MXPA04000593A - Method for protecting a software using a so-called conditional jump principle against its unauthorised use. - Google Patents

Method for protecting a software using a so-called conditional jump principle against its unauthorised use.

Info

Publication number
MXPA04000593A
MXPA04000593A MXPA04000593A MXPA04000593A MXPA04000593A MX PA04000593 A MXPA04000593 A MX PA04000593A MX PA04000593 A MXPA04000593 A MX PA04000593A MX PA04000593 A MXPA04000593 A MX PA04000593A MX PA04000593 A MXPA04000593 A MX PA04000593A
Authority
MX
Mexico
Prior art keywords
execution
unit
protected software
software
protected
Prior art date
Application number
MXPA04000593A
Other languages
Spanish (es)
Inventor
Sgro Gilles
Original Assignee
Validy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Validy filed Critical Validy
Publication of MXPA04000593A publication Critical patent/MXPA04000593A/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/125Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/123Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Remote Sensing (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Storage Device Security (AREA)
  • Circuits Of Receivers In General (AREA)

Abstract

The invention concerns a method for protecting, from a unit, a vulnerable software against its unauthorised use, said software operating on a data processing system. The method consists in creating a protected software: by selecting in the vulnerable software source, at least a conditional jump; by modifying the vulnerable software source so that a second part of the execution executed in a unit executes at least the functionality of at least a selected conditional jump and provides the data processing system with an information enabling to track the execution at the selected site.

Description

METHOD TO PROTECT A SOFTWARE WITH THE HELP OF A PRINCIPLE CALLED "CONDITIONAL DERIVATION" AGAINST UNAUTHORIZED USE DESCRIPTIVE MEMORY The present invention relates to the technical field of data processing systems in the general sense and contemplates, more precisely, the means to protect, against unauthorized use, software that operates on said data processing systems. The object of the invention contemplates, in a more particular way, the means to protect a software against its unauthorized use, from a memory unit or from a processing and memory unit, said unit is commonly materialized by means of a memory card. chip or with a material key on the USB port. In the previous technical field, the main drawback concerns the unauthorized use of software by users who have not acquired the license rights. This lawful use of software causes damage claimed by software publishers, software distributors and / or anyone who integrates such software into products. To avoid such illicit copies, various solutions for protecting software have been proposed in the state of the art. In this way, a protection solution is known which consists of applying a protective material system, such as a physical element called a protection key or "dongle" in Anglo-Saxon terminology. This protection key must guarantee the execution of the software only in the presence of the key. However, it should be noted that said solution is not effective because it has the disadvantage of being easily evaded. A malicious or pirated person, with the help of specialized tools, such as screwdrivers, can suppress the control instructions of the protection key. It could then be possible to make illicit copies corresponding to modified versions of software that no longer have any protection. In addition, this solution can not be generalized to all softwares, in the measurement in which it is difficult to connect more than two protection keys on the same system. The object of the invention justly contemplates remedying the aforementioned drawbacks by proposing a method to protect a software against its unauthorized use, from an ad hoc processing and memory unit, insofar as the presence of said unit is necessary so that the software is fully functional. To achieve this objective, the invention relates to a method for protecting, from at least one virgin unit comprising at least processing means and memory means, a software vulnerable to its unauthorized use, said vulnerable software functions about a data processing system. The method according to the invention consists in: in a protection phase: in creating a protected software: selecting at the source of the vulnerable software, at least a conditional derivation, selecting at least a portion of the source of the vulnerable software that contains at least one conditional derivation selected, producing the protected software source from the source of the vulnerable software, modifying at least a selected portion of the source of the vulnerable software to obtain at least a modified portion of the source of the protected software, this modification such that during the execution of the protected software: a first execution part is executed in the data processing system and a second execution part is executed in a unit, obtained from the virgin unit after loading information, and the second execution part executes at least the functionality of at least one d conditional eviction selected and made available to the data processing system, an information that allows the first execution party to continue with its execution in the selected environment, and producing: a first part object of the protected software, from the source of the protected software, this first part object being such that during the execution of the protected software, a first execution part appears that is executed in the processing system of data and where at least a portion takes into account that at least one selected conditional derivation is executed in the unit, and a second part object of the protected software, this second part object being such that, after loading in the virgin unit and during the execution of the protected software, the second execution part appears by means of which each selected conditional derivation is executed, and in loading the second object part in the virgin unit, in order to obtain the unit, and in a phase of use during which the protected software runs: in the presence of the unit and each time a portion of the first execution part imposes it, execute the nality of a conditional derivation in the unit, so that this portion is executed correctly, and consequently, the protected software is fully functional, and in the absence of the unit and despite the request for a portion of the first part of execution of execute the functionality of a conditional derivation in the unit, not being able to respond correctly to this request, so that at least this portion is not executed correctly and, consequently, the protected software is not fully functional. According to one embodiment, the method according to the invention consists, in the protection phase, of modifying the protected software: selecting, at the protected software source, at least one series of selected conditional derivations, modifying at least one portion selected from the source of the protected software, this modification is such that during the execution of the protected software, the global functionality of at least one selected series of conditional derivations is executed by means of the second execution part, in the unit, and producing : the first part object of the protected software, this first part object is such that during the execution of the protected software, the functionality of at least one selected series of conditional derivations in the unit is executed, and the second part is the object of the protected software, this second part object being such that after loading in the unit and during the execution of the sof protectedware, the second execution part appears by means of which the global functionality of at least one selected series of conditional derivations is executed.
According to a preferred embodiment, the method according to the invention consists of: in the protection phase: in modifying the protected software: selecting at the source of the protected software: at least one algorithmic processing that during the execution of the protected software, uses for at least one operand, and allows to determine, at least in part, the result of a selected conditional derivation, and at least one portion containing at least one selected algorithmic processing, modifying at least a selected portion of the source of the protected software, this modification being such that: at least the functionality of at least one selected algorithmic processing is executed by means of the second execution part, at least a selected algorithmic processing is fragmented, so that during the execution of the software , protected appear by means of the second part of execution, several stages dist intas, namely: the arrangement of at least one operand for the unit, the realization in the unit, of the algorithmic processing functionality in at least one operand, and eventually, the disposition of at least one result, through the unit , for the data processing system, for at least one selected algorithmic processing, stage commands are defined so that during the execution of the protected software, each stage command is executed by the first execution part and starts in the unit, the execution by means of the second part of execution, of a stage, and a sort of commands of stages is selected among the set of orders that allow the execution of the protected software, and producing: the first part of the protected software, this first part object being such that during the execution of the protected software, the stage commands are executed according to the selected order, and the second part object of the protected software, this second part object being such that, after loading in the unit and during the execution of the protected software, the second execution part appears by means of which the steps initiated by the first part of execution, and in the use phase: in the presence of the unit and each time a stage command contained in a portion of the first execution part imposes it, execute the corresponding stage in the unit, so that this portion is executed correctly and consequently, the protected software is fully functional, and in the absence of the unit, despite the request of a portion of the first part of execution to start the execution of a stage in the unit, not being able to respond correctly to this request, so that at least this portion is not executed correctly and consequently, the protected software is not fully functional. According to a preferred embodiment, the method according to the invention consists of: in the protection phase: in modifying the protected software: selecting at least one variable used in at least one selected algorithmic processing, that during the execution of the protected software, partially defines the status of the protected software, modifying at least a selected portion of the source of the protected software, this modification being such that during the execution of the protected software, at least one selected variable or at least one copy of the selected variable resides in the unit, and producing: the first part of the protected software, this first part object being such that during the execution of the protected software, at least a portion of the first part of execution also takes into account that at least one variable or at least one copy of the variable resides in the unit; and the second part object of the protected software, this second part object being such that, after loading in the unit and during the execution of the protected software, the second execution part appears by means of which at least one selected variable, or at least one copy of the selected variable, also resides in the unit, and in the use phase: in the presence of the unit and each time impose a portion of the first part of execution, use a variable or a variable copy that resides in the unit, so that this portion is executed correctly, and consequently, the protected software is fully functional, and in the absence of the unit , despite the request of a portion of the first execution part to use a variable or a copy of the variable residing in the unit, not being able to respond correctly to this request, so that at least this portion is not executed correctly and consequently, the protected software is not fully functional. According to another preferred embodiment, the method according to the invention consists of: in the protection phase: in defining: a set of elementary functions which are capable of being executed in the unit; and a set of elementary commands for this set of elementary functions, these elementary commands are susceptible of being executed in the data processing system and of starting the execution in the unit, of the elementary functions, in building means of use that allow the unit, to execute the elementary functions of said game, the execution of these elementary functions are initiated by the execution in the data processing system, of the elementary commands, and in modifying the protected software: selecting in the source of the protected software, at least one stage that during the execution of the protected software, performs the functionality of an algorithmic processing, modifying at least a selected portion of the source of the protected software, this modification being such that: at least one selected stage of fragmentation is fragmented. so that during the execution of the protected software, this stage is executed by means of the second part of execution, using the elementary functions, for at least one selected stage, elementary commands are integrated in the source of the protected software, so that during the execution of the protected software, each elementary command is executed by the first part of execution and starts in the unit, the execution by means of the second part of execution, of an elementary function, and an ordering of elementary commands is selected among the set of orders that allow the execution of the protected software, and producing: first part object of the protected software, this first part object being such that during the execution of the protected software, the elementary commands are executed according to the selected order, and the second part of the protected software that also contains the means of use, this second part object being such that, after loading in the unit and during the execution n of the protected software, the second execution part appears by means of which the elementary functions initiated by the first part of execution are executed, and in the use phase: in the presence of the unit and each time an elementary command imposes it contained in a portion of the first execution part, execute the corresponding elementary function in the unit, so that this portion is executed correctly and consequently, the protected software is fully functional, and in the absence of the unit, despite the requesting a portion of the first part of execution, of starting the execution of an elementary function in the unit, not being able to respond correctly to this request, so that at least this portion is not executed correctly and consequently, the protected software It is not fully functional.
According to another preferred embodiment, the method according to the invention consists of: in the protection phase: in defining: by at least one software execution feature, capable of being monitored at least in part in the unit, so less a criterion to be obeyed for at least one software execution feature, detection means to be applied in the unit and that allow detecting that at least one software execution feature obeys at least one associated criterion, and means of coercion to apply in the unit and that allow to inform the data processing system and / or modify the execution of a software, when at least one criterion is not obeyed, in building the means of use that allow the unit, also apply detection means and coercion means, and in modifying the protected software: selecting at least one software execution feature to be monitored, between the execution characteristics that can be monitored, selecting at least one criterion to be followed for at least one selected software execution feature, selecting in the source of the protected software, elementary functions for which at least one selected software execution feature will be monitored, modifying at least a selected portion of the source of the protected software, this modification being such that during the execution of the protected software , at least one execution characteristic selected by means of the second execution part is monitored, and failure to obey a criterion leads to information from the data processing system and / or to a modification of the execution of the protected software, and producing the second part object of the protected software containing the means of exploitation also applying the means of detection and means of coercion, this second part object being such that, after loading in the unit and during the execution of the protected software, it is monitored by at least one feature of running software and not obeying a criterion leads to information from the data processing system and / or to a modification of the execution of the protected software, and in the use phase: in the presence of the unit: while all the criteria corresponding to all supervised execution characteristics are obeyed of all modified portions of the protected software, allow the nominal operation of these portions of the protected software and, consequently, allow the nominal operation of the protected software, and at least one of the criteria corresponding to a monitored execution characteristic of a portion of the protected software is not obeyed, inform the data processing system and / or modify the operation of the portion of the protected software, so that the operation of the protected software is modified. According to a variant of mode, the method according to the invention consists of: in the protection phase: in defining: as a software execution characteristic capable of being monitored, a variable for measuring the use of a software functionality, as a criterion to be obeyed, at least a threshold associated with each measurement variable, and means of updating that allow updating at least one measurement variable, in constructing the means of use that allow the unit to also apply the updating means, and in modifying the protected software: selecting as the software execution characteristic to be monitored, at least one variable measuring the use of a software functionality, selecting: at least one protected software functionality where the use is susceptible of be monitored thanks to a variable of measurement, at least one measurement variable that serves to quantify the use of said functionality, at least one threshold associated with a selected measurement variable corresponding to a limit of use of said functionality, and at least one method for updating a selected measurement variable based on the use of said functionality, and modifying at least a selected portion of the source of the protected software, this modification being such that, during the execution of the protected software, the measurement variable is updated by means of the second execution part, depending on the use of said functionality and at least an excess of threshold is taken into account, and in the use phase, in the presence of the unit, and in the case where at least an excess of threshold corresponding to at least one use limit is detected, in informing the data processing system and / or modifying the operation of the portion of the protected software, so that the operation of the protected software is modified. According to a mode variant, the method according to the invention consists of: in the protection phase: in defining: for at least one measurement variable, several associated thresholds, and different coercion means corresponding to each of these thresholds, and in modifying the protected software: selecting at the source of the protected software, at least one selected measurement variable to which several thresholds corresponding to the different limits of use of the functionality must be associated, selecting at least two associated thresholds with the selected measurement variable, and modifying at least a selected portion of the protected software source, this modification being such that, during the execution of the protected software, excesses of different thresholds are taken into account, by means of the second part of execution, in a different way, and in the phase of use: in the presence of the unit: in the case where the excess of a first threshold is detected, in ordering the protected software not to use the corresponding functionality anymore, and in the case where the excess of a second threshold is detected, in rendering inoperative the corresponding functionality and / or at least a portion of the s protected oftware. According to a mode variant, the method according to the invention consists of: in the protection phase: in defining recharging means that allow at least one complementary use to be accredited for at least one software functionality monitored by a measurement variable , to build the means of use that also allow the unit to apply the recharge means, and to modify the protected software: selecting the protected software source, at least one selected measurement variable that allows limiting the use of a functionality to which at least one complementary use must be able to be accredited, and modifying at least a selected portion, this modification being such that in a so-called recharge phase, at least one complementary use of at least one corresponding functionality can be accredited to a selected measurement variable, and in the recharge phase: in updating at least one variable of measurement selected ion and / or at least one associated threshold, in order to allow at least one complementary use of the functionality. According to a variant of mode, the method according to the invention consists of: in the protection phase: in defining: as a software execution characteristic capable of being monitored, a software use profile, and as a criterion to be obeyed, at least one software execution feature, and in modifying the protected software: selecting as software execution feature to monitor at least one software usage profile, selecting at least one execution characteristic that must at least obey a selected usage profile, and modifying at least a selected portion of the protected software source, this modification being such that during the execution of the protected software, the second execution part obeys all the execution characteristics selected, and in the phase of use in the presence of the unit, and in the case where it is detected that at least one execution characteristic it is not obeyed, in informing the data processing system and / or in modifying the operation of the portion of the protected software, so that the operation of the protected software is modified. According to a mode variant, the method according to the invention consists of: in the protection phase: in defining: a set of instructions in which the instructions are capable of being executed in the unit, a set of commands for instructions this set of instructions, these commands are capable of being executed in the data processing system and of initiating in the unit the execution of the instructions, such as usage profile, the chaining of the instructions, as an execution characteristic, a chaining desired for the execution of the instructions, as means of detection, means that allow detecting that the chaining of the instructions does not correspond to that desired, and as means of coercion, means for informing the data processing system and / or modifying the operation of the protected software portion when the chaining of instructions does not correspond to that desired, in constructing the means of exploitation that also allow To the unit execute the instructions of the instruction set, the execution of these instructions are initiated by the execution in the data processing system, of instruction commands, and in modifying the protected software: modifying at least a selected portion of the Source of protected software: transforming the elementary functions into instructions, specifying the chain that must be obeyed by at least certain instructions during their execution in the unit, and transforming the elementary commands into instruction commands that correspond to the instructions used, and in the phase of use, in the presence of the unit, in l case where it is detected that the chaining of instructions executed in the unit does not correspond to that desired, in informing the data processing system and / or in modifying the operation of the portion of the protected software, so that the operation of the software protected is modified. According to a mode variant, the method according to the invention consists of: in the protection phase: in defining: as a set of instructions, a set of instructions in which at least certain instructions work on registers and use at least one operating in order to yield a result, at least a part of the instructions that work on the records: a part that defines the functionality of the instruction, and a part that defines the desired chain for the execution of instructions and that includes fields of bits that correspond to: an instruction identification field, and for each operand of the instruction: a flag field, and an expected identification field of the operand, for each record that belongs to the means of utilization and used by the set of instructions, a generated identification field in which the identification of the last instruction is stored automatically that the result has been shown in this record, as means of detection, means that allow, during the execution of an instruction, for each operand, when imposed by the flag field, to control the equality between the generated identification field corresponding to the record used by this operand, and the field of identification foreseen of the origin of this operand, and as means of coercion, means that allow to modify the result of the instructions, if at least one of the controlled equalities is false. According to another preferred embodiment, the method according to the invention consists of: in the protection phase: in defining: as an initiating command, an elementary command or an instruction command, as a dependent function, an elementary function or an instruction , as an order, at least one argument for an initiating command, corresponding at least in part to the information transmitted by the data processing system to the unit, in order to initiate the execution of the corresponding dependent function, a method of renaming orders that allows to rename orders in order to obtain initiating commands in reordered orders, and restoration means destined to be applied in the unit in the course of the use phase, and that allow finding the dependent function to to execute, from the renamed order, to build means of exploitation that allow the unit to apply also the means of subtraction Bienestar, and in modifying the protected software: selecting at the source of the protected software, initiating commands, modifying at least a selected portion of the source of the protected software renaming the orders of selected initiator commands, in order to disguise the identity of the corresponding dependent functions, and producing: the first part object of the protected software, this first part object being such that during the execution of the protected software, the initiating commands are executed in reordered orders, and the second part of the protected software that contains the means of exploitation that also apply. means of restoration, this second part object being that, after loading in the unit and during the execution of the protected software, the identity of the dependent functions is re-established in which the execution is initiated by the first part of execution, by means of the second part of execution, and the dependent functions are executed by means of the second part of execution, and in the phase of use: in the presence of the unit and each time a command initiator in reordered order, contained in a portion of the first part of execution imposes it, reestablish in the unit, the identity of the corresponding dependent function and in executing it, so that this portion is executed correctly and that consequently, the protected software is fully functional, and in the absence of the unit , in spite of the request of a portion of the first execution part, to start the execution of a dependent function in the unit, in not being able to respond correctly to this request, so that at least this portion is not executed correctly and that consequently, the protected software is not fully functional. According to a variant of mode, the method according to the invention consists of: in the protection phase: in defining for at least one dependent function, a family of algorithmically equivalent dependent functions, but initiated by initiating commands where the renamed commands they are different, and in modifying the protected software: selecting at the source of the protected software at least one initiating command in reordered order, and modifying at least a selected portion of the source of the protected software replacing at least the renamed order of a command of initiator in selected reordered order, by another renamed command, that starts a dependent function of the same family. According to a mode variant, the method according to the invention consists in: in the protection phase, in defining, for at least one dependent function, a family of algorithmically equivalent dependent functions: concatenating a noise field with the information that defines the functional part of the dependent function to be executed in the unit, or using the identification field of the instruction and the expected identification fields of the operands. According to a variant of modality, the method according to the invention consists of: in the protection phase: in defining: as a method of renaming orders, a coding method for coding orders, and as means of restoration, means that they apply a decoding method to decode the renamed orders and thus reestablish the identity of the dependent functions that will be executed in the unit. The method according to the invention thus makes it possible to protect the use of software by means of the application of a processing and memory unit which has the particular feature of containing a part of the software during execution. It is concluded that any derivative version of the software that attempts to operate without the processing and memory unit requires recreating the part of the software contained in the processing unit and memory during execution, with the risk that this derivative version of the software may not be fully functional . Other diverse characteristics result from the previous description with reference to the attached drawings that show, by way of non-limiting examples, modalities and applications of the object of the invention. Figures 1 a and 1 b are functional block diagrams illustrating the various representations of a software respectively not protected and protected by the method according to the invention. Figures 2a to 2c illustrate by way of example, various embodiments of a device for applying the method according to the invention. Figures 3a and 3b are functional block diagrams explaining the general principle of the method according to the invention. Figures 4a to 4d are diagrams illustrating the method of protection according to the invention applying the principle of protection by variable. Figures 5a to 5e are diagrams illustrating the method of protection according to the invention applying the principle of protection by temporary dissociation. Figures 6a to 6e are diagrams illustrating the method of protection according to the invention applying the principle of protection by elementary functions. Figures 7a to 7e are diagrams illustrating the method of protection according to the invention applying the principle of protection by detection and coercion. Figures 8a to 8f are diagrams illustrating the method of protection according to the invention applying the principle of protection by renaming. Figures 9a to 9c are diagrams illustrating the method of protection according to the invention applying the principle of protection by conditional derivation. Figure 10 is a diagram illustrating the different phases of application of the object of the invention.
Figure 11 illustrates an example of the modality of a system that allows the application of the construction period of the protection phase according to the invention. Figure 12 illustrates an example of embodiment of a pre-personalization unit used in the protection method according to the invention. Figure 13 illustrates an example of the modality of a system that allows the application of the tool making period of the protection phase according to the invention. Figure 14 illustrates an exemplary embodiment of a system that allows the application of the protection method according to the invention. Figure 15 illustrates an example of embodiment of a personalization unit used in the protection method according to the invention. In the development of the description, the following definitions will be used: A data processing system 3 is a system capable of executing a program. A processing and memory unit is a unit capable of accepting data provided by a data processing system 3, of restoring data to the data processing system 3, of storing data at least in part in a secret manner and of preserving at least a part of these when the unit is out of voltage, and to perform the algorithmic processing on the data, a part or all of this processing is secret. A unit 6 is a processing and memory unit that applies the method according to the invention. A virgin unit 60 is a unit that does not apply the method according to the invention, but that can receive information that converts it into a unit 6. A pre-personal unit 66 is a virgin unit 60 that has received a part of the information that it has received. allow, after receipt of complementary information, to be transformed into a unit 6. The information load in a virgin unit 60 or a pre-personal unit 66 corresponds to a transfer of information in the virgin unit 60 or the pre-personal unit 66, and a storage of said information transferred. Eventually, the transfer may include a change in the format of the information. A variable, a data or a function contained in the data processing system 3 will be indicated with a capital letter, while a variable, a data or a function contained in the unit 6 will be indicated by a lowercase letter.
A "protected software" is software that has been protected by at least one principle of protection applied through the method according to the invention. A "vulnerable software" is software that has not been protected by any protection principle applied through! method according to the invention. In the case where the differentiation between vulnerable software and protected software is not important, the term "software" is used. A software is presented under various representations according to the moment considered in its life cycle: a source representation, an object representation, a distribution, or a dynamic representation. A source representation of a software is understood as a representation that after transformation, gives an object representation. A source representation can be presented according to different levels, from an abstract conceptual level to a level directly executable by a data processing system or a processing and memory unit. A representation object of a software corresponds to a level of representation that after transfer in a distribution and subsequent loading in a data processing system or a processing and memory unit, can be executed. It can be, for example, a binary code, an interpreted code, etc. A distribution is a physical or virtual medium that contains the object representation, this distribution must be made available to the user to allow him to use the software. A dynamic representation corresponds to the execution of the software based on its distribution. A piece of software corresponds to any part of software and may correspond, for example, to one or more consecutive instructions or not, and / or to one or more consecutive functional blocks or not, and / or to one or more functions, and / or one or more subprograms, and / or one or more modules. A portion of a software may also correspond to all of this software. Figures 1 a and 1 b illustrate the various representations respectively of a vulnerable 2v software in the general sense, of a 2p protected software according to the method of the invention. Figure 1a illustrates various representations of a vulnerable 2v software that appears in the course of its life cycle. The vulnerable 2v software can appear under one of the following representations: a 2vs source representation, a 2vo object representation, a 2vd distribution. This distribution can be presented commonly in the form of a physical distribution medium such as a CDROM or in the form of files distributed through a network (GSM, Internet, ...), or a dynamic representation 2ve corresponding to the execution of the vulnerable software 2v in a data processing system 3 of any known type, which normally comprises at least one processor 4. Figure 1 b illustrates various representations of a 2p protected software that appears during its life cycle. The protected software 2p may appear under one of the following representations: a 2ps source representation comprising a first source part for the data processing system 3 and a second source part intended for the unit 6, a part of these source parts may be commonly contained in common files, a 2po object representation comprising a first target part 2pos intended for the data processing system 3 and a second target part 2pou destined for the unit 6, a 2pd distribution comprising: a first distribution part 2pds which contains the first part part 2pos, this first part of distribution 2pds is intended for the data processing system 3 and can be commonly presented in the form of a physical distribution means such as a CDROM, or in the form of files distributed through of a network (GSM, Internet, ...), and a second part of distribution 2pdu that is presented under the f orma: of at least one prepersonalized unit 66 on which the second part of the 2pou object has been loaded and for which the user must finish the personalization by loading complementary information, in order to obtain a unit 6, this complementary information is obtained, for example, by uploading or downloading via a network, or of at least one unit 6 on which the second object part 2pou has been loaded, or a dynamic representation 2pe corresponding to the execution of the protected software 2p. This dynamic representation 2pe comprises a first execution part 2pes that is executed in the data processing system 3 and a second execution part 2peu that is executed in unit 6. In the case where the differentiation between the different representations of the software protected 2p does not matter, the first part expressions of the protected software and the second part of the protected software are used. The application of the method according to the invention according to the dynamic representation of figure 1 b, uses a device 1 p comprising a data processing system 3 linked through a chemical link to a unit 6. The processing system data 3 is of any type and normally comprises at least one processor 4. The data processing system 3 can be a computer or can be part, for example, of various machines, devices, fixed or mobile products, or vehicles in the general sense. The link 5 can be realized in any possible way, such as, for example, through a serial line, a USB bus, a radio link, an optical link, a network link or a direct electrical connection on a system circuit. data processing 3, etc. It should be noted that the unit 6 can eventually be found physically inside the same integrated circuit as the processor 4 of the data processing system 3. In this case, the unit 6 can be considered as a coprocessor in relation to the processor 4. of the data processing system 3 and the link 5 is internal to the integrated circuit. Figures 2a to 2c illustratively and non-limitingly show various embodiments of the device 1 p that allow the application of the protection method according to the invention. In the embodiment example illustrated in Figure 2a, the protection device 1 p comprises, as a data processing system 3, a computer and, as a unit 6, a chip card 7 and its interface 8 commonly called a card reader . The computer 3 is connected to the unit 6 via a link 5. During the execution of a protected software 2p, the first execution part 2pes that is executed in the computer 3 and the second execution part 2peu that is executed in the card of chip 7 and its interface 8, must be functional so that the 2p protected software is fully functional. In the embodiment example illustrated in figure 2b, the protection device 1 p provides a product 9 in the general sense, comprising various elements 10 adapted to the function or functions assumed by said product 9. The protection device 1 p comprises, on the one hand, a data processing system 3 inserted into the product 9 and, on the other hand, a unit 6 associated with the product 9. For the product 9 to be fully functional, the protected software 2p must be fully functional. Thus, during the execution of the protected software 2p, the first execution part 2pes that is executed in the data processing system 3 and the second execution part 2peu that is executed in the unit 6, must be functional. This 2p protected software then indirectly allows protection against unauthorized use, the product 9 or one of its functionalities. For example, the product 9 can be an installation, a system, a machine, a toy, a household appliance, a telephone, etc. In the embodiment example illustrated in Figure 2c, the protection device 1 p includes several computers, as well as a part of a communication network. The data processing system 3 is a first computer connected by a network-type link 5, to a unit 6 constituted by a second computer. To apply the invention, the second computer 6 is used as a license server for a 2p protected software. During the execution of the protected software 2p, the first execution part 2pes that is executed in the first computer 3 and the second execution part 2peu that is executed in the second computer 6, must be functional so that the protected software 2p is. fully functional Figure 3a allows to explain more precisely the method of protection according to the invention. It should be noted that a vulnerable software 2v is considered to be executed entirely in a data processing system 3. On the contrary, in the case of the application of a protected software 2p, the data processing system 3 comprises transfer means 12 connected through the link 5, to transfer means 13 forming part of the unit 6 that allow communication between them, the first execution part 2pes and the second execution part 2peu of the protected software 2p. . It should be considered that the transfer means 12, 13 have the nature of software and / or material and are apt to ensure and eventually optimize the data communication between the data processing system 3 and the unit 6. These transfer means 12, 13 they are adapted to allow having a protected software 2p which preferably is independent of the type of link 5 used. These means transfer 12, 13 do not form part of the object of the invention and are not described more precisely, since they are known to those skilled in the art. The first part of the 2p protected software comprises commands. During execution of the protected software 2p, the execution of these commands by the first execution part 2pes allows communication between the first execution part 2pes and the second execution part 2peu. In the development of the description, these commands are represented by IN, OUT or TRIG. As illustrated in FIG. 3b, to allow application of the second execution part 2peu of the protected software 2p, the unit 6 comprises protection means 14. The protection means 14 comprises memory means 15 and processing means 16. In order to simplify the development of the description it is preferred to consider, during the execution of the protected software 2p, the presence of the unit 6 or the absence of the unit 6. In reality, a unit 6 having protection means 14 unsuitable for the execution of the second execution part 2peu of the protected software 2p is also considered as absent, every time that the execution of the protected software 2p is not correct. In other words: a unit 6 physically present and comprising means of protection 14 adapted for the execution of the second execution part 2pe of the protected software 2p, is always considered as present, a unit 6 physically present but comprising means of protection 14 misfits, that is, that do not allow the correct application of the second execution part 2peu of the protected software 2p is considered as present, when it works correctly, and as absent when it does not work correctly, and a physically absent unit 6 is always considered as absent . In the case where the unit 6 is constituted by a chip card 7 and its interface 8, the transfer means 13 are fragments in two parts where one is on the interface 8 and the other is on the chip card 7. In this mode example, the absence of the chip card 7 is considered to be equivalent to the absence of the unit 6. In other words, in the absence of the chip card 7 and / or its interface 8, the means of protection 14 are not accessible and do not allow execution of the second execution part 2peu of the protected software, so that the 2p protected software is not fully functional. According to the invention, the method of protection contemplates applying a principle of protection called by "conditional derivation" whose description is made in relation to figures 9a to 9c. For the application of the conditional derivation protection principle, at least one conditional derivation BC is selected in the vulnerable software source 2vs. Also selected is at least a portion of the vulnerable software source 2vs containing at least one conditional derivation BC selected. At least one selected portion of the vulnerable software source 2vs is then modified, in order to obtain the 2ps protected software source. This modification is such that especially during the execution of the protected software 2p: at least a portion of the first execution part 2pes, which is executed in the data processing system 3, takes into account that the functionality of at least one selected conditional derivation BC is executed in unit 6, and second execution part 2peu, which is executed in unit 6, executes at least the functionality of at least one conditional derivation BC selected and makes available to the processing system of data 3, an information that allows the first execution part 2pes, to continue its execution in the selected environment. The first execution part 2pes of the protected software 2p, executed in the data processing system 3, executes conditional derivation commands, which start in unit 6, the execution by means of the second execution part 2peu, of conditional derivations deported whose functionality is equivalent to the functionality of the selected BC conditional derivations. Figure 9a illustrates an exemplary execution of a vulnerable 2v software. In this example, during the execution of the vulnerable software 2v in the data processing system 3 at a given moment, a conditional derivation BC appears which indicates to the vulnerable software 2v the environment in which to continue its development, namely one of three possible environments B- ,, B2 or B3. It should be understood that the conditional derivation BC makes the decision to continue the execution of the software in the environment? - ?, B2 or B3. Figure 9b illustrates an application example of the invention for which the conditional derivation selected to be deported to unit 6 corresponds to the conditional derivation BC. In this example, during the execution in the data processing system 3 of the first execution part 2pes of the protected software 2p and in the presence of the unit 6, it appears: at the time ti, the execution of the conditional derivation command CBd that starts in unit 6, the execution by means of the second execution part 2peu, of the conditional derivation deported be algorithmically equivalent to the conditional derivation BC, this conditional derivation command CBCi is represented by TRIG (bc), at time t2 , the transfer of the unit 6 to the data processing system 3, of the information that allows the first execution part 2pes, to continue its execution in the selected environment, namely the environment B1: B2 or B3. It should be noted that during the execution of a portion of the first execution part 2pes of the protected software 2p, the conditional derivation commands executed in the data processing system 3 initiate the execution of corresponding deportation conditional derivations in unit 6. Thus, it turns out that in the presence of unit 6, this portion is executed correctly and that accordingly, the 2p protected software is fully functional.
Figure 9c illustrates an attempt to execute the protected software 2p, while the unit 6 is absent. In this example, during the execution in the data processing system 3 of the first execution part 2pes of the protected software 2p: at time t- ?, the execution of the conditional derivation command CBC: can not start the execution of the deported conditional derivation be, taking into account the absence of unit 6, and at time t2, the transfer of information that allows the first execution party 2pes; continue in the selected environment fails taking into account the absence of unit 6. It follows then that in the absence of unit 6, at least a request for a portion of the first part of execution 2pes to start the execution of a conditional derivation deported to unit 6, it can not be satisfied correctly, so that at least this portion is not executed correctly and accordingly, the 2p protected software is not fully functional. In the foregoing description in relation to Figures 9a to 9c, the object of the invention contemplates to deport to unit 6, a conditional derivation. Of course, a preferred embodiment of the invention may be to deport to unit 6, a series of conditional branches whose overall functionality is equivalent to the set of functionalities of conditional branches that have been deported. The execution of the global functionality of this series of conditional derivations deported leads to the provision, for the data processing system 3, of information that allows the first execution part 2pes of the protected software 2p, to continue its execution in the selected environment. According to another advantageous feature of the invention, the protection method contemplates applying a principle of protection, called by "temporary dissociation", of which a description is made in relation to figures 5a to 5e. For the application of the principle of protection by temporary dissociation, at least one algorithmic processing using at least one operand and yielding at least one result is selected from the source of the vulnerable software 2vs. Also selected is at least a portion of the vulnerable software source 2vs containing at least one selected algorithmic processing. At least a selected portion of the vulnerable software source 2vs is then modified, in order to obtain the source of the protected 2ps software. This modification is such that especially: during the execution of the protected software 2p, at least a portion of the first execution part 2pes, which is executed in the data processing system 3, takes into account that the functionality of at least one selected algorithmic processing is executed in unit 6, during execution of the protected software 2p, the second execution part 2peu, which is executed in unit 6, executes at least the functionality of at least one selected algorithmic processing, during execution of the protected 2p software, each selected algorithmic processing is fragmented into several distinct stages, namely: stage 1: the arrangement of the operand (s) for unit 6, stage 2: the realization in unit 6, of the functionality of the algorithmic processing selected that uses this or these operands, and stage 3: eventually, the arrangement through unit 6 for the processing system Data processing 3, from the selected algorithmic processing result, stage commands are defined to start the execution of the stages, and an ordering of the stage commands is selected among the assembly of orderings that allow the execution of the protected software 2p. The first execution part 2pes of the protected software 2p, which is executed in the data processing system 3, executes the step commands, starting in unit 6, execution by means of the second execution part 2peu, of each one of the previously defined stages. Figure 5a illustrates an exemplary execution of a vulnerable 2v software. In this example, in the course of executing the vulnerable software 2v, in the data processing system 3, at a given time, the calculation of Z <resultsj) F (X, Y) corresponding to the assignment to a variable Z of the result of an algorithmic processing represented by a function F and using operands X and Y. FIG. 5b illustrates an example of application of the invention for which the algorithmic processing selected in figure 5a is deported to the unit 6. In this example, during the execution in the data processing system 3 of the first execution part 2pes of the protected software 2p and in the presence of the unit 6, it appears: at time ti, stage 1, namely the execution of a stage command CEi that initiates the transfer of data X and Y from the data processing system 3 to the memory areas respectively x and y located in the memory means 15 of unit 6, this stage command CEi is represented by OUT (x, X), OUT (y, Y), at time t2, stage 2, namely the execution of a stage command CE2 that starts in unit 6, the execution by means of l the second part of execution 2peu, of the function f, this function f being algorithmically equivalent to the function F and this stage command CE2 is represented by TRIG (f). More precisely, the execution of the stage command CE2 leads to the execution of the function f which serves the content of the memory areas x and y, and outputs its result in a zone of memory z of unit 6, and at the moment Í3, step 3, namely the execution of a stage command CE3 that initiates the transfer of the result of the function f, contained in the memory zone z of the unit 6 to the data processing system 3 for the purpose of assign it to variable Z, this stage command CE3 is represented by IN (z). In the illustrated example, steps 1 to 3 are executed in succession. It should be noted that two improvements can be made: The first improvement refers to the case where several algorithmic processes are deported to unit 6 and at least the result of an algorithmic processing is used by another algorithmic processing. In this case, certain stages of transfer can be eventually suppressed. The second improvement considers opting for a pertinent ordering of stage commands among the set of orderings that allow the execution of the 2p protected software. In this regard, it is preferable to select an ordering of stages commands that temporarily dissociate the execution of stages, interspersing, among them portions of code executed in the data processing system 3 and comprising, or not, stage commands that serve for the determination of other data. Figures 5c and 5d illustrate the principle of said modality. Figure 5c shows an exemplary execution of a vulnerable 2v software. In this example, during the execution of the vulnerable software 2v, in the data processing system 3, the execution of two algorithmic processing leads to the determination of Z and Z ', such as Z < j > F (X, Y) and Z '< j > F '(X \ Y').
Figure 5d illustrates an example of application of the method according to the invention for which the two algorithmic processing selected in Figure 5c are deported to unit 6. According to said example, during execution in the data processing system 3, of the first execution part 2pes of the protected software 2p, and in the presence of the unit 6, appears, as explained above, the execution of the stage commands CE-i, CE2, CE3 corresponding to the determination of Z and of stage commands CE'i, CE'2, CE'3 corresponding to the determination of Z '. As illustrated, the CE-, CE-3 stage commands are not executed consecutively in the measurement of the stage commands CE'i to CE'3, so other portions of code are interspersed. In the example, the following ordering is also modalized: CE-i, interleaved code portion, CE2, interleaved code portion, CE'-i, interleaved code portion, CE'2, interleaved code portion, CE'3, interleaved code portion, CE3. It should be noted that, during the execution of the protected software 2p, in the presence of the unit 6, each time a stage command contained in a portion of the first execution part 2pes of the protected software 2p imposes it, the corresponding stage is executed in unit 6. Thus, it turns out that in the presence of unit 6, this portion is executed correctly and that accordingly, the 2p protected software is fully functional. Figure 5e illustrates an example of attempted execution of the protected software 2p, while the unit 6 is absent. In this example, during the execution in the data processing system 3 of the first execution part 2pes of the protected software 2p: at the time ti, the execution of the stage command OUT (x, X), OUT (y, Y ) can not initiate the transfer of data X and Y to the respective memory areas x and y taking into account the absence of unit 6, at time t2, the execution of the TRIG stage command (f) can not start the execution of the function f, taking into account the absence of unit 6, and at time t3, the execution of the stage command lN (z) can not initiate the transfer of the result of function f, taking into account the absence of unit 6 It follows then that in the absence of the unit 6, at least a request for a portion of the first execution part 2pes to start the execution of a stage in unit 6, can not be correctly satisfied, so that at least this portion is not executed correctly and in consecu However, the 2p protected software is not fully functional. According to another advantageous feature of the invention, the method of protection contemplates applying a principle of protection called by "variable" of which a description is made in relation to figures 4a a 4d. For the application of the principle of protection by variable, it is selected in the source of the vulnerable software 2vs, at least one variable that during the execution of the vulnerable software 2v, partially defines the state of this one. By software status, the set of information must be understood, at a given moment, necessary for the complete execution of this software, so that the absence of said selected variable harms the complete execution of this software. Also selected is at least a source portion of the vulnerable software 2vs containing at least one selected variable. At least a selected portion of the vulnerable software source 2vs is then modified, in order to obtain the 2ps protected software source. This modification is such that during the execution of the protected software 2p, at least a portion of the first execution part 2pes that is executed in the data processing system 3, takes into account that at least one variable selected or at least a copy of the selected variable resides in unit 6. Figure 4a illustrates an exemplary execution of a vulnerable 2v software. In this example, it appears during the execution of the vulnerable software 2v in the data processing system 3: at the time ti, the assignment of the data X to the variable \ ?, represented by V-? F ?, in the moment t2, the assignment of the value of the variable \ to the variable Y, represented by Y <; j > V-¡, at time t3, the assignment of the value of variable Vi to variable Z, represented by? F? 1. Figure 4b illustrates an example of a first form of application of the invention for which the variable resides in unit 6. In this example, during execution in the data processing system 3 of the first execution part 2pes of software protected 2p, and in the presence of unit 6, it results: at the time ti, the execution of a transfer command that initiates the transfer of the data X from the data processing system 3 to the variable vi located in the memory means 5 of the unit 6, this transfer command is represented by OUT (vi, X) and corresponds at the end to the assignment of the data X to the variable vi, at the time Í2, the execution of a transfer command that initiates the transfer of the value of the variable Vi residing in unit 6 to the data processing system 3 in order to assign to variable Y, this transfer command is represented by IN (vi) and corresponds at the end to the assignment from the value of the variable vi to the variable Y, and at the time t3, the execution of a transfer command that initiates the transfer of the value of the variable v-, which resides in the unit 6 to the data processing system 3 in order to assign it to the variable Z, this transfer command is represented by IN (vi) and corresponds at the end to the assignment of the value of the variable vi to the variable Z. It should be noted that during the execution of the 2p protected software, at least one variable resides in unit 6. Thus, when a portion of the first execution part 2pes of the protected software 2p imposes it, and in the presence of unit 6, the value of this variable residing in unit 6 is transferred to the data processing system 3 to be used by the first execution part 2pes of the protected software 2p, so that this portion is executed correctly and consequently, the 2p protected software is fully functional to the. Figure 4c illustrates an example of a second form of application of the invention for which a copy of the variable resides in unit 6. In this example, during execution in data processing system 3 of the first part of execution 2pes of the protected software 2p, and in the presence of the unit 6, it appears: at the time ti, the assignment of the data X to the variable Vi located in the data processing system 3, as well as the execution of a transfer command which initiates the transfer of the data X from the data processing system 3 to the variable vi located in the memory means 5 of the unit 6, this transfer command being represented by OUT (vi, X), at the time Í2, the assignment of the value of variable Vi to variable Y, and at time .3, the execution of a transfer command that initiates the transfer of the value of variable Vi residing in unit 6 to data system 3 with the end of asign set to variable Z, this transfer command is represented by IN (vi).
It should be noted that during the execution of the 2p protected software, at least one copy of a variable resides in unit 6. Thus, when a portion of the first execution part 2pes of the 2p protected software imposes it, and in the presence of the unit 6, the value of this copy of variable residing in unit 6 is transferred to the data processing system 3 to be used by the first execution part 2pes of the protected software 2p, so that this portion is executed correctly and that consequently, 2p protected software is fully functional. Figure 4d illustrates an example of attempted execution of the protected software 2p, while the unit 6 is absent. In this example, during the execution in the data processing system 3 of the first execution part 2pes of the protected software 2p: at the time ti, the execution of the transfer command OUT (vi, X) can not initiate the transfer of the data X towards the variable vi, taking into account the absence of the unit 6, at time t2, the execution of the transfer command I (-3) can not initiate the transfer of the value of the variable v-, towards the system of data processing 3, taking into account the absence of unit 6, and at time t3l the execution of the transfer command IN (v-i) can not initiate the transfer of the value of the variable Vi to the data processing system 3, taking into account the absence of the unit 6.
It follows then that in the absence of the unit 6, at least a request for a portion of the first execution part 2pes to use a variable or a variable copy residing in the unit 6, can not be satisfied correctly, so that at least this portion is not executed correctly and as a consequence, the 2p protected software is not fully functional. It should be noted that the data transfers between the data processing system 3 and the unit 6 illustrated in the previous examples only use simple assignments, but the person skilled in the art will know how to combine it with other operations to arrive at complex operations such as for example OUT (v1, 2 * X + 3) or Z < j > (5 * v1 + v2). According to another advantageous feature of the invention, the method of protection contemplates applying a principle of protection, called by "elementary functions", of which a description is made in relation to figures 6a to 6e. For the application of the principle of protection by elementary functions, it is defined: a set of elementary functions in which the elementary functions are capable of being executed, by means of the second execution part 2peu, in unit 6, and eventually to transfer data between the data processing system 3 and the unit 6, and a set of elementary commands for this set of elementary functions, these elementary commands are capable of being executed in the data processing system 3 and of starting the execution in the unit 6, of the corresponding elementary functions. For the application of the principle of protection by elementary functions, utilization means are also constructed that allow transforming a virgin unit 60 into a unit 6 capable of executing the elementary functions, the execution of these elementary functions being initiated by the execution in the system of data processing 3, of elementary commands. For the application of the principle of protection by elementary functions, at least one algorithmic processing that uses at least one operand and that yields at least one result is also selected at the source of the vulnerable software 2vs. Also selected is at least a portion of the vulnerable software source 2vs containing at least one selected algorithmic processing. At least a selected portion of the vulnerable software source 2vs is then modified, in order to obtain the 2ps protected software source. This modification is such that especially: during the execution of the protected software 2p, at least a portion of the first execution part 2pes, which is executed in the data processing system 3, takes into account that the functionality of at least one selected algorithmic processing is executed in unit 6, during the execution of the protected software 2p, the second execution part 2peu, which is executed in unit 6, executes at least the functionality of at least one selected algorithmic processing, each selected algorithmic processing is fragmented so that during the execution of the protected software 2p, each selected algorithmic processing is executed, by means of the second execution part 2peu, using elementary functions. Preferably, each selected algorithmic processing is fragmented into elementary functions fen (with n varying from 1 to N), namely: possibly one or more elementary functions that allow the arrangement of one or more operands for unit 6, elementary functions in where some use the operand (s) and which, in combination, execute the functionality of the selected algorithmic processing, using this or these operands, and eventually one or more elementary functions that allow the disposition by the unit 6, for the data processing system 3 of the selected algorithmic processing result, and an ordering of the elementary commands is selected among the set of orderings that allow the execution of the protected software 2p. The first execution part 2pes of the protected software 2p that is executed in the data processing system 3 executes elementary CFEn commands (with n varying from 1 to N), which starts in unit 6, execution by means of the second part of execution 2peu, of each of the elementary functions fen defined above. Figure 6a illustrates an exemplary execution of a vulnerable 2v software. In this example, during the execution of the vulnerable software 2v in the data processing system 3, at a given moment, the calculation of Z <appearsj) F (X, Y) corresponding to the assignment of a variable Z of the result of an algorithmic processing represented by a function F and using the operands X and Y. Figure 6b illustrates an example of application of the invention for wherein the algorithmic processing selected in Figure 6a is deported to unit 6. In this example, during execution in the data processing system 3 of the first execution part 2pes of the protected software 2p and in the presence of the unit 6 , appears: at times t-? , Í2, the execution of the elementary commands CFE-i, CFE2 that start in unit 6, the execution by means of the second execution part 2peu, of elementary functions fe-i, fe2 corresponding that ensure the transfer of data X, And from the data processing system 3 to the memory areas respectively x, and located in the memory means 15 of the unit 6, these elementary commands CFEi, CFE2 are respectively represented by OUT (x, X), OUT (and , Y), at times t3 to Í -I, the execution of the elementary commands CFE3 to CFEN-i, which start in unit 6, execution by means of the second execution part 2peu, from elementary functions fe3 to feN -i corresponding, these elementary commands CFE3 to CFEN_i are represented, respectively, by TRIG (fe3) to TRIG (feN-). The development of the elementary functions fe3 a fe ^ i executed in combination is algorithmically equivalent to the function F. More precisely, the execution of these elementary commands leads to the execution in unit 6, of elementary functions fe3 that are served of the contents of the memory areas x, yy that yield the result in a zone of memory z of unit 6, and at the time tN, the execution of an elementary command CFEN that starts in unit 6, execution by means of the second execution part 2peu, of the elementary function fe ensuring the transfer of the result of the algorithmic processing, contained in the memory area z of the unit 6 to the data processing system 3, in order to assign it to the variable Z , this elementary command CFEN is represented by IN (z). In the illustrated example, the elementary commands 1 to N are executed successively. It should be noted that two improvements can be made: The first improvement refers to the case where several algorithmic processes are deported to unit 6 and at least the result of an algorithmic processing is used by another algorithmic processing. In this case, some elementary commands that serve for the transfer, can be eventually deleted. The second improvement contemplates opting for a pertinent ordering of elementary commands among the set of orders that allow the execution of protected 2p software. In this regard, it is preferable to select an array of elementary commands that temporarily dissociate the execution of the elementary functions, interspersing, among them, portions of code executed in the data processing system 3 and comprising or not elementary commands that serve the determination of other data. Figures 6c and 6d illustrate the principle of said modality. Figure 6c shows an exemplary execution of a vulnerable software 2v. In this example, during the execution of the vulnerable software 2v, in the data processing system 3, the execution of two algorithmic processing leads to the determination of Z and Z ', such as ZéF (X, Y) and Z'CJJF '(?',? '). Figure 6d illustrates an example of application of the method according to the invention for which the two algorithmic processing selected in Figure 6c are deported to unit 6. According to said example, during execution in the data processing system 3 of the first execution part 2pes of the protected software 2p and in the presence of the unit 6, appears, as explained above, the execution of the elementary commands CFEi to CFEN corresponding to the determination of Z and the execution of elementary commands CFE'-i to CFE 'corresponding to the determination of Z'. As illustrated, the elementary commands CFEi to CFEN are not executed consecutively, in the measurement of the elementary commands CFE'i to CFE ', so other portions of code are interspersed. In the example, the following ordering is also modalized: CFE-¡, interleaved code portion, CFE'i, CFE2, interleaved code portion, CFE'2l CFE'3l interleaved code portion, CFE'4l CFE3, CFE4 CFEN, CFE'M. It should be noted that during the execution of the protected software 2p, in the presence of the unit 6, each time an elementary command contained in a portion of the first execution part 2pes of the protected software 2p imposes it, the corresponding elementary function is executed in the unit 6. Thus, it appears, that in the presence of unit 6, this portion is executed correctly and that accordingly, the 2p protected software is fully functional. Figure 6e illustrates an example of attempted execution of the protected software 2p, while the unit 6 is absent. In this example, during the execution in the data processing system 3, of the first execution part 2pes of the protected software 2p, at all times, the execution of an elementary command can not initiate the execution of the corresponding elementary function, because of the absence of unit 6. The value to assign to variable Z can not then be determined correctly. It then appears, that in the absence of the unit 6, at least a request for a portion of the first execution part 2pes of the protected software 2p, to start the execution of an elementary function in the unit 6 can not be correctly satisfied, of so that at least this portion is not executed correctly and that accordingly, the 2p protected software is not fully functional. According to another advantageous feature of the invention, the method of protection contemplates applying a principle of protection, called by "detection and coercion", of which a description is made in relation to figures 7a to 7e. For the application of the principle of protection by detection and coercion, it is defined: at least one software execution feature that can be monitored at least in part in unit 6, at least one criterion to be obeyed for at least one characteristic software execution means, detecting means 17 for applying to unit 6 and detecting that at least one software execution feature does not obey at least one associated criterion, and means of coercion 18 to apply in unit 6 and that they allow to inform the data processing system 3 and / or to modify the execution of a software, when at least one criterion is not obeyed. For the application of the principle of protection by detection and coercion, means of exploitation are also constructed that allow transforming a virgin unit 60 into a unit 6 by applying at least the detection means 17 and the means of coercion 8.
Figure 7a illustrates the means necessary for the application of this principle of protection by detection and coercion. The unit 6 comprises detection means 17 and the coercion means 18 belonging to the processing means 16. The means of coercion 18 are informed of not obeying a criterion by the detection means 17. More precisely, the detection means 17 uses information from the transfer means 13 and / or the memory means 15 and / or the processing means 16, in order to monitor one or more software execution features. At each software execution feature, at least one criterion to be followed is fixed. In the case where it is detected that at least one software execution feature does not obey at least one criterion, the detection means 17 inform the coercion means 18. These coercion means 18 are adapted to modify, in the manner of appropriate, the state of the unit 6. For the application of the principle of protection by detection and coercion, it is also selected: at least one software execution characteristic to be monitored, among the execution characteristics capable of being monitored, at least a criterion to be followed for at least one selected software execution feature, at the source of the vulnerable software 2vs, at least one algorithmic processing for which at least one software execution feature is monitored, and at the source of the software vulnerable 2vs, at least one portion containing at least one selected algorithmic processing. At least a selected portion of the vulnerable software source 2vs is then modified, in order to obtain the source of the protected 2ps software. This modification is such that especially during the execution of the protected software 2p: at least a portion of the first execution part 2pes, which is executed in the data processing system 3, takes into account that at least one characteristic of selected software execution, at least in part in the unit 6, and the second execution part 2peu, which is executed in the unit 6, monitors at least in part, a selected software execution feature. During the execution of the protected software 2p, protected by this principle of protection by detection coercion, in the presence of the unit 6: as all the criteria corresponding to all the supervised execution characteristics of all the modified portions of the protected software 2p are obeyed, these Modified portions of the 2p protected software work nominally, and accordingly, the 2p protected software works nominally, and if at least one of the criteria that corresponds to a monitored execution feature of a portion of the 2p protected software is not obeyed, the data processing system 3 is informed and / or the operation of the portion of the protected software 2p is modified, so that the operation of the protected software 2p is modified. Of course, in the absence of the unit 6, at least one request for a portion of the first execution part 2pes of the protected software 2p to use the unit 6 can not be satisfied correctly, so that at least this portion is not run correctly and as a result, the 2p protected software is not fully functional. For the application of the principle of protection by detection and coercion, two types of software execution features are preferably used. The first type of software execution characteristic corresponds to a measurement variable of the execution of a software and the second type corresponds to a profile of use of a software. These two types of characteristics can be used independently or in combination. For the application of the principle of protection by detection and coercion that it uses as execution characteristic, a measurement variable of the software execution, is defined: in the memory means 15, the possibility of memorizing at least one measurement variable that serves to quantify the use of at least one software functionality, in the media of detection 17, the possibility of monitoring at least one threshold associated with each measurement variable, and updating means that allow each measurement variable to be updated according to the use of the functionality to which it is associated. Advantageous means are also constructed which apply, in addition to the detection means 17 and the coercion means 18, the updating means. It is also selected, at the source of the vulnerable software 2vs: at least one vulnerable software functionality 2v where the use is subject to be monitored thanks to a variable of measurement, at least one variable of measurement that serves to quantify the use of said functionality, at least one threshold associated with the measurement variable that corresponds to a limit of use of said functionality, and at least one method of updating the measurement variable based on the use of said functionality. The source of the vulnerable software 2vs is then modified, in order to obtain the protected software source 2ps, this modification being such that during the execution of the protected software 2p, the second execution part 2peu: updates the measurement variable according to the use of said functionality, and takes into account at least an excess of threshold. In other words, during the execution of the protected software 2p, the measurement variable is updated according to the use of said functionality, and while the threshold is exceeded, the detection means 17 inform the coercion means 18 that they make an adapted decision for informing the data processing system 3 and / or modifying the processing carried out by the processing means 6 that allow modifying the operation of the protected software portion 2p, so as to modify the operation of the protected software 2p. For the application of a first preferred variant of the principle of protection by detection and coercion that uses, as a characteristic, a measurement variable, it is defined: for at least one measurement variable, several associated thresholds, and different coercion means that correspond to each of these thresholds. It is also selected, at the source of the vulnerable software 2vs: at least one measurement variable that serves to quantify the use of at least one software functionality and to which several thresholds corresponding to the different limits of use of said software must be associated. functionality, and at least two thresholds associated with the measurement variable. The source of the vulnerable software 2vs is then modified, in order to obtain the source of the protected software 2ps, this modification being such that during the execution of the protected software 2p, the second execution part 2peu: updates the measurement variable according to the use of said functionality, and takes into account, in a different way, the surpluses of different thresholds. In other words, as a rule, during the execution of the protected software 2p, while the first threshold is exceeded, the unit 6 informs the data processing system 3 ordering the protected software 2p not to use this functionality anymore. If 2p protected software continues to use this functionality, the second threshold may be exceeded. In the case where the second threshold is exceeded, the coercion means 18 may render the selected functionality inoperative and / or render the protected software 2p inoperative. For the application of a second preferred variant of the principle of protection by detection and coercion using, as a characteristic, a measurement variable, recharging means are defined that allow at least one complementary use to be accredited for at least one monitored software functionality by a measurement variable. It also builds means of exploitation that apply, in addition to the detection means 17, coercion means 18 and updating means, the recharging means. Also selected, at the source of the vulnerable software 2vs, at least one measurement variable that serves to limit the use of at least one functionality of the software and to which at least one complementary use must be accredited. The source of the vulnerable software 2vs is then modified, in order to obtain the source of the protected software 2ps, this modification being such that in a so-called recharge phase, at least one complementary use of at least one functionality corresponding to a variable of Selected measurement can be accredited. In the recharging phase, the updating of at least one selected measurement variable and / or of at least one associated threshold is proceeded, in order to allow at least a complementary use of the corresponding functionality. In other words, it is possible, in the recharge phase, to prove the complementary uses of at least one functionality of the 2p protected software. For the application of the principle of protection by detection and coercion using, as a characteristic, a software use profile, it is defined as a criterion to be followed for this use profile, at least one software execution feature. It is also selected, at the source of the vulnerable software 2vs: at least one user profile to be monitored, and at least one execution characteristic that must obey at least one selected usage profile. The source of the vulnerable software 2vs is then modified, in order to obtain the source of the protected software 2ps, this modification being such that during the execution of the protected software 2p, the second execution part 2peu, obeys all the selected execution characteristics. In other words, the unit 6 monitors the manner in which the second execution part 2peu is executed and can inform the data processing system 3 and / or modify the operation of the protected software 2p, in the case where it is not obeyed at least one execution characteristic. During the execution of the protected software 2p, protected by this principle, in the presence of the unit 6: while all the execution characteristics of all the modified portions of the 2p protected software are obeyed, these modified portions of the 2p protected software function nominally and accordingly, the protected software 2p functions in a nominal manner, and if at least one execution characteristic of a protected software portion 2p is not obeyed, the data processing system 3 is informed and / or the operation of the portion of the 2p protected software is modified, so that the operation of the 2p protected software is modified. The monitoring of different execution characteristics can be contemplated, such as for example the monitoring of the presence of instructions comprising a marker or the monitoring of the execution chain for at least part of the instructions. For the application of the principle of protection by detection and coercion that they use as execution characteristic to obey, the monitoring of the chain of execution for at least part of the instructions, is defined: a set of instructions where the instructions are likely to be executed in unit 6, a set of instruction commands for this set of instructions, these instruction commands are capable of being executed in the data processing system 3. The execution of each of these instruction commands in the system of data processing 3 starts in unit 6, the execution of the corresponding instruction, means of detection 17 that allow detecting that the chaining of the instructions does not correspond to that desired, and means of coercion 18 that allow informing the data processing system 3 and / or to modify the execution of a software when the chain of instructions does not correspond to that desired. It also builds means of exploitation that allow, in unit 6, further execute the instructions of the instruction set, - the execution of these instructions is initiated by the execution in the data processing system 3 of command commands.
It is also selected, at the source of the vulnerable software 2vs, at least one algorithmic processing that gets deported to unit 6 and for which the chaining of at least a part of the instructions is to be monitored. The source of the vulnerable software 2vs is then modified in order to obtain the source of the protected software 2ps, this modification is such that during the execution of the protected software 2p: the second execution part 2peu executes at least the functionality of the selected algorithmic processing, the selected algorithmic processing is fragmented into instructions, the chaining is specified to be obeyed by at least some of the instructions during execution in unit 6, and the first execution part 2pes of the protected software 2p executes command commands that initiate execution of instructions in unit 6. During the execution of the protected 2p software, protected by this principle, in the presence of unit 6: while the chaining of the instructions of all the modified portions of the 2p protected software corresponds to that desired, these portions Modified Software 2p works n nominally and accordingly, the protected software 2p works nominally, and if the chaining of the instructions of a portion of protected software 2p executed in the unit 6 does not correspond to that desired, the data processing system 3 is information and / or operation of the 2p protected software portion is modified, so that the operation of the protected 2p software is modified. Figure 7b illustrates an example of application of the principle of protection by detection and coercion that they use, as execution characteristic to obey the monitoring of the execution chain of at least a part of the instructions, in the case where the chain is obeyed wanted. The first execution part 2pes of the protected software 2p, executed in the data processing system 3, executes instruction commands C! ¡That start, in unit 6, the execution of instructions i¡ that belong to the set of instructions. In the set of instructions, at least some of the instructions comprise each one, a part that defines the functionality of the instruction and a part that allows to verify the desired chain for the execution of instructions. In this example, the instruction commands Cl¡ are represented by TRIG (¡¡) and the desired sequence for the execution of instructions is in, ¡n + 1 and in + 2. The execution in unit 6 of the instruction in gives the result a, and the execution of the instruction in + 1 gives the result b. The instruction in + 2 uses as operand, the results a and b of the instructions in and ¡n + i and its execution gives the result c.
Bearing in mind that this chain of instructions executed in unit 6 corresponds to that desired, a normal or nominal operation of the protected 2p software is provided. Figure 7c illustrates an example of application of the principle of protection by detection and coercion that uses, as execution characteristic to obey, the monitoring of the execution chain of at least a part of the instructions, in the case where it is not obeyed the desired chain. According to this example, the desired chain for the execution of instructions is always in, ¡n + i and ¡n + 2- However, the chain of execution of the instructions is modified by the replacement of the instruction in by the instruction i 'n, so that the chaining effectively executed is i'n, in + i and ¡n + 2- The execution of the instruction i'n gives the result a, that is, the same result as the execution of the instruction in. However, later during the execution of the in + 2 instruction, the detection means 7 detect that the instruction i'n does not correspond to the desired instruction to generate the result a used as operand of the instruction in + 2. The means of detection 17 inform the coercion means 18 that they modify accordingly, the operation of the instruction in + 2, so that the execution of the instruction in + 2 gives the result c 'which may be different from c. Of course, if the execution of the instruction i'n gives a result a 'different from the result a of the instruction in, it is clear that the result of the instruction in + 2 may also be different from c.
To the extent that the sequence of execution of the instructions executed in unit 6 does not correspond to that desired, a modification of the operation of the protected software 2p can be obtained. Figures 7d and 7e illustrate a preferred variant of the principle of protection by detection and coercion that use, as an execution characteristic to obey, the monitoring of the execution chain of at least a part of the instructions. According to this preferred variant, an instruction set is defined in which at least some instructions work on registers and use at least one operand in order to produce a result. As illustrated in Figure 7d, a part PF that defines the functionality of the instruction and a part PE that defines the desired chain for the execution of the instructions is defined for at least some of the instructions working on registers. The part PF corresponds to the operation code known to the person skilled in the art. The PE part that defines the desired chain comprises bit fields corresponding to: an identification field of the instruction CU, and for each operand k of the instruction, with k varying from 1 to K, and K number of operands of the instruction: a CDk flag field indicating whether it is convenient to verify the origin of operand k, and an expected identification field CIPk of the operand, indicating the expected identity of the instruction that generated the content of the operand. operating k. As illustrated in Figure 7e, the set of instructions comprises V records belonging to the processing means 16, each record is named Rv, with v varying from 1 to V. For each record Rv, two fields are defined, namely : a functional field CFV, known to the person skilled in the art and that allows to store the result of the execution of instructions, and a generated identification field CIGV, which allows to memorize the identity of the instruction that has generated the content of the functional field CFV . This generated identification field CIGV is automatically updated with the content of the identification field of the CU instruction having generated the functional field CFV. This generated identification field CIGV is not accessible, nor can be modified by any instruction and serves only for the detection means 17. During the execution of an instruction, the detection means 17 perform the following operations for each operand k: the field is read CDK flag, if the CDK flag field imposes it, the expected identification field CiPk and the generated identification field CIGV corresponding to the record used for operand k are both read, the equality of the two fields CIPk and CIG is controlled, and if the equality is false, the means of detection 17 consider that the chain of execution of instructions has not been obeyed. The means of coercion 18 make it possible to modify the result of the instructions when the detection means 17 inform them of a chain of instructions not obeyed. A preferred embodiment is to modify the functional part PF of the instruction during execution or the functional part PF of further instructions. According to another advantageous feature of the invention, the method of protection contemplates applying a principle of protection, called by "renaming", of which a description is made in relation to figures 8a to 8f. For the 'application of the principle of protection by renaming, it is defined: a set of dependent functions, where the dependent functions are capable of being executed, by means of the second execution part 2peu, in unit 6, and eventually to transfer data between the data processing system 3 and unit 6, this set of dependent functions can be finite or infinite, a set of initiating commands for these dependent functions, these initiating commands are capable of being executed in the data processing system 3 and of starting in unit 6, the execution of corresponding dependent functions, for each initiating command, an order corresponding at least in part to the information transmitted by the first execution part 2pes, to the second execution part 2peu, in order to start execution of the corresponding dependent function, this order is presented in the form of at least one argument of the initiating command, a renaming method of orders intended to be applied during the modification of the vulnerable software, this method allows to rename the orders in order to obtain initiating commands for reordered orders that allow to disguise the identity of the corresponding dependent functions, and means of restoration 20 destined to be applied in a unit 6 during the use phase and that allow to find the order i Initial, from the renamed order, in order to find the dependent function to execute. For the application of the principle of protection by renaming, means of use are also constructed that allow transforming a virgin unit 60 into a unit 6 by applying at least the means of restoration 20. For the application of the principle of protection by rename, it is also selected , at the source of vulnerable software 2vs: at least one algorithmic processing that uses at least one operand and that yields at least one result, and at least a portion of the vulnerable software source 2vs, which contains at least one processing algorithmic selected. The source of the vulnerable 2vs software is then modified, in order to obtain the 2ps protected software source. This modification is such that especially: during the execution of the protected software 2p, at least a portion of the first execution part 2pes, which is executed in the data processing system 3, takes into account that the functionality of at least a selected algorithmic processing is executed in unit 6, during execution of the protected software 2p, the second execution part 2peu, which is executed in unit 6, executes at least the functionality of at least one selected algorithmic processing, each processing The algorithmic selected is fragmented so that during the execution of the protected software 2p, each selected algorithmic processing is executed, by means of the second execution part 2peu, using dependent functions. Preferably, each selected algorithmic processing is fragmented into dependent functions fdn (with n varying from 1 to N), namely: possibly one or more dependent functions that allow the arrangement of one of more operands for unit 6, dependent functions where some use the operand (s) and in combination, execute the functionality of the selected algorithmic processing, using this or these operands, and eventually one or more dependent functions that allow the arrangement for the unit 6, for the data processing system 3 of the result of the algorithmic processing selected, during execution of the protected software 2p, the second execution part 2peu executes the dependent functions fdn, during the execution of protected software 2p, the dependent functions are initiated by initiating commands in reordered orders, and a ordering of these initiating commands between the set of orders that allow the execution of the protected software 2p. The first execution part 2pes of the protected software 2p, executed in the data processing system 3, executes initiating commands to reordered orders transferring to the unit 6 renamed orders, and which starts in unit 6, the reestablishment through means of reset 20, of orders, then the execution by means of the second execution part 2peu, of each of the previous functions fdn previously defined. In other words, the principle of protection by renaming consists of renaming the commands of initiating commands, in order to obtain initiating commands in reordered orders where the execution in the data processing system 3, starts in unit 6, the execution of dependent functions that will have been initiated by the initiating commands in unrecognized orders, however, without the examination of the protected software 2p not allowing to determine the identity of dependent functions executed. Figure 8a illustrates an example of running a vulnerable 2v software. In this example, during the execution of the vulnerable software 2v appears in the data processing system 3, at a given time, the calculation of Z <; j > F (X, Y) corresponding to the assignment to a variable Z of the result of an algorithmic processing represented by a function F and using the operands X and Y. Figures 8b and 8c illustrate an application example of the invention. Figure 8b illustrates the partial application of the invention. In this example, during the execution in the data processing system 3 of the first execution part 2pes of the protected software 2p and in the presence of the unit 6, it appears: at times ti, t2, the execution of the initiating commands CD - \, CD2 starting in unit 6, the execution by means of the second execution part 2peu, corresponding fd-i, fd2 dependent functions that ensure the transfer of data X, Y from the data processing system 3 to memory areas respectively x, and located in the memory means 15 of the unit 6, these initiating commands CD-? , CD2 are represented respectively by OUT (x, X), OUT (y, Y), at times t3 to tN.-i, the execution of initiating commands CD3 to CDN-i, which start in unit 6, execution by means of the second execution part 2peu, of corresponding fd3 to fdN-i dependent functions, these initiating commands CD3 to CDN-I are represented, respectively, by TRIG (fd3) to TRIG (fdN-i). The development of the dependent functions fd3 to fdN-i executed in combination is algorithmically equivalent to the function F. More precisely, the execution of these initiating commands leads to the execution in unit 6 of dependent functions fd3 to fdN-i that use the content of the memory areas x, yy throw the result in a memory area z of unit 6, and at the time †, the execution of a CDN initiator command that starts in unit 6, execution by means of the second execution part 2peu, of the dependent function fd which ensures the transfer of the result of the algorithmic processing contained in the memory zone z of the unit 6 to the data processing system 3, in order to assign it to the variable Z, this command is represented by IN (z). In this example, to fully apply the invention, the first argument of the OUT initiator commands and the argument of the TRIG and IN initiator commands are selected as order. The orders thus selected are renamed by the order rename method. In this way, commands from CD ^ to CDN initiator commands namely x, y, fd3,, z are renamed so as to respectively obtain R (x), R (y), R (fd3) ..., R ( fdN-i), R (z). Figure 8c illustrates the complete application of the invention. In this example, during the execution in the data processing system 3, of the first execution part 2pes of the protected software 2p, and in the presence of the unit 6, it appears: in the moments ti, Í2, the execution of initiating commands in reordered CDCR- ?, CDCR2 orders that transfer to unit 6, the renamed orders R (x), R (y) as well as data X, Y start in unit 6 the restoration by means of reset means 20, of reordered orders to re-establish the commands, namely, the identity of memory areas x, and, from execution by means of the second execution part 2peu, of corresponding fd-i, fd2 dependent functions that ensure the transfer of X data , And from the data processing system 3 to the memory areas respectively x, and located in the memory means 5 of the unit 6, these initiating commands in orders CDCR- ?, CDCR2 are respectively represented by OUT (R (x), X), OUT (R (y), Y), at times t3 to ÍN-I, the execution of initiating commands on orders renamed CDCR3 to CDCRN-1, which transfer to unit 6, the renamed orders R (fd3) to R (fdN-i), initiating in unit 6 the restoration by means of reset means 20, namely, fd3 to fdN-1 j from execution by means of the second 2peu execution part, of dependent functions fd3 to fdN - i, these initiating commands on renamed CDCR3 to CDCRN_i commands are respectively represented by TRIG (R (fd3)) to TRIG (R (fdN - 1)), and at the time ÍN, the execution of the initiator command in order renamed CDCRN that transfers to unit 6, the renamed command R (z) initiating in unit 6 the restoration by means of reset means 20, of the order, namely, the identity of the memory area z, from the execution by means of the second execution part 2peu, of the dependent function fd which ensures the transfer of the result of the algorithmic processing contained in the memory area z of the unit 6 to the data processing system 3 with the In order to assign it to the variable Z, this initiating command in order renamed CDCRN is represented by IN (R (z)). In the example illustrated, the initiating commands in orders renamed 1 through N are executed successively. It should be noted that two improvements can be made: The first improvement refers to the case where several algorithmic processes are deported to unit 6 and at least the result of an algorithmic processing is used by another algorithmic processing. In this case, certain initiating commands in renamed commands that are used for the transfer can be eventually deleted. The second improvement involves opting for a relevant ordering of the initiating commands in renamed orders among the set of orders that allow the execution of the protected 2p software. In this regard, it is preferable to select an ordering of initiating commands in reordered orders that temporarily dissociate the execution of dependent functions, interleaving between them portions of code executed in the data processing system 3 and comprising or not initiating commands in renamed orders that serve for the determination of other data. Figures 8d and 8e illustrate the principle of said mode. Figure 8d shows an exemplary execution of a vulnerable 2v software. In this example, during the execution of vulnerable software 2v, in the data processing system 3, the execution of two algorithmic processes leading to the determination of Z and Z ', such as Zcj >, appear; F (X, Y) and? 'F? ? ',?'). Figure 8 shows an example of application of the method according to the invention for which the two algorithmic processing selected in figure 8d are deported to unit 6. According to said example, during the execution in the processing system of data 3 of the first execution part 2pes of the protected software 2p and in the presence of the unit 6, it appears, as explained above, the execution of initiating commands in orders renamed CDCRi to CDCRN corresponding to the determination of Z and the execution of initiator commands on renamed CDCR'-ia CDCR'M commands corresponding to the determination of Z '. As illustrated, the initiator commands on renamed CDCR1 to CDCRN commands are not executed consecutively, to the extent that the initiating commands on renamed CDCR'T to CDCR 'commands as well as other code portions are interleaved. In the example, the following ordering is also modalized: CDCR-i, interleaved code portion, CDCR'i to CDCR2, interleaved code portion, CDCR'2, CDCR'3, portion. of interleaved code, CDCR'4, CDCR3, CDCR4 CDCRN, CDCR'M. It should be noted that during the execution of a portion of the first execution part 2pes of the protected software 2p, the initiating commands in reordered orders executed in the data processing system 3, initiate in unit 6 the restoration of the identity of dependent functions corresponding from the execution of the same. Thus, it turns out that in the presence of unit 6, this portion is executed correctly and that accordingly, the 2p protected software is fully functional. Figure 8f illustrates an example of attempted execution of the protected software 2p, while the unit 6 is absent. In this example, during the execution in the data processing system 3 of the first execution part 2pes of the protected software 2p, at all times, the execution of an initiating command in reordered order can not initiate the restoration of the command or the execution of the corresponding dependent function, due to the absence of the unit 6. The value to be assigned to the variable Z can not then be determined correctly.
It follows, then, that in the absence of the unit 6, at least a request for a portion of the first execution part 2pes of the protected software 2p, to initiate the restoration of an order and the execution of a dependent function in the unit 6 does not it can be satisfied correctly, so that - at least this portion is not executed correctly and that consequently, the 2p protected software is not fully functional. Thanks to this principle of protection by renaming, the examination in the 2p protected software of the initiating commands in reordered orders, does not allow to determine the identity of dependent functions before being executed in unit 6. It should be noted that the order rename is performed during the modification of the vulnerable 2v software in a 2p protected software. According to a variant of the renaming protection principle, at least one dependent function is defined, a family of algorithmically equivalent dependent functions but initiated by initiating commands in different renamed orders. According to this vanant, for at least one algorithmic processing that uses dependent functions, this algorithmic processing is fragmented into dependent functions that for at least one of them is replaced by a function dependent on the same family instead of preserving several occurrences of the same dependent function. For this purpose, the initiating commands in reordered orders are modified to take into account the replacement of dependent functions by dependent functions of the same family. In other words, two dependent functions of the same family have different orders and consequently, initiating commands in different renamed orders and, it is not possible, in the 2p protected software exam, to reveal that the dependent functions called are algorithmically equivalent. According to a preferred embodiment of the variant of the principle of protection by renaming, is defined for at least one dependent function, a family of dependent functions algorithmically equivalent, concatenating a field of noise to the information that defines the functional part of the dependent function to execute in the unit 6. According to a second preferred embodiment of the variant of the principle of protection by rename, for a dependent function, a family of algorithmically equivalent dependent functions is defined using identification fields. According to a preferred embodiment variant of the renaming protection principle, a method of renaming orders is defined as a coding method that allows encoding the orders to transform them into renamed orders. It should be remembered that order rename is performed in the protection phase P. For this preferred variant, the restoration means 20 are means that apply a decoding method that allows to decode the renamed orders and thus to reestablish the identity of dependent functions to execute in unit 6. These restoration means are applied in unit 6 and can be nature of software or material. These reset means 20 are requested in the use phase U each time a start command in reordered order is executed in the data processing system 3 with the aim of starting in unit 6 the execution of a dependent function. In the above description in relation to figures 4a to 9c, six different principles of protection of a software have been explained in a general manner independently of one another. The method of protection according to the invention is applied using the principle of protection by conditional derivation, possibly associated with one or more principles of protection. In the case where the principle of conditional derivation protection is completed by the application of at least one other protection principle, the principle of conditional derivation protection is advantageously completed by the principle of temporary dissociation protection. And when the principle of protection by temporary dissociation also applies, this can be completed in turn, by the principle of protection by variable and / or the principle of protection by elementary functions. And when the principle of protection by elementary functions also applies, this can be completed in turn, by the principle of protection by detection and coercion and / or the principle of protection by renaming. And when the principle of protection by detection and coercion also applies, it can be completed in turn, by the principle of protection by renaming. According to the preferred modality variant, the principle of protection by conditional derivation is completed by the principle of protection by temporary dissociation, completed by the principle of protection by variable and by the principle of protection by elementary functions, completed by the principle of protection by detection and coercion, completed by the principle of protection by renaming. In the case where a principle of protection is applied, in addition to the principle of protection by conditional derivation, its description previously made, must include, to take into account its combined application, the following modifications: the notion of vulnerable software must be understood as vulnerable software against the protection principle during the description. Thus, in the case where a protection principle has already been applied to vulnerable software, the expression "vulnerable software" must be interpreted by the reader as the expression "software protected by the protection principle (s) already applied"; the notion of protected software must be understood as software protected against the protection principle during the description. Thus, in the case where a protection principle has already been applied, the term "protected software" must be interpreted by the reader as the expression "new version of the protected software"; and the selection (s) made for the application of the protection principle during the description must take into account ia or the selections made for the application of the protection principles already applied. The development of the description allows to better understand the application of the protection method according to the invention. This method of protection according to the invention includes, as it appears more precisely in Figure 10: first, a protection phase P in the course of which a vulnerable software 2v is modified in a protected software 2p, subsequently, a use phase U during which the 2p protected software is applied. In this phase of use U: in the presence of the unit 6 and each time a portion of the first execution part 2pes executed in the data processing system 3 imposes it, a functionality imposed on the unit 6 is executed, so that that this portion is executed correctly and that accordingly, the protected software 2p is fully functional, in the absence of the unit 6 and despite the request of a portion of the first execution part 2pes to execute a functionality in unit 6, this The request can not be correctly satisfied, so that at least this portion is not executed correctly and as a consequence, the protected software 2p is not fully functional, and eventually a reload phase R during which at least one complementary use of a functionality protected by the application of the second preferred variant of the protection principle modality by detection and coercion that they use as characteristic, a variable of measurement. The protection phase P can be fragmented into two protection sub-phases P and P2. The first, called upstream protection subphase P1; it is applied independently of the vulnerable software 2b to be protected. The second, called downstream protection subphase P2 is dependent on the vulnerable 2v software to be protected. It should be noted that the upstream protection sub-phases P-i and downstream P2 can advantageously be modalized by two different persons or two different equipment. For example, the upstream protection subphase ?? it can be modalized by a person or a society that ensures the development of software protection systems, while the downstream protection sub-phase P2 can be modalized by a person or a society that ensures the development of software before being protected. Of course, it is clear that the upstream protection sub-phases P-i and downstream P2 can also be modalized by the same person or the same equipment. The upstream protection subphase P-i includes several periods Su, S-u for each of which are going to perform different tasks or jobs. In the first period of this upstream protection step Pi is called "Su definition period". During this definition period Su: is selected: the type of the unit 6. Illustratively, it can be selected as unit 6, a chip card reader 8 and the chip card 7 associated with the reader, and the transfer means 12, 13 intended to be applied respectively in the data processing system 3 and in the unit 6, during the course of the use phase U and able to ensure the transfer of data between the data processing system 3 and the unit 6, and in the case where the method of protection according to the invention applies the principle of protection by elementary functions, is also defined: a set of elementary functions whose elementary functions are capable of being executed in unit 6, and a set of elementary commands for this set of elementary functions, these elementary commands are susceptible to be executed in the processing system of data 3 and to start execution in unit 6, of elementary functions, and in the case where the method of protection according to the invention applies the principle of protection by detection and coercion, it is also defined: at least one characteristic of software execution, capable of being monitored at least in part in unit 6, at least one criterion to be obeyed for at least one software execution feature, detection means 17 to be applied in unit 6 and which allow detecting that at least one software execution feature does not obey at least one associated criterion, and coercion means 18 to be applied in unit 6 and that allow the data processing system 3 to be informed and / or to modify the execution of a software, when at least one criterion is not obeyed, and in the case where the method of protection according to the invention applies the principle of protection by detection and coercion, using as characteristic a measurement variable of the software execution, it is also defined: as a software execution characteristic that can be monitored, a variable for measuring the use of a software functionality, as a criterion for obey, at least one threshold associated with each measurement variable, and update means that allow updating at least one measurement variable, and in the case where the method of protection according to the invention applies a first preferred variant of mode of the principle of protection by detection and coercion, using as a characteristic a variable for measuring the execution of the software, it is also defined: for at least one measurement variable, several associated thresholds, and different coercion means corresponding to each of these thresholds, and in the case where the protection method according to the invention applies a second preferred mode variant of the principle of protection by detection and coercion, using as a characteristic a variable for measuring the execution of the software, recharging means are also defined that allow at least one complementary use to be accredited for at least one software functionality monitored by a measurement variable, and in the case where the method of protection according to the invention applies the principle of protection by detection and coercion using a software use profile as a characteristic, it is also defined: as a software execution characteristic susceptible of be monitored, a profile of software use, and as a criterion to obey, so I us a software execution feature, and in the case where the method of protection according to the invention applies the principle of protection by detection and coercion using as execution characteristic to obey, the monitoring of the execution chain, is also defined : a set of instructions where the instructions are capable of being executed in unit 6, a set of instruction commands for this set of instructions, these instruction commands are capable of being executed in the data processing system 3 and initiate in the unit 6 the execution of the instructions, as use profile, the chaining of the instructions, as execution characteristic, a desired chain for the execution of instructions, as means of detection 17, means that allow detecting that the chaining of instructions does not correspond to that desired, and as means of coercion 18, means that allow to inform the data processing system 3 and / or to modify the operation of the protected software portion 2p when the chaining of the instructions does not correspond to that desired, and in the case where the method of protection according to the invention applies a preferred variant of the protection principle modality by detection and coercion using execution characteristic to obey, the monitoring of the execution chain is also defined: set of instructions, a set of instructions where at least certain instructions work on registers and use at least one operand in order to yield a result, at least a part of instructions that work on registers: a part PF that defines the functionality of the instruction, and a part that defines the desired chain for the execution of instructions and that includes bit fields corresponding to: an identification field of the instruction CU, and for each operand of the instruction: a flag field CDk , and an expected CIP identification field "of the operand, for each record that belongs to the means of use and use of the instruction set, a generated identification field CIGV in which the identification of the last instruction that has shown its result in this record is automatically stored, as means of detection .17, means that allow, during the execution of an instruction, for each operand, when imposed by the flag field CDk, control the equality between the generated identification field CIGV corresponding to the record used by this operand, and the expected identification field CIPk of the origin of this operand, and as means of coercion 18, means that allow to modify the result of the instructions, if at least one of the controlled equalities is false. and in the case where the method of protection according to the invention applies the principle of protection by renaming, it is also defined: as a start command, an elementary command or an instruction command, as a dependent function, an elementary function or an instruction, such as an order, at least one argument to an initiating command, corresponding at least in part to the information transmitted by the data processing system 3 to unit 6, in order to initiate the execution of the corresponding dependent function, a method of renaming orders that allows to rename the orders in order to obtain initiating commands in reordered orders, and reset means 20 destined to be applied in unit 6 in the course of the use phase U, and that allow to find the dependent function to execute, from the renamed order, and in the case where the method of protection according to the The invention applies a variant of the principle of protection by rename, also defined for at least one dependent function, a family of algorithmically equivalent dependent functions, but initiated by initiator commands whose renamed orders are different, and in the case where the method of protection according to the invention applies one or another of the preferred embodiments of the variant of the principle of protection by renaming, is also defined for at least one dependent function, a family of algorithmically equivalent dependent functions: concatenating a field of noise with information which defines the functional part of the dependent function to be executed in unit 6, or using the identification field of the CU instruction and the expected identification fields CIPk of the operands, and in the case where the method of protection in accordance with the invention applies a preferred variant of the principle of protection by renaming, is also defined: as method of rename orders, a coding method for encoding the orders, and as means of restoration 20, means that apply a decoding method to decode the renamed orders and thus reestablish the identity of dependent functions to run in unit 6. During the upstream protection rise, the definition period S-p is followed by a period called "construction period S12". During said period S12, the transfer means 12, 13 and, eventually, the means of use corresponding to the definitions of the definition period Su are constructed. During this construction period S12, it is then proceeded: to the construction of transfer means 12, 13 which allow, during the use phase U, the transfer of data between the data processing system 3 and the unit 6 , and when the principle of protection by elementary functions is also applied, to the construction of utilization means that allow the unit 6, in the course of the use phase U to execute the elementary functions of the set of elementary functions, and when the principle of protection by detection and coercion is also applied to the construction: of means of use that allow the unit 6, in the course of the use phase U, to also apply the detection means 17 and the means of coercion 18, and possibly means of use that allow the unit 6, in the course of the use phase U, to also apply the updating means, and possibly means of utilization. to allow the unit 6, during the recharging phase, to also apply the recharging means, and possibly means of use that also allow the unit 6, during the use phase U, to execute the instructions of the set of instructions, and when the principle of protection by renaming is also applied, to the construction of means of use that allow the unit 6, in the course of the use phase U, to also apply the means of restoration. The construction of utilization means is carried out in a customary manner, through a program development unit that takes into account the definitions included in the definition period S - Said unit is described in the development of the description of figure 1 . During the upstream protection subphase Pi, the construction period S-i2 can be followed by a period called "pre-personalization period S13". During this pre-personalization period S13, at least a part of the transfer means 13 and / or the utilization means are loaded into at least one virgin unit 60 in order to obtain at least one pre-personalized unit 66. It should be noted that a part of the means of use, once transferred in a pre-personalized unit 66, is no longer directly accessible from the outside of this pre-personalized unit 66. The transfer of means of use in a virgin unit 60 can be realized through a adapted prepersonalization unit, which is described in the development of the description of figure 12. In the case of a pre-personalized unit 66, constituted by a chip card 7 and its reader 8, the prepersonalization only refers to the card of chip 7. During the upstream protection subphase P ^, it may be applied, after the definition period Su and, even after the period of S12 construction, a period called "tool making period S14". During this period of making tools S14, tools are made that help to generate protected software or to automate the protection of softwares. These tools allow: help selecting or automatically selecting vulnerable software 2v to protect: the conditional derivation (s) whose functionality is susceptible to being deported to unit 6, the portion (s) susceptible to be modified, and when the principle of protection by temporary dissociation, ei or the algorithmic processes that can be fragmented into stages that can be deported to unit 6, and when the principle of protection by variable also applies, the variable (s) susceptible to be deported to unit 6, and when the principle of protection by elementary functions is also applied, the algorithmic process (s) susceptible of being fragmented into elementary functions that can be deported to unit 6, and when the principle of protection by detection and coercion is also applied, the execution characteristics to monitor and, eventually, the algorithmic process (s) that can be fragmented into instructions that can be deported to unit 6, and when the principle of protection by renaming, the algorithmic process or processes capable of being fragmented into dependent functions that can be deported to unit 6 and for which the commands of the initiating commands can be renamed, and eventually, help generate protected software or automate the protection of softwares. These different tools can be made independently or in combination and each tool can take various forms, such as preprocessor, assembler, compiler, etc. The upstream protection subphase Pi is followed by a downstream protection sub-phase P2 dependent on the vulnerable software 2v to be protected. This downstream protection sub-phase P2 also includes several periods. The first period that corresponds to the application of the principle of protection by conditional derivation is called "creation period S21". During this S2i creation period, selections within the S-H definition period are used. With the help of these selections and eventually of tools built in the S14 toolmaking period, the 2p protected software is created: selecting at least one conditional derivation at the source of the vulnerable software 2vs, selecting at least a portion of the software. the 2vs vulnerable software source containing at least one selected conditional derivation, producing the 2ps protected software source, from the source of the vulnerable 2vs software, modifying at least a selected portion of the vulnerable software source 2vs to obtain minus a modified portion of the source of the protected software 2ps, this modification being such that during the execution of the protected software 2p: a first execution part 2pes is executed in the data processing system 3, and a second execution part 2peu is executed in a unit 6, obtained from the virgin unit 60 after loading in formations, and the second execution part 2peu executes at least the functionality of at least one selected conditional derivation and makes available to the data processing system 3, an information that allows the first execution party 2pes, to continue its execution in the selected environment, and producing: a first part 2pos object of the protected software 2p, starting from the protected software source 2ps, this first part 2pos object, being such that during the execution of the protected software 2p, a first execution part appears 2pes which is executed in the data processing system 3 and where at least one portion takes into account that at least one selected conditional derivation is executed in unit 6, and a second 2pou object part of the protected 2p software, is second part 2pou object being such that, after loading in the virgin unit 60 and during the execution of the protected software 2p, appears the second a 2peu execution part by means of which each selected conditional derivation is executed. Of course, the conditional derivation protection principle according to the invention can be applied directly during the development of a new software without needing the previous realization of a vulnerable 2v software. In this way, a 2p protected software is obtained directly. For the application of a preferred modality of the principle of protection by conditional derivation, the 2p protected software is modified: selecting, at the source of the protected software 2ps at least a series of selected conditional derivations, modifying at least a selected portion of the 2ps protected software source, this modification is such that during the execution of the 2p protected software, the global functionality of at least one selected series of conditional derivations is executed by means of the second execution part 2peu, in unit 6, and producing: the first part 2pos object of the protected software 2p, this first part object 2pos is such that during the execution of the protected software 2p, the functionality of at least one selected series of conditional derivations is executed in unit 6, and the second part of the 2pou protected software 2p, this second part of the 2pou object is such that after load in unit 6 and during the execution of the protected software 2p, the second execution part appears 2peu by means of which the global functionality of at least one selected series of conditional derivations is executed. During the downstream protection step P2) and when at least one other protection principle is applied in addition to the conditional derivation protection principle, a "modification period S22" is applied - During this modification period S22, the definitions are used that intervene in the definition period Sp. With the help of these definitions and possibly of tools built in the period of making Su tools, the 2p protected software is modified to allow the application of protection principles in accordance with one of the previously defined provisions. When the principle of protection by temporary dissociation is applied, the 2p protected software is modified: selecting at the source of the protected software 2ps: at least one algorithmic processing that during the execution of the protected software 2p, uses at least one operand, and it allows determining, at least in part, the result of a selected conditional derivation, and at least one portion containing at least one selected algorithmic processing, modifying at least a selected portion of the source of the protected software 2p, this modification being such that: at least the functionality of at least one selected algorithmic processing is executed by means of the second execution part 2peu, at least one selected algorithmic processing is fragmented, so that during the execution of the protected software 2p, they appear by means of of the second part of execution 2peu, several different stages, namely: the arrangement of at least one operand for unit 6, the realization in unit 6, of the functionality of the algorithmic processing in at least this operand, and optionally, the arrangement of at least one result, by means of unit 6 for the processing system of data 3, for at least one selected algorithmic processing, step commands are defined, so that during the execution of the protected software 2p, each stage command is executed by the first execution part 2pes and starts in unit 6, the execution by means of the second execution part 2peu, of a stage, and an ordering of the stage commands is selected among the set of orders that allow the execution of the protected software 2p, and producing: the first part 2pos of the protected software 2p, this first part object 2pos is such that during the execution of the protected software 2p, the commands of stages are executed according to the order s chosen, and the second part 2pou object of the protected software 2p, this second part 2pou object being such that, after loading in unit 6 and during the execution of the protected software 2p, appears the second part of execution 2peu by means of which the steps initiated by the first execution part 2pes are executed. When the principle of protection by variable is applied, the protected software 2p is modified: by selecting at least one variable used in at least one selected algorithmic processing, which during the execution of the protected software 2p, partially defines the state of the protected software 2p, modifying at least a selected portion of the 2ps protected software source, this modification being such during the execution of the 2p protected software, at least one selected variable or at least one copy of the selected variable resides in unit 6, and producing: the first part 2pos object of the 2p protected software , this first part object 2pos being such that during the execution of the protected software 2p, at least a portion of the first execution part 2pes also takes into account that at least one variable or at least one variable copy resides in the unit 6, and the second part 2pou object of the protected software 2p, this second part 2pou object being such that, after loading in the unit 6 and during the execution of the protected software 2p, the second execution part 2peu appears by means of which at least one selected variable, or at least one copy of the selected variable, also resides in unit 6. When it is applied the principle of protection by elementary functions, the protected software 2p is modified: selecting at the source of the protected software 2ps, at least one stage that during the execution of the protected software 2p, performs the functionality of an algorithmic processing, modifying at least a selected portion of the source of the protected software 2ps, this modification being such that: at least one selected stage is fragmented so that during the execution of the protected software 2p, this step is executed by means of the second execution part 2peu, using the elementary functions, for at least one selected stage, elementary commands are integrated into the source of the 2ps protected software, so that during the execution of the protected software 2p, each elementary command is executed by the first execution part 2pes and starts in unit 6, execution by means of the second execution part 2peu, of an elementary function , and an ordering of elementary commands is selected among the set of orderings that allow the execution of the protected software 2p, and producing: the first part 2pos object of the protected software 2p, this first part 2pos object being such that during the execution of the protected software 2p, the elementary commands are executed according to the selected order, and the second part 2pou object of the protected software 2p that also contains the means of use, this second part of the 2pou object being such that, after loading in unit 6 and during the execution of the 2p protected software, the second execution part 2peu appears by means of which the functions are executed s elementary initiated by the first part of execution 2pes. When the principle of protection by detection and coercion is applied, the protected software 2p is modified: by selecting at least one software execution characteristic to be monitored, among the execution characteristics capable of being monitored, selecting at least one criterion to be obeyed for at least one selected software execution feature, selecting at the source of the protected software 2ps, elementary functions for which at least one selected software execution feature is to be monitored, modifying at least a selected portion of the software source protected 2ps, this modification is such that during the execution of the protected software 2p, at least one selected execution characteristic is monitored by means of the second execution part 2peu, and the non-respect to a criterion leads to a system information of data processing 3 and / or a modification of the execution 2p protected software ion, and by producing the second 2pou object part of the protected software 2p containing the application means that also apply the detection means 17 and the coercion means 18, this second part 2pou object is such that after loading in the unit 6 and during the execution of the protected software 2p, at least one software execution characteristic is monitored and the failure to obey a criterion leads to an information of the data processing system 3 and / or to a modification of the execution of the protected software 2p. For the application of the principle of protection by detection and coercion that uses as a characteristic a variable of measurement of the execution of the software, the protected software 2p is modified: selecting as the software execution characteristic to be monitored, at least one variable of measurement of the use of a software functionality, selecting: at least one functionality of the 2p protected software whose use is capable of being monitored thanks to a measurement variable, at least one measurement variable used to quantify the use of said functionality, at least one threshold associated with a selected measurement variable corresponding to a limit of use of said functionality, and at least one method of updating a measurement variable selected based on the use of said functionality, and modifying at least a selected portion of the 2ps protected software source, this modification is such that during the execution of the protected software 2p, the measurement variable is updated by means of the second execution part 2peu, depending on the use of said functionality and at least an excess of threshold is taken into account. For the application of a first preferred variant of the detection and coercion protection principle mode that uses a measurement variable as a characteristic, the 2p protected software is modified: selecting at least one variable of the protected software source at 2ps. selected measurement to which several thresholds corresponding to the different limits of use of the functionality must be associated, selecting at least two thresholds associated with the selected measurement variable, and modifying at least a selected portion of the 2ps protected software source, this modification is such that during the execution of the protected software 2p, the excesses of various thresholds are taken into account, by means of the second execution part 2peu, in a different manner. For the application of a second preferred variant of the protection principle by detection and coercion that uses as a characteristic, a variable of measurement, the protected software 2p is modified: selecting at the source of the protected software 2ps, at least one variable of selected measurement that allows limiting the use of a functionality to which at least one complementary use must be accredited, and modifying at least a selected portion, this modification is such that in a so-called recharge phase, at least one use complementary to at least one functionality that corresponds to a selected measurement variable can be accredited. For the application of the principle of protection by detection and coercion that uses as a characteristic, a software use profile, the protected 2p software is modified: selecting as software execution feature to monitor at least one software use profile, selecting at least one execution characteristic that must obey at least one selected usage profile, and modifying at least a selected portion of the protected software source 2ps, this modification is such that during the execution of the protected software 2p, the second part of execution 2peu obeys all the execution characteristics selected. . For the application of the principle of protection by detection and coercion that they use as an execution characteristic to obey, the monitoring of the execution chain, the protected 2p software is modified: modifying at least a selected portion of the 2ps protected software source: transforming the elementary functions into instructions, specifying the chain that must be obeyed at least certain instructions during execution in unit 6, and transforming the elementary commands into instruction commands that correspond to instructions used. When the renaming protection principle is applied, the 2p software is modified: selecting the 2ps protected software source, initiating commands, modifying at least a selected portion of the 2ps protected software source by renaming the commands of selected initiating commands, with in order to disguise the identity of corresponding dependent functions, and producing: the first part 2pos object of the protected software 2p, this first part of the 2pos object is such that during the execution of the protected software 2p, the initiating commands are executed in reordered orders, and the second part 2pou object of the protected software 2p containing the utilization means that also apply the means of re-establishment 20, this second part of the 2pou object is such that after loading in the unit 6 and during the execution of the protected software 2p, the identity of dependent functions whose execution is initiated by the first Execution part 2pes is restored by means of the second execution part 2peu, and the dependent functions are executed by means of the second execution part 2peu. For the application of a variant of the principle of protection by renaming, the protected software 2p is modified: selecting at the source of the protected software 2ps at least one initiating command in reordered order, and modifying at least a selected portion of the software source protected 2ps replacing at least the renamed command of an initiator command in selected reordered order, by another renamed command, which starts a function dependent on the same family. Of course, the principles of protection according to the invention can be applied directly during the development of a new software without needing the prior realization of protected softwares intermediaries. In this way, the creation periods S21 and modification S22 can be carried out concomitantly in order to obtain the 2p protected software directly. During the downstream protection step P2, it is applied after the creation period S21 of the protected software 2p, and eventually, after the modification period S22, a period called "personalization period S23". During this period of personalization S23, the second part 2pou object that eventually contains the means of exploitation, is loaded into at least one virgin unit 60, in order to obtain a unit 6, or a part of the second part 2pou object that optionally contains the means of use, it is loaded in at least one pre-personalized unit 66, in order to obtain at least one unit 6. The loading of this personalization information makes it possible to operationalize at least one unit 6. It should be noted that a part of this information, once transferred to a unit 6, is not directly accessible from the outside of this unit 6. The transfer of personalization information in a virgin unit 60 or a pre-personal unit 66 can be done through a unit of adapted customization, which is described in relation to figure 15. In the case of a unit 6, constituted by a chip card 7 and its reader-8, the "Personalization" only refers to the chip card 7. For the application of the protection phase P, different technical means are described more precisely in relation to figures 11, 12, 13, 14 and 15. Figure 11 illustrates an example of the modality of a system 25 that allows applying the construction period S-i2 that takes into account the definitions contained in the definition period Su and in the course of which the transfer means are constructed 12, 13 and possibly, the means of use assigned to the unit 6. Said system 25 comprises a program or work station development unit and is usually presented in the form of a computer comprising a central unit, a screen, peripherals of the keyboard-mouse type, and that includes, in particular, the following programs: file editors, assemblers, preprocessors, compilers, interpreters, debuggers and link editors. Figure 12 illustrates an exemplary embodiment of a pre-personalization unit 30 that allows to load at least in part the transfer means 13 and / or the utilization means in at least one virgin unit 60 in order to obtain at least one pre-personalized unit 66. This pre-personalization unit 30 comprises a reading and writing means 31 that allows to pre-personalize in an electric way, a virgin unit 60, in order to obtain a pre-personalized unit 66 in which the transfer means 13 and / or utilization have been charged. The pre-personalization unit 30 may also comprise physical personalization means 32 of the virgin unit 60 which may be presented, for example, in the form of a printer. In the case where the unit 6 is constituted by a chip card 7 and its reader 8, the pre-personalization refers generally only to the chip card 7. Figure 13 illustrates an example of a system mode 35 that allows perform the creation of tools that help to generate protected software or automate the protection of softwares. Said system 35 comprises a program or work station development unit and is usually presented in the form of a computer comprising a central unit, a screen, peripherals of the keyboard-mouse type, and comprising, in particular, the following programs : file editors, assemblers, preprocessors, compilers, interpreters, debuggers and link editors. Figure 14 illustrates an example of a system mode 40 that allows to create a protected 2p software directly or to modify a vulnerable software 2v in order to obtain a 2p protected software. Said system 40 comprises a program or work station development unit and is usually presented in the form of a computer comprising a central unit, a screen, peripherals of the keyboard-mouse type, and comprising, in particular, the following programs : file editors, assemblers, preprocessors, compilers, interpreters, debuggers and link editors, as well as tools that help to generate protected software or to automate the protection of softwares. Figure 15 illustrates an example of embodiment of a personalization unit 45 that allows the second object part 2pou to be loaded into at least one virgin unit 60 in order to obtain at least one unit 6 or a part of the second part 2pou object in at least one pre-personalized unit 66 in order to obtain at least one unit 6. This personalization unit 45 comprises a reading and writing means 46 which allows to electrically customize, at least one virgin unit 60 or less a pre-personalized unit 66, in order to obtain at least one unit 6. At the end of this customization, a unit 6 comprises the information necessary for the execution of the protected software 2p. The personalization unit 45 may also comprise physical personalization means 47 for at least one unit 6 which may be presented, for example, in the form of a printer. In the case where a unit 6 is constituted by a chip card 7 and its reader 8, the personalization refers generally only to the chip card 7.
The protection method of the invention can be applied with the following improvements: It can be envisaged to use together several processing and memory units in which the second 2pou object part of the 2p protected software is distributed so that its joint use allows executing the 2p protected software, the absence of at least one of these processing and memory units prevents the use of 2p protected software. Similarly, after the pre-personalization period S 3 and during the personalization period S23, the part of the second object part 2pou necessary to transform the pre-personalized unit 66 into a unit 6 may be contained in a processing and memory unit used by the Personalization unit 45 in order to limit access to this part of the second part 2pou object. Of course, this part of the second 2pou object part can be partitioned into several processing and memory units so that this part of the second 2pou object part is accessible only during the joint use of these processing and memory units.

Claims (1)

  1. NOVELTY OF THE INVENTION CLAIMS 1 .- Method to protect from at least one virgin unit (60) comprising at least memory means (15) and processing means (16), a vulnerable software (2v) against its unauthorized use, said vulnerable software (2v) operates on a data processing system (3), characterized in that it consists: in a protection phase (P): in creating a protected software (2p): selecting in the source of the vulnerable software (2vs) , at least one conditional derivation, selecting at least a portion of the software-vulnerable source (2vs) containing at least one selected conditional derivation, producing the protected software source (2ps) from the source of the vulnerable software (2vs), modifying at least a selected portion of the source of the vulnerable software (2vs) to obtain at least a modified portion of the source of the protected software (2ps), this modification being such that during the execution of the softw are protected (2p): a first execution part (2pes) is executed in the data processing system (3) and a second execution part (2peu) is executed in a unit (6), obtained from the unit virgin (60) after loading information, and the second execution part (2peu) executes at least the functionality of at least one conditional derivation selected and made available to the data processing system (3), an information that allows the first part of execution (2pes) to continue with its execution in the selected environment, and producing: a first part of the protected software (2p), from the source of the protected software (2ps), this first part object (2pos) being such that during the execution of the protected software (2p), a first part of execution (2pes) appears which is executed in the data processing system (3) and where at least a portion takes into account that at least one deri selected conditional variance is executed in the unit (6), and a second object part (2pou) of the protected software (2p), this second part object (2pou) being such that, after loading in the virgin unit (60) and during the execution of the protected software (2p), the second execution part (2peu) appears by means of which each selected conditional derivation is executed, and in loading the second object part (2pou) in the virgin unit (60), with the order to obtain the unit (6), and in a phase of use (U) during which the protected software (2p) is executed: in the presence of the unit (6) and each time a portion of the first part imposes it of execution (2pes), execute the functionality of a conditional derivation in the unit (6), so that this portion is executed correctly, and consequently, the protected software (2p) is fully functional, and in the absence of the unit ( 6) and despite the request for a portion of the first part of execution (2pes) of executing the functionality of a conditional derivation in the unit (6), not being able to respond correctly to this request, so that at least this portion is not executed correctly and, consequently, the protected software (2p) does not It is fully functional. 2 - The method according to claim 1, further characterized in that it consists, in the protection phase (P), in modifying the protected software (2p): selecting, at the source of the protected software (2ps) at least one series of selected conditional derivations, modifying the minus one selected portion of the source of the protected software (2ps), this modification is such that during the execution of the protected software (2p), the global functionality of at least one selected series of derivations is executed conditional by means of the second part of execution (2peu), in the unit (6), and producing: the first part object (2pos) of the protected software (2p), this first object part (2pos) is such that during the execution of the protected software (2p), the functionality of at least one selected series of conditional derivations in the unit (6), and the second part object (2pou) is executed of the protected software (2p), this second object part (2peu) being such that after loading in the unit (6) and during the execution of the protected software (2p), the second execution part (2peu) appears by means of the which executes the global functionality of at least one selected series of conditional derivations. 3. The method according to claim 1 or 2, further characterized in that it consists: in the protection phase (P): in modifying the protected software (2p): selecting in the source of the protected software (2ps): so less an algorithmic processing that during the execution of the protected software (2p), uses at least one operand, and allows to determine, at least in part, the result of a selected conditional derivation, and at least a portion that contains at least minus one selected algorithmic processing, by modifying at least a selected portion of the source of the protected software (2ps), this modification being such that: at least the functionality of at least one selected algorithmic processing is executed by means of the second part of execution (2peu), at least a selected algorithmic processing is fragmented, so that during the execution of the protected software (2p) appear by means of the second execution part (2peu), several distinct stages, namely: the arrangement of at least one operand for the unit (6), the realization in the unit (6), of the functionality of the algorithmic processing at least one operand , and optionally, the arrangement of at least one result, through the unit (6), for the data processing system (3), for at least one selected algorithmic processing, stage commands are defined so that during execution of the protected software (2p), each stage command is executed by the first execution part (2pes) and starts in the unit (6), execution by means of the second execution part (2peu), of a stage, and an ordering of stages commands is selected among the set of orderings that allow the execution of the protected software (2p), and producing: the first object part (2pos) of the protected software (2p), this first part object (2pos) being such that during the execution protected software (2p), the step commands are executed according to the selected order, and the second part object (2pou) of the protected software (2p), this second part object (2pou) being such that, after loading in the unit (6) and during the execution of the protected software (2p), the second execution part (2peu) appears by means of which the steps initiated by the first execution part (2pes) are executed, and in the use phase (U): in the presence of the unit (6) and each time a stage command contained in a portion of the first part of execution (2pes) imposes it, execute the corresponding stage in the unit (6), so that this portion is executed correctly and consequently, the protected software (2p) is fully functional, and in the absence of the unit (6), despite the request for a portion of the first execution part (2pes) to start the execution of a stage in the unit (6), not being able to answer correctly This request is, therefore, at least this portion is not executed correctly and consequently, the protected software (2p) is not fully functional. 4. The method according to claim 3, further characterized in that it consists: in the protection phase (P): in modifying the protected software (2p): selecting at least one variable used in at least one selected algorithmic processing , that during the execution of the protected software (2p), partially defines the status of the protected software (2p), modifying at least a selected portion of the source of the protected software (2ps), this modification being such that during the execution of the protected software (2p), at least one variable selected or at least one copy of the selected variable resides in the unit (6), and producing: the first part object (2pos) of the protected software (2p), this first part object (2pos) being such that during the execution of the protected software ( 2p), at least a portion of the first execution part (2pes) also takes into account that at least one variable or at least one variable copy resides in the unit (6); and the second object part (2pou) of the protected software (2p), this second part object (2pou) being such that, after loading in the unit (6) and during the execution of the protected software (2p), the second part appears of execution (2peu) by means of which at least one selected variable, or at least one copy of the selected variable, also resides in the unit (6), and in the use phase (U): in the presence of the unit ( 6) and each time a portion of the first part of execution (2pes) imposes it, use a variable or a copy of the variable that resides in the unit (6), so that this portion is executed correctly, and consequently, the protected software (2p) is fully functional, and in the absence of the unit (6), despite the request for a portion of the first execution part (2pes) to use a variable or a variable copy that resides in the unit (6), unable to respond correctly to this request, so that at least it is is not executed correctly and as a consequence, the protected software (2p) is not fully functional. 5. - The method according to claim 3, further characterized in that it consists: in the protection phase (P): in defining: a set of elementary functions which are capable of being executed in the unit (6); and a set of elementary commands for this set of elementary functions, these elementary commands are capable of being executed in the data processing system (3) and of starting the execution in the unit (6), of the elementary functions, in constructing means of use that allow the unit (6) to execute the elementary functions of said game, the execution of these elementary functions are initiated by executing in the data processing system (3), of the elementary commands, and in modifying the protected software (2p): selecting at the source of the protected software (2ps), at least one stage that during the execution of the protected software (2p), performs the functionality of an algorithmic processing, modifying at least a selected portion of the source of the protected software (2ps), this modification being such that: at least one selected stage is fragmented so that during the execution of the software pr otegido (2p), this stage is executed by means of the second part of execution (2peu), using the elementary functions, for at least one selected stage, elementary commands are integrated into the source of the protected software (2ps), so that during the execution of the protected software (2p), each elementary command is executed by the first execution part (2pes) and starts in the unit (6), execution by means of the second execution part (2peu), of a function elementary, and an ordering of elementary commands is selected among the set of orderings that allow the execution of the protected software (2p), and producing: the first object part (2pos) of the protected software (2p), this first part object (2pos) being such that during the execution of the protected software (2p), the elementary commands are executed according to the selected ordering, and the second object part (2pou) of the protected software (2p) that also contains the means of exploitation, this second part of the project (2pou) being such that, after loading in the unit (6) and during the execution of the protected software (2p), the second execution part (2peu) appears by means of which the elementary functions initiated by the first part of execution (2pes), and in the use phase (U): in the presence of the unit (6) and each time an elementary command contained in a portion of the first part of execution imposes it (2pes), execute the corresponding elementary function in the unit (6), so that this portion is executed correctly and consequently, the protected software (2p) is fully functional, and in the absence of the unit (6), despite from requesting a portion of the first execution part (2pes), from starting the execution of an elementary function in the unit (6), not being able to respond correctly to this request, so that at least this portion is not executed correctly and consequently, the Protected software (2p) is not fully functional. 6. - The method according to claim 5, further characterized in that it consists: in the protection phase (P): in defining: at least one software execution feature, capable of being monitored at least in part in the unit ( 6), at least one criterion to be followed for at least one software execution feature, detection means (7) to be applied in the unit (6) and which allow detecting that at least one software execution feature obeys at least one associated criterion, and means of coercion (18) to apply in the unit (6) and which allow the data processing system (3) to be informed and / or to modify the execution of a software, when at least one criterion is not obeyed, in constructing the means of use that allow the unit (6), also apply the means of detection (17) and the means of coercion (18), and in modifying the protected software (2p): selecting at least one characteristic of execution of the software to be monitored, between the execution characteristics that can be monitored, selecting at least one criterion to be obeyed for at least one selected software execution feature, selecting in the source of the protected software (2ps), elementary functions for which at least one selected software execution feature will be monitored, modifying at least a selected portion of the source of the protected software (2ps), this modification being such that during the execution of the protected software (2p), at least one is monitored an execution characteristic selected by means of the second execution part (2peu), and failure to obey a criterion leads to an ation of the data processing system (3) and / or a modification of the execution of the protected software (2p), and producing the second object part (2pou) of the protected software (2p) containing the means of exploitation also applying the means of detection (17) and the means of coercion (18), this second part object (2pou) being such that, after loading in the unit (6) and during the execution of the protected software (2p), it is monitored at least a software execution feature and failure to obey a criterion leads to information from the data processing system (3) and / or to a modification of the execution of the protected software (2p), and in the use phase (U): in the presence of the unit (6): while obeying all the criteria corresponding to all the supervised execution characteristics of all the modified portions of the protected software (2p), allow the nominal operation of these portions of the protected software ( 2p) and consequently, allow the nominal operation of the protected software (2p), and if at least one of the criteria corresponding to a monitored execution characteristic of a portion of the protected software (2p) is not obeyed, inform the system of data processing (3) and / or modify the operation of the portion of the protected software (2p), so that the operation of the protected software (2p) is modified. 7. The method according to claim 6, to limit the use of a protected software (2p), further characterized because it consists of: in the protection phase (P): in defining: as a software execution feature capable of being monitored, a measurement variable of the use of a software functionality, as a criterion to be obeyed, at least a threshold associated with each measurement variable, and means of updating that allow updating at least one measurement variable, in constructing the utilization means that allow the unit (6) to also apply the update means, and to modify the protected software (2p): selecting as software execution characteristic to be monitored, at least one measurement variable of the use of a functionality of a software, selecting: at least one functionality of the protected software (2p) where the use is susceptible to be monitored thanks to a variable of measurement, so minus a measurement variable that serves to quantify the use of said functionality, at least a threshold associated with a selected measurement variable that corresponds to a limit of use of said functionality, and at least one method to update a measurement variable selected according to the use of said functionality, and modifying at least a selected portion of the source of the protected software (2ps), this modification being such that, during the execution of the protected software (2p), the measurement variable is updated by middle of the second part of execution (2peu), depending on the use of said functionality and at least an excess of threshold is taken into account, and in the use phase (U), in the presence of the unit (6), and in the case where it is detected so less an excess of threshold corresponding to at least one limit of use, in informing the data processing system (3) and / or modifying the operation of the portion of the protected software (2p), so that the operation of protected software (2p) is modified. 8. - The method according to claim 7, further characterized in that it consists: in the protection phase (P): in defining: for at least one measurement variable, several associated thresholds, and different coercion means corresponding to each one of these thresholds, and in modifying the protected software (2p): selecting at the source of the protected software (2ps), at least one selected measurement variable to which several thresholds corresponding to the different limits of use of the functionality, selecting at least two thresholds associated with the selected measurement variable, and modifying at least a selected portion of the protected software source (2ps), this modification being such that, during the execution of the protected software (2p) , the excesses of different thresholds are taken into account, by means of the second part of execution (2peu), in a different way, and in the use phase (U): in the presence of the unit (6): in the case where the excess of a first threshold is detected, in ordering the protected software (2p) to no longer use the corresponding functionality, and in the case where the excess of a second threshold is detected , in rendering inoperative the corresponding functionality and / or at least a portion of the protected software (2p). 9. - The method according to claim 7 or 8, further characterized in that it consists: in the protection phase (P): in defining recharging means that allow at least one complementary use to be accredited for at least one monitored software functionality by a variable of measurement, in building the means of use that also allow the unit (6) to apply the means of recharge, and to modify the protected software (2p): selecting the source of protected software (2ps), at least a selected measurement variable that allows limiting the use of a functionality to which at least one complementary use must be able to be accredited, and modifying at least a selected portion, this modification being such that in a so-called recharge phase, at least a complementary use of at least one functionality corresponding to a selected measurement variable can be demonstrated, and in the recharge phase: in at least one update a a selected measurement variable and / or at least one associated threshold, in order to allow at least one complementary use of the functionality. 10. The method according to claim 6, further characterized in that it consists: in the protection phase (P): in defining: as a software execution feature that can be monitored, a software use profile, and as a criterion to obey, at least one software execution feature, and to modify the protected software (2p): selecting as software execution feature to monitor at least one software use profile, selecting at least one execution characteristic that it must obey at least one profile of selected use, and modifying at least a selected portion of the source of protected software (2ps), this modification being such that during the execution of the protected software (2p), the second part of execution ( 2peu) obeys all the execution characteristics selected, and in the use phase (U) in the presence of the unit (6), and in the case where it is detected that by at least one Execution feature is not obeyed, in informing the data processing system (3) and / or modifying the operation of the portion of the protected software (2p), so that the operation of the protected software (2p) is modified. 11. The method according to claim 10, further characterized in that it consists of: in the protection phase (P): in defining: a set of instructions in which the instructions are capable of being executed in the unit (6), a set of instruction commands for this set of instructions, these command commands are capable of being executed in the data processing system (3) and of starting in the unit (6) the execution of the instructions, as use profile, the chaining of. the instructions, as execution characteristic, a desired chain for the execution of the instructions, as means of detection (17), means that allow detecting that the chaining of the instructions does not correspond to that desired, and as means of coercion (18) , means for informing the data processing system (3) and / or modifying the operation of the portion of protected software (2p) when the chain of instructions does not correspond to that desired, in building the means of use that also allow to the unit (6) execute the instructions of the instruction set, the execution of these instructions are initiated by the execution in the data processing system (3), of instruction commands, and in modifying the protected software (2p): modifying at least a selected portion of the source of the protected software (2ps): transforming the elementary functions into instructions, specifying or the chaining that must be obeyed by at least certain instructions during its execution in the unit (6), and by transforming the elementary commands into instruction commands that correspond to the instructions used, and in the use phase (U), in the presence of the unit (6), in the case where it is detected that the chaining of instructions executed in the unit (6) does not correspond to that desired, in informing the data processing system (3) and / or in modifying the operation of the portion of the protected software (2p), so that the operation of the protected software (2p) is modified. 12 - The method according to claim 11, further characterized in that it consists: in the protection phase (P): in defining: as a set of instructions, a set of instructions where at least certain instructions work on registers and use the less an operand in order to yield a result, at least a part of the instructions that work on the records: a part (FP) that defines the functionality of the instruction, and a part that defines the desired chain for the execution of instructions and comprising bit fields corresponding to: an instruction identification field (CU), and for each operand of the instruction: a flag field (CDk), and a predicted identification field (CIPk) of the operand, for each record that belongs to the means of use and used by the set of instructions, a generated identification field (CIGV) in which the identification is automatically stored n of the last instruction that has thrown its result in this record, as means of detection (17), means that allow, during the execution of an instruction, for each operand, when imposed by the flag field (CDk), control the equality between the generated identification field (CIGV) that corresponds to the record used by this operand, and the expected identification field (CIPk) of the origin of this operand, and as means of coercion (18), means that allow modifying the result of the instructions, if at least one of the controlled equalities is false. 13. The method according to claim 5 or 11, characterized in that it consists of: in the protection phase (P): in defining: as an initiating command, an elementary command or an instruction command, as a dependent function, an elementary function or an instruction, such as an order, at least one argument for an initiating command, which corresponds at least in part to the information transmitted by the data processing system (3) to the unit (6), in order to start the execution of the corresponding dependent function, a method of renaming orders that allows to rename the orders in order to obtain initiating commands in reordered orders, and means of restoration (20) intended to be applied in the unit (6) in the course of the use phase (U), and that allow to find the dependent function to execute, from the renamed order, to build means of use that allow the unit (6) to apply also the means of restoration, and in modifying the protected software (2p): selecting in the source of the protected software (2ps), initiating commands, modifying at least a selected portion of the source of the protected software (2ps) renaming the commands of selected initiator commands, in order to disguise the identity of the corresponding dependent functions, and producing: the first part object (2pos) of the protected software (2p), this first part object ( 2pos) being such that during the execution of the protected software (2p), the initiating commands are executed in reordered orders, and the second object part (2pou) of the protected software (2p) that contains the means of exploitation that also apply the means of restoration (20), this second part object (2pou) being such that, after loading in the unit (6) and during the execution of the protected software (2p), the identity of the dependent functions in which the execution is initiated is reestablished by the first part of execution (2pes), by means of the second part of execution (2peu), and the dependent functions are executed by means of the second part of execution (2peu) , and in the use phase (U): in the presence of the unit (6) and each time an initiating command in reordered order, contained in a portion of the first execution part (2pes) imposes it, reestablish in the unit (6), the identity of the corresponding dependent function and in executing it, so that this portion is executed correctly and that consequently, the protected software (2p) is fully functional, and in the absence of the unit (6), in spite of the request of a portion of the first execution part (2pes), to start the execution of a dependent function in the unit (6), in not being able to respond correctly to this request, so that at least this portion does not it runs correctly and that consequently, the protected software (2p) is not fully functional. 14. - The method according to claim 13, further characterized by: in the protection phase (P): in defining for at least one dependent function, a family of algorithmically equivalent dependent functions, but initiated by initiating commands where the renamed commands are different, and in modifying the protected software (2p): selecting at the source of the protected software (2ps) at least one initiating command in reordered order, and modifying at least a selected portion of the source of the protected software ( 2ps) replacing at least the renamed command of an initiator command in selected reordered order, by another renamed command, that starts a function dependent on the same family. 15. - The method according to claim 14, further characterized in that it consists: in the protection phase (P), in defining, for at least one dependent function, a family of algorithmically equivalent dependent functions: concatenating a noise field with the information that defines the functional part of the dependent function to be executed in the unit (6), or using the identification field of the instruction (CU) and the expected identification fields (CIPk) of the operands. 16. - The method according to claim 13, 14 or 15, further characterized because it consists: in the protection phase (P): in defining: as a method of renaming orders, a coding method for coding orders, and as means of restoration (20), means that apply a decoding method to decode the renamed orders and thus reestablish the identity of the dependent functions that will be executed in the unit (6). 17. - The method according to one of claims 1 to 16, further characterized in that it consists of fragmenting the protection phase (P) into an upstream protection sub-phase (P1), independent of the software to be protected and a protection subsystem. downstream (P2), dependent on the software to be protected. 18. - The method according to claim 17, further characterized in that it consists, during the upstream protection step (P1), in containing a period of definitions (S11) in which all the definitions are made. 19. The method according to claim 18, further characterized in that it consists, after the period of definitions (S11), in including a construction period (S12) in which the means of exploitation are constructed. 20. - The method according to claim 19, further characterized in that it consists, after the construction period (S12), in containing a pre-personalization period (S12), consisting of loading into a virgin unit (60), at least one part of the means of exploitation in order to obtain a prepersonalized unit (66). 21. - The method according to claim 18 or 19, further characterized in that it consists, during the upstream protection step (P1), of containing a toolmaking period (S14) in which tools are made to help to generate protected softwares or automate the protection of softwares. 22. - The method according to claims 17 and 20, further characterized in that it consists in fragmenting the downstream protection subphase (P2), in: a creation period (S21) in which the protected software is created (2p) , from the vulnerable software (2v), possibly, a modification period (S22) in which the protected software (2p) is modified, and a personalization period (S23) in which: the second object part (2pou) of the protected software (2p) that eventually contains the means of exploitation is loaded into at least one virgin unit (60) in order to obtain at least one unit (6), or a part of the second object part (2pou) of the protected software (2p) that eventually contains the means of exploitation is loaded into at least one pre-personalized unit (66) in order to obtain at least one unit (6). 23. - The method according to claims 21 and 22, further characterized in that it consists, during the creation period (S21) and possibly the modification period (S22), in using at least one of the help tools for the generation of protected softwares or automation of software protection. 24.- System for the application of the method of claiming 19, characterized in that it comprises a program development unit, which serves, during the construction state (S12), to carry out the construction of utilization means destined for the unit (6), which take into account the definitions contained in the period of definitions (S1 1). 25. - System for the application of the method of claim 20, characterized in that it comprises a pre-personalization unit (30) that allows to load at least a part of the utilization means in at least one virgin unit (60), in order to obtain at least one pre-personalized unit (66). 26. - System for the application of the claim method 21, characterized in that it comprises a program development unit, which serves to carry out, during the tool making period (S14), the preparation of help tools for the generation of protected softwares or the automation of software protection. 27. - System for the application of the method of claiming 22, characterized in that it comprises a unit for developing programs that serve to create or modify a protected software (2p). 28. - System for applying the method of claim 22, characterized in that it comprises a personalization unit (45) that allows loading: the second object part (2pou) into at least one virgin unit (60), in order to obtain the minus one unit (6), or a part of the second object part (2pou) in at least one prepersonalized unit (66), in order to obtain at least one unit (6). 29. - Pre-personalized unit (66), characterized in that it is obtained by means of the system of claim 25. 30. - Unit (6) that allows to execute a protected software (2p) and to prevent its unauthorized use, characterized in that it contains loaded the second object part (2pou) of the protected software (2p) with the help of a personalization unit (45) of claim 28. 31. - Set of units (6), characterized in that the second object part (2pou) of the protected software (2p), loaded with the help of a personalization unit (45) of claim 28, is divided into several processing and memory units, so that its use set allows to run the protected software (2p). 32. - Distribution set (2pd) of a protected software (2p), characterized in that it comprises: a first distribution part (2pds) containing the first object part (2pos) and destined to operate in a data processing system ( 3), and a second distribution part (2pdu) that is presented under the form: of a virgin unit (60), or of a pre-personalized unit (66) of claim 29, capable, after loading of personalization information, of transforming into a unit (6), or of a unit (6) of claim 30. 33. - The distribution set (2pd) of a protected software (2p) according to claim 32, further characterized in that the first part of distribution (2pds) is presented in the form of a physical distribution medium, CDROM for example, or in the form of files distributed through a network. 34. - The distribution set (2pd) of a protected software (2p) according to claim 32, further characterized in that the second distribution part (2pdu), which occurs under the form of blank units (60), units prepersonalized (66) or units (6), comprises a chip card (7). 35. - Processing and memory unit characterized in that it contains the part of the second object part (2pou) necessary to transfer a pre-personalized unit (66) of claim 29 to a unit (6) of claim 30. 36. - Set of processing and memory units characterized in that the processing and memory units used together contain the part of the second object part (2pou) necessary to transform a pre-personalized unit (66) of claim 29 into a unit (6). ) of claim 30.
MXPA04000593A 2001-07-31 2002-07-04 Method for protecting a software using a so-called conditional jump principle against its unauthorised use. MXPA04000593A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0110245A FR2828302B1 (en) 2001-07-31 2001-07-31 METHOD FOR PROTECTING SOFTWARE USING A PRINCIPLE SAID "CONDITIONAL CONNECTION" AGAINST ITS UNAUTHORIZED USE
PCT/FR2002/002342 WO2003012374A2 (en) 2001-07-31 2002-07-04 Method for protecting a software using a so-called conditional jump principle against its unauthorised use

Publications (1)

Publication Number Publication Date
MXPA04000593A true MXPA04000593A (en) 2005-02-17

Family

ID=8866120

Family Applications (1)

Application Number Title Priority Date Filing Date
MXPA04000593A MXPA04000593A (en) 2001-07-31 2002-07-04 Method for protecting a software using a so-called conditional jump principle against its unauthorised use.

Country Status (19)

Country Link
EP (1) EP1412705A2 (en)
JP (1) JP3949103B2 (en)
KR (1) KR20040032859A (en)
CN (1) CN1313898C (en)
BR (1) BR0211370A (en)
CA (1) CA2454095A1 (en)
FR (1) FR2828302B1 (en)
HK (1) HK1072110A1 (en)
HR (1) HRP20040046A2 (en)
HU (1) HUP0400221A2 (en)
IL (1) IL159952A0 (en)
MA (1) MA26124A1 (en)
MX (1) MXPA04000593A (en)
NO (1) NO20040228L (en)
PL (1) PL367485A1 (en)
TN (1) TNSN04010A1 (en)
WO (1) WO2003012374A2 (en)
YU (1) YU5904A (en)
ZA (1) ZA200400351B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101217668B1 (en) * 2011-05-12 2013-01-02 주식회사 안랩 Malicious program hooking prevention apparatus and method
KR101444929B1 (en) * 2012-12-04 2014-09-26 주식회사 안랩 Abnormal call detecting device and abnormal call detecting method

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2634917A1 (en) * 1988-08-01 1990-02-02 Pionchon Philippe METHOD AND DEVICE FOR PROTECTING SOFTWARE, ESPECIALLY AGAINST UNAUTHORIZED COPIES
US5754646A (en) * 1995-07-19 1998-05-19 Cable Television Laboratories, Inc. Method for protecting publicly distributed software
AU7957998A (en) * 1997-06-09 1999-01-25 Intertrust, Incorporated Obfuscation techniques for enhancing software security
EP1086411B1 (en) * 1998-06-12 2003-11-12 Gemplus Method for verifying the execution of a software product

Also Published As

Publication number Publication date
EP1412705A2 (en) 2004-04-28
JP3949103B2 (en) 2007-07-25
FR2828302A1 (en) 2003-02-07
KR20040032859A (en) 2004-04-17
JP2004537794A (en) 2004-12-16
IL159952A0 (en) 2004-06-20
FR2828302B1 (en) 2010-09-03
PL367485A1 (en) 2005-02-21
TNSN04010A1 (en) 2006-06-01
WO2003012374A3 (en) 2003-12-24
YU5904A (en) 2006-08-17
HUP0400221A2 (en) 2004-08-30
CA2454095A1 (en) 2003-02-13
WO2003012374A2 (en) 2003-02-13
MA26124A1 (en) 2004-04-01
ZA200400351B (en) 2005-03-30
CN1541351A (en) 2004-10-27
HK1072110A1 (en) 2005-08-12
NO20040228L (en) 2004-03-30
BR0211370A (en) 2004-09-21
HRP20040046A2 (en) 2004-10-31
CN1313898C (en) 2007-05-02

Similar Documents

Publication Publication Date Title
US20070294770A1 (en) Method to Protect Software Against Unwanted Use with a Variable Principle
US20070136816A1 (en) Method to protect software against unwanted use with a detection and coercion principle
US20070283437A1 (en) Method to Protect Software Against Unwanted Use with a &#34;Temporal Dissociation&#34; Principle
US20070277239A1 (en) Method to Protect Software Against Unwanted Use with a &#34;Renaming&#34; Principle
MXPA04000593A (en) Method for protecting a software using a so-called conditional jump principle against its unauthorised use.
MXPA04000596A (en) Method for protecting a software using a so-called renaming principle against its unauthorised use.
MXPA04000594A (en) Method for protecting a software using a so-called temporal dissociation principle against its unauthorised use.
MXPA04000488A (en) Method for protecting a software using a so-called variable principle against its unauthorised use.
MXPA04000595A (en) Method for protecting a software using a so-called elementary functions principle against its unauthorised use.
US7502940B2 (en) Method to protect software against unwanted use with a “conditional branch” principle
US7434064B2 (en) Method to protect software against unwanted use with a “elementary functions” principle
MXPA04000489A (en) Method for protecting a software using a so-called detection and coercion principle against its unauthorised use.