CN100580686C - Method for preventing software from being embezzled - Google Patents
Method for preventing software from being embezzled Download PDFInfo
- Publication number
- CN100580686C CN100580686C CN200610023883A CN200610023883A CN100580686C CN 100580686 C CN100580686 C CN 100580686C CN 200610023883 A CN200610023883 A CN 200610023883A CN 200610023883 A CN200610023883 A CN 200610023883A CN 100580686 C CN100580686 C CN 100580686C
- Authority
- CN
- China
- Prior art keywords
- software
- user
- encrypt file
- data
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
Present invention refers to a method for preventing software from being illegally used by adding decryption subprogram. When software provider authorize to user, using ciphering subprogram ciphering user proper notification and coding to scrambled file, copying said software and scrambled file to authorizing user's computer system, user computer system must have legal scrambled file to normally operating software. In software run procedure, deciphering restoring cryptographic authorizing user notification data to said scrambled file, outputting these authorizing user notification with software operating result data. Non - authorizing user unavailable legal scrambled file, therefore unable using protected software, even if illegally obtaining scrambled file from other authorizing user, but software operation resulting to said output result invalidation and exposing law evidence of illegally using software, thereby basically preventing software pirate without increasing cost.
Description
Technical field
The present invention relates to protecting computer software, refer in particular to by data encryption and prevent the method that software is used under not licensed situation.
Background technology
Piracy is the biggest obstacle of software industry development and knowledge innovation, and it is to prevent the effective ways illegally usurped that computer software is carried out encryption.At present, software vendor is used to tackle pirate encryption method and mainly is divided into two big classes: software cryptography and hardware encipher.Software cryptography generally is to adopt methods such as sequence number and networking registration activations that protected software is carried out encipherment protection, and its advantage is that cost is low, but be easy to by by break a code, illegal modifications program file or stolen by methods such as shared series numbers.Hardware-based cryptographic needs certain hardware cost, and still can usurp by the mode of analog encryption device or imitation encryption equipment.In addition, these existing encryption methods can make the validated user of software feel inconvenient.
Existing some general class software such as engineering design mapping software, financial software etc., in the achievement data of running software output the user characteristics flag information (as printing to user's name on the engineering drawing or on the financial statement, related service managerial personnel name, enterprise code etc.) that must indicate, import in operating process by user oneself.These softwares adopt all some common shortcomings of existing guard method, in case the copy that certain software is abolished defencive function occurs, this copy causes the consequence of extensively being usurped just by rapid copy propagation.
Summary of the invention
The objective of the invention is to solve above-mentioned problems of the prior art, utilize the method for carrying out software protection at the peculiar flag information of concrete authorized user.
Software protection of the present invention realizes by the following method: the software developer uses a kind of enciphering transformation scheme in design software, add decryption subprogram in designed software.After finishing the software product exploitation, software provider is during to the particular user mandate, to be independent of in the software major function execution module encrypt file in addition with encrypting to be organized into after subroutine is encrypted at the peculiar flag information of concrete authorized user, then described software and encrypt file be copied in the computer system memory of authorized user.Detect at first during running software whether described encrypt file exists and whether legal, must deposit legal described encrypt file operating software normally in the user's computer system.In the software running process the peculiar flag information data of authorized user through encryption in the described encrypt file are decrypted reduction, and the peculiar flag information of these authorized users is exported with running software achievement data.
Because unauthorized user can't obtain legal described encrypt file; therefore can't use protected software; even unlawfully obtained encrypt file from other authorized users; but will comprise the peculiar flag information of former authorized user in the achievement data of being exported during operating software; cause the achievement data exported invalid; and exposed the legal argument of illegal use software, thereby reached the purpose of protection software.
Protected software major function execution module is general to the user of all these softwares, like this, only need make an identical major function execution module upgrading copy when software upgrading is safeguarded and just can be distributed to all users' uses; And described encrypt file is peculiar at each concrete authorized user, can guarantee that like this each user must could use through authorizing.
Description of drawings
Fig. 1 is the process flow diagram of an embodiment of the present invention.
Fig. 2 makes the encrypt file process flow diagram among the embodiment two.
Fig. 3 detects the encrypt file process flow diagram among the embodiment two.
Specific embodiment
The present invention has quoted various encryption technologies and cryptographic algorithm in description, therefore, simply introduce earlier basic encryption technology and cryptographic algorithm.Encryption technology is the technology of information being carried out Code And Decode, and coding is an original readable information (claim expressly not only) codification form (but also claiming ciphertext), its inverse process decode exactly (deciphering).The main points of encryption technology are cryptographic algorithm, and cryptographic algorithm can be divided into symmetric cryptography, asymmetric cryptosystem and irreversible encryption three class algorithms.Symmetric cryptography, asymmetrical encryption algorithm transform data have used two kinds of fundamental elements usually: cryptographic algorithm and key.Cryptographic algorithm comprises the subroutine to data coding and decoding, and these codings are normally consistent with the decoding subroutine, also can comprise the same steps as of carrying out by reversed sequence.Key is selected by the encipherer, is made up of the sequence of numeral or character, is used for data are encoded and deciphered by cryptographic algorithm.In being discussed in more detail below, used symmetric cryptography, asymmetric cryptosystem two class cryptographic algorithm among the embodiment are discussed.
First kind algorithm is symmetric encipherment algorithm (single key algorithm), and single key is used for the coding and the decoding of data simultaneously in this class algorithm.Therefore, in order to ensure safety, this key must be maintained secrecy.In the description here, quoted the single key technique of data encryption standards (DES), this is a kind of data encryption technology that is accepted as standard by NBS, and is very familiar for the people who grasps cryptographic technique.
Another kind of algorithm is asymmetrical encryption algorithm (public key algorithm), in this class algorithm, is not to use same key when digital coding and decoding, and is to use two keys, and one of them is used for to the data coding, and another is used for data are deciphered.A common key is disclosed, and another then is special-purpose, is called private key.If private key is used for to the data coding, then PKI is used for to data decoding, otherwise or.This class algorithm the important point is: infer that by PKI private key is impossible.Asymmetrical encryption algorithm also is familiar with for the people who grasps cryptographic technique.
Data encryption as described herein and decryption technology just are used to say something, and therefore, also can substitute and not depart from the scope of the present invention and principle with other data encryption and decryption technology.
Fig. 1 has illustrated the process flow diagram of an embodiment of the present invention.The software developer determines enciphering transformation scheme (step 101) in making software, adopt asymmetrical encryption algorithm, encrypts subroutine P1, and corresponding decryption subprogram P2, private key K1 are used for encrypting, and PKI K2 is used for deciphering.The software developer decryption subprogram P2 that will be responsible for decipher function enrolls in the software then, and the deciphering PKI is K2 (step 102), in order to call this decryption subprogram P2 when running software needs.Finish software development task (step 103), again software major function execution module is made as the product (step 104) that can install in the subscriber computer storer.When software provider need be to subscriber authorisation, register the distinctive flag information of this user (step 105).Subroutine P1 is encrypted in the software provider operation then, with private key K1 the distinctive flag information of this user is encrypted, and data encrypted is preserved with the form of Computer Storage file and obtained encrypt file (step 106).Again software is installed in the user machine system, and described encrypt file is copied to (step 107) in the user machine system.When the user uses software, program will detect described encrypt file and whether have (step 108), if described encrypt file does not exist, the task that program will be refused the execution back directly finishes.The normal working procedure if described encrypt file exists, and in needs, call decryption subprogram P2, be described encrypt file deciphering with PKI K2, reduction obtains user label information (step 109).If authorized user uses software, the user label information that reduction obtains is the correct information of authorized user, then running software will be exported correct achievement data, as on the engineering drawing of output or the place that needs on the financial statement correctly print user's various information (step 110).If unauthorized user is from the described encrypt file of other authorized user illegal copies, then the user label information that obtains of reduction is the information of former authorized user, then running software is with the achievement data of output error, as on the engineering drawing of output or print the various information of former authorized user, the failure (step 110) that causes usurping software action on the financial statement mistakenly.
Whether legal when using method protection software of the present invention, the method that a kind of possible stolen person attempts to attack is to forge, distort encrypt file, therefore increased among second embodiment below to detect described encrypt file function.To refer to a kind of data check technology when describing second embodiment, can detect the technology whether file or data are distorted exactly in transmission course, a kind of data verification method commonly used is exactly a CRC check.With CRC check to certain data file verification, to obtain a CRC check value, carry out CRC check once more after this data file is distorted, can obtain another different proof test value, relatively whether whether unanimity just can be modified by the specified data file twice CRC check value.CRC check is a kind of known data check algorithm, is familiar with for the people who grasps the data check technology.CRC data check technology as described herein just is used to say something, and therefore, also can substitute with other data check technology and not depart from the scope of the present invention and principle.
Main flow process is identical with first embodiment among second embodiment, no longer is repeated in this description, and only describes the improvements different with first embodiment.When the design encipherment scheme (step 101), design a CRC data check subroutine P3 simultaneously.As shown in Figure 2, when making encrypt file (step 106), the flow process in the with dashed lines frame substitutes former step 106.Encrypt the flag information of subroutine P1, obtain encrypt file F1 (step 201) with the registration of private key K1 encrypting user.Use CRC data check subroutine P3 verification encrypt file F1 again, obtain CRC check value T1 (step 202).T1 is encapsulated into encrypt file F1 with the CRC check value, obtains encrypt file F2 (step 203), and encrypt file F2 is used to copy in the special delegated authority subscriber computer as the encrypt file among the embodiment one.As shown in Figure 3, when starting software detection encrypt file (step 108), the flow process in the with dashed lines frame substitutes former step 108 and decision block.Judge at first whether encrypt file F2 exists, as not existing, refusal is carried out other tasks, directly finish, on the contrary the task (step 301) below continuing to carry out.If encrypt file F2 exists, with encrypt file F2 remove encapsulate CRC check value T1 and encrypt file F1 (step 302).Then CRC check subroutine P3 verification F1 gets CRC check value T2 (step 303).Judge whether T1 equals T2 again, as unequal, illustrate that encrypt file F1 or F2 are distorted or forge, refusal is carried out other tasks, directly finish, on the contrary the task (step 304) below continuing to carry out.
What above embodiment described is fairly simple utilization, and purpose is to illustrate principle of the present invention and method, based on method of the present invention, multiple variation utilization can be arranged in actual the use.As the user profile as shown in customer requirements is in the achievement data of software output multiple different displaying contents or form are arranged, software developer or software provider can be worked out the respective encrypted file of multiple different displaying contents or form in advance when the establishment encrypt file so, select when being used by the user.Other variations are when design enciphering transformation scheme, consider to adopt more complex password cryptographic algorithm, as adopting symmetric encipherment algorithm multiple enciphering transformation method Hybrid Encryptions such as (DES), these complex password mapping algorithms are to realize easily for the people who knows the cryptographic transformation technology.
The peculiar flag information of the authorized user of described encrypted conversion appears in the achievement data of software output, these information can be the one or more combinations of user's name, I.D. numbering, address, business license number, tax registration number, phone, network address, trade mark, seal figure, fingerprint graph, logo figure or acoustic information etc., also can be eletric watermark or digital signature.
The operation achievement data of described protected software output can be written form, paper document and the figures by computer output equipment output; also can be various electronic bits of datas in the storer or the data that are used for the communication line transmission, can also be the multimedia document that comprises information such as image, sound.
Should be noted that embodiment that provides and describe and change thereof all only are for principle of the present invention and method are described here, the people who is familiar with this technology can carry out various improvement, and does not leave scope and spirit of the present invention.
Claims (5)
1. method that prevents that software pirate from using is characterized in that adopting the following step:
1) software developer determines the enciphering transformation scheme, encrypts subroutine and is used for data are encrypted, and corresponding decryption subprogram is used for data are deciphered;
2) decryption subprogram that will be responsible for decipher function is enrolled in the software;
3) finish the software development task; Software major function execution module is made as the product that in the subscriber computer storer, to install;
4) the distinctive flag information of software provider registration authorized user, these flag informations will appear at the user and use in the achievement data that protected software exports;
5) software provider is encrypted the distinctive flag information of authorized user with the encryption subroutine, and data encrypted is preserved with the form of Computer Storage file and obtained encrypt file;
6) protected software is installed in the user machine system, and described encrypt file is copied in the user machine system;
When 7) software was enabled, program detected described encrypt file, just can normally start when having only encrypt file to exist, and carry out next step task;
8) protected software transfer decryption subprogram is deciphered described encrypt file, and reduction obtains the distinctive flag information of authorized user;
When 9) the user label information that obtains when reduction is the correct information of authorized user, then running software will be exported the right user flag information and appear in the achievement data;
10) when the user label information that obtains when reduction and actual user's information inconsistency, then running software will be exported with the inconsistent flag information of actual user and appear in the achievement data.
2. it is characterized in that according to claim 1 a described method that protected software major function execution module is general to the user of all these softwares; And described encrypt file is peculiar at each concrete authorized user, and described encrypt file is independent of and deposits separately and duplicate beyond the software major function execution module.
3. it is characterized in that according to claim 2 a described method that described enciphering transformation scheme adopts asymmetrical encryption algorithm, wherein private key is used for encrypting, and PKI is used for deciphering.
4. it is characterized in that according to claim 2 or 3 described methods the method that software provider is made described encrypt file further may further comprise the steps:
1) encrypts subroutine and save as encrypt file F1 with the flag information that the encrypted private key user registers;
2) with data check subroutine verification encrypt file F1, obtain proof test value T1;
3) proof test value T1 is encapsulated into encrypt file F1, obtains encrypt file F2.
5. it is characterized in that according to claim 4 a described method that the method that the described encrypt file of protected software startup time-histories ordered pair detects further may further comprise the steps:
1) judge whether encrypt file F2 exists, as not existing, refusal is carried out other tasks, directly finishes;
2) if encrypt file F2 exists, with encrypt file F2 remove encapsulate proof test value T1 and encrypt file F1;
3) get proof test value T2 with data check subroutine verification F1;
4) judge whether T1 equals T2, as unequal, refusal is carried out other tasks, directly finish, on the contrary the task below continuing to carry out.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610023883A CN100580686C (en) | 2006-02-15 | 2006-02-15 | Method for preventing software from being embezzled |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610023883A CN100580686C (en) | 2006-02-15 | 2006-02-15 | Method for preventing software from being embezzled |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1811787A CN1811787A (en) | 2006-08-02 |
| CN100580686C true CN100580686C (en) | 2010-01-13 |
Family
ID=36844699
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200610023883A Expired - Fee Related CN100580686C (en) | 2006-02-15 | 2006-02-15 | Method for preventing software from being embezzled |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100580686C (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| BRPI0821205B1 (en) * | 2007-12-20 | 2019-07-30 | Koninklijke Philips N.V. | METHODS FOR PROVIDING A DIGITAL PROGRAM AUTHORIZATION, FOR DELIVERING DIGITAL CONTENT ON A DEVICE AND FOR AUTHENTICATING THE VALIDITY OF THE DEVICE THAT DELIVERS DIGITAL CONTENT, AND DEVICE FOR RENDING A DIGITAL CONTENT. |
| CN109033762A (en) * | 2018-07-05 | 2018-12-18 | 南京云信达科技有限公司 | A method of for solving complicated checked object soft ware authorization |
-
2006
- 2006-02-15 CN CN200610023883A patent/CN100580686C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1811787A (en) | 2006-08-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP0881559B1 (en) | Computer system for protecting software and a method for protecting software | |
| JP2539164B2 (en) | Commercial data masking | |
| CN100452075C (en) | Security control methods for date transmission process of software protection device and device thereof | |
| US5557765A (en) | System and method for data recovery | |
| US5935246A (en) | Electronic copy protection mechanism using challenge and response to prevent unauthorized execution of software | |
| US6233567B1 (en) | Method and apparatus for software licensing electronically distributed programs | |
| US20050160049A1 (en) | Method and arrangement for protecting software | |
| US20120278618A1 (en) | Methods of authorizing a computer license | |
| JP2006211349A (en) | Encryption of file, composite program, and program storage medium | |
| CN102129532A (en) | Method and system for digital copyright protection | |
| US7805616B1 (en) | Generating and interpreting secure and system dependent software license keys | |
| CN105740725A (en) | File protection method and system | |
| CN109583218B (en) | Confidential file protection and positioning method, device, equipment and readable storage medium | |
| CN102402671A (en) | Method for preventing fraudulent use of software | |
| US6088456A (en) | Data encryption technique | |
| CN100580686C (en) | Method for preventing software from being embezzled | |
| CN107682156A (en) | A kind of encryption communication method and device based on SM9 algorithms | |
| CN114491591A (en) | Data use authorization method, equipment and storage medium for hiding trace query | |
| US9467427B2 (en) | Methods and systems for authorizing and deauthorizing a computer license | |
| CN112989377A (en) | Method and system for performing authority processing on encrypted document | |
| JP2005020608A (en) | Content distribution system | |
| CN102724043B (en) | Single user authoring method for digital rights management | |
| KR19990064448A (en) | A Preventive Measure of Illegal Software Copy using the Smart Card | |
| Verslype et al. | A flexible and open DRM framework | |
| CN114357385A (en) | Software protection and authorization method, system and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100113 Termination date: 20150215 |
|
| EXPY | Termination of patent right or utility model |