CN105468940B - Method for protecting software and device - Google Patents
Method for protecting software and device Download PDFInfo
- Publication number
- CN105468940B CN105468940B CN201510857401.3A CN201510857401A CN105468940B CN 105468940 B CN105468940 B CN 105468940B CN 201510857401 A CN201510857401 A CN 201510857401A CN 105468940 B CN105468940 B CN 105468940B
- Authority
- CN
- China
- Prior art keywords
- code
- encryption
- protected
- application program
- driver
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 238000012795 verification Methods 0.000 claims description 6
- 238000004321 preservation Methods 0.000 claims description 4
- 230000005540 biological transmission Effects 0.000 claims description 2
- 230000007547 defect Effects 0.000 abstract description 2
- 238000012545 processing Methods 0.000 description 5
- 230000002452 interceptive effect Effects 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 241001269238 Data Species 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of method for protecting software and device, is related to field of software protection, and main purpose is to solve to carry out the defect that protection bring is inconvenient for use and protects intensity low to software by encryption lock in the prior art.The method comprise the steps that obtaining P-code from the code of application program to be protected and obtaining encryption P-code for transplanting code encryption;The driver that creation is interacted with application program to be protected, driver is for decrypting encryption P-code and executing P-code;Driver receives the execution P-code request that application program to be protected is sent, and executes and carries encryption P-code in P-code request;Encryption P-code is decrypted in driver, is determined whether to execute P-code according to decrypted result.The present invention can protect application program to be protected (software) using the code of code logic complexity and code more more than the size of code that encryption lock carries as P-code, and considerably increase application program to be protected (software) cracks difficulty.
Description
Technical field
The present invention relates to field of software protection more particularly to a kind of method for protecting software and device.
Background technique
Software is the set of a series of computer datas according to particular order tissue and instruction, for certain specific use
It is developed on the way.With the development of computer technology, more and more softwares are developed, wherein a large amount of office software by
In the work that people can be helped to complete various complexity, therefore there is important commercial value.But since many reasons are current
Software field piracy row, the legitimate interests of software developer are constantly subjected to invade.
In order to protect the legitimate interests of software developer, the prior art mostly uses high-intensitive software cryptography scheme to software
It is protected, these software cryptography schemes generally all use encryption lock.Encryption lock is that one kind is inserted in parallel port of computer or USB port
On software and hardware combining security product, generally have tens or several hundred bytes nonvolatile storage space for read-write, it is soft
Part developer can carry out data exchange by interface function and encryption lock, i.e., be written and read to encryption lock, to check encryption lock
Whether it is inserted on interface;Or the direct tool subsidiary using encryption lock encrypts the exe file of oneself.Software developer can in this way
Many places software locks to be arranged in software, these locks are opened as key using encryption lock;If not being inserted into encryption lock or adding
Close lock does not correspond to, and software cannot be executed normally.
It, in this way must when using software although encryption lock can to a certain extent protect software
Encryption lock must be carried, makes troubles to user and encryption lock is also easily lost.In addition, using the at high cost of hardware encryption lock,
For encryption lock since limited storage space causes its practical size of code transplanted limited, this reduces encryption lock to a certain extent
Crack difficulty.
Summary of the invention
The embodiment of the present invention provides a kind of method for protecting software and device, to solve in the prior art through encryption lock pair
Software carries out the defect that protection bring is inconvenient for use and protection intensity is low.
First aspect according to the present invention, the embodiment of the present invention provide a kind of method for protecting software, comprising:
P-code is obtained from the code of application program to be protected and obtains encryption P-code for the transplanting code encryption;
The driver that creation is interacted with the application program to be protected, the driver is for decrypting described add
Close P-code simultaneously executes the P-code;
The driver receives the execution P-code request that the application program to be protected is sent, the execution P-code
The encryption P-code is carried in request;
The encryption P-code is decrypted in the driver, is determined whether to execute the transplanting according to decrypted result
Code.
The second aspect according to the present invention, the embodiment of the present invention provide a kind of software protecting equipment, comprising:
Acquiring unit, for obtaining P-code from the code of application program to be protected and being obtained for the transplanting code encryption
Encrypt P-code;
Creating unit, for creating the driver interacted with the application program to be protected, the driver
For decrypting the encryption P-code and executing the P-code;
Receiving unit is asked for making the driver receive the execution P-code that the application program to be protected is sent
It asks, carries the encryption P-code in the execution P-code request;
Decryption unit is determined for the driver to be decrypted to the encryption P-code according to decrypted result
Whether the P-code is executed.
Method for protecting software and device provided in an embodiment of the present invention, can create and interact with application program to be protected
Driver, which receives after the execution P-code request that application program to be protected is sent to application program to be protected
In encryption P-code be decrypted and execute P-code, determined according to the decrypted result to encryption P-code by driver and be
It is no to execute the P-code, without applying journey to be protected by the encryption lock in the prior art for being stored with P-code
Sequence (software) is protected.Simultaneously as driver is much higher than the hardware of encryption lock itself to the operational efficiency of complicated algorithm
Execution efficiency, and the limitation of lock memory space not encrypted, thus the present invention can by the code of code logic complexity and
Codes more more than the size of code that encryption lock carries protect application program to be protected (software) as P-code, significantly
Increase application program to be protected (software) cracks difficulty.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is this hair
Bright some embodiments for those of ordinary skill in the art without creative efforts, can be with root
Other attached drawings are obtained according to these attached drawings.
Fig. 1 is a kind of flow chart of method for protecting software provided in an embodiment of the present invention;
Fig. 2 is a kind of composition block diagram of software protecting equipment provided in an embodiment of the present invention;
Fig. 3 is the composition block diagram of another software protecting equipment provided in an embodiment of the present invention;
Fig. 4 is the composition block diagram of another software protecting equipment provided in an embodiment of the present invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without creative efforts, shall fall within the protection scope of the present invention.
In the existing mode protected to software, mainly software is protected using encryption lock, encryption lock is one
The security product for the software and hardware combining kind being inserted in parallel port of computer or USB port, generally have tens or several hundred bytes it is non-
Volatile memory preserves the partial code in software for reading and writing in the memory space, software developer can pass through
Interface function and encryption lock carry out data exchange, i.e., are written and read to the code in encryption lock.But make in this way
With encryption lock must be carried when software, makes troubles to user and encryption lock is also easily lost.In addition, using hardware encryption lock
It is at high cost, since limited storage space causes its practical size of code transplanted limited, this is reduced encryption lock to a certain extent
Encryption lock cracks difficulty.
In order to solve in the prior art to carry out software by encryption lock, protection bring is inconvenient for use and protection intensity is low
The problem of, the embodiment of the present invention provides a kind of method for protecting software, as shown in Figure 1, this method comprises:
101, P-code is obtained from the code of application program to be protected and obtains encryption P-code for transplanting code encryption.
When the application program to software is protected, in order to make the application program of software by unauthorized user
With, need to transplant a part of code from the code of application program and protected into encryption lock, only by authorization (have plus
Close lock) user can just pass through the P-code normal use software in encryption lock.But it after encryption lock is lost, will lead to not
The other users of authorization use protected software.In order to overcome drawbacks described above, the embodiment of the present invention need to be implemented step 101 from
P-code is obtained in the code of application program to be protected and obtains encryption P-code for transplanting code encryption.
102, the driver interacted with application program to be protected is created, driver is for decrypting encryption P-code
And execute P-code.
Due to carrying the encryption lock higher cost of partial code in application program to be protected and being easily lost, and encrypt
The memory space and operational efficiency of lock are limited, and the practical size of code transplanted from application program to be protected is very limited, this is one
That determines to also reduce code in degree cracks difficulty.Therefore, the embodiment of the present invention does not use encryption lock, but needs to be implemented step
The driver that 102 creations are interacted with application program to be protected, driver is for decrypting encryption P-code and executing shifting
Plant code.Wherein, the program for having interactive interface is created between the driver and the application program to be protected;The driving
Program can explain encryption P-code under kernel mode i.e. system model and execute P-code.Due to the embodiment of the present invention
Partial code in application program to be protected is transplanted in driver and is executed, and at present almost without for cracking driving
The debugger of program exists, along with the virtual machine protection (as carried out shell adding to code using VMProtect) of code, so that right
Transplanting code analyze extremely difficult.
103, driver receives the execution P-code request that application program to be protected is sent, and executes and takes in P-code request
Band encryption P-code.
Since the embodiment of the present invention has got P-code simultaneously from the code of application program to be protected in a step 101
Encryption P-code is obtained for transplanting code encryption, and creates the drive interacted with application program to be protected in a step 102
Dynamic program, the driver is for decrypting the encryption P-code and executing the P-code;Therefore when needs use is wait protect
When protecting application program, need to send execution to driver by the interactive interface between application program to be protected and driver
P-code request, request driver execute P-code.Therefore the embodiment of the present invention after step 102, needs to be implemented step
103 drivers receive the execution P-code request that application program to be protected is sent, and execute carrying encryption in P-code request and move
Plant code.
104, encryption P-code is decrypted in driver, is determined whether to execute P-code according to decrypted result.
After driver receives the execution P-code request that application program to be protected is sent, driver is from execution
The encryption P-code carried in the request is obtained in P-code request, and encryption P-code is decrypted, according to decrypted result
Determine whether to execute P-code.If decrypted result is correct, the P-code is executed by driver, if decrypted result is not just
Really, then the P-code can not be executed to not be available the application program to be protected.Driver is to encryption P-code
When being decrypted, it can be decrypted according to the encryption rule of encryption P-code, the encryption rule can be opened by software
Hair quotient sets in advance and can set the encryption rule in driver when creating driver.
Method for protecting software provided in an embodiment of the present invention can create the driving interacted with application program to be protected
Program, the driver received after the execution P-code that application program to be protected is sent is requested to adding in application program to be protected
Close P-code is decrypted and executes P-code, determines whether to execute according to the decrypted result to encryption P-code by driver
The P-code, without (soft to application program to be protected by the encryption lock in the prior art for being stored with P-code
Part) it is protected.Simultaneously as driver executes effect much higher than the hardware of encryption lock itself to the operational efficiency of complicated algorithm
Rate, and the limitation of lock memory space not encrypted, therefore the present invention can be by the code of code logic complexity and than encrypting
The more codes of size of code that lock carries protect application program to be protected (software) as P-code, considerably increase
Application program (software) to be protected cracks difficulty.
In order to preferably understand above-mentioned method shown in FIG. 1, the embodiment of the present invention will be for each step in Fig. 1
It is described in detail.
It, can be by the part in application program to be protected due in the prior art in order to which the application program to software is protected
For code migrating into encryption lock, the user for being authorized to use software can be by encryption lock normal use software.But due to encryption
The limited storage space of lock and lower to the operational efficiency of complicated algorithm, therefore the code logic that code is transplanted in encryption lock is most
The size of code actually transplanted in all relatively simple and encryption lock of number is relatively small, this reduces code to a certain extent
Crack difficulty.In order to overcome drawbacks described above, the embodiment of the present invention does not use the mode of encryption lock to protect in application program
P-code, but by creating the driver interacted with application program to be protected, by executing institute in driver
State P-code.Since driver is not limited and driver is higher to the operational efficiency of complicated algorithm by memory space,
Therefore the embodiment of the present invention can be obtained from application program to be protected code logic complexity P-code and available generation
The biggish P-code of code amount.The embodiment of the present invention, can be with when reality obtains P-code from the code of application program to be protected
P-code is obtained from the code of application program to be protected using the acquisition modes of dot-dividing type, that is, in application program to be protected
Code in different location obtain multiple P-codes.The embodiment of the present invention obtains P-code by dot-dividing type and can not only obtain
The biggish P-code of size of code, but also the different code of the available different location into application source code to be protected is patrolled
Volume code, by improving the size of code of P-code and the complexity of P-code, so that improve P-code cracks difficulty
Degree.
Since the P-code obtained from the code of application program to be protected is only stored in encryption lock by the prior art,
P-code is not encrypted, therefore after encryption lock is lost, any user for getting encryption lock can be normal
Use application program to be protected.Therefore, the embodiment of the present invention got in the code from application program to be protected P-code it
Afterwards, it is also necessary to which P-code is encrypted.Since the embodiment of the invention provides a kind of sides for obtaining P-code using dot-dividing type
Formula is not in entanglement to make the P-code obtained, therefore the difference that the embodiment of the present invention can will be obtained by dot-dividing type
The P-code of code logic is built into code block, and the P-code of different code logic can be distinguished by code block, to avoid
There is entanglement in the P-code of different code logic.After P-code is built into code block, need that code block encrypt
To encryption P-code.When encrypting to code block, the embodiment of the invention provides a kind of optional embodiments, can be right
The code block carries out asymmetric encryption and obtains encryption P-code.Code block is being encrypted using asymmet-ric encryption method
When, it needs using two keys: public-key cryptography and private cipher key.Public-key cryptography and private cipher key are a pair of, if using open
Key pair code block is encrypted, then only corresponding private cipher key could be decrypted;If using private cipher key pair code block
It is encrypted, then only corresponding public-key cryptography could be decrypted.For example, the embodiment of the present invention can be by a pair of secret keys
Public-key cryptography encrypts code block to obtain encryption P-code, and when creating driver, it can be set in driver
The fixed encryption rule, therefore when the external world needs to be implemented application program to be protected, it can carry and add to driver transmission
The execution P-code of close P-code is requested, and driver needs after receiving the execution P-code request according to setting
Encryption rule is decrypted using private cipher key pair encryption P-code.Due to having between application program to be protected and driver
Interactive interface, so if driver needs to reply encryption information to application program to be protected, then driver is needed to make
Return information is encrypted with the public-key cryptography in a pair of secret keys of application setting to be protected, by application program to be protected
It is decrypted using the encryption information that private cipher key pair is replied.Code block is encrypted above by asymmetric encryption mode
Mode is a kind of optional embodiment, can also use other cipher modes certainly, such as use symmetric cryptography mode pair
Code block is encrypted, that is, is encrypted and decrypted using the same key pair code block.Though using symmetric cryptography mode
Faster encryption and decryption speed can so be reached, but the process due to encrypting and decrypting uses the same key, when any
Just not can guarantee the safety of encryption information after the Key Exposure of one side, although therefore can also be played using symmetric cryptography mode plus
The purpose of close code block, but its cryptographic security is not so good as to symmetric cryptography mode.Since the embodiment of the present invention is without using encryption
Lock saves encryption P-code, therefore after being encrypted code block to obtain encryption P-code by above-mentioned each mode, this hair
Encryption P-code can be carried out local preservation by bright embodiment.During actually saving encryption P-code, it can will encrypt
P-code is stored under the catalogue of application program to be protected, can be quickly from its mesh so as to when using application program to be protected
Record is lower to obtain encryption P-code, and encryption P-code is carried and is sent to driver in executing P-code request.Alternatively,
Where application program to be protected being stored in by P-code is encrypted in other memory spaces of client.
In order to improve the degree of protection to application program to be protected, in addition to carrying out encryption to P-code and in driver
Realize that a set of code interpretative device is able to carry out driver outside P-code, the embodiment of the present invention also needs real in driver
Existing a set of empowerment management logic, that is, the access right of application program to be protected is set, only with the machine of access right
The application program to be protected can be run.Specifically when the access right of application program to be protected is arranged, the present invention is real
Applying example can be realized by way of digital signature.Its process includes: that the hardware information of the machine with access right is raw
A string of sequence numbers are formed by a series of encryptions, hash at machine code, such as by the hard disk serial number of machine, mainboard information etc.,
The sequence number is to the machine code of unique identification machine;After obtaining the machine code with the machine of access right, need
Hash operation is carried out to the machine code and obtains cryptographic Hash, and cryptographic Hash is used to indicate the unique of the fixed size of the machine code
Value.Hash operation can be carried out to the machine code using SHA256 algorithm when reality carries out Hash operation to machine code to obtain
256 cryptographic Hash, naturally it is also possible to Hash operation be carried out to machine code using other hash algorithms.When obtaining unique Hash
After value, the embodiment of the present invention also needs to be encrypted to obtain to the cryptographic Hash by preset private key described with access right
Machine hardware information digital signature, that is, by the private key of application program to be protected to the machine with access right
Hardware information abstract (carrying out Hash operation to hardware information to obtain) encrypt, and by the cryptographic Hash of encryption (digital signature)
It is sent to driver, driver only could decrypt encrypted cryptographic Hash (number with the public key of application program to be protected
Signature).Due to providing in the embodiment of the present invention, this processing mode of the access right of application program to be protected is set, and
Number has been carried out to the cryptographic Hash of the machine hardware information with access right when the access right of application program to be protected is set
Signature processing, therefore the driver in the embodiment of the present invention executes shifting what the reception application program to be protected was sent
It plants in code request, further includes the cryptographic Hash of the machine hardware information with access right in the execution P-code request
Digital signature.
After carrying out encryption to P-code through the above way and being provided with access right to application program to be protected,
The embodiment of the present invention not only needs that the P-code is decrypted according to the encryption rule of P-code by driver, but also
It needs to be verified and (namely verified the digital signature) by authorization privilege of the driver to machine, judges that it is
The no access right (namely judging whether digital signature is legal) with application program to be protected.It is exactly specifically by driving journey
The digital signature of the machine code of ordered pair current machine is verified, and is determined whether to execute the P-code according to verification result.
For example, when using application program to be protected, application program to be protected can by its interactive interface between driver to
Driver, which is sent, executes P-code request, carries encryption P-code in the execution P-code request and has the right to use
The digital signature of the cryptographic Hash of the machine hardware information of limit.It, can be with after driver receives execution P-code request
Public key that the private key used when processing matches is first passed through and is digitally signed to carrying in the execution P-code request
Digital signature is verified, if verifying digital signature is legal, illustrates that the sender of the cryptographic Hash of machine hardware information is legal,
It is legal in verifying digital signature but since the cryptographic Hash of the machine hardware information obtained by hash algorithm is irreversible
Afterwards, the embodiment of the present invention also needs to calculate the cryptographic Hash of the machine code of current machine using same hash algorithm, if calculated
Cryptographic Hash it is identical as the cryptographic Hash for demonstrating digital signature before, then can be by driver according to the encryption rule of P-code
It is decrypted and executes the P-code to encryption P-code, so as to normal use application program to be protected;If calculated
Cryptographic Hash and the cryptographic Hash that demonstrates digital signature before it is not identical, then machine does not have the right to use of application program to be protected
Limit, can not normal use application program to be protected.
The embodiment of the present invention carries out the hardware information of authorized machine by the access right of setting application program to be protected
Hash operation is simultaneously digitally signed processing, by driver using the preset encryption of software developer and verification method to current
The hash signature of the machine code of machine is verified, and could only be opened by driver using software in the case where signing legal
The hair preset encryption method of quotient is decrypted and executes the P-code to encryption P-code, to be protected so as to normal use
Application program.It is realized by encryption P-code and authorized signature and the high intensity of application program to be protected is protected.
As the application to method shown in above-mentioned Fig. 1, the embodiment of the invention provides a kind of software protecting equipments, such as Fig. 2
Shown, described device includes: acquiring unit 21, creating unit 22, receiving unit 23 and decryption unit 24, wherein
Acquiring unit 21, for obtaining P-code from the code of application program to be protected and being obtained for the transplanting code encryption
To encryption P-code;
Creating unit 22, for creating the driver interacted with the application program to be protected, the driving journey
Sequence is for decrypting the encryption P-code and executing the P-code;
Receiving unit 23, the execution P-code request sent for receiving the application program to be protected are described to execute shifting
It plants in code request and carries the encryption P-code;
Decryption unit 24, for the encryption P-code to be decrypted, execution is determined whether according to decrypted result described in
P-code.
Further, acquiring unit 21 is used for the dot-dividing type from the code of application program to be protected and obtains P-code, described
It includes the transplanting that the different location in the code of application program to be protected obtains different code logic that dot-dividing type, which obtains P-code,
Code.
Further, as shown in figure 3, acquiring unit 21 includes:
Module 211 is constructed, for the P-code to be built into code block;
Encrypting module 212 obtains encryption P-code for carrying out asymmetric encryption to the code block;
Preserving module 213, for the encryption P-code to be carried out local preservation.
Further, as shown in figure 4, described device further include:
Setting unit 25, for the access right of application program to be protected to be arranged.
Further, setting unit 25 includes:
Generation module 251, for that will have the hardware information of the machine of access right to generate machine code;
Computing module 252 obtains cryptographic Hash for carrying out Hash operation to the machine code;
Signature blocks 253, it is described with the right to use for being encrypted to obtain to the cryptographic Hash by preset private key
The digital signature of the hardware information of the machine of limit.
Further, decryption unit 24 is also used for public key corresponding with preset private key to digital signature progress
Verifying, determines whether to execute the P-code according to verification result.
Software protecting equipment provided in an embodiment of the present invention can create the driving interacted with application program to be protected
Program, the driver received after the execution P-code that application program to be protected is sent is requested to adding in application program to be protected
Close P-code is decrypted and executes P-code, determines whether to execute according to the decrypted result to encryption P-code by driver
The P-code, without (soft to application program to be protected by the encryption lock in the prior art for being stored with P-code
Part) it is protected.Simultaneously as driver executes effect much higher than the hardware of encryption lock itself to the operational efficiency of complicated algorithm
Rate, and the limitation of lock memory space not encrypted, therefore the present invention can be by the code of code logic complexity and than encrypting
The more codes of size of code that lock carries protect application program to be protected (software) as P-code, considerably increase
Application program (software) to be protected cracks difficulty.
In addition, software protecting equipment provided in an embodiment of the present invention can pass through the right to use of setting application program to be protected
Limit, carries out Hash operation to the hardware information of authorized machine and is digitally signed processing, uses software development by driver
The preset encryption of quotient and verification method verify the hash signature of the machine code of current machine, only in legal feelings of signing
Encryption P-code could be decrypted using software developer's preset encryption method by driver and be executed described under condition
P-code, so as to normal use application program to be protected.It is realized by encryption P-code and authorized signature to be protected
The high-intensitive protection of application program.
For above-mentioned software protecting equipment it should be noted that each unit mould used in all embodiment of the present invention
The function of block can be realized by hardware processor (hardware processor).
The apparatus embodiments described above are merely exemplary, wherein described, unit can as illustrated by the separation member
It is physically separated with being or may not be, component shown as a unit may or may not be physics list
Member, it can it is in one place, or may be distributed over multiple network units.It can be selected according to the actual needs
In some or all of the modules achieve the purpose of the solution of this embodiment.Those of ordinary skill in the art are not paying creativeness
Labour in the case where, it can understand and implement.
Through the above description of the embodiments, those skilled in the art can be understood that each embodiment can
It realizes by means of software and necessary general hardware platform, naturally it is also possible to pass through hardware.Based on this understanding, on
Stating technical solution, substantially the part that contributes to existing technology can be embodied in the form of software products in other words, should
Computer software product may be stored in a computer readable storage medium, such as ROM/RAM, magnetic disk, CD, including several fingers
It enables and using so that a computer equipment (can be personal computer, server or the network equipment etc.) executes each implementation
Method described in certain parts of example or embodiment.
Finally, it should be noted that the above embodiments are merely illustrative of the technical solutions of the present invention, rather than its limitations;Although
Present invention has been described in detail with reference to the aforementioned embodiments, those skilled in the art should understand that: it still may be used
To modify the technical solutions described in the foregoing embodiments or equivalent replacement of some of the technical features;
And these are modified or replaceed, technical solution of various embodiments of the present invention that it does not separate the essence of the corresponding technical solution spirit and
Range.
Claims (12)
1. a kind of method for protecting software, which is characterized in that the described method includes:
P-code is obtained from the code of application program to be protected and obtains encryption P-code for the transplanting code encryption;
The driver that creation is interacted with the application program to be protected, the driver are moved for decrypting the encryption
It plants code and executes the P-code;
The driver receives the execution P-code request that the application program to be protected is sent, the execution P-code request
It is middle to carry the encryption P-code;
The encryption P-code is decrypted in the driver, is determined whether to execute the P-code according to decrypted result.
2. the method according to claim 1, wherein described obtain transplanting from the code of application program to be protected
Code include:
Dot-dividing type obtains P-code from the code of application program to be protected, and the dot-dividing type acquisition P-code is included in be protected
Different location in the code of application program obtains the P-code of different code logic.
3. the method according to claim 1, wherein described obtain encryption P-code packet for the transplanting code encryption
It includes:
The P-code is built into code block;
Asymmetric encryption is carried out to the code block and obtains encryption P-code;
The encryption P-code is subjected to local preservation.
4. the method according to claim 1, wherein receiving the application program to be protected in the driver
Before the execution P-code request of transmission, the method also includes:
The access right of application program to be protected is set.
5. according to the method described in claim 4, it is characterized in that, the access right packet of the setting application program to be protected
It includes:
The hardware information of machine with access right is generated into machine code;
Hash operation is carried out to the machine code and obtains cryptographic Hash;
Encrypted to obtain the hardware information of the machine with access right to the cryptographic Hash by preset private key
Digital signature;
In the execution P-code request that the driver receives that the application program to be protected is sent, the execution P-code
Request further include: the digital signature.
6. according to the method described in claim 5, it is characterized in that, the driver solves the encryption P-code
It is close, determined whether to execute the P-code according to decrypted result further include:
Driver use public key corresponding with preset private key verifies the digital signature, according to verification result
Determine whether to execute the P-code.
7. a kind of software protecting equipment, which is characterized in that described device includes:
Acquiring unit, for obtaining P-code from the code of application program to be protected and being encrypted for the transplanting code encryption
P-code;
Creating unit, for creating the driver interacted with the application program to be protected, the driver is used for
It decrypts the encryption P-code and executes the P-code;
Receiving unit, for making the driver receive the execution P-code request that the application program to be protected is sent, institute
It states to execute in P-code request and carries the encryption P-code;
Decryption unit determines whether for the driver to be decrypted to the encryption P-code according to decrypted result
Execute the P-code.
8. device according to claim 7, which is characterized in that the acquiring unit is used for the generation from application program to be protected
Dot-dividing type obtains P-code in code, and it includes the different positions in the code of application program to be protected that the dot-dividing type, which obtains P-code,
Set the P-code for obtaining different code logic.
9. device according to claim 7, which is characterized in that the acquiring unit includes:
Module is constructed, for the P-code to be built into code block;
Encrypting module obtains encryption P-code for carrying out asymmetric encryption to the code block;
Preserving module, for the encryption P-code to be carried out local preservation.
10. device according to claim 7, which is characterized in that described device further include:
Setting unit, for the access right of application program to be protected to be arranged.
11. device according to claim 10, which is characterized in that the setting unit includes:
Generation module, for that will have the hardware information of the machine of access right to generate machine code;
Computing module obtains cryptographic Hash for carrying out Hash operation to the machine code;
Signature blocks obtain the machine with access right for being encrypted by preset private key to the cryptographic Hash
Hardware information digital signature.
12. device according to claim 11, which is characterized in that the decryption unit is also used for and preset private key
Corresponding public key verifies the digital signature, is determined whether to execute the P-code according to verification result.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510857401.3A CN105468940B (en) | 2015-11-30 | 2015-11-30 | Method for protecting software and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510857401.3A CN105468940B (en) | 2015-11-30 | 2015-11-30 | Method for protecting software and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105468940A CN105468940A (en) | 2016-04-06 |
| CN105468940B true CN105468940B (en) | 2019-01-01 |
Family
ID=55606630
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510857401.3A Active CN105468940B (en) | 2015-11-30 | 2015-11-30 | Method for protecting software and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105468940B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106407751B (en) * | 2016-08-31 | 2018-11-27 | 北京深思数盾科技股份有限公司 | The method and apparatus that executable file is protected |
| CN106789088A (en) * | 2017-02-08 | 2017-05-31 | 上海诺行信息技术有限公司 | A kind of software version signature mechanism |
| CN106951744B (en) * | 2017-03-15 | 2019-12-13 | 北京深思数盾科技股份有限公司 | protection method and device for executable program |
| CN107526947A (en) * | 2017-09-26 | 2017-12-29 | 重庆市珞宾信息技术有限公司 | A kind of embedded software active control method |
| CN107678875B (en) * | 2017-09-29 | 2020-01-24 | 北京深思数盾科技股份有限公司 | Fault detection and automatic repair method, device, terminal and storage medium |
| CN109727134B (en) * | 2018-12-29 | 2024-04-05 | 三六零科技集团有限公司 | Picture copyright trading method and device |
| CN111164593B (en) * | 2019-12-27 | 2022-06-21 | 威创集团股份有限公司 | Registration authorization method and system |
| CN112651031A (en) * | 2020-12-14 | 2021-04-13 | 展讯半导体(成都)有限公司 | Digital signature method, digital signature verification method, electronic device and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101261666A (en) * | 2008-04-10 | 2008-09-10 | 北京深思洛克数据保护中心 | A method for realizing software copyright protection based on encrypted executable program file |
| CN102915411A (en) * | 2011-08-02 | 2013-02-06 | 张景彬 | Dereplication encryption lock for software and hardware of embedded system |
| CN103425911A (en) * | 2013-08-07 | 2013-12-04 | 北京深思数盾科技有限公司 | Method for enhancing software protection usability |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1776563A (en) * | 2005-12-19 | 2006-05-24 | 清华紫光股份有限公司 | File encrypting device based on USB interface |
-
2015
- 2015-11-30 CN CN201510857401.3A patent/CN105468940B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101261666A (en) * | 2008-04-10 | 2008-09-10 | 北京深思洛克数据保护中心 | A method for realizing software copyright protection based on encrypted executable program file |
| CN102915411A (en) * | 2011-08-02 | 2013-02-06 | 张景彬 | Dereplication encryption lock for software and hardware of embedded system |
| CN103425911A (en) * | 2013-08-07 | 2013-12-04 | 北京深思数盾科技有限公司 | Method for enhancing software protection usability |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105468940A (en) | 2016-04-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105468940B (en) | Method for protecting software and device | |
| US9673975B1 (en) | Cryptographic key splitting for offline and online data protection | |
| EP3574622B1 (en) | Addressing a trusted execution environment | |
| US9735962B1 (en) | Three layer key wrapping for securing encryption keys in a data storage system | |
| CN103366102B (en) | For content transmission and the system for numeral copyright management of distribution | |
| CN102271037B (en) | Based on the key protectors of online key | |
| CN102138300B (en) | Message authentication code pre-computation with applications to secure memory | |
| JP5167348B2 (en) | Software encryption method, software decryption method, software encryption device, and software decryption device | |
| CN111181720A (en) | Service processing method and device based on trusted execution environment | |
| US8135964B2 (en) | Apparatus, system, method, and computer program product for executing a program utilizing a processor to generate keys for decrypting content | |
| US9020149B1 (en) | Protected storage for cryptographic materials | |
| CN109040090A (en) | A kind of data ciphering method and device | |
| WO2017041603A1 (en) | Data encryption method and apparatus, mobile terminal, and computer storage medium | |
| CN104618096B (en) | Protect method, equipment and the TPM key administrative center of key authorization data | |
| CN107924448A (en) | The one-way cipher art that hardware is implemented | |
| CN105450620A (en) | Information processing method and device | |
| CN110249336A (en) | Addressing using signature key to credible performing environment | |
| JP6849862B2 (en) | Homomorphic encryption for password authentication | |
| CN107908574A (en) | The method for security protection of solid-state disk data storage | |
| US11575501B2 (en) | Preserving aggregation using homomorphic encryption and trusted execution environment, secure against malicious aggregator | |
| CN104901810A (en) | Data encrypted storage method based on domestic cryptographic algorithm | |
| EP2629223A1 (en) | System, devices and methods for collaborative execution of a software application comprising at least one encrypted instruction | |
| CN107294710A (en) | A kind of key migration method and device of vTPM2.0 | |
| CN109728912A (en) | Broadcasting content safe transmission method, system and terminal | |
| US10572635B2 (en) | Automatic correction of cryptographic application program interfaces |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 100193 Beijing, Haidian District, East West Road, No. 10, East Hospital, building No. 5, floor 5, layer 510 Applicant after: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. Address before: 100872 room 1706, building 59, Zhongguancun street, Haidian District, Beijing Applicant before: BEIJING SHENSI SHUDUN TECHNOLOGY Co.,Ltd. |
|
| COR | Change of bibliographic data | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee after: Beijing Shendun Technology Co.,Ltd. Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. |
|
| CP01 | Change in the name or title of a patent holder |