CN102880818A - Software protection method - Google Patents
Software protection method Download PDFInfo
- Publication number
- CN102880818A CN102880818A CN2012103829648A CN201210382964A CN102880818A CN 102880818 A CN102880818 A CN 102880818A CN 2012103829648 A CN2012103829648 A CN 2012103829648A CN 201210382964 A CN201210382964 A CN 201210382964A CN 102880818 A CN102880818 A CN 102880818A
- Authority
- CN
- China
- Prior art keywords
- software
- data
- thread
- sub
- protecting equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses a software protection method, which comprises the following steps of: when software runs, establishing a sub-process or a sub-thread special for interaction with a software interaction device; and when the software protection device is required by the software for data processing, performing data interaction with the software protection device in an asynchronous way by utilizing the sub-process or the sub-thread. According to the software protection method, the software and the software protection device can perform the data interaction in an asynchronous communication way, so that the software debugging and analysis difficulty of a third party can be improved, and the security of the software can be improved.
Description
Technical field
The present invention relates to information security technology, particularly relate to a kind of method for protecting software.
Background technology
At present, software protecting equipment is the Main Means of realizing Software security protection and copyright protection.So-called software protecting equipment refers in particular to a kind of hardware device that is attached on the computer interface (as: interfaces such as USB interface, serial ports, parallel port), and the specific software that operates in the computing machine is carried out safeguard protection and copyright protection.The conventional method that adopts software protecting equipment to carry out software protection is to regard it as calculate platform with protected software parallel, the part of functions in the software is transplanted in the software protecting equipment is realized, calls these functions when running software.Because the operation of protected software depends on the budget function that software protecting equipment provides, and the cracker can't the propagation software protective device, therefore can well protect software.
In the software protecting equipment, encryption lock is the most frequently used a kind of.So-called encryption lock is a kind of high strength intelligent card chip and advanced cryptological technique of adopting, and has certain computing and the hardware device of storage capacity, is difficult to simultaneously be cracked and copied, and has in the high strength software copyright protection widely and uses.The mode of traditional use encryption lock is encryption lock to be inserted computer interface and protected software connects; when moving transplanted function, needs send call request and related data to software protecting equipment; result after software protecting equipment will be processed according to call request returns, and protected software receives the follow-up reforwarding row of data.
But; when using software protecting equipment protection software; usually all be that protected software and software protecting equipment carry out direct data communication; protected software is according to the logical order of running software; directly obtain corresponding result to software protecting equipment in real time; like this; the opportunity of interactive information and order and running software have direct corresponding relation between protected software and the software protecting equipment; thus; hacker or virus are easy to by intercepting and capturing mutual data message between the two the execution of software be attacked; thereby cause the destruction of software or losing and leakage of data, produce potential safety hazard.
Summary of the invention
In view of this, fundamental purpose of the present invention is to provide a kind of method for protecting software, and the method can improve the security of software.
In order to achieve the above object, the technical scheme of the present invention's proposition is:
A kind of method for protecting software comprises:
When a, running software, set up to be exclusively used in software protecting equipment and carry out mutual subprocess or sub-thread;
B, carry out data when processing when described software needs software protecting equipment, utilize described subprocess or sub-thread, adopt asynchronous system and described software protecting equipment to carry out data interaction.
In sum; the method for protecting software that the present invention proposes; utilize special-purpose subprocess or sub-thread; carry out data interaction so that adopt the mode of asynchronous communication between software and the software protecting equipment; the difficulty that the third party debugs and analyzes software can be improved, and then the security of software can be improved.
Description of drawings
Fig. 1 is schematic flow sheet of the present invention.
Embodiment
For making the purpose, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with the accompanying drawings and the specific embodiments.
Core concept of the present invention is: during running software; carry out data communication by asynchronous system and software protecting equipment; the not direct access software protective device of software itself; like this; can make packet mutual between software protecting equipment and the software can't directly reflect the real-time that software is carried out by asynchronous communication; thereby the difficulty that the packet that increase hacker utilization is intercepted and captured is debugged and analyzed software, thus the possibility that it destroys software can be reduced, improve the security of software.
Fig. 1 is schematic flow sheet of the present invention, and as shown in Figure 1, the present invention mainly comprises:
When step 101, running software, set up to be exclusively used in software protecting equipment and carry out mutual subprocess or sub-thread.
Here; carry out mutual subprocess or sub-thread by setting up to be exclusively used in software protecting equipment in this step; host process or the main thread that can guarantee software directly and between the software protecting equipment do not communicate, and realize the asynchronous communication of software and software protecting equipment.
Particularly, in actual applications, can be created to be exclusively used in software protecting equipment by the host process of software and carry out mutual subprocess; Created to be exclusively used in software protecting equipment by the main thread of software and carry out mutual sub-thread.
In this step; by guaranteeing that software adopts asynchronous system and described software protecting equipment to carry out data interaction; can be so that the execution of the opportunity of interaction data and software be asynchronous between the two; thereby so that after the third party is to described mutual Data acquisition; be difficult to according to these data software be debugged and analyzed; thereby can reduce the possibility that it destroys software, improve the security of software.
Preferably; in order further to guarantee the security of data interaction; data mutual between described subprocess or sub-thread and the described software protecting equipment can be the data after encrypting through cryptographic algorithm (such as symmetry algorithm or asymmetric arithmetic or other cryptographic algorithm etc.); particularly; all can by host process/main thread, subprocess/sub-thread, software protecting equipment encryption; namely can be between host process/main thread and subprocess/sub-thread, data to be encrypted, perhaps between subprocess/sub-thread and software protecting equipment, data are encrypted.
Preferably, described step 102 can adopt following method to realize:
Step 1021, carry out data when processing when described software need to trigger software protecting equipment, the relevant information that described data are processed is stored in the default shared memory and notifies described subprocess or sub-thread.
Here; at the host process of software or main thread when carrying out; when needs triggering software protecting equipment carries out the data processing; the relevant information that needs first data to be processed is stored in the default shared memory; simultaneously described storage is notified to being exclusively used in subprocess or the sub-thread (concrete notice can pass through to subprocess or thread send call request realization) mutual with software protecting equipment, sent to software protecting equipment to trigger its relevant information that data are processed.
Preferably, described shared memory can be shared drive, global variable or shared External memory equipment.
Step 1022, described subprocess or sub-thread read the relevant information that described data are processed according to described notice from described shared memory, and the relevant information that described data are processed sends in the described software protecting equipment.
The relevant information that step 1023, described software protecting equipment are processed according to described data is carried out corresponding data processing, and the data after will processing send to subprocess or sub-thread.
Step 1024, described subprocess or the sub-thread data after with described processing are stored in the described shared memory.
Step 1025, described software obtain the data after the described processing from described shared memory.
This step specifically can by host process or the main thread of software, be obtained the data after software protecting equipment is processed, and then be carried out follow-up operation from described shared memory.
In actual applications, can trigger data host process or main thread obtain described processing from shared memory after by following dual mode: but a kind of be host process or main thread Real Time Monitoring shared memory, can obtain after monitoring the data that deposit in after the described processing; Another kind is after subprocess or the sub-thread data after with described processing are stored in the described shared memory, send the notification message of reading out data to host process or main thread, host process or main thread come to obtain data after the described processing according to this notification message from shared memory.
Specific embodiment below by two software protections is further set forth the present invention:
Protected software is a kind of software for composing in the embodiment of the invention one, can be by setting font and the data such as font size, page size, back gauge are set type to newpapers and periodicals, preserve the composing result and open before the composing destination file.Suppose that software protecting equipment is hardware encipher lock, comprise a pool of keys Keys in the lock, storage key and number information comprise that also an encryption and decryption module is used for encryption and decryption data information.
Use software for composing any time, preserve current type-setting document as a result the time, software for composing can be according to send the request of preservation of opening to encryption lock, the data sequential storage in the internal memory to disk file, when being saved in page data about critical datas such as the data of font and page back gauges, such as " fonttype1=simplesongx12pt; Fonttyp2=kaitix14pt; Pagesize1=A4; Pagesizeout={ 2,3,2.65,3.39 }; " etc. critical data send to the encryption lock buffer zone; and by calling encryption and decryption module in the lock, generates an accidental enciphering result, comprises ciphertext and encryption key pair ID; become r-crypted-result, and encrypted result is saved in inside the disk file organization body.
Use software for composing open before type-setting document as a result the time, software for composing sequentially reads the data in the file in the internal memory, when running into page data about critical datas such as the data of font and page back gauges, can the as a result r-crypted-result byte stream after encrypting be sent in the lock, and call the encryption and decryption module, program in the encryption lock reads r-crypted-result by the transmission buffer zone can know key ID, find unique key corresponding in the pool of keys by ID, and deciphering, and the plaintext result is sent to software for composing, and software for composing continues follow-up use operation.
Among the embodiment one, encryption lock is connected with the target platform of operation software for composing, when software for composing moves, host process can create one or more subprocesss, subprocess is exclusively used in the data interaction with encryption lock, host process and subprocess keep communicate by letter by shared drive mapping kernel objects, and host process is obtained the data message that required encryption lock returns by subprocess and then carried out follow-up operation use.
The idiographic flow step is as follows:
When 1, software for composing moved, host process created one or more subprocesss, kept communication by shared drive mapping kernel objects between process.
2, the type-setting document before software for composing need to preserve the type-setting document result or open is as a result the time, and host process sends request to subprocess, and the association requests data are write shared drive.
3, after subprocess receives request, read the request msg in the shared drive, send to encryption lock.
4, the encryption and decryption calculation process is carried out in encryption lock inside, and result is returned to subprocess.
5, subprocess receives the data message that returns, and writes shared drive.
6, host process reads the data message that encryption lock returns in the shared drive, carries out follow-up operation and uses.
Software program is a kind of software program that adds shell in the embodiment of the invention two, and software protecting equipment is hardware encipher lock (calling encryption lock in the following text), and encryption lock is connected with target platform by interface, and software and encryption lock carry out asynchronous communication by multithreading.
During the software program operation, main thread creates one or more sub-thread, and sub-thread is exclusively used in encryption lock and carries out data interaction, and main thread and sub-thread keep data communication by the global variable mode.When software program needed mutual encryption lock to carry out Correlation method for data processing or logical operation, main thread obtained the data message that required encryption lock returns by sub-thread, thereby proceeds follow-up logical process.In this process, software itself is not directly accessed encryption lock, has increased the difficulty of software debugging and analysis, the security that has improved software.
The idiographic flow step is as follows:
When 1, software program moves, create one or more sub-thread by main thread.Main thread and sub-thread keep data communication by global variable.
2, when software need to call the encryption lock data, main thread writes solicited message (such as information such as the method function of funcall and parameters) in the global variable and to sub-thread and sends call request.
3, after sub-thread receives call request, read the request msg that main thread writes in the global variable and send in the encryption lock.
4, encryption lock receives the request msg that sub-thread sends, and carries out corresponding calculation process according to the content of request msg, and result is returned to sub-thread.
5, sub-thread receives the result data that encryption lock returns and writes in the global variable.
6, main thread reads the result data that shared drive neutron thread writes and carries out follow-up logical process.
In the above step, data storages is guaranteeing data security property when communicate by letter, the processing that can be encrypted and decipher data by symmetry or the cryptographic algorithm such as asymmetric.
In sum, above is preferred embodiment of the present invention only, is not for limiting protection scope of the present invention.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (6)
1. a method for protecting software is characterized in that, comprising:
When a, running software, set up to be exclusively used in software protecting equipment and carry out mutual subprocess or sub-thread;
B, carry out data when processing when described software needs software protecting equipment, utilize described subprocess or sub-thread, adopt asynchronous system and described software protecting equipment to carry out data interaction.
2. method according to claim 1 is characterized in that, described step b comprises:
Carry out data when processing when described software need to trigger software protecting equipment, the relevant information that described data are processed is stored in the default shared memory and notifies described subprocess or sub-thread;
Described subprocess or sub-thread read the relevant information that described data are processed according to described notice from described shared memory, and the relevant information that described data are processed sends in the described software protecting equipment;
The relevant information that described software protecting equipment is processed according to described data is carried out corresponding data processing, and the data after will processing send to described subprocess or sub-thread;
Described subprocess or the sub-thread data after with described processing are stored in the described shared memory;
Described software obtains the data after the described processing from described shared memory.
3. method according to claim 1 is characterized in that, described shared memory is shared drive or shared External memory equipment.
4. method according to claim 1 is characterized in that, carries out mutual subprocess by described being exclusively used in software protecting equipment of host process establishment of software among the step a.
5. method according to claim 1 is characterized in that, carries out mutual sub-thread by described being exclusively used in software protecting equipment of main thread establishment of software among the step b.
6. method according to claim 1 is characterized in that, data mutual described in the step b are the data after encrypting through cryptographic algorithm.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012103829648A CN102880818A (en) | 2012-10-10 | 2012-10-10 | Software protection method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012103829648A CN102880818A (en) | 2012-10-10 | 2012-10-10 | Software protection method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102880818A true CN102880818A (en) | 2013-01-16 |
Family
ID=47482140
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012103829648A Pending CN102880818A (en) | 2012-10-10 | 2012-10-10 | Software protection method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102880818A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107239698A (en) * | 2017-05-27 | 2017-10-10 | 北京洋浦伟业科技发展有限公司 | A kind of anti-debug method and apparatus based on signal transacting mechanism |
| CN110008662A (en) * | 2019-04-11 | 2019-07-12 | 北京字节跳动网络技术有限公司 | Operation method, device, electronic equipment and the readable storage medium storing program for executing of application program |
| CN110020533A (en) * | 2018-01-08 | 2019-07-16 | 福建天泉教育科技有限公司 | A kind of method for security protection and terminal of VR resource |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101216873A (en) * | 2007-12-29 | 2008-07-09 | 北京深思洛克数据保护中心 | A software copyright protection and system based on encryption lock and encryption lock |
| US7552449B1 (en) * | 2000-01-21 | 2009-06-23 | Sun Microsystems, Inc. | Method for enabling multiple concurrent subprocess handling on a system using a global process |
| CN101883108A (en) * | 2010-06-29 | 2010-11-10 | 中兴通讯股份有限公司 | Document transmission method and system of dynamic authentication |
| CN102324006A (en) * | 2011-09-06 | 2012-01-18 | 四川九洲电器集团有限责任公司 | Processor program safety protection device and method |
-
2012
- 2012-10-10 CN CN2012103829648A patent/CN102880818A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7552449B1 (en) * | 2000-01-21 | 2009-06-23 | Sun Microsystems, Inc. | Method for enabling multiple concurrent subprocess handling on a system using a global process |
| CN101216873A (en) * | 2007-12-29 | 2008-07-09 | 北京深思洛克数据保护中心 | A software copyright protection and system based on encryption lock and encryption lock |
| CN101883108A (en) * | 2010-06-29 | 2010-11-10 | 中兴通讯股份有限公司 | Document transmission method and system of dynamic authentication |
| CN102324006A (en) * | 2011-09-06 | 2012-01-18 | 四川九洲电器集团有限责任公司 | Processor program safety protection device and method |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107239698A (en) * | 2017-05-27 | 2017-10-10 | 北京洋浦伟业科技发展有限公司 | A kind of anti-debug method and apparatus based on signal transacting mechanism |
| CN110020533A (en) * | 2018-01-08 | 2019-07-16 | 福建天泉教育科技有限公司 | A kind of method for security protection and terminal of VR resource |
| CN110020533B (en) * | 2018-01-08 | 2021-02-09 | 福建天泉教育科技有限公司 | Safety protection method for VR resources and terminal |
| CN110008662A (en) * | 2019-04-11 | 2019-07-12 | 北京字节跳动网络技术有限公司 | Operation method, device, electronic equipment and the readable storage medium storing program for executing of application program |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104392188B (en) | A kind of secure data store method and system | |
| CN108595989B (en) | Mobile APP safety protection system and method under iOS | |
| EP3314808B1 (en) | Binding a trusted input session to a trusted output session | |
| CN104156642B (en) | A kind of security password input system and method based on safe touch screen control chip | |
| US9304941B2 (en) | Self-encrypting flash drive | |
| JP5775738B2 (en) | Information processing apparatus, secure module, information processing method, and information processing program | |
| CN101551784B (en) | Method and device for encrypting data in ATA memory device with USB interface | |
| US20140164793A1 (en) | Cryptographic information association to memory regions | |
| CN102592083B (en) | Storage protecting controller and method for improving safety of SOC (system on chip) | |
| CN107194284A (en) | A kind of method and system based on the user-isolated data of TrustZone | |
| CN103294961A (en) | Method and device for file encrypting/decrypting | |
| US8996883B2 (en) | Securing inputs from malware | |
| CN204242180U (en) | A kind of security password input system based on safe touch screen control chip | |
| CN110659458A (en) | Central processor design method supporting software code data secret credible execution | |
| CN103136458A (en) | Code protection method for Linux operating system and module of method | |
| CN102880818A (en) | Software protection method | |
| CN103136126A (en) | Achieving method of data security storage equipment capable of ensuring data security | |
| CN104504310A (en) | Method and device for software protection based on shell technology | |
| US9251356B2 (en) | Module encryption/decryption program | |
| US9122504B2 (en) | Apparatus and method for encryption in virtualized environment using auxiliary medium | |
| EP2674892B1 (en) | A method, a device and a computer program support for execution of encrypted computer code | |
| CN102768646A (en) | Serial port hard disk encryption and decryption device | |
| CN110020533A (en) | A kind of method for security protection and terminal of VR resource | |
| CN102930222A (en) | Key-defending recording method and system | |
| CN109190407B (en) | High-performance encryption and decryption operation capability expansion method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C05 | Deemed withdrawal (patent law before 1993) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130116 |