MXPA04000595A - Method for protecting a software using a so-called elementary functions principle against its unauthorised use. - Google Patents

Method for protecting a software using a so-called elementary functions principle against its unauthorised use.

Info

Publication number
MXPA04000595A
MXPA04000595A MXPA04000595A MXPA04000595A MXPA04000595A MX PA04000595 A MXPA04000595 A MX PA04000595A MX PA04000595 A MXPA04000595 A MX PA04000595A MX PA04000595 A MXPA04000595 A MX PA04000595A MX PA04000595 A MXPA04000595 A MX PA04000595A
Authority
MX
Mexico
Prior art keywords
execution
unit
software
protected software
protected
Prior art date
Application number
MXPA04000595A
Other languages
Spanish (es)
Inventor
Sgro Gilles
Original Assignee
Validy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Validy filed Critical Validy
Publication of MXPA04000595A publication Critical patent/MXPA04000595A/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F1/00Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/125Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • G06F21/123Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Computer Hardware Design (AREA)
  • Remote Sensing (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Storage Device Security (AREA)

Abstract

The invention concerns a method for protecting, from a unit, a vulnerable software against its unauthorised use, said vulnerable software operating on a data processing system. The method consists in defining: a set of elementary functions whereof the elementary functions are executable in a unit, and a set of elementary commands; in creating a protected software: by selecting at least an algorithmic processing; and by producing the source of the protected software from the source of the vulnerable software, by modifying the source of the vulnerable software, so that at least a selected algorithmic processing is broken down such that when the protected software is executed, said algorithmic processing is executed by using the elementary functions.

Description

METHOD TO PROTECT A SOFTWARE WITH THE HELP OF A PRINCIPLE CALLED "ELEMENTARY FUNCTIONS" AGAINST UNAUTHORIZED USE DESCRIPTIVE MEMORY The present invention relates to the technical field of data processing systems in the general sense and contemplates, more precisely, the means to protect, against unauthorized use, software that operates on said data processing systems. The object of the invention contemplates, of. More particularly, the means to protect a software against its unauthorized use, from a memory unit or from a processing and memory unit, said unit is commonly materialized by means of a chip card or with a material key on the USB port. In the previous technical field, the main drawback concerns the unauthorized use of software by users who have not acquired the license rights. This illicit use of software causes damage claimed by software publishers, software distributors and / or any person who integrates such software into products. To avoid such illicit copies, various solutions for protecting software have been proposed in the state of the art. In this way, a protection solution is known which consists of applying a protective material system, such as a physical element called a protection key or "dongle" in Anglo-Saxon terminology. This protection key must guarantee the execution of the software only in the presence of the key. However, it should be noted that said solution is not effective because it has the disadvantage of being easily evaded. A malicious or pirated person, with the help of specialized tools, such as screwdrivers, can suppress the control instructions of the protection key. It could then be possible to make illicit copies corresponding to modified versions of software that no longer have any protection. In addition, this solution can not be generalized to all softwares, as it is difficult to connect more than two protection keys on the same system. The object of the invention justly contemplates remedying the aforementioned drawbacks by proposing a method to protect a software against its unauthorized use, from an ad hoc processing and memory unit, insofar as the presence of said unit is necessary so that the software is fully functional. To achieve this objective, the object of the invention relates to a method for protecting, from at least one virgin unit comprising at least processing means and memory means, a software vulnerable to its unauthorized use, said Vulnerable software works on a data processing system. The method according to the invention consists in: in a protection phase: in defining: a set of elementary functions that are capable of being executed in a unit, and a set of elementary commands for this set of elementary functions, these elementary commands are capable of being executed in the data processing system and of starting the execution in one unit of the elementary functions, in constructing means of use that allow transforming the virgin unit into a unit capable of executing the elementary functions of said game, the Execution of these elementary functions is initiated by the execution in the data processing system, of the elementary commands, in creating a protected software: selecting at least one algorithmic processing that, during the execution of the vulnerable software, uses at least one operating and allows to obtain at least one result, selecting at least a portion of the a source of vulnerable software that contains at least one selected algorithmic processing, producing the source of the protected software from the source of the vulnerable software, modifying at least a selected portion of the source of the vulnerable software to obtain at least a modified portion of the source of the protected software, this modification being such that: during the execution of the protected software, a first execution part is executed in the data processing system and a second execution part is executed in a unit, obtained from the virgin unit after information loading, the second execution part executes at least the functionality of at least one algorithmic processing selected, for at least a selected algorithmic processing is fragmented, so that during the execution of the protected software, this algorithmic processing is executed by means. of the second part of execution, using the elementary functions, for at least one selected algorithmic processing, elementary commands are integrated in the source of the protected software, so that during the execution of the protected software, each elementary command is executed by the first part of execution and starts in the unit, the execution by means of the second part of execution, of an elementary function, and an ordering of elementary commands is selected among the set of orders that allow the execution of the protected software, and producing: a first part object of the protected software, from the source of the protected software, this first part object being such that during the execution of the protected software, a first part of execution appears that is executed in the data processing system and from which At least one portion takes into account that the elementary commands are executed according to the order or selected, and a second part object of the protected software, which contains the means of exploitation, this second part object being such that, after loading in the virgin unit and during the execution of the protected software, the second part of execution appears through from which the elementary functions initiated by the. first part of execution, and in loading the second part object in the virgin unit, in order to obtain the unit, and in a phase of use, in the course of which the protected software is executed: in the presence of the unit and each time an elementary command contained in a portion of the first execution part imposes it, execute the corresponding elementary function in the unit, so that this portion is executed correctly and consequently, the protected software is fully functional, and in absence of the unit, despite the request of a portion of the first execution part to start the execution of an elementary function in the unit, of not being able to respond correctly to this request, so that at least this portion is not executed correctly and consequently, the protected software is not fully functional. According to a preferred embodiment, the method according to the invention consists of: in the protection phase: in modifying the protected software: selecting at least one variable used in at least one selected algorithmic processing, that during the execution of the protected software, partially defines the status of the protected software, modifying at least a selected portion of the source of the protected software, this modification being, such that during the execution of the protected software, at least one selected variable or at least one copy of the selected variable resides in the unit, and producing: the first part object of the protected software, this first part object being such that during the execution of the protected software, at least a portion of the first part of execution also takes into account that at least one variable or at least one variable copy resides in the unit, and the second part object of the software pro tegido, this second part object being such that, after loading in the unit and during the execution of the protected software, the second execution part appears by means of which at least one selected variable, or at least one copy of the selected variable, resides in the unit, and in the of use: in the presence of the unit and whenever it is imposed by a portion of the first part of execution, use a variable or a copy of the variable that resides in the unit, so that this portion is executed correctly and consequently, the Protected software is fully functional, and in the absence of the unit, despite requesting a portion of the first execution part to use a variable or a variable copy that resides in the unit, if it can not respond correctly to this request , so that at least this portion is not executed correctly, and consequently, the protected software is not fully functional. According to another preferred embodiment, the method according to the invention consists of: in the protection phase: in defining: at least one software execution feature, capable of being monitored at least in part in the unit, so less a criterion to be obeyed for at least one software execution feature, detection means to be applied in the unit and which allow detecting that at least one software execution characteristic obeys at least one associated criterion, and means of coercion to apply in the unit and that allow to inform the data processing system and / or modify the execution of a software, when at least one criterion is not obeyed, in building the means of use that allow the unit, also apply the detection means and coercion means, and in modifying the protected software: selecting at least one software execution feature to be monitored, and among the execution characteristics that can be monitored, selecting at least one criterion to be obeyed for at least one selected software execution feature, selecting in the source of the protected software, elementary functions for which at least one execution characteristic will be monitored selected software, modifying the minus one selected portion of the source of the protected software, this modification being such that during execution of the protected software, at least one execution characteristic selected by means of the second execution part is monitored, and the not obeying a criterion leads to an information of the data processing system and / or to a modification of the execution of the protected software, and producing the second part of the protected software that contains the means of exploitation also applying the means of detection and the means of coercion, this second part object being such that, after loading into the unit and during execution of the protected software, at least one software execution feature is monitored and failure to comply with a criterion leads to information from the data processing system and / or a modification of the execution of the protected software, and in the use phase: in the presence of the unit: while obeying all the criteria corresponding to all the supervised execution characteristics of all the modified portions of the protected software, allow the nominal operation of these portions of the protected software, and consequently, allow the nominal operation of the protected software, and if at least one of the criteria corresponding to a monitored execution characteristic of a portion of the protected software is not obeyed, inform the data processing system and / or modify the operation of the portion of the protected software, so that the operation of the protected software is modified. According to a mode variant, the method according to the invention consists of: in the protection phase: in defining: as a software execution characteristic capable of being monitored, a variable for measuring the use of a software functionality, as a criterion to be obeyed, at least a threshold associated with each measurement variable, and updating means that allow updating at least one measurement variable, in constructing the means of use that allow the unit to also apply the means of updating, and to modify the protected software: selecting as software execution feature to monitor, at least one variable measuring the use of a software functionality, selecting: at least one functionality of the protected software where the use is susceptible to be monitored thanks to a measurement variable, at least one measurement variable that serves to quantify the use of said functionality, at least a threshold associated with a variable of selected measurement that corresponds to a limit of use of said functionality, and at least one method to update a measurement variable selected based on the use of said functionality, and modifying at least a selected portion of the source of the protected software, this modification being such that, during the execution of the protected software, the measurement variable is updated by means of the second part of execution, depending on the use of said functionality and at least an excess of threshold is taken into account, and in the use phase, in the presence of the unit, and in the case where at least one is detected an excess of threshold corresponding to at least one limit of use, in informing the data processing system and / or modifying the operation of the portion of the protected software, so that the operation of protected software is modified. According to a mode variant, the method according to the invention consists of: in the protection phase: in defining: for at least one measurement variable, several associated thresholds, and different coercion means corresponding to each of these thresholds, and in modifying the protected software: selecting at the source of the protected software, at least one selected measurement variable to which several thresholds corresponding to the different limits of use of the functionality must be associated, selecting at least two thresholds associated with the selected measurement variable, and modifying at least a selected portion of the protected software source, this modification being such that, during the execution of the protected software, excesses of different thresholds are taken into account, by means of the second part of execution, in a different way, and in the phase of use: in the presence of the unit: in the case where e detects the excess of a first threshold, in ordering the protected software to no longer use the corresponding functionality, and in the case where the excess of a second threshold is detected, in rendering the corresponding functionality inoperative and / or at least one portion of the protected software. According to a mode variant, the method according to the invention consists of: in the protection phase: in defining recharging means that allow at least one complementary use to be accredited for at least one software functionality monitored by a measurement variable , to build the means of use that also allow the unit to apply the recharge means, and to modify the protected software: selecting the protected software source, at least one selected measurement variable that allows limiting the use of a functionality to which at least one complementary use must be able to be accredited, and modifying at least a selected portion, this modification being such that in a so-called recharge phase, at least one complementary use of at least one corresponding functionality can be accredited to a selected measurement variable, and in the recharge phase: in updating at least one variable of measurement selected ion and / or at least one associated threshold, in order to allow at least a complementary use of the functionality. According to a variant of mode, the method according to the invention consists of: in the protection phase: in defining: as a software execution characteristic capable of being monitored, a software use profile, and as a criterion to be obeyed, at least one software execution feature, and in modifying the protected software: selecting as software execution feature to monitor at least one software usage profile, selecting at least one execution characteristic that must at least obey a selected usage profile, and modifying at least a selected portion of the protected software source, this modification being such that during the execution of the protected software, the second execution part obeys all the execution characteristics selected, and in the phase of use in the presence of the unit, and in the case where it is detected that at least one execution characteristic it is not obeyed, in informing the data processing system and / or in modifying the operation of the portion of the protected software, so that the operation of the protected software is modified. According to a vanishing mode, the method according to the invention consists of: in the protection phase: in defining: a set of instructions in which the instructions are capable of being executed in the unit, a set of commands for instructions this set of instructions, these commands are capable of being executed in the data processing system and of initiating in the unit the execution of the instructions, such as usage profile, the chaining of the instructions, as an execution characteristic, a chaining desired for the execution of the instructions, as detection means, means that allow detecting that the chaining of the instructions does not correspond to that desired, and as means of coercion, means that allow to inform the data processing system and / or modify the operation of the protected software portion when the chain of instructions does not correspond to that desired, in building the means of use that also allow the unit to execute the instructions of the set of instructions, the execution of these instructions are initiated by the execution in the data processing system, of commands of instructions, and in modifying the protected software: modifying at least a selected portion of the source of the protected software: transforming the elementary functions into instructions, specifying the chain that must be obeyed by at least certain instructions during its execution in the unit, and transforming the elementary commands into commands of instructions that correspond to the instructions used, and in the phase of use, in the presence of the unit, in the case where it is detected that the chain of instructions executed in the unit does not correspond to that desired, in informing the processing system of data and / or to modify the operation of the sof portion protected software, so that the operation of the protected software is modified. According to a variant of mode, the method according to the invention consists of: in the protection phase: in defining: as a set of instructions, a set of instructions in which at least certain instructions work on registers and use at least one operating in order to yield a result, at least a part of the instructions that work on the records: a part that defines the functionality of the instruction, and a part that defines the desired chain for the execution of instructions and that includes fields of bits that correspond to: a field of identification of the instruction, and for each operand of the instruction: a flag field, and an expected identification field of the operand, for each record that belongs to the means of use and used by the set of instructions, a generated identification field in which the identification of the last instruction that has thrown its result is automatically stored. in this register, as means of detection, means that allow, during the execution of an instruction, for each operand, when imposed by the flag field, control the equality between the generated identification field corresponding to the record used by this operand, and the expected identification field of the origin of this operand, and as means of coercion, means that allow the result of the instructions to be modified, if at least one of the controlled equalities is false. According to another preferred embodiment, the method according to the invention consists of: in the protection phase: in defining: as an initiating command, an elementary command or an instruction command, as a dependent function, an elementary function or an instruction , as an order, at least one argument for an initiating command, corresponding at least in part to the information transmitted by the data processing system to the unit, in order to initiate the execution of the corresponding dependent function, a method of renaming orders that allows to rename orders in order to obtain initiating commands in reordered orders, and restoration means destined to be applied in the unit in the course of the use phase, and that allow finding the dependent function to execute, from the renamed order, to build means of exploitation that allow the unit to also apply the means of restoring lecimiento, and in modifying the protected software: selecting at the source of the protected software, initiating commands, modifying at least a selected portion of the source of the protected software renaming the orders of selected initiating commands, in order to disguise the identity of the functions corresponding dependents, and producing: the first part object of the protected software, this first part object being such that during the execution of the protected software, the initiating commands are executed in reordered orders, and the second part is the object of the protected software that contains the means of use that also apply the means of restoration, this second part object being such that, after loading in the unit and during the execution of the protected software, the identity of the dependent functions is re-established where the execution is initiated by the first part of execution, through the second part of execution, and the dependent functions are executed by means of the second execution part, and in the use phase: in the presence of the unit and each time an initiating command in reordered order, contained in a portion of the first execution part. impose it, reestablish in the unit, the identity of the corresponding dependent function and in executing it, so that this portion is executed correctly and that consequently, the protected software is fully functional, and in the absence of the unit, despite of the request of a portion of the first execution part, to start the execution of a dependent function in the unit, in not being able to respond correctly to this request, so that at least this portion is not executed correctly and consequently, the protected software is not fully functional. According to a variant of mode, the method according to the invention consists of: in the protection phase: in defining for at least one dependent function, a family of algorithmically equivalent dependent functions, but initiated by initiating commands where the renamed commands they are different, and in modifying the protected software: selecting at the source of the protected software at least one initiating command in reordered order, and modifying at least a selected portion of the protected software source by replacing at least the renamed command of an initiator command in selected reordered order, by another renamed command, which starts a function dependent on the same family.
According to a variant of mode, the method according to the invention consists in: in the protection phase, in defining, for at least one dependent function, a family of algorithmically equivalent dependent functions: concatenating a noise field with the information that defines the functional part of the dependent function to be executed in the unit, or using the identification field of the instruction and the expected identification fields of the operands. According to a variant of modality, the method according to the invention consists of: in the protection phase: in defining: as a method of renaming orders, a coding method for coding orders, and as means of restoration, means that they apply a decoding method to decode the renamed orders and thus reestablish the identity of the dependent functions that will be executed in the unit. According to another preferred embodiment, the method according to the invention consists of: in the protection phase: in modifying the protected software: selecting at the source of the protected software, at least one conditional derivation effected in at least one algorithmic processing selected, by modifying at least a selected portion of the source of the protected software, this modification is such that during the execution of the protected software, the functionality of at least one selected conditional derivation is executed, by means of the second execution part, in the unit, and producing: the first part object of the protected software, this first part object being such that during the execution of the protected software, the functionality of at least one conditional derivation selected in the unit is executed, and the second part object of the protected software, this second part object being such that after loading in the unit ad and during the execution of the protected software, the second execution part appears by means of which the functionality of at least one selected conditional derivation is executed, and in the use phase: in the presence of the unit and each time imposes a portion of the first execution part, executing the functionality of at least one conditional derivation in the unit, so that this portion is executed correctly and consequently, the protected software is completely functional, and in the absence of the unit and in spite of the request of a portion of the first execution part, to execute the functionality of a conditional derivation in the unit, in not being able to respond correctly to this request, so that at least this portion is not executed correctly and that in Consequently, the protected software is not fully functional. According to one embodiment, the method according to the invention consists, in the protection phase, in modifying the protected software: selecting, at the source of the software protected by at least one series of selected conditional derivations, modifying at least one portion selected from the source of the protected software, this modification is such that during the execution of the protected software, the global functionality of at least one selected series of conditional derivations is executed by means of the second execution part, in the unit, and producing : the first part object of the protected software, this first part object is such that during the execution of the protected software, the functionality of at least one selected series of conditional derivations in the unit is executed, and the second part is the object of the protected software, this second part object being such that after loading in the unit and during the execution of the sof protectedware, the second execution part appears by means of which the global functionality of at least one selected series of conditional derivations is executed. The method according to the invention thus makes it possible to protect the use of software by means of the application of a processing and memory unit which has the particular feature of containing a part of the software during execution. It is concluded that any version derived from software that attempts to operate without the processing and memory unit imposes recreating the part of the software contained in the processing unit and memory during execution, with the risk that this version derived from the software is not fully functional. Other diverse characteristics result from the previous description with reference to the attached drawings that show, by way of non-limiting examples, modalities and applications of the object of the invention. Figures 1a and 1b are functional block diagrams illustrating the various representations of a software respectively not protected and protected by the method according to the invention. Figures 2a to 2c illustrate, by way of example, various embodiments of a device for applying the method according to the invention. Figures 3a and 3b are functional block diagrams explaining the general principle of the method according to the invention. Figures 4a to 4d are diagrams illustrating the method of protection according to the invention applying the principle of protection by variable. Figures 5a to 5e are diagrams illustrating the method of protection according to the invention that apply the principle of protection by elementary functions. Figures 6a to 6e are diagrams illustrating the method of protection according to the invention applying the principle of protection by detection and coercion. Figures 7a to 7f are diagrams illustrating the method of protection according to the invention applying the principle of protection by renaming. Figures 8a to 8c are diagrams illustrating the method of protection according to the invention applying the principle of protection by conditional derivation. Figure 9 is a diagram illustrating the different phases of application of the object of the invention. Figure 10 illustrates an example of the modality of a system that allows the application of the construction period of the protection phase according to the invention. The figure illustrates an example of embodiment of a pre-personalization unit used in the protection method according to the invention. Figure 12 illustrates an example of the modality of a system that allows the application of the tool making period of the protection phase according to the invention. Figure 13 illustrates an example of a system mode that allows the application of the protection method according to the invention. Figure 14 illustrates an example of embodiment of a personalization unit used in the protection method according to the invention. In the development of the description, the following definitions will be used: A data processing system 3 is a system capable of executing a program. A processing and memory unit is a unit capable of accepting data provided by a data processing system 3, of restoring data to the data processing system 3, of storing data at least in part in a secret manner and of preserving at least a part of these when the unit is out of voltage, and to perform the algorithmic processing on the data, a part or all of this processing is secret.
A unit 6 is a processing and memory unit that applies the method according to the invention. A virgin unit 60 is a unit that does not apply the method according to the invention, but that can receive information that converts it into a unit 6. A pre-personal unit 66 is a virgin unit 60 that has received a part of the information that it has received. allow, after receipt of complementary information, to be transformed into a unit 6. The information load in a virgin unit 60 or a pre-personal unit 66 corresponds to a transfer of information in the virgin unit 60 or the pre-personal unit 66, and a storage of said information transferred. Eventually, the transfer may include a change in the format of the information. A variable, a data or a function contained in the data processing system 3 will be indicated with a capital letter, while a variable, a data or a function contained in the unit 6 will be indicated by a lowercase letter. A "protected software" is software that has been protected by at least one principle of protection applied through the method according to the invention. A "vulnerable software" is software that has not been protected by any protection principle applied through the method according to the invention. In the case where the differentiation between vulnerable software and protected software is not important, the term "software" is used. A software is presented under various representations according to the moment considered in its life cycle: a source representation, an object representation, a distribution, or a dynamic representation. A source representation of a software is understood as a representation that after transformation, gives an object representation. A source representation can be presented according to different levels, from an abstract conceptual level to a level directly executable by a data processing system or a processing and memory unit. A representation object of a software corresponds to a level of representation that after transfer in a distribution and subsequent loading in a data processing system or a processing and memory unit, can be executed. It can be, for example, a binary code, an interpreted code, etc. A distribution is a physical or virtual medium that contains the object representation, this distribution must be made available to the user to allow him to use the software. A dynamic representation corresponds to the execution of the software based on its distribution. A piece of software corresponds to any software part and may correspond, for example, to one or more consecutive instructions or not, and / or to one or more consecutive functional blocks or not, and / or to one or more functions, and / or one or more subprograms, and / or one or more modules. A portion of a software may also correspond to all of this software. Figures 1 a and 1 b illustrate the various representations respectively of a vulnerable 2v software in the general sense, of a 2p protected software according to the method of the invention. Figure 1 a illustrates various representations of a vulnerable 2v software that appears in the course of its life cycle. The vulnerable 2v software can appear under one of the following representations: a 2vs source representation, a 2vo object representation, a 2vd distribution. This distribution can be presented commonly in the form of a physical distribution means such as a CDRO or in the form of files distributed through a network (GSM, Internet, ...), or a dynamic representation 2ve corresponding to the execution of the vulnerable software 2v in a data processing system 3 of any known type, normally comprising at least one processor 4. Figure 1 b illustrates various representations of a 2p protected software that appears during its life cycle. The protected software 2p may appear under one of the following representations: a 2ps source representation comprising a first source part destined for the data processing system 3 and a second source part intended for the unit 6, a part of these source parts can be commonly contained in common files, a 2po object representation comprising a first target part 2pos intended for the data processing system 3 and a second target part 2pou intended for unit 6, a 2pd distribution that comprises: a first distribution part 2pds containing the first object part 2pos, this first part of distribution 2pds is intended for the data processing system 3 and may commonly be presented in the form of a physical distribution means such as a CDROM, or in the form of files distributed through a network (GSM, Internet, ...), and a second part of distribution 2pdu that is presented under the form: of at least one prepersonalized unit 66 on which it has been loaded the second part 2pou object and for which the user must finish the personalization loading complementary information, in order to obtain a unit 6, this info Further processing is obtained, for example, by uploading or downloading via a network, or of at least one unit 6 on which the second part of the 2pou object has been loaded, or a dynamic representation 2pe corresponding to the execution of the software protected 2p. This dynamic representation 2pe comprises a first execution part 2pes that is executed in the data processing system 3 and a second execution part 2peu that is executed in unit 6. In the case where the differentiation between the different representations of the software protected 2p does not matter, the first part expressions of the protected software and the second part of the protected software are used. The application of the method according to the invention according to the dynamic representation of figure 1 b, uses a device 1 p comprising a data processing system 3 linked through a chemical link to a unit 6. The processing system data 3 is of any type and normally comprises at least one processor 4. The data processing system 3 can be a computer or can be part, for example, of various machines, devices, fixed or mobile products, or vehicles in the general sense. The link 5 can be realized in any possible way, such as for example through a serial line, a USB bus, a radio link, an optical link, a network link or a direct electrical connection on a system circuit of data processing 3, etc. It should be noted that the unit 6 can possibly be physically located inside the same integrated circuit as the processor 4 of the data processing system 3. In this case, the unit 6 can be considered as a coprocessor in relation to the processor 4. of the data processing system 3 and the link 5 is internal to the integrated circuit. Figures 2a to 2c illustratively and non-limitingly show various embodiments of the device 1 p that allow the application of the protection method according to the invention. In the embodiment example illustrated in Figure 2a, the protection device 1 p comprises, as a data processing system 3, a computer and, as a unit 6, a chip card 7 and its interface 8 commonly called a card reader . The computer 3 is connected to the unit 6 via a link 5. During the execution of a protected software 2p, the first execution part 2pes that is executed in the computer 3 and the second execution part 2peu that is executed in the card of chip 7 and its interface 8, must be functional so that the 2p protected software is fully functional. In the embodiment example illustrated in figure 2b, the protection device 1 p provides a product 9 in the general sense, comprising various elements 10 adapted to the function or functions assumed by said product 9. The protection device 1 p comprises, on the one hand, a data processing system 3 inserted into the product 9 and, on the other hand, a unit 6 associated with the product 9. For the product 9 to be fully functional, the protected software 2p must be fully functional. Thus, during the execution of the protected software 2p, the first execution part 2pes that is executed in the data processing system 3 and the second execution part 2peu that is executed in the unit 6, must be functional. This 2p protected software then indirectly allows protection against unauthorized use, the product 9 or one of its functionalities. For example, the product 9 can be an installation, a system, a machine, a toy, a household appliance, a telephone, etc. In the embodiment example illustrated in Figure 2c, the protection device 1 p includes several computers, as well as a part of a communication network. The data processing system 3 is a first computer connected by a network-type link 5, to a unit 6 constituted by a second computer. To apply the invention, the second computer 6 is used as a license server for a 2p protected software. During the execution of the protected software 2p, the first execution part 2pes that is executed in the first computer 3 and the second execution part 2peu that is executed in the second computer 6, must be functional so that the 2p protected software is completely functional. Figure 3a allows to explain more precisely the method of protection according to the invention. It should be noted that a vulnerable software 2v is considered to be executed entirely in a data processing system 3. On the contrary, in the case of the application of a protected software 2p, the data processing system 3 comprises transfer means 12 connected through the link 5, to transfer means 13 forming part of the unit 6 that allow communication between them, the first execution part 2pes and the second execution part 2peu of the protected software 2p. It should be considered that the transfer means 12, 13 have the nature of software and / or material and are apt to ensure and eventually optimize the data communication between the data processing system 3 and the unit 6. These transfer means 12, 13 they are adapted to allow having a protected software 2p which preferably is independent of the type of link 5 used. These transfer means 12, 13 do not form part of the object of the invention and are not described more precisely, as they are known to those skilled in the art. The first part of the 2p protected software comprises commands. During execution of the protected software 2p, the execution of these commands by the first execution part 2pes allows communication between the first execution part 2pes and the second execution part 2peu. In the development of the description, these commands are represented by IN, OUT or TRIG.
As illustrated in FIG. 3b, to allow application of the second execution part 2peu of the protected software 2p, the unit 6 comprises protection means 14. The protection means 14 comprises memory means 15 and processing means 16. In order to simplify the development of the description it is preferred to consider, during the execution of the protected software 2p, the presence of the unit 6 or the absence of the unit 6. In reality, a unit 6 having protection means 14 unsuitable for the execution of the second execution part 2peu of the protected software 2p is also considered as absent, every time that the execution of the protected software 2p is not correct. In other words: a unit 6 physically present and comprising means of protection 14 adapted for the execution of the second execution part 2pe of the protected software 2p, is always considered as present, a unit 6 physically present but comprising means of protection 14 misfits, that is, that do not allow the correct application of the second execution part 2peu of the protected software 2p is considered as present, when it works correctly, and as absent when it does not work correctly, and a physically absent unit 6 is always considered as absent . In the case where the unit 6 is constituted by a chip card 7 and its interface 8, the transfer means 13 are fragments in two parts where one is on the interface 8 and the other is on the card. chip 7. In this mode example, the absence of the chip card 7 is considered as equivalent to the absence of the unit 6. In other words, in the absence of the chip card 7 and / or its interface 8, the protection means 14 are not accessible and do not allow execution of the second execution part 2peu of the protected software, so that the protected 2p software is not fully functional. According to another advantageous feature of the invention, the method of protection contemplates applying a principle of protection, called by "elementary functions", of which a description is made in relation to figures 5a to 5e. For the application of the principle of protection by elementary functions, it is defined: a set of elementary functions in which the elementary functions are capable of being executed, by means of the second execution part 2peu, in unit 6, and eventually to transfer data between the data processing system 3 and the unit 6, and a set of elementary commands for this set of elementary functions, these elementary commands are capable of being executed in the data processing system 3 and of starting the execution in the unit 6, of the corresponding elementary functions.
For the application of the principle of protection by elementary functions, utilization means are also constructed that allow transforming a virgin unit 60 into a unit 6 capable of executing the elementary functions, the execution of these elementary functions being initiated by the execution in the system of data processing 3, of elementary commands. For the application of the principle of protection by elementary functions, at least one algorithmic processing that uses at least one operand and that yields at least one result is also selected at the source of the vulnerable software 2vs. Also selected is at least a portion of the vulnerable software source 2vs containing at least one selected algorithmic processing. At least a selected portion of the vulnerable software source 2vs is then modified, in order to obtain the 2ps protected software source. This modification is such that especially: during the execution of the protected software 2p, at least a portion of the first execution part 2pes, which is executed in the data processing system 3, take into account that the functionality of at least one selected algorithmic processing is executed in unit 6, during execution of the protected software 2p, the second execution part 2peu, which is executed in unit 6, executes at least the functionality of at least one selected algorithmic processing, each selected algorithmic processing is fragmented so that during the execution of the protected software 2p, each selected algorithmic processing is executed, by means of the second execution part 2peu, using elementary functions. Preferably, each selected algorithmic processing is fragmented into elementary functions fen (with n varying from 1 to N), namely: possibly one or more elementary functions that allow the arrangement of one or more operands for unit 6, elementary functions in where some use the operand (s) and which, in combination, execute the functionality of the selected algorithmic processing, using this or these operands, and eventually one or more elementary functions that allow the disposition by the unit 6, for the data processing system 3 of the selected algorithmic processing result, and. an ordering of the elementary commands is selected among the set of orderings that allow the execution of the protected software 2p. The first execution part 2pes of the protected software 2p that is executed in the data processing system 3 executes elementary CFEn commands (with n varying from 1 to N), which starts in unit 6, execution by means of the second part of execution 2peu, of each of the elementary functions fen defined above. Figure 5a illustrates an exemplary execution of a vulnerable 2v software. In this example, during the execution of the vulnerable software 2v in the data processing system 3, at a given moment, the calculation of Z <appears.; j F (X, Y) corresponding to the assignment of a variable Z of the result of an algorithmic processing represented by a function F and using the operands X and Y. Figure 5b illustrates an example of application of the invention for the which algorithmic processing selected in figure 5a is deported to the unit. 6. In this example, during the execution in the data processing system 3 of the first execution part 2pes of the protected software 2p and in the presence of the unit 6, it appears: at times ti, t2, the execution of the commands elementary CFE-i, CFE2 that start in unit 6, the execution by means of the second part of execution 2peu, of elementary functions fe- ?, corresponding fe2 that ensure the transfer of data X, Y from the data processing system 3 to the memory areas respectively x, and located in the memory means 15 of the unit 6, these elementary commands CFE-j, CFE2 are respectively represented by OUT (x, X), OUT (y, Y), in the moments t3 to ÍN-I, the execution of the elementary commands CFE3 to CFEN-i, that start in unit 6, the execution by means of the second execution part 2peu, of elementary functions fe3 to fe ^ corresponding, these elementary commands CFE3 to CFEN-i are represented, I respec tively, by TRIG (fe3) to TRIG (feN-i). The development of the elementary functions fe3 to fe -i executed in combination is algorithmically equivalent to the function F. More precisely, the execution of these elementary commands leads to the execution in unit 6, of elementary functions fe3 a few-i that they use the content of the memory areas x, yy that yield the result in a memory area z of unit 6, and at the time † .N, the execution of a CFEN elementary command that starts in unit 6, execution by means of the second execution part 2peu, of the elementary function feN ensuring the transfer of the result of the algorithmic processing, contained in the memory area z of the unit 6 to the data processing system 3, in order to assign it to variable Z, this elementary command CFEN is represented by IN (z). In the illustrated example, the elementary commands 1 to N are executed successively. It should be noted that two improvements can be made: The first improvement refers to the case where several algorithmic processes are deported to unit 6 and at least the result of an algorithmic processing is used by another algorithmic processing. In this case, some elementary commands that serve for the transfer, can be eventually deleted. The second improvement contemplates opting for a pertinent ordering of elementary commands among the set of orders that allow the execution of protected 2p software. In this regard, it is preferable to select an array of elementary commands that temporarily dissociates the execution of the elementary functions, interspersing, between them, portions of code executed in the data processing system 3 and comprising or not elementary commands that serve the determination of other data. Figures 5c and 5d illustrate the principle of said modality. Figure 5c shows an exemplary execution of a vulnerable 2v software. In this example, during the execution of the vulnerable software 2v, in the data processing system 3, the execution of two algorithmic processing leads to the determination of Z and Z ', such as Ztj > F (X, Y) and Z '< j) F '(?',? '). Figure 5d illustrates an example of application of the method according to the invention for which the two algorithmic processing selected in Figure 5c are deported to unit 6. According to said example, during execution in the data processing system 3 of the first execution part 2pes of the protected software 2p and in the presence of the unit 6, appears, as explained above, the execution of the elementary commands CFEÍ to CFEN corresponding to the determination of Z and the execution of elementary commands CFE'i to CFE'M corresponding to the determination of Z '. As illustrated, the elementary CFE-commands? a CFEN'i are not executed consecutively, in the measurement of elementary CFE'i commands to CFE'M, so other portions of code are interspersed. In the example, the following ordering is also modalized: CFET, interleaved code portion, CFE'i, CFE2, interleaved code portion, CFE'2, CFE'3) interleaved code portion, CFE'4, CFE3, CFE4, ..., CFENL CFE'M. It should be noted that during the execution of the protected software 2p, in the presence of the unit 6, each time an elementary command contained in a portion of the first execution part 2pes of the protected software 2p imposes it, the corresponding elementary function is executed in the unit 6. Thus, it appears, that in the presence of unit 6, this portion is executed correctly and that accordingly, the 2p protected software is fully functional. Figure 5e illustrates an example of attempted execution of the protected software 2p, while the unit 6 is absent. In this example, during the execution in the data processing system 3, of the first execution part 2pes of the protected software 2p, at all times, the execution of an elementary command can not initiate the execution of the corresponding elementary function, because of the absence of unit 6. The value to assign to variable Z can not then be determined correctly. It then appears, that in the absence of the unit 6, at least a request for a portion of the first execution part 2pes of the protected software 2p, to start the execution of an elementary function in the unit 6 can not be correctly satisfied, of so that at least this portion is not executed correctly and that accordingly, the 2p protected software is not fully functional. According to another advantageous feature of the invention, the method of protection contemplates applying a principle of protection called by "variable" of which a description is made in relation to figures 4a to 4d. For the application of the principle of protection by variable, it is selected in the source of the vulnerable software 2vs, at least one variable that during the execution of the vulnerable software 2v, partially defines the state of this one. By software status, the set of information must be understood, at a given moment, necessary for the complete execution of this software, so that the absence of said selected variable harms the complete execution of this software. Also selected is at least a source portion of the vulnerable software 2vs containing at least one selected variable. At least a selected portion of the vulnerable software source 2vs is then modified, in order to obtain the 2ps protected software source. This modification is such that during the execution of the protected software 2p, at least a portion of the first execution part 2pes that is executed in the data processing system 3, takes into account that at least one variable selected or at least a copy of the selected variable resides in unit 6. Figure 4a illustrates an exemplary execution of a vulnerable 2v software. In this example, it appears during the execution of the vulnerable software 2v in the data processing system 3: at the time ti, the assignment of the data X to the variable represented by \? F ?, at time t2, the assignment of the value of variable V-? to the variable Y, represented by? f \ /? , at time t3, the assignment of the value of the variable \? to the variable Z, represented by? f \. Figure 4b illustrates an example of a first form of application of the invention for which the variable resides in unit 6. In this example, during execution in the data processing system 3 of the first execution part 2pes of 2p protected software, and in the presence of unit 6, it results: at the time ti, the execution of a transfer command that initiates the transfer of the data X from the data processing system 3 to the variable v- \ located in the memory means 5 of unit 6, this transfer command is represented by OUT (? -?, X) and corresponds at the end to the assignment of data X to the variable v-¡, at time t2, the execution of a transfer command which initiates the transfer of the value of the variable Vi residing in unit 6 to the data processing system 3 in order to assign to the variable Y, this transfer command is represented by IN (v ^ and corresponds at the end to the assignment of the value of variable v-? to variable Y, and at time t3, the execution of a transfer command that initiates the transfer of the value of variable v that resides in unit 6 to the processing system of data 3 in order to assign it to the variabl e Z, this transfer command is represented by IN (vi) and corresponds at the end to the assignment of the value of the variable vi to the variable Z. It should be noted that during the execution of the protected software 2p, at least one variable resides in the unit 6. Thus, when a portion of the first execution part 2pes of the protected software 2p imposes it, and in the presence of the unit 6, the value of this variable residing in the unit 6 is transferred to the processing system of data 3 to be used by the first execution part 2pes of the 2p protected software, so that this portion is executed correctly and that accordingly, the 2p protected software is fully functional. Figure 4c illustrates an example of a second form of application of the invention for which a copy of the variable resides in unit 6. In this example, during execution in the data processing system 3 of the first execution part 2pes of the protected software 2p, and in the presence of the unit 6, it appears: at the time t- ?, the assignment of the data X to the variable Vi located in the data processing system 3, as well as the execution of a command of transfer that initiates the transfer of the data X from the data processing system 3 to the variable i located in the memory means 15 of the unit 6, this transfer command being represented by OUT (i, X), at time t2 , the assignment of the value of the variable Vi to the variable Y, and at the time Í3, the execution of a transfer command that initiates the transfer of the value of the variable vi that resides in unit 6 to the data system 3 with the end of a sign it to the variable Z, this transfer command being represented by IN (v-i). It should be noted that during the execution of the 2p protected software, at least one copy of a variable resides in unit 6. Thus, when a portion of the first execution part 2pes of the 2p protected software imposes it, and in the presence of the unit 6, the value of this copy of variable residing in unit 6 is transferred to the data processing system 3 to be used by the first execution part 2pes of the protected software 2p, so that this portion is executed correctly and that consequently, 2p protected software is fully functional. Figure 4d illustrates an example of attempted execution of the protected software 2p, while the unit 6 is absent. In this example, during the execution in the data processing system 3 of the first execution part 2pes of the protected software 2p: at the time ti, the execution of the transfer command OUT (vi, X) can not initiate the transfer of the data X to the variable v ^ taking into account the absence of unit 6, at time t2, the execution of the transfer command IN (vi) can not initiate the transfer of the value of the variable Vi to the data processing system 3, taking into account the absence of the unit 6, and at time t3, the execution of the transfer command IN (vi) can not initiate the transfer of the value of the variable vi to the data processing system 3, taking into account the absence of the unit 6. It follows then that in the absence of the unit 6, at least a request for a portion of the first execution part 2pes to use a variable or a variable copy that resides in unit 6, can not be satisfied correctly, so that at least this portion is not executed correctly and as a consequence, the 2p protected software is not fully functional. It should be noted that the data transfers between the data processing system 3 and the unit 6 illustrated in the previous examples only use simple assignments, but the person skilled in the art will know how to combine it with other operations to arrive at complex operations such as for example OUT (v1, 2 * X + 3) or else? f (5 *? 1 + v2). According to another advantageous feature of the invention, the method of protection contemplates applying a principle of protection, called by "detection and coercion", of which a description is made in relation to figures 6a to 6e. For the application of the principle of protection by detection and coercion, it is defined: at least one software execution feature that can be monitored at least in part in unit 6, at least one criterion to be obeyed for at least one characteristic of software execution, detection means 17 to be applied in unit 6 and which allow detecting that at least one software execution feature does not obey at least one associated criterion, and coercion means 18 to apply in unit 6 and that they allow to inform the data processing system 3 and / or to modify the execution of a software, when at least one criterion is not obeyed. For the application of the principle of protection by detection and coercion, means of exploitation are also constructed that allow to transform a virgin unit 60 into a unit 6, applying at least the detection means 17 and the means of coercion 18. Figure 6a illustrates the necessary means for the application of this principle of protection by detection and coercion. The unit 6 comprises detection means 17 and the coercion means 18 belonging to the processing means 16. The means of coercion 18 are informed of not obeying a criterion by the detection means 17. More precisely, the detection means 17 uses information from the transfer means 13 and / or the memory means 15 and / or the processing means 16, in order to monitor one or more software execution features. At each software execution feature, at least one criterion to be followed is fixed. In the case where it is detected that at least one software execution feature does not obey at least one criterion, the detection means 17 inform the coercion means 18. These coercion means 18 are adapted to modify, in the manner of appropriate, the state of the unit 6. For the application of the principle of protection by detection and coercion, it is also selected: at least one software execution characteristic to be monitored, among the execution characteristics capable of being monitored, at least a criterion to be followed for at least one selected software execution feature, at the source of the vulnerable software 2vs, at least an algorithmic processing for which at least one software execution feature is monitored, and at the source of the vulnerable software 2vs, at least one portion containing at least one selected algorithmic processing. At least a selected portion of the vulnerable software source 2vs is then modified, in order to obtain the source of the protected 2ps software. This modification is such that especially during the execution of the protected software 2p: at least a portion of the first execution part 2pes, which is executed in the data processing system 3, takes into account that at least one selected software execution feature will be monitored, at least in part in unit 6, and the second execution part 2peu, which is executed in unit 6, it monitors, at least in part, a selected software execution feature. During the execution of the protected software 2p, protected by this principle of protection by detection and coercion, in the presence of the unit 6: as all the criteria corresponding to all the supervised execution characteristics of all the modified portions of the protected 2p software are obeyed, these modified portions of the 2p protected software work nominally, and accordingly, the 2p protected software works nominally, and if at least one of the criteria corresponding to a monitored execution characteristic of a portion of the 2p protected software does not is obeyed, the data processing system 3 is informed and / or the operation of the protected software portion 2p is modified, so that the operation of the protected software 2p is modified. Of course, in the absence of the unit 6, at least one request for a portion of the first execution part 2pes of the protected software 2p to use the unit 6 can not be satisfied correctly, so that at least this portion is not run correctly and as a result, the 2p protected software is not fully functional. For the application of the principle of protection by detection and coercion, two types of software execution features are preferably used. The first type of software execution characteristic corresponds to a measurement variable of the execution of a software and the second type corresponds to a profile of use of a software. These two types of characteristics can be used independently or in combination. For the application of the principle of protection by detection and coercion that uses as execution characteristic, a variable of measurement of the execution of software, it is defined: in the memory means 15, the possibility of memorizing at least one variable of measurement that serve to quantify the use of at least one software functionality, in the detection means 17, the ability to monitor at least one threshold associated with each measurement variable, and update means that allow each measurement variable to be updated as a function of the use of the functionality to which it is associated. Advantageous means are also constructed which apply, in addition to the detection means 17 and the coercion means 18, the updating means.
It is also selected, at the source of the vulnerable software 2vs: at least one vulnerable software functionality 2v where the use is subject to be monitored thanks to a variable of measurement, at least one variable of measurement that serves to quantify the use of said functionality, at least one threshold associated with the measurement variable that corresponds to a limit of use of said functionality, and at least one method of updating the measurement variable based on the use of said functionality. The vulnerable software source 2vs is then modified, in order to obtain the protected software source 2ps, this modification being such that during the execution of the protected software 2p, the second execution part 2peu: updates the measurement variable according to the use of said functionality, and takes into account at least an excess of threshold. In other words, during the execution of the protected software 2p, the measurement variable is updated according to the use of said functionality, and while the threshold is exceeded, the detection means 17 inform the coercion means 18 that they make an adapted decision for informing the data processing system 3 and / or modifying the processing carried out by the processing means 16 that allow modifying the operation of the protected software portion 2p, so as to modify the operation of the protected software 2p. For the application of a first preferred variant of the principle of protection by detection and coercion that uses, as a characteristic, a measurement variable, it is defined: for at least one measurement variable, several associated thresholds, and different coercion means that correspond to each of these thresholds. It is also selected, at the source of the vulnerable software 2vs: at least one measurement variable that serves to quantify the use of at least one software functionality and to which several thresholds corresponding to the different limits of use of said software must be associated. functionality, and at least two thresholds associated with the measurement variable. The source of the vulnerable software 2vs is then modified, in order to obtain the source of the protected software 2ps, this modification being such that during the execution of the protected software 2p, the second execution part 2peu: updates the measurement variable according to the use of said functionality, and takes into account, in a different way, the surpluses of different thresholds. In other words, as a rule, during the execution of the protected software 2p, while the first threshold is exceeded, the unit 6 informs the data processing system 3 ordering the protected software 2p not to use this functionality anymore. If 2p protected software continues to use this functionality, the second threshold may be exceeded.
In the case where the second threshold is exceeded, the means of coercion 18 may render the selected functionality inoperative and / or render the 2p protected software inoperative. For the application of a second preferred variant of the principle of protection by detection and coercion using, as a characteristic, a measurement variable, recharging means are defined that allow at least one complementary use to be accredited for at least one monitored software functionality by a measurement variable. Means of exploitation are also constructed that apply, in addition to the detection means 17, coercion means 18 and updating means, the recharging means. Also selected, at the source of the vulnerable software 2vs, at least one measurement variable that serves to limit the use of at least one functionality of the software and to which at least one complementary use must be accredited. The vulnerable software source 2vs is then modified, in order to obtain the 2ps protected software source, this modification being such that in a so-called recharge phase, at least one complementary use of at least one functionality corresponding to a selected measurement variable can be accredited. In the recharging phase, the updating of at least one selected measurement variable and / or of at least one associated threshold is proceeded, in order to allow at least a complementary use of the corresponding functionality. In other words, it is possible, in the recharge phase, to prove the complementary uses of at least one functionality of the 2p protected software. For the application of the principle of protection by detection and coercion using, as a characteristic, a software use profile, it is defined as a criterion to be followed for this use profile, at least one software execution feature. It is also selected, at the source of the vulnerable software 2vs: at least one user profile to be monitored, and at least one execution characteristic that must obey at least one selected usage profile. The source of the vulnerable software 2vs is then modified, in order to obtain the source of the protected software 2ps, this modification being such that during the execution of the protected software 2p, the second execution part 2peu, obeys all the selected execution characteristics. In other words, the unit 6 monitors the manner in which the second execution part 2peu is executed and can inform the data processing system 3 and / or modify the operation of the protected software 2p, in the case where it is not obeyed at least one execution characteristic. During the execution of the protected software 2p, protected by this principle, in the presence of the unit 6: while all the execution characteristics of all the modified portions of the 2p protected software are obeyed, these modified portions of the 2p protected software function nominally and accordingly, the protected software 2p functions in a nominal manner, and if at least one execution characteristic of a protected software portion 2p is not obeyed, the data processing system 3 is informed and / or the operation of the portion of the 2p protected software is modified, so that the operation of the 2p protected software is modified. The monitoring of different execution characteristics can be contemplated, such as for example the monitoring of the presence of instructions comprising a marker or the monitoring of the execution chain for at least part of the instructions. For the application of the principle of protection by detection and coercion that they use as execution characteristic to obey, the monitoring of the chain of execution for at least part of the instructions, is defined: a set of instructions where the instructions are likely to be executed in unit 6, a set of instruction commands for this set of instructions, these instruction commands are susceptible to be executed in the data processing system 3. The execution of each of these instruction commands in the system of data processing 3 starts in unit 6, the execution of the corresponding instruction, detection means 17 that allow detecting that the chaining of the instructions does not correspond to that desired, and means of coercion 18 that allow informing the data processing system 3 and / or to modify the execution of a software when the chain of instructions ones does not correspond to that desired. Advantage means are also constructed that allow, in the unit 6, to execute in addition the instructions of the set of instructions, the execution of these instructions is initiated by the execution in the data processing system 3 of command commands. It is also selected, at the source of the vulnerable software 2vs, at least one algorithmic processing that gets deported to unit 6 and for which the chaining of at least a part of the instructions is to be monitored. The vulnerable software source 2vs is then modified in order to obtain the 2ps protected software source, this modification is such that during the execution of the protected software 2p: the second execution part 2peu executes at least the functionality of the selected algorithmic processing, the selected algorithmic processing is fragmented into instructions, the chaining is specified that must be obeyed at least some of the instructions during execution in unit 6, and the first execution part 2pes of the protected software 2p executes command commands that initiate the execution of instructions in unit 6. During execution of the protected 2p software, protected by this principle , in the presence of unit 6: while the chaining of the instructions of all modified portions of the 2p protected software corresponds to that desired, these modified portions of the 2p protected software function nominally and accordingly, the 2p protected software functions as nominal way, and if the chain d e the instructions of a portion of protected software 2p executed in unit 6 does not correspond to that desired, the data processing system 3 is informed and / or the operation of the protected software portion 2p is modified, so that the operation of the 2p protected software is modified. Figure 6b illustrates an example of application of the principle of protection by detection and coercion that they use, as an execution characteristic to obey the monitoring of the chain of execution of at least a part of the Instructions, in the case where the chain is obeyed wanted. The first execution part 2pes of the protected software 2p, executed in the data processing system 3, executes instruction commands Cl, which initiate, in unit 6, the execution of instructions i, belonging to the set of instructions. In the set of instructions, at least some of the instructions comprise each one, a part that defines the functionality of the instruction and a part that allows to verify the desired chain for the execution of instructions. In this example, the instruction commands Cl, are represented by TRIG (i,) and the desired chain for the execution of instructions is in, in + 1 and ¡n + 2. The execution in unit 6 of the instruction in gives the result a, and the execution of the instruction in + 1 gives the result b. The instruction \ n + 2 uses as operand, the results a and b of the instructions in and ¡n + i and its execution gives the result c. Bearing in mind that this chain of instructions executed in unit 6 corresponds to that desired, a normal or nominal operation of the protected 2p software is provided. Figure 6c illustrates an example of application of the principle of protection by detection and coercion that uses, as execution characteristic to obey, the monitoring of the chain of execution of at least a part of the instructions, in the case where it is not obeyed the desired chain.
According to this example, the desired chain for the execution of instructions is always n, in + i and in + 2- However, the chain of execution of the instructions is modified by the replacement of the instruction in by the instruction i ' n, so that the chain effectively executed is i'n, in + i and ¡n + 2. The execution of the instruction i'n gives the result a, that is, the same result as the execution of the instruction in. However, later during the execution of the in + 2 instruction, the detection means 17 detects that the instruction i'n does not correspond to the desired instruction to generate the result a used as operand of the instruction in + 2. The detection means 17 inform the coercion means 18 that they modify accordingly the operation of the instruction in + 2, so that the execution of the instruction in + 2 gives the result c 'which may be different from c. Of course, if the execution of the instruction i'n gives a result a 'different from the result a of the instruction in, it is clear that the result of the instruction in + 2 may also be different from c. To the extent that the sequence of execution of the instructions executed in unit 6 does not correspond to that desired, a modification of the operation of the protected software 2p can be obtained. Figures 6d and 6e illustrate a preferred variant mode of the principle of protection by detection and coercion that use, as an execution characteristic to obey, the monitoring of the execution chain of at least a part of the instructions. In accordance with this preferred embodiment, a set of instructions is defined in which at least some instructions work on registers and use at least one operand in order to produce a result. As illustrated in Figure 6d, a part PF that defines the functionality of the instruction and a part PE that defines the desired chain for the execution of the instructions is defined for at least some of the instructions working on registers. The part PF corresponds to the operation code known to the person skilled in the art. The PE part that defines the desired chain, comprises bit fields corresponding to: an identification field of the instruction CU, and for each operand k of the instruction, with k varying from 1 to K, and K number of operands of the instruction: a CDk flag field indicating whether it is convenient to verify the origin of operand k, and an expected identification field CIPk of the operand, indicating the expected identity of the instruction that generated the contents of operand k. As illustrated in Figure 6e, the set of instructions comprises V records belonging to the processing means 16, each record is named Rv, with v varying from 1 to V. For each Rv record, two fields are defined, namely : a functional field CFV, known by the person skilled in the art and that allows to store the result of the execution of instructions, and a generated identification field CIGV, which allows to memorize the identity of the instruction that has generated the content of the functional field CFV . This generated identification field CIGV is automatically updated with the content of the identification field of the CU instruction having generated the functional field CFV. This generated identification field CIGV is not accessible, nor can be modified by any instruction and serves only the detection means 7. During the execution of an instruction, the detection means 7 perform the following operations for each operand k: the field is read CDK flag, if the CDK flag field imposes it, the expected identification field CIPk and the generated identification field CIGV corresponding to the record used for operand k are both read, the equality of the two fields CIPk and CIG is controlled, and If equality is false, detection means 17 consider that the chain of execution of instructions has not been obeyed. The means of coercion 18 make it possible to modify the result of the instructions when the detection means 17 inform them of a chain of instructions not obeyed. A preferred embodiment is to modify the functional part PF of the instruction during execution or the functional part PF of further instructions. According to another advantageous feature of the invention, the method of protection contemplates applying a principle of protection, called by "renaming", of which a description is made in relation to figures 7a to 7f. For the application of the principle of protection by renaming, it is defined: a set of dependent functions, where the dependent functions are susceptible to be executed, by means of the second execution part 2peu, in unit 6, and eventually to transfer data between the data processing system 3 and the unit 6, this set of dependent functions can be finite or infinite, a set of initiating commands for these dependent functions, these initiating commands are capable of being executed in the data processing system 3 and to start in unit 6, the execution of corresponding dependent functions, for each initiating command, an order corresponding at least in part to the information transmitted by the first execution part 2pes, to the second execution part 2peu, with the In order to start the execution of the corresponding dependent function, this order is presented in the form of less an argument of the initiating command, a method of renaming orders destined to be applied during the modification of the vulnerable software, this method allows to rename the orders in order to obtain initiating commands for reordered orders that allow to hide the identity of the corresponding dependent functions , and resetting means 20 intended to be applied in unit 6 during the use phase and that allow finding the initial order, starting from the renamed order, in order to find the dependent function to execute. For the application of the principle of protection by renaming, means of use are also constructed that allow transforming a virgin unit 60 into a unit 6 by applying at least the means of restoration 20. For the application of the principle of protection by renaming, it is also selected , at the source of vulnerable 2vs software: at least one algorithmic processing that uses at least one operand and that yields at least one result, and at least a portion of the vulnerable software source 2vs, which contains at least one selected algorithmic processing. The source of the vulnerable 2vs software is then modified, in order to obtain the 2ps protected software source. This modification is such that especially: during the execution of the protected software 2p, at least a portion of the first execution part 2pes, which is executed in the data processing system 3, takes into account that the functionality of at least a selected algorithmic processing is executed in unit 6, during execution of the protected software 2p, the second execution part 2peu, which is executed in unit 6, executes at least the functionality of at least one selected algorithmic processing, each processing The algorithmic selected is fragmented so that during the execution of the protected software 2p, each selected algorithmic processing is executed, by means of the second execution part 2peu, using dependent functions. Preferably, each selected algorithmic processing is fragmented into dependent functions fdn (with n varying from 1 to N), namely: possibly one or more dependent functions that allow the arrangement of one of more operands for unit 6, dependent functions where some use the operand (s) and in combination, execute the functionality of the selected algorithmic processing, using this or these operands, and eventually one or more dependent functions that allow the arrangement for the unit 6, for the data processing system 3 of the result of the algorithmic processing selected, during execution of the protected software 2p, the second execution part 2peu executes the dependent functions fdn, during the execution of protected software 2p, the dependent functions are initiated by initiating commands in reordered orders, and a ordering of these initiating commands between the set of orders that allow the execution of the protected software 2p. The first execution part 2pes of the protected software 2p, executed in the data processing system 3, executes initiating commands to reordered orders transferring to the unit 6 renamed orders, and which starts in unit 6, the reestablishment through means of restoration 20, of orders, later execution by means of the second execution part 2peu, of each of the previous functions fdn previously defined. In other words, the principle of protection by renaming consists of renaming the commands of initiating commands, in order to obtain initiating commands in reordered orders where the execution in the data processing system 3, starts in unit 6, the execution of dependent functions that will have been initiated by the initiating commands in unrecognized orders, however, without the examination of the protected software 2p not allowing to determine the identity of dependent functions executed. Figure 7a illustrates an exemplary execution of a vulnerable 2v software. In this example, during the execution of the vulnerable software 2v appears in the data processing system 3, at a given time, the calculation of Z < j) F (X, Y) corresponding to the assignment to a variable Z of the result of an algorithmic processing represented by a function F and using the operands X and Y. Figures 7b and 7c illustrate an application example of the invention . Figure 7b illustrates the partial application of the invention. In this example, during the execution in the data processing system 3 of the first execution part 2pes of the protected software 2p and in the presence of the unit 6, it appears: at times t- ?, t2, the execution of the commands CD-i, CD2 initiators that start in unit 6, execution by means of the second execution part 2peu, of dependent functions fd-?, corresponding fd2 that ensure the transfer of data X, Y from the data processing system 3 to memory areas respectively x, and located in the memory means 15 of the unit 6, these initiating commands CD-i, CD2 are represented respectively by OUT (x, X), OUT (y, Y), at times t3 to ÍN-I, the execution of initiating commands CD3 to CDN-i, which start in unit 6, execution by means of the second execution part 2peu, of corresponding fd3 to fdN-i dependent functions, these initiating commands CD3 to CDN-i are represented, respectively, by TRIG (fd3) to TRIG (fdN-). The development of the dependent functions fd3 to fdN-i executed in combination is algorithmically equivalent to the function F. More precisely, the execution of these initiating commands leads to the execution in unit 6, of dependent functions fd3 a fd -i that use the contents of the memory areas x, yy throw the result in a zone of memory z of unit 6, and at the time † .N, the execution of a CDN initiator command that starts in unit 6, the execution by means of the second execution part 2peu, of the dependent function fd which ensures the transfer of the result of the algorithmic processing contained in the memory zone z of the unit 6 to the data processing system 3, in order to assign it to the variable Z, this command is represented by IN (z). In this example, to fully apply the invention, the first argument of the OUT initiator commands and the TRIG and I N initiator commands argument are selected. The orders thus selected are renamed by the order renaming method. In this way, the orders of initiating commands Di to CDN namely x, y, fd3, fdN-i, z are renamed in order to obtain respectively R (x), R (y), R (fd3) ..., R (fdN-1), R (z). Figure 7c illustrates the complete application of the invention. In this example, during the execution in the data processing system 3, of the first execution part 2pes of the protected software 2p, and in the presence of the unit 6, it appears: at times ti, t.2, the execution of Initiating commands in renamed CDCR-i, CDCR2 commands that transfer to unit 6, renamed commands R (x), R (y) as well as data X, Y start in unit 6 the restoration by means of resetting means 20, of renamed orders to restore the commands, namely, the identity of memory areas x, and, from execution by means of the second execution part 2peu, of corresponding dependent functions fd1, fd2 that ensure the transfer of data X , And from the data processing system 3 to the memory areas respectively x, and located in the memory means 15 of the unit 6, these initiating commands in renamed commands CDCRi, CDCF¾ are respectively represented by OUT (R (x), X), OUT (R (y), Y), at times t3 to ÍN-I, the execution of initiating commands on orders renamed CDCR3 to CDCRN-I, which transfer to unit 6 , the orders renamed R (fd3) to R (fdN-1), starting in unit 6 the restoration by means of reset means 20, of orders, namely, fd3 to fdN-i, from the execution by means of the second execution part 2peu, of dependent functions fd3 a, these initiating commands in orders renamed CDCR3 to CDCRN-i are respectively represented by TRIG (R (fd3)) a TRIG (R (fdN-)), and at the time ÍN, the execution of the initiating command in order renamed CDCRN that transfers to unit 6, the renamed command R (z) initiating in unit 6 the restoration by means of reset means 20, of the order, namely, the identity of the zone of memory z, from the execution by means of the second execution part 2peu, of the dependent function fdN that ensures the tran The result of the algorithmic processing contained in the memory zone z of the unit 6 is transferred to the data processing system 3 in order to assign it to the variable Z, this initiating command in order renamed CDCRN is represented by IN (R (z)). In the illustrated example, the initiating commands in orders renamed 1 through N are executed successively. It should be noted that two improvements can be made: The first improvement refers to the case where several algorithmic processes are deported to unit 6 and at least the result of an algorithmic processing is used by another algorithmic processing. In this case, certain initiating commands in renamed commands that are used for the transfer can be eventually deleted. The second improvement involves opting for a relevant ordering of the initiating commands in renamed orders among the set of orders that allow the execution of the protected 2p software. In this regard, it is preferable to select an ordering of initiating commands in reordered orders that temporarily dissociate the execution of dependent functions, interleaving between them portions of code executed in the data processing system 3 and comprising or not initiating commands in renamed orders that serve for the determination of other data. Figures 7d and 7e illustrate the principle of said mode.
Figure 7d shows an exemplary execution of a vulnerable 2v software. In this example, during the execution of vulnerable software 2v, in the data processing system 3, the execution of two algorithmic processes that lead to the determination of Z and Z ', such as Z (¡) F, appear (X, Y) and Z '< j) F '(X', Y '). Figure 7e illustrates an example of application of the method according to the invention for which the two algorithmic processing selected in Figure 7d are deported to unit 6. According to said example, during execution in the data processing system 3 of the first execution part 2pes of the protected software 2p and in the presence of the unit 6, it appears, as explained above, the execution of initiating commands in orders renamed CDCR-i to CDCRN that correspond to the determination of Z and the execution of initiating commands on renamed CDCR'i commands to CDCR'M corresponding to the determination of Z '. As illustrated, the initiator commands on renamed CDCR-commands? a CDCRN are not executed consecutively, to the extent that the initiating commands on renamed CDCR'i to CDCR'M commands as well as other code portions are interleaved. In the example, the following ordering is also modalized: CDCR-i, interleaved code portion, CDCR'i to CDCR2, interleaved code portion, CDCR'2, CDCR'3, interleaved code portion, CDCR'4, CDCR3, CDCR4, CDCRN, CDCR'M. It should be noted that during the execution of a portion of the first execution part 2pes of the protected software 2p, the initiating commands in reordered orders executed in the data processing system 3, initiate in Unit 6 the restoration of the identity of dependent functions corresponding from the execution of the same. Thus, it turns out that in the presence of unit 6, this portion is executed correctly and that accordingly, the 2p protected software is fully functional. Figure 7f illustrates an example of attempted execution of the protected software 2p, while the unit 6 is absent. In this example, during the execution in the data processing system 3 of the first execution part 2pes of the protected software 2p, at all times, the execution of an initiating command in reordered order can not initiate the restoration of the command or the execution of the corresponding dependent function, due to the absence of the unit 6. The value to be assigned to the variable Z can not then be determined correctly. It follows, then, that in the absence of the unit 6, at least a request for a portion of the first execution part 2pes of the protected software 2p, to initiate the restoration of an order and the execution of a dependent function in the unit 6 does not it can be satisfied correctly, so that at least this portion is not executed correctly and that consequently, the 2p protected software is not fully functional. Thanks to this principle of protection by renaming, the examination in the 2p protected software of the initiating commands in reordered orders, does not allow to determine the identity of dependent functions before being executed in unit 6. It should be noted that the order rename is performed during the modification of the vulnerable 2v software in a 2p protected software. According to a variant of the renaming protection principle, at least one dependent function is defined, a family of algorithmically equivalent dependent functions but initiated by initiating commands in different renamed orders. According to this variant, for at least one algorithmic processing that uses dependent functions, this algorithmic processing is fragmented into dependent functions that for at least one of them is replaced by a function dependent on the same family instead of preserving several occurrences of the same dependent function. For this effect, the initiating commands in reordered orders are modified to take into account the replacement of dependent functions by dependent functions of the same family. In other words, two dependent functions of the same family have different orders and consequently, initiating commands in different renamed orders and, it is not possible, in the 2p protected software exam, to reveal that the so-called dependent functions are algorithmically equivalent. According to a preferred embodiment of the variant of the principle of protection by renaming, is defined for at least one dependent function, a family of algorithmically equivalent dependent functions, concatenating a field of noise to the information that defines the functional part of the dependent function to execute in the unit 6. According to a second preferred embodiment of the variant of the principle of protection by rename, for a dependent function, a family of algorithmically equivalent dependent functions is defined using identification fields. According to a preferred embodiment variant of the renaming protection principle, a method of renaming orders is defined as a coding method that allows encoding the orders to transform them into renamed orders. It should be remembered that order rename is performed in the protection phase P. For this preferred variant, the restoration means 20 are means that apply a decoding method that allows decoding of the renamed orders and thus reestablishing the identity of dependent functions for run in unit 6. These reset means are applied in unit 6 and may be software or material in nature. These reset means 20 are requested in the use phase U each time a start command in reordered order is executed in the data processing system 3 with the aim of starting in unit 6 the execution of a dependent function. According to another advantageous characteristic of the invention, the method of protection contemplates applying a principle of protection called by "conditional derivation" whose description is made in relation to figures 8a to 8c. For the application of the conditional derivation protection principle, at least one conditional derivation BC is selected in the vulnerable software source 2vs. Also selected is at least a portion of the vulnerable software source 2vs containing at least one conditional derivation BC selected. At least a selected portion of the vulnerable software source 2vs is then modified, in order to obtain the 2ps protected software source. This modification is such that especially during the execution of the protected software 2p: at least a portion of the first execution part 2pes, which is executed in the data processing system 3, takes into account that the functionality of at least one selected conditional derivation BC is executed in unit 6, and second execution part 2peu, which is executed in unit 6, executes at least the functionality of at least one conditional derivation BC selected and makes available to the processing system of data 3, an information that allows the first execution part 2pes, to continue its execution in the selected environment. The first execution part 2pes of the protected software 2p, executed in the data processing system 3, executes conditional derivation commands, which initiate in unit 6, execution by means of the second execution part 2peu, of conditional derivations deported be whose functionality is equivalent to the BC conditional derivation functionality selected. Figure 8a illustrates an example of running a vulnerable 2v software. In this example, it appears, during the execution of the vulnerable software 2v in the data processing system 3 at a certain time, a conditional derivation BC that indicates to vulnerable software 2v the environment in which to continue its development, namely, one of three possible environments B1 f B2 or B3. It should be understood that the conditional derivation BC makes the decision to continue the execution of the software in the environment B-i, B2 or B3. Figure 8b illustrates an application example of the invention for which the conditional derivation selected to be deported to unit 6 corresponds to the conditional derivation BC. In this example, during the execution in the data processing system 3 of the first execution part 2pes of the protected software 2p and in the presence of the unit 6, it appears: at the time ti, the execution of the conditional derivation command CBCi which starts in unit 6, the execution by means of the second execution part 2peu, of the conditional derivation deported be algorithmically equivalent to the conditional derivation BC, this conditional derivation command CBCi is represented by TRIG (bc), at time t2 , the transfer of the unit 6 to the data processing system 3, of the information that allows the first execution part 2pes, to continue its execution in the selected environment, namely the environment? · ,, B2 or B3. It should be noted that during the execution of a portion of the first execution part 2pes of the protected software 2p, the conditional derivation commands executed in the data processing system 3 initiate the execution of corresponding deportation conditional derivations in unit 6. Thus, it turns out that in the presence of unit 6, this portion is executed correctly and that accordingly, the 2p protected software is fully functional. Figure 8c illustrates an attempt to execute the protected software 2p, while the unit 6 is absent. In this example, during the execution in the data processing system 3 of the first execution part 2pes of the protected software 2p: at the time ti, the execution of the conditional derivation command CBC-i, can not start the execution of the conditional derivation deported be, taking into account the absence of unit 6, and at time t2, the transfer of information that allows the first execution part 2pes, continue in the selected environment fails taking into account the absence of the unit 6 It follows then that in the absence of the unit 6, at least a request for a portion of the first execution part 2pes to start the execution of a conditional derivation deported to unit 6, can not be satisfied correctly, so that At least this portion is not executed correctly and as a consequence, the 2p protected software is not fully functional. In the description, above with reference to figures 8a to 8c, the object of the invention contemplates to deport to unit 6, a conditional derivation. Of course, a preferred embodiment of the invention may be to deport to unit 6, a series of conditional branches whose overall functionality is equivalent to the set of functionalities of conditional branches that have been deported. The execution of the global functionality of this series of deduced conditional derivations leads to the provision, for the data processing system. 3, of information that allows the first execution part 2pes of the protected software 2p, to continue its execution in the selected environment. In the above description with respect to Figures 4a to 8c, five different principles of software protection have been explained in a general and independent manner. The method of protection according to the invention is applied using the principle of protection by elementary functions, possibly associated with one or more protection principles. In the case where the principle of protection by elementary functions is completed by the application of at least one other protection principle, the principle of protection by elementary functions is advantageously completed by the principle of protection by variable and / or the principle of protection by detection and coercion and / or the principle of protection by renaming and / or the principle of protection by conditional derivation. And when the principle of protection by detection and coercion also applies, it can be completed in turn, by the principle of protection by rename and / or the principle of protection by conditional derivation. And when the principle of protection by rename also applies, it can be completed in turn, by the principle of protection by conditional derivation. According to the preferred mode variant, the principle of protection by elementary functions is completed by the principle of protection by variable and by the principle of protection by detection and coercion, supplemented by the principle of protection by rename, completed by the principle of protection by conditional derivation. In the case where a protection principle is applied, in addition to the principle of protection by elementary functions, its description previously made, must include, in order to take into account its combined application, the following modifications: the notion of vulnerable software must be understood as software vulnerable to the protection principle during the description. Thus, in the case where a protection principle has already been applied to vulnerable software, the expression "vulnerable software" must be interpreted by the reader as the expression "software protected by the protection principle (s) already applied"; the notion of protected software must be understood as software protected against the protection principle during the description. Thus, in the case where a protection principle has already been applied, the term "protected software" must be interpreted by the reader as the expression "new version of the protected software"; and the selection (s) made for the application of the protection principle during the description must take into account the selection (s) made for the application of the protection principle (s) already applied. The development of the description allows to better understand the application of the protection method according to the invention. This method of protection according to the invention includes, as it appears more precisely in Figure 9: first, a protection phase P in the course of which a vulnerable software 2v is modified in a protected software 2p, subsequently, a use phase U during which the 2p protected software is applied. In this phase of use U: in the presence of the unit 6 and each time a portion of the first execution part 2pes executed in the data processing system 3 imposes it, a functionality imposed in the unit 6 is executed, so that that this portion is executed correctly and that accordingly, the protected software 2p is fully functional, in the absence of the unit 6 and despite the request of a portion of the first execution part 2pes to execute a functionality in unit 6, this The request can not be correctly satisfied, so that at least this portion is not executed correctly and consequently, the protected software 2p is not fully functional, and eventually a reload phase R during which at least one complementary use of a functionality protected by the application of the second preferred variant of the modality of the principle of protection by detection and coercion that they use as a characteristic, a measurement variable. The protection phase P can be fragmented into two protection sub-phases Pi and P2. The first, called upstream protection subphase P-i, is applied independently of the vulnerable software 2b to be protected. The second, called downstream protection subphase P2 is dependent on the vulnerable 2v software to be protected. It should be noted that the upstream protection sub-phases P-i and downstream P2 can advantageously be modalized by two different persons or two different equipment. For example, the upstream protection subphase P-? it can be modalized by a person or a society that ensures the development of software protection systems, while the downstream protection sub-phase P2 can be modalized by a person or a society that ensures the development of software before being protected. Of course, it is clear that the upstream protection sub-phases P1 and downstream P2 can also be modalized by the same person or the same equipment. The upstream protection rise P-i includes several periods Su, S-n for each of which different tasks or jobs will be performed. In the first period of this upstream protection subphase Pi is called "Su definitions period". During this definition period Su: is selected: the type of unit 6. Illustratively, a reader 8 of chip cards and the chip card 7 associated with the reader, and the transfer means can be selected as unit 6 , 13 intended to be applied respectively in the data processing system 3 and in the unit 6, during the course of the use phase U and able to ensure the transfer of data between the data processing system 3 and the unit 6 , is defined: a set of elementary functions which are capable of being executed in a unit 6, and a set of elementary commands for this set of elementary functions, these elementary commands are susceptible to be executed in the data processing system 3 and of starting the execution in a unit 6, of the elementary functions, | and in the case where the method of protection according to the invention applies the principle of protection by detection and coercion, is also defined: at least one software execution feature, capable of being monitored at least in part in unit 6, at least one criterion to be followed for at least one software execution feature, detection means 17 to apply in unit 6 and which allow detecting that at least one software execution feature does not obey at least one associated criterion, and means of coercion 18 to be applied in unit 6 and that allow to inform the data processing system 3 and / or to modify the execution of a software, when at least one criterion is not obeyed, and in the case where the method of protection according to the invention applies the principle of protection by detection and coercion using as a characteristic a variable of Measurement of the execution of the software, is also defined: as a software execution characteristic that can be monitored, a measurement variable of the use of a software functionality, as a criterion to be obeyed, at least a threshold associated with each measurement variable, and updating means that allow updating at least one measurement variable, and in the case where the method of protection according to With the invention, apply a first preferred variant of the protection principle principle by detection and coercion, using as a characteristic a measurement variable of the software execution, it is also defined: for at least one measurement variable, several associated thresholds, and means of different coercion corresponding to each of these thresholds, and in the case where the method of protection according to the invention applies a second preferred variant of the protection principle modality by detection and coercion using as a characteristic a variable of measurement of the execution of the software, recharge means are also defined that allow to be accredited by the or less a complementary use for at least one software functionality monitored by a measurement variable, and in the case where the method of protection according to the invention applies the principle of protection by detection and coercion using as a characteristic a profile of use of software, it is also defined: as a software execution feature susceptible to be monitored, a software use profile, and as a criterion to be obeyed, at least one software execution feature, and in the case where the method of protection according to the invention apply the principle of protection by detection and coercion, using as execution characteristic to obey, the monitoring of the chain of execution, is also defined: a set of instructions where the instructions are capable of being executed in the unit 6, a set of instruction commands for this set of instructions, these commands of instr ucción are susceptible to be executed in the data processing system 3 and to start in unit 6 the execution of the instructions, as use profile, the chaining of the instructions, as execution characteristic, a desired chain for the execution of instructions, as means of detection 17, means that allow detecting that the chaining of instructions does not correspond to that desired, and as means of coercion 8, means for informing the data processing system 3 and / or modifying the operation of the protected software portion 2p when the chaining of the instructions does not correspond to that desired, and in the case where the method of protection according to the invention apply a preferred variant of the protection principle mode by detection and coercion using as execution characteristic to obey, the monitoring of the execution chain, is also defined: as a set of instructions, a set of instructions where at least certain instructions work on records and use at least an operand in order to produce a result, at least a part of instructions that work on registers: a part PF that defines the functionality of the instruction, and a part that defines the desired chain for the execution of instructions and that includes fields of bits that correspond to: an identification field of the instruction CU, and for each operand of the instruction: a flag field CDk, and an expected identification field CIPK of the operand, for each record that belongs to the means of exploitation and used by the set of instructions, a generated identification field CIGV in which the identification of the last instruction that has thrown its result in this register is automatically stored, as means of detection 17, means that allow, during the execution of an instruction, for each operand, when imposed by the CDk flag field, control the equality between the generated identification field CIGV corresponding to the register used by this operand, and the expected identification field CIPk of the origin of this operand, and as means of coercion 8, means that allow to modify the result of the instructions, if at least one of the controlled equalities is false and in the case where the method of protection according to the invention applies the principle of protection by renaming, it is also defined: as a start command, an elementary command or an instruction command, as a dependent function, an elementary function or an instruction, such as an order, at least one argument to an initiating command, corresponding at least in part to the information transmitted by the data processing system 3 to unit 6, in order to initiate the execution of the corresponding dependent function, a method of renaming orders that allows to rename the orders in order to obtain initiating commands in reordered orders, and reset means 20 destined to be applied in unit 6 in the course of the use phase U, and that allow to find the dependent function to execute, from the renamed order, and in the case where the method of protection according to the The invention applies a variant of the principle of protection by rename, also defined for at least one dependent function, a family of algorithmically equivalent dependent functions, but initiated by initiator commands whose renamed orders are different, and in the case where the method of protection according to the invention applies one or another of the preferred embodiments of the variant of the principle of protection by renaming, is also defined for at least one dependent function, a family of algorithmically equivalent dependent functions: concatenating a field of noise with information which defines the functional part of the dependent function to be executed in unit 6, or by using the identification field of the CU instruction and the expected identification fields CIPk of the operands, and in the case where the method of protection according to the invention applies a preferred variant of the principle of protection by renaming, it is also defined: as a method of rename orders, a coding method for coding orders, and as means of reset 20, means that apply a decoding method to decode the renamed orders and thus reestablish the identity of dependent functions to execute in unit 6. During the upstream protection step, the definition period Su is followed by a period called "S12 construction period". During said period S12, the transfer means 12, 13 and the means of utilization corresponding to the definitions of the definition period Su are constructed. During this construction period S12, it is then proceeded: to the construction of transfer means 12, 13 which allow, during the use phase U, the transfer of data between the data processing system 3 and the unit 6 , to the construction of means of use that allow the unit 6, in the course of the use phase U to execute the elementary functions of the set of elementary functions, and when the principle of protection by detection and coercion is also applied, to the construction: means of use that allow the unit 6, in the course of the use phase U, also apply the detection means 17 and the means of coercion 18, and possibly means of use that allow the unit 6, in the course of the use phase U, also apply the updating means, and possibly means of use that allow the unit 6, in the course of the recharge phase, to apply also in the recharging means, and possibly utilization means that also allow the unit 6, during the use phase U, to execute the instructions of the set of instructions, and when the principle of protection by renaming is also applied, to the construction of utilization means that allow the unit 6, in the course of the use phase U, to also apply the means of restoration. The construction of means of exploitation is carried out in a habitual way, through a program development unit that takes into account the definitions included in the definition period Su. Said unit is described in the development of the description of Figure 10. During the upstream protection subphase P-i, the construction period S12 can be followed by a period called "pre-personalization period S13". During this pre-personalization period S-13, at least a portion of the transfer means 13 and / or the utilization means are loaded into at least one virgin unit 60 in order to obtain at least one pre-personalized unit 66. It should be noted that a part of the means of use, once transferred in a pre-personalized unit 66, is no longer directly accessible from the outside of this pre-personalized unit 66. The transfer of means of use in a virgin unit 60 can be realized through of an adapted prepersonalization unit, which is described in the development of the description of Figure 11. In the case of a pre-personalized unit 66, constituted by a chip card 7 and its reader 8, the prepersonalization only refers to the chip card 7. During the upstream protection sub-phase Pi, it can be applied, after the definition period Su and, eventually after the period of S12 construction, a period called "tool making period S14". During this period of making tools S14l tools are made that help to generate protected software or automate the protection of softwares. These tools allow: help to select or automatically select vulnerable software 2v to protect: the algorithmic process (s) susceptible to being fragmented into elementary functions that can be deported to the unit 6, the portion (s) susceptible to be modified, and also when the principle of protection by variable applies, the variable (s) susceptible to be deported to unit 6, and also when the principle of protection by detection and coercion is applied, the or the execution characteristics to be monitored and, eventually, the algorithmic process (s) susceptible of being fragmented into instructions that can be deported to unit 6, and also when the principle of protection by renaming is applied, the algorithmic process (s) susceptible of be fragmented into dependent functions in unit 6 and for which the commands of initiating commands can be renamed, and also when the principle of protection by conditional derivation is applied, the conditional derivation (s) whose functionality is susceptible to being deported to the unit 6, and, eventually, help generate softwares protected or automated zar the protection of softwares. These different tools can be made independently or in combination and each tool can take various forms, such as preprocessor, assembler, compiler, etc. The upstream protection subphase P ^ is followed by a downstream protection subphase P2 dependent on the vulnerable software 2v to be protected. This downstream protection sub-phase P2 also includes several periods. The first period corresponding to the application of the principle of protection by elementary functions is called "S21 creation period". During this S2i creation period, the options that intervene in the definition period Su are used. With the help of these options and eventually of tools built in the S 4 toolmaking period, the 2p protected software is created: selecting, at least one algorithmic processing that, during execution of the vulnerable 2v software, uses at least an operand and allows to obtain at least one result, selecting at least a portion of the source of the vulnerable 2vs software that contains at least one algorithmic processing -selected, producing the 2ps protected software source from the vulnerable software source 2vs , modifying at least one selected portion of the source of the vulnerable software 2vs to obtain at least a modified portion of the 2ps protected software source, this modification being that: during the execution of the protected software 2p, a first execution part 2pes is executed in the data processing system 3 and a second execution part 2peu is executed in a unit 6, obtained from the virgin unit 60 after information loading, the second execution part 2peu executes at least the functionality of at least one selected algorithmic processing, at least an algorithmic processing is fragmented selected, so that during the execution of the protected software 2p, this algorithmic processing is executed by means of the second execution part 2peu, using the elementary functions, for at least one selected algorithmic processing, elementary commands are integrated in the software source protected 2ps, so that during the execution of the protected software 2p, each elementary command is executed by the first execution part 2pes and starts in unit 6, execution by means of the second execution part 2peu, of an elementary function, and an ordering of elementary commands is selected among the set of ordinances that allow have the execution of the protected software 2p, and producing: a first part 2pos object of the protected software 2p, from the source of the protected software 2ps, this first part of the object 2pos being such that during the execution of the protected software 2p, appears a first part of execution 2pes that is executed in the data processing system 3 and of which at least a portion takes into account that the elementary commands are executed in accordance with the selected order, and a second part 2pou object of the protected software 2p, which contains the utilization means, this second part 2pou object being such that, after loading in the virgin unit 60 and during the execution of the protected software 2p, the second part of 2peu execution by means of which the elementary functions initiated by the first execution part 2pes are executed. Of course, the principle of protection by elementary functions according to the invention, can be applied directly during the development of a new software without needing the previous realization of a vulnerable software 2v. In this way, a 2p protected software is obtained directly.During the downstream protection step P2, and when at least one other protection principle is applied in addition to the principle of protection by elementary functions, a "modification period S22" is applied - During this modification period S22, the definitions that are used are used. intervene in the definition period Su. With the help of these options and eventually of tools built in the S14 tool making period, the 2p protected software is modified to allow the application of the protection principles in accordance with one of the previously defined provisions. When the principle of protection by variable is applied, the protected software 2p is modified: selecting at least one variable used in at least one selected algorithmic processing, which during the execution of the protected software 2p, partially defines the status of the protected software 2p, by modifying at least a selected portion of the source of the protected software 2ps, this modification is such that during the execution of the protected software 2p, at least one selected variable or at least one copy of the selected variable resides in unit 6, and producing : the first part of the 2p object of the protected software 2p, this first part of the object 2pos being such that during the execution of the protected software 2p, at least a portion of the first execution part 2pes also takes into account that at least one variable or at least one variable copy resides in unit 6, and the second part 2pou object in protected software 2 p, this second part 2pou object being such that, after loading in the unit 6 and during the execution of the protected software 2p, the second execution part 2peu appears by means of which at least one selected variable, or at least one copy The selected variable also resides in unit 6. Protected 2p ofware is modified: selecting at least one software execution feature to be monitored, among the execution characteristics that can be monitored, selecting at least one criterion to be followed for at least one selected software execution feature, selecting in the protected software source 2ps, elementary functions for which at least one selected software execution feature is to be monitored, modifying at least a selected portion of the 2ps protected software source, this modification is such that during the execution of the protected software 2p, at least one selected execution is monitored by means of the second execution part 2peu, and failure to respect a criterion leads to an information of the data processing system 3 and / or to a modification of the execution of the protected 2p software, and producing the second part 2pou object of the protected software 2p containing the application means that also apply the detection means 17 and the coercion means 18, this second part 2pou object is such that after loading in the unit 6 and during the execution of the software 2p protected, at least one software execution feature is monitored and failure to obey a criterion leads to a data processing system 3 information and / or a modification of the 2p protected software execution. For the application of the principle of protection by detection and coercion that uses as a characteristic a variable of measurement of the execution of the software, the protected software 2p is modified: selecting as the software execution characteristic to be monitored, at least one variable of measurement of the use of a software functionality, selecting: at least one functionality of the 2p protected software whose use is capable of being monitored thanks to a measurement variable, at least one measurement variable used to quantify the use of said functionality, at least one threshold associated with a selected measurement variable that corresponds to a limit of use of said functionality, and at least one method of updating a selected measurement variable based on the use of said functionality, and modifying at least a selected portion of the 2ps protected software source, this modification is such that during the execution of the protected software 2p, the measurement variable is updated by means of the second execution part 2peu, depending on the use of said functionality and at least an excess of threshold is taken into account. For the application of a first preferred variant of the detection and coercion protection principle mode that uses a measurement variable as a characteristic, the 2p protected software is modified: selecting at least one variable of the protected software source at 2ps. selected measurement to which several thresholds corresponding to the different limits of use of the functionality must be associated, selecting at least two thresholds associated with the selected measurement variable, and modifying at least a selected portion of the 2ps protected software source, this modification is such that during the execution of the protected software 2p, the excesses of various thresholds are taken into account, by means of the second execution part 2peu, in a different manner. For the application of a second preferred vanant of mode of the principle of protection by detection and coercion that uses as characteristic, a variable of measurement, the protected software 2p is modified: selecting at the source of the protected software 2ps, at least one variable of selected measurement that allows limiting the use of a functionality to which at least one complementary use must be accredited, and modifying at least a selected portion, this modification is such that in a so-called recharge phase, at least one use complementary to at least one functionality that corresponds to a selected measurement variable can be accredited. For the application of the principle of protection by detection and coercion that uses as a characteristic, a software use profile, the protected 2p software is modified: selecting as software execution feature to monitor at least one software use profile, selecting at least one execution characteristic that must obey at least one selected usage profile, and modifying at least a selected portion of the protected software source 2ps, this modification is such that during the execution of the protected software 2p, the second part of execution 2peu obeys all the execution characteristics selected. For the application of the principle of protection by detection and coercion that use as execution characteristic to obey, the monitoring of the execution chain, the 2p protected software is modified: modifying at least a selected portion of the source of the protected software 2ps: transforming the elementary functions in instructions, specifying the chain that must be obeyed at least certain instructions during its execution in unit 6, and transforming the elementary commands into instruction commands that correspond to instructions used. When the renaming protection principle is applied, the 2p software is modified: selecting the 2ps protected software source, initiating commands, modifying at least a selected portion of the 2ps protected software source by renaming the commands of selected initiating commands, with in order to disguise the identity of corresponding dependent functions, and producing: the first part 2pos object of the protected software 2p, this first part of the 2pos object is such that during the execution of the protected software 2p, the initiating commands are executed in reordered orders, and the second part 2pou object of the protected software 2p containing the means of exploitation that also apply the means of re-establishment 20, this second part 2pou object is such that after loading in the unit 6 and during the execution of the protected software 2p, the identity of dependent functions whose execution is initiated by the first execution part 2pes is restored by means of the second part of 2peu execution, and the dependent functions are executed by means of the second execution part 2peu. For the application of a variant of the principle of protection by renaming, the protected software 2p is modified: selecting at the source of the protected software 2ps at least one initiating command in reordered order, and modifying at least a selected portion of the software source protected 2ps replacing at least the renamed command of an initiator command in selected reordered order, by another renamed command, which starts a function dependent on the same family. When the principle of protection by conditional derivation is applied, the 2p protected software is modified: selected at the source of the protected software 2ps, at least one conditional derivation effected in at least one selected algorithmic processing, modifying the minus one selected portion of the source of the protected software 2ps, this modification is such that during the execution of the protected software 2p, the functionality of at least one selected conditional derivation is executed, by means of the second execution part 2peu, in unit 6, and producing : the first 2pos object part of the protected software 2p, this first part 2pos object is such that during the execution of the protected software 2p, the functionality of at least one conditional derivation selected in unit 6 is executed, and the second part is 2pou object of the 2p protected software, this second part of the 2pou object is such that after loading into unit 6 and during the execution of the protected software 2p, the second execution part 2peu appears by means of which the functionality of at least one selected conditional derivation is executed. For the application of a preferred embodiment of the principle of protection by conditional derivation, the protected software 2p is modified: selecting, at the source of the protected software 2ps at least a series of selected conditional branches, modifying at least a selected portion of the source of the protected software 2ps, this modification is such that during the execution of the protected software 2p, the overall functionality of at least one selected series of conditional derivations is executed by means of the second execution part 2peu, in unit 6, and producing: the first part 2pos of the protected software 2p, this first part of the 2pos object is such that during the execution of the protected software 2p, the functionality of at least one selected series of conditional branches is executed in unit 6, and the second part of the 2pou object of the 2p protected software, this second part 2pou object is such that after loading and In unit 6 and during execution of the protected software 2p, the second execution part 2peu appears by means of which the global functionality of at least one selected series of conditional derivations is executed. Of course, the principles of protection according to the invention can be applied directly during the development of a new software without needing the prior realization of protected softwares intermediaries. In this way, the creation periods S2i and modification S22 can be carried out concomitantly in order to directly obtain the 2p protected software. During the downstream protection step P2, it is applied after the creation period S2i of the protected software 2p, and eventually, after the modification period S22, a period called "personalization period S23". During this period of customization S23, the second part 2pou object that eventually contains the means of exploitation, is loaded in at least one virgin unit 60, in order to obtain at least one unit 6, or a part of the second 2pou object part that eventually contains the means of use, is loaded into at least one pre-personalized unit 66, in order to obtain at least one unit 6. The loading of this personalization information makes it possible to operationalize at least one unit 6. It should be noted that a part of this information, once transferred to a unit 6, is not directly accessible from the outside of this unit 6. The transfer of personalization information in a virgin unit 60 or a pre-personal unit 66 can be done through an adapted personalization unit, which is described in relation to figure 14. In the case of a unit 6, constituted by a chip card 7 and its reader 8, the personalization only refers to the chip card 7. For the application of the protection phase P, d is described. different technical means more precisely in relation to figures 10, 11, 12, 13 and 14. Figure 10 illustrates an example of a system 25 mode that allows to apply the construction period S 2 which takes into account the definitions contained in the definition period Su and in the course of which the transfer means 12, 13 and, eventually, the means of use destined to the unit 6 are constructed. Said system 25 comprises a program or work station development unit and it is usually presented in the form of a computer comprising a central unit, a screen, peripherals of the keyboard-mouse type, and which includes, in particular, the following programs: file editors, assemblers, preprocessors, compilers, interpreters, debuggers and link editors. Figure 11 illustrates an exemplary embodiment of a pre-personalization unit 30 that allows at least part of the transfer means 13 and / or the means of use in at least one virgin unit 60 to be used in order to obtain at least a pre-personalized unit 66. This pre-personalization unit 30 comprises a reading and writing means 31 that allows to pre-personalize an electric unit, in an electric manner, in order to obtain a pre-personalized unit 66 in which the transfer means 13 and / or of exploitation have been charged. The pre-personalization unit 30 may also comprise physical personalization means 32 of the virgin unit 60 which may be presented, for example, in the form of a printer. In the case where the unit 6 is constituted by a chip card 7 and its reader 8, the pre-personalization refers generally only to the chip card 7. Figure 12 illustrates an example of a system mode 35 that allows perform the creation of tools that help to generate protected software or automate the protection of softwares. Said system 35 comprises a program or work station development unit and is usually presented in the form of a computer comprising a central unit, a screen, peripherals of the keyboard-mouse type, and comprising, in particular, the following programs : file editors, assemblers, preprocessors, compilers, interpreters, debuggers and link editors. Figure 13 illustrates an example of a system mode 40 that allows to create a protected 2p software directly or to modify a vulnerable software 2v in order to obtain a 2p protected software. Said system 40 comprises a program or work station development unit and is usually presented in the form of a computer comprising a central unit, a screen, peripherals of the keyboard-mouse type, and comprising, in particular, the following programs : file editors, assemblers, preprocessors, compilers, interpreters, debuggers and link editors, as well as tools that help to generate protected software or to automate the protection of softwares. Figure 14 illustrates an example of embodiment of a personalization unit 45 that allows the second object part 2pou to be loaded into at least one virgin unit 60 in order to obtain at least one unit 6 or a part of the second part 2pou object in at least one pre-personalized unit 66 in order to obtain at least one unit 6. This personalization unit 45 comprises a reading and writing means 46 which allows to electrically customize, at least one virgin unit 60 or less a pre-personalized unit 66, in order to obtain at least one unit 6. At the end of this customization, a unit 6 comprises the information necessary for the execution of the protected software 2p. The personalization unit 45 may also comprise physical personalization means 47 for at least one unit 6 which may be presented, for example, in the form of a printer. In the case where a unit 6 is constituted by a chip card 7 and its reader 8, the personalization refers generally only to the chip card 7. The method of protection of the invention can be applied with the following improvements : It can be envisaged to use together several processing and memory units in which the second 2pou object part of the 2p protected software is distributed so that their joint use allows to run the protected software 2p, the absence of at least one of these units of processing and memory prevent the use of 2p protected software. Likewise, after the pre-personalization period S13 and during the personalization period S23, the part of the second object part 2pou needed to transform the pre-personalized unit 66 into a unit 6 can be contained in a processing and memory unit used by the unit of customization 45 in order to limit access to this part of the second part 2pou object. Of course, this part of the second 2pou object part can be divided into several processing and memory units so that this part of the second 2pou object part is accessible only during the joint use of these processing and memory units.

Claims (1)

  1. NOVELTY OF THE INVENTION CLAIMS 1. - Method for protecting, from at least one virgin unit (60) comprising at least memory means (15) and processing means (16), a vulnerable software (2v) against its unauthorized use, said software vulnerable (2v) operates on a data processing system (3), characterized in that it consists: in a protection phase (P): in defining: a set of elementary functions that are capable of being executed in a unit (6), and a set of elementary commands for this set of elementary functions, these elementary commands are susceptible of being executed in the data processing system (3) and of starting the execution in a unit (6), of the elementary functions, in constructing means of use that allow to transform the virgin unit (60) into a unit (6) capable of executing the elementary functions of said game, the execution of these elementary functions is initiated by the execution in the processing system of atos (3), of the elementary commands, in creating a protected software (2p): selecting at least one algorithmic processing that, during the execution of the vulnerable software (2v), uses at least one operand and allows obtaining at least a result, selecting at least a portion of the vulnerable software source (2vs) containing at least one selected algorithmic processing, producing the source of the protected software (2ps) from the source of the vulnerable software (2vs), modifying the minus a selected portion of the vulnerable software source (2vs) to obtain at least a modified portion of the protected software source (2ps), this modification being such that: during the execution of the protected software (2p), a first part of execution (2pes) is executed in the data processing system (3) and a second execution part (2peu) is executed in a unit (6), obtained from the virgin unit (60) ) after loading information, the second execution part (2peu) executes at least the functionality of at least one selected algorithmic processing, at least one selected algorithmic processing is fragmented, so that during the execution of the protected software (2p) ), this algorithmic processing is executed by means of the second execution part (2peu), using the elementary functions, for at least one selected algorithmic processing, elementary commands are integrated in the source of the protected software (2ps), so that during the execution of the protected software (2p), each elementary command is executed by the first execution part (2pes) and starts in the unit (6), execution by means of the second execution part (2peu), of an elementary function , and an ordering of elementary commands is selected among the set of orders that allow the execution of the protected software (2p), and producing: na first part object (2pos) of the protected software (2p), from the source of the protected software (2ps), this first part object (2pos) being such that during the execution of the protected software (2p), a first part appears of execution (2pes) that is executed in the data processing system (3) and of which at least a portion takes into account that the elementary commands are executed according to the selected order, and a second part object (2pou) of the protected software (2p), which contains the means of exploitation, this second part object (2pou) being such that, after loading in the virgin unit (60) and during the execution of the protected software (2p), appears the second part of execution (2peu) by means of which the elementary functions initiated by the first execution part (2pes) are executed, and in loading the second object part (2pou) in the virgin unit (60), in order to obtain the unit (6), and in a phase of use (U), in the course of which the protected software (2p) is executed: in the presence of the unit (6) and each time an elementary command contained in a portion of the first execution part (2pes) imposes it, execute the function corresponding elementary in the unit (6), so that this portion is executed correctly and consequently, the protected software (2p) is fully functional, and in the absence of the unit (6), despite the request of a portion of the first part of execution (2pes) of starting the execution of an elementary function in the unit (6), of not being able to respond correctly to this request, so that at least this portion is not executed correctly and consequently, the software protected (2p) is not fully functional. 2. - The method according to claim 1, further characterized in that it consists: in the protection phase (P): in modifying the protected software (2p): selecting at least one variable used in at least one selected algorithmic processing, which during the execution of the protected software (2p), it partially defines the status of the protected software (2p), modifying at least a selected portion of the source of the protected software (2ps), this modification being such that during the execution of the protected software ( 2p), at least one selected variable or at least one copy of the selected variable resides in the unit (6), and producing: the first object part (2pos) of the protected software (2p), this first part object (2pos) being such that during the execution of the protected software (2p), at least a portion of the first execution part (2pes) also takes into account that at least one variable or at least one copy goes Riable resides in the unit (6), and the second part object (2pou) of the protected software (2p), this second part object (2pou) being such that, after loading in the unit (6) and during the execution of the software protected (2p), the second execution part (2peu) appears by means of which at least one selected variable, or at least one copy of the selected variable, resides in the unit (6), and in the use phase (U) ): in the presence of the unit (6) and each time a portion of the first part of execution (2pes) imposes it, use a variable or a copy of the variable that resides in the unit (6), so that this portion is executed correctly and consequently, the protected software (2p) is fully functional, and in the absence of the unit (6), despite the request of a portion of the first execution part (2pes) to use a variable or a copy of variable that resides in the unit (6), of not being able to respond correctly to this request, of mod or that at least this portion is not executed correctly, and consequently, the protected software (2p) is not fully functional. 3. The method according to claim 1, further characterized in that it consists: in the protection phase (P): in defining: at least one software execution feature, capable of being monitored at least in part in the unit (6), at least one criterion to be obeyed for at least one software execution feature, detection means (17) to be applied in the unit (6) and which allow to detect that at least one software execution feature It obeys at least one associated criterion, and means of coercion (18) to be applied in the unit (6) and that allow to inform the data processing system (3) and / or to modify the execution of a software, when by at least one criterion is not obeyed, in constructing the means of exploitation that allow the unit (6), also apply the means of detection (17) and the means of coercion (18), and in modifying the protected software (2p) : selecting at least one character Software execution to be monitored, among the execution characteristics that can be monitored, selecting at least one criterion to be followed for at least one selected software execution feature, selecting in the source of the protected software (2ps), elementary functions for which at least one selected software execution feature will be monitored, modifying at least a selected portion of the source of the protected software (2ps), this modification being such that during the execution of the protected software (2p), it is monitored at less an execution characteristic selected by means of the second execution part (2peu), and failure to obey a criterion leads to an information of the data processing system (3) and / or to a modification of the execution of the protected software (2p) ), and producing the second object part (2pou) of the protected software (2p) that contains the means of exploitation to also applying the means of detection (17) and means of coercion (18), this second part object (2pou) being such that, after loading in the unit (6) and during the execution of the protected software (2p), at least one software execution characteristic is monitored and the failure to obey a criterion leads to an information of the data processing system (3) and / or to a modification of the execution of the protected software (2p), and in the use phase (U): in the presence of the unit (6): while all are obeyed the criteria corresponding to all the supervised execution characteristics of all the modified portions of the protected software (2p), allow the nominal operation of these portions of the protected software (2p) and, consequently, allow the nominal operation of the protected software (2p), and if at least one of the criteria corresponding to a monitored execution characteristic of a portion of the protected software. (2p) is not obeyed, informing the data processing system (3) and / or modifying the operation of the protected software portion (2p), so that the operation of the protected software (2p) is modified. 4. The method according to claim 3, to limit the use of a protected software (2p), further characterized because it consists of: in the protection phase (P): in defining: as a software execution feature capable of being monitored, a variable for measuring the use of a software functionality, as a criterion to be obeyed, at least a threshold associated with each measurement variable, and updating means that allow updating at least one measurement variable, in constructing the utilization means that allow the unit (6) to also apply the updating means, and to modify the protected software (2p): selecting as the software execution characteristic to be monitored, at least one measurement variable of the use of a functionality of a software, selecting: at least one functionality of the protected software (2p) where the use is susceptible to be monitored thanks to a variable of measurement, so minus a measurement variable that serves to quantify the use of said functionality, at least a threshold associated with a selected measurement variable that corresponds to a limit of use of said functionality, and at least one method to update a measurement variable selected according to the use of said functionality, and modifying at least a selected portion of the source of the protected software (2ps), this modification being such that, during the execution of the protected software (2p), the measurement variable is updated by means of the second execution part (2peu), depending on the use of said functionality and at least an excess of threshold is taken into account, and in the use phase (U), in the presence of the unit (6), and in the case where at least one excess of threshold corresponding to at least one use limit is detected, in informing the data processing system (3) and / or modifying the operation of the portion of the protected software (2p), so that the protected software operation (2p) is modified. 5 - The method according to claim 4, further characterized in that it consists: in the protection phase (P): in defining: for at least one measurement variable, several associated thresholds, and different coercion means corresponding to each one of these thresholds, and in modifying the protected software (2p): selecting at the source of the protected software (2ps), at least one selected measurement variable to which several thresholds corresponding to the different limits of use of the functionality, selecting at least two thresholds associated with the selected measurement variable, and modifying at least a selected portion of the protected software source (2ps), this modification being such that, during the execution of the protected software (2p), the excesses of different thresholds are taken into account, by means of the second part of execution (2peu), in a different way, and in the use phase (U): in the presence of the unit (6): in the case of where the excess of a first threshold is detected, in ordering the protected software (2p) to no longer use the corresponding functionality, and in the case where the excess of a second threshold is detected, in rendering inoperative the corresponding functionality and / or at least a portion of the protected software (2p). 6. The method according to claim 4 or 5, further characterized in that it consists: in the protection phase (P): in defining recharging means that allow at least one complementary use to be accredited for at least one monitored software functionality by a variable of measurement, in building the means of use that also allow the unit (6) to apply the means of recharge, and to modify the protected software (2p): selecting the source of protected software (2ps), at least a selected measurement variable that allows limiting the use of a functionality to which at least one complementary use must be able to be accredited, and modifying at least a selected portion, this modification being such that in a so-called recharge phase, at least a complementary use of at least one functionality corresponding to a selected measurement variable can be demonstrated, and in the recharge phase: in updating at least one The selected measurement variable and / or at least one associated threshold, in order to allow at least one complementary use of the functionality. 7. The method according to claim 3, further characterized in that it consists: in the protection phase (P): in defining: as a software execution feature capable of being monitored, a software use profile, and as a criterion to obey, at least one software execution feature, and to modify the protected software (2p): selecting as software execution feature to monitor at least one software use profile, selecting at least one execution characteristic that it must obey at least one profile of selected use, and modifying at least a selected portion of the source of protected software (2ps), this modification being such that during the execution of the protected software (2p), the second part of execution ( 2peu) obeys all the execution characteristics selected, and in the use phase (U) in the presence of the unit (6), and in the case where it is detected that at least one execution feature is not obeyed, in informing the data processing system (3) and / or modifying the operation of the protected software portion (2p), so that the operation of the protected software (2p) is modified. 8 - The method according to claim 7, further characterized in that it consists: in the protection phase (P): in defining: a set of instructions where the instructions are capable of being executed in the unit (6), a game of instruction commands for this set of instructions, these command commands are capable of being executed in the data processing system (3) and of initiating in the unit (6) the execution of the instructions, as usage profile, the chaining of the instructions, as execution characteristic, a desired chain for the execution of the instructions, as means of detection (17), means to detect that the chaining of the instructions does not correspond to that desired, and as means of coercion ( 18), means for informing the data processing system (3) and / or modifying the operation of the portion of protected software (2p) when the chain of instructions does not correspond to that desired, in building the means of use that also allow the unit (6) to execute the instructions of the instruction set, the execution of these instructions are initiated by the execution in the data processing system (3), of instruction commands, and in modifying the protected software (2p): modifying at least a selected portion of the source of the protected software (2ps): transforming the elementary functions into instructions, specifying the chaining that must be obeyed by at least certain instructions during their execution in the unit (6), and transforming the elementary commands into instruction commands that correspond to the instructions used, and in the use phase (U), in the presence of the unit (6), in the case where it is detected that the chaining of instructions executed in the unit (6) does not correspond to that desired, in informing the data processing system (3) and / or modify the operation of the portion of the protected software (2p), so that the operation of the protected software (2p) is modified. 9. The method according to claim 8, further characterized in that it consists: in the protection phase (P): in defining: as a set of instructions, a set of instructions in which at least certain instructions work on registers and use at least one operand in order to yield a result, at least a part of the instructions that work on the records: a part (FP) that defines the functionality of the instruction, and a part that defines the desired link for the execution of instructions and comprising bit fields corresponding to: an instruction identification field (CU), and for each operand of the instruction: a flag field (CDk), and a predicted identification field (CIPk) of the operand , for each record that belongs to the means of use and used by the set of instructions, a generated identification field (CIGV) in which the identification is automatically memorized. e the last instruction that has thrown its result in this record, as means of detection (17), means that allow, during the execution of an instruction, for each operand, when imposed by the flag field (CDk), control the equality between the generated identification field (CIGV) that corresponds to the record used by this operand, and the expected identification field (CIPk) of the origin of this operand, and as means of coercion (18), means that allow to modify the result of the instructions , if at least one of the controlled equalities is false. 10. The method according to claim 1 or 8, further characterized in that it consists: in the protection phase (P): in defining: as a start command, an elementary command or an instruction command, as a dependent function, an elementary function or an instruction, such as an order, at least one argument for an initiating command, corresponding at least in part to the information transmitted by the data processing system (3) to the unit (6), with In order to start the execution of the corresponding dependent function, a method of renaming orders that allows to rename the orders in order to obtain initiating commands in reordered orders, and reset means (20) destined to be applied in the unit (6). ) in the course of the use phase (U), and that allow to find the dependent function to execute, from the renamed order, in constructing means of use that allow the unit (6) to apply r also the means of restoration, and in modifying the protected software (2p): selecting in the source of the protected software (2ps), initiating commands, modifying at least a selected portion of the source of the protected software (2ps) renaming the orders of selected initiator commands, in order to disguise the identity of the corresponding dependent functions, and producing: the first object part (2pos) of the protected software (2p), this first part object (2pos). being such that during the execution of the protected software (2p), the initiating commands are executed in reordered orders, and the second object part (2pou) of the protected software (2p) that contains the means of exploitation that also apply the means of restoration ( 20), this second part object (2pou) being such that, after loading in the unit (6) and during the execution of the protected software (2p), the identity of the dependent functions is re-established where the execution is initiated by the first part of execution (2pes), by means of the second execution part (2peu), and the dependent functions are executed by means of the second execution part (2peu), and in the use phase (U): in presence of the unit (6) and each time a command initiator in a renamed order, contained in a portion of the first part of execution (2pes) imposes it, reestablish in the unit (6), the identity of the corresponding dependent function and in run the same, so that this portion runs correctly and that consequently, the protected software (2p) is fully functional, and in the absence of the unit (6), despite the request for a portion of the first part of execution (2pes), start the execution of a dependent function in the unit (6), in not being able to respond correctly to this request, so that at least this portion is not executed correctly and consequently, the protected software (2p) ) is not fully functional. 11 .- The method according to claim 10, further characterized in that it consists: in the protection phase (P): in defining for at least one dependent function, a family of algorithmically equivalent dependent functions, but initiated by initiating commands where the renamed commands are different, and in modifying the protected software (2p): selecting at the source of the protected software (2ps) at least one initiating command in reordered order, and modifying at least a selected portion of the source of the protected software ( 2ps) replacing at least the renamed command of an initiator command in selected reordered order, by another renamed command, that starts a function dependent on the same family. 12. - The method according to claim 1, further characterized in that it consists: in the protection phase (P), in defining, for at least one dependent function, a family of algorithmically equivalent dependent functions: concatenating a noise field with the information that defines the functional part of the dependent function to be executed in the unit (6), or using the identification field of the instruction (Cll) and the expected identification fields (CIPk) of the operands. 13. - The method according to claim 10, 1 1 or 12, further characterized in that it consists: in the protection phase (P): in defining: as an order rename method, a coding method for encoding the orders, and as restoration means (20), means that apply a decoding method to decode the renamed orders and thus reestablish the identity of the dependent functions that will be executed in the unit (6). 14. - The method according to one of claims 1 to 13, further characterized in that it consists: in the protection phase (P): in modifying the protected software (2p): selecting in the source of the protected software (2ps), at least one conditional derivation effected in at least one selected algorithmic processing, modifying at least a selected portion of the source of the protected software (2ps), this modification is such that during execution of the protected software (2p), it is executed the functionality of at least one selected conditional derivation, by means of the second execution part (2peu), in the unit (6), and producing: the first object part (2pos) of the protected software (2p), this first part object (2pos) being such that during the execution of the protected software (2p), the functionality of at least one conditional derivation selected in the unit (6), and the second part object (2pou) of the software is executed protected (2p), this second part object (2pou) being such that after loading in the unit (6) and during the execution of the protected software (2p), the second execution part (2peu) appears by means of which executes the functionality of at least one conditional derivation selected, and in the use phase (U): in the presence of the unit (6) and each time a portion of the first execution part (2pes) imposes it, execute the functionality of at least one conditional derivation in the unit (6), so that this portion runs correctly and that consequently, the protected software (2p) is fully functional, and in the absence of the unit (6) and in spite of the request for a portion of the first part of execution (2pes), execute the functionality of a conditional derivation in the unit (6), in not being able to respond correctly to this request, so that at least this portion is not executed correctly and that consequently, the protected software (2p) ) is not fully functional. 15. - The method according to claim 14, further characterized in that it consists, in the protection phase (P), in modifying the protected software (2p): selecting, at the source of the protected software (2ps) at least a series of selected conditional derivations, modifying the minus one selected portion of the source of the protected software (2ps), this modification is such that during the execution of the protected software (2p), the global functionality of at least one selected series of conditional derivations is executed by means of the second execution part (2peu), in the unit (6), and producing: the first object part (2pos) of the protected software (2p), this first part object (2pos) is such that during the execution of the protected software (2p), the functionality of at least one selected series of conditional derivations in the unit (6), and the second object part (2pou) of the protected software (2p), this second part is executed e object (2peu) being such that after loading in the unit (6) and during the execution of the protected software (2p), the second execution part (2peu) appears by means of which the global functionality of the minus a selected series of conditional derivations. 16. - The method according to one of claims 1 to 15, further characterized in that it consists of fragmenting the protection phase (P) in an upstream protection subphase (P1), independent of the software to be protected and a protection subphase. downstream (P2), dependent on the software to be protected. 17. - The method according to claim 16, further characterized in that it consists, during the upstream protection subphase (P1), in containing a period of definitions (S1 1) in which all the definitions are made. 18. The method according to claim 17, further characterized by consisting, after the period of definitions (511), to include a construction period (S12) in which the means of exploitation are built. 19. - The method according to claim 18, further characterized by consisting, after the construction period (512), in containing a pre-personalization period (S12), consisting of loading into a virgin unit (60), at least part of the means of exploitation in order to obtain a pre-personalized unit (66). 20. - The method according to claim 17 or 18, further characterized in that it consists, during the upstream protection subphase (P1), in containing a toolmaking period (S14) in which tools are made to help to generate protected softwares or automate the protection of softwares. 21. - The method according to claims 16 and 19, further characterized in that it consists in fragmenting the downstream protection subphase (P2), in: a creation period (S21) in which the protected software is created (2p) , from the vulnerable software (2v), possibly, a modification period (S22) in which the protected software (2p) is modified, and a personalization period (S23) in which: the second object part (2pou) of the protected software (2p) containing the utilization means is loaded into at least one virgin unit (60) in order to obtain at least one unit (6), or a part of the second object part (2pou) of the software protected (2p) that eventually contains the means of exploitation is loaded into at least one pre-personalized unit (66) in order to obtain at least one unit (6). 22. The method according to claims 20 and 21, further characterized in that it consists, during the creation period (S21) and possibly the modification period (S22), in using at least one of the tools for helping the generation of protected softwares or automation of software protection. 23 - System for the application of the method of claim 18, characterized in that it comprises a program development unit, which serves, during the construction state (S12), to carry out the construction of utilization means destined for the unit (6), which take into account the definitions contained in the period of definitions (S1 1). 24. System for the application of the method of claim 19, characterized in that it comprises a pre-personalization unit (30) that allows to load at least a portion of the means of use in at least one virgin unit (60), for the purpose to obtain at least one pre-personalized unit (66). 25. - System for the application of the method of claim 20, characterized in that it comprises a program development unit, which serve to carry out during the period of making tools (S14), the preparation of help tools for the generation of protected softwares or automation of software protection. 26. - System for the application of the method of claim 21 or 22, characterized in that it comprises a unit for developing programs that serve to create or modify a protected software (2p). 27. - System for applying the method of claim 21, characterized in that it comprises a personalization unit (45) that allows loading: the second object part (2pou) in at least one virgin unit (60), in order to obtaining at least one unit (6), or a part of the second object part (2pou) in at least one pre-personal unit (66), in order to obtain at least one unit (6). 28.- Pre-personalized unit (66), characterized in that it is obtained by the system of claim 24. 29. - Unit (6) that allows to run a protected software (2p) and prevent its unauthorized use, characterized in that it contains the second part object (2pou) of the protected software (2p) loaded with the help of a personalization unit (45) of claim 27. 30. - Set of units (6), characterized in that the second object part (2pou) of the protected software ( 2p), loaded with the help of a personalization unit (45) of claim 27, is divided into several processing and memory units so that their joint use allows to execute the protected software (2p). 31 - Distribution set (2pd) of a protected software (2p), characterized in that it comprises: a first distribution part (2pds) containing the first object part (2pos) and intended to operate in a data processing system (3) ), and a second distribution part (2pdu) which is presented under the form: of a virgin unit (60), or of a pre-personalized unit (66) of claim 28, capable, after loading of personalization information, of transforming into a unit (6), or a unit (6) of claim 29. 32. - The distribution set (2pd) of a protected software (2p) according to claim 31, further characterized in that the first part distribution (2pds) is presented in the form of a physical distribution medium, CDROM for example, or in the form of files distributed over a network. 33. - The distribution set (2pd) of a protected software (2p) according to claim 31, further characterized in that the second distribution part (2pdu), which is presented in the form of blank units (60), of units pre-personalized (66) or units (6), comprises at least one chip card (7). 34. - Processing and memory unit characterized in that it contains the part of the second object part (2pou) necessary to transform a pre-personalized unit (66) of claim 28 into a unit (6) of claim 29. 35.- Set of processing and memory units characterized in that the processing and memory units used as a whole, contain the part of the second object part (2pou) necessary to transform a pre-personalized unit (66) of claim 28 into a unit (6) of claim 29.
MXPA04000595A 2001-07-31 2002-07-04 Method for protecting a software using a so-called elementary functions principle against its unauthorised use. MXPA04000595A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR0110241A FR2828300B1 (en) 2001-07-31 2001-07-31 METHOD FOR PROTECTING SOFTWARE USING A PRINCIPLE OF "ELEMENTARY FUNCTIONS" AGAINST ITS UNAUTHORIZED USE
PCT/FR2002/002344 WO2003012605A2 (en) 2001-07-31 2002-07-04 Method for protecting a software using a so-called elementary functions principle against its unauthorised use

Publications (1)

Publication Number Publication Date
MXPA04000595A true MXPA04000595A (en) 2005-02-17

Family

ID=8866116

Family Applications (1)

Application Number Title Priority Date Filing Date
MXPA04000595A MXPA04000595A (en) 2001-07-31 2002-07-04 Method for protecting a software using a so-called elementary functions principle against its unauthorised use.

Country Status (19)

Country Link
EP (1) EP1412839A2 (en)
JP (1) JP3949106B2 (en)
KR (1) KR20040032860A (en)
CN (1) CN1275115C (en)
BR (1) BR0211372A (en)
CA (1) CA2454096A1 (en)
FR (1) FR2828300B1 (en)
HK (1) HK1070958A1 (en)
HR (1) HRP20040044A2 (en)
HU (1) HUP0400239A2 (en)
IL (1) IL159956A0 (en)
MA (1) MA26123A1 (en)
MX (1) MXPA04000595A (en)
NO (1) NO20040230L (en)
PL (1) PL367486A1 (en)
TN (1) TNSN04009A1 (en)
WO (1) WO2003012605A2 (en)
YU (1) YU5804A (en)
ZA (1) ZA200400353B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109102436B (en) * 2018-06-22 2020-10-27 芯启源(上海)半导体科技有限公司 IP soft core property protection and infringement identification method based on USB3.0 protocol TS1 training sequence

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2634917A1 (en) * 1988-08-01 1990-02-02 Pionchon Philippe METHOD AND DEVICE FOR PROTECTING SOFTWARE, ESPECIALLY AGAINST UNAUTHORIZED COPIES
US5754646A (en) * 1995-07-19 1998-05-19 Cable Television Laboratories, Inc. Method for protecting publicly distributed software
AU7957998A (en) * 1997-06-09 1999-01-25 Intertrust, Incorporated Obfuscation techniques for enhancing software security
EP1086411B1 (en) * 1998-06-12 2003-11-12 Gemplus Method for verifying the execution of a software product

Also Published As

Publication number Publication date
NO20040230L (en) 2004-03-30
WO2003012605A2 (en) 2003-02-13
YU5804A (en) 2006-05-25
HRP20040044A2 (en) 2005-02-28
HK1070958A1 (en) 2005-06-30
FR2828300B1 (en) 2010-09-03
ZA200400353B (en) 2005-03-30
TNSN04009A1 (en) 2006-06-01
JP2004537801A (en) 2004-12-16
IL159956A0 (en) 2004-06-20
KR20040032860A (en) 2004-04-17
BR0211372A (en) 2004-09-14
CN1535409A (en) 2004-10-06
CN1275115C (en) 2006-09-13
WO2003012605A3 (en) 2003-12-24
FR2828300A1 (en) 2003-02-07
HUP0400239A2 (en) 2004-09-28
EP1412839A2 (en) 2004-04-28
JP3949106B2 (en) 2007-07-25
MA26123A1 (en) 2004-04-01
PL367486A1 (en) 2005-02-21
CA2454096A1 (en) 2003-02-13

Similar Documents

Publication Publication Date Title
US20070294770A1 (en) Method to Protect Software Against Unwanted Use with a Variable Principle
US20070136816A1 (en) Method to protect software against unwanted use with a detection and coercion principle
US20070283437A1 (en) Method to Protect Software Against Unwanted Use with a &#34;Temporal Dissociation&#34; Principle
US20070277239A1 (en) Method to Protect Software Against Unwanted Use with a &#34;Renaming&#34; Principle
MXPA04000596A (en) Method for protecting a software using a so-called renaming principle against its unauthorised use.
MXPA04000594A (en) Method for protecting a software using a so-called temporal dissociation principle against its unauthorised use.
MXPA04000595A (en) Method for protecting a software using a so-called elementary functions principle against its unauthorised use.
MXPA04000593A (en) Method for protecting a software using a so-called conditional jump principle against its unauthorised use.
MXPA04000488A (en) Method for protecting a software using a so-called variable principle against its unauthorised use.
US7502940B2 (en) Method to protect software against unwanted use with a “conditional branch” principle
US20040105547A1 (en) Software protection
US7434064B2 (en) Method to protect software against unwanted use with a “elementary functions” principle
MXPA04000489A (en) Method for protecting a software using a so-called detection and coercion principle against its unauthorised use.