Background technology
In the software copyright protection field; to the use of software prescribe a time limit control be the method for using always; for example software is regularly on probation, lease, regular usage license isotype; be that software can only be used before the date of a certain setting; this requires software protecting equipment can obtain current real-time time, so that the operation of software is controlled.At present, obtain real-time time following several implementation method arranged:
First method is to the software protecting equipment balancing cell, utilizes the timing that adds up of software protecting equipment internal processor clock frequency.But because software protecting equipment processor when not working still is in running status, the power consumption height, effective under-stream period of device is subjected to the restriction of battery capacity; Timing error can be accumulated simultaneously, and long-time the use can produce than large deviation; The use of battery also can increase cost in addition.
Second method is that additional real-time timepiece chip carries out timing; software protecting equipment when work from real-time timepiece chip time for reading information; real-time timepiece chip is low in energy consumption, timing is accurate; can solve the part shortcoming of first method; but still be subjected to the restriction of battery capacity its service time, cost is then higher.
The third method is that software protecting equipment utilizes the internal processor clock frequency at every turn when powering on, and begins the accumulative total timing from time of last registration, and regularly writes in the nonvolatile memory.But, therefore must use the time of local host to calibrate owing to can only when powering on, pick up counting.The greatest problem of this method is that the software cracker is easy to adjust the main frame time, perhaps distorts the temporal information that sends to software protecting equipment.Though this method can be carried out certain judgement to the time of obtaining from main frame, for example itself and the clocking information in the device are compared, only when being later than setup time, just is considered to the main frame time effectively, and the validity of this judgement is very poor.The software cracker can write down each electricity time down, imports into this time very approaching time afterwards when software protecting equipment work next time, makes software protecting equipment in fact just at the accumulative total power-on time, and can't obtain real real-time time.For example trial period is 30 days a software, supposes that be 2 hours the service time of software average every day, and the cracker utilizes above-mentioned means can obtain to reach about 1 year operating period (÷ was 2 hours=360 days in 24 hours * 30 days).Therefore this method can't provide the protection in limited time of effective software.
Summary of the invention
In order to address the above problem; the present invention proposes the acquisition and the remote calibration method of real-time time in a kind of software protecting equipment; it analyzes the behaviour in service of protected software under the control of setting strategy, utilize long-range clock server to carry out the real-time time calibration when noting abnormalities.
For the ease of narration, at first following notion is provided definition:
Real-time time: current date and constantly accurately
Issuing time: the date of software protecting equipment issue and the moment
Setup time: the date that current institute writes down and safeguards in the software protecting equipment and the moment, the objective of the invention is to make it to conform to real-time time as much as possible
The main frame time: date and time information that software protecting equipment obtains from local host, therefore this time may by the people for a change not necessarily conform to real-time time
Server time: date in the response data package informatin that is sent by clock server and constantly, this time is believable real-time time
Power-on time: the time interval of certain power up of software protecting equipment
Added up power-on time: the summation of all power-on times since beginning from a certain moment
Working time: software protecting equipment is implemented the time interval of certain software protection function, and promptly the defencive function concluding time deducts the defencive function start time, and is corresponding with a working time of protected software usually
Added up the working time: the summation of all working time since beginning from a certain moment
Service time: software protecting equipment is inferred, and to the interval the current time, promptly the device time deducts this zero-time from a certain zero-time
For achieving the above object, the acquisition and the remote calibration method of real-time time may further comprise the steps in the software protecting equipment of the present invention's proposition:
A. described software protecting equipment reads the setup time of being preserved in the back that powers on from described nonvolatile memory, after according to the main frame time this setup time being revised, start clocking capability and regularly current setup time is recorded in the described nonvolatile memory;
B. described software protecting equipment is added up and record the use information of described protected software, and judges whether described use information reaches the preset threshold condition;
C. when being judged as above-mentioned use information when having reached the preset threshold condition, described software protecting equipment starts real-time time remote calibration flow process, may further comprise the steps:
D. described software protecting equipment is implemented the software protection function according to setup time.
Described software protecting equipment is provided with the protected software issuing time as initial setup time in the nonvolatile memory in it before powering on first.
The described process of described setup time being revised according to the main frame time is specially: the validity of judging the main frame time; If be judged as effectively, promptly the main frame time is later than setup time, or the main frame time in the preset time scope early than setup time, then according to updating device time main frame time; If it is invalid to be judged as, promptly the main frame time early than setup time, then enters main frame time anomaly treatment scheme outside the preset time scope, is specially the real-time time remote calibration flow process that starts described c step or bans use of described protected software.
Described c step specifically comprises the steps:
C1. described software protecting equipment sends request data package to long-range clock server;
C2. after described clock server receives request data package, generate response data packet and send to described software protecting equipment;
C3. described software protecting equipment receives response data packet and verifies when it is effective, with clock server described setup time time calibration that comprises in this response data packet, revises according to the setup time of main frame time after to described calibration then.
In the b step, the use information of described protected software comprises one of them kind of following information: this protected software is from the service time of the last alignment time; This protected software is from the accumulative total working time of the last alignment time; This protected software is from the accumulative total power-on time of the last alignment time; This protected software is from the accumulative total access times of the last alignment time; The described the last alignment time is software protecting equipment described in the step c3 is successfully calibrated described setup time with server time the moment, perhaps is described software issuing time.
In the b step, described threshold condition comprises one of them of following condition: from the last alignment time, described protected software reaches preset value service time; From the last alignment time, the described protected software accumulative total working time reaches preset value; From the last alignment time, described protected software accumulative total power-on time reaches preset value; From the last alignment time, described protected software accumulative total access times reach preset value; From the last alignment time, the ratio of accumulative total working time with service time reaches preset value; From the last alignment time, the accumulative total power-on time reaches preset value with the ratio of service time; From the last alignment time, protected software accumulative total access times reach preset value with the ratio of service time; The described the last alignment time is the described server time that software protecting equipment described in the step c3 is used to calibrate described setup time, perhaps is described software issuing time.
In the c1 step, the described request packet comprises one of them of following data: the facility information of described software protecting equipment; Be recorded in the request msg packet number in the nonvolatile memory, the initial value of this numbering is 0, adds 1 after each transmission request data package; Random information is produced when generating request data package and is recorded in the nonvolatile memory by described software protecting equipment.
In the c2 step, described response data packet comprises one of them of following data: real-time time; The facility information of the described software protecting equipment that comprises in the request data package; The numbering of request data package; The random information that comprises in the request data package.
In c1 and c2 step, described software protecting equipment and clock server are shared a symmetric key, so that described response data packet is carried out encryption and decryption.
In c1 and c2 step, to treat that described software protecting equipment is verified, described verification msg is accessed to your password by described clock server and learns the data operation generation of algorithm to response data packet described clock server to described response data packet additional identification data.
In the c3 step, one of them that described software protecting equipment comprises the following steps the proof procedure of response data packet validity: the consistency checking of software protecting equipment facility information that comprises in the described response data packet and software protecting equipment physical device information; The consistency checking of the request msg packet number of request msg packet number that comprises in the described response data packet and described software protecting equipment record; The consistency checking that is included in the random information in the request data package of random information that comprises in the described response data packet and described software protecting equipment record; But use the verification msg that comprises in the response data packet that the integrality and the unforgeable of response data packet are verified.
In the c3 step, described software protecting equipment comprises with the process of clock server time calibrating installation time: the validity of judging the clock server time; If be judged as effectively, promptly the clock server time is later than setup time, perhaps in the preset time scope early than setup time, then use the clock server time updating device time; If it is invalid to be judged as, promptly the clock server time early than setup time, then enters the response data packet abnormality processing flow process that comprises the use of forbidding protected software outside the preset time scope.
If described real-time time remote calibration flow process starts but does not finish as yet, then in the d step to one of following control strategy of described protected software implementation: forbid the use of described protected software immediately; From this moment, after reaching predetermined value service time, forbid the use of described protected software; From this moment, after reaching predetermined value, forbids the accumulative total working time use of described protected software; From this moment, after reaching predetermined value, forbids the accumulative total power-on time use of described protected software; From this moment, after reaching predetermined value, forbid protected software accumulative total access times the use of described protected software.
If be not activated described real-time time remote calibration flow process, then in the d step to described protected software implementation expectant control strategy.
Beneficial effect of the present invention is to have remedied incredible shortcoming of main frame time in the prior art, for protecting in limited time of software copyright provides low-cost, practical solution.Use method of the present invention also not rely on the local host time, can obtain believable, comparatively accurate real-time time, software protection schemes such as date restriction are provided for the software developer as additional real-time timepiece chip of software protecting equipment and battery.
Embodiment
Below in conjunction with accompanying drawing specific embodiments of the invention are done detailed description.
Include nonvolatile memory in the software protecting equipment, be used for data such as save set time.Initial setup time is the issuing time of protected software.
Fig. 1 is a control flow chart of the present invention; as shown in the figure; software protecting equipment powers on after (S01); read the setup time (S02) stored in the nonvolatile memory and main frame time (S03) and these two times are compared; whether promptly check the main frame time (S04), be effective real-time time to judge this time.
If the main frame time outside the scope that allows early than setup time; illustrate that the main frame time is artificially changed; judge invalid going forward side by side of main frame time into main frame time anomaly treatment scheme (S06); forbid use (S23) immediately to protected software; perhaps start remote calibration flow process (S11), obtain correct real-time time from the clock server end with force users.
If the main frame time is later than setup time, or, think that then the main frame time is credible, and use correcting device time main frame time (S05) in allowed limits early than setup time.Software protecting equipment utilizes the clock internal frequency to pick up counting afterwards, and the updating device time also regularly records current setup time in the nonvolatile memory in case power down (S07) suddenly.
When carrying out timing, software protecting equipment also makes regular check on the operating position of protected software; add up and write down the use information (S08) of this protected software; and judge the use information of the software of protecting such as whether reached preset threshold (S09) service time, if reach threshold value then start remote calibration flow process (S11).
The use information of above-mentioned protected software can be service time, accumulative total working time, accumulative total power-on time or the accumulative total access times of this protected software from the last alignment time; described threshold condition can be to rise the last alignment time, and the ratio of the ratio of the service time of protected software, accumulative total working time, accumulative total power-on time, accumulative total access times, accumulative total working time and service time, power-on time and service time or accumulative total access times reach preset value with the ratio of service time.The above-mentioned the last alignment time is software protecting equipment is successfully calibrated described setup time with server time the moment, perhaps is the issuing time of protected software.
The method of inspection and judgment threshold now is described with concrete operation strategy.For example the restriction term of life of an office software is 100 days, average service time every day can be above 8 hours, that is to say that under normal circumstances the accumulative total working time of this software promptly surpasses term of life after reaching 800 hours, the ratio of (from the software issuing time to the current time interval) should be above 1/3 to add up working time and service time simultaneously.Therefore can allow the software protecting equipment record accumulative total working time; if find to have reached certain numerical value; such as 500 hours; and with the ratio of service time obviously greater than 1/3; such as reaching 1/2; then the main frame time has artificially been revised probably, and current setup time confidence level is very low, at this moment just starts remote calibration flow process (S11).Under the normal operating position of user; the ratio of accumulative total working time and service time is difficult to reach above-mentioned condition; therefore can not start remote calibration flow process (S11) but directly enter control flow (S10), can not give and normally use the user of software to bring inconvenience protected software.
After starting remote calibration flow process (S11); software protecting equipment produces random information; this random information can be the random number of the certain-length of hardware generation; when generating request data package, produce and be recorded in the nonvolatile memory by described software protecting equipment; the unique sequence number of this random number and equipment is formed request data package (S12), sends to clock server (S13) via main frame.Request data package can also comprise the request msg packet number in the nonvolatile memory that is recorded in software protecting equipment, and the initial value of this request msg packet number is 0, and adds 1 after each transmission request data package.
At this moment at the clock server end; server receives request back (S20); the above-mentioned random number and the unique sequence number of equipment that comprise in current real-time time, the request data package are formed the response data packet data; and with privacy key response data packet is carried out digital signature and append to (S21) in the response data packet, return to software protecting equipment (S22) via main frame.If comprise the request msg packet number in the request data package, then response data packet also comprises this numbering, so that software protecting equipment is tested.
Software protecting equipment and clock server can access to your password and learn integrality and the unforgeable that function guarantees response data packet.Specifically can adopt following scheme: software protecting equipment and clock server can be shared a symmetric key, so that described response data packet is carried out encryption and decryption; Perhaps but response data packet is added verification msg by clock server; these data are accessed to your password by clock server and learn the algorithm generation; verified its validity by software protecting equipment; and other people can't generate, and for example can adopt cryptographic algorithms such as MAC, HMAC, digital signature that the data operation of response data packet is produced.
Adopt the scheme of symmetric key in the present embodiment.After software protecting equipment receives above-mentioned clock response data packet (S14); with the symmetric key of sharing it is deciphered, and the information of the random number in the auth response packet and the unique sequence number of equipment or request msg packet number and the inner preservation of this software protecting equipment whether consistent (S15).But if adopt, but then need to use the verification msg that comprises in the response data packet that the integrality and the unforgeable of response data packet are verified by the scheme of clock server to the additional verification msg of response data packet.
If above-mentioned checking fail by, then think an invalid response data packet, at this moment enter clock respond packet abnormality processing flow process (S16); If above-mentioned checking is all passed through; then think an effective response data packet; and with wherein real-time time updating device time (S17); at this moment need to judge the validity of clock server time; if the clock server time is later than setup time, perhaps in the preset time scope early than setup time, then use the clock server time updating device time; otherwise enter response data packet abnormality processing flow process, for example ban use of described protected software.
Because response data packet is issued to software protecting equipment termination receipts from server end and has time-delay; therefore software protecting equipment can revised (S18) with the main frame time with the server time calibrating installation after the time again; need to judge the validity of main frame time during correction equally, its process is identical with correcting device time main frame time (S05) with the aforementioned back that powers on.After successfully finishing aforesaid operations, finish remote calibration flow process (S19), enter control flow (S10) to protected software.
If real-time time remote calibration flow process starts but does not finish as yet; then forbid the use of protected software immediately, perhaps from this moment when service time of protected software, accumulative total working time, after accumulative total power-on time or accumulative total access times reach predetermined value, forbid the use of this protected software.If be not activated real-time time remote calibration flow process, then to protected software implementation expectant control strategy.
The present invention is not limited to above-mentioned particular implementation example; do not deviating under spirit of the present invention and the real situation thereof; skilled personnel can make various corresponding changes and distortion according to the present invention, and these corresponding changes and distortion all should belong within the claims protection domain of the present invention.