A kind of method of protecting encryption software
Technical field
The present invention relates to be used to prevent the method for protecting software of software bootlegging or plagiarization, refer more particularly to a kind of method of protecting encryption software.
Background technology
Along with development of science and technology, software occupies more and more important position in new product.Intellecture property for the protection product prevents bootlegging and plagiarization, and industry has adopted several different methods to carry out encipherment protection.
In traditional general encryption chip guard method, generally the encrypted access program is embedded in the single thread, the every ad-hoc location of carrying out of system just removes to visit encryption chip, and waits for after encrypting and authenticating information is returned and carry out normal program circuit again.Because the visit encryption chip is based on the IO control of serial; access speed can be slow; the general mutual cycle reaches more than the 20ms; in traditional single-threaded encryption protecting method; total system will wait for that all the encrypting and authenticating process executes in the encrypting and authenticating process, will produce a large amount of delays like this, under the situation of having relatively high expectations for real-time; so big time-delay in the program operation process can directly have influence on the performance of system.And in this guard method, carry out verification process as the gateway of authentication in a place of code, the risk that is cracked is higher relatively.
Summary of the invention
The object of the present invention is to provide a kind of multithreading nested, have dirigibility, security and high performance guard method concurrently encryption software.
For solving above and technical matters, a kind of method of protecting encryption software of the present invention is to adopt encryption chip to carry out the encryption and authentication method of multithreading, and described multithreading is made up of the critical thread of being responsible for the encrypting and authenticating process and crucial management thread and the key function thread of being responsible for the authentication last handling process; Carry out the multinest authentication between multithreading.
Described method comprises the steps:
A, described critical thread are utilized encryption and authentication method timer access storage enciphered storage chip, carry out encrypting and authenticating, and notify crucial management thread with the result of encrypting and authenticating by the mode of inter-thread communication;
B, described crucial management thread are constantly handled the quantity of variety of event and statistical phenomeon, when quantity surpasses preset value, just think that chip operation is undesired, enter the denial of service flow process this moment and make the system can't normal operation; If before the incident statistical magnitude surpasses preset value, receive the authentication result that critical thread sends over, then with the zero clearing of incident statistical magnitude, then according to authentication result, judge whether authentication is passed through, by promptly continuing normal flow, do not make the system can't normal operation by then entering the denial of service flow process;
C, described crucial management thread can be transmitted to this result the key function thread when receiving the authentication result of critical thread;
D, key function thread are constantly handled the quantity of variety of event and statistical phenomeon, when quantity surpasses preset value, just think that chip operation is undesired, enter the denial of service flow process this moment and make the system can't normal operation; If before the incident statistical magnitude surpasses preset value, receive the authentication result that crucial management thread sends over, then the zero clearing of incident statistical magnitude is continued normal flow.
General software encryption and protection method all is to embed the encrypting and authenticating program in the single thread the inside, carries out encrypting and authenticating and authentication processing serially, compares this disposal route.The nested software encryption and protection method of multithreading of the present invention has following characteristics and advantage:
1, reduces the interference of verification process to system performance.
The visit encryption chip is the IO control that belongs to serial, and access speed can be slow, and the cycle that encrypting and authenticating is carried out in the mutual communication of regular software and encryption chip reaches more than the 20ms.In general software encryption and protection method; with the single-threaded encrypting and authenticating that directly carries out; and the result to encrypting and authenticating handles in this thread; the normal process process of total system will be interrupted in the process of encrypting and authenticating; system must wait for that the encrypting and authenticating process finishes; just can proceed the normal handling flow process, produce very big delay.Under the situation of having relatively high expectations for real-time, so big time-delay in the program operation process can directly have influence on the performance of system.
And in the nested software encryption and protection method of multithreading of the present invention, be responsible for long verification process consuming time by critical thread, and this moment, other threads can move down concurrently, the normal process of system can not be interrupted, and can well avoid performance loss.
2, increasing cracks difficulty, strengthens encryption strength.
In traditional single-threaded encryption protecting method the inside.Carry out verification process at same thread as the gateway of authentication, the risk that is cracked is bigger, and the cracker can crack by killing methods such as authentication thread or skip authentication code easily.
And in the nested software encryption and protection method of multithreading of the present invention; crucial management thread and key function thread combine with the application of system itself; on transaction statistics, adopt multiple incident comprehensively to carry out; reach preset value by the transaction statistics value and confirm that encipherment protection is by unauthorised broken; and the transaction statistics value can present growth brokenly according to running situation; therefore there be not storage enciphered storage chip or critical thread to check under the ruined situation of encryption mechanism; the time of equipment refusal work presents erratic behavior, and a plurality of encipherment protection threads and the erratic protection process of coming into force have played the effect of disturbing the cracker to judge.Simultaneously, except critical thread goes to check the encryption, crucial management thread itself is the requisite thread of system, it is again the thread that the supervision encrypting and authenticating is carried out, the key function thread also exercises supervision to encrypted result, on thread, form the multiple insurance of carrying out encrypting, increased greatly and cracked difficulty.
Description of drawings
Fig. 1 is the connection diagram of hardware involved in the present invention
The flow chart of steps of Fig. 2 the inventive method
Embodiment
Describe in detail below in conjunction with specific embodiments:
The key function thread that adopts in this specific embodiments only adopts one; be key function thread C, but this does not influence protection scope of the present invention, because can add a plurality of key function threads as required; carry out the multinest authentication by the cross-thread communication, so that strengthen protection.
This method is used to adopt general encryption chip to carry out the hardware encipher authentication of multithreading, has storage enciphered storage chip.Its hardware connects as shown in Figure 1.Owing to adopt serial line interface to communicate between MCU and the storage enciphered storage chip, as SPI or I2C, the storage enciphered storage chip number of pins of therefore recommending to adopt has only 8, the SOIC encapsulation, take up room (7mm * 5.5mm) quite little, cost is low, and being easy to increases, the old product of no encryption function is transformed also very convenient, cost burden is little.
The concrete implementation step of the nested software encryption and protection method of multithreading of the present invention following (as shown in table 2):
Step 1 is utilized the timer critical thread A that uses in key function module, utilize encryption and authentication method timer access storage enciphered storage chip, carries out encrypting and authenticating.
Here the encrypting and authenticating mode can adopt the software and hardware bidirectional encipher scheme based on mutation DES algorithm.Process is as follows:
Storage enciphered storage chip |
Cooperating process |
MCU |
Ri |
MCU reads Ri |
Ks=F1 |
|
R is sent to storage enciphered storage chip |
R (random number) |
Ri+1=F2(Ks,Ri,R) |
Q is sent to storage enciphered storage chip |
Q=F2(Ks,Ri,R) |
Check whether Ri+1 equals Q |
MCU sends the verification authentication command |
Q’=F2(Ks,Q) |
If Ri+1=Q |
|
|
Ri+2=F2(Ks,Ri+1) |
|
|
Ri=Ri+2, authentication is passed through |
|
|
If Ri+1 ≠ Q |
MCU reads Ri |
Check whether Q ' equals Ri |
Ri=Ri, authentification failure |
|
If Q '=Ri, authentication is passed through |
|
|
If Q ' ≠ Ri, authentification failure |
Step 2, critical thread A can notify key function crucial management thread B by the mode of inter-thread communication to the result of encrypting and authenticating.Here inter-thread communication can adopt modes such as message queue, pipeline.Crucial management thread B is the system core management thread.It constantly handles variety of event, and the quantity of statistical phenomeon.
Step 3 is judged authentication result among the crucial management thread B, does not pass through if find the encrypting and authenticating result, just quits work immediately or restarts.Also handled affairs own are counted simultaneously among the crucial management thread B, after having added up some affairs, when not receiving that still encrypting and authenticating as a result, judge that then storage enciphered storage chip does not have operate as normal, crucial management thread B will quit work or restart facility immediately this moment.
Step 4, crucial management thread B can transmit this result a key function thread C of giving in the authentication result of receiving critical thread A.Key function thread C is another critical thread of system.It constantly handles variety of event, and the quantity of statistical phenomeon
Step 5, key function thread C constantly adds up the quantity of the incident of self handling.When quantity surpasses preset value.Just think that chip operation is undesired.Enter the denial of service flow process this moment, carry out and restart or out-of-work immediately action, thereby the system that makes can't normal operation.And if before the incident statistical magnitude surpasses preset value, receive the authentication result that crucial management thread B sends over, key function thread C is just with incident statistical magnitude zero clearing continuation normal flow.