CA2446291A1 - Device and method for signing, marking and authenticating computer programs - Google Patents

Abstract

The invention relates to a product/program and method that can be used to insert into a software program watermarks in source code, particularly Java, which respect the semantics of the program and which are very difficult to detect. Said invention can be used to: calculate a secret semantic signature of a computer software or hardware program from among an infinite number of possible secret semantic signatures; mark a computer software or hardware program by inserting a visible or invisible mark by means of watermarking that can be used to find an authenticator of the original program; find the mark and extract said authenticator using the secret semantic signature of the watermarked computer software or hardware. The secret semantic signature of the computer software or hardware program to be protected is characteristic of the semantics of said program. The visible or invisible mark, which is inserted by watermarking from an original software or hardware computer program and which can be used to find an authenticator, can only be identified by finding the secret semantic signature of the watermarked program, which requires the secret to be known (or a computing power that goes beyond the possibilities of computer hardware). The mark can withstand tracking and scrubbing methods without affecting the performance of the program to be protected.

Description

DEVICE AND METHOD FOR SIGNATURE, MARKING AND
AUTHENTICATION OF COMPUTER PROGRAMS.
The present invention belongs to the field of devices and methods for preventing and / or auditing the use of a program computer not authorized by its author, publisher or distributor.
Prevention and prevention devices and methods that the person or machine seeking to use the program of a certain way has the necessary rights. Many devices and methods of this category have been provided for this purpose. In particular the US Patent 6,108,420 discloses a method and a device for producing a cryptographic fingerprint containing the license data assigned to a user or a class of users then to encrypt this fingerprint attached to the program to be protected.
The downside of these devices and methods is that they assume the cooperation of the user who must not communicate the data of his license to other users or delete part of the program, easily ~ 5 locatable in a source code because not functional, which includes these identification data.
The systems and methods that modify the program typically from the copy of the program, from not easily detectable by the user, without altering the 2o functionalities. In particular, US Patent 5,559,884 discloses a method and a device for characteristically modifying the copy of the program the order of execution of blocks of said program.
The disadvantage of such devices and methods is that they suppose the insertion in the so-called call and return instruction blocks who 25 are easily identifiable automatically and affect the program performance to protect.
The object of the present invention is to remedy the drawbacks of this second type by disclosing a device and a method for calculating a signature of the software to be protected, characteristic of said program, 3o resistant to tracking methods without affecting the performance of the program to protect and allowing to mark the software so secret, the holders of the secret being able to identify the brand and the signature.

2 For these purposes, the invention discloses a computer product / program to process the instructions of a computer program in source code, characterized in that it includes a module for choosing according to predefined criteria the instructions of said software to which a program of transcoding will be applied and a module to choose among several the secret method of transcoding to be applied to said instructions.
Among the preferred embodiments, the invention discloses also a product / computer program of the above type whose secret method of transcoding produces a semantic signature of the software.
According to a variant of the invention, the product / program computer of the above type includes a module for inserting instructions transcoded in the software.
The invention also discloses a method for treating ~ 5 software source code instructions including a step to choose according to predefined criteria the instructions of said program to which a transcoding program is applied and a step to choose from many the secret method of transcoding to apply to said instructions as well as a preferred embodiment of the method where the 2o secret method of transcoding produced by a semantic signature of the software as well as a variant of the invention where the method further comprises a step to insert the transcoded instructions into the software.
The invention will be better understood and its various characteristics and advantages will emerge from the following description and examples of 25 realization, and its attached figures including - Figure 1 shows a block diagram of the device and method for choosing the transcoding method and instructions transcoded into the program;
- Figure 2 shows the diagram of the device and method in 3o one of its variant embodiments;
- Figure 3 shows the block diagram of the device and method for decoding a program modified according to the principle of Figure 1;

3 - Figure 4 shows the diagram of the device and method for decode a modified program according to the device and the procedure in Figure 2.
The invention finally discloses a computer program product and a process for recognizing the signature of the software.
In the claims, the description and the drawings, the expressions below are used with the meanings indicated ~ A software protection / prevention process is a set of techniques that make copying and fraudulent use more difficult of the software.
~ Compiling a program is translating it into another language.
~ A computer program is an interpretable program or compilable into an interpretable program.
~ 5 ~ A program is written in a certain programming language called computer program language.
~ The interpretation of a program is the translation of the series of words on component in a series of actions.
~ Labeling a document or code consists of including 2o visible or invisible marks, separated from the content of the object, which identify by fields the software object (designation, name of author, name of recipient, license terms) and a final field of digital signature that completely links the label to the content of the object and at the same time guarantees the integrity of the object.
25 ~ Tattooing involves inserting visible or invisible marks embedded in the body of the object. These marks distributed in the body of the object are otherwise undetectable at least indelible for those who do not know the secret key that generated the underlying pattern. A tattoo is from information hidden in digital data that does not change it 30 meaning.
~ Tattooing a code consists of transforming it into a code equivalent without changing its semantics, adding hidden information and recoverable thanks to a secret called key. .

4 ~ Two software codes are semantically equivalent if they have the same observable behavior, i.e. for example, if for all possible entry, program outputs are the same.
~ A signature process consists in attaching to an object a characteristic data segment (summary), obtained using a secret method.
~ A leaching technique is an attempt to erase the brand without changing the semantics.
~ A program, written in a particular language (for example o Java), represents a series of instructions operating on the state of the system computer science.
~ The state of the system at an instant t is constituted by the value of program and system variables (stream queues enter exit).
~ 5 ~ We call state of the associated system, a set of variables composed of existing variables and / or other additional variables.
~ A semantics is a mathematical model defining the set of possible behaviors from a program to execution at a certain level of observation.
20 ~ "Obfuscation" is the transformation of a program into a semantically equivalent program in a difficult form to understand by a computer scientist.
~ Semantic Static Analysis. is the determination automatic semantic properties of programs.
25 To ensure the security of any digital document (image, sound, text, program, etc.), we can use the techniques classics of cryptology (electronic signatures, etc.). We add to the content to be secured, security rules (e.g. data related to the software license, but these rules may be more 3o personalized and more complex) relating to the document for the user authorized. These rules are written in another digital document (in general apart, such as a header, label, etc.).
The document is protected (or not) by methods of cryptography (encryption of content, for example). The label is protected by cryptographic techniques. The whole is generally welded by cryptographic mechanisms (electronic signature, for example).
The downside of these devices or methods is that they suppose, in the chain of trust of distribution, a cooperation of

5 all actors.
None should disclose the contents of the label or modify or remove the label, if it is outside or inside the program. No one should impersonate a lawful user.
The identification data of a program, even if these depend on time, üeu and context can be deviated from their proper context.
These methods are universal and work regardless of the nature of the document (text, signal, image or program, ...).
They have a major flaw. They guarantee "bit to bit"
- they do not differentiate between minute changes or deep.
- they do not make the difference between a modification which alters the semantic or aesthetic content of the original document and a modification 2o which changes the "meaning" of this document.
Traditional cryptographic techniques are content with grind everything in a digital "flour". The grinding method is not not dependent on the nature, format, syntax, or semantics image or text.
The security of software depends on the security policy implemented force by the software owner. It is generally a question of guaranteeing - software availability: avoid copying by hackers (for resale or unlawful use); avoid unauthorized use from an original physical medium (CDROM); '.
- software confidentiality: avoid understanding the software (confidentiality of source software algorithms, so as not to disclose the secret of program content, knowledge of algorithms allowing an understanding, a similar rewriting, a modification, etc.);

6 - software integrity: avoid modifying the software, either by not changing the semantic content, but only changing the syntax (by modifying the names of the variables, by adding instructions unnecessary, etc. as in "obfuscators" for Java programs by example), either by changing its content (adding a virus, adding or removing a "patch", classic modification, borrowing a song, ...);
- authentication to guarantee the origin and content of the software (seal on a certain date): to ensure the precedence of a tattoo by compared to another, we use a security infrastructure (Third Party 1o Value Added Confidence Game).
Software tattoo methods inspired by tattooing other types of objects (images and sounds) are doomed to fail. In indeed, a computer code, by nature, is completely different from audio, video and image objects. For the latter, a slight loss ~ 5 information does not change the meaning: our sensory sensors are imperfect. This is not the case with computer code. It only assumes the compressions without loss of information. A modification, however small it can make it non-functional. Only changes that take into account account semantics are valid for example operations 2o machine code optimization performed by compilers or obfuscation.
The downside of tattoo tattooing methods and devices software is that they view code as a syntactic object and do not exploit its semantics. For this reason, it is easy to find the 25 tattoo mark by parsing the program, and removing the mark by syntactic transformation.
Plus general software tattoo methods developed so far induce program modifications easily spotted. The insertion of the jump and return instructions are 3o for example automatically identifiable. Regarding the addition of graph structures, these structures are also easily identifiable in codes not fully compiled. They weigh down also the operation of the program significantly.
For software security, prevention 35 devices and methods that verify that the person or the machine that

7 seeks to use the program in a certain way has rights required. Many devices and methods in this category have been provided for this purpose. These are software protection devices (their use generally depends on a hardware device: smart card, "dongle") or deterrent of fraudulent use of software (label, banner, mark outside or inside a source program, machine language instructions in the executable program for identify a context of use).
With the advancement of new technologies and the increase o the number of Internet users, the protection of property intellectual becomes a priority for software producers and sellers. Of numerous protective devices and methods have been provided for this purpose. We note the family of devices that work with hardware specialized.
Among the software protection methods, there is a tattoo of software and obfuscation. The tattoo methods that are part of it split into two families ~ so-called dynamic methods, which take into account (a dimension execution of the program. The mark inserted may be obtained - by reading the program output for a given input.
- by reading the content of a variable during execution, to a given entry.
- by noting the order of execution of the blocks of instructions. In In particular, patent 5,559,884 discloses a method and a device for characteristically change the order of execution of said blocks program, by inserting call and return instructions.
~ (es so-called static syntactic methods, thanks to which we insert and read the mark without executing the program. The brand can be obtained 3o - by studying the order of instructions - by examining the data used by the program (text, photos, sounds) A description of all the existing methods is presented in the article by Coalberg and Thomborson, Softwarè Watermarking Models and Dynamic Embeddinas (1998).

8 The invention belongs to a third category, that of semantic static devices and methods.
In this category, we can find signatures that will have an arbitrary meaning but which will nevertheless remain hidden because the software itself contains a large part of unstructured text.
But in its preferred embodiment, the device proposed applies specifically to software programs that have a given semantics, i.e. programs written in a language programming languages: it is particularly o applicable to interpreted programs (Java, PostScript, etc.) because these programs, once written in machine languages, are easily decipherable by reverse engineering in their original form, understandable by a computer specialist. But it is understood that this device is also applicable to programs written in languages ~ 5 compilable (C, C ++, Basic, Ada, Pascal, VHDL, Estérel, ...) for authenticate and control the origin, content or destination.
The device in its preferred embodiment depends on the language semantics. So, tattoo artists Java, VHDL, etc. are different.
They can have similar parts (for the semantics of their 20 arithmetic operations) but sometimes specific (The pointers in language VS). The device is applicable to tag languages for parts which contain programs ("scripts"). For XML, the other parts come from image tattooing processes (imperceptible modifications of your presentation on screen or paper). The device is also 25 applicable to parties involving operations (programs "Macros" to "center", "justify", etc.).
In its preferred embodiment, the invention is based on the principles of semantic analysis.
Semantic analysis has been successfully applied to the 3o certification of programs with draconian reliability requirements.
(reference 1: Abstract Interpretation: a unified lattice modal for static analysis of programs by construction or approximations of fixpoints, P.Cousot & R.
Cousot January 17-19, 1977 reference 2: P.Lacari, JN Montfort, Le Vinh Quy Ribal, A. Deutsch, and F. Gouthin. The software reliability verification 35 process: The Ariane 5 example. In Proceedings DA / A 98 - Data Systems in

9 Aerospace, Athens, Greece. ESA Publications, SP-422.25-28 May 1998).
To prove that a program is running without failure in context operational, in theory it is necessary to study all the possible executions of said program. The above work has shown that we can expand to the set of all possible executions proof of good operation. We consider that a program is built from a set of knots linked together. The instructions link the nodes between them and thus cause state transitions materialized by a change of one or more variables and / or change of node.
When doing a semantic analysis of a program by abstract interpretation, we calculate by iteration [cf. "Abstract Interpretation A unified lattice model for static analysis of programs by construction or approximation of fixpoints, P.Cousot & R.Cousot January 17-19, 1977], for each variable and for each node, a superset of the set of ~ 5 values that a variable can take at a given node.
Finding these supersets amounts to solving an equation of fixed-point, of which we obtain an approximation by iteration. The examples will show iteration methods in specific cases.
The problem which the inventor proposes to solve concerns 20 the same approach: if the instructions added to the program to be protected belong to a subset of the invariants of said program, then the said instructions will execute without error and will not change the functionalities of said program. There are several subsets relevant. It is a good idea to choose a particular subset 25 representative of the type of programs to be protected.
Although other solutions may be considered, it is currently preferred that the selection of instructions to transcode be performed according to predefined criteria including the selection of sub-set of program invariants as defined above.
3o The module (310) of FIG. 1 allows this selection to be made instructions to transcode from the definition of the characteristics of the say instructions (operations on integers, operations on floats, initialization of variables, conditional loop, connection ...) in application of criteria at least partially predefined. The ~ configuration of the 35 module (310) of the compiler (30) then allows the automatic selection of the instructions to transcode. The operator intervention will also be possible to select an autonomous part of the program to sign semantically. In java for example, a program is assimilated to several classes composed of several methods, which can themselves 5 call methods from other classes and other packages. It's for this reason that in this particular case we prefer to sign the most small autonomous entity of a java program: the method.
The parts of the program to be signed must be the parts innovative and / or sensitive program. In general they concern the algorithmic part of the program.
It is then a question of choosing among several the method of transcoding according to at least partially predefined criteria. This choice will depend on the sensitive nature of the information to be protected. The transcoding will therefore be more or less complex, it being understood that it will have to ~ 5 respect the semantics of the instructions to transcode, that is to say use the same vocabulary and the same grammar. The module (320) contains the transcoding methods possible for each language. A method of transcoding can have a level of sophistication corresponding to the level protection. For a given level of protection, a number 2o allocated of possible parameters will be attributable to users or of the user classes.
In this list, each transcoding method has a secret to be preserved. Indeed, his knowledge will allow decoding and therefore removing additional instructions, which will remove any 25 proof of any subsequent unauthorized copy.
A transcoding table is an application which, at any operation performed on the state of the system, associates another operation performed on the state of the associated system. Create secret semantics therefore amounts to creating a corresponding static analysis, which consists of 3o define the associated variables, and the relationship between, the actions operating sure the state of the system and those operating on the associated variables.
We can for example keep the same variables as those used by the program. Our transcoding table will give another interpretation of program instructions, and assign to variables 35 associated with other values than those that the variables would have taken initials. We can also consider one and only one associated variable V, whatever the initial variables. The following instructions from program will then be interpreted as a series of actions on variable V.
The invention takes into account all the actions operating on the state of the computer program environment system: such an action can affect the execution stack, modify the content of a system variable, call a function, order the reading of another variable, perform a logical or mathematical operation, create an object, send or receive a I / O flow, read an element of an array ...
1 o Using a secret transcoding table strengthens the devices 'signature and tattoo. Without this secret, it is very difficult to find the same signature (according to the classic argument in crypto: we cannot reasonably try all possible combinations) as well as is almost impossible to find a brand.
~ 5 The proposed semantic signature characterizes the algorithm developed as such, and allows you to find programs that have a equivalent semantics.
The tattoo mark is obtained by static analysis (after transcoding) of the program, which is the key to our secret. There is little 2o of noise added, and the brand is therefore more resistant.
The secret transcoding table makes it harder to detect the brand.
At this stage, it is possible to deposit the software signature (10) as produced at the output of the module (320) at a Third Party of 25 Confidence (TPC). It therefore does not have to be inserted into the software (10).
The software will then be authenticated to the TPC by comparison of the signature produced with the software to be analyzed with that that has been filed. In this case, the software is not copy protected but any changes it has undergone are detectable.
In a variant of the invention, the signature is inserted in the software (10) in the form of a trademark.
The module (330) performs on the one hand the transcoding of the instructions classified with the chosen method and on the other hand the insertion of instructions transcoded into the program to be protected. The main module algorithm 35 (330) aims to optimize the placement of transcoded instructions.
She must be adapted to the typology of instructions and methods of transcoding. Compilers normally contain tools code optimization and constant propagation verification.
The insertion of transcoded instructions into the program to be protected must therefore comply with a certain number of minimum robustness rules:
ensure that the variables containing the tattoo marks have a influence on program outputs. In other words, to avoid the outright deletion by an optimizer, you must ensure that the content of the variable will be taken up by an instruction from the initial program. We must 1o also conceal the constants. To do this, avoid boots of variable v by a constant value IC, followed by an instruction of the type w = f (v), at the start of the program, because it is then easy for a directly calculate w. We could however favor loops: in a loop, it is natural to initialize a variable (often at 1), and to ~ 5 increment it with each loop execution. Suppose in the loop, i take values from a to b. We could insert the instruction w = f (i) in the loop and calculate f so that w takes the value of the key for a value of i between a and b.
Once the semantic properties of the program have been combined 2o determined, we calculate by the reverse transcoding table, the instructions to add to the initial program. The added instructions must execute without error and do not modify the functionality of said programmed. These transformations will be iso-semantic: for any identical entry, the initial and tattooed programs will produce the same output. But on the other hand, 25 the internal execution environments will not be identical.
The brand is therefore a set of semantic properties of the transcoded program. Our tattooing device therefore consists in calculating the instructions to add in the initial program which will allow to obtain these new properties in the hidden space.
3o The insertion of the transcoded instructions in the program to protect will have to respect a certain number of minimum rules of robustness: make sure that the variables and the operations containing the tattoo marks give the impression that they have an influence on program outputs. For example, to avoid pure deletion and 35 simple by an optimizer, we must ensure that the content of the variable will be taken up by an instruction from the initial program (dynamic allocation of value) It is important to note that the observation of the values taken by variables during execution do not allow to find the mark. On the one except you must know the secret table to establish our combined program.
On the other hand, the calculation of semantic properties cannot be done in the most cases only by static analysis, and not by runtime execution not.
Figure 2 shows an exemplary embodiment.
o The method (310) of Figure 2 will therefore be applied to each program method (or at least those that have content algorithmic that we want to protect). The selection of instructions to transcoder takes into account the execution dynamics of Java code objects are allocated "on the job", that is to say according to the context of resource usage of processors, memory and inputs / outputs and, if applicable, other members of the network. The object instructions are therefore not recommended for the tattoo since it must be independent of the context.
The tattoo must therefore relate to scalar values or 2o references to objects which are the only operands to allocate on the stack of program.
The predetermined criterion may include choice as instructions to transcode operations on integers, floats or boolean values. For standard programs we will choose the operations on integers. For assisted design programs on computer, simulation or three-dimensional modeling where the operations on floating scalars dominate, we will rather choose these operations.
The module (310) of Figure 2 is then only used for select the instructions (110), (130), (150) of the program methods

(10) which involve operations on integers.
Transcoding that respects the semantics of the instruction then consists in performing the same modulo operation on any integer Nk less than 232. An alternative is to perform an operation different chosen in a permutation table, still in algebra Modular. The module (320) has, in this case, the main function of keep the table of secrets assigned to given user classes for given programs.
The module (330) to calculate and insert the instructions transcoded is a sequence of compiler instructions (30) of the type described here after.
We want to insert p marks in each selected method.
Let p be numbers n1, n2, ...., nP and p brand values ci <n1; c2 <n2; ....
Pc <np constituting the secret set.
We will repeat the rest of the macro-instructions in appendix 1 to 1o each method to tattoo.
It is of course possible to repeat the process several times with different brand values.
It is also possible to improve the robustness of the tattoo by using different techniques of modular algebra.
~ 5 The strongest technique for linking tattoo to program is to make tattoo variables interfere with the original method. We must to do this you can use the properties of the watermarking variable which are transposable into signed 32-bit arithmetic. This is possible when the key K is a power of 2. In fact, suppose that K = 2k. So we have 2o X = v + a. 2k in Z
We know, still in Z, that for all j <k X% 2 '= v% 2' Where x% y denotes the operation that returns the rest of the division Euclidean of x by y. We notice that this property remains trivially 25 true in Z / 232 which is the domain of Java integers. So we can use arithmetic properties of the tattoo to modify calculations of the method. For example, suppose that K = 216 and that v = 18. So what whatever the value of x, we always have x% 4 = 2.
If we have for example an explicit constant 1 in the program 30 original, it can be replaced by x% 4-1. If now we have added a dynamic at x, we have a variable which apparently takes values stochastic but of which a hidden invariant is used. The program as well changed is irreversibly degraded while retaining its original semantics. A hacker trying to eliminate the variable from 35 tattoo x would then render the program unusable. We need a study thrust of the behavior of x in order to be able to find the information thus concealed.
Note that this technique of concealing constants can be done simply automatically and randomly.
The generic method of reading the tattoo is presented on 5 Figure 3. It assumes knowledge of at least part of the tattoo settings. It is thus possible to assign on several levels a software distribution chain (buyer, wholesaler, distributor, retailer) of their own brands.
In the embodiment of FIG. 4, the knowledge of the 10 or secret numbers Nk allows to find by a step by step execution of the program in the compiler variables that have a congruence modulo Nk at a given instant then to plot this variable until its initiation.
The table of secrets can be easily contained on a card ~ 5 microprocessor which will be connected to the computer comprising the interpreter.
The authorized user only needs to know a public key which will activate the program for reading secrets corresponding to his identification User. The private keys that define the table of secrets are not therefore not to be disclosed.
2o Two examples given in appendices 2 and 3 illustrate the application of semantic static analysis to authentication of the signature of the software with two simple cases of calculation of the fixed points of hidden variables.
These devices and methods can be implemented without difficulty on commercial computers. Depending on the complexity of the software and signature, execution times will be more or less long, in particular for the calculation of the hidden variables by the method of the fixed point.
To limit these calculation times, we will apply the enlargement methods and shrinkage known to those skilled in the art.
3o You can tattoo as many times as you want software (overlapping tattoos), unlike sound tattoos or images which undergo a certain saturation of the subliminal channel (according to the chosen perception model). We will not alter the software, we will overload, memory and time resources will be affected.
We can use for each of these tattoos semantics different secrets, so the chain of trust can have different secrets.
Of course, this tattooing device and method can be combined with devices and methods of the prior art to make the program unusable by an unauthorized user (prevention) to trace the possible dissemination of said program by an authorized user to 1o unauthorized users (audit). It will be enough for this not to communicate authorized users the keys allowing them to find the tattoo.
It is also possible to use the device and the method for automatically authenticate the codes that we will authorize to enter a network or a given station. The tattoo is comparable to ~ 5 an authentication certificate including the network monitoring station or of extension will have the reading key.
Annex 4 presents a glossary.
Annex 5 presents an embodiment of the invention with a cutting into finer modules.
2o Annex 6 and Annex 7 present new examples of achievements (examples 3 and 4).

NOTES

1.1 Decomposition of the method into 2 blocks A and B of size equivalent.
1.2 For i varying from 1 to p do 1.2.a find a random position in block A
1.2.b list the variables with a value determined at this level of execution - 2 cases case 1: there is none Create a variable w initialized to a value x. Insert this initialization between the start of the method and our current position.
case 2: there is at least one 75 Select one of these variables w, let x be its value at our current execution position.
1.2.c create any polynomial P of degree 2 checking P (x) = c; + k * n; (k random whole integer small) 1.2.d insert the following initialization instruction: int 2o v; = P (w) 1.2.e find a random position in block B
1.2.f create any polynomial Q of degree 2 checking Q (v;) = v; +1 * n; (1 small random integer) ' 1.2.g insert the instruction v; = Q (v;) Example 1 The tattooed method is the main method of the class 3o Fibonacci, which calculates the value of the noeme term of the Fibonacci sequence, defined by one + 2 one + 1 + one relations uo = 0 u1 = 1 Initial program public class Fibonacci public Fibonacci () public static void main (String [] args) f int n = Integer.parselnt (args [0]);
int a = 0;
int b = 1;
for (int i = 1; i <N; i ++) f 2o int c = a + b;
a = b; // a is u;
b = c; // b is u ~ + 1 .. + b);
System.out.println ("The value of the sequence for n =" + n + "is Choice of semantic correspondence tables We choose to insert two brand values. For it we use two transcoding tables.
The first will insert the hidden value 2507, the second 3012.

Our two tables associate with each algebraic operation on whole algebraic operation identical modulo a number N. At any return of integer value consecutive to the call of an int type method, we associate initialization to a value V. For the first table, N is 10,000 and V 17.
For (a second, N is 5421 and V is 50.
1. Transcoding table for 2507 Initial instruction Transcode instruction v (integer) = a (integer) + b (integer) v = a + b modulo 10,000 v (integer) = a (integer) * b (integer) v = a * b modulo 10,000 v (integer) is the return (integer) v = 17 of the call a function l0 2. Transcoding table for 3012 Initial instruction Transcode instruction v (integer) = a (integer) + b (integer) v = a + b modulo 5421 v (integer) = a (integer) * b (integer) v = a * b modulo 5421 v (integer) is the return (integer) v = 50 of the call a function Method tattoo The tattoo of our method consists of the insertion of two variables j and k, taking respectively the values 2507 and 3012 in our secret space.
The tattoo consists of two stages - Initialization of j and k as a function of n at the start of the program. This initialization allows us to calculate the value of j and k in our space however, the values of j and k during the execution of the 2o program are unknown. This allows us to avoid the transformation of these instructions by an optimizer.
- Addition of instructions in the algorithm ensuring the invariance of j and k in our secret space. .
These instructions are calculations of j and k using polynomials of degree 2.

Anchoring the brand The brand is anchored at the end of the method. Indeed, the values of j and k are apparently used for the calculation of the result b. This is a lure, because the sequence of operations performed on b ultimately leaves this 5 invariant variable.
Tattooed program public class Fibonacci {
publishes Fibonacci () ~ o {
) public static void main (String [] args) {
int n = Integer.parselnt (args [0]);
15 int a = 0;
int j = -34 * n * n-500 * n + 833; / lj is 2507 in the conjugate space n ° 1 // (i.e. modulo 10000, n-> 17) int b = 1;
int k = 2 * nn * n-9; // k is 3012 in the conjugate space n ° 2 20 (i.e. // modulo 5421, n-> 50) for (int i = i; i <N; i ++) {
int c = a + b;
a = b; // a is u (i) j * j = 5-28; // j is always 2507 in the conjugate space 1 b = c; // b is u (i + 1) k = k * k + 201; // k is always 3012 in the conjugate space 2 ) b + = k + j;
3o b = b-1-k * j + (1-k) * (1-j); // anchor of k and j System.out.println ("The value of the sequence for n =" + n + "is "+ B);

Brand analysis The brand is found by Static Analysis, and the method approximation of the fixed point by iterations.
The combined program in space 1 is as follows public static void main (String [] args), int n = 17;
int a = 0;
int j = (- 34 * n * n-500 * n + 833)% 10000;
1 o int b = 1;
int k = (2 * nn * n-9)% 10000;
for (int i = 1; i <N; i ++) int c = (a + b)% 10,000;
a = b;
j = (j * 5-28)% 10000;
b = c;
k = (k * k + 201)% 10000;
ob = (b + k + j)% 10000; .
b = (b-1-k * j + (1-k) * (1-j))% 10000;
System.out.println ("The value of the sequence for n =" + n + "is:" + b);
}
First transform the program into a flow graph execution Static Semantic Analysis: approximation of the iuce point beginning ~ N = 171 State (I) State (II) r:
_ i ~
= .- 34 x raz -x not +
833 ~ 10000 ~!

._._._._._._._._._._._._. J

State (III) ~ b 1 ~
i =

State (IV) ik = 2xn-nz-9 ~ 10000 ~ i State (~

l i ~ i ~

.
.

State (V1) !
i (i <ra) i otherwise !

s _._ i ._._. ~

tat tat (VII) (X111) ~ c = a + b ~ 10,000 ~ i ~ B = b + k +
j (10000 ~ i tat tat (VIII) (XIV) __ _ ~~ -bi ib = _b-1-_kx + j (= 1 .k) x (1-j ~ 10000 ~ i tat tat (I ~ (XV) . j = -jx 28 ~ 10000 ~!
!.at, isplay (b) i HE_._._ ._._._._._._._._.

end state (~

~ B = ~ i State (X1) ik =. 01 10000 ~ ~~
kz + 2 State (X11) i = i 1 ~ 10,000 ~!
+

SEMANTIC STATIC ANALYSIS
For each state we study the set of possible values taken by the variables, We will only consider the variables which have changed in value from all states possible precedents.
Variable state Initial value is studying /
Interval I n N = Ql II a A = O

NI Qs J =

I b _ B = Q3 k K = O

I i I = QS

II i I = O

III c = f I a A =! 'D

J = f ~

I b B = O

II k K = ~

III i I = ~

I b B = QS

b B = ~

Writing of the interdependence of states Nr = ~ 17 ~ Arr = ~ 0 ~ Jrrr = 1j = 34xn2 -500xn + 833; nE Nr Br ~, = ~ 1 ~ Kv = ~ k = 2, xn-nxn-9; nE Nr ~ 1 ~ = ~ 1 ~ U ~ Ivrr + 1 ~
I ~ r = Ivr (~ - ~; supn r ~ Nl Cvrrr = ~~ = a + b; aE ~ Arr UA ~~~ bE ~ Bn, UB ~
A ~ = Bn, UB ~ Jx = ~, j x5 -28; j E ~ Jx U Jrrr ~~ Bxr = wrrr Kir = ~ kxk + 201; kE ~ Kv UKxrr ~~ I ~ rr = Ivr nCinf n; ~
rtEN ~~
Bue, _ ~ b = b + k + j; b E ~ Br ~, U Bxr ~~ k E ~ Kv U Kxtr ~~ IE ~ Jr ~ r U Jx) ~
Bue, = ~ b = b-1-kx j + ~ 1-k ~ x ~ 1- j ~; bE B ~ v ~ k ~ ~ Kv UKxrr ~~ .1 E ~ Jrlr UJx ANALYSIS
STATIC
SEMANTIQIE
For each State, we are investigating all of the values possible taken through the variables.
We born considrera than the variables who have chang of value through report all the States prcdents possible.
We will approximate these sets through of the ntervalles Number 0 1 2 3 4 of itratio not N ~ 17 17 17 17 J if ~ 2507 2507 2507 KO ~ 9736 '9736 9736 I s? ~ 1 1 i; 2 1; 2) IOO 1 1 1; 2) C QJ fd 1 1; 2 (1; 2) AS ~ 1 1 1 JQ ~ ~ f 2507 2507 B ~ ~ f ~ 1 1; 2 K> ~ ~ D f 9897 82; 9930 I

B ~ O gj 2244 2244; 2405 BP ~ S23 s ~ 0; 9999 Number 5 6 7 8 35 of itratio FIXED POINT
not I (i; 3 (1; 3) (1; 4) (1; 4) (1; l 7) I (1; 2) (1; 3) (i; 3) (1; 4) (1; 16) ' (i; 3) (1; 4) (i; 5) (1; 7) (0; 9999) (1; 2) (1; 2) (1; 3) (1; 4) (0; 9999) B (1; 2) (1; 3) (1; 4) (1; 5) (1; 9999) K (2; 9997) (2; 9997) (2; 9997) (2; 9997) (2; 9997) I Ql f QJ ~ 'Q i 7 B (0; 9999) (0; 9999) (0; 9999) (0; 9999) (0; 9999) B (0; 9999) (0; 9999) (0; 9999) (0; 9999) (0; 9999) We find our first brand: the variable J always keeps the value 2507.

The combined program in space 2 is as follows publïc static void main (String [] args) int n = 50;
int a = 0;
10 int j = (- 34 * n * n-500 * n + 833) ~ 5421;
ïnt b = 1;
int k = (2 * nn * n-9) ~ 5421;
for (int i = 1; i <N; i ++) int c = (a + b) ~ 5421;
a = b;
j = (7 * 5-28) ~ 5421;
b = c;
k = (k * k + 201) ~ 5421;
é5 b = (b + k + j) ~ 5421;
b = (b-1-k * j + (1-k) * (1-j)) ~ 5421;
System.out.println ("The value of the sequence for n =" + n + "is.
"+ B);
l Let’s transform the program into a flow graph as before execution beginning ~ n = 50i ötat (I) i0 State (II) j = ~ -34 x n2-- 500 xn + 833 ~ 5421 ~ i State (III).
~ b = ~ li State (IV) ~~ k - 2x n.-n2.-9 ~ 5421 ~ i State (~
_ ü = .1i State (V1) ~ i If (i ~ h) i II otherwise ~
._._ i.
State (VII) State (X111) ic = _a + b ~ 5421 ~! ib = b + .k + j ~ 5421 ~ i . _. _. _. _ ._. _. J _ State (VIII) State (XIV) ~ a = bi ib = b = 1-kx j + (1 = k) x (1 _j) ~ 5421 ~~
State (XV) j = jx 5 - 28 ~ 5421 ~ i ~~ display (b) i ._._._._._._._: i ._._._._._ State (X) End ~ B ~ i State (IX) State (X1) ik = k2. + 201 ~ 5421 ~~
State (X11) _, _ = i + 1 ~ 5421 ~ i SEMANTIC STATIC ANALYSIS
For each state, we study the set of possible values taken by variables, We will only consider variables that have changed value in relation to all possible previous states, Variable state Initial value is studying /
Interval I n N = ~

II a A = Q ~

III J = O

I b B = P3 k K = O

I i I = O

II i I = ~ Zi III c = Ql IX a A = f XJ = O

XI b B = Qs XII k K = 0 XIII i 1 = O

XI b B = Q3 b 8, ~, = O

Writing of the interdependence of states Nr = ~ 50 ~ Arr = ~ 0 ~ Jrrr -lJ = -34xn2-SOOxn + 833; nE Nr B ~, = ~ 1 ~ Kv = ~ k = 2Xn-nxn-9; nE Nr ~ Ivr = ~ 1 ~ U ~ Ivrr + 1 ~
I ~ r = 1 ~ (~ - ~; supn r ~ NI
Cvrrr '~~ = a + b; a E ~ Arr U Arx ~ ~ b E ~ Bn, UB ~ ~~
Arx = Brv U Bxr Jx = ~ jx 5 - 28; j E ~ Jx U .l rrr O Bxr = Cvru Kir = ~ kxk + 20I; k E ~ Kv UK ~ 1 ~~ I xrrr = I vr n C inf n; -I- ~~
don't N ~
B ~ v = ~ b = b + k + j; bE ~ Br ~, UBxr ~~ kE ~ Kv UKxtr ~~ jE ~ Jrrl UJx Bue, = ~ b = b-1-kx j + ~ 1-k ~ x ~ l- j ~; bE Bxr ~, ~ kE ~ Kv UK ~ r ~~ jE ~ Jrrr UJx STATIC ANALYSIS
SEMANTICS
For each state, we study the whole values possible taken by the variables.
We will not consider that variables who have change from value by report all previous states possible.
We will approximate these sets by intervals Number 0 1 2 3 4 of itration N ~ 50 50 50 50 B ~ 1 1 1 1 i5 K ~ OO 3012 3012 3012 I f 1 1 1; 2 1; 2) IOO 1 1 (1; 2) C Q3 ~ d 1 1; 2 1; 2) A ~ O 1 1 1 OJ ~ ~ 1658 0; 5420 B Qj O QS 1 1; 2) KDO fd 3012 3012 IO ~ ~ O

B s QS Q ~ 2266 0; 4671 BO ~ ~ s ~ 0; 5420) Number 5 6 7 8 105 FIXED POINT description B 1 1 i 'ii I (1; 3) (1; 3) (1; 4) (1; 4) (1; 50) I (i; 2) (1; 3) (1; 3) (1; 4) (i; 49) C (1; 3) (1; 4) (1; 5) (1; 7) (0; 5421) (1; 2) (1; 2) 1; 3) (1; 4) (0; 5421) J (0; 5420) (0; 5420) (0; 5420) (0; 5420) (0; 5420) B (1; 2) (1; 3) (1; 4) (1; 5) (0; 5420) I pJ ~ 1d QS QS 50 B (0; 5420) (0; 5420) (0; 5420) (0; 5420) (0; 5420) B (0; 5420) (0; 5420) (0; 5420) (0; 5420) (0; 5420) We find our second brand: 3012.

Example 2 The method from which the semantic signature is extracted is a bubble sorting method.
Initial program public class Bulle public statïc voïd main (String [] args) int [] table = new int [args.length];
for (int i = O; ï <Args.length; i ++) table [i] = {znteger.parselnt ares [i]);
{print table);
print (tri (table));
public static void print (int [] table) {System.out.println "");
for (int i = O; i <Table.length; i ++) System.out.print {table [i] + "");
{System.out.println "");
public static int [] sort (int [] table) int [] table2 = table;
boolean flag = false;
int i = 0;
int v = 0;
while {! flag) flag = true;
for (i = O; i <Table2.length-1; i ++) if {table2 [i]> table2 [i + 1]) v = table2 [i];
table2 [i] = table2 [i + 1];
table2 [i + 1] = v;
flag = false;
return {table2);

Choice of a semantic correspondence table We want to get a semantic property after transcoding. For this we use a transcoding table.
For the variables of our conjugate space, we will add to 5 variables of our initial space two new variables W and W 'of type integers that are initialized with the value 0.
Then we try to locate the transpositions carried out on the program tables, and we will replace these operations performed on the table by operations on the variable W. A static analysis on 1o W will show that it keeps a constant value equal to 7 in all situations.
Transcoding table Initial instruction Transcode instruction Start of program W is 0 W 'is 0 Squence: Squence:

<sequence of any operations <sequence of operations (1)>
(1)>

<sequence of operations (2)>

<a variable X takes the value of water <sequence of operations (3)>
a Tab T

the index P><sequence of operations (4)>

<sequence of operations (5)>

<sequence of any operations (2) having neither X n T nor P> If W = 0 Then W = 1 <a variable Y takes the value un - W = W * Absolute value (P -from T 6 ~) Q index>

W '= min (P, Q) <sequence of any operations (3) affecting neither X, Y, nor T, neither P, nor Q>

<we write the index P of T
the value of Y>

<sequence of any operations (4) affecting neither X nor T nor Q>

<we write the index Q of T
the value of X>

<sequence of any operations (5)>

T is an array, parameter T is the array (5; 2;
of 4; 1; 3) Method signature The signature of the method consists of 'static analysis semantics of the method and property detection Program analysis the properties are found by Static Analysis, and the method approximation of the fixed point by iterations.

The execution graph of the combined program is! E following beginning stable - [5; 2; 4; 1; 3 [
State (I) ! ~ flag = ~ false i The _._._._._.
State (II) ii = O; v = Oi ..
State (III) ~ W --O; W ~ = 0i i._ ._._._ State (IV) ~ if (f lag = ~ false)! if not !
i ._._._._._._._. 1 i ._._. ~
State (~
â ~ = Oi Fin ._._ i.
if not !
State (V1) ~ ''-'-' ~ If (i <length (table2)) i i ._._._._._._._._._._._ State (VII) ! if (table [i]> table [i +1]) t otherwise I
L _._._._._._._._._._. ~ I ._._. ~
State (VIII) ~ W --W ~ eI i -. (I + 1 ~!
._._._._._ State (IX) iyy ~ - ~ n (i + l i) ~
State (X]
! ~ flag =. false i i ._._._._._.
State (X1) II ~ i =, i + lj Writing of the interdependence of states ~ TABLE, _ ~ 5; 2; 4; 1; 3 ~
FLAGII = ~ false ~
1O IIII ~~~ WIV ~ O
VIII ~~~ W'N
FLAGV = FLAGII n ~ false ~
he Ivl = ~ O ~ U ~ Imlr ~ 1J
Ivll = 1 ,,, (~ ~ - ~; length (tablell TABLEVIII = table E (TABLE, I UTABLEvIIr) such as ~ i E Ivll such as table (i) ~ -table (i +1) ~
Ivlll = ~ i E Ivll such as stable E (TABLEII ~ JTABLEVIII) such as table (i) ~ -table (i +1) ~
W Uf (n '~ f: OH ~ l rx = x ~ OH ~ xXli- (i + l ~; iE IvIrrI
~ (WauwN) W'X = ~ min (i + l; i} i E IVIII ~ _ FLAGxI = ~ f'alse ~.
Itrations 0 1 2 FLAG Q ~ false false I PJ 0 0; 1}

IP ~ 0 0; 1 TABLE Qs (5; 2; 4; 1; 3) (5; 2; 4; 1; 3) I ~ 0 0 W ~ 1 1 W 'P ~ 0 0 FLAG Qs false false Itrations 3 4 5 - FIXED POINT

FLAG false false false I 0; 1; 2 0; 1; 2; 3 0; 1; 2; 3; 4 I 0; 1; 2 0; 1; 2; 3 0; 1; 2; 3 TABLE (5; 2; 4; 1; 3) (5; 2; 4; 1; 3) (5; 2; 4; 1; 3) I 0; 2 0; 2 0; 2 W 1 1 ~ 1 W '0; 2 0; 2 0; 2 FLAG false false false Signature We note the signature of our sorting bubbles method Considering the secret transcoding table, we note that - “the associated variable W keeps a constant value equal to our variable X 'takes the values 0 and 2 ".

Glossary 5 - A software or hardware protection-prevention process is a set of techniques that make copying more difficult and use fraudulent software or electronic circuits.
- A program is written in a certain language of programming called computer program language.
10 - The interpretation of a program is the translation of the sequence of words composing it in a series of actions called program execution.
- The compilation of a source program, written in a language of high level, is its translation into another language or materialization into a automaton, in general machine language or electronic circuit.
15 - A software computer program is a program interpretable or compilable into an interpretable program.
- A hardware computer program is a program achievable by an electronic circuit and specified by a language ~ of description of circuit.
20 - An element of a computer program is a part not necessarily related to the program text corresponding to one or several instructions, possibly composed (like a command conditional choice or by case, a loop, etc.), a declaration or description of one or more data structures including 25 possibly the operations or operations acting on these structures of data, one or more procedures or methods, one or more modules, etc.
- A semantics of a software or hardware program is a mathematical model defining the set of possible behaviors 3o from a program to execution at a certain level of observation.
- Semantic static analysis is automatic determination of semantic properties of programs.
- Two software programs are semantically equivalent (or functionally equivalent) if they have the same 'behavior 35 observable that is to say they execute functionally equivalent, (for example, if for any possible entry, the exits of the program are the same).
- An abstract semantics of a software or hardware program is a mathematical model defining an over-approximation or a sub approximation of all the possible behaviors of a program at runtime.
- An abstract semantics is secret if its specification for a software or hardware program requires knowledge of a secret.
- A signature is characteristic information (label, thumbnail or summary) associated with an object (here, a software program or equipment). This information may depend on an intrinsic property or extrinsic of the object. These properties can authenticate the shape and background of content of the object (coding, format, syntax, aesthetics, semantics) or its traceability (the history and / or the future of this object).
~ 5 - A secret signature is a signature obtained using a secret method.
- A semantic signature is one. signature specified in semantic function of the object (here, of the program written in a language programming, with defined semantics).
20 - An authenticator is secret proof of the detention of a information or a right (for example designation of the object, name of the author name of recipient, terms of user license, etc.).
- A mark is a component of an object that allows identify it and which, in the context of the invention, makes it possible to find a 25 signature of the object.
- Labeling an object or a program consists in manufacturing a label which is generally separated from the content of the object or embedded in the object in an easily identifiable place.
- Unlike, tattooing involves embedding one (or more) 3o marks) in the body of the object. This brand distributed in the body of the object is generally if not undetectable at least indelible. The grafted object with this mark is called the tattooed object.
- Obfuscation is the transformation of a program into a semantically equivalent program in a difficult form 35 understand by a computer specialist but usable by a user. To the Unlike tattooing, obfuscation makes a program confidential (thanks difficulty understanding it) but does not allow authentication [cf.
Obfuscation techniques for enhancing software security, New Zealand Patent Application # 328057, WO 99/01815, PCT / US98 / 12017, June 9, 1997].
- Brand leaching is an attempt to erase or brand modification or program overload to drown the brand, without changing the semantics of the program.
- A program tattoo is robust if it resists a compile optimization, obfuscation, labeling and another 1o tattoo, all these operations being applied later.

Analytical description of modules and background theory ~ eu A process A of abstract semantics The inventor uses the principles and techniques of static analysis semantics of programs by abstract interpretation, cf. [P. Cousot & R.
Cousot, "Abstract Interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints ", Conference international “Principles of programming languages, POPL'77”, p. 238 252, ACM Press, January 1977] and [P. Cousot & R. Cousot, "Systematic design of program analysis frameworks ", International Conference "Principles of programming languages, POPL'77", p. 269-282, ACM
Press, January 1979].
Process / module A defines an infinity of abstract semantics dependent secret - an abstract domain D (K) parameterized by a secret key K (which, 2o apart from an injection, can be considered as a number N = b (K), this injection b which can itself constitute a secret);
- a specific secret key K which defines the abstract domain D (K) used in the SAS secret abstract semantics.
This SAS secret abstract semantics consists of secret abstract domain D (N) and corresponding abstract operations for the constructs and primitives of the family of languages of programming considered, obtained using the principles of abstract interpretation.
Any abstract domain D (K) obtained by an abstraction, in the sense 3o of the theory of abstract interpretation, cf. [P. Cousot & R. Cousot, "
Abstract Interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints ", International Conference "Principles of programming languages, POPL'77", p. 238-252, ACM
Press, January 1977] and [P. Cousot ~ R. Cousot, "Syster ~ natic design of program analysis frameworks ", International conference" Principles of programming languages, POPL'77 ”, p. 269-282, ACM Press, January 1979], parameterized by a secret key K can be used as a parameter for module A. Thanks to the use of an injection N = b (K), which can remain secret, any abstract domain D (N), parameterized by a number N, is reusable with any keys. There is therefore an infinity of abstract domains D (K), parameterized by a key K, which can be used.
However, the abstract domains published in the scientific literature do not not suitable, in the sense that they are not parameterized by a key K
(even chosen isomorphically to integers or to ordinals).
Part of the invention, the transformation of an abstract domain any usable for classical static semantic analysis whose concretization provides information on whole values (at a coding near injective) into an abstract domain D (N) parameterized by an integer N
constituting the secret key K = N (close to said coding). The process consists of ~ 5 abstract (in the sense of abstract interpretation) from concrete operations in an abstract operation considering the concrete operation carried out modulo N.
This abstraction is then extended to the control elements of the program according to the principles of semantic static analysis by abstract interpretation, possibly using techniques 2o widening and shrinking known to those skilled in the art.
Examples of the transformation of such D domains into domains D (N) are described below: ' For a P program written in algorithmic language (with additions, multiplications, loops, branchings, ...) and of which 25 the author wants to secure sensitive algorithmic content, we can define, for module A, an abstract domain D (K) for integer or fixed or floating point, or even the reals corresponding to the propagation of constants, powers, intervals, octagons, invariants of linear equality or inequality, etc. modulo a positive integer value N
3o constituting the secret key K = N;
For a P program written in programming language with symbolic data (with pointers, lists, tables, ...), and whose author wants to secure the sensitive handling of variables and, arrays, we can use a symbolic abstract domain (through 35 example an automaton or domains of trees) parameterized by integers (e.g. loop counters in the controller or a measurement of the size of symbolic data) by reusing the previous abstract domain D (N) to analyze the whole parameters, modulo an integer value positive N constituting the secret key K, again at an injection (which can 5 be secret) close.
On the one hand there are an infinity of possible abstract domains Di and on the other hand an infinity of instances Di (K) of each particular domain in secret key function K.
Unlike classic cryptology, if module A is secret, o it is not possible to break it by brute force. Indeed it there no possible enumeration of all the abstract domains configured usable.
For a given secret abstract domain Di (N), different keys lead to different SAS secret abstract semantics, like ~ 5 this is the case for the examples above. When the secret abstract domain at been disclosed or is public, the secret of the key must be managed as in classic cryptography to limit brute force attacks (like in the case of classical cryptology based on NP-complete problems or secret key encryption mechanisms).
2o The secret abstract semantics SAS must be invariant for the primitive transformations and constructions of the language family software or hardware considered, which leave their standard semantics invariant, as is the case for the examples above. this is important to avoid obfuscation attacks which involve transforming 25 a P program into a syntactically different program but semantically equivalent, for example, the mathematical expression (a =
2b) being changed to (a = b + b).
(See Figure 5) A DA module of abstract semantics Among the preferred embodiments of the above method, the invention also discloses a device (which can be produced by a computer product / program) including A DA module based on an abstract domain D; (K) parameterized by a secret key K chosen from a very large number possible, allowing to generate a program implementing the SAS secret abstract semantics the family of software or hardware programming languages considered;
(See Figure 5A) A signature process Method / module S uses secret abstract semantics o SAS for the constructs and primitives of the family of languages programming considered, to make the semantic static analysis of the original program P software or hardware, the result of this analysis providing the SSS secret semantic signature of the P program.
do, module S builds a representation of the system of equations of fixed-point whose approximate solution defines the SASP abstract semantics said software or hardware program P. This SASP abstract semantics of software or hardware program P is defined according to the principles of analysis static by abstract interpretation of the concrete semantics of the program based on the SAS secret abstract semantics for constructions and 2o primitives of the family of programming languages considered. This SASP abstract semantics is computed by elimination, or by iteration with acceleration of convergence. The SSS secret semantic signature of the program P is an injective function SSS = i (SASP) of the semantics SASP secret abstract. This injective function i can itself constitute a secret.
The secret SSS semantic signature of a software program or P material, calculated according to module S or by the DS device allows check whether a software or hardware program P 'has a semantic signature equivalent.
3o At this stage, it is possible to deposit the SSS signature of the software or hardware program P as produced according to module S or in release of the DS system with a Relevant Third Party (TPC). She did therefore not to be inserted into the software or hardware program P.
The authentication of the software or hardware program P will then take place with the TPC by comparison of the signature produced SSS 'of the software or hardware program P 'to be analyzed with that (SSS) which has been filed. In this case, the software or hardware program P is not protected against copy P ', but two cases arise SSS 'is different from SSS: the changes that P has undergone are detectable, since in the case of semantic modifications (for example example, adding a virus, modifying an algorithm), the signature is different;
SSS 'is equal to SSS: the software or hardware program P' is a copy of P or if the software or hardware program P has been obfuscated (manually or automatically) to become P ', the SSS signature' of P ' will be equal to that SSS of P, which will prove, with a probability extremely low error, that the software or hardware program P has been pirated, this piracy being masked by an edition make-up.
~ 5 (See Figure 6) DS signature module A DS module to calculate your SSS signature of a software or hardware program P according to the secret abstract semantics SAS
0 obtained using the previous DA module.
(See Figure 6A) An M marking process 25 For the invention, a mark m is a program element software or hardware that can be inserted into a software program or material by the process described in module B below. Let Pm be software or hardware program ie as simple as possible in which the brand m can be inserted. For any secret SAS abstract semantics, this 3o Pm program has a secret semantic signature, calculable by the module S, called secret semantic signature of said mark m and noted SSS (m).
A "brand" m is a triplet consisting of a "location of mark ", an" initialization mark "and an" induction mark ", s5 one of the last two may possibly be empty.

Let Pm be a software or hardware program from the family of languages considered, as simple as possible, which declares if necessary I '' mark location '' X ', execute the' initialization mark '' la ', then execute one or more or even an infinite number of times the "mark induction '' If '.
The M marking process is parameterized by a semantics SAS secret abstract (for example, produced by module A from a abstract domain Di (K) as a function of a secret key K) and a signature o secret SSS semantics;
Using a f3 bijection which can be secret, the module M
calculates an abstract value 's' of the abstract domain Di (K) as a function of the SSS secret semantic signature, according to semantic coding SAS secret abstract. This abstract value 's' is chosen so that it there are many concrete values 'x' whose abstraction according to the principles of abstract interpretation or that of the singleton '{x}' is the value abstract 's'. For example this value 'x' can be that of a variable in the case of a non-relational analysis or a vector of variables for a relational analysis or the value of any object analogous to a vector of variables;
Process M chooses, according to the principles of interpretation abstract, any of the concrete values 'a' including abstraction or that of the singleton '{a}' is the abstract value s;
Method M then chooses, according to the principles of interpretation abstract, a concrete operation 'f' whose functional abstraction leaves invariant the abstract value 's' but not the concrete values corresponding (i.e. if 'x' is a concrete value whose abstraction according to the principles of abstract interpretation or that of singleton '{x}' is the abstract value 's' so 'f (x)' is generally different from 'x' while abstraction according to the principles of abstract interpretation of 'f (x)' or that of the singleton '{f (x)}' is equal to 's');
Method M then chooses a 'brand location''X' which may be an existing program variable which is unnecessary or not alive in the elements of the P program to tattoo, a new variable auxiliary, an unnecessary or additional field of a data structure dynamically allocated, etc. whose values are taken into account in semantic static analysis used to determine semantics secret abstract of the program;
Method M then determines an "initialization mark"'la' which consists of one or more primitives or constructions of the family of languages considered to be interpreted as an assignment of value concrete 'a' defined above at the mark location 'X';
Method M then determines an 'induction mark''If' comprising one or more primitives or constructions of the family of languages considered to be interpreted as an assignment of the value of 'f (X)' at the mark location 'X'. According to the family of languages considered, these primitives or constructions will be assignments, parameter passages, unifications, etc.
The brand m is chosen such that, according to the principles of abstract interpretation, static semantic analysis of the Pm program, according to secret abstract semantics and in accordance with the directives of the module S, determined in a manner recognizable by the holder of the secret SAS, the abstract value 's' defined above and such as the signature secret semantics of the Pm program, as defined above, is that 2o SSS (m) of (a brand.
Using abstract domains ~ which are products Cartesian or reduced products of elementary abstract domains it is always possible to consider brands that are finite sets of elementary marks.
(See Figure 7) A DM marking module Among the preferred embodiments of method M above, the invention also discloses a DM device (which can be produced by a computer product / program) which, from the implanting program (a SAS secret abstract semantics and data representing the secret semantics SSS of program P, calculates the text of the mark m.
(See Figure 7A) A camouflage process B
The camouflage process / module B takes as parameter the original software or hardware program P, a selection of elements from the 5 program P to tattoo and a mark m. Module B provides the program tattooed PT which is a fusion of the original program P and the brand m.
This fusion is made without altering the secret abstract semantics of Ia brand, nor functionality. of the original program, which allows find the secret semantic signature SSS (m) of the mark m from the secret semantic signature SSS (PT) of the tattooed program PT.
It is important to note that in the preferred embodiment of the invention, the observation of the values taken by the variables during execution of the tattooed software or hardware program PT does not allow find the brand. On the one hand, you have to know the abstract semantics 15 secret to establish the tattooed program PT. On the other hand, the calculation of semantic properties of this tattooed software or hardware program PT does not can be done, in the case of non trivial abstract domains D (K), that by static semantic analysis, not by step-by-step execution.
Inserting instructions into the software or hardware program 2o to protect P will have to respect a certain number of minimum rules of robustness. For example, to avoid outright deletion by a optimizer using “slicing” extraction techniques, ensure that variables and operations containing tattoo marks give the impression that they have a possible influence on the semantics 25 observable (eg exits) from the program. Said addiction potential can be a simple syntactic dependence chosen so that the demonstration that this syntactic dependence does not cause a semantic dependence requires complex proof of equivalence semantics of software or hardware programs. This is the case for example 3o of dynamic value allocation (semantically useless but this is undecidable) of certain values calculated by the operations containing the tattoo marks.
The mark m created by the module M, the selection of the elements to tattoo in a software or hardware program P as it ~ is chosen by the PS module and used by module B must meet the criteria set out below.
'If' induction marks should be included in the parts of the software or hardware program containing primitives or repetition constructs (iterations, recursivities, etc.).
The “initialization marks” 'la' are used to make the initializations required by the semantics of the language family considered. In addition, if necessary, for the language family considered, any declarations must be added to the tattooed PT program if the nature of the 'X brand location' requires it.
Finally, the camouflage module B adds primitives or constructions with the tattooed program PT making the values active possibly used in 'X' brand locations. A
possible solution is to use any values used in ~ 5 "brand locations" in the calculation of active variables of the program tattooed hardware or software PT, or to assign the values from 'brand locations''X' to dynamic variables of the tattooed program PT, more generally by ensuring that the lifespan dynamics of 'brand locations''X' is that of the program 2o tattooed PT. Again these transformations of the P program into the program tattooed PT should be done without altering the secret abstract semantics of the brand, nor the functionality of the original program, so that, according to principles of static analysis by abstract interpretation, this allows find the secret semantic signature SSS (m) of the mark m from 25 the secret semantic signature SSS (PT) of the tattooed program PT.
(See Figure 8) A DB camouflage module 3o Among the preferred embodiments of method B above, the invention also discloses a DB device (which can be produced by a product / computer program) which, from the text of the software program or material P, data for selecting the elements to be tattooed in P and text of mark m, produces the text of the software program or hardware PT

whose semantics is functionally equivalent to that of P and which conceals the mark m.
(See Figure 8A) A PS security policy process The PS process for selecting the abstract tattoo domain and of the elements to be tattooed in the software or hardware program P depends on security policy to be applied to this program P
Like steganographic techniques, the brand can be distributed in the program in different and distant places in choosing, for example, static semantic analyzes by abstract interpretation based on abstract domains allowing ignore the control structures in the calculation of the semantic signature ~ 5 secret so that the random distribution of marks has no effect sure this analysis; this strategy is for example applicable when the brand is used to authenticate an entire P program, relatively large in size.
Another security policy is to tattoo the parties innovative and / or sensitive aspects of the P program. In general, the elements 2o selected for the tattoo relate to the algorithmic part of the program (algebraic operations or manipulation of variables in RAM). According to the family of programming languages considered and the programming methodology used, this algorithmic part can to be 25 - Significant elements of the program which are semantically autonomous. In JavaT "" for example, a program is assimilated to several classes composed of several methods, they-same can call methods of other classes and others packages. A security policy for JavaT "" may therefore consist of 3o tattoo the methods which are the smallest autonomous entities of the program. Another choice would be to tattoo BeansT "".
- Elements distributed in the program constituting a semantically coherent set like for example an abstract type algebraic which would be implemented by data structures and 35 procedures and functions distributed throughout the program;

In this case the elements to be tattooed can be selected automatically on syntactic criteria (procedures, modules, etc.) or semantics (by a static dependency analysis) or manually by operator intervention.
Several different security policies can be implemented works on the same program P by repeating successive tattoos of the same original software or hardware program for different players. II
is thus possible to assign to several levels of a distribution chain hardware or software (buyer, wholesaler, distributor, retailer) 1o brands of their own. We can thus tattoo as many times as one wants a software or hardware program (by superimposing tattoos), unlike tattoos of sounds or images which undergo a certain saturation of the subliminal channel (depending on the chosen perception model). We will not alter the software or hardware program, we will overload it, ~ 5 memory and time resources will be affected alone.
We can use for each of these tattoos semantics different secrets, so the chain of trust may have different secrets.
Of course, this tattooing device and method can be 2o combined with devices and methods of the prior art to make the hardware or software program unusable by unauthorized user (prevention) to trace the possible dissemination of said program by a authorized user to unauthorized users (audit). It will suffice for it not to communicate to authorized users the keys allowing them to 25 find the tattoo.
It is also possible to use the device and the method for automatically authenticate software or hardware programs that we will allow to transit on a network or to be hosted on a given computer station. The tattoo is comparable to a certificate 3o of authentication including the network or substation monitoring station IT will have the reading key.
(See Figure 9) A DPS Security Policy Module Among the preferred embodiments of the above PS method, the invention also discloses a DPS device (which can be produced by a product / computer program) which, from the text of the software program or material P and from a family of abstract domains D1, ..., Dm, chooses a abstract domain D and selects the elements of the program P to be tattooed.
(See Figure 9A) o A T tattoo process The watermarking method T uses an encryption module C, which implements a bijective function to calculate a semantic signature SSS secret based on an Auth authenticator, possibly using the secret abstract semantics SAS. From this semantic signature secret SSS and said SAS secret abstract semantics, the M marking described above produces an m mark. Module T uses again the module B described above which, from said mark m, from software or hardware program P and the selection of the elements to be tattooed in P provides the tattooed software or hardware program PT.
(See Figure 10) A DT tattoo module Among the preferred embodiments of the tattooing method T
above, the invention also discloses a DT device (which can be produced by a computer product / program) to conceal a authenticating Auth in the text of an original P software program or material through a program implementing secret abstract semantics SAS and data for selecting the elements of P to be tattooed.
(See Figure 10A) A general G process The general method G is used to tattoo a program P. For this do, the PS module described above is used to automatically choose or interactively the configured abstract domain which will be later used to perform static analysis by abstract interpretation by the Au authentication module as well as to automatically select or interactively the elements of the software or hardware program to be tattooed P.
5 Then the module A described above is used to calculate the semantics SAS secret abstract from the abstract domain previously configured selected and a secret key, usually chosen in interaction with a operator but which can also be automatically, or even randomly. Finally, the module T described above uses the program P, the 1 o secret abstract semantics SAS, an Auth authenticator and the selection of the elements to be tattooed in P to produce the software or hardware program tattooed PT. Variants consist in fixing once and for all the domain abstract which is used by the module G and to choose the secret key K in using a standard cryptographic method.
Application to authenticating compilation Compilation preserves the concrete semantics of the programs software or hardware to the nearest morphism. Therefore the compilation also keeps the secret abstract semantics of the software program or Po object material, which is the same as that of the P source program, at this same morphism. Therefore, the compilation of a hardware program or tattooed source PT software by a correct compiler does not wash the watermarking in the hardware or software program object PTo. knowing the target computer, we know the concrete semantics of the object code and therefore that of the PTo object hardware or software program. By adapting the devices DA and DS, according to the principles of the theory of abstract interpretation, to the semantics, concrete of the Masonic language of the computer or the system object computing using said compilation morphism, we get DAo and DSo devices conforming to modules A and S for semantics 3o concrete of the object code and such as the composition of DA then DS for PT
gives the same secret SSS semantics (near morphism) as the composition of DAo and DSo for PTo. Therefore, the DAu device using the DSo device calculates a representation of the signature secret SSS semantics of the PTo program, which is also that of the PT program and can therefore be used by the DAu device to find the authenticator of the PT program.
One of the applications of this patent is a Ca module of compilation, authenticating compiling a program while inserting a watermarking according to the principles of module G. In its embodiment preferred, a Dca authenticator compiler integrates the DG device of the figure 7 bis in a compiler for a hardware or software computer language which can be used as an option to tattoo the object code. As explained below above, the DAu device makes it possible to find the authenticator of the program 0 tattooed object.
(See Figure 11) The Modute DG gënérat ~ 5 Among the preferred embodiments of the tattooing method G
above, the invention also discloses a DG device (which can be produced by a computer product / program) to conceal a authenticating Auth in the text of an original P software program or material (depending on the choice of an abstract domain configured by a key 2o secret).
(See Figure 11A) An authentication process 25 The authentication process Au takes as parameters, the software or hardware program marked PT and secret abstract semantics SAS. It calculates the original Auth authentication. This module A is composed of two sub-modules module S, described above, which from the software program 3o tattooed PT and secret semantics extract the semantic signature secret SSS (PT) and therefore SSS (m) of the hidden mark m in PT;
a decryption and extraction module F, which is the inverse of the encryption module C used in watermarking module T, supports sets the secret semantic signature SSS (PT) to extract P.'s original Auth authenticator The decryption module F can also constitute a secret, just like module C.
(See Figure 12) DAu authentication module Among the preferred embodiments of the method 1o authentication In the above, the invention also discloses a device DAu authentication (can be achieved by a product / program computer using the DS device above and a DF decryption) for the authentication of a tattooed program PT
calculating its authenticator Auth.
(See Figure 12A) Presentation of additional figures 5 Figure 5 shows a block diagram of process A
to generate secret SAS abstract semantics from a domain abstract Di (K) dependent on a secret key K;
6 Figure 6 shows a block diagram of the S process to calculate the SSS signature according to the secret SAS semantics of a software or hardware program P;
Figures 5A and 6A show the diagram of the DA and DS devices corresponding to processes A and S in one of their variants of production ;
3o 7 Figure 7 (respectively 7A) shows the diagram of principle of the M method (respectively of the DM device in one of its variants) to produce a brand with a SAS secret abstract semantics (resulting for example from the application of principle of the method of FIG. 1) and a secret semantic signature SSS;

8 Figure 8 (respectively 8A) shows the diagram of principle of method B (respectively of the DB device in one of its variants) to tattoo a software or hardware program P in inserting a mark m into a selection of elements to be tattooed on said P;
9 Figure 9 (respectively 9a) shows the diagram of principle of the PS process (respectively of the DPS device in one of its variant embodiments) which, given a software or hardware program P, choose an abstract domain D from a family of abstract domains possible and selects elements of P to tattoo;
10 Figure 10 (respectively 10A) shows the diagram of principle of the T method (respectively of the DT device in one of its alternative embodiments) to insert a mark m characteristic of a authenticating Auth in a selection of elements of a software program or original P material using SAS secret abstract semantics;
~ 5 11 Figure 11 (respectively 11 A) shows the diagram of principle of the T method (respectively of the DT device in one of its variants) to choose an abstract domain parameterized by a key, a special secret and an authenticator to tattoo a software or hardware program P by transformation into a tattooed program 2o functionally equivalent PT;
12 Figure 12 (respectively 12A) shows the diagram of principle of the Au process (respectively of the DAu device in one of its variant embodiments) to authenticate a tattooed program PT.

Example 3 Consider an original program P to tattoo very simple by the DG device of FIG. 11 A, which is the following public class Fibonacci public Fibonacci () ~ o () public static void main (String [] args) int n = Integer.parselnt (args [0]);
int a = 0;
int b = 1;
for (int i = 1; i <N; i ++) int c = a + b;
2o a = b; // worth it b = c; // b is ui + 1 ) System.out.println ("The value of the sequence for n =" + n + "
is: "+ b);
For example, the DPS device of FIG. 9A selects methods to tattoo, like the main method.
A very simple example of tattooing JavaT methods "" consists 3o to use a collector semantics which is the set of descendants of the input states of the method (other alternatives being the semantics of ascending exit states or combinations like the intersection of these collector semantics).
In this example, the SAS secret abstract semantics is the abstraction of the collecting semantics of a method which retains only whole local variables and completely disregards others variables, the control flow graph, external elements and the context of the method. Therefore static analysis is insensitive to program transformations (for example for obfuscation or 5 scrambling) modifying the flow control graph and the transformations through equivalence of arithmetic expressions. For simplicity in this example SAS secret abstract semantics, only the arithmetic operations of base +, - and * are considered (including all other operations arithmetic to rewrite arithmetic expressions including these basic operations in an arithmetically form equivalent, like the least unary, etc.). The concrete semantics is chosen on the ring (Z, +, *) mathematical integers (and not as integers modulo 232 as in JavaTM, the arithmetic equivalences mentioned above to take this fact into account).
15 In this example, the SAS secret abstract semantics uses a finite height domain for integer local variables, which makes it insensitive to the chaotic iteration strategies used and avoids, always in the simplicity of the example, the use operators enlargement and narrowing.
2o In this example, the secret key K is the product K1 * K2 * ... * Kn of strictly positive natural numbers and prime among them. In the example '~ considered below, n = 2, K1 = 10000 and K2 = 5421. The abstract domain D (K), used to compute SAS secret abstract semantics by interpretation of collector semantics, is that of the propagation of 25 modulo K constants. According to the Chinese lemma, Z / ~ = Z / K1 * ", * KnZ is isomorphic to the product ring Z / K1 Z x ~ ~ ~ x ~ KnZ ~ Given the signature SSS secret semantics of the tattooed program PT in Z l ~ -~ K1 * ... * KnZ ~ we consider its image (s1, ..., sn) in Z / K1 Z x ~ ~ ~ x ~ KnZ
whose components are given by the canonical projection on the ring 3o Z / KiZ, i = 1,. ~ .., n. In the example considered, it is assumed that the DC device in Figure 6a calculates the secret semantic signature (2507, 3012) to from the program authenticator. The secret static semantics is then obtained by n static analyzes, for all integer variables local to the abstract domain method Z / Ki Z, i = 1, ..., n; corresponding 35 to the propagation of the modulo Ki constants. The device DA of FIG. 5A

therefore consists of a program of successive static analyzes by propagation of modulo constants (K1, ..., Kn).
In this example, the device DM of FIG. 7A uses the SAS secret abstract semantics and the SSS secret semantic signature defined above to produce a mark m the text of which is as follows int <Watermark: 10000: 2507>;
int <Tmp: 10000: 2507>;
o <Watermark: 10000: 2507> = 1;
<Tmp: 10000: 2507> = <watermark: l 0000: 2507>+227492;
<Tmp: 10000: 25D7> ~ <Watermark: 10000: 2507> * <Tmp: 10004: 2507>;
<watermark: l 0000: 2507> = <Tmp: 10000: 2507> 155 014;
<Tmp: 10000: 2507> = <Watermark: 10000: 2507> * 1323;
<Tmp: 10000: 2507> = <Tmp: 10000: 2507>153;
<Tmp: 10000: 2507> = <Tmp: 10000: 2507> * <watermark: l 0000: 2507>;
<watermark: l 0000: 2507> = <Tmp: 10000: 2507>9109;
2o int <Watermark: 5421: 3012>;
int <Tmp: 5421: 3012>;
<watermark: 5421: 3012> = 1;
<Tmp: 5421: 3012> = <Watermark: 5421: 3012> + - 35539;
<Tmp: 5421: 3012> = <Watermark: 5421: 3012> * <Tmp: 5421: 3012>;
<Watermark: 5421: 3012> = <Tmp: 5421: 3012>11,445;
<Tmp: 5421: 3012> = <Watermark: 5421: 3012> * 658;
<Tmp: 5421: 3012> = <Tmp: 5421: 3012>971;
<Tmp: 5421: 3012> = <Tmp: 5421: 3012> * <Watermark: 5421: 3012>;
<Watermark: 5421: 3012> = <tmp: 5421: 30i 2>+4623;
In a simplified case where Ki is not too large efi for a secret semantic signature s given in ZlKiZ, the text ~ of the brand m created by the device DM of FIG. 7A can consist of a single mark initialization which can be an assignment <watermark: Kia> = s';
where s' = s + aKi and the value a in Z is not chosen too large so as to avoid that it does not overflow outside 32 bits of Java integers.
The value of the variable <watermark: Ki: s> is always constant in a static analysis by propagation of the modulo Ki constants and equal to s.
This value does not appear in clear in the brand and is all the more hard to find that the secret key Ki is unknown.
1o A more sophisticated instantiation of the DM device in the figure 7A allows to choose this initialization mark as being a polynomial Q (in the variable <watermark: Kia>) of the form ak <watermark: Kia> k + ... + a1 <watermark: Kia> + a where ak, ..., a1 are random values and the value a is given through a - = s - akvk - ak-1 v k-1 _, .. - a1 v mod Ki where the initial value v is chosen randomly.
In this case, the initialization mark consists of the assignments <Watermark: Kia> = v;
<watermark: Kia> = ak <Watermark: Kia> k + ... + a1 <Watermark: Kia>
+ a;
so that ('we always <watermark: Kia> = s mod Ki The disadvantage of using a single initialization mark leave the value of <watermark: Ki: s> constant and therefore easily identifiable by a static analysis propagating the constants. To avoid it, a more sophisticated DM device will add an induction mark allowing to give a dynamic to the brand variable <watermark: Ki: s> of so that it takes stochastic values in Z but remains constant 3o in Z / KiZ. We use for this a polynomial Q 'which has the property of stability, i.e.
Q '(s) ---- s mod Ki The polynomial Q 'is generated as explained above and the induction mark is formed by instruction <Watermark: Kia> =
A K ~ <Watermark: Kia> k 'a' 1 + ... + <watermark: Kia> + a ';
or any equivalent, for example using the principle of calculating Horner.
The DB device in Figure 8A can place this mark induction in a loop or in a recursive call of the method to tattoo in P because its execution does not modify the value of <watermark: Ki: s> in the Z / KiZ ring chosen to calculate the semantics secret static s. However, the value observed in the field o Interpretation of Java integers will be totally stochastic.
In the example of the tattoo of program P above, the brand defined above uses two local variables <watermark: Ki: s>
and <tmp: Ki: s>. The initialization mark is the initial code segment constituted by a polynomial Q calculating the initial value of 5 ~ <watermark: Ki: s>. The induction mark consists of a polynomial Q 'having the stability property for s in the Z / KiZ ring considered.
Second degree polynomials are used for convenience. The values of coefficients of the second degree polynomial ensuring the initialization are random. This polynomial is given as follows in ZJKiZ
2o Q (x) _ (x -1) (x - s) = x2 + coeffl .x + coeff2.
A random number of Ki modulo periods is added or subtracted from the coefficients so as not to reveal the key s. The value initial of <watermark: Ki: s> is therefore <watermark: Ki: s> = Q (1) - s in Z / KiZ.
25 The initial mark consists in calculating this polynomial Q using the H ~ rner calculation principle. The induction mark consists of a polynomial Q '(also of the second degree, again for convenience) satisfying the stability property Q '(s) = s in ZJKiZ
30 The polynomial Q 'is written Q '(x) = ax2 + bx + c The coefficients a and b are drawn by lot, while c is chosen from way to ensure the stability property for the secret key like explained above. The induction mark consists of the instruction 35 assignment <watermark: Kia> = Q '( <Watermark: Kia>);
where the polynomial is calculated by the Hôrner method.
The tattooed program PT corresponding to the program P including the m mark above is as follows public class FibonacciTatoue f public FibonacciTatoue () f ~
public static void main (String [] args) f int n = Integer.parselnt (args [0]);
int a = 0;
~ 5 int b = 1;
int d = 1;
int e = 35538;
intf = 1;
int g = 227493;
2o e = d * e;
d = e + 11445;
g = f * ~ 9 f = g + 155014;
for (int i = 1; i <N; i ++) 25 ~ f int c = a + b;
e * d = 658;
f = f * 1323;
a = b; // worth it 3o g = g + 153;
e = e + 971;
g = g * f ~
e = e * d;
b = c; // b is ui + 1 35 d = e + 4623;

f = g + 9109;
System.out.println ("The value of the sequence for n =" + n + "
is: "+ b);
5}
The location of the marks is random, in order of marks, the initialization mark being placed at the start of the program and the 1o induction mark being preferably placed in a loop or in a recursive call branch of the method.
In the example considered of device DB of FIG. 8A, a further transformation of the program is then required to link the tattoo to the original program (to resist for example the 15 tattoo removal by automatic slicing), for example) public class FibonacciTatoue public FibonacciTatoue () public static void main (String (] args) f int n = Integer.parselnt (args [0]);
int a = 0;
int b = 1;
int d = 1;
int e = 35538;
int f = 1;
3o int g = 227493;
e = d * e;
d = e + 11445;
g = f * ~ 9 f = g + 155014;
for (int i = 1; i <N; i ++) int c = a + b;
e * d = 658;
f = f * 1323;
a = b + (155 014 / f); // worth it g = g + 153;
e = e + 971;
g = g * f e = e * d;
1o b = c + (e / f); // b is ui + 1 d = e + 4623;
b = b- (e / f);
a = a- (155014 / f);
f = g + 9109;
System.out.println ("The value of the sequence for n =" + n + "
is: "+ b);
) Removal of variables d, e, f and g used for watermarking would make the erroneous program therefore unusable.
In a more realistic example, the device DB of FIG. 8A must ensure that the transformation of the original program does not introduce runtime errors that could change the semantics of the program original. We will use classic interpretation techniques for this.
abstract.
In a more realistic example, the device DB of FIG. 8A
will use more sophisticated methods to link the brand m to 3o original program P in the tattooed program PT. As part of the example considered above, this requires being able to use properties secret invariants of the tattoo variable which are transposable into 32-bit signed arithmetic. It is possible very simply when, for example example, the key Ki is a power of 2. Indeed, suppose that Ki = 2k.
So we have x = s + a.2kdansZ
We have, still in Z, that, for all j less than or equal to k:
x 2J =% s% 2J
where x% y denotes the operation that returns the rest of the division Euclidean of x by y. We notice that this property remains trivially true in Z / 232Z which is the domain of JavaTM integers. Properties tattoo arithmetic can be used to modify calculations of the method. For example, suppose that Ki = 216 and that s = 18. While whatever the value of x, the invariant x% 4 = 2 is always satisfied. From this fact, an explicit constant 2 in the original program P, can be replaced by x% 4 in the tattooed program PT. Other constants or values variables of the tattooed program PT can also be easily calculated based on this value. For example 1 in P will simply be ~ 5 replaced by (x% 4) -1 in PT.
This concludes the description of the DT tattoo device on the example considered by linking DC, DM and DB devices as indicated in FIG. 10A and of the DG device by linking the devices DPS, DA and DT as shown in Figure 11A.
2o In this example, the device DS of FIG. 6A calculates the secret static semantics s = (s1, ..., sn) by doing n static analyzes successive of the tattooed program according to the abstract interpretation defined above above consisting of forward analysis, which may ignore the flow of control or not, with propagation of the modulo constants the keys remaining 25 secret K1, ..., Kn.
From this secret static semantics s = (s1, ..., sn), ie DF device calculates the original authenticator of the P program as indicated in Figure 8 bis.
If the domain D (K) used in the above example is public 30 (but not 1â key K), then the secret static semantics s can be discovery by brute force, at least for very small programs with few integer variables. In a more realistic example we will therefore use, not keys s1, ..., sn coded on 32 bits, but one or several 512-bit keys s using, for example, arithmetic coding of the value of <watermark: xi: s> on 16 variables of 32 bits or 8 of 64 bits or using any other computer coding technique for large integers.
This concludes the description of the device DAu in FIG. 12A for the example considered.

Example 4 A fourth example is the following sorting program private static void bubbleSort (double [] data, int size) {
int indexl, index2;
double time boolean exchanged;
1o for (indexl = size; indexl> = 2; indexl--) {
exchanged = false;
for (index2 = 1; index2 <= indexa - 1; index2 ++) {
. if (data [index2]> data [index2 + 1]) {
temp = data [index2];
data [index2] = data [index2 + 1];
data [index2 + 1] = time exchanged = true;
2o if (! Exchanged) break;
Ä new n = 2, K1 = 10000 and K2 = 5421. The bubblesort method is tattooed twice, the first time with the same semantic signature secret (2507, 3012) as above and the second time by signing secret (9876, 2345). The second tattoo could as well have been done for values different from K1 and K2. After compilation, tattoo, obfuscation and decompilation, we obtain the bubblesort class as follows private static void bubbleSort (double [] r0, int i0) {
int i1, i2, i3, i4, i5, i6, i7, i8, i9, i10, i11;
double d0;
i1 = 1;

i2 = i1;
i3 = i2;
i4 = i3;
i5 = i2 - 35539;
5 i6 = i1 - 62508;
i7 = i3 - 129877;
i6 = i1 * i6;
i5 = i2 * i5;
i1 = i6 - 144986;
I8 = i4 + 84390;
i7 = i3 * i7;
i2 = i5-75291;
i8 = i4 * i8;
i3 = i7 + 169752;
15 i4 = i $ + 10111;
for (i9 = i0; i9> = 2; i9--) {
i10 = 0;
for (i11 = 1; i11 <= i9 - 1; i11 ++) {
if (r0 [i11]> r0 [i11 + 1]) {
20 i6 = i1 * 620;
i6 i6 + = 1151;
d0 = r0 [i11];
i6 = i6 i1 *;
i1 = i6 + 6570;
25 r0 [i11] = r0 [i11 +1];
i8 = i4 * 936;
i5 = i2 * 620;
i5 i5 = + 1 151;
i5 = i5 * i2;
I8 = i8 + 1057;
i2 = i5 + 2961;
r0 [i11 + 1] = d0;
i7 = i3 * 1231;
i7 = i7 + 1699;
35 if ((i2 - 2961) _ = i5) i10 = 1;
i8 = i8 * i4;
i7 = i7 * i3;
i3 = i7 + 2696;
i4 = i8 + 1389;
if (i 10 == 0) break;

Claims (33)

67 1. Product/computer program to process instructions software (10), characterized in that it comprises a choice module (310) according to predefined criteria of the instructions (110, 130, 150) of said input software of the transcoding program and a module (320) of choice among several of a secret transcoding method (220) applied to the say instructions. 2. Product/computer program according to claim 1, characterized in that the secret transcoding method (220) has as its output a semantic signature of the software (10). 3. Product/computer program according to one of the claims above, characterized in that the semantic signature of the software (10) is constituted by all or part of the set of properties of the software (10) transcoded by the secret method (220). 4. Product/computer program according to one of the claims above, characterized in that said software (10) is written in the language of programming. 5. Product/computer program according to one of the claims above, characterized in that the software (10) is written in the language of the type Java, Java Script or Java bytecode. 6. Product/computer program according to one of the claims above, characterized in that the software (10) is written in the language of the Very High Definition Language, Verilog or Assembler type. 7. Product/computer program according to one of the claims preceding, characterized in that the instructions to which a transcoding program will be applied are chosen from those involving algebraic operations or allocations on variables to be integer values. 8. Product/computer program according to one of the claims preceding, characterized in that the instructions to which a transcoding program will be applied are chosen from those involving algebraic operations or allocations on references with integer values. 9. Computer product/program according to claim 7 or claim 8, characterized in that the secret transcoding method is determined by the choice of secret integers as operators of congruence applied to algebraic operations or to allocations on variables or integer-valued references. 10. Product/computer program according to claim 8, characterized in that the secret transcoding method is determined by the secret choice of one or more integer-valued variables in association to references. 11. Product/computer program according to any of the preceding claims, characterized in that it further comprises a module (330) for inserting the reverse transcoded instructions (110",130",150") in the software (10). 12. Product/computer program according to claim 11, characterized in that the reverse transcoded instructions are inserted at positions chosen according to predefined criteria in the software (10) in the form of instructions for calculating said variables, said instructions comprising the application to said operation variables which leave invariant the semantic signature of the software (10). 13. Product/computer program according to claim 12, characterized in that the reverse transcoded instructions are inserted at positions chosen according to predefined criteria in the software (10) in the form of variable initialization instructions and calculation of said variables, said instructions comprising the application to said function variables by polynomials of degree 1 or of degree 2 created from a random coefficient and the values of numbers whole secrets. 14. Product/computer program according to any of the claims 11 to 13, characterized in that the module (330) comprises a encryption sub-module (330 A) to calculate a semantic signature secret (SSS) according to an authenticator (Auth), a sub-module (330 B) to determine a mark (m) from the secret method of transcoding (220) and said secret semantic signature (SSS), and a camouflage sub-module (330 C) to produce the watermarked program (40) from program text (10), mark (m) and instructions chosen for the tattoo (110, 130, 150). 15. Method for processing software instructions (10), characterized in that it comprises a step for choosing according to predefined criteria the instructions (110, 130, 150) of said program (10) to which a transcoding program is applied and a step for choose among several the secret transcoding method (220) to be applied to the said instructions. 16. Method according to claim 14, characterized in that the secret transcoding method produces a semantic signature of the software (10). 17. Method according to claim 14, characterized in that the semantic signature of the software (10) consists of all or part of the set of properties of the software (10) transcoded by the secret method (220). 18. Method according to one of claims 14 or following, characterized in that said software (10) is written in the language of programming. 19. Method according to one of claims 14 or following, characterized in that said software (10) is written in Java type language, Java Script or Java bytecode. 20. Method according to one of claims 14 or following, characterized in that the software (10) is written in language of the Very High type Definition Language, Verilog or Assembler. 21. Method according to one of claims 14 or following, characterized in that the instructions to which a program of transcoding will be applied are chosen from those containing algebraic operations or allocations on valued variables whole. 22. Method according to one of claims 14 or following, characterized in that the instructions to which a program of transcoding will be applied are chosen from those containing algebraic operations or allocations on valued references whole. 23. Method according to one of claims 20 or 21, characterized in that the secret transcoding method is determined by the choice of secret integers as congruence operators applied to algebraic operations or allocations on variables or integer-valued references. 24. Method according to claim 21, characterized in that the secret transcoding method is determined by the secret choice of a or more integer-valued variables in association with references. 25. Method according to one of claims 14 or following, characterized in that it further comprises a step for inserting the reverse transcoded instructions (110",130",150") in the software (10). 26. Method according to claim 24, characterized in that the reverse transcoded instructions are inserted at selected positions according to predefined criteria in the software (10) in the form instructions for calculating said variables, said instructions comprising the application to said variables of operations which leave invariant the software semantic signature (10). 27. Method according to claim 25, characterized in that the reverse transcoded instructions are inserted at selected positions according to predefined criteria in the software (10) in the form instructions for initializing variables and instructions for calculating say variables, the said instructions comprising the application to the said variables of polynomial functions of degree 1 or degree 2 created from a random coefficient and secret integer values. 28. Computer product/program for processing software instructions (40), characterized in that it comprises a module (50) allowing a user knowing the method parameter(s) secret (220) according to one of the preceding claims to recognize the software signing (10). 29. Product/computer program according to claim above, characterized in that the module (50) includes a program semantic static analysis to recognize the signature. 30. Product/computer program according to claim 27 or claim 28, characterized in that the module (50) comprises a program for calculating the fixed point of the values of all or part of the variables. 31. Method for processing program instructions source code computer (40), characterized in that it allows a user knowing the parameter(s) of the secret method (220) according to one of the preceding claims to recognize the software signature (10). 32. Method according to claim 30, characterized in that that it includes a semantic static analysis step to recognize the signature. 33. Method according to one of claims 30 or 31, characterized in that it includes a step of calculating the fixed point of the values of all or part of the variables.