CN100342296C - Method for realizing computer software intruder preventing edition based on confidence computation module chip - Google Patents
Method for realizing computer software intruder preventing edition based on confidence computation module chip Download PDFInfo
- Publication number
- CN100342296C CN100342296C CNB2005100372471A CN200510037247A CN100342296C CN 100342296 C CN100342296 C CN 100342296C CN B2005100372471 A CNB2005100372471 A CN B2005100372471A CN 200510037247 A CN200510037247 A CN 200510037247A CN 100342296 C CN100342296 C CN 100342296C
- Authority
- CN
- China
- Prior art keywords
- software
- user
- ciphertext
- data
- calculation modules
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention discloses a method for realizing computer software pirate prevention based on a trusted computer module chip. The present invention comprises: a trusted computer module chip and supporting software thereof are arranged on a software subscriber computer in advance, and the initialization of the chip is completed; a software copyright proprietor conceals key data selected by a section or a plurality of sections in a protected software product, transfers the software product without the concealed data to a software user who legally obtains the software, and simultaneously, provides software registering tool software for the user; by the software registering tool software, the user invokes the trusted computer module chip in the local computer to generate a registering key pair can not be transplanted, and a registering key public key and registering information are sent to the software copyright proprietor. Because the security characteristics of data encapsulation, binding, encryption transmission session, etc. of the TPM chip are used, the computer software pirate preventing method of the present invention effectively prevents the computer software from being pirated, illegally replicated, installed without authorization, etc.
Description
Technical field
The inventive method belongs to the computer information safety technique field, and in particular a kind of cryptographic technique and creditable calculation modules chip technology of utilizing solves the anti-piracy method of software commodity.
Background technology
At present, can solve software both at home and abroad fully and prevent that pirate technology and the method that can take into account user's ability to shoulder economically simultaneously again from also not occurring.Now extensively the software anti-theft platemaking technology that adopts mainly contains three classes: one, adopt the registration sequence number, these class methods usually, number of registration can repeat repeatedly to use, herd number is in case leak and will cause a large amount of pirate generations; Two, adopt over-network registration or networking Activiation method, the principle of this method is to include in the software to judge the program code that activates or whether register; But the cracker can find the code of judgement effect by code tracking, and it is walked around to reach pirate purpose; Three, hardware is anti-piracy; every cover software attaches one based on " dongle " of serial ports or USB interface or the hardware product of USB smart card or similar functions during software business man's selling software product; the anti-piracy pattern great majority of this hardware have all used the cryptoguard technology; therefore can play anti-piracy preferably effect; but subsidiary hardware product costs an arm and a leg and can take the computer hardware interface resource, therefore fact proved to be not suitable for large-scale promotion and universal.The computer software method for preventing piracy of other kind and product also have, but great majority all are the mutation or the combination of said method, there is no substantive breakthroughs, so can not fundamentally reach and not only prevent software piracy but also economical and practical purpose.
Therefore there is defective in prior art, and awaits improving and development.
Summary of the invention
The object of the present invention is to provide a kind of based on the anti-piracy method of creditable calculation modules chip realization computer software; defective at existing software anti-theft platemaking technology; technical method of the present invention can fundamentally solve the software commodity can't realize preventing pirate problem fully; its core technology that adopts is to utilize the safety protection function and the cryptographic technique principle of creditable calculation modules (TPM) chip of installing on the computer motherboard, provides a kind of high security simultaneously cheap anti-piracy technique.
Technical scheme of the present invention is as follows:
A kind of based on creditable calculation modules chip realization software anti-theft version method, may further comprise the steps:
A., creditable calculation modules chip and support programs thereof are installed on the software users computing machine in advance, and are finished chip initiation;
B. the software copyright owner will choose one section or several sections critical datas and hide from the protected software product, and the software product that will not comprise hiding data passes to the legal user who obtains this software, provide a software registration tool software to the user simultaneously;
C. the user needed register at software copyright owner place before normal this software of use;
D. the user calls creditable calculation modules chip in the local computer by described software registration tool software to produce the login key of portable not right, and login key PKI and log-on message are issued the software copyright owner;
E. after the software copyright owner confirms user validation, use user's login key PKI that hiding data is encrypted and pass to the user again, the hiding data of encryption can only be deciphered use by this user;
F. the user uses at every turn and must call this machine creditable calculation modules chip before this software the hiding data of software is decrypted and can normally uses.
Described method, wherein, described hiding data by the described software copyright owner in the software that every suit is sold from core code one or more snippets picked at random, its total length is the arbitrary word joint number; Described hiding data is retained in the possessory database server of software copyright, does not comprise this hiding data in its formal software of selling.
Described method, wherein, the selection of described hiding data comprises at least and is used to judge that software is formal version or trial edition, and judges whether that the core logic that surpasses the term of validity on probation judges code, to prevent illegally cracking software.
Described method, wherein, described method also is included in will distribute one group of unique and numbering of having nothing in common with each other as its software identification when software dispatches from the factory, its length determines at random that by the software copyright owner this software identification and its hiding data corresponding stored are in described database server.
Described method, wherein, described method comprises that also every cover software is set is combined into cover software commodity with a software registration instrument, its corresponding software identification; And described software registration instrument can be downloaded from the website, and the validated user that is used for software is registered at software copyright owner place by the internet after obtaining software product.
Described method, wherein, the registration step of described software registration instrument comprises:
C1, software registration instrument will call and be installed in creditable calculation modules chip on the subscriber computer to produce RSA Algorithm or other asymmetric arithmetic keys of a pair of not portable at random right as user's login key;
C2, wherein the private key of this login key part is by creditable calculation modules chip " encapsulation ", that is: TPM father's key of using this key partly carries out RSA Algorithm to the private key of this key or other asymmetric arithmetics are encrypted, wherein said father's key need be specified when this key produces, only the private key ciphertext is derived and is stored on the subscriber computer hard disk then, and this encapsulation private key can only import the creditable calculation modules decryption chip of this machine and use at the TPM chip internal, and its PKI part mails to the software copyright owner by the software registration instrument together in company with user's log-on datas such as software identification;
After c3, the software copyright owner receive user's log-on data, user's registration information is registered and confirmed, mistake is returned in the refusal registration if information is undesirable; Information Authentication indexes the hiding data of this cover software according to software identification by the back, and the login key PKI that uses this user with these data " binding " on the computing machine of software users, that is: the software copyright owner uses user's login key PKI that hiding data execution RSA Algorithm or other asymmetric arithmetics are encrypted the hiding data ciphertext that obtains, this ciphertext is merely able to remove " binding " by the creditable calculation modules chip solution on the subscriber computer, promptly uses the private key of login key with decrypt ciphertext at the creditable calculation modules chip internal.
Described method, wherein, described registration step also comprises:
C4, by the software identification that the user submits to, it is formal version user or trial edition user that the software copyright owner distinguishes the user; If software trial edition user, then obtain software term of validity numerical value on probation, again software term of validity numerical value on probation is connected with software identification, and use user's login key PKI that this data execution " binding " operation is obtained term of validity ciphertext on probation, described hiding data ciphertext and term of validity ciphertext on probation are returned to subscriber computer as authorization data;
After c5, subscriber computer are received the authorization data that the software copyright owner beams back, the software registration instrument imports the creditable calculation modules chip with the term of validity ciphertext on probation in private key for user and the authorization data, and releasing " binding " function of calling creditable calculation modules will be tried out the reduction of term of validity decrypt ciphertext and be obtained software and try out term of validity numerical value;
If c6 software is formal software, then hiding data ciphertext and term of validity ciphertext on probation are kept on this machine hard disk, finish registration process; Otherwise calling function of creditable calculation modules creates the creditable calculation modules monotone counter of appointment and obtains the counter currency as the counter initial value, or the obtain computer system clock currency initial value of software enabling time and last service time on probation, creditable calculation modules monotone counter initial value or software enabling time were connected with software identification with last service time, and use user's login key PKI execution creditable calculation modules " binding " operation to obtain counter initial value ciphertext, by the software registration instrument with the hiding data ciphertext, term of validity ciphertext sum counter initial value ciphertext on probation is kept on this machine hard disk, finishes registration process.
Described method, wherein, described step f also comprises:
F1, during user's each run software, by the leader of software program packed user is registered private key and import the creditable calculation modules chip, when running into when needing code data that reduction hides, the unbind function of calling creditable calculation modules is reduced to clear data with the hiding data ciphertext, and be discharged in the internal memory and move by the routine data of encrypted transmission session with reduction, program is normally moved the code data of back this pre reduction of auto-destruct, can repeat above-mentioned reduction of data process when running into hiding data more later on, this process will run through software whole service life cycle;
Can will try out term of validity ciphertext after f2, described software program start and import the creditable calculation modules chip, and the unbind function of calling creditable calculation modules will try out term of validity ciphertext and be reduced to software term of validity numerical value on probation, judge that according to software term of validity numerical value on probation software is formal version or trial edition;
F3 is if formal version software, then normally operation; If trial edition software, by software counter initial value ciphertext is imported the creditable calculation modules chip, and the creditable calculation modules chip of the unbind function of calling creditable calculation modules when counter initial value ciphertext is reduced to registed authorization specified the initial value of monotone counter, call function of creditable calculation modules again and obtain the currency of specifying monotone counter, by relatively counter initial value and currency can judge whether software is expired; Or according to current computer system clock value be kept at enabling time and last service time in the term of validity ciphertext on probation, judge the deceptive practices that software is whether expired and whether have the malicious modification system clock.
F4, then continue operation,, then also need to send monotone counter and add 1 instruction, upgrade the monotone counter currency to the creditable calculation modules chip if this moment, software adopted is the number of times restriction strategy on probation that monotone counter is realized as software is not out of date; Stop operation immediately as the expired then software of software, and auto-destruct is stored in the hiding data in the subscriber computer.
Provided by the present invention a kind of based on the anti-piracy method of creditable calculation modules chip realization computer software, owing to utilized the security features such as data encapsulation, platform binding and encrypted transmission session of the TPM chip that is welded on the computer motherboard, guarantee the legal use on the subscriber computer of appointment of shielded program, the software of bootlegging can't move on any personal computer beyond the subscriber computer; And because crucial logical code is " hiding data " in the protected software, stowed position is fixing, and " hiding data " can only reduction when concrete use the in the subscriber computer internal memory, also will check software integrity before the reduction of data; Software also can be implemented internal storage code dynamic protection mechanism such as special " mixing out of order ", " scrambling " and multilayer nest in addition, can't succeed so any decompiling of software implementation or tracking, deception etc. are cracked means; The inventive method makes the user to register at the software vendor place before using software, otherwise can't use, the therefore behavior that any use same software sign is registered, and this information can be known very accurately in software vendor, and takes corresponding measure or countermeasure.Use the technology of the present invention and can guarantee user's legal use software on designated computer, thereby prevent that effectively computer software is by piracy, by bootlegging with by the illegal activities of unauthorized installation.Because the TPM safety chip that this software anti-theft platemaking technology uses has embedded user personal computer and has been sold to the user; therefore the user is when use is subjected to the software of the technology of the present invention protection; need not supplementary payments TPM chip expense again, help the popularization of this invention technology.
Description of drawings
Fig. 1 is software vendor's initialization process process flow diagram of the inventive method;
Fig. 2 a is the software users application for registration processing flow chart of the inventive method;
Fig. 2 b is software vendor's authorisation process process flow diagram of the inventive method;
Fig. 2 c is the local location registration process process flow diagram of the software users of the inventive method;
Fig. 3 is the daily startup workflow diagram of the software of the inventive method.
Embodiment:
Below in conjunction with accompanying drawing in detail, each embodiment of software anti-pirate method of the present invention will be described.
Provided by the present invention a kind of based on creditable calculation modules chip realization software anti-theft version method, be to utilize cryptographic technique and creditable calculation modules chip (hereinafter to be referred as the TPM chip) function to realize, it comprises that following basic step: a. installs the creditable calculation modules chip in advance and finishes chip initiation on the software users computing machine; B. after the software copyright owner will choose critical data in the software product that is subjected to this method protection and intercept, form hiding data, to not comprise the software product sale of hiding data or pass to the legal user who obtains this software, a cover software registration tool software is provided simultaneously; C. the user need register at software copyright owner place before normal this software of use; D. the user is right by the login key that software registration tool software invoke user computing machine TPM chip produces portable not, and login key PKI and other log-on message are issued the software copyright owner; E. the software copyright owner passes to the user after using user's login key that the hiding data of software is encrypted again, and ciphered data can only be used by this software users deciphering; Can normally use after all needing to utilize subscriber computer TPM chip that the hiding data of software is decrypted when f. the user uses this software at every turn.Use the technology of the present invention and can guarantee user's legal use software on designated computer, and can prevent effectively that computer software is by piracy with by illegal activities such as bootlegging, unauthorized installations.
Concrete grammar step of the present invention is as follows:
The software copyright owner chooses in its software kernels code one or more snippets information as hiding data for certain software commodity of its issue, the code data section total quantity m that is hidden (decide according to the software product data of selling m 〉=1) fixes, but be sold to for every suit in final user's the software, from the m section, choose n section (1≤n≤at random m) as the unique hiding data of this cover software by the permutation and combination principle.And calculate the completeness check code that this cover software does not comprise the hiding data part.This hiding data and completeness check code will be retained in the possessory database server of software copyright, will not comprise hiding data and check code in formal every cover software of selling.
The selection of hiding data should comprise at least and be used for the software integrity inspection, judges that software is formal version or trial edition; and judge whether to surpass responsive programmed logic code such as the term of validity on probation, and the software copyright owner thinks and is necessary other core code of protecting.The software copyright owner will distribute one group of unique and numbering of having nothing in common with each other as software identification when every cover software dispatches from the factory, and its length L determined voluntarily by the software business man, and the hiding data of software identification and software is corresponding one by one and be stored in this database server.
An every cover software and a cover software registration instrument, software identification etc. are combined into cover software commodity, can sell to software users, software registration tool software wherein also can be downloaded up-to-date upgraded version from software business man's open website, and the validated user that is used for software is registered at the software business man place by the internet after obtaining software product.
The inventive method in the software normal mounting after on the subscriber computer, the user must utilize described software registration instrument to carry out the registration operating process before using software, at this moment, the software registration instrument will call the TPM chip that is installed on the subscriber computer produce at random the RSA Algorithm of a pair of not portable or other asymmetric arithmetic keys as login key to RegKeyPair, wherein private key part PriKey by TPM chip " encapsulation " (Wrap), that is: after PriKey is encrypted by his father's key SK or SRK, only private key ciphertext PriKey ' is stored on the subscriber computer hard disk, and can only imports the TPM decryption chip of subscriber computer and use at chip internal; Note, the inventive method is utilized the technical characterstic of TPM chip, and all carry out at the TPM chip internal the encryption and decryption operation of user's login key, therefore, the bootlegger can't be by common technological means as reading keyboard, and rdma read or hard disk information search etc. is known key plain and algorithmic procedure.The PKI part PubKey of login key (public key data will with covert special format series arrangement) will be in company with software identification, user's registration information as comprising: the organization of user's name, service etc., subscriber computer platform information are as comprising: TPM chip id, CPU ID, BIOS ID and computer type, mainboard model etc. mail to the software copyright owner by the software registration instrument together.
After the software copyright owner receives user's log-on data, at first user's registration information is registered and confirm, error message is returned in the refusal registration if information is undesirable; Information Authentication indexes the hiding data M0 of this cover software according to software identification by the back, and obtain the completeness check code M1 that this cover software does not comprise hiding data part, hiding data M0 is connected with software check code M1, and use user's login key PKI part PubKey execution data " binding " (Bind) to operate, with software hiding data and check code " binding " on the computing machine of software users, that is: use user's login key PKI to carry out RSA Algorithm or other asymmetric arithmetics are encrypted the data ciphertext m1 that obtains, m1 is merely able to remove " binding " by the TPM chip solution on the subscriber computer, promptly at the TPM of subscriber computer chip internal ciphertext m1 deciphering is reduced to M0 and M1.
By the software identification that the user submits to, it is formal version user or trial edition user that the software copyright owner can distinguish the user.If software trial edition user then obtains software term of validity numerical value M2 on probation: formal version software M2=0 or other certain negative numerical value, trial edition software can be set the numerical value of M2 greater than zero; Again software term of validity numerical value M2 on probation is connected with software identification SN, and uses the PKI part of user's login key that these data execution " binding " are obtained term of validity ciphertext m2 on probation, above-mentioned m1 and m2 are returned to subscriber computer as authorization data.
The software term of validity on probation can be from software beginning back M2 fate or hourage to be installed on subscriber computer for the first time, promptly adopts time restriction; Can be meant that also the back starts software and M2 number of use from installing, and promptly uses the number of times restriction.The policy selection of the software term of validity on probation is by software copyright owner decision, and every type software commodity can only be specified and be used a kind of in above-mentioned two kinds of strategies.The software trial edition will cease to be in force automatically after arriving the valid period of using.
After subscriber computer is received the authorization data that the software copyright owner beams back, the software registration instrument imports the TPM chip with the term of validity ciphertext m2 on probation in private key for user PriKey ' and the authorization data automatically, and the decipher function that calls TPM is reduced to term of validity numerical value M2 on probation with ciphertext m2 and obtains the software term of validity, if M2≤0 explanation is formal version software, then hiding data and software check code ciphertext m1 and term of validity ciphertext m2 on probation are kept on the subscriber computer hard disk, finish registration process; Otherwise illustrate it is trial edition software, registration software calls the TPM function automatically and creates the TPM monotone counter of appointment and obtain counter initial value C0 (number of times restriction strategy), or obtain computer system clock currency T0 (is unit with the millisecond), phase initial value and last T1 service time (time restriction strategy) on probation, again C0 or T0 are connected with T1 and software identification SN and use client public key PubKey to carry out " binding " and obtain counter initial value ciphertext m3, at last by the software registration instrument with hiding data and software check code ciphertext m1, term of validity ciphertext m2 sum counter initial value ciphertext m3 on probation is kept on the subscriber computer hard disk, finishes whole registration process.
After built-in monotone counter is created by the user in the TPM chip of the inventive method, can only be triggered and monotone increasing by user instruction, the amplitude that increases progressively is for add 1 at every turn.Monotone counter and currency thereof all are kept in the physical protection zone of TPM chip, and the external world can't survey also can not hold and change and disturb counter works.
During user's each run software, at first will be imported the TPM chip by the private key for user ciphertext PriKey ' of " encapsulation " and the ciphertext m1 that includes software hiding data and check code automatically by the leader of software program, and releasing " binding " function of calling TPM obtains software check code M1 with data ciphertext m1 reduction, in internal memory, the software that does not comprise hiding data is carried out the check code checking subsequently, confirm its integrality, checking by after give software kernels with control, the checking not by then stopping running software.Run in the running software when needing to recover hidden code data, releasing " binding " function of calling TPM again obtains certain section hiding data M0s (s represents a certain section of hiding data) with the m1 reduction.At this moment, because the original kernel program section that lacks of running software is added in the internal memory on the relevant position, thereby make this software possess the condition of normal operation, operation M0s data meeting later auto-destruct can repeat above-mentioned reduction hiding data process (this process runs through the whole operation life cycle of software) when calling once more.
Simultaneously, can will try out term of validity ciphertext m2 behind the software kernels program start immediately automatically and import the TPM chip, this moment, the private key ciphertext PriKey ' of user's login key imported the TPM chip, and releasing " binding " function of calling TPM will be tried out term of validity ciphertext m2 and will be reduced to term of validity numerical value M2 on probation, obtain the effective time value of software, whether judge that smaller or equal to 0 software is formal version or trial edition according to M2.If formal version software, then software normally moves.
If trial edition software, automatically counter initial value ciphertext m3 is imported the TPM chip by software, this moment, user's login key private key ciphertext PriKey ' imported the TPM chip, and TPM monotone counter initial value C0 or T0 and the T1 of releasing " binding " function of calling TPM when counter initial value ciphertext m3 is reduced to the soft ware authorization registration, call the TPM function again and obtain appointment TPM monotone counter currency C1, computing formula E=M2-[(C1-C0)+1] ([] expression rounding operation), or obtain computer system clock currency T2 (is unit with the millisecond), computing formula E=M2-[(T2-T0)/1000/3600/24], whether judge result of calculation E≤0, if≤0 the explanation software expired, software will be stopped execution; Judge that else if T2<T1 then illustrates the behavior that has the malicious modification system clock and illegally use trial edition software, then software can be carried out the self-destruction program, and the user can not continue operating software again.If T2>T1 then software normally move, when software fair termination, can obtain computer system clock currency T2 ' once more, and use T2 ' to replace the T1 value to upgrade last service time, regenerate encrypt data m3 then.If software adopts number of times restriction strategy on probation, then software also will add 1 instruction from trend TPM chip transmitting counter, so that upgrade the currency C1 of monotone counter.
Data transmission will take place in the process of calling TPM in the inventive method, and this class process all uses the encrypted transmission interactive function of TPM to realize the data interaction and the transmission of TPM and application software.Even being reduced in TPM inside expressly, encrypt data need return to upper layer software (applications) by physics or logic communication line; the process of its whole data transmission also all is subjected to the protection of TPM encrypted transmission conversation mechanism, and the data in the transmission all can't be intercepted and captured or decode to any monitoring for communication line, the means of spying upon.
On the whole, a kind of software anti-theft version method that the present invention realized is to provide database server, software commodity initialize routine by the software copyright owner; The software users end provides personal computer and creditable calculation modules (TPM) chip; By software registration instrument and protected software product, call the defencive function that the TPM chip provides, and protected software product carried out following control:
As shown in Figure 1, need carry out initialization operation at the software vendor place before the software commercial articles vending.The software commodity of at first formally being sold for every cover by software commodity initialize routine are numbered, produce software identification, be numbered the numeral of length L position 0~9, in this type of software product, choose m section in its core code (decide according to the software product data of selling m 〉=1) data then as candidate data (can before initialization procedure or at software design stage, finish), by the permutation and combination principle from candidate data picked at random n section (1≤n≤m) is as " hiding data " of this cover software, every segment data length is designated as DL with byte number, be software identification with the software goods number again, in the database server that " hiding data " information stores is held to software vendor, at last the DL byte core data of this cover position, software product Central Plains " hiding data " is deleted, n aforesaid operations carried out in circulation, calculates the program part completeness check code that this cover software does not comprise " hiding data " then.Should overlap software " hiding data " and completeness check code is stored in software vendor's database.And the software that will handle is burnt on CD or the DVD CD.So promptly finish software product initialization and manufacturing process.Because above-mentioned production run adopts the data of randomly drawing in the kernel program and the method for hiding, and at different software identification different hiding datas is arranged, so the bootlegger carries out pirate copies to the software product that does not comprise hiding data and has just lost meaning.
Shown in Fig. 2 a, the user obtains must carry out the software registration Authorized operation behind the software commodity by legal means.The user uses software registration instrument (also can download from the software vendor website) subsidiary on the optical disk of software, at first 2048 modulus RSA Algorithm of not portable of the TPM chip functions of invoke user computing machine generation user or other asymmetric arithmetic keys are to RegKeyPair, as user's login key, wherein private key PriKey is stored on the hard disc of computer for private key ciphertext PriKey ' by TPM encryption " encapsulation ", and PKI PubKey and software identification and user's registration information then send to software vendor.It more than is exactly software application for registration process.In said process, because user's login key produces and the cryptographic algorithm implementation is all finished in the hardware of TPM chip, the data that export to the use of TPM chip exterior all are the data of encrypting through TPM, therefore can't be in the TPM chip exterior by the plaintext of sensitive datas such as certain means acquisition key, the software cracker will seek out user's login key, the unique method that may use just only goes to attack the RSA cryptographic algorithms of 2048 moduluses, and this is hardly may be successful in the reality.
Shown in Fig. 2 b, the software copyright owner at first registers user's registration information and confirms after receiving the application for registration data of software users, and log-on message is undesirable will refuse to authorize and withdraw from the registration receiving procedure; After Information Authentication is passed through, from software copyright owner database server, index " hiding data " M0 of this cover software and the completeness check code M1 that this cover software does not comprise " hiding data " part according to software identification, hiding data M0 is connected with software check code M1, and the registered public keys of using software users with this data encryption " binding " on subscriber computer, obtain hiding data ciphertext m1.
The software copyright owner can learn that according to software identification the software users type is formal version or trial edition user, obtain software commodity term of validity numerical value M2 on probation (supposing formal version software M2=0) then, again M2 is connected with software identification, and the login key PKI that uses the user carries out " binding " to these data and obtains trying out term of validity ciphertext m2, and above-mentioned hiding data and software check code ciphertext m1 and term of validity ciphertext m2 on probation are returned to subscriber computer as authorization data.It more than is exactly the soft ware authorization process.
Shown in Fig. 2 c, after subscriber computer is received the authorization data m1 and m2 that the software copyright owner beams back, the software registration instrument imports the TPM chip with the term of validity ciphertext m2 on probation in user's login key private key ciphertext PriKey ' and the authorization data automatically, and releasing " binding " function of calling TPM will be tried out term of validity ciphertext m2 and is reduced to term of validity numerical value M2 on probation and obtain the software term of validity, if judging M2=0 software is formal version, then hiding data and software check code ciphertext m1 and term of validity ciphertext m2 on probation are kept on the hard disk of subscriber computer, finish registration process; Otherwise be trial edition (is that the number of times restriction comes for example with term of validity strategy), the software registration instrument calls the TPM function automatically and creates the TPM monotone counter of appointment and obtain counter initial value C0, C0 is connected with software identification SN, and use user's registered public keys PubKey execution " binding " to obtain counter initial value ciphertext m3, by the software registration instrument hiding data and software check code ciphertext m1, term of validity ciphertext m2 sum counter initial value ciphertext m3 on probation are kept on this machine hard disk at last, finish whole local registration process.Because the critical data of transmitting in the whole registration process all adopts the RSA asymmetric key algorithm to encrypt, solved the data security in the communication process, the bootlegger can't be come software implementation piracy by intercepting software registration process intercepting and capturing decoding log-on data.
As shown in Figure 3, when the user uses software at every turn, the software boot is at first automatically with user's login key private key ciphertext PriKey ' with include hiding data and the ciphertext m1 of software check code imports the TPM chip, and releasing " binding " function of calling TPM obtains software check code M1 with encrypt data m1 reduction, in internal memory, the software that does not comprise hiding data is carried out its integrality of check code demonstration validation subsequently, checking by after give software kernels with control, the checking not by then stopping running software.Run in the running software when needing to recover hidden code data, releasing " binding " function of calling TPM again obtains certain section hiding data M0s (s represents a certain section of hiding data) with the m1 reduction, and running software M0s data later can auto-destruct (this process runs through the whole operation life cycle of software).Can will try out term of validity ciphertext m2 behind the software kernels program start automatically and import the TPM chip, and releasing " binding " function of calling TPM will be tried out term of validity ciphertext m2 and will be reduced to software term of validity numerical value M2 on probation, obtain the effective time value of software, whether equal 0 (supposing that M2=0 is formal version) according to term of validity numerical value M2 on probation and judge that software is formal version or trial edition.If formal version software then continues operation, start-up course finishes.If trial edition, then software imports to the TPM chip with monotone counter initial value ciphertext m3 automatically, and releasing " binding " function of calling TPM is reduced to TPM monotone counter initial value C0 when authorizing registration with counter initial value ciphertext m3, call the TPM function again and obtain appointment TPM monotone counter currency C1, computing formula E=M2-[(C1-C0)+1], and whether judge result of calculation E≤0, if≤0 then the explanation software expired, software will be stopped execution; Otherwise software continues operation, and start-up course finishes.
The inventive method is owing to utilized the security function characteristics such as data encapsulation, binding and encrypted transmission session of TPM chip, make and can guarantee legal use on the subscriber computer of appointment by the software commodity of the inventive method protection, the software of bootlegging can't move on any personal computer beyond the subscriber computer; Secondly, because logical code crucial in the protected software is that " hiding data " and stowed position are all inequality to every suit software product, and " hiding data " can only reduce in the subscriber computer internal memory, internal storage code dynamic protection mechanism such as protected in addition software also can be implemented special " mixing out of order ", " scrambling " and multilayer nest can't be succeeded so any decompiling of software implementation or tracking etc. are cracked means; Also have, the technology of the present invention method makes that the user must be in software vendor's place's registration before using software, otherwise can't use, therefore the behavior that any use same software sign is registered, this information can be known very accurately in software vendor, and takes corresponding measure or countermeasure.
The present invention utilizes the monotone counter of TPM built-in chip type in the protection zone in addition; do not rely on the counter data that is stored in the computer standard storage medium (as: flexible plastic disc, hard disk or USB flash disk etc.), can guarantee that trial edition software can only legal operation in the software term of validity.
Because the TPM chip is a safety chip that is welded on the computer motherboard; the user obtains this chip when buying computing machine; the user buys any software commodity that are subjected to the technology of the present invention protection all need not be hardware chip supplementary payments expense again; and the security of TPM chip definitely can match in excellence or beauty even surmount the anti-piracy product of any a hardware of present use; so use the present technique invention, software business man and user can both benefited from it aspect security and the economy.
Authority's prediction according to IDC, the TPM chip will become the standard configuration product of personal computer, the personal computer that the TPM chip was installed by 2007 will account for more than 80% of market recoverable amount, and the software anti-pirate method based on TPM chip and cryptographic technique therefore of the present invention is with a wide range of applications in software industry.
Should be noted that simultaneously; above-mentioned description at specific embodiment is comparatively detailed; technical terms may be comparatively concrete; the software copyright owner one speech that is for example adopted in the foregoing description should refer to the proprietorial seller of selling of software; in a word; description to concrete technical term is only convenient for describing; for a person skilled in the art; obviously can have more to be equal to according to technical scheme of the present invention and replace design, these designs all should belong within the constructed scope of patent protection of claim of the present invention.
Claims (8)
1, a kind of based on creditable calculation modules chip realization software anti-theft version method, may further comprise the steps:
A., creditable calculation modules chip and support programs thereof are installed on the software users computing machine in advance, and are finished chip initiation;
B. the software copyright owner hides one section or several sections critical data of choosing in the protected software product, and the software product that will not comprise hiding data passes to the legal user who obtains this software, provides a software registration tool software to the user simultaneously;
C. the user needed register at software copyright owner place before normal this software of use;
D. the user calls creditable calculation modules chip in the local computer by described software registration tool software to produce the login key of portable not right, and login key PKI and log-on message are issued the software copyright owner;
E. after the software copyright owner confirms user validation, use user's login key PKI that hiding data is encrypted and pass to the user again, the hiding data of encryption can only be deciphered use by this user;
F. the user uses at every turn and must call this machine creditable calculation modules chip before this software the hiding data of software is decrypted and can normally uses.
2, method according to claim 1 is characterized in that, described hiding data by the described software copyright owner in the software that every suit is sold from core code one or more snippets picked at random, its total length is the arbitrary word joint number; Described hiding data is retained in the possessory database server of software copyright, does not comprise this hiding data in its formal software of selling.
3, method according to claim 2, it is characterized in that, the selection of described hiding data comprises at least and is used to judge that software is formal version or trial edition, and judges whether that the core logic that surpasses the term of validity on probation judges code, to prevent illegally cracking software.
4, method according to claim 2, it is characterized in that, described method also is included in will distribute one group of unique and numbering of having nothing in common with each other as its software identification when software dispatches from the factory, its length determines at random that by the software copyright owner this software identification and its hiding data corresponding stored are in described database server.
5, method according to claim 1 is characterized in that, described method comprises that also every cover software is set is combined into cover software commodity with a software registration instrument, its corresponding software identification; And described software registration instrument can be downloaded from the website, and the validated user that is used for software is registered at software copyright owner place by the internet after obtaining software product.
6, method according to claim 5 is characterized in that, the registration step of described software registration instrument comprises:
C1, software registration instrument will call and be installed in creditable calculation modules chip on the subscriber computer to produce RSA Algorithm or other asymmetric arithmetic keys of a pair of not portable at random right as user's login key;
C2, wherein the private key part of this login key is by creditable calculation modules chip " encapsulation ", that is: the father's key that uses this key partly carries out RSA Algorithm to the private key of this key or other asymmetric arithmetics are encrypted, only the private key ciphertext is stored on the subscriber computer hard disk then, and this encapsulation private key can only import the creditable calculation modules decryption chip of this machine and use at chip internal, and its PKI part mails to the software copyright owner by the software registration instrument together in company with user's log-on datas such as software identification;
After c3, the software copyright owner receive user's log-on data, user's registration information is registered and confirmed, mistake is returned in the refusal registration if information is undesirable; Information Authentication indexes the hiding data of this cover software according to software identification by the back, and the login key PKI that uses this user with these data " binding " on the computing machine of software users, that is: the software copyright owner uses user's login key PKI that hiding data execution RSA Algorithm or other asymmetric arithmetics are encrypted the hiding data ciphertext that obtains, this ciphertext is merely able to remove " binding " by the creditable calculation modules chip solution on the subscriber computer, promptly uses the encapsulation private key with decrypt ciphertext at the creditable calculation modules chip internal.
7, method according to claim 6 is characterized in that, described registration step also comprises:
C4, by the software identification that the user submits to, it is formal version user or trial edition user that the software copyright owner distinguishes the user; If software trial edition user, then obtain software term of validity numerical value on probation, again software term of validity numerical value on probation is connected with software identification, and use user's login key PKI that this data execution " binding " operation is obtained term of validity ciphertext on probation, described hiding data ciphertext and term of validity ciphertext on probation are returned to subscriber computer as authorization data;
After c5, subscriber computer are received the authorization data that the software copyright owner beams back, the software registration instrument imports the creditable calculation modules chip with the term of validity ciphertext on probation in private key for user and the authorization data, and releasing " binding " function of calling creditable calculation modules will be tried out the reduction of term of validity decrypt ciphertext and be obtained software and try out term of validity numerical value;
If c6 software is formal software, then hiding data ciphertext and term of validity ciphertext on probation are kept on this machine hard disk, finish registration process; Otherwise calling function of creditable calculation modules creates the creditable calculation modules monotone counter of appointment and obtains the counter currency as the counter initial value, or the obtain computer system clock currency initial value of software enabling time and last service time on probation, creditable calculation modules monotone counter initial value or software enabling time were connected with software identification with last service time, and use user's login key PKI execution creditable calculation modules " binding " operation to obtain counter initial value ciphertext, by the software registration instrument with the hiding data ciphertext, term of validity ciphertext sum counter initial value ciphertext on probation is kept on this machine hard disk, finishes registration process.
8, method according to claim 7 is characterized in that, described step f also comprises:
F1, during user's each run software, by the leader of software program packed user is registered private key and import the creditable calculation modules chip, when running into when needing code data that reduction hides, the unbind function of calling creditable calculation modules is reduced to clear data with the hiding data ciphertext, and be discharged in the internal memory and move by the routine data of encrypted transmission session with reduction, program is normally moved the code data of back this pre reduction of auto-destruct, can repeat above-mentioned reduction of data process when running into hiding data more later on, this process will run through software whole service life cycle;
Can will try out term of validity ciphertext after f2, described software program start and import the creditable calculation modules chip, and the unbind function of calling creditable calculation modules will try out term of validity ciphertext and be reduced to software term of validity numerical value on probation, judge that according to software term of validity numerical value on probation software is formal version or trial edition;
F3 is if formal version software, then normally operation; If trial edition software, by software counter initial value ciphertext is imported the creditable calculation modules chip, and the creditable calculation modules chip of the unbind function of calling creditable calculation modules when counter initial value ciphertext is reduced to registed authorization specified the initial value of monotone counter, call function of creditable calculation modules again and obtain the currency of specifying the creditable calculation modules monotone counter, by relatively counter initial value and currency can judge whether software is expired; Or according to current computer system clock value be kept at enabling time and last service time in the term of validity ciphertext on probation, judge the deceptive practices that software is whether expired and whether have the malicious modification system clock.
F4, then continue operation,, then also need to send monotone counter and add 1 instruction, upgrade the monotone counter currency to the creditable calculation modules chip if this moment, software adopted is the number of times restriction strategy on probation that monotone counter is realized as software is not out of date; Stop operation immediately as the expired then software of software, and auto-destruct is stored in the hiding data in the subscriber computer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100372471A CN100342296C (en) | 2005-09-09 | 2005-09-09 | Method for realizing computer software intruder preventing edition based on confidence computation module chip |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005100372471A CN100342296C (en) | 2005-09-09 | 2005-09-09 | Method for realizing computer software intruder preventing edition based on confidence computation module chip |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1740940A CN1740940A (en) | 2006-03-01 |
| CN100342296C true CN100342296C (en) | 2007-10-10 |
Family
ID=36093355
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005100372471A Active CN100342296C (en) | 2005-09-09 | 2005-09-09 | Method for realizing computer software intruder preventing edition based on confidence computation module chip |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100342296C (en) |
Families Citing this family (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101201883B (en) * | 2007-09-18 | 2010-04-14 | 北京赛柏科技有限责任公司 | Software protection method based on virtual machine |
| KR101224717B1 (en) * | 2008-12-26 | 2013-01-21 | 에스케이플래닛 주식회사 | Method for Protecting Software License, System, Server, Terminal And Computer-Readable Recording Medium with Program therefor |
| CN103049683B (en) * | 2012-12-18 | 2016-04-06 | 惠州市亿能电子有限公司 | A kind of BMS host computer procedure mandate time slot scrambling |
| CN103731268A (en) * | 2013-09-23 | 2014-04-16 | 中兴通讯股份有限公司 | Terminal, network side device, and terminal application control method and system |
| CN103853943B (en) * | 2014-02-18 | 2017-01-18 | 广州爱九游信息技术有限公司 | program protection method and device |
| CN104819097A (en) * | 2015-04-03 | 2015-08-05 | 北京天诚同创电气有限公司 | Protection method and device for programmable controller program of wind generating set |
| IN2015DE01753A (en) * | 2015-06-11 | 2015-08-28 | Pradeep Varma | |
| CN105844119B (en) * | 2016-03-23 | 2018-10-26 | 国网江西省电力公司 | Software authorization method based on SMS platform |
| CN105743918A (en) * | 2016-04-05 | 2016-07-06 | 浪潮电子信息产业股份有限公司 | Information encrypted transmission method, device and system |
| CN107087002B (en) * | 2017-05-15 | 2019-09-20 | 武汉斗鱼网络科技有限公司 | A kind of encipher-decipher method of data, device and electronic equipment |
| CN107688729B (en) * | 2017-07-27 | 2020-11-27 | 大唐高鸿信安(浙江)信息科技有限公司 | Application program protection system and method based on trusted host |
| CN110162937B (en) * | 2018-02-09 | 2024-02-02 | 黄冈职业技术学院 | Method for realizing computer software protection based on network communication |
| CN108897995A (en) * | 2018-06-19 | 2018-11-27 | 河南正来电子科技有限公司 | A kind of embedded software encrypting registration method of combination embedded device |
| CN110866226B (en) * | 2019-11-15 | 2022-05-24 | 中博信息技术研究院有限公司 | JAVA application software copyright protection method based on encryption technology |
| CN111079124B (en) * | 2019-12-21 | 2023-02-10 | 广州小鹏汽车科技有限公司 | Security chip activation method and device, terminal equipment and server |
| CN111400671A (en) * | 2020-03-10 | 2020-07-10 | 山东超越数控电子股份有限公司 | System copyright management method, device and medium |
| CN112241519A (en) * | 2020-11-05 | 2021-01-19 | 王志平 | Method for realizing software copyright protection |
| WO2022151001A1 (en) * | 2021-01-13 | 2022-07-21 | 王志平 | Software copyright protection implementation method |
| CN113360857A (en) * | 2021-08-10 | 2021-09-07 | 支付宝(杭州)信息技术有限公司 | Code starting method and system for software |
| CN113742760A (en) * | 2021-11-04 | 2021-12-03 | 武汉泰乐奇信息科技有限公司 | Big data calling method and device for preventing data increase |
| CN115168816B (en) * | 2022-08-03 | 2023-08-04 | 明阳产业技术研究院(沈阳)有限公司 | Software anti-piracy method, device, equipment and medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1353828A (en) * | 1999-03-30 | 2002-06-12 | 西门子能量及自动化公司 | Programmable controller method, system and apparatus |
| CN1369809A (en) * | 2002-01-14 | 2002-09-18 | 张国柱 | Anti-piracy encryption method for register code of computer software |
| US6594529B1 (en) * | 1999-03-15 | 2003-07-15 | Siemens Energy & Automation | Programmable logic controller method, system and apparatus |
-
2005
- 2005-09-09 CN CNB2005100372471A patent/CN100342296C/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6594529B1 (en) * | 1999-03-15 | 2003-07-15 | Siemens Energy & Automation | Programmable logic controller method, system and apparatus |
| CN1353828A (en) * | 1999-03-30 | 2002-06-12 | 西门子能量及自动化公司 | Programmable controller method, system and apparatus |
| CN1369809A (en) * | 2002-01-14 | 2002-09-18 | 张国柱 | Anti-piracy encryption method for register code of computer software |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1740940A (en) | 2006-03-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100342296C (en) | Method for realizing computer software intruder preventing edition based on confidence computation module chip | |
| AU767286B2 (en) | Methods and apparatus for protecting information | |
| JP5636371B2 (en) | Method and system for code execution control in a general purpose computing device and code execution control in a recursive security protocol | |
| JP4702957B2 (en) | Tamper resistant virtual machine | |
| US20020083318A1 (en) | Method and system for software integrity control using secure hardware assist | |
| US8103592B2 (en) | First computer process and second computer process proxy-executing code on behalf of first process | |
| US20010051928A1 (en) | Protection of software by personalization, and an arrangement, method, and system therefor | |
| WO2004006075A1 (en) | Open type general-purpose attack-resistant cpu, and application system thereof | |
| CN101872404B (en) | Method for protecting Java software program | |
| JP2015511050A (en) | Method and system for process working set isolation | |
| CN1610886A (en) | System and method for verification | |
| Hachez | A comparative study of software protection tools suited for e-commerce with contributions to software watermarking and smart cards | |
| CN1527208A (en) | Method and device for realizing computer safety and enciphering based on identity confirmation | |
| Anckaert et al. | Software piracy prevention through diversity | |
| EP1949220A2 (en) | Software-firmware transfer system | |
| EP1837789A2 (en) | Method and apparatus for temporarily accessing content using temporary license | |
| US7979911B2 (en) | First computer process and second computer process proxy-executing code from third computer process on behalf of first process | |
| Mana et al. | A framework for secure execution of software | |
| EP3229099A1 (en) | Method and system for performing a transaction and for performing a verification of legitimate access to, or use of digital data | |
| WO2006101765A2 (en) | Method for preventing unauthorized installation of a software product | |
| CN1369809A (en) | Anti-piracy encryption method for register code of computer software | |
| Khan et al. | A Comparative Analysis of Software Protection Schemes. | |
| CN101290648A (en) | Method for remotely verifying legal copy of software | |
| Mumtaz et al. | Development of a methodology for piracy protection of software installations | |
| JP2015135703A (en) | Method and system for recursive security protocol for digital copyright control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: SHENZHEN ZHAORI TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: ZHAORI SCIENCE AND TECHNOLOGY CO. LTD., BEIJING Effective date: 20061124 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20061124 Address after: Nine road 518040 Shenzhen city Futian District Tairan 213 building 6 floor C-3 block Applicant after: Zhaori Tech Co., Ltd., Shenzhen Address before: 100088 Beijing City, Haidian District Zhichun Road Jinqiu International Building No. 6 B block 4 layer Applicant before: Zhaori Science and Technology Co., Ltd., Beijing |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Assignee: Zhaori Science & Technology (Shenzhen) Co., Ltd. Assignor: Zhaori Tech Co., Ltd., Shenzhen Contract fulfillment period: 2009.2.28 to 2027.9.11 contract change Contract record no.: 2009990000224 Denomination of invention: Method for realizing computer software intruder preventing edition based on confidence computation module chip Granted publication date: 20071010 License type: Exclusive license Record date: 2009.3.26 |
|
| LIC | Patent licence contract for exploitation submitted for record |
Free format text: EXCLUSIVE LICENSE; TIME LIMIT OF IMPLEMENTING CONTACT: 2009.2.28 TO 2027.9.11; CHANGE OF CONTRACT Name of requester: ZHAORI SCIENCE + TECHNOLOGY (SHENZHEN) CO., LTD. Effective date: 20090326 |
|
| ASS | Succession or assignment of patent right |
Owner name: SINOSUN TECHNOLOGY (SHENZHEN) CO., LTD. Free format text: FORMER OWNER: SHENZHEN SINOSUN TECH CO., LTD. Effective date: 20100622 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 518040 TOWER C-3, 6/F, BUILDING 213, TAIRANJIU ROAD, FUTIAN DISTRICT, SHENZHEN CITY TO: 518040 TOWER C, 6/F, BUILDING 213, TAIRAN INDUSTRY DISTRICT, CHEGONGMIAO, FUTIAN DISTRICT, SHENZHEN CITY |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20100622 Address after: 518040 Shenzhen city Futian District Che Kung Temple Tairan industrial district 213 building 6 floor C block Patentee after: Sinosun Technology (Shenzhen) Co., Ltd. Address before: Nine road 518040 Shenzhen city Futian District Tairan 213 building 6 floor C-3 block Patentee before: Zhaori Tech Co., Ltd., Shenzhen |
|
| C56 | Change in the name or address of the patentee |
Owner name: SHENZHEN ZHAORI TECHNOLOGY CO., LTD. Free format text: FORMER NAME: ZHAORI SCIENCE + TECHNOLOGY (SHENZHEN) CO., LTD. |
|
| CP01 | Change in the name or title of a patent holder |
Address after: 518040 Shenzhen city Futian District Che Kung Temple Tairan industrial district 213 building 6 floor C block Patentee after: Shenzhen Sinosun Technology Co., Ltd. Address before: 518040 Shenzhen city Futian District Che Kung Temple Tairan industrial district 213 building 6 floor C block Patentee before: Sinosun Technology (Shenzhen) Co., Ltd. |