therefore for software used on the network, the permission of acquisition is authorized usually and only use given piece of software on a computer workstation.In order on many workstations, to use, must buy corresponding license count according to the workstation quantity of using software.For personal computer, this quantity equals 1, but, observe defined terms in the purchase license contract so can't guarantee deviser's client because any suitable method of shortage or means prevent to use software on greater than the computer workstation of buying license count.

Software price calculates according to the number of users that may buy software.Therefore depend on the profit certain degree of software Design, Inc.'s earning that the client buys the mode that software is used in the back.The user can freely duplicate the Media Contents that comprises the software of buying to a certain extent, so depends on client's honest degree on software developer's the livelihood certain degree.

Therefore for the software of online use, the permission of acquisition is authorized usually and only use given piece of software on a computer workstation.In order on many workstations, to use, must buy corresponding license count according to the computer workstation quantity of using software.For personal computer, quantity equals 1, but owing to lack suitable method or means and prevent to use software exceeding on the workstation of buying license count, sells defined terms in the contract of permitting so can't guarantee that deviser's client observes.

And for the software that uses on isolated computing machine (personal computer) or the network, if the software developer does not take any step, just can't prevent that pirate user from making software copy and unrestrictedly install on computers and use software and be not dealt with according to law on computer media.Formed the underground market of sale " piracy " software thus.Huge infringement may be brought to software industry in this uncontrolled market.

Seeking to restrict this bootlegging and/or using the deviser of software phenomenon can buy electronic installation makes software obtain to a certain extent protection.But this solution can only be applied to some software type.And these devisers depend on the supplier of this software protecting equipment.Because comparing guard method with software price costs an arm and a leg, so the meagre software developer of budget may its digital product of unable protection.

And the use of this electronic installation needs the software developer to buy this device before reality is sold software.This situation makes need set up the stock, compares with the rival who does not use the software protection means, and the deviser is disadvantageous.

In order to solve the above-mentioned variety of issue in the software use, various schemes have been proposed in the past.U.S. Patent No. 5,553,139 have proposed scheme on the net a kind of or the last protection of separate unit workstation (personal computer) software.But it can't make the software of table apparatus protection from a plurality of different software devisers.

Electronic system by directly linking to each other with main frame I/O port has adopted additive method for given computing machine.In U.S. Patent No. 5,343, a kind of like this system has been proposed in 524.This invention depends on the use based on the electronic circuit of the safe microcontroller that can't duplicate.In this invention, the existence by utilizing the key authentication device also makes software obtain protection with described device reciprocation.But there is the shortcoming (because expense) of the software that can only protect a large amount of making according to the device of this invention, and also can only protects software from same deviser.Caihong Co has issued a kind of like this similar products like example.

The guard method of the pure software of employing is also arranged.This protection often comprises requirement user input reference password.Come authentication password by very complicated calculating subsequently.But it can't prevent the certain user find employed compute type and therefore the software protection of this mode be insecure.

More powerful system is used to realize the function of coprocessor, can calculate the code section of given section of this method protection software.Generally, owing to utilize the key (visit is protected) in the ROM type storer that is stored in coprocessor that software section is encoded, this software can't consign to directly use under the state of user.The software that the user who secures permission according to this principle must use this method to protect on the particular host that this software is installed.In addition, it is difficult to protect a plurality of softwares of a plurality of design corporations.Therefore in U.S. Patent No. 4,817, the coprocessor that has proposed to have similar characteristics in 140.Suppose that the user has key and proves that it has bought user's permission, then can enable the coprocessor of this patent.There is another kind of shortcoming in this system: because it is exclusively used in a deviser's software protection, institute is so that the existence of coprocessor becomes an obstacle, particularly when other devisers determine to provide similar software protection form.In some cases, it is impossible buying new equipment.And this coprocessor only could be accepted as the part of investment when comparing software price high (costliness) with the coprocessor of costliness.And the user is bound on the computing machine that this coprocessor has been installed.

Great majority are used to protect the system-specific of software in specific software type.The user is relatively poor to the impression of this system, to a certain extent it is considered as the electronic police prier rather than the Protector of some type.And this system is confined to the use of the software of this system protection on the main frame of install software to a certain extent.And protection software write the structure that very closely depends on protective device, it may make the complexity that develops software.And by " Dao Er chip ", the user is tied to the device of protection software in software uses.Therefore for example, if lost the Dao Er chip, then mean usually and lost the right of using the software that links to each other with the Dao Er chip.And security system for software reckons without the one section software that is attached on the securitron and may be stolen.Under the situation of being stolen by the robber and illegally using, have no idea to stop stolen software to be used.And the user need buy and obtains new permission.

And some protection Characteristic of Software is certain term of life.In U.S. Patent No. 4,868, a kind of like this system has been proposed in 736.The shortcoming of this patent is the function that can only provide special.

Summary of the invention

The present invention can remedy all above-mentioned these shortcomings.

The present invention relates to protect software to avoid not meeting the condition that the software developer sets.It relates to and is used to protect a plurality of unify single assemblies of piece of software of specific design person of concrete department of computer science that are independent of.Its basis is to utilize two kinds of electronic equipments that can not duplicate mutually under unauthorized.This copy protection of apparatus of the present invention is provided by the authentication method that is integrated in the device.

First device is the electronic reader that is used to read second device.It is called the LCL of clearance card reader.Reader provides the present invention nearly all software protection function.

Second device is the electronic cards that is called CL (clearance card).Each is attempted to carry out the present invention and protects the user of software to have to have stored and use the present invention to protect the card CL of soft ware authorization.

Therefore the present invention is divided into three levels with software protection.At first, the method that the present invention relates to can make protected software (recording medium) separate from the medium (reader LCL) of realizing software protection.Secondly, reader LCL is independent of software that the present invention protects issue.Therefore same reader LCL can be used for protecting many softwares that are independent of deviser and software number of packages.The software of the present invention's protection only just can use when the user has available card CL, and this card is independent of reader LCL issue.

In the present invention, compare with smart card, card CL is the little mancarried device of volume.It has removable huge storage capacity recording device.It makes that the storage mode of data is to make it just do not read without permission and/or revise.It is used as access means basically, and the software that the present invention is protected can use.The operable condition of piece of software is fixed by the software developer.Could carry out this section software under the condition of the mandate that the user only provides on the subscriber card CL when the user has purchase.Card CL is used for storing the removable recording medium of a large amount of mandates to use protected software.Therefore blocking CL makes that the user can carry out to authorize when software that the user is authorized to can use (i.e. supposition protection software itself on computers) and uses software and the corresponding software of use on any computing machine.

With regard to the use of this card CL, the invention still further relates to the device of avoiding the loss that card CL is stolen.When losing or when stolen, the management organization of apparatus of the present invention can make card lose efficacy.The permission of this software of most of use can be remedied after losing.Therefore the user does not have the danger that the piece of software right is used in forfeiture when card CL loses, and danger may occur under the software protecting equipment of prior art.

The present invention relates to be independent of the method for the protection software of computer system.The present invention can be protected software when software uses on network and/or personal computer.The peripherals of the various relatively adding internal electron of reader LCL system has and has huge module capacity.Therefore be very easy to reader LCL is linked to each other with any computer equipment.Therefore can in a large amount of computer systems of the various systems that find, realize by the reader LCL by same type according to software protection of the present invention.The operation of this reader LCL is independent of computer system.Therefore reader LCL provides the software protection of the computer system that is independent of executive software.

The present invention makes the exploitation of protection software be independent of technical characterictic according to device of the present invention.The present invention protects the exploitation of software to be independent of the built-in function of LCL.By being carried out by the LCL internal resource, the function part that constitutes software can realize the piece of software that the present invention protects.The mode of writing of these functions is fully transparent, and the software developer needn't consider the electronic structure of LCL to a certain extent.The proper operation of these functions can be from reader LCL external testing, thereby for the deviser, relates to the work of protecting software and be confined to write these functions.These functions are compared with software standard section size to be small-sized computing function basically and to carry out very soon.Therefore with network that same reader LCL links to each other in can use a plurality of different piece of software.And a plurality of piece of software of the present invention's protection can be used on the personal computer that has only a reader LCL thus.With compare under the network environment, using the operation of reader LCL under the personal computer only is the difference of communications peripheral aspect under two kinds of situations.

In the present invention, reader LCL is performed making of all piece of software by measurement and is used for protecting software.Reader LCL of the present invention can determine on the computing machine and/or the license count on the whole network that links to each other.Can know given user use given piece of software during.In the present invention, can know all use information relevant with correlation time with given piece of software.These make reader LCL to arbitrate the software use of the present invention's protection at the measurement mechanism of reader LCL specially.This arbitration realizes as the service condition function, can be applicable to every section program of the present invention's protection.These conditions are determined by the software developer.

Therefore, in the present invention, card CL is used for the storing software use authority and uses the present invention to protect the user basic information of software with relevant user.Reader LCL is used for confirming that relative user uses the user basic information of software right whether to meet with the service condition that the software developer determines.In enforcement of the present invention, these conditions can be the time restriction conditions, on limits operation number of sessions is restricted to the condition of user's license count that card CL possessor has.

Therefore single reader LCL can arbitrate the use of one or more different software sections of the present invention's protection on one or more computing machine.Rules of arbitration can be specially at each version of piece of software, thereby single assembly is comprised apply a plurality of piece of software under the criterion (they are at every section use that comprises software).

The present invention can be independent of protective device issue protection software, so the software developer need not to set up the stock who is used for protective device.Therefore according to software protection of the present invention for large software still be small-sized software all be useful: utilize the single assembly that is independent of the deviser to protect a plurality of piece of software can reduce the cost that utilizes security system for software of the present invention.In addition, the present invention provides huge dirigibility for the management of protection software.The scale of licensing given piece of software can centralization or decentralized.

And in the present invention, the software of protection can be created in every way.The mandate of creating the piece of software of the present invention's protection can centralization or decentralized (situation when exploitation demoware or restriction use software).

And device of the present invention can be communicated by letter with far end system.The management of this device is finished by far end system, and in one embodiment of the invention, far end system is the server that is called aSVR.This server is set the service condition of apparatus of the present invention.It is arbitrated the use of apparatus of the present invention in the ordinary way.

And use the mandate that is included in the software among the card CL can move into reader LCL or another card CL.When authorizing immigration reader LCL, need not card CL just can provide protecting the protection of software.When moving into another card CL, can sell software licensing by the retailer.The present invention can make the scale centralization of soft ware authorization or decentralized.

And in the present invention, card reader LCL has the device that one or more energy add peripheral hardware speed and conveniencely.In specific embodiment, reader LCL comprises wireless receiver and receives information with the transmitter from described server aSVR management with optional secured fashion.Receiver is used to buy the off-line operation of software use authority basically and upgrades operation.It can also manage the security under apparatus of the present invention use.

Apparatus and method of the present invention can be under computing machine connect or by the system of manual intervention buying behavior take place.Buy therefore can be online or off-line finish.These purchases comprise obtaining uses the present invention to protect the mandate of software.The present invention relates to be used in particular for making the subscriber authorisation can received digital wireless receiver.

In order to protect a plurality of piece of software that are independent of the deviser; the present invention relates to utilize the safe microcontroller in the reader LCL; prevent that promptly unauthorized from reading and/or revising the microcontroller of the computer virus attack that internal storage and preventing may run into when it knows unreliable program, have nothing to do as the use of the reader of software protecting equipment and possible Business agreement.Therefore this character is used reader LCL and card CL in the gratis fully.

In order to make the user can carry the mandate that protection software uses, card CL is miniaturization.It is based on microcontroller, can accesses definition use the information of the right of given piece of software.It can also store the mandate that very many use the present invention protect software.Information stores is in large-capacity storage media.It is protected, and prevents no unauthorized modifications or reads.In addition, the built-in system of microprocessor also is protected, and prevents physics or logical check.

And the invention provides the security system for software that can develop, it can update package be contained in all computer systems in the above-mentioned microcontroller in to a certain degree.The ability that provides data storage and program safety to carry out is provided, and is considered the possibility of the computer system of upgrading apparatus of the present invention, the present invention can make software protecting equipment be used for other applications.

The accompanying drawing summary

Accompanying drawing has been set forth the present invention:

Fig. 1 shows various connections used among the present invention and reflects normal operations of the present invention.It is appreciated that the various implications that apparatus of the present invention are used.

Fig. 2 shows the various software layers that given LCL is linked to each other with far end system.

Fig. 3 is the block diagram of used microcontroller architecture among the device LCL.

Fig. 4 shows association possible between the LCL of two competitions on the consolidated network, protects the relevant operation of software thereby they can be shared with the present invention.

Fig. 5 for the block diagram of the various unit that constitute electronic cards CL and particularly with block the relevant microcontroller architecture of CL.

Fig. 6 is the view of card CL carrier.

Fig. 7 is the skeleton view that has support C L extraction from it is supported of compact flash.

Fig. 8 shows negative and positive connector group between LCL and the CL.

Fig. 9 shows the situation that device of the present invention has the term of life of the relative calendar of user.

Figure 10 shows the step that is used to prevent the operation under demo plant (reader LCL and card CL) of pirate device in the verification process.

Figure 11 shows and buys the operation steps that the present invention protects the usage license of software.

Figure 12 is the used simplification logic tree of microcontroller 100 operating systems of protection software.

The preferred mode that carries out an invention

Referring to Fig. 1, in one embodiment of the invention, utilize the total system of electronic reader to manage concentratedly by server aSVR, server comprises the database relevant with apparatus of the present invention 12.Unit group in the frame 10 is by given organization and administration.This tissue issue device relevant with the present invention.Server aSVR can with the far-end computer system communication that utilizes reader LCL.In various embodiment of the present invention, reader LCL can comprise the device that directly links to each other with network 40 or personal computer (shown in the frame 30) I/O port, perhaps can comprise digital wireless receiver 22 (shown in the frame 20).

In the present invention, Fig. 2 shows various layers, and LCL arrives far end system by each layer.Communicating by letter between far end system and the LCL by two program management that operate on the computing machine 50.As a kind of functions of use, computing machine with between the reader LCL be connected 54 can be the network shown in the frame 40 connect or can be as shown in frame 30 and 20 as calculated the I/O port of machine 50 directly link to each other.Consider be used to realize that port of the present invention is USB (universal serial bus) (USB) interface, and the assumed calculation facility have this communication port for speed.Description of the invention is refered in particular to frame 40, and it utilizes the Ethernet under the ICP/IP protocol.Therefore under this background, reader LCL has the suitable network peripheral hardware.Program PGM52 can with given reader LCL interactive communication.This communication is undertaken by driver procedure DRV51.Referring to Fig. 2, driver 51 is finished all communication functions between reader LCL and the computing machine 50 that is connected reader.Various functions at two programs of apparatus of the present invention control are below described specially.Program PGM provides the ability of communicating by letter with long range systems to reader LCL.In order to realize this communication, PGM utilizes the communication resource 53 of main frame 50.Program DRV provides local communication between reader LCL and program PGM.In frame 30, this can provide the modulator-demodular unit 31 that is connected with the Internet, and server aSVR also is connected with the Internet.In one embodiment of the invention, in frame 40, the communication resource 53 is resources of the computing machine 50 relevant with the LAN (Local Area Network) resource and through the access to the Internet long range systems.

The correct condition that is connected that the use of reader LCL meets the condition for identification in the switching and block CL under reader LCL support.This two conditions are below described.

Frame 20 corresponding reader LCL with do not comprise situation about being connected with the computing machine of far end system communicating devices.This operation is below described.

In the present invention, can protect software by the fraction function of finishing given piece of software by described electronic reader LCL.Described electronic cards CL has the mandate of using software.Under given memory capacity, card CL can store a large amount of subscriber authorisations.Therefore the present invention can make single electronic device protect the multi-segment program that is independent of the deviser simultaneously.

In an embodiment of the present invention, reader LCL is relevant with separately unique sequence number with card CL.Thereby server aSVR utilizes database 12 management to make reader LCL and card CL can operate the protection information of software, and database must be protected, and prevents without permission to the visit of protection software systems has been installed.Given card CL and given reader LCL are given in organizing of management aSVR key kT.c and kT.d with sequence number ID.c and ID.d and secret coding respectively.ID.c and ID.d are unique.These two numerals and two keys are stored in the nonvolatile memory that is included in CL and the LCL electronic system.Below provide further details.To (ID.c is kT.c) with (ID.d kT.d) also is stored in the database 12, and it can only be visited through aSVR for security consideration.Key kT.c and kT.d only allow aSVR know in being placed on device LCL and CL literary composition.

And in an embodiment of the present invention, digital ID.c and ID.d are disclosed but can not revise.This means they be stored in the protected storage of the electronic system that is integrated into each device of the present invention and with user's communications be expressly.In this embodiment of the present invention, they are marked on the shell of the carrier of CL and LCL.The present invention is irrelevant with the shell form that is used for reader LCL in addition.

In this implementation of the present invention, adopt data encryption standards (DES) encryption system of the encryption method of scrambled key kT.d and kT.c from the IBM exploitation.These two key lengths are 128 bits, are enough to protection and are not decrypted.In a particular embodiment, can adopt the encryption of other types and the key of other length.

In the present invention, by computer program PGM device LCL and CL are carried out parametrization to a certain degree and adapt to every type computing machine and computer operating system.PGM makes the user can start the program relevant with the operation that requires user intervention.These programs are below described.PGM is by the tissue issue of described management aSVR.On main frame, install after the PGM, finish the operation of location reader LCL.If reader LCL directly links to each other with the main-machine communication port, then as shown in Figure 2, thus communication through described port makes computer program send data and not consider from LCL reception data to communicate by letter between computing machine and the reader LCL that links to each other to LCL with software driver DRV technical characterictic is installed.It is transparent that driver DRV makes the use of reader LCL.

When protection software when on network, using (as frame 40), computing machine is communicated by letter with the LCL that is connected LAN (Local Area Network) thereby on network, in every computing machine suitable driver procedure DRV is installed.Driver DRV makes LCL can be every on the network transparent use of computing machine, and computing machine can have a plurality of different operating systems.

After installing on Ethernet, reader LCL receives the address ip relevant with ICP/IP protocol, thereby driver can be installed on the network computer of being located.

In addition, every driver DRV makes every to use the present invention to protect the main frame of software to communicate by letter with reader LCL.This implementation of the present invention can also make a plurality of program PGM set up communication with the given reader LCL that is connected network.When in network 40, using, (show here the computing machine that utilizes two reader LCL distribute to be known) as shown in Figure 4, the function that reader LCL (if adopting implication of broad sense) can other readers LCL share protect software.Being distributed in this realization of the present invention of reader LCL between the computing machine on the network determined by the network manager.The keeper is the reader LCL distribution network computing machine on the network when program DRV is installed on every network computer.DRV has been provided the address ip of the use reader LCL of institute.

After PGM was installed on the main frame, the computer user can finish following operation on the given reader LCL that connects given card CL: the usage license of the software of on-line purchase the present invention protection; The software users permission of some is transferred to another card CL from a card CL; Recover to lose the relevant operation of permission because of losing card CL; And update package is contained in the program in reader LCL or the card CL.

Therefore in implementation of the present invention, considered piece of software LD.But following description also can be applied to other softwares.Its deviser (manufacturer) is divided into two parts according to the present invention by the function that will constitute software and protects, and prevents illegal use.First relates to the program that main frame is carried out.Second portion relates to the function that the LCL computational resource will be finished.These functions must be the functions that can carry out fast.Its size is the 100Kb magnitude.

Function list { F ₀, F ₁, F _i..., F _n) extract from the second portion of described software LD.Operation needs these functions for software LD.When extracting them, need satisfy primitive rule: these functions must be to carrying out the computer resource characteristic no requirement (NR) of LD.This condition satisfies quite easily.For example, described function list can only be made up of simple computing function.

In of the present invention this realized, these functions can be write and be independent of reader LCL and test its correct operation.Be used for realizing the inventive system comprises virtual Java machine.Therefore these functions are write with Java.Therefore these functions compile and are stored among the file LF with " bytecode " of general Java language.

In addition, in this implementation of the present invention, the protection of software LD is by executive routine PGM begins on the computing machine of LF comprising.In this implementation of the present invention, PGM subsequently from the LD deviser ask the operating system that LD moves (WINDOWS NT, DOS, UNIX ...) and computer type (MACINTOSH, SPARC, PC ...).According to these copies, PGM operation is used for program that available reader LCL is linked to each other with server aSVR.Communicating by letter as shown in Figure 2 between LCL and the aSVR.The sequence number of reader LCL gives server aSVR when beginning.In the program of the software of creating the present invention's protection, LCL adopts safe communication request aSVR that one protection software LD is provided relevant sequence number S# and coded key kX.S#.

In this implementation of the present invention, S# defines on 128 bits, and key kX.S# is defined as the des encryption that utilizes 128 bit long.

In this implementation of the present invention, in order to finish the described secure communication with aSVR, LCL is by beginning to the numbering ID.d that aSVR sends oneself with non-coded system.Related by with corresponding secret key, aSVR seeks the key kT.d relevant with ID.d in its database 12.

Therefore aSVR returns S# and kX.S# with the form of utilizing key kT.d coding to LCL.Reader LCL utilizes the key kT.d and the des encryption algorithm that are included in the internal storage 111 to receive the plaintext form of S# and kX.S# to finish decoding.

In the present invention, owing to after using, deleted kX.S# from the safe DRAM storer 109 of LCL, so have only aSVR to know key kX.S#.And S# communicates by letter with PGM, and PGM writes the binary file that comprises the software restricting condition for use with it.In this implementation of the present invention, file can have following form: the S# of related software (128 bits), permanent permission (8 bits), (24 bits) between the operating period, use and expire (16 bits), carry out number (32 bits).This document has the size of 26 bytes.After this, { F ₀, F ₁, F _i..., F _nStand cryptographic operation.Function F _oIndependent processing.In this implementation of the present invention, this is " initialization " process, at first is used in the counting and network frame 40 used permission number on the network, and subsequently Survey Software LD about the operating characteristic of time.This function is carried out when user's executive software LD, and is to carry out respectively.F ₀First function of being carried out by LCL when opening software LD and carry out dialogue particularly.

F ₀Utilization is different from the key coding of kX.S#.For this reason, the key K EL.S# of software PGM generation same-type is used for des encryption.Key K EL.S# only knows for the LD deviser.In this implementation of the present invention, KEL.S# is the key of 128 bits.The deviser is responsible for guaranteeing the security of this key K EL.S#.The deviser makes the function of this coding utilize key K EL.S# information encoded related with other.This is a file that comprises software LD restricting condition for use.This coded message configuration file eF subsequently in this implementation of the present invention ₀

In addition, in this implementation of the present invention, utilize key K X.S# other functions of encoding.For this step, PGM sends F through DRV to LCL ₁, F _i..., F _nThe computational resource of LCL utilizes key kX.S# to these function continuous programming codes subsequently.In encoding operation end, LCL returns respectively and { F ₀, F ₁, F _i..., F _nCorresponding { eF ₀, eF ₁, eF _i..., eF _n.

In this implementation of the present invention, PGM proceeds to the software compilation subsequently.For given operating system, PGM is created in the library file of carrying out function on the given subscriber computer during the executive software LD.The various functions in storehouse make { eF ₀, eF ₁, eF _i..., eF _nElement can in the reader LCL when using LD, carry out the required parameter of respective function and be loaded.EF ₀, eF ₁, eF _i..., eF _nThe function F F that creates by PGM respectively ₀, FF ₁, FF _i..., FF _nLoad.These functions are created as the function of OS Type and the function of the computer type of carrying out LD.PGM is thus with { FF ₀, FF ₁, FF _i..., FF _nAnd { eF ₀, eF ₁, eF _i..., eF _nWith the combination of the remainder of the protected software LD of this mode and be marked with S#.Recording medium is put in whole set subsequently, for example among the CD-ROM.Because software can't use in this state, so software is protected thus and can freely distributes.Therefore recording medium can free fully mode be distributed.

Therefore software protection of the present invention is based on the computational resource that utilizes reader LCL.

In the present invention, reader LCL is the electronic reader of setting up around microcontroller 100, thereby it is at physics with all be safe protection software in logic, prevents by finishing the attempt of undelegated Electronic Testing piracy.The given fact is that this microcontroller 100 will be finished the program in unknown source, the invention still further relates to and prevent to utilize the computer attack of computer virus to microcontroller 100.This prevention has prevented that virus from reading the confidential information with reader LCL functional dependence.Therefore the present invention can guarantee the storage of information and the execution that original upload arrives the external program of the program in the microcontroller 100.

In this implementation of the present invention, the structure that keeps for microcontroller centers on according to the system construction that is used for a hypotactic dual processor group.Referring to Fig. 3, microcontroller 100 comprises two major parts 130 and 120 on a silicon.Adopt the such silicon of application-specific integrated circuit (ASIC) method manufacturing.Part 130 has the processor CPU1 as primary processor.It connects flash memory module 111, DRAM memory module 109, randomizer 112, RS232 I/O port one 51, USB port 152, smart card controller 153, pcmcia controller 154, keypad and lcd screen controller 155, is used to control the controller 113 from processor CPU2, interface 106, external bus interface 105, internal programmable real-time clock 104 and the inner little fuse system 102 that are positioned at part 120 through internal bus 101, and it makes internal bus 101 extend to the outside of microcontroller 100.The part 120 of microcontroller 100 comprises supervision dog 108.CPU2 connects DRAM memory module 110, dma controller 107 and interface 106 through internal bus 114.These two electronic systems (controller 113 and interface 106) are only controlled by primary processor CPU1.Therefore this structure can comprise the program of carrying out unknown source under the situation of information integrity in not damaging microcontroller 100.

In a particular embodiment, microcontroller 100 need not to comprise all or part the following units on same silicon chip: RS232 I/O port one 51, USB port 152, smart card controller 153, pcmcia controller 154 and/or keypad and lcd controller 155.In the specific embodiment (not shown) and in order to accelerate data processing speed, microcontroller 100 can comprise the cryptographic coprocessor that is suitable for the des encryption technology on same chip.Cryptographic coprocessor also can be integrated in the part 130 that is connected with internal bus 101 naturally.

In the present invention, inner real-time clock 104 is by battery 103 power supplies of microcontroller 100 outsides.It is automatic operation.Thereby this clock is integrated in and prevents on the described silicon chip by transmitting the attempt that false time and date carries out Electronic Testing to CPU1.The electric power that clock consumes is less, battery all electric power that need can be provided so that described clock in microcontroller 100 run duration work as reader LCL central unit.The program of refresh clock 104 also can be realized by server aSVR.Clock 104 makes and can measure and according to the date and time complete operation the time intercropping of protection software between the operating period.

Internal bus 101 expands to the outside of microcontroller 100 through little fuse system 102.(not shown) in becoming example has been omitted little fuse system and has been adopted inner OTPEPROM storer.This change example is owing to having utilized little fuse system 102, so provide security on same level.

Little fuse system 102 can provide programmable micro controller in single job.The operating system (comprising the program that makes reader LCL directly and/or indirectly finish all functions relevant with the present invention) of reader LCL being put into required data of operation (key, sequence number, identifier, date, time) and microcontroller 100 is by factory's (flash memory 111) programming in the nonvolatile memory zone.Operating system is carried out in DRAM storer 109.

This implementation of the present invention utilizes the permanent storage media of flash memory as microcontroller 100.Select this flash memory that the operating system of initial programming is upgraded easily.

In this embodiment of the present invention, time and date is given, unless do opposite explanation, all is relative Greenwich mean time (GMT).Therefore when programming microcontroller 100 in factory during setting-up time, employing GMT is as the internal clocking 104 of the microcontroller 100 of each reader LCL.

Suppose that all controllers and interface are all fully under the control of primary processor CPU1 (structure of given microcontroller 100), after the programming, owing to no longer need any direct visit is done in microcontroller 100 inside, so thereby little fuse system is destroyed to prevent that microcontroller 100 from further being programmed.The operating system of Bian Cheng microcontroller 100 is loaded automatically by primary processor CPU1 when each reader LCL starts by this way.

Therefore all information that are stored in the microcontroller 100 are safe, have prevented the attempt of microcontroller 100 external electrical tests.Under physical propertys such as given silicon chip, size and encapsulation, this provides extraordinary physics and virtual protection under prior art, prevent that unauthorized from entering the internal circuit of microcontroller 100.In a particular embodiment, undoubtedly can around microcontroller 100, add other resist technologies.A kind of possible technology is utilized the external electrical device to protect integrated circuit and in the U.S. Patent No. 5,11,457 (IBM) of nineteen ninety description is arranged.

Be used for carrying out program from electronic system 120, the operating system part of loading flash memory 111 in when promptly not being formed in programming microcontroller 100 from the microcontroller outside.It is used for carrying out the program that is protected, and prevents possible computer virus attack.Because the feature of physical protection is to be two parts 120 and 130 with single silicon chip logical partitioning, part 120 is subordinated to other parts 130, is completely so resist the security of this attack.

In this implementation of the present invention, DRAM memory areas 109 strictly is left the operating system of the microcontroller 100 that loads when carrying out programming microcontroller 100 in factory.It will transfer to DRAM storer 110 from the program and/or the interface 106 of data through only being subjected to main control processor CPU1 control of microcontroller outside also as memory buffer.From the program of outside by beginning to carry out from DRAM storer 110 from processor CPU2 (its via controller 113 is by primary processor CPU1 control).

In of the present invention this realized, in order under dissimilar computing machines and different operating system, to use reader LCL, and givenly write above-mentioned function F ₀, CPU2 is Java (PicoJava) processor from sun microelectronics system (SunMicrosqstems) company.This specific character makes function { F ₀, F ₁, F _i..., F _nGeneration be independent of and carry out the present invention and protect the computational resource of computing machine of software and the internal resource of LCL.In addition, the present invention's program test of protecting the deviser of software can simulate virtual Java machine is independent of the function { F of reader LCL ₀, F ₁, F _i..., F _nOperation.

In this implementation of the present invention, CPU1 is a 80386SX type processor.It can directly use very a large amount of inside and/or external memory storage through internal bus 101.Its calculated capacity it is contemplated that high capacity handles the information in the multitask.

In specific embodiment of the present invention, microcontroller need not to use the Java processor, but can adopt 80386SX type processor, its operating system constitutes the virtual Java machine from sun microelectronics system, avoids the possible attack of computer virus in the DRAM110 thereby the program that CPU1 will newly carry out is loaded into.

In addition, in this implementation of the present invention, the information that might be included in the DRAM storer 110 before CPU2 carries out new loading procedure, deleted by CPU1.CPU1 suspends CPU2 through the controller 113 of CPU2, and through the content that interface 106 is deleted DRAM storeies 110, for example loses activity by the circuit that temporarily makes formation DRAM memory module 110.After this, CPU1 utilizes dma controller 107 that execution parameter and pending new procedures directly are loaded into DRAM110.This direct loading can be avoided CPU2 and make CPU1 control DRAM110 fully.Therefore after program loaded, CPU1 was sent to CPU2 with its controller 113 through control CPU2.CPU2 carries out new procedures subsequently.Therefore under given all above-mentioned measures, if program is the computer virus of writing meticulously with one type function F i wherein, then it still can't damage the operation of microcontroller 100, and the data of the function that CPU2 in any not deleted relevant DRAM storer 110 before can not have been finished copy to the outside.And CPU1 keeps access is included in the control of data in the part 130.Each is repeated the process that this goes into program and/or data load DRAM110 by the program of carrying out from processor CPU2.

In this implementation of the present invention, structure shown in Figure 3 can prevent that the program that does not belong to microcontroller 100 operating systems from reading and/or revising the content that is integrated in the internal storage of system 130 in the microcontroller 100.It can also prevent the controller of this class method control interface and/or microcontroller 100, and is used for preventing that the bootlegger from reading the safe storage that is integrated in system 130 in the microcontroller 100 with physics and logical course.

And in the present invention, external bus interface 105 makes the peripheral hardware that microcontroller 100 can control linkage external bus 14.This bus can increase the record peripheral hardware to LCL, for example flash disk type recording medium (as the flash memory of standard disk) or network service peripheral hardware.

The structure of microcontroller 100 provides very strong operational moduleization.In this implementation of the present invention, Ethernet storage peripheral hardware links to each other with the bus 114 of utilizing ICP/IP protocol to communicate by letter.According to used communication type between reader LCL and the given computing machine, peripheral hardware can be connected to the described bus that is suitable for this communication.Therefore thereby wireless receiver peripheral hardware 22 can add reader LCL is used in the frame 20 of Fig. 1.The use-pattern of receiver is below described.

In this implementation of the present invention, the given pcmcia controller 154 that is integrated in the microcontroller 100, used peripheral hardware also can be the pcmcia cards that relates to microcontroller 100 employings of the present invention's operation for all.These pcmcia cards can be PCMCIA ether card, PCMCIA flash cards, PCMCI hard disk or PCMCIA digital wireless receiver module.These various cards do not draw.The use of pcmcia controller makes given reader LCL have the peripheral hardware that is more prone to add than by external bus 114.USB port 150 is used for providing being connected of transmitting and receive at a high speed between computing machine and given reader LCL.This is applied to the content of frame 30 and 20.

I/O port one 51 can make this implementation of the present invention communicate by letter with card CL.

Referring to Fig. 5, electronic cards CL60 is integrated on the single silicon chip around microcontroller 400, and CPU processor 405 connects flash memory module 401, OTPEPROM memory module 407, DRAM memory module 404, RS232I/O serial port 403 and from the compact flash controller 402 of ScanDisk through internal bus 406.

In unillustrated change example, microcontroller comprises the des encryption coprocessor on same silicon chip surface so that CPU can finish cryptographic operation quickly.

In this implementation of the present invention, be impossible from microcontroller 400 outside directly read access OTPEPROM memory modules, thereby guaranteed that the all-access to microcontroller 400 internal circuits all is to carry out under the control of CPU405.The present invention need not to utilize a large amount of computing powers that are integrated in the CPU processor 405 in the microcontroller 400.

Microcontroller 400 comprises that the information that guarantees to be included in the internal storage is not by the method that illegally reads and/or revise.The U.S. Patent No. 5,293,424 on March 8th, 1984 has proposed a kind of method that guarantees memory access security.

In the present invention, inner OTPEPROM storer 407 is used for storage key, identifier nucleotide sequence number, date and microcontroller 400 is finished relate to directly and/or function operations system used according to the present invention indirectly.

In this implementation of the present invention, inner flash memory 401 is used in card CL additional data of permanent storage when leaving factory.It also is used for storing other after card CL leaves factory can make microcontroller 400 direct and/or indirect realizations relate to the data of other functions of the present invention's use.

In this implementation of the present invention, and generally, card CL is by the LCL power supply that links to each other.This electricity connects does not draw.

In the present invention, microcontroller 400 is protected the information that comprises to prevent to revise.This is a kind of and the used similar microcontroller of smart card.It is used for linking to each other by contact the female connector 63 that communication is provided with given reader LCL.

In the present invention, card CL is a Miniature Portable Unit, and it handles the removable memory module of large storage capacity.

In this implementation of the present invention, microcontroller 400 is connected to the connection of compact flash type memory module and supports 64 in the exit of compact flash controller.

In a particular embodiment, the compact flash controller need not to be integrated on the same silicon chip as microcontroller 400.It can also adopt other recording mediums, for example from DiskOnChip module or other peripheral hardwares and the removable nonvolatile memory system of M system.

In the prior art, the microcontroller with microcontroller 400 characteristics is very many.In this implementation of the present invention, represent 32 digit RISC micro controllers of microcontroller 400 characteristics to be integrated on the same chip as the compact flash card controller.This integrated utilization the ASIC integrated technology.

Therefore all safety that are stored in the information in microcontroller 400 storage inside are protected, and have prevented the attempt of external electrical test.

In the present invention, card CL is a small portable apparatus.It makes the information that relates to the use of protection software be independent of electronic reader LCL and transmits.It is used as the key that uses the present invention to protect software.Its portability makes the user can use the user to buy the software of the authority of a user (permission) on the computing machine of handling this software.

In this implementation of the present invention, the geometric format of CL is between compact flash and the pcmcia card.

Referring to Fig. 6, place through hole 62 in carrier 60 bights of sign CL.Card CL is thus attached on the mechanical key ring.In preferable implementation of the present invention, the sequence number ID.c (not shown) of given card CL is printed on the carrier 60 of CL.

In addition, in the present invention, and referring to Fig. 7, compact flash module 61 can be separated from carrier 60 through the connection back-up system 64 of compact flash.

Referring to Fig. 8 and in this implementation of the present invention, card CL is by realizing being connected with reader LCL contact through one group of negative and positive connector.Card CL has the female connector 63 of the corresponding male connector 210 that connects reader LCL.The contact of these connectors makes the RS232 serial communication to realize between LCL and CL.In addition, they can make electric energy be sent to the electronic circuit of card CL.In this implementation of the present invention, reader LCL is held power supply.

(not shown) in a particular embodiment, CL can have the power supply of oneself, thereby can operate automatically.In this particular example, wireless or infrared communication module can be integrated among the CL, thereby the contactless communication with LCL is provided.Hough is in U.S. Patent No. 5,412, described the example of this device in 253.Obviously, under these conditions, reader LCL has suitable communication port.

In an embodiment of the present invention, all keys of writing during to LCL and CL type device device programming in factory relate to 128 key of DES algorithm.Therefore under given description of the invention, DRAM memory module and the CPU405 (risc processor) of the OTPEPROM memory module of 256KB, the flash memory module of 64KB and 512KB integrate, and RS232I/O serial port 403 and compact flash card controller are integrated on the same silicon chip.Obviously, jumbo other storeies can be as having integrated grand function of ASIC and cost function.Provided this tittle for present embodiment.

And in this implementation of the present invention, the size of flash memory module 111 is 1MB.The size of DRAM memory module 109 is 2MB.The size of DRAM storer 110 is 1MB.Provided this tittle for present embodiment.

This group relates to reader LCL and finishes the domestic os that functional programs has constituted microcontroller 100.When microcontroller 100 was programmed in factory, this operating system was recorded in the flash memory 111 of microcontroller.

The program that this group relates to card CL operation has constituted the domestic os of microcontroller 400.When microcontroller 400 was programmed in factory, this operating system was recorded in the OTPEPROM storer 407 of microcontroller.

In the present invention, communicating by letter between LCL and the CL is safe.The present invention relates to the utilization of authentication method, it makes device arbitration group can utilize this method to discern another.This authentication can guarantee to have only the apparatus of the present invention by the checking of the tissue of management server aSVR to operate together.The device that this method of the present invention can guarantee not managed the tissue identification of apparatus of the present invention can not move with the device of identification.This method has prevented that pirate device from reading the data in apparatus of the present invention safe electronic storer.

The invention provides the device that can only use within a certain period of time.For this reason, the feature of all device LCL and CL is the DB and apparatus of the present invention time-expired due date of DE Start Date with service beginning.But DB and DE have constituted open the information that can not revise.

Therefore in this implementation of the present invention, the date DB (DB.d) of reader LCL writes when the free zone of factory program microcontroller 100 flash memories 111.And the date DE (DE.d) of reader LCL writes when the free zone of the flash memory 111 of factory program microcontroller 100.

And in this implementation of the present invention, the date DB (being called DB.c) of CL writes when the free zone of factory program microcontroller 400 flash memories 401.And the date DE (being called DE.c) of card CL writes when the free zone of the OTPEPROM of factory program microcontroller 400 storer 407.

Therefore in this implementation of the present invention, the tissue generation of management aSVR is used for international calendar and (begins and end on Sun.) key kLi weekly Monday.Key kL1 enters first key that produced in first week of operation for the present invention's first device.The implication of key kLi is the key in the i week in described relatively first week.Thereby all these keys are created by the tissue of management server aSVR fully and are maintained secrecy and guarantee the security that apparatus of the present invention are used.

In this implementation of the present invention, for given card CL, during programming microcontroller 400, key kLj is written into the free zone of storer OTPEPROM407.Corresponding the present invention's first device relatively of this key kLj enters the j week in first week of operation.The selection mode of key kLj be all j comprised the card CL enter the date DB of operation.This key is never told the user.In fact have only the tissue of management server aSVR to know it.

And in this implementation of the present invention, for given reader LCL, during programming microcontroller 100, cipher key list { kL _I+l, kLF _I+2, kL _I+3..., kL _I+mCorresponding all and date DB.d deduct the key of the Zhou Xiangguan in 1460 days, and date DE.d is stored in microcontroller 100 flash memories 111.Obviously storage address after suitable conversion can in storer 111, finding.These keys have only the tissue of management server aSVR to know equally.The generation of all above-mentioned keys is relevant with the des encryption algorithm.The size of each key is 128.

In this implementation of the present invention, date and its due date time between the DE that apparatus of the present invention enter operation is 1461 days (4 years).Therefore { kL _I+l, kLF _I+2, kL _I+3..., kL _I+m) in the flash memory of the microcontroller 100 of given LCL, be no more than 7000 bytes (excessive is approximate).How Fig. 4 shows selective listing { kL _I+1, kLF _I+2, kL _I+3..., kL _I+mIn cipher key number.This number is because the existence of device early and still be positioned at the date DB.d that given LCL enters operation.The given capacity that is integrated in the flash memory in the microcontroller 100, all key { kL _I+1, kLF _I+2, kL _I+3..., kL _I+mCan store with the operating system of microcontroller 100.

Therefore the enforcement of described authentication procedure is based on suitably utilizing all these keys.Decode even the implication of cipher key number is such key, the operation relevant with the authentication that relates to described key do not comprise total system of the present invention.

Referring to Figure 10, so that use LCL, just the reader LCL current date that only inner real-time clock 104 provides in the microcontroller 100 of LCL can bring into operation between the date of LCL DB.d and DE.d the time.Otherwise step stops at 551 places.Figure 10 shows the condition of unit 501 expressions.

After this, in step 502, enter operation in order to make reader LCL, the user must finish following identifying operation.

The 3rd, enter operation in order to make card CL, the user must be connected to the male connector 210 that reader LCL has and begins by blocking CL (step 503), thereby communicates with blocking between the CL at reader LCL by contact.The Male Connector 210 of reader LCL links to each other with the RS232I/O port one 51 of microcontroller 100.Card CL has the female connector 63 of the RS232I/O port 403 that connects microcontroller 400 thus.After this, the user must finish following identifying operation.

In this implementation of the present invention, in the 4th step 504, the microcontroller 400 of card CL with Start Date DB.c be sent to the microcontroller of LCL through described RS232 link with non-coding form.If the bootlegger will revise the DB.c value of transmission, then following step can't successfully stop.

After receiving DB.c, the processor CPU1 of the microcontroller 100 of LCL finishes the 5th step 505, and wherein it is verified DB.c and relates to tabulation { kL _I+1, kLF _I+2, kL _I+3..., kL _I+mConsistance between the key kLj.d of unit, thereby make all j relevant comprise DB.c with kLj.d of the present invention.

In the 6th step 506, processor CPU1 utilizes DS encryption equipment and randomizer 112 to produce 128 key kCS.The kCS secret is stored in the DRAM internal storage 109 of microcontroller 100.

In the present invention, kCS is subsequently by kLj.d coding and be sent to the microcontroller of CL with the ekCS coding form.

In the 7th step 507, after receiving ekCS, card CL view utilizes key kLj decoding ekCS.In the present invention, if successfully decoded, described authentication procedure is success.Microcontroller CL will utilize key K CS to send coded message and the decoding information from LCL to LCL subsequently.The microcontroller 400 of card CL is stored in key kCS among the safe inside DRAM404.

Therefore in this implementation of the present invention, in the 8th step 508, microcontroller CL sends relevant with CL due date DE.c to the microcontroller of reader LCL with the form of key kCS coding.

When receiving, in the 9th step 509, whether CPU1 checking DE.c surpasses the current date of the internal clocking regulation of LCL microcontroller 100.If should surpass on the date, then LCL will refuse to continue to communicate by letter with card CL552.Otherwise, can between LCL and CL, carry out safe communication (559).

Therefore LCL is connected beginning and termination when satisfying one of following condition with each communication session between the CL by contact: CL disconnects from LCL; The current date of clock 104 definition surpasses date DE.c; Perhaps the current date of clock 104 definition surpasses date DE.d.Card CL disconnects by the power supply output load to the power electronics of blocking CL from reader LCL and does not exist for sign.

In addition, in the present invention, reader LCL guarantees safety with the symmetric encryption method that key kCS is quoted in all utilizations of communicating by letter between the card CL.

In this implementation of the present invention, the user who attempts to operate apparatus of the present invention must be through the keyboard input PIN of reader LCL code, itself by microcontroller 100 through keyboard and lcd controller 155 controls.During importing, display digit (not shown) and they are by controller 155 controls on lcd screen.This code is given the user when obtaining device (purchase) for the first time.The PIN code is 5 bit digital relevant with each device.It should be maintained secrecy by the possessor of related device.The use of this code is similar with the recognition methods of present smart card.The step that makes the PIN code correct input relevant with each device of the present invention be verified is conspicuous and need not to describe in detail in instructions.Undoubtedly, it is worthy of note, utilize LCL keyboard input card CL the PIN code and be sent to microcontroller 400 with the RS232 serial link of non-coding form between given card CL and given reader LCL.Unless it should be understood that special explanation, otherwise for the proper operation of apparatus of the present invention, the PIN code is successfully input.

The present invention relates to the portable recording medium as the safety of include file with card CL, this document is licensed and is subjected to protection of the present invention and legally acquired all softwares of user, and the acquisition of software (recording medium) itself is separated.These files utilize following software to obtain program and are recorded in the card CL.

In this implementation of the present invention, the document definition of licensing sequence number and be the given piece of software of S# (being called Fich.S#) is a binary file, and wherein the data bit order is as follows: the S# of software (128 bits); ID.c (128 bits); License count (L#.S#:16 bit); Use (DR.S#: day 5 bits, month 4 bits, year 12 bits, hour 5 bits, minute 6 bits, second 6 bits) recently; Use (DP.S#: 38 bits of date and time) for the first time; The current extended period of using, (DU.S# was minute to be unit: 24 bits); Software is carried out number of times (28 bits); Blended data (Misc:1024 bit); Key kEL.S (128 bits); And key kX.S# (128 bits).Add up to 1680 bits, provided the file of 210 bytes.

In this embodiment of the present invention, the compact flash type card 61 with 4MB memory capacity that ScanDisk sells inserts card CL as shown in Figure 7 and goes up suitable connection bearing 64, thereby makes described compact flash be connected with the compact flash controller 402 of microcontroller 400.The ATA sign of the pcmcia card of compact flash and prior art is compatible.The compact flash module is used as data storage disk.Relating to the driver that makes microcontroller 400 utilize 4MB compact flash module writes required instruction and verifies with the ATA standard.This driver (not shown) can make microcontroller finish following operation on compact flash in this implementation of the present invention: file reads, file modification and document creation.

Therefore in this implementation of the present invention, card CL is used for storing and uses the present invention to protect the authority more than 10000 of software.This quantity can legally be obtained the needs of all softwares of the present invention's protection considerably beyond the user.Undoubtedly, the user can be made compact flash into bigger memory capacity.Under given ATA standard, this variation need not to upgrade microcontroller 400 system programs, also need not to change carrier 60 or compact flash bearing 64.

In the present invention, be stored in the relevant information of licensing on the card CL that the present invention protects software and do not rely on recording medium, but depend on electronic card unit CL.Therefore the user who blocks CL can have a plurality of compact flash and store Fich.S# type file.The data that are stored on first compact flash relevant with given card CL can transfer to second compact flash thus.Utilize said procedure PGM to finish this operation.

In the present invention, authority Fich.S# utilizes 128 key kS.c of des encryption technology, as storing with coding form in the compact flash of memory disk, is called eFich.S#.Key kS.c is written into OTPEPROM storer 407 during microcontroller 400 factory programs.

Because key kS.c is different for every in operation card CL, so the card CL that eFich.S# can only be created uses.

And method provided by the invention can be obtained and comprises the recording medium that the one or more the present invention that separate with described software license profit comprise piece of software.

In this implementation of the present invention, the present invention protects the recording medium of software freely to distribute.But the present invention protects piece of software just to carry out after the legal user authorization file Fich.S# that obtains described piece of software S# operates.Therefore referring to Fig. 2, when the user plans to obtain one or more users and permits, at first need to utilize program PGM that reader LCL and server aSVR are coupled together.In this implementation of the present invention, this connection is set up by the Internet.

In order to begin to obtain the mandate (one or more permission) of the software S# that uses the present invention's protection, the user is connected beginning by blocking CL with described given reader LCL.The user must keep the connection of card CL up to current on-line purchase program (connection) end.Suppose that the user attempts to obtain NL user's permission of this software S#.The user is by continuing the PIN code of input card CL through the keypad of described reader LCL.In order to continue, above-mentioned verification process must successfully stop.

Therefore referring to Figure 11, in implementation of the present invention, when being connected beginning with aSVR, described reader LCL will number ID.d and inform aSVR (step 601).In this communication frame content, aSVR is a far end system as shown in Figure 2.Obviously, cause the commercial operation success of aSVR from described reader LCL receipt of call.After this, program PGM to aSVR send described software sequence number S# and by user (buyer) together with the permission quantity NL import.These two forms according to user's reader LCL key kT.d coding send.

And, consider that sequence number is that the deviser of the described software of S# has server dSVR (not shown) and is connected with aSVR through the Internet at this implementation of the present invention.Server dSVR links to each other with described deviser's reader LCL.Obviously, thus the operating system of this supposition reader LCL can reply and the relevant request of active procedure through programming from server dSVR purchase.Therefore (step 602) dSVR will create the present invention subsequently and protect the numbering ID.d of the used reader LCL of software #S to give aSVR.Communicating by letter as shown in Figure 2 between dSVR and the reader LCL, computing machine 50 representative server dSVR in this case here.

For communication can be carried out on two aspects, user's reader LCL sends the key (step 603) that is called kP with coding form to aSVR.Key kP utilizes the privacy key kT.d coding of user LCL.KP is the PKI in RSA (with Rivest, Shamir and the Adleman name) encryption technology.Key kP creates by the private key under this occasion (promptly dynamically) and deletion when obtaining the admission process end.Coding form by the kP of described key kT.d coding is called ekP.kT.And should be noted that aSVR does not also know the value of the private key kV relevant with kP.The asymmetric encoding of communication period information has been guaranteed to revise the data that exchanging in transmission.

When receiving, aSVR utilizes and the relevant decoding of information ekP.kT of user's reader LCL.In this implementation of the present invention, for given reader LCL, aSVR is that corresponding unique side between numbering ID.d and the key kT.d is known in reader LCL outside.Key kP utilizes the present invention to protect the deviser's of software S# the key kT.d of reader LCL to encode subsequently.The new coding form ekP.kT2 of kP.After this, aSVR is sent to ekP.kT2 through server dSVR deviser's reader LCL (step 604).In this manner, utilize Software Protection Technique of the present invention to protect in the present invention between the tissue of software developer and management aSVR and set up dependence.Therefore the software developer need not to set up the stock except that being used for recording medium that the present invention protects software.

When receiving, described deviser's reader LCL deciphers ekP.kT2 with its key kT.d.Utilize PKI kP, the kEL.S# that deviser's LCL code book invention subsequently protects and utilize the software S# creation procedure of key kP to generate.Utilize the kEL.S# coding form of kP to be called ekEL.(not shown) in becoming example after decoding ekP.kT2, can be utilized key kP coded key kEL.S# thereby described reader can be sent to kP server dSVR.But this change example does not change ultimate principle of the present invention.

In this implementation of the present invention, dSVR receives the NL value from aSVR subsequently.The compatibility that NL makes the present invention protect the deviser of software can organize and manage the tissue of aSVR.Become in example at this that obtains subscriber authorisation, dSVR receives key kP and with after aSVR sends the PKI kPUB that relates to rsa encryption to user's (buyer) LCL.This change example makes the program PGM that connects user's reader LCL to return the NL value of encoding with kPUB through aSVR.The implication of this change example is the honesty that dSVR need not to rely on aSVR.Therefore this change example makes dSVR can accurately monitor the quantity of selling permission.

In this implementation of the present invention, dSVR sends eKEL (step 605) to aSVR subsequently.Server aSVR utilizes the form of key kT.d (key of user's reader LCL) coding to send kX.S# (step 606) to user's reader LCL subsequently.Key kX.S# is to be to create during the process of protection software LD of #S and the key of storage at above-mentioned sequence number by aSVR.After this, server aSVR sends eKEL to user's reader LCL.When receiving, user's reader LCL deciphers eKEL by kV.This has provided kEL.S#.Reader LCL also deciphers the kX.S# form with key kT.d coding.

In this implementation of the present invention, described reader LCL is subsequently in order to being used in form that the key kCS that obtains during the above-mentioned verification process encodes sends license count NL, kX.S#, kEL.S# and clock 104 indications of current time from column data: S#, respective user aSVR request down to described card CL and the date.

Like this, the various data item that received of card CL microcontroller 400 decodings are together with kCS.Microcontroller 400 carries out following renewal process (step 607) subsequently.Whether the decoding file eFich.S# that microcontroller 400 checking is licensed exists in sequence number is the software of S#.If like this, it is made amendment by the numerical value increase NL that makes corresponding document Fich.S# internal area L#.S#.When the user has obtained the mandate of the time that relies on, naturally and understandably in file Fich.S#, finish renewal on the corresponding field.In order to understand the present invention, must consider some tangible point certainly.

If do not have corresponding file Fich.S# to exist, then create new file Fich.S#.Therefore in this implementation of the present invention, the microcontroller 400 of card CL is created ID.c sequence number, kEL.S# and the X.S# of file Fich.S#:S#, L#, L#.S#, card CL by the territory of filling following new file.The numerical value of DR.S# and DP.S# is by current time and date initialization.Territory DU.S# and " software execution number of times " natural value are zero.Territory Misc is used for storing and defines the relevant numerical value that the newly-added information territory needs.Misc is initialized as zero.The L#.S# value is NL.

(describe) in a particular embodiment, in case the aSVR transfer sequence number be the kX.S# value of piece of software of the present invention's protection of S#, then the user can dSVR directly connects with purchase and permits.This change example can be disperseed the sale of permitting.

Providing under Fich.S# file layout and the coded format eFich.S#, the given card CL that only is numbered ID.c can use the file Fich.S# of corresponding ID.c.

In this implementation of the present invention, considered to be called the piece of software of LD through defence program of the present invention.Obviously, explain that below the software for the present invention's protection is effective.For the ease of explaining, consider under the situation of the Ethernet connection reader LCL of main frame through moving under the TCP/IP, to use software.This is applied to frame 40.Above-mentioned driver DRV can communicate by letter with LCL through ICP/IP protocol.In this implementation of the present invention, tcp/ip layer be responsible for to be described communicating by letter between driver procedure DRV and the reader LCL certainly.

In describing the specific embodiment of (but can referring to Fig. 4), on the network a plurality of LCL can appear.But such not organizing can change feature of the present invention.

In this implementation of the present invention, can obtain to carry out LD when one or more use software LD authorize (user's permission).

Therefore when software LD moves, at first carry out function F F on main frame ₀Generally, in this implementation of the present invention, all function F F _iFinish common program: with eF _iBe loaded in the LCL.

In this implementation of the present invention, when software LD calls given function FF _iThe time, it for example utilizes the storehouse of host computer system to transmit information parameter, if this parameter is called PARAM and any corresponding FF is arranged _iFunction F _iThe term of execution directly and/or indirectly use.After this, FF _iWith above-mentioned eF _iLoad content go into storer.Subsequently, FF _iCall driver DRV (calling calling on the computer program meaning) thus provide information PARAM and eF _iThe storage address at place.This information is with after network is sent to LCL.Additional parameter can be by function F F _iAdd parameter PARAM.Therefore PARAM comprises especially and relates to execution function F F _iComputing machine in the information of current time.It also comprises single identifier, represents described main frame (for example the above Computer IP address of network is provided by operation system of computer) and corresponding described function F F _iThe sequence number S# of software.Obviously,, do not have problems when directly linking to each other with computing machine (frame 30 and 20) when reader for unique identifier.Therefore the unique identifier of computing machine is called IDIP.This variable is used for managing use as the software of computer workstation function by the microcontroller 100 of reader LCL.Obviously, the selection of the IP address of variable IDIP probable value does not relate to this implementation.In other implementations, IDIP can certain alternate manner definition.

Therefore in this implementation of the present invention, when the microcontroller 100 of reader LCL has been finished the reception information processing and particularly carried out corresponding function F _iThe time, the result of acquisition through network transfers to main frame.When receiving, DRV returns the result to FF _i, it returns software LD again.If connect user's permission that the card CL of reader LCL does not have software LD, then LCL not return results but return messages are informed FF _iFinish the execution of software LD.Under following other situations, also can finish FF _iTherefore carry out function F by reader LCL _iBetween software LD and LCL, created physical interdependence.

Therefore in this implementation of the present invention, when bringing into operation software LD, carry out the function F F relevant with LD ₀When carrying out the function F F relevant with LD ₀The time, should there be other function F Fs relevant with LD _iCarrying out.Below provide additional information.FF ₀Send eF ₀, computing machine carries out FF ₀Provide current time, function F ₀Execution parameter PARAM and the numerical value S# relevant with software LD.

When result of calculation reaches the microcontroller 100 of LCL, FF ₀Consider two types result.First kind of result relates to F in the microcontroller 100 ₀Execution (F ₀Must be thereby that complicated function makes the operation of software LD depend on this to a great extent).These results are not error message to a certain extent, and the result is returned software LD to constitute the execution of LD.Second type of time Htop that relates to the described computer clock of executive software LD.This time correspondence must be carried out FF by software LD ₀Next constantly.

Owing to depend on how to use LD, so call other function F F _iOrder be unpredictalbe.

In this implementation of the present invention, FF ₀Execution be 1 second order of magnitude.

And at time Htop, if FF ₀Not execution, then LCL thinks and starts FF ₀The relevant execution dialogue of described software LD be closed.This condition makes LCL reduce license counter on the network relevant with LD.

Obviously, surpassing license count does not relate to independent computing machine and using and through I/O port and the direct-connected software of LCL that is attached on the described port.

And work as software LD and carry out other function F F _iThe time (i is not equal to 0), FF _iBy the checking function F F relevant with LD ₀Whether be that itself begins in the process of implementation.At the current FF that do not carry out ₀The time, i is not equal to 0 FF _iThrough DRV with eF _i, S# and be used for F _iExecution parameter be sent to LCL.When finishing during together with its parameter, reader LCL handles eF _i, the result returns FF _iFF _iSubsequently these results are returned software LD.If receive error message, then stop executive software LD.Opposite with the security system for software that adopts code verification, because of being difficult to find and used function F _iFunction of equal value, the present invention protects software to have can not fine work.

In this implementation of the present invention, under given processor CPU1, thereby the operating system of microcontroller 100 is a plurality of piece of software that multitask system can use the present invention to protect simultaneously.The realization of this operating system depends on the multitask system standard of existing Intel80386 processor.And the security of the system of protection software of the present invention depends on the processor CPU2 that once carries out single master routine especially.

In an embodiment of the present invention, when complete reception packets of information, CPU1 is loaded into DRAM109 with it.When information is to have type eF _iData (corresponding sequence number is the given piece of software of S#) and and and eF _iDuring relevant parameter, implement following test tabulation: i equals 0 (step 701), eF _iCorresponding sequence number is the piece of software of S#, and it is FF of successful execution ₀(step 702) equals time Htop by the 104 given times of clock, is expressed as 104 times of relative time clock to have 2 seconds error of plus-minus (test 703 or 705) (previous definition value correspondence is FF of successful execution ₀Piece of software S#), add 1 (step 704) (being called NL.S# and corresponding piece of software S#) greater than the value L#.S# in the file Fich.S# (corresponding piece of software S#) by the current usage license number that provides of card CL.Unit in this test tabulation is called test 1, test 2, test 3 and tests 4.The number relevant with each test defined the order of finishing these tests when implementing.Referring to Figure 12, the beginning of test 1 (step 701) correspondence analysis tree, its is performed with reference to given piece of software S# with as the unique identifier IDIP of the IP address number of each computing machine on the network.This number makes each software carry out the given computer association of dialogue and described network thus.In the change example of this embodiment, another unique identifier can be talked with direct correlation with the execution of given software end by the procedure identifier of utilizing the computer network address combination of locating with process.Current embodiment considers that the unique identifier relevant with the IP address may install example as what discern described network computer.Therefore in the beginning of Figure 12 parsing tree, information S# and IP (IDIP) are assumed to be by function F F _iUnder driver DRV, provide.These two message segments are delivered to described reader LCL with the form of above-mentioned information PARAM bag.

In this implementation of the present invention, be vacation on boolean's meaning if test result's (step 704) of 4, then new NL.S# value (step 709) is that old numerical value adds 1.Suppose that test 2 (steps 702) are false and to test 1 (step 701) be true.

Also has given true value if test 3 numerical value (step 703) and be true value and supposition test 1 and test 2 (steps 701 and 702), then CPU1 internally clock 104 read the current time calculating the new numerical value of Htop, this numerical value relatively with represents testing condition of having finished and the clock time that the computing machine of executive software section S# is relevant under these condition contexts.For example the new value of Htop equals old value and adds 5 minutes in the present embodiment.Thereby adjusting 5 minutes numerical value makes two above sequence numbers be all S# and the piece of software that operates on the various computing machine can't be carried out corresponding function F F simultaneously ₀(need get positive and negative 2 seconds described error).Therefore this numerical value of 5 minutes can replace with other numerical value as the earlier stage function.In test 3 ends, in step 706, carry out function F ₀

Return vacation if test 3 (steps 703), and supposition test 1 and test 2 (steps 701 and 702) return true value, then error message 707 is returned under these test conditions and these condition implications under respective function FF ₀The software of carrying out is carried out dialogue.And CPU1 to make with sequence number be the relevant counter NL.S# of the piece of software of S# 1 point that successively decreases.The list object that management was quoted by various identifier ID IP (corresponding carry out the present invention protect computing machines all on the network of piece of software) when the operating system of microcontroller 100 was protected a plurality of piece of software at the same time.The information of this list object from PARAM is set up.The territory of each object is used for writing down the sequence number S# of the piece of software of carrying out on computers, the described benchmark IDIP of the corresponding described object of the identifier ID IP of this computing machine.This list object makes and the protection piece of software can be managed as computer function.When NL.S# for by IDIP identification and carry out the computing machine that causes the software S# that successively decreases and successively decrease 1 the time, deletion comprises the territory of the corresponding object IDIP of numerical value S#.This management can make new executive software section S# become possibility.Should see that also the numerical value of NL.S# is the object summation that one of described processing is equal to the territory of numerical value S# in the NL.S# mark.Therefore when NL.S# numerical value increases progressively at 1, created new territory among the object ID IP of list object.The label of the function F Fi of the corresponding executive software S# of object ID IP is the computing machine of IDIP.Described new territory is value S# subsequently.

Return true value and test 2 (steps 702) and return falsity and test 1 (step 701) and return true value if test 4 (steps 704), then error messages 708 is returned under these test conditions and the respective function FF under these condition implications ₀The software of carrying out is carried out dialogue.

3 (steps 705) are returned true value and supposition test 1 (step 701) returned falsity if test, and then CPU1 makes the counter NL.S# relevant with software S# 1 point that successively decreases.Therefore the described tabulation of upgating object IDIP.Under these conditions and under the implication of these conditions, error messages 710 is back to these respective function FF subsequently ₀The software of carrying out is carried out dialogue.

Referring to Figure 12, for the true value of enforcement order product (test 1 701 with test 2 702) with implement falsity along middle product (test 1 701 and test 2 702), and for the falsity of enforcement order product (test 1 701 with test 3 705), the result causes CPU1 to handle eF _i

Obviously, thus when realizing that defining these tests when of the present invention can finish defencive function simultaneously by single reader LCL on a plurality of piece of software.The parsing tree of Figure 12 is through greatly simplifying so that understand.In a particular embodiment, can change test condition and test implication.

If use deeply, then create formation to carry out function F i one by one by processor CPU2.In order to reduce the stand-by period, can impose a condition, stipulate that for example centisecond is for carrying out function F _iMaximum extended period of mandate, the computing velocity definition of the relative processor CPU2 of this numerical value.This extended period condition must protect the developer of software to agree by the present invention.

In this implementation of the present invention, use the information of given piece of software S# to provide by card CL.Therefore in the time of when the needs parsing tree and particularly in step 704, microcontroller 100 sends to card CL and asks.Therefore, in order to carry out F _i, CPU1 relates to the request of software S# to the card CL issue that connects in this request content.Suppose that completing successfully the verification process and the supposition file Fich.S# relevant with software S# that define between LCL and the CL handles in the situation of request, the microcontroller 400 that then blocks CL returns file Fich.S# among the LCL with the form of key kCS coding.Microcontroller 100 upgrades following territory subsequently: replace DR.S# (using recently) with current date, recomputate DU.S# (number of times that software has been carried out).Relatively with the last execution of the software S# of this functional dependence, DR.S# is by the date and time renewal of carrying out the first time of function F F0.DU.S# is carrying out respective function FF at dynamic value and the clock 104 of Htop _iIn time, recomputated the given current time.Carry out computational fields " software execution number of times " recently according to the software relevant with this calculating implication.Therefore when each new execution, increase progressively 1 point.These test optimizations are the function of request stream, this request stream relate to is connected with network and the addressing information renewal in the various function F F of corresponding software execution on the various computing machines of reader LCL _i

In this implementation of the present invention, the numerical value of L#.S#, kEL.S# and kX.S# (other territories of relevant document can be kept by CPU when needed) is stored in the DRAM109.The Fich.S# that revises returns CL with the form of kCS coding subsequently.In order to prevent piracy, if remove card CL when reader LCL uses card CL to finish to relate to of the present invention operation, then reader LCL stops the present invention and protects all execution of software to talk with by returning error messages.In certain embodiments of the invention, device of the present invention need not to return by this way error messages, to a certain extent file Fich.S# can permanent storage in reader LCL and with the same use in card CL.

Therefore in this implementation of the present invention, numerical value L#.S# prevents that the present invention from protecting the user of piece of software to surpass license count.

In this implementation of the present invention, the key kEL.S# that file Fich.S# provides is used for deciphering eF ₀CPU1 obtains to relate to and this eF thus ₀The described file of relevant software service condition.CPU1 is with these segment values of information and relevant file Fich.S# comparison.By explaining, if use was fixed with respect to the date of expiry, then described service condition file provides time limit in corresponding field.In a particular embodiment, described service condition file can omit following all or part territory: permanent permission, between the operating period, use the end that expires ..., carry out number of times.

In this implementation of the present invention, after the service condition file of data that file Fich.S# is provided and key kEL.S# decoding was relatively more successful, CPU1 also utilized key kEL.S# to recover function F ₀Java syllabified code (being the Java instruction code).

In this implementation of the present invention,, utilize the key kX.S# decoding coded data eF that obtains from corresponding Fich.S# for the i that is not equal to 0 _iCPU1 recovers function F subsequently _iJava syllabified code (instruction code of corresponding virtual Java machine).

Dma controller 107 directly is loaded into DRAM110 with these instruction codes through interface 106.By the controller of CPU2, CPU1 is forwarded to CPU2 (PicoJava processor) to carry out the F that its execution parameter has loaded _iMonitor that dog 108 monitors the proper operation of CPU2.F in the CPU2 execution _iFinish, its result is recovered by CPU1 and turns back to send data eF _iComputing machine.

In using 30 and 20 implications, the direct connection of reader LCL between USB I/O port separately can be used with personal computer.In these two implications, the software protection of reader LCL is the simple version that function is provided in the network.Therefore this instructions does not provide further details.

In a particular embodiment, use " using the extended period " territory of file condition can be used for constituting the use characteristic of demoware.So the condition of using file is set the restrictive condition of use especially.File authorizing uses " degree " that has provided current use.In this implementation of the present invention, two files of combination can be protected software, prevent from not to be inconsistent with service condition.

And use the conditional formats of file useful especially when the demonstration application that the exploitation restriction is used.Here, thus can adopt specific defence program to need not just can to create the present invention and protect software by server aSVR.This function is for according to decentralized software protection advantageous particularly of the present invention.And, utilize program PGM to select in order to start such defence program.

Compare with the program of above-mentioned protection software, utilize now from tabulation of current week of correspondence (starting this particular software application during this period) { kL _I+1, kLF _I+2, kL _I+3..., kL _I+mThe key kL that extracts _iCoding function F _iProviding these keys kL _iAfter the definition mode, the use of these keys has only the software that uses free restriction just favourable.Obviously, the reader LCL that realizes this program does not transmit the kL of its definition relatively _iNumerical value.In order to issue, the software that this mode is protected must be followed the prompting in week, has finished this specific defence program in this week.Therefore when the user wishes to carry out the piece of software of protecting under this mode (by key kL _i), owing on recording medium, find all information, so the user need not to contact server aSVR.Undoubtedly, the use of software depends on reader LCL.Therefore the user can use software immediately, but can not exceed the service condition of using file condition to set.Implement the repeated use that the present invention has prevented the piece of software of The limited time system.Below the description.

And the present invention relates to utilize the method for apparatus of the present invention, see that by the computing machine viewpoint of above-mentioned PGM program method of the present invention is transparent.The mode that program PGM has developed make the user of apparatus of the present invention can finish need with the mutual operation of described device.Its use is generally mentioned in this manual.It also is used for utilizing the communication resource of main frame and operating system that given LCL is connected with far end system.

Program PGM and driver procedure DRV are parallel to be used.Driver DRV has constituted the communication layers between PGM and the given reader LCL.It guarantees that the use of reader LCL is transparent.Fig. 2 shows the mode that these two unit are installed in computing machine.These two programs are carried out above-mentioned and following all functions.Thereby adopting adjective convention to investigate given LCL makes described reader LCL identification and carries out the order that is integrated in own microcontroller 100 operating systems.These orders are defined by the structure in the reader LCL.

In returning, in the present invention, PGM also can explain the information that sends order from LCL.In this implementation of the present invention, these orders are to make LCL can visit the instruction of far end system basically.

Therefore, utilize the convention of communicating by letter that adopts with given reader LCL, order is defined and relates to the possibility that reader LCL is connected with aSVR by the available network communication resource, thereby the domestic os of apparatus of the present invention can be upgraded or time of setting internal clocking 104 when (battery 103 nothings) in wrong function incident.

In use shown in Figure 1 20, digital wireless receiver 22 is connected with the external bus 114 of microcontroller 100 so that given reader LCL can be directly received information from the tissue of management server aSVR.Obviously, receiver is integrated in the unit that comprises reader LCL.Therefore mode that can be common and/or specific all reader LCL in operation send information.And, to compare with the operation that utilizes battery, the low power consumption of such receiver can forever be operated, even reader cuts out.In the power supply that becomes example, can use rechargeable battery with the wireless receiver 22 that is independent of LCL power supply (may come from main body).The data that receive from transmitter 13 when obviously, the storer of receiver with oneself is used to store reader LCL and cuts out.Therefore server aSVR can send operating system from information to reader LCL and/or card CL through transmitter 13, for example upgrades.

In becoming example, the operation of reader LCL can comprise the condition at interval that relates to except relating to the date (DB.d and DE.d) that enters operation and finish to use.This condition relates to the use with the LCL of wireless receiver 22.Therefore the reader LCL that does not receive information from transmitter 20 as yet refuses operation when the user opens.In order to recover the information that reader LCL loses, because wireless receiving is relatively poor, so the program that is connected to aSVR through program PGM can be moved.Obviously, thus carrying out this recovery through key kT.d is safe communicating by letter of carrying out between aSVR and the reader LCL.

And in order to send information safely from transmitter 13, above-mentioned key kL _iInformation to reader LCL wireless transmission is used to encode.This information is called MR.In addition, select kL _iThereby meet the week during information sends from transmitter 13.By kL _iThe MR form of coding is called eMR.By determining begin to send information MR (beginning Monday and end on Sun.) Monday afterwards in week during definition information MR, can on the given interval of complete cycle, repeat to send same information.This can guarantee that information correctly receives and avoided the too many connection of reader LCL to server aSVR.

Because it at first can secured fashion file Fich.S# is returned corresponding relevant with Fich.S# software buyer's reader LCL, so this change example of the present invention is the most useful.Obviously, transmitter 13 can ad hoc fashion to given wireless receiver 22 transmission information.This change example can need not to set up the computing machine connection and buy, and the user directly handles by phone.This change example can distribute and realizes separating completely between the permission that utilizes this piece of software is sold at the recording medium that comprises given piece of software.

After this, this change example can send the information that relates to the equipment loss.Under the memory capacity of " flash disk " module, be connected with controller so that microcontroller 100 has memory disk through the external bus 114 of microcontroller 100 from the DiskOnChip circuit (not shown) of Msystems.The DiskOnChip of 12 megabyte is used for the present invention, and this becomes the enforcement of example.Become in the example at other, can replace DiskOnChip with the PCMCIA flash cards.Therefore when the information of reception eMR, microcontroller 100 utilizes the key kL in current week _iDecoding eMR.

Therefore for given CL and/or LCL are lost activity to prevent that it from using, and can comprise the information that relates to corresponding sequence number.This sequence number is kept in the DiskOnChip circuit among the file ANNUL subsequently, and this document is preserved all sequences number of the device that the present invention do not re-use.In a particular embodiment, and depend on and prevent the security revised, when from transmitter 13 emissions, need not coding during described sequence number.

In the present invention, the computer approach of the authentication of LCL and signature is finished on file ANNUL.Electronic signature and authentication information are stored in the internal storage 111 of microcontroller 100.When therefore beginning, whether microcontroller 100 authenticating documents ANNUL are replaced by the alternative document of same form or are revised by unauthorized operation at every turn.

This document ANNUL uses at given card CL and during utilizing verification process between the given reader LCL of said procedure subsequently.If the ID.c of the benchmark among the CL representation file ANNUL, LCL will refuse card CL subsequently.And when LCL began and/or receive information MR, the microcontroller 100 of LCL checked whether the ID.d of oneself finds in the content of MR and/or ANNUL.If there is its oneself ID, then microcontroller 100 makes own unavailable by the content of destroying internal storage.

Therefore under embodiments of the present invention, CL or LCL device can not use in the longest 1 week.

And in this implementation of the present invention, device can the longest use 4 years.This interval can be compressed to 2 years well.In this interval, and consider the possibility that apparatus of the present invention are lost, have 100 ten thousand device amounts in 2 years and can lose (purchasing price by new equipment in the incident of losing prevents deliberate losing).As if this capacity too exaggeration.Under the capacity of compression method (50% ratio), and under 128 of sequence number ID, not using compression to need 15 megabyte, is 8 megabyte when the packed data storage space.For 2 years intervals that apparatus of the present invention are used, the capacity of DiskOnChip is enough for this change example.If use the interval longer, give to fix in the DiskOnChip module capacity and can use bigger memory capacity.

And receive under the given situation of the capacity of information at described digital wireless receiver, when the user bought software license, the user can receive the file Fich.S# (as mentioned above) that corresponding software S# permission is bought through wireless system.This function has considerable impact (software can buy and need not connect) anywhere to commerce.Obviously, Fich.S# is to utilize the key kL in current week _iThe form of coding sends.In becoming example, can adopt kT.d type key to buying operation.

Make the use of apparatus of the present invention also can be selected to recover to lose the part of the content of card CL by the possibility of other device refusals of the present invention to the user.

Therefore under given file Fich.S# form, by only keeping following territory, the size of this document is reduced to 66 bytes of file rFich.S# by name: the S# of software, ID.c, L#.S#, kEL.S# and kX.S#.Only consider that the user has the software of permanent user's permission, rFich.S# is enough to define the software of the present invention's protection.Therefore under the 64kB memory module, can store at least 990 software licenses of using by the rFich.S# definition.In new change example, when buying card CL, the tissue of management aSVR provides smart card SC, and reads and revise with can making data security.SC does not draw.SC be included on the single silicon chip microcontroller it made up: processor, 46kB flash memory and DRAM and OTPEPROM storer.Memory access is by the processor control of SC microcontroller.This card is safe smart card.No matter when the legal acquisition the present invention of user protects the new permission of one or more permanent uses of piece of software, all uses this smart card.When obtaining, card inserts in smart card controller 153 and smart card that the microcontroller 100 of reader LCL is communicated by letter.File rFich.S# copies in the 64kB flash memory module of smart card microcontroller subsequently.Obviously, smart card SC inside has the similar key kL with card CL _iThis key uses in identifying, and identifying betides between reader LCL and the card CL.The content of card CL can only be revised by the reader LCL of join dependency card CL.Therefore should become in the example of the present invention, eFich.S# utilizes the coding form erFich.S# storage of the key kS.c of card CL.And under given smart card security character, erFich.S# is protected thus, prevents the undelegated modification of reading.Under any circumstance, this information has obtained protection.And by utilizing the key kS of coding rFich.S#, this card can only use with the card CL that obtains file eFich.S#.Obviously, if the user has bought the newly-increased permission that removes the piece of software S# that has had in the card CL, then LCL duplicates erFich.S# and sends to the card CL of correspondence.The territory of rFich.S# is upgraded with the license count that newly obtains.The new file erFich.S# that this mode obtains replaces the interior first preceding document of internal storage of microcontroller in the card SC subsequently.

Therefore in the incident of losing, the backup of finishing among the smart card SC can recover in two steps: the purchase of neocaine CL; And be connected to server aSVR through program PGM.

When being connected to server, the user transmits the sequence number ID.c (ID.c is the public data that can not revise: it is expressly to show) of old card CL on the carrier 60 of each card CL through program PGM.After this, the user transmits the sequence number of neocaine CL.In replying, aSVR loses the coding form return data of card CL key kS with representative.This key is by the key kT.d coding of the reader LCL that links to each other with neocaine CL.Lose obtaining so making the content of file rFich.S# be resumed of card CL key kS.

Become in the example in the invention that utilizes wireless receiver, the numbering ID.c that loses card CL can pass through the phone verbal message.In this case, the card CL that LCL utilizes its digital wireless receiver to receive to lose and the described sequence number ID.c of the corresponding card of losing, and its receives to utilize current all key kL _iThe information of coding form.Obtain and lose the content that card CL key S just can recovery file rFich.S#.

Simultaneously, aSVR also sends by all reader LCL in the above-mentioned change example of the present invention and loses the sequence number ID.c start-up routine of card so that lose card use inefficacy.

Another becomes in the example in the present invention, can be by the card CL similar safety condition storage file Fich.S# of reader LCL utilization with the operation store file.In this case, file Fich.S# is stored in the external recording medium that this storage is provided.Utilize this example, can use DiskOnChip.Be stored in file on this medium by the key kS.d of corresponding reader LCL protection.In becoming example, key kS.d is for writing the key of internal storage 111 when microcontroller 100 is programmed in factory.Therefore, when one or more software licenses moved to reader LCL, the existence that can be independent of card CL provided the visit to the present invention's protection and the software relevant with reader LCL.This makes that it is possible having user's the use that visit is connected with the computing machine of reader LCL for each.Obviously, when software license is shifted out from blocking CL, be connected the information of upgrading among the smart card SC with the intelligent card reading of reader LCL by requiring the smart card SC corresponding with blocking CL.For example when two permissions of piece of software S# when card CL moves to reader LCL, thereby the content of the file erFich.S# of the content of the file eFich.S# of card CL and smart card SC is revised thus the software users file is write reader LCL.Under the new function of this reader LCL, with the smart card of card SC same-type must be relevant with each reader LCL, thereby the file Fich.S# that relates to the permanent usage license of software can be backed up.Therefore smart card must insert so that pass on effectively after card CL moves to reader LCL immediately in user's permission.Suppose that the software users authentication that copies in the reader LCL can then can move to another card with mandate from a card CL and protect software to use the present invention by transferring to new card CL with above-mentioned opposite operation.Each smart card SC of corresponding these two card CL upgrades automatically.

And for the possibility and the software use authority that relates to limited use that change compact flash on card CL, file eTPS is present on every compact flash of given card ID.c use.This document must be present on all used compact flash of described card CL.Otherwise card CL can not operate.In addition, eTPS is the coding form of file TPS, and this document comprises numbering ID.c and be all software sequence number S# that this card user CL obtains according to the present invention subsequently at first row.Therefore only by changing compact flash, the user can't avoid the use restriction of execution time or the conditional piece of software of number of times.In this implementation of the present invention, this restriction can be applicable to for example freeware.

Therefore in the obvious variation embodiment that does not describe (this description can further not increase the understanding of the present invention), with regard to the ability that protection information prevents to revise, can adopt card CL to store the public information that can not revise such as personal identification.The user interface that the program PGM of utilization represents can be consulted this information.Under large storage capacity, card CL can relate to the program and/or the counter of given numerical value as storage, and can prevent no unauthorized modifications and/or the mode that reads this newly-increased program and/or handle the described counter of relative set-point is carried out.Microcontroller 100 is protected physically, prevents computer-virus program.Therefore it is contemplated that by the executable program code of processor CPU2 of microcontroller 100 or represent the honest degree counter of the software license number that given software developer's user buys to come the Misc territory of defined file Fich.S#, carry out corresponding commercial operation and become possibility thereby make.The program code that may add the Misc territory can be used for revising described function F when reader LCL carries out _iBehavior, thereby by at call function FF _iThe time monitoring data input and output and attempt turn back to function F _iIt is impossible to come pirate corresponding software to become.Recall, have only function F _iCoding form eF _iJust can be accessed by the user.

In the present invention; use physically and in logic to be protected, be used in software protection, providing very high level security to prevent computer virus attack and to prevent to read and/or revise the integrated circuit (microcontroller 100) that is included in the data in the circuit.Given can use the communications peripheral of sort circuit the time,,, but be considered as the general tool that software initiatively participates in using so device of the present invention no longer is considered as the prohibitive device of spying upon because the present invention can secured fashion recovers the permission of losing.Owing to can store and executive routine safety, thus the present invention can make the software protection instrument become the user can instrument used in everyday, this instrument usually provides the time of actual use.Therefore the present invention is the new tool of protection software, at first can be independent of to sell to use right and releasing software, and secondly can quite freely develop the present invention protects software.In the present invention, this separation is main to the influence of the required cost of protection piece of software.By utilizing the present invention to protect a plurality of piece of software and being independent of software developer's single assembly, the cost of apparatus of the present invention can be distributed to all and use its software developers, thereby reduce the cost of single assembly of the present invention and be user's acceptance.

In addition, described separation provided by the invention makes software protecting equipment be independent of to utilize the software of described protective device and sells.The present invention can be used for other operations in safety in utilization with effect in separating the software product price.These operations can provide the operation that makes the confidential information that the user can not revise or forge.Therefore can give the instrument of fixed system as visit.Therefore the present invention has constituted the device of protecting the software that functions of use is provided simultaneously.The result of these functions has reduced the cost of apparatus of the present invention and the cost of the given piece of software of protection.Therefore the present invention protects software to become is of value to small-sized and system large software manufacturer.System of the present invention can industrialization in software industry and protection.

Obviously, the present invention is not limited to the foregoing description and accompanying drawing.Under the prerequisite that does not depart from the scope of the invention, can do multiple modification.

Claims (9)

1. Thereby one kind with use simultaneously from a plurality of piece of software of a plurality of different software devisers to provide protection to prevent the system that uses under the condition that described software developer sets not meeting, it is characterized in that comprising:

   Reader (LCL), have: at least one communications peripheral (network, I/O port), establishment make data can with the last communication layers of protection software exchange: the microcontroller of disposable programmable (100), it makes up two parts (130,120) by interface (106) separation in single electronic unit; And

   Card type mancarried device (CL), the mandate that is used to store a large amount of use protection softwares, device comprises removable large storage capacity logging modle and prevents the microcontroller (400) of unauthorized intrusion internal circuit safely.
2. 2. the system as claimed in claim 1 is characterized in that the part (130) of microcontroller (100) comprises at least one non-volatile memory module (111), volatile storage module (109), I/O serial port (151), real-time embedded clock (104) and main control processor (CPU1).
3. 3. system as claimed in claim 1 or 2, the part (120) that it is characterized in that microcontroller (100) comprise at least one volatile storage module (110) and from processor (CPU2).
4. 4. as any described system among the claim 1-3, it is characterized in that microcontroller (100) is at physics with guarantee the safety of internal memory space in logic, prevent that unauthorized from reading and/or revising, and guarantee the safety that storer (110) internal program is carried out, prevent that the preset sequence of carrying out from may extract the data of any existence from microcontroller (100) before program is carried out in described storage space.
5. 5. as any described system among the claim 1-4, it is characterized in that microcontroller (400) has at least one OTPEPROM memory module (407) or equivalent, DRAM dynamic memory module (107) or equivalent etc. and processor (CPU).
6. 6. as any described system among the claim 1-5; it is characterized in that reader comprises that wireless receiver uses the operation of the right of protection software can realize the off-line purchase; upgrade microcontroller (100,400) or management reader (LCL) and mancarried device (CL).
7. 7. as any described system among the claim 1-6, it is characterized in that reader comprises communications peripheral, be used to connect the distal center system can realize buying the operation that use comprises the software right, upgrade microcontroller (100,400) or management reader (LCL) and mancarried device (CL).
8. 8. as any described system among the claim 1-7; it is characterized in that microcontroller obtains safeguard protection; prevent physics and/or logical attack; and store at least one code sequence and digital cipher and transmit, will use the right of protection software to be transferred to another reader (LCL) or mancarried device (CL) from mancarried device (CL) with the safety that is used to the information that realizes.
9. 9. as any described system among the claim 1-8, it is characterized in that comprising the inside backup that is kept safe, prevent that unauthorized from reading and/or revising.

Images