CN100353274C - Apparatus for encrypting protection to a programme using guard bit element code - Google Patents
Apparatus for encrypting protection to a programme using guard bit element code Download PDFInfo
- Publication number
- CN100353274C CN100353274C CNB2004100018213A CN200410001821A CN100353274C CN 100353274 C CN100353274 C CN 100353274C CN B2004100018213 A CNB2004100018213 A CN B2004100018213A CN 200410001821 A CN200410001821 A CN 200410001821A CN 100353274 C CN100353274 C CN 100353274C
- Authority
- CN
- China
- Prior art keywords
- protection
- program
- produce
- generation device
- bit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The present invention provides a device which uses protection bytecodes to carry out encrypted protection on a program. The program has many instructions P(P is positive integer). The device comprises a protection bytecode generation device, a first protection bytecode position generation device and a protection bytecode insertion device. The protection bytecode generation device generates many protection bytecodes according to the instructions of the program. The instructions have many bits I(I is positive integer). The first protection bytecode position generation device generates many insertion positions N(N is positive integer) of the protection bytecodes according to the processor state when the program is executed. The protection bytecodes are respectively inserted into the (N-1)st bit and the Nth bit of the instructions of the program by the protection bytecode insertion device according to the insertion positions N generated by the first protection bytecode position generation device, and then an encrypted program is generated.
Description
Technical field
The invention relates to processor information protection technology, refer to a kind of device that one program is carried out encipherment protection with the protection byte code especially.
Background technology
Pay attention to the epoch of the intelligence ownership of property at this; manufacturer is in order to protect the program of its arduous exploitation; the Wise property that data etc. are relevant; can be with these data when off-line (off-line); program is carried out one earlier and is encrypted (encrypting) processing; data after will encrypting again is stored to a non-volatile or other Storage Medias; even other people take non-volatile or other Storage Medias that has this encrypted data; owing to can't know the process and the disposal route of this encryption; also can't correctly go to reduce these data; program reaches the purpose of protection therefrom.
At this kind information protection mode, in; U.S. USP6; 408; in No. 073 patent announcement; use a virtual random number producer (Pseudo Random Generator) and foundation one initial value (seed1/seed2); come read-only memory (Read Only Memory; ROM) data (ROMdata) is encoded with generation enciphered data (Encoded data), yet this kind information protection mode is done the parameter of encryption because of using random number, synchronous random number producer need be arranged in order to decode.The template (pattern) that needs very many random numbers could prevent effectively that other people from reducing these data, program, and virtual random number producer of this meaning work coding and decoding needs quite complicated circuit, and this can increase many costs.If use the virtual random number producer of better simply coding and decoding, though escapable cost is reduced these data, program by other people easily, therefore, the conditional order treatment design of well known processor still has many disappearances and gives improved necessity.
Summary of the invention
The object of the present invention is to provide and a kind ofly one program is carried out the device of encipherment protection, use complicated virtual random number producer to avoid known technology, and reach the purpose of escapable cost with the protection byte code.Simultaneously, because the generation of protection byte code and removal hardware are quite simple and easy,, and promote overall system efficiency with the minimizing encryption time.
According to a characteristic of the present invention, proposes that a kind of this program has a plurality of instructions to protect byte code that one program is carried out the device of encipherment protection, each instruction has the I bit, and this I is a positive integer, and this device comprises:
One protection byte code generation device, to produce corresponding a plurality of protection byte codes, each protection byte code has P bit according to a plurality of instructions of this program, and this P is a positive integer;
One first protection bit code position generation device, processor state is to produce the insertion position N of each protection byte code during according to this program of execution for it, and this N is a positive integer, and wherein, this first protection bit code position generation device comprises:
One location status working storage is in order to indicate this processor access data segment or access program section;
One program state working storage is in order to indicate this processor state of living in;
A plurality of insertion positions generation device, according to its intended function to produce the insertion position; And
One multiplexer, it has a plurality of input ends, being coupled to the output terminal of this a plurality of insertion positions generation device, and according to this location status working storage and this program state working storage, by selecting an insertion position with as output in a plurality of input ends; And
One protection byte code inserts device, and the insertion position N according to this first protection bit code position generation device is produced inserts each protection byte code among this program corresponding instruction N-1 bit and the N bit, to produce an encipheror respectively.
According to another characteristic of the present invention, a kind of device that an encipheror is decrypted is proposed, this encipheror will protect byte code to be inserted in the original program and encrypt, and this encipheror has plural the instruction, and this device comprises:
One second protection bit code position generation device, processor state is to produce the insertion position of these a plurality of protection byte codes during according to this program of execution for it, and wherein this second protection bit code position generation device comprises:
One location status working storage is in order to indicate this processor access data segment or access program section;
One program state working storage is in order to indicate the residing state of this processor;
A plurality of insertion positions generation device, according to its intended function to produce the insertion position; And
One multiplexer, it has a plurality of input ends, being coupled to the output terminal of this a plurality of insertion positions generation device, and according to this location status working storage and this program state working storage, by selecting an insertion position with as output in a plurality of input ends; And
One protection byte code removal device is imported this program, and according to the insertion position N that this second protection bit code position generation device is produced, removes with the N bit that this program correspondence is instructed.
According to another characteristic of the present invention; propose a kind of device that an encipheror is decrypted, this encipheror is inserted in two groups of protection byte codes in the original program and encrypts, and this encipheror has the plural number instruction; one of them word group can comprise two encrypted instructions, and this device comprises:
One the 3rd protection bit code position generation device, processor state is to produce the 3rd insertion position of these a plurality of protection byte codes during according to this program of execution for it, and wherein the 3rd protection bit code position generation device comprises:
One location status working storage is in order to indicate this processor access data segment or access program section;
One program state working storage is in order to indicate the residing state of this processor;
A plurality of insertion positions generation device, according to its intended function to produce the insertion position; And
One multiplexer, it has a plurality of input ends, being coupled to the output terminal of this a plurality of insertion positions generation device, and according to this location status working storage and this program state working storage, by selecting an insertion position with as output in a plurality of input ends;
One the 4th protection bit code position generation device, processor state is to produce the 4th insertion position of these a plurality of protection byte codes during according to this program of execution for it, and wherein the 4th protection bit code position generation device comprises:
One location status working storage is in order to indicate this processor access data segment or access program section;
One program state working storage is in order to indicate the residing state of this processor;
A plurality of insertion positions generation device, according to its intended function to produce the insertion position; And
One multiplexer, it has a plurality of input ends, being coupled to the output terminal of this a plurality of insertion positions generation device, and according to this location status working storage and this program state working storage, by selecting an insertion position with as output in a plurality of input ends; And
One the 3rd protection byte code removal device, import the low half-word group of this encipheror, and, remove with the 0th bit to the N1 bit of K-1 bit that this program correspondence is instructed according to the 3rd insertion position N1 that the 3rd protection bit code position generation device is produced; And
One the 4th protection byte code removal device; import the high half-word group of this encipheror; and, remove with K bit to the N2 bit of 2K-1 bit that this program correspondence is instructed according to the 4th insertion position N2 that the 4th protection bit code position generation device is produced.
According to a characteristic more of the present invention, proposes that a kind of this program has a plurality of instructions to protect byte code that one program is carried out the method for encipherment protection, each instruction has the I bit, and this I is a positive integer, and this method comprises the following step:
One protection byte code produces step, and to produce corresponding a plurality of protection byte codes, each protection byte code has P bit according to a plurality of instructions of this program, and this P is a positive integer;
One first protection bit code position produces step; its when carrying out this program processor state to produce the insertion position N of each protection byte code; this N is a positive integer; wherein a location status flag is in order to indicate this processor access data segment or access program section; one program state flag is in order to indicate the residing state of this processor, and this first protection bit code position produces step and also comprises the following step:
A plurality of insertion positions produce steps, according to its intended function to produce the insertion position; And
One multiplex's step according to this location status flag and this program state flag, by the output that a plurality of insertion positions produce steps, selects an insertion position with as output; And
One protection byte code inserting step produces the insertion position N that step produced according to this first protection bit code position, respectively each protection byte code is inserted among the N-1 bit and N bit of the corresponding instruction of this program, to produce an encipheror.
According to an also characteristic of the present invention; a kind of method that an encipheror is decrypted is proposed; this encipheror will be protected byte code to be inserted in the original program and encrypt; this encipheror has the plural number instruction; each instruction has the I bit; each protection byte code has P bit, and this method comprises the following step:
One second protection bit code position produces step; its when carrying out this program processor state to produce the insertion position of these a plurality of protection byte codes; wherein; one location status flag is in order to indicate this processor access data segment or access program section; one program state flag is in order to indicate the residing state of this processor, and this second protection bit code position produces step and also comprises the following step:
A plurality of insertion positions produce steps, according to its intended function to produce the insertion position; And
One multiplex's step according to this location status flag and this program state flag, by the output that a plurality of insertion positions produce steps, selects an insertion position with as output; And
One protection byte code is removed step, imports this program, and produces the insertion position N that step produced according to this second protection bit code position, so that the N bit of the corresponding instruction of this program is removed.
According to another characteristic of the present invention; a kind of method that an encipheror is decrypted is proposed; this encipheror is inserted in two groups of protection byte codes in the original program and encrypts; this encipheror has the instruction of plural number; one of them word group can comprise two encrypted instructions, and this method comprises the following step:
One the 3rd protection bit code position produces step; its when carrying out this program processor state to produce the 3rd insertion position of these a plurality of protection byte codes; wherein; one location status flag is in order to indicate this processor access data segment or access program section; one program state flag is in order to indicate the residing state of this processor, and the 3rd protection bit code position produces step and also comprises the following step:
A plurality of insertion positions produce steps, according to its intended function to produce the insertion position; And
One multiplex's step according to this location status flag and this program state flag, by the output that a plurality of insertion positions produce steps, selects an insertion position with as output;
One the 4th protection bit code position produces step; its when carrying out this program processor state to produce the 4th insertion position of these a plurality of protection byte codes; wherein; one location status flag is in order to indicate this processor access data segment or access program section; one program state flag is in order to indicate the residing state of this processor, and the 4th protection bit code position produces step and also comprises the following step:
A plurality of insertion positions produce steps, according to its intended function to produce the insertion position; And
One multiplex's step according to this location status flag and this program state flag, by the output that a plurality of insertion positions produce steps, selects an insertion position with as output; And
One the 3rd protection byte code is removed step, imports the low half-word group of this encipheror, and produces the 3rd insertion position N1 that step produced according to the 3rd protection bit code position, so that the 0th bit to the N1 bit of K-1 bit of the corresponding instruction of this program is removed; And
One the 4th protection byte code is removed step; import the high half-word group of this encipheror; and according to the 4th protection bit code position generation the 4th insertion position N2 that step produced, so that K bit to the mat woven of fine bamboo strips N2 bit of 2K-1 bit of the corresponding instruction of this program is removed.
Description of drawings
Fig. 1: the present invention carries out encipherment protection device calcspar with the protection byte code to a program.
Fig. 2: the circuit diagram of the present invention's second protection bit code position generation device.
Fig. 3-Fig. 4: the synoptic diagram of the present invention second protection bit code position insertion position that generation device produces.
Fig. 5: the present invention protects the circuit diagram of byte code removal device.
Fig. 6: the present invention carries out another embodiment calcspar of device of encipherment protection to a program with the protection byte code
Embodiment
Fig. 1 shows that the present invention carries out the calcspar of encipherment protection device with the protection byte code to a program, and it comprises a protection byte code generation device 110, one first protection bit code position generation device 120, a protection byte code and inserts device 130, one second protection bit code position generation device 210 and a protection byte code removal device 220.And encrypted program has the instruction of plural number, and each instruction has I bit (I is a positive integer), and the protection byte code has P bit (P positive integer); in the present embodiment, I is 31 bits, and P is 1 bit; be that I+P is 32 bits, but also I is 32 bits, P is 1 bit.
This protection byte code generation device 110 instructs to produce corresponding protection byte code respectively, the indication bit of processor mode when this protection byte code can be parity check bit (Parity bit), error correcting code (Error Correction Code, ECC) or instruction execution according to each of this program.
Processor state when these first protection bit code position generation device, 120 foundations are carried out this program is to produce the insertion position N (N is a positive integer) of each protection byte code.It is the insertion position N that produced according to this first protection bit code position generation device 120 that this protection byte code inserts device 130, respectively each protection byte code is inserted among the N-1 and N bit of the corresponding instruction of this program, to produce an encipheror.
Processor state was to produce the insertion position of this each protection byte code when these second protection bit code position generation device, 210 foundations were carried out this program.This protection byte code removal device 220 inputs one encipheror; this encipheror is the protection byte code is inserted in the original program and is encrypted; and according to this second each insertion position N that protects bit code position generation device 210 to be produced, so that the protection byte code in each instruction of this encipheror is removed.
Processor state was to produce the insertion position when this first protection bit code position generation device 120 and this second protection bit code position generation device 210 were this program of foundation execution, and Fig. 2 is its circuit diagram.Each first and second protection bit code position generation device comprises an access status working storage (AccessStatus Register, ASR) 310, one program state working storage (Program Status Register, PSR) 320, one multiplexer 330 and a plurality of insertion position generation device 340-380.
This access status working storage (ASR) 310 is 1 bit, and its value is 1 o'clock, represents the processor access data segment, and its value is 0 o'clock, represents processor access program section.This program state working storage (PSR) 320 is 3 bits, and when its value was 1xx, the representative processing was thought highly of postpone and entered Auto Power On execution bios program state; When its value is 01x, represent processor to be in operating system core (OS Kernel) state; Its value is 001 o'clock, represents processor to be in a special authentication procedure state; Its value is 000 o'clock, represents processor to be in general user's program state.
PPG_Mode signal among Fig. 2 is to be used for selecting the output signal PBP of this multiplexer 330 and the relation between the input signal.This PPG_Mode signal is to be combined by this access status working storage (ASR) 310 and this 320 of program state working storage (PSR), that is PPG_Mode={ASR, PSR[2:0]).When the processor access data segment, the value of this access status working storage (ASR) 310 is 1, and PPG_Mode=1xxx, this multiplexer 330 can select the output signal PBP of generation device 380 outputs in insertion position as this multiplexer 330.And behind processor reset, when entering Auto Power On execution bios program state, the value of this access status working storage (ASR) 310 is 0, the value of this program state working storage (PSR) 320 is 1xx, and this multiplexer 330 can be selected the output signal PBP of generation device 340 outputs in insertion position as this multiplexer 330.
These a plurality of insertion position generation device 340-380 are to produce the insertion position according to its intended function.Wherein, this insertion position generation device 380 can be device, and with the no insertion position of expression, its output signal is 000000b.This insertion position generation device 340 be with a set-point x via modulo operation producing the insertion position, that is, F1 (x)=(x mod 32).This insertion position generation device 350 deducts one second set-point via modulo operation with one first set-point, producing the insertion position, that is, F2 (x)=31-(x mod 32).
This insertion position generation device 360 with one first set-point with after the part address lines value of this processor combines, again via modulo operation, producing the insertion position, that is, F3 (x, a)=[(x+{a[0], a[1], a[2], a[3], a[4]) mod 32].This insertion position generation device 370 is with a set-point x[4:0] be inverted, with the generation insertion position, that is, F4 (x)=and x[0], x[1], x[2] and, x[3], x[4].This insertion position generation device also can be with this access status working storage (ASR) 310 with after this program state working storage (PSR) 320 combines, to produce the insertion position, or with this location status working storage with after this program state working storage combines, again via modulo operation, to produce the insertion position.
K1 among Fig. 2, K2, K3 and K4 provide a set-point to these a plurality of insertion position generation device 340-380 respectively, and it can be burned onto a hardware circuit earlier, also can be working storage, and are gone to set by system.So, can produce different protection byte code insertion positions to distinct program and processor state of living in.
When Fig. 3 shows K1=K2=K3=K4=3, this a plurality of insertion positions generation device 340,350 and the 380 different protection byte code insertion positions that produce.Wherein, F1 (x)=(x mod 32)=3, representative is handled and is thought highly of postpone, and when entering Auto Power On execution bios program state, its protection byte code insertion position is a bit 3.F2 (x)=[31-(x mod 32)]=28, when representing processor to be in operating system core (OS Kernel) state, its protection byte code insertion position is a bit 28.F4 (x)=and x[0], x[1], x[2] and, x[3], x[4]={ 11000b}=24, when representing processor to be in general user's program state, its protection byte code insertion position is a bit 24.
When Fig. 4 shows K3=3, this insertion position generation device 360 different protection byte code insertion position that produces.F3(x,a)=(x+{a[0],a[1],a[2],a[3],a[4]})mod?32=(3+{a[0],a[1],a[2],a[3],a[4]})mod?32。When representing processor to be in an authentication procedure, its protection byte code insertion position will present variation as shown in Figure 4, and makes this authentication procedure sign indicating number be difficult to steal or decipher.
The output signal PBP of this multiplexer 330 (P-bit Bit Position) is by being made up of 6 bits, wherein PBP[5] cloth woods value represent PBP[4:0] in whether be protection byte code insertion position.As PBP[5:0]=during 0xxxxxb, expression PBP[4:0] unprotect byte code insertion position.As PBP[5:0]=during 100101b, expression PBP[4:0] be protection byte code insertion position, and should protection byte code insertion position in the position of 00101b=5.Because these a plurality of insertion position generation device 340-370 all can produce protection byte code insertion position; so its output signal can make up with a noble potential; and form the output signal PBP[5:0 of this multiplexer 330]; wherein; this noble potential forms PBP[5] (be PBP[5]=1), with expression PBP[4:0] serve as protection byte code insertion position.And this a plurality of insertion positions generation device 380 has been a device, with the no insertion position of expression, so its output signal is 000000b, and expression PBP[4:0] unprotect byte code insertion position.
Fig. 5 is the circuit diagram of this protection byte code removal device 220, and it mainly comprises multiplexer 510,520 and 530.The encipheror of its input end 540 inputs one 32 bits; this encipheror will be protected byte code to be inserted in the original program and be encrypted; and according to these second a plurality of insertion position PBP[4:0 that protect bit code position generation device 210 to be produced], so that the protection byte code in the plural number instruction of this encipheror is removed.As PBP[5]=0 the time, expression PBP[4:0] unprotect byte code insertion position, so 510 of this multiplexers are directly exported input end 540.As PBP[5]=1 the time; expression PBP[4:0] for protecting the byte code insertion position; this multiplexer 520 is according to this PBP[4:0] signal; and export this protection byte code; this multiplexer 530 is according to this PBP[4:0] signal, output does not have the instruction of this protection byte code, and the instruction that this protection byte code and this do not have this protection byte code is combined into one 32 bit word groups again; and this multiplexer 510 is because of PBP[5]=1, then it is connect output.
In present embodiment, this protection byte code generation device 110, first is protected bit code position generation device 120, is reached and protect byte code insertion device 130 can use hardware to be achieved, and can also use the software processed offline, and produce an encipheror.This protection byte code removal device 220 and this second protection bit code position generation device 210 can combine with a processor core; these protection byte code removal device 220 these encipherors of input; and according to these second a plurality of insertion position N that protect bit code position generation device 210 to be produced, so that the protection byte code in a plurality of instructions of this encipheror is removed.So, but the program after this processor core correct execution should be deciphered, and encrypted program then needn't be worried to be cracked by other people easily, and reaches the purpose of protection.
Fig. 6 is an another embodiment of the present invention; be to two groups of protection byte codes are inserted in the device that the encipheror in the original program is decrypted; this encipheror has the instruction of plural number, and one of them word group can comprise two encrypted instructions, and each encrypted instruction is 16 bits.This device comprises one the 3rd protection bit code position generation device 610, one the 4th protection bit code position generation device 620, one the 3rd protection byte code removal device 630 and one the 4th protection byte code removal device 640.
Processor state when the 3rd protection bit code position generation device the 610 and the 4th is protected bit code position generation device 620 respectively according to this program of execution is to produce the 3rd insertion position PBP1[4:0 of each protection byte code] and the 4th insertion position PBP2[4:0].
The low half-word group (low halfword) of the 3rd protection byte code removal device 630 these encipherors of input; and according to the 3rd each the 3rd insertion position PBP1[4:0 that protects bit code position generation device 630 to be produced], with PBP1[4:0 with plural the 0th to 15 bit that instructs of this program] the bit removal.The high half-word group (high half word) of the 4th protection byte code removal device 640 these encipherors of input; and according to the 4th each the 4th insertion position PBP2[4:0 that protects bit code position generation device to be produced], with PBP2[4:0 with corresponding the 16th to 31 bit that instructs of this program] the bit removal.
As shown in the above description; technology of the present invention only needs easy hardware can reach the function of encrypting and deciphering; need not the picture known technology and use complicated virtual random number producer; and escapable cost; simultaneously, the generation and the removal hardware of protection byte code are quite simple and easy, can't can increase the encryption and decryption processing time as known technology; and the encryption and decryption processing time that need spend far beyond known technology is for few, so its execution usefulness is better far beyond known technology.
It should be noted that above-mentioned many embodiment give an example for convenience of explanation, the interest field that the present invention advocated should be as the criterion so that claim is described certainly, but not only limits to the foregoing description.
Claims (48)
1. one kind is carried out the device of encipherment protection with the protection byte code to a program, and this program has a plurality of instructions, and each instruction has the I bit, and this I is a positive integer, and this device comprises:
One protection byte code generation device, to produce corresponding a plurality of protection byte codes, each protection byte code has P bit according to a plurality of instructions of this program, and this P is a positive integer;
One first protection bit code position generation device, processor state is to produce the insertion position N of each protection byte code during according to this program of execution for it, and this N is a positive integer, and wherein, this first protection bit code position generation device comprises:
One location status working storage is in order to indicate this processor access data segment or access program section;
One program state working storage is in order to indicate this processor state of living in;
A plurality of insertion positions generation device, according to its intended function to produce the insertion position; And
One multiplexer, it has a plurality of input ends, being coupled to the output terminal of this a plurality of insertion positions generation device, and according to this location status working storage and this program state working storage, by selecting an insertion position with as output in a plurality of input ends; And
One protection byte code inserts device, and the insertion position N according to this first protection bit code position generation device is produced inserts each protection byte code among this program corresponding instruction N-1 bit and the N bit, to produce an encipheror respectively.
2. as claimed in claim 1ly one program is carried out the device of encipherment protection, it is characterized in that, also comprise with the protection byte code:
One second protection bit code position generation device, processor state is to produce the aforementioned insertion position N of this each protection byte code during according to this program of execution for it, and wherein, this second protection bit code position generation device comprises:
One location status working storage is in order to indicate this processor access data segment or access program section;
One program state working storage is in order to indicate this processor state of living in;
A plurality of insertion positions generation device, according to its intended function to produce the insertion position; And
One multiplexer, it has a plurality of input ends, being coupled to the output terminal of this a plurality of insertion positions generation device, and according to this location status working storage and this program state working storage, by selecting an insertion position with as output in a plurality of input ends; And
One protection byte code removal device is imported this program, and according to this second insertion position N that protects bit code position generation device to be produced, the correspondence of this program is instructed the N bit remove.
3. the device that one program is carried out encipherment protection with the protection byte code as claimed in claim 2; it is characterized in that; wherein a plurality of insertion positions generation device of a plurality of insertion positions generation device of this first protection bit code position generation device and this second protection bit code position generation device can be device, with the no aforementioned insertion position of expression.
4. the device that one program is carried out encipherment protection with the protection byte code as claimed in claim 2; it is characterized in that, wherein a plurality of insertion positions generation device of a plurality of insertion positions generation device of this first protection bit code position generation device and this second protection bit code position generation device can be with a set-point via functional operation to produce this insertion position.
5. the device that one program is carried out encipherment protection with the protection byte code as claimed in claim 2; it is characterized in that; wherein a plurality of insertion positions generation device of a plurality of insertion positions generation device of this first protection bit code position generation device and this second protection bit code position generation device can deduct one first set-point one second set-point via functional operation, to produce this insertion position.
6. the device that one program is carried out encipherment protection with the protection byte code as claimed in claim 2; it is characterized in that; wherein a plurality of insertion positions generation device of a plurality of insertion positions generation device of this first protection bit code position generation device and this second protection bit code position generation device can be with one first set-point with after this processor part address value combines; again via functional operation, to produce this insertion position.
7. the device that one program is carried out encipherment protection with the protection byte code as claimed in claim 2; it is characterized in that; wherein a plurality of insertion positions generation device of this first protection bit code position generation device can with the location status working storage of this first protection bit code position generation device with this first protect the program state working storage of bit code position generation device to combine after; to produce this insertion position; a plurality of insertion positions generation device of this second protection bit code position generation device can with the location status working storage of this second protection bit code position generation device with this second protect the program state working storage of bit code position generation device to combine after, to produce this insertion position.
8. the device that one program is carried out encipherment protection with the protection byte code as claimed in claim 2; it is characterized in that; wherein a plurality of insertion positions generation device of this first protection bit code position generation device can with the location status working storage of this first protection bit code position generation device with this first protect the program state working storage of bit code position generation device to combine after; again via functional operation; to produce this insertion position; a plurality of insertion positions generation device of this second protection bit code position generation device can with the location status working storage of this second protection bit code position generation device with this second protect the program state working storage of bit code position generation device to combine after; again via functional operation, to produce the insertion position.
9. the device that one program is carried out encipherment protection with the protection byte code as claimed in claim 2; it is characterized in that; wherein this protection byte code removal device also can be located and the corresponding N bit that instructs of this program is moved to most significant digit unit according to this second aforementioned insertion position N that protects bit code position generation device to be produced.
10. the device that one program is carried out encipherment protection with the protection byte code as claimed in claim 2; it is characterized in that; this protection byte code removal device insertion position N that also can be produced according to this second protection bit code position generation device wherein, and the N bit of the corresponding instruction of this program is moved to minimum bit place.
11. the device that one program is carried out encipherment protection with the protection byte code as claimed in claim 2; it is characterized in that; this protection byte code removal device insertion position N that also can be produced according to this second protection bit code position generation device wherein, and the correspondence instruction of this program is directly exported.
12. as claimed in claim 2ly one program is carried out the device of encipherment protection, it is characterized in that, wherein I+P=32 with the protection byte code.
13. as claimed in claim 3ly one program is carried out the device of encipherment protection, it is characterized in that, wherein I=32 with the protection byte code.
14. the device that an encipheror is decrypted, this encipheror will be protected byte code to be inserted in the original program and encrypt, this encipheror has the plural number instruction, and each instruction has the I bit, and each protection byte code has P bit, and this device comprises:
One second protection bit code position generation device, processor state is to produce the insertion position of these a plurality of protection byte codes during according to this program of execution for it, and wherein this second protection bit code position generation device comprises:
One location status working storage is in order to indicate this processor access data segment or access program section;
One program state working storage is in order to indicate the residing state of this processor;
A plurality of insertion positions generation device, according to its intended function to produce the insertion position; And
One multiplexer, it has a plurality of input ends, being coupled to the output terminal of this a plurality of insertion positions generation device, and according to this location status working storage and this program state working storage, by selecting an insertion position with as output in a plurality of input ends; And
One protection byte code removal device is imported this program, and according to the insertion position N that this second protection bit code position generation device is produced, removes with the N bit that this program correspondence is instructed.
15. the device that an encipheror is decrypted as claimed in claim 14 is characterized in that, wherein this a plurality of insertion positions generation device can be device, does not have this insertion position with expression.
16. the device that an encipheror is decrypted as claimed in claim 14 is characterized in that, wherein this a plurality of insertion positions generation device can be with a set-point via functional operation to produce this insertion position.
17. the device that an encipheror is decrypted as claimed in claim 14 is characterized in that, wherein this a plurality of insertion positions generation device can deduct one first set-point one second set-point via functional operation, to produce this insertion position.
18. the device that an encipheror is decrypted as claimed in claim 14, it is characterized in that, wherein this a plurality of insertion positions generation device can be with one first set-point with after the part address value of this processor combines, again via functional operation, to produce this insertion position.
19. the device that an encipheror is decrypted as claimed in claim 14 is characterized in that, wherein this a plurality of insertion positions generation device can be with this location status working storage with after this program state working storage combines, to produce this insertion position.
20. the device that an encipheror is decrypted as claimed in claim 14, it is characterized in that, wherein this a plurality of insertion positions generation device can be with this location status working storage with after this program state working storage combines, again via functional operation, to produce this insertion position.
21. the device that an encipheror is decrypted as claimed in claim 14 is characterized in that, wherein I+P=32.
22. the device that an encipheror is decrypted as claimed in claim 14 is characterized in that, wherein I=32.
23. the device that an encipheror is decrypted, this encipheror is inserted in two groups of protection byte codes in the original program and encrypts, and this encipheror has the plural number instruction, and one of them word group can comprise two encrypted instructions, and this device comprises:
One the 3rd protection bit code position generation device, processor state is to produce the 3rd insertion position of these a plurality of protection byte codes during according to this program of execution for it, and wherein the 3rd protection bit code position generation device comprises:
One location status working storage is in order to indicate this processor access data segment or access program section;
One program state working storage is in order to indicate the residing state of this processor;
A plurality of insertion positions generation device, according to its intended function to produce the insertion position; And
One multiplexer, it has a plurality of input ends, being coupled to the output terminal of this a plurality of insertion positions generation device, and according to this location status working storage and this program state working storage, by selecting an insertion position with as output in a plurality of input ends;
One the 4th protection bit code position generation device, processor state is to produce the 4th insertion position of these a plurality of protection byte codes during according to this program of execution for it, and wherein the 4th protection bit code position generation device comprises:
One location status working storage is in order to indicate this processor access data segment or access program section;
One program state working storage is in order to indicate the residing state of this processor;
A plurality of insertion positions generation device, according to its intended function to produce the insertion position; And
One multiplexer, it has a plurality of input ends, being coupled to the output terminal of this a plurality of insertion positions generation device, and according to this location status working storage and this program state working storage, by selecting an insertion position with as output in a plurality of input ends; And
One the 3rd protection byte code removal device, import the low half-word group of this encipheror, and, remove with the 0th bit to the N1 bit of K-1 bit that this program correspondence is instructed according to the 3rd insertion position N1 that the 3rd protection bit code position generation device is produced; And
One the 4th protection byte code removal device; import the high half-word group of this encipheror; and, remove with K bit to the N2 bit of 2K-1 bit that this program correspondence is instructed according to the 4th insertion position N2 that the 4th protection bit code position generation device is produced.
24. the device that an encipheror is decrypted as claimed in claim 23 is characterized in that, wherein K=16.
25. one kind is carried out the method for encipherment protection with the protection byte code to a program, this program has a plurality of instructions, and each instruction has the I bit, and this I is a positive integer, and this method comprises the following step:
One protection byte code produces step, and to produce corresponding a plurality of protection byte codes, each protection byte code has P bit according to a plurality of instructions of this program, and this P is a positive integer;
One first protection bit code position produces step; its when carrying out this program processor state to produce the insertion position N of each protection byte code; this N is a positive integer; wherein a location status flag is in order to indicate this processor access data segment or access program section; one program state flag is in order to indicate the residing state of this processor, and this first protection bit code position produces step and also comprises the following step:
A plurality of insertion positions produce steps, according to its intended function to produce the insertion position; And
One multiplex's step according to this location status flag and this program state flag, by the output that a plurality of insertion positions produce steps, selects an insertion position with as output; And
One protection byte code inserting step produces the insertion position N that step produced according to this first protection bit code position, respectively each protection byte code is inserted among the N-1 bit and N bit of the corresponding instruction of this program, to produce an encipheror.
26. as claimed in claim 25ly one program is carried out the method for encipherment protection, it is characterized in that it also comprises the following step with the protection byte code:
One second protection bit code position produces step; its when carrying out this program processor state to produce the insertion position N of each protection byte code; wherein a location status flag is in order to indicate this processor access data segment or access program section; one program state flag is in order to indicate the residing state of this processor, and this second protection bit code position produces step and also comprises the following step:
A plurality of insertion positions produce steps, according to its intended function to produce the insertion position; And
One multiplex's step according to this location status flag and this program state flag, by the output that a plurality of insertion positions produce steps, selects an insertion position with as output; And
One protection byte code is removed step, imports this program, and produces the insertion position N that step produced according to this second protection bit code position, so that the N bit of the corresponding instruction of this program is removed.
27. method of one program being carried out encipherment protection with the protection byte code as claimed in claim 26; it is characterized in that; wherein a plurality of insertion positions of a plurality of insertion positions generation step of this first protection bit code position generation step and this second protection bit code position generation step produce step and can be step, to represent no aforementioned insertion position.
28. method of one program being carried out encipherment protection with the protection byte code as claimed in claim 26; it is characterized in that, wherein this first protection bit code position a plurality of insertion positions of producing step produce a plurality of insertion positions that step and this second protection bit code position produce step produce steps can be with a set-point via functional operation to produce this insertion position.
29. method of one program being carried out encipherment protection with the protection byte code as claimed in claim 26; it is characterized in that; wherein this first protection bit code position a plurality of insertion positions of producing step produce a plurality of insertion positions that step and this second protection bit code position produce step and produce steps and one first set-point can be deducted one second set-point via functional operation, to produce this insertion position.
30. method of one program being carried out encipherment protection with the protection byte code as claimed in claim 26; it is characterized in that; wherein this first protection bit code position a plurality of insertion positions of producing step produce a plurality of insertion positions that step and this second protection bit code position produce step produce steps can be with one first set-point with after the part address value of this processor combines; again via functional operation, to produce this insertion position.
31. method of one program being carried out encipherment protection with the protection byte code as claimed in claim 26; it is characterized in that; after wherein this first protection bit code position a plurality of insertion positions of producing step produce location status flag that steps can produce this first protection bit code position step and program state flag of this first protection bit code position generation step combine; to produce this insertion position; after a plurality of insertion positions that this second protection bit code position produces step produce location status flag that steps can produce this second protection bit code position step and program state flag of this second protection bit code position generation step combine, to produce this insertion position.
32. method of one program being carried out encipherment protection with the protection byte code as claimed in claim 26; it is characterized in that; after wherein this first protection bit code position a plurality of insertion positions of producing step produce location status flag that steps can produce this first protection bit code position step and program state flag of this first protection bit code position generation step combine; again via functional operation; to produce this insertion position; after a plurality of insertion positions that this second protection bit code position produces step produce location status flag that steps can produce this second protection bit code position step and program state flag of this second protection bit code position generation step combine; via functional operation, to produce this insertion position.
33. method of one program being carried out encipherment protection with the protection byte code as claimed in claim 26; it is characterized in that; wherein this protection byte code is removed step and also can be produced the aforementioned insertion position N that step produced according to this second protection bit code position, and the N bit of the corresponding instruction of this program is moved to most significant digit unit place.
34. method of one program being carried out encipherment protection with the protection byte code as claimed in claim 26; it is characterized in that; wherein this protection byte code is removed step and also can be produced the aforementioned insertion position N that step produced according to this second protection bit code position, and the N bit of the corresponding instruction of this program is moved to minimum bit place.
35. method of one program being carried out encipherment protection with the protection byte code as claimed in claim 26; it is characterized in that; wherein this protection byte code is removed step and also can be produced the aforementioned insertion position N that step produced according to this second protection bit code position, and with directly output of the corresponding instruction of this program.
36. as claimed in claim 26ly one program is carried out the method for encipherment protection, it is characterized in that, wherein I+P=32 with the protection byte code.
37. as claimed in claim 26ly one program is carried out the method for encipherment protection, it is characterized in that, wherein I=32 with the protection byte code.
38. method that an encipheror is decrypted; this encipheror will be protected byte code to be inserted in the original program and encrypt, and this encipheror has the plural number instruction, and each instruction has the I bit; each protection byte code has P bit, and this method comprises the following step:
One second protection bit code position produces step; its when carrying out this program processor state to produce the insertion position of these a plurality of protection byte codes; wherein; one location status flag is in order to indicate this processor access data segment or access program section; one program state flag is in order to indicate the residing state of this processor, and this second protection bit code position produces step and also comprises the following step:
A plurality of insertion positions produce steps, according to its intended function to produce the insertion position; And
One multiplex's step according to this location status flag and this program state flag, by the output that a plurality of insertion positions produce steps, selects an insertion position with as output; And
One protection byte code is removed step, imports this program, and produces the insertion position N that step produced according to this second protection bit code position, so that the N bit of the corresponding instruction of this program is removed.
39. the method that an encipheror is decrypted as claimed in claim 38 is characterized in that, wherein these a plurality of insertion positions produce step and can be step, with the no aforementioned insertion position of expression.
40. the method that an encipheror is decrypted as claimed in claim 38 is characterized in that, wherein these a plurality of insertion positions produce steps can be with a set-point via functional operation to produce this insertion position.
41. the method that an encipheror is decrypted as claimed in claim 38 is characterized in that, wherein these a plurality of insertion positions generation steps can deduct one first set-point one second set-point via functional operation, to produce this insertion position.
42. the method that an encipheror is decrypted as claimed in claim 38, it is characterized in that wherein, these a plurality of insertion positions produce steps can be with one first set-point with after the part address value of this processor combines, again via functional operation, to produce this insertion position.
43. the method that an encipheror is decrypted as claimed in claim 38 is characterized in that, wherein these a plurality of insertion positions produce steps can be with this location status flag with after this program state flag combines, to produce this insertion position.
44. the method that an encipheror is decrypted as claimed in claim 38, it is characterized in that, wherein these a plurality of insertion positions produce steps can be with this location status flag with after this program state flag combines, again via functional operation, to produce this insertion position.
45. the method that an encipheror is decrypted as claimed in claim 38 is characterized in that, wherein I+P=32.
46. the method that an encipheror is decrypted as claimed in claim 38 is characterized in that, wherein I=32.
47. the method that an encipheror is decrypted, this encipheror is inserted in two groups of protection byte codes in the original program and encrypts, and this encipheror has the instruction of plural number, and one of them word group can comprise two encrypted instructions, and this method comprises the following step:
One the 3rd protection bit code position produces step; its when carrying out this program processor state to produce the 3rd insertion position of these a plurality of protection byte codes; wherein; one location status flag is in order to indicate this processor access data segment or access program section; one program state flag is in order to indicate the residing state of this processor, and the 3rd protection bit code position produces step and also comprises the following step:
A plurality of insertion positions produce steps, according to its intended function to produce the insertion position; And
One multiplex's step according to this location status flag and this program state flag, by the output that a plurality of insertion positions produce steps, selects an insertion position with as output;
One the 4th protection bit code position produces step; its when carrying out this program processor state to produce the 4th insertion position of these a plurality of protection byte codes; wherein; one location status flag is in order to indicate this processor access data segment or access program section; one program state flag is in order to indicate the residing state of this processor, and the 4th protection bit code position produces step and also comprises the following step:
A plurality of insertion positions produce steps, according to its intended function to produce the insertion position; And
One multiplex's step according to this location status flag and this program state flag, by the output that a plurality of insertion positions produce steps, selects an insertion position with as output; And
One the 3rd protection byte code is removed step, imports the low half-word group of this encipheror, and produces the 3rd insertion position N1 that step produced according to the 3rd protection bit code position, so that the 0th bit to the N1 bit of K-1 bit of the corresponding instruction of this program is removed; And
One the 4th protection byte code is removed step; import the high half-word group of this encipheror; and according to the 4th protection bit code position generation the 4th insertion position N2 that step produced, so that K bit to the mat woven of fine bamboo strips N2 bit of 2K-1 bit of the corresponding instruction of this program is removed.
48. the method that an encipheror is decrypted as claimed in claim 47 is characterized in that, wherein K=16.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2004100018213A CN100353274C (en) | 2004-01-14 | 2004-01-14 | Apparatus for encrypting protection to a programme using guard bit element code |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CNB2004100018213A CN100353274C (en) | 2004-01-14 | 2004-01-14 | Apparatus for encrypting protection to a programme using guard bit element code |
Publications (2)
Publication Number | Publication Date |
---|---|
CN1641514A CN1641514A (en) | 2005-07-20 |
CN100353274C true CN100353274C (en) | 2007-12-05 |
Family
ID=34867207
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CNB2004100018213A Expired - Fee Related CN100353274C (en) | 2004-01-14 | 2004-01-14 | Apparatus for encrypting protection to a programme using guard bit element code |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100353274C (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5515307A (en) * | 1994-08-04 | 1996-05-07 | Bell Communications Research, Inc. | Pseudo-random generator |
CN1180466A (en) * | 1996-03-04 | 1998-04-29 | 诺基亚电信公司 | Improving security of packet-mode transmission in mobile communication system |
CN1216653A (en) * | 1996-03-18 | 1999-05-12 | 株式会社东芝 | Encoder and decoder |
US6104811A (en) * | 1996-08-16 | 2000-08-15 | Telcordia Technologies, Inc. | Cryptographically secure pseudo-random bit generator for fast and secure encryption |
-
2004
- 2004-01-14 CN CNB2004100018213A patent/CN100353274C/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5515307A (en) * | 1994-08-04 | 1996-05-07 | Bell Communications Research, Inc. | Pseudo-random generator |
CN1180466A (en) * | 1996-03-04 | 1998-04-29 | 诺基亚电信公司 | Improving security of packet-mode transmission in mobile communication system |
CN1216653A (en) * | 1996-03-18 | 1999-05-12 | 株式会社东芝 | Encoder and decoder |
US6104811A (en) * | 1996-08-16 | 2000-08-15 | Telcordia Technologies, Inc. | Cryptographically secure pseudo-random bit generator for fast and secure encryption |
Also Published As
Publication number | Publication date |
---|---|
CN1641514A (en) | 2005-07-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101231622B (en) | Data storage method and equipment base on flash memory, as well as data fetch method and apparatu | |
CN101149768B (en) | Special processor software encryption and decryption method | |
JP2008530663A (en) | Microprocessor data security method and system | |
US20040177257A1 (en) | Data processing device and data processing method | |
KR20090080032A (en) | Method and system to provide security implementation for storage devices | |
CN102334307A (en) | Key recovery mechanism for cryptographic systems | |
WO2009064794A2 (en) | Method and apparatus of providing the security and error correction capability for memory storage devices | |
CN108830096B (en) | Data processing method and device, electronic equipment and storage medium | |
JP2005018725A5 (en) | ||
FR2976147A1 (en) | DATA INTERLACEMENT DIAGRAM FOR AN EXTERNAL MEMORY OF A SECURE MICROCONTROLLER | |
CN107967414B (en) | Micro control chip instruction encryption method, decryption method and encryption/decryption system | |
CN112069551A (en) | Electronic circuit | |
JPWO2006118101A1 (en) | CONFIDENTIAL INFORMATION PROCESSING HOST DEVICE AND CONFIDENTIAL INFORMATION PROCESSING METHOD | |
CN100353274C (en) | Apparatus for encrypting protection to a programme using guard bit element code | |
TWI249666B (en) | Device using parity check bit to carry out data encryption protection and method thereof | |
TWI221966B (en) | Device for encrypting/protecting program with protection bit codes | |
JP4592337B2 (en) | Data storage | |
CN115941304A (en) | Data encryption method and device, terminal equipment and computer readable storage medium | |
CN102129535A (en) | Encryption method of nonvolatile computer system based on hardware and computer | |
CN110071927B (en) | Information encryption method, system and related components | |
CN110309678B (en) | Memory scrambling method | |
US7529365B2 (en) | Device and method of applying check bit to encrypt instruction for protection | |
JP2011123229A (en) | Program code encryption device and program | |
JP2008205753A (en) | Signal processor | |
CN100505619C (en) | Device and method for crypto-protecting data by odd-even check bit |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20071205 Termination date: 20150114 |
|
EXPY | Termination of patent right or utility model |