CN101599112B - Method for protecting encrpytion software - Google Patents
Method for protecting encrpytion software Download PDFInfo
- Publication number
- CN101599112B CN101599112B CN2009100385060A CN200910038506A CN101599112B CN 101599112 B CN101599112 B CN 101599112B CN 2009100385060 A CN2009100385060 A CN 2009100385060A CN 200910038506 A CN200910038506 A CN 200910038506A CN 101599112 B CN101599112 B CN 101599112B
- Authority
- CN
- China
- Prior art keywords
- thread
- authentication
- encryption
- encrypting
- authenticating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a method for protecting encryption software, which features multi-threading nesting and combination of flexibility, security and high performance. The method of the invention is an encryption authentication method which adopts encryption chips to carry out multithreads; the multithreads consist of a key thread, a key management thread and a key function thread, wherein, the key thread takes charge of encryption authentication process, and the key management thread and the key function thread take charge of post-authentication processing procedures; multi-nest authentication is carried out among the multithreads. The method of the invention can not only well avoid property loss but also greatly increase the difficulty of cracking software.
Description
Technical field
The present invention relates to be used to prevent the method for protecting software of software bootlegging or plagiarization, refer more particularly to a kind of method of protecting encryption software.
Background technology
Along with development of science and technology, software occupies more and more important position in new product.Intellecture property for the protection product prevents bootlegging and plagiarization, and industry has adopted several different methods to carry out encipherment protection.
In traditional general encryption chip guard method, generally the encrypted access program is embedded in the single thread, the every ad-hoc location of carrying out of system just removes to visit encryption chip, and waits for after encrypting and authenticating information is returned and carry out normal program circuit again.Because the visit encryption chip is based on the IO control of serial; access speed can be slow; the general mutual cycle reaches more than the 20ms; in traditional single-threaded encryption protecting method; total system will wait for that all the encrypting and authenticating process executes in the encrypting and authenticating process, will produce a large amount of delays like this, under the situation of having relatively high expectations for real-time; so big time-delay in the program operation process can directly have influence on the performance of system.And in this guard method, carry out verification process as the gateway of authentication in a place of code, the risk that is cracked is higher relatively.
Summary of the invention
The object of the present invention is to provide a kind of multithreading nested, have dirigibility, security and high performance guard method concurrently encryption software.
For solving above and technical matters, a kind of method of protecting encryption software of the present invention is to adopt encryption chip to carry out the encryption and authentication method of multithreading, and described multithreading is made up of the critical thread of being responsible for the encrypting and authenticating process and crucial management thread and the key function thread of being responsible for the authentication last handling process; Carry out the multinest authentication between multithreading.
Described method comprises the steps:
A, described critical thread are utilized encryption and authentication method timer access storage enciphered storage chip, carry out encrypting and authenticating, and notify crucial management thread with the result of encrypting and authenticating by the mode of inter-thread communication;
B, described crucial management thread are constantly handled the quantity of variety of event and statistical phenomeon, when quantity surpasses preset value, just think that chip operation is undesired, enter the denial of service flow process this moment and make the system can't normal operation; If before the incident statistical magnitude surpasses preset value, receive the authentication result that critical thread sends over, then with the zero clearing of incident statistical magnitude, then according to authentication result, judge whether authentication is passed through, by promptly continuing normal flow, do not make the system can't normal operation by then entering the denial of service flow process;
C, described crucial management thread can be transmitted to this result the key function thread when receiving the authentication result of critical thread;
D, key function thread are constantly handled the quantity of variety of event and statistical phenomeon, when quantity surpasses preset value, just think that chip operation is undesired, enter the denial of service flow process this moment and make the system can't normal operation; If before the incident statistical magnitude surpasses preset value, receive the authentication result that crucial management thread sends over, then the zero clearing of incident statistical magnitude is continued normal flow.
General software encryption and protection method all is to embed the encrypting and authenticating program in the single thread the inside, carries out encrypting and authenticating and authentication processing serially, compares this disposal route.The nested software encryption and protection method of multithreading of the present invention has following characteristics and advantage:
1, reduces the interference of verification process to system performance.
The visit encryption chip is the IO control that belongs to serial, and access speed can be slow, and the cycle that encrypting and authenticating is carried out in the mutual communication of regular software and encryption chip reaches more than the 20ms.In general software encryption and protection method; with the single-threaded encrypting and authenticating that directly carries out; and the result to encrypting and authenticating handles in this thread; the normal process process of total system will be interrupted in the process of encrypting and authenticating; system must wait for that the encrypting and authenticating process finishes; just can proceed the normal handling flow process, produce very big delay.Under the situation of having relatively high expectations for real-time, so big time-delay in the program operation process can directly have influence on the performance of system.
And in the nested software encryption and protection method of multithreading of the present invention, be responsible for long verification process consuming time by critical thread, and this moment, other threads can move down concurrently, the normal process of system can not be interrupted, and can well avoid performance loss.
2, increasing cracks difficulty, strengthens encryption strength.
In traditional single-threaded encryption protecting method the inside.Carry out verification process at same thread as the gateway of authentication, the risk that is cracked is bigger, and the cracker can crack by killing methods such as authentication thread or skip authentication code easily.
And in the nested software encryption and protection method of multithreading of the present invention; crucial management thread and key function thread combine with the application of system itself; on transaction statistics, adopt multiple incident comprehensively to carry out; reach preset value by the transaction statistics value and confirm that encipherment protection is by unauthorised broken; and the transaction statistics value can present growth brokenly according to running situation; therefore there be not storage enciphered storage chip or critical thread to check under the ruined situation of encryption mechanism; the time of equipment refusal work presents erratic behavior, and a plurality of encipherment protection threads and the erratic protection process of coming into force have played the effect of disturbing the cracker to judge.Simultaneously, except critical thread goes to check the encryption, crucial management thread itself is the requisite thread of system, it is again the thread that the supervision encrypting and authenticating is carried out, the key function thread also exercises supervision to encrypted result, on thread, form the multiple insurance of carrying out encrypting, increased greatly and cracked difficulty.
Description of drawings
Fig. 1 is the connection diagram of hardware involved in the present invention
The flow chart of steps of Fig. 2 the inventive method
Embodiment
Describe in detail below in conjunction with specific embodiments:
The key function thread that adopts in this specific embodiments only adopts one; be key function thread C, but this does not influence protection scope of the present invention, because can add a plurality of key function threads as required; carry out the multinest authentication by the cross-thread communication, so that strengthen protection.
This method is used to adopt general encryption chip to carry out the hardware encipher authentication of multithreading, has storage enciphered storage chip.Its hardware connects as shown in Figure 1.Owing to adopt serial line interface to communicate between MCU and the storage enciphered storage chip, as SPI or I2C, the storage enciphered storage chip number of pins of therefore recommending to adopt has only 8, the SOIC encapsulation, take up room (7mm * 5.5mm) quite little, cost is low, and being easy to increases, the old product of no encryption function is transformed also very convenient, cost burden is little.
The concrete implementation step of the nested software encryption and protection method of multithreading of the present invention following (as shown in table 2):
Step 1 is utilized the timer critical thread A that uses in key function module, utilize encryption and authentication method timer access storage enciphered storage chip, carries out encrypting and authenticating.
Here the encrypting and authenticating mode can adopt the software and hardware bidirectional encipher scheme based on mutation DES algorithm.Process is as follows:
| Storage enciphered storage chip | Cooperating process | MCU |
| Ri | MCU reads Ri | Ks=F1 |
| R is sent to storage enciphered storage chip | R (random number) | |
| Ri+1=F2(Ks,Ri,R) | Q is sent to storage enciphered storage chip | Q=F2(Ks,Ri,R) |
| Check whether Ri+1 equals Q | MCU sends the verification authentication command | Q’=F2(Ks,Q) |
| If Ri+1=Q | ||
| Ri+2=F2(Ks,Ri+1) | ||
| Ri=Ri+2, authentication is passed through | ||
| If Ri+1 ≠ Q | MCU reads Ri | Check whether Q ' equals Ri |
| Ri=Ri, authentification failure | If Q '=Ri, authentication is passed through | |
| If Q ' ≠ Ri, authentification failure |
Step 2, critical thread A can notify key function crucial management thread B by the mode of inter-thread communication to the result of encrypting and authenticating.Here inter-thread communication can adopt modes such as message queue, pipeline.Crucial management thread B is the system core management thread.It constantly handles variety of event, and the quantity of statistical phenomeon.
Step 3 is judged authentication result among the crucial management thread B, does not pass through if find the encrypting and authenticating result, just quits work immediately or restarts.Also handled affairs own are counted simultaneously among the crucial management thread B, after having added up some affairs, when not receiving that still encrypting and authenticating as a result, judge that then storage enciphered storage chip does not have operate as normal, crucial management thread B will quit work or restart facility immediately this moment.
Step 4, crucial management thread B can transmit this result a key function thread C of giving in the authentication result of receiving critical thread A.Key function thread C is another critical thread of system.It constantly handles variety of event, and the quantity of statistical phenomeon
Step 5, key function thread C constantly adds up the quantity of the incident of self handling.When quantity surpasses preset value.Just think that chip operation is undesired.Enter the denial of service flow process this moment, carry out and restart or out-of-work immediately action, thereby the system that makes can't normal operation.And if before the incident statistical magnitude surpasses preset value, receive the authentication result that crucial management thread B sends over, key function thread C is just with incident statistical magnitude zero clearing continuation normal flow.
Claims (1)
1. method of protecting encryption software, it is characterized in that described method is to adopt encryption chip to carry out the encryption and authentication method of multithreading, described multithreading is made up of the crucial management thread (B) and the key function thread of the critical thread (A) of being responsible for the encrypting and authenticating process and responsible authentication last handling process; Carry out the multinest authentication between multithreading; Comprise the steps:
A, described critical thread (A) are utilized encryption and authentication method timer access storage enciphered storage chip, carry out encrypting and authenticating, and notify crucial management thread (B) with the result of encrypting and authenticating by the mode of inter-thread communication;
B, described crucial management thread (B) are constantly handled the quantity of variety of event and statistical phenomeon, when quantity surpasses preset value, just think that chip operation is undesired, enter the denial of service flow process this moment and make the system can't normal operation; If before the incident statistical magnitude surpasses preset value, receive the authentication result that critical thread (A) sends over, then with the zero clearing of incident statistical magnitude, then according to authentication result, judge whether authentication is passed through, by promptly continuing normal flow, do not make the system can't normal operation by then entering the denial of service flow process;
C, described crucial management thread (B) can be transmitted to this result the key function thread in the authentication result of receiving critical thread (A);
D, key function thread are constantly handled the quantity of variety of event and statistical phenomeon, when quantity surpasses preset value, just think that chip operation is undesired, enter the denial of service flow process this moment and make the system can't normal operation; If before the incident statistical magnitude surpasses preset value, receive the authentication result that crucial management thread (B) sends over, then the zero clearing of incident statistical magnitude is continued normal flow.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100385060A CN101599112B (en) | 2009-04-09 | 2009-04-09 | Method for protecting encrpytion software |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100385060A CN101599112B (en) | 2009-04-09 | 2009-04-09 | Method for protecting encrpytion software |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101599112A CN101599112A (en) | 2009-12-09 |
| CN101599112B true CN101599112B (en) | 2010-11-03 |
Family
ID=41420555
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100385060A Active CN101599112B (en) | 2009-04-09 | 2009-04-09 | Method for protecting encrpytion software |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101599112B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104408365B (en) * | 2014-12-17 | 2017-05-24 | 中国人民解放军国防科学技术大学 | Progress authentication method based on password |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1348136A (en) * | 2001-11-16 | 2002-05-08 | 胡祥义 | Data enciphering method for dynamic cipher coding |
| EP1505475A2 (en) * | 2003-08-07 | 2005-02-09 | Microsoft Corporation | Projection of trustworthiness from a trusted environment to an untrusted environment |
| CN2886686Y (en) * | 2006-01-27 | 2007-04-04 | 北京飞天诚信科技有限公司 | Load balancing system in software protection process |
| CN101071388A (en) * | 2006-05-12 | 2007-11-14 | 联想(北京)有限公司 | Process-isolation control system and method |
-
2009
- 2009-04-09 CN CN2009100385060A patent/CN101599112B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1348136A (en) * | 2001-11-16 | 2002-05-08 | 胡祥义 | Data enciphering method for dynamic cipher coding |
| EP1505475A2 (en) * | 2003-08-07 | 2005-02-09 | Microsoft Corporation | Projection of trustworthiness from a trusted environment to an untrusted environment |
| CN2886686Y (en) * | 2006-01-27 | 2007-04-04 | 北京飞天诚信科技有限公司 | Load balancing system in software protection process |
| CN101071388A (en) * | 2006-05-12 | 2007-11-14 | 联想(北京)有限公司 | Process-isolation control system and method |
Non-Patent Citations (1)
| Title |
|---|
| JP特开2001-318787A 2001.11.16 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101599112A (en) | 2009-12-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106411937B (en) | Zero-day attacks detection, analysis and response system and its method based on mimicry defence framework | |
| CN102158367A (en) | Active anti-plug-in online game system and anti-plug-in method thereof | |
| CN1889432A (en) | Long-distance password identifying method based on smart card, smart card, server and system | |
| CN103500202B (en) | Security protection method and system for light-weight database | |
| CN102855446A (en) | Resource management system and corresponding method | |
| CN107483419A (en) | Method, apparatus, system, server and the computer-readable recording medium of server authentication access terminal | |
| CN111614468A (en) | Block chain consensus method and system | |
| CN1909447A (en) | Method for network data communication by using dynamic encryption algorithm | |
| CN102546672A (en) | Out-of-band authorization safety reinforcement method for cloud computing platform | |
| CN101599112B (en) | Method for protecting encrpytion software | |
| CN106326736A (en) | Data processing method and system | |
| CN103200562A (en) | Communication terminal locking method and communication terminal | |
| Segal | Seizing core technologies: China responds to US technology competition | |
| CN104158651B (en) | All-unfolded-structured AES encryption/decryption circuit based on data redundancy real-time error detection mechanism | |
| CN1917563A (en) | Method of controlling security of terminal set top box applied under environment of living broadcast and broadcast on demand | |
| CN108599932A (en) | A kind of identity identifying method for electric system | |
| CN104978302A (en) | TCM chip based intelligent security USB interface control method | |
| WO2007074992A1 (en) | Method for detecting malicious code changes from hacking of program loaded and executed on memory through network | |
| CN106971097A (en) | Software license method | |
| CN108307246B (en) | Method, storage medium, equipment and system for calculating popularity of live broadcast room | |
| CN1913547A (en) | Card distributing user terminer, centre and method and system for protecting repaid card data | |
| CN104394128A (en) | A control method for a terminal to access a server | |
| CN101291333B (en) | Controlling method of used node number by network software | |
| CN1315324C (en) | Safe access method and device for digital broadcast television network | |
| CN107395344A (en) | User profile guard method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: 510000 Guangdong City, Guangzhou province high tech Industrial Development Zone, Science City Road, No. 162, B3 District, unit fourth, unit 406 Patentee after: GUANGZHOU V-SOLUTION TELECOMMUNICATION TECHNOLOGY CO.,LTD. Address before: 510663 Guangzhou Science City, Guangdong science Avenue, building B3-406, No. 162 Patentee before: GUANGZHOU V-SOLUTION ELECTRONIC TECHNOLOGY Co.,Ltd. |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20091209 Assignee: Xinhe Technology (Guangzhou) Co.,Ltd. Assignor: GUANGZHOU V-SOLUTION TELECOMMUNICATION TECHNOLOGY CO.,LTD. Contract record no.: X2022990000628 Denomination of invention: A method of protecting encrypted software Granted publication date: 20101103 License type: Common License Record date: 20220914 |