Background technology
Software is as a kind of special product, because the feature of its pure digi-talization just suffers pirate puzzlement from coming out always.Pirate existence has not only caused tremendous loss to the software developer, has also greatly hindered the development of whole software industry.Therefore, nearly all software has all taked corresponding technical measures to avoid software to be cracked and piracy, wherein the most effectively is exactly hardware based encryption lock technology.
Encryption lock is a hardware device that is connected on computer parallel port or the USB mouth, and inside comprises specific function, for example a part of storage space, some cryptographic algorithms or some user-defined algorithm or function.Before software publishing, the software developer revises the software code of oneself, make software in operational process, need to use some functions of encryption lock inside, software leaves encryption lock and just can't move like this, encryption lock is as a kind of hardware device simultaneously, the difficulty that copies is bigger, thereby plays the illegal effect of propagating of piracy software that prevents.
Encryption lock main on the current market comprises: the Hasp HL of the Sentinel Superpro of U.S. SafeNet company, Israel Aladdin company, BeiJing, China deep thinking Lip river grams is according to the WIBU-Key of the crack IV at protection center and German Wi-Bu company etc.All these encryption locks all provide built-in storage space, privately owned or disclosed cryptographic algorithm, in software running process, can call these functions and verify whether belong to legal.
The intensity of software copyright protection depends on two aspects: the firstth, and the reliability of encryption lock comprises the security of its hardware, the security of internal algorithm; The secondth, the compactedness of combination between software and the encryption lock.Corresponding, cracking of software also is to start with from these two aspects.As a rule, if the hardware safe enough of encryption lock is for example selected the very high intelligent card chip of level of security for use, and adopt international cryptographic algorithm or user-defined comparatively complicated algorithm, the security of hardware is than higher.That is to say the very difficult piracy of starting with to make software from encryption lock self of cracker.In most cases, the cracker can utilize various software debugging aids, to following the tracks of with communicating by letter of encryption lock in the software running process, thereby learn that software to the use intention of encryption lock, makes piracy by the modes such as function of software patch installing, analog encryption lock then.That is to say that in fact the intensity of software copyright protection depend on the tightness degree that software and encryption lock bundle, this binding is more tight, and the cracker just more is difficult to realize peel off (namely pirate) of encryption lock.
Yet, because the opening of operating system, whole implementations of software are under cracker's monitoring, in other words, the cracker can follow the tracks of any one link of software execute process, comprise the communication process of software and encryption lock, and call the result treatment process behind the encryption lock.And in the existing method, encryption lock is to belong to slave, each invoked procedure all is that the passive input according to application software provides corresponding result, not free restriction in the process of software transfer and hardware output is under this mode, when the cracker cracks certain pass point, only need dynamic debugging software, breakpoint is set near pass point, and the patient software function of analyzing this part, calls rule and return results use-pattern, thereby realize cracking.
Summary of the invention
The purpose of this invention is to provide a kind of method and encryption lock that utilizes encryption lock that software is protected, cause the problem of software easy crack to solve in the prior art because of not free restriction in the process of software transfer and hardware output.
To achieve these goals, the invention provides a kind of method of utilizing encryption lock that software is protected, described running software is in terminal device, and described terminal device and encryption lock communicate to connect mutually, said method comprising the steps of:
S1: software sends the instruction that picks up counting to encryption lock;
S2: encryption lock receives the described instruction back that picks up counting and checks self whether to be in self-locking state, if then encryption lock can not be called, finishes to carry out; If not, execution in step S3 then;
S3: encryption lock starts built-in timer and begins the cumulative time, and sends the permission call instruction to software;
S4: software receives behind the described permission call instruction to encryption lock sending function call instruction and desired data;
S5: encryption lock receive check the current accumulative total of described timer behind the instruction of described funcall and the desired data time whether above predetermined value, if, execution in step S10 then, if not, execution in step S6 then;
S6: encryption lock returns to software with result after described desired data is handled;
S7: software sends termination timing instruction to encryption lock after receiving described return results;
S8: encryption lock receives described termination timing instruction back and checks whether the time of the current accumulative total of described timer surpass described predetermined value, if, execution in step S10 then, if not, execution in step S9 then;
S9: described timer stops timing, and encryption lock is waited for next time and called;
S10: encryption lock enters self-locking state.
As preferably, described terminal device and communication mode between the encryption lock are that serial interface communication, parallel interface are communicated by letter, 1394 interface communications, radio-frequency (RF) identification interface communication, wireless lan interfaces are communicated by letter, USB (universal serial bus) is communicated by letter, Bluetooth communication, infrared communication, Wireless Fidelity is communicated by letter or ISO7816 communicates by letter.
As preferably, among the step S2, if encryption lock is in self-locking state, then also comprise: encryption lock returns the step of predefined error code to software.
As preferably, among the step S3, the time of accumulative total when elder generation's zero clearing was called last time during described timer initiation.
As preferably, among the step S9, described timer stops after the timing time zero clearing with accumulative total.
To achieve these goals, the present invention also provides a kind of encryption lock, be used for software is protected, described running software is in terminal device, described terminal device and encryption lock communicate to connect mutually, and described encryption lock comprises first judge module, communication module, self-locking module, data processing module, timer and second judge module;
Described first judge module is used for receiving the instruction back that picks up counting that software sends at described encryption lock and checks whether encryption lock is in self-locking state, and described self-locking state is that encryption lock can not invoked state;
Described timer is used for judging encryption lock when described first judge module not to begin the cumulative time when being in self-locking state;
Described communication module is used for when described first judge module judges that encryption lock is in self-locking state sending to software and allows call instruction, and receiving software receives the funcall that sends to encryption lock behind the described permission call instruction and instructs and desired data;
Described second judge module is used for checking that whether the time of the current accumulative total of described timer is above predetermined value after described encryption lock receives funcall instruction that software sends and desired data;
Described self-locking module is used for judging the time of the current accumulative total of described timer when described second judge module makes encryption lock enter self-locking state when surpassing predetermined value;
Described data processing module is used for time when described second judge module current accumulative total of the described timer of judgement after encryption lock receives funcall instruction that software sends and desired data to be handled described desired data during above predetermined value;
Described communication module also is used for the result of described data processing module is returned to software;
Described second judge module is used for also checking whether the time of the current accumulative total of described timer surpasses described predetermined value after described encryption lock receives the termination timing instruction of software transmission;
Described timer also is used for judging that in the termination timing instruction back that described encryption lock receives the software transmission time of the current accumulative total of described timer stops timing when surpassing predetermined value when described second judge module.
As preferably, described terminal device and communication mode between the encryption lock are that serial interface communication, parallel interface are communicated by letter, 1394 interface communications, radio-frequency (RF) identification interface communication, wireless lan interfaces are communicated by letter, USB (universal serial bus) is communicated by letter, Bluetooth communication, infrared communication, Wireless Fidelity is communicated by letter or ISO7816 communicates by letter.
As preferably, also comprise the error code sending module, it is used for returning predefined error code to software when described first judge module is checked through encryption lock and is in self-locking state.
As preferably, described predetermined value is default or set by the software developer by encryption lock provider.
As preferably, described timer also is used for the time of accumulative total when stopping after the timing with the time zero clearing of accumulative total or when starting that zero clearing was called last time.
Compared with prior art; the present invention has following beneficial effect: by method provided by the invention and encryption lock; during the protected software of the dynamic mode of cracker; if the cracker analyzes and the time of debugging software has surpassed the predetermined value of setting in the encryption lock; encryption lock will self-locking so; after this software can't call the function in the encryption lock, and this has just prevented that the cracker from following the tracks of the output result of encryption lock, improved the anti-ability of cracking largely.
Embodiment
Below in conjunction with accompanying drawing specific embodiments of the invention are elaborated.
As shown in Figure 1, provide a kind of method of utilizing encryption lock that software is protected, described running software is in terminal device, and described terminal device and encryption lock communicate to connect mutually, said method comprising the steps of:
S1: software sends the instruction that picks up counting to encryption lock;
S2: encryption lock receives the described instruction back that picks up counting and checks self whether to be in self-locking state, if then encryption lock can not be called, finishes to carry out; If not, execution in step S3 then;
S3: encryption lock starts built-in timer and begins the cumulative time, and sends the permission call instruction to software;
S4: software receives behind the described permission call instruction to encryption lock sending function call instruction and desired data;
S5: encryption lock receive check the current accumulative total of described timer behind the instruction of described funcall and the desired data time whether above predetermined value, if, execution in step S10 then, if not, execution in step S6 then;
S6: encryption lock returns to software with result after described desired data is handled;
S7: software sends termination timing instruction to encryption lock after receiving described return results;
S8: encryption lock receives described termination timing instruction back and checks whether the time of the current accumulative total of described timer surpass described predetermined value, if, execution in step S10 then, if not, execution in step S9 then;
S9: described timer stops timing, and encryption lock is waited for next time and called;
S10: encryption lock enters self-locking state.
Wherein, described encryption lock and communication mode between the main frame can be that serial interface communication, parallel interface are communicated by letter, 1394 interface communications, radio-frequency (RF) identification (RFID) interface communication, wireless lan interfaces (IEEE802.11 interface etc.) communication, USB (universal serial bus) (USB) interface communication, Bluetooth communication, infrared communication, Wireless Fidelity (Wi-Fi) communication and ISO7816 communication etc.
When encryption lock is in self-locking state, software can't call the predefine function in the encryption lock, if software sends pick up counting instruction or funcall instruction to encryption lock again, encryption lock will return predefined error code.
Described predetermined value can be default by encryption lock provider, also can make setting by oneself by the software developer.
Encryption lock can also can continue timer zero clearing and reclocking to increase progressively based on current cumulative time value after executing the interior function of lock, waits for next funcall instruction or stops the timing instruction.
Below by encryption and the protection procedure declaration method of the present invention to certain word processor.This is for a simplified embodiment of the present invention is described, actual ciphering process than this example complexity many, suppose in this example that only the setting of printing process to Word is encrypted, step is as follows:
One, determines the functional imperative that software need be encrypted, such as the spacing of the size of size, the font of the control page, font, number of print pages etc.; That is to say that when protected software need print, result and the encryption lock internal calculation of the size of its page, the size of font, font spacing are closely related.
Two, software sends the instruction that picks up counting to encryption lock, if not self-locking of encryption lock then starts timer, and the beginning cumulative time.
Three, software is to encryption lock sending function call instruction, and characteristic information that simultaneously will printed contents sends to encryption lock, for example: the number of print pages of number of words, paragraph number, expection.After encryption lock receives above-mentioned instruction and data, check earlier whether current cumulative time value surpasses the maximum limit definite value, if do not surpass the maximum limit definite value, call inner corresponding functional module so, estimate the spacing of the size of font, font and the size of the page according to the number of print pages of number of words, paragraph number, expection, will estimate that the result exports to software after calculating finishes.
Four, in step 3, if software has been finished the funcall in the encryption lock, then send to encryption lock and stop the timing instruction, after encryption lock receives instruction, check whether current cumulative time value surpasses the maximum limit definite value, if do not surpass the maximum limit definite value, encryption lock will stop timing so, and with the timer zero clearing, wait for and calling in limited time next time.
In conjunction with Fig. 2, below encryption lock provided by the invention is elaborated.
The encryption lock device is the hardware device for software copyright protection, comprises MCU, storer and the interface module that is connected with CPU.Described storer is connected with MCU, is used for preserving user's data; Described interface module is connected with MCU, is responsible for communicating by letter between MCU and the host CPU.Described MCU, storer, interface module also can be integrated in the same chip, provide all functions by single chip.
Encryption lock device inside comprises: communication module 1, management of process module 2, resource management module 3.
Communication module 1 is responsible for communicating by letter between encryption lock and the terminal device (for example main frame), and communication mode can be serial interface communication, parallel interface communication, 1394 interface communications, radio-frequency (RF) identification (RFID) interface communication, wireless lan interfaces (IEEE802.11 interface etc.) communication, USB (universal serial bus) (USB) interface communication, blue tooth interface communication, infrared interface communication, Wireless Fidelity (Wi-Fi) interface communication, ISO7816 serial communication etc.
Management of process module 2 is responsible for startup, execution and the termination of process.Described management of process module 2 can be by communicating between communication module 1 and the main frame, and behind the process initiation, process also can be by communicating between communication module 1 and the main frame.Management of process module 2 can start process as required voluntarily, for example namely starts process behind encryption lock device electrifying startup, also can be after the instruction that receives main frame the startup process.Namely enter implementation behind the process initiation, described process can be a program code that circulation is carried out, and remains running status before management of process module 2 stops the execution of process.Call instruction, the desired data that process in the process of implementation can the receiving computer main frame sends, obtain result instruction etc., transfer to corresponding program branches in inside according to the requirement of instruction, finish the processing procedure that needs.Described internal processes branch can be the predefined built-in function of encryption lock, such as encryption or the decryption processing of data, also can be user-defined usability of program fragments.
The encryption lock device provides required internal memory for the execution of process, in have the chip internal of encryption lock device, the outside can't directly be visited, to guarantee the safety of inner execution environment.Process can be placed on net result or the required intermediate variable of handling in the internal memory of encryption lock inside; when the protected software program need be used the result that certain calls, the protected software program be taken out and be sent to process can with required data by communication module 1 or by administration module and communication module 1 from internal memory.
Resource management module 3 is responsible for the resource of encryption lock device inside is managed, and comprises that the nonvolatile memory cell of foregoing memory management, encryption lock device inside is managed (for example Flash or EEPROM), other IO port except the IO port that interface module uses etc.Described process can conduct interviews by 3 pairs of described resources of resource management module, for example write in Flash or the EEPROM or sense data, by control certain IO port realize pilot lamp bright, go out etc.Resource management module 3 also can directly link to each other with communication module 1, does not directly provide the visit of the non-sensitive resource of part to main frame by process under in check situation, for example light on and off of pilot lamp.
Encryption lock of the present invention inside also comprises except comprising above-mentioned basic module: first judge module 4, self-locking module 7, data processing module 8, error code sending module 9, timer 5 and second judge module 6;
First judge module 4 is used for checking whether encryption lock is in self-locking state after described encryption lock receives the instruction that picks up counting of software transmission, if then encryption lock can not be called; If not, then described encryption lock starts the described 5 beginning cumulative times of timer, and sends the permission call instruction to software;
Error code sending module 9 is used for returning predefined error code to software when first judge module 4 is checked through encryption lock and is in self-locking state;
Timer 5 is used for judging that when first judge module 4 encryption lock does not begin the cumulative time when being in self-locking state;
Communication module 1 is used for sending the permission call instruction to software when first judge module 4 judges that encryption lock is not in self-locking state;
Second judge module 6 is used for checking that whether the time of described timer 5 current accumulative totals is above predetermined value after described encryption lock receives funcall instruction that software sends and desired data, if, then encryption lock enters self-locking state, if not, then encryption lock returns to software with result after described desired data is handled;
Self-locking module 7 is used for judging the time of timer 5 current accumulative totals when second judge module 6 makes encryption lock enter self-locking state when surpassing predetermined value;
Data processing module 8 is used for time when second judge module 6 judgement timer 5 current accumulative totals after encryption lock receives funcall instruction that software sends and desired data to be handled described desired data during above predetermined value;
Communication module 1 also is used for the result of data processing module 8 is returned to software;
Second judge module 6 is used for also checking whether the time of described timer 5 current accumulative totals surpasses described predetermined value after described encryption lock receives the termination timing instruction of software transmission, if, then encryption lock enters self-locking state, if not, then described timer 5 stops timing, and encryption lock is waited for next time and called;
Timer 5 also is used for judging the time of timer 5 current accumulative totals when second judge module 6 after described encryption lock receives the termination timing instruction of software transmission and does not stop timing when surpassing predetermined value, with the time zero clearing that adds up.
When encryption lock is in self-locking state, software can't call the predefine function in the encryption lock.If software sends pick up counting instruction or funcall instruction to encryption lock again, encryption lock will return predefined error code.
Described predetermined value can be default by encryption lock provider, also can make setting by oneself by the software developer.
Encryption lock can also can continue timer 5 zero clearings and reclocking to increase progressively based on current cumulative time value after executing the interior function of lock, waits for next funcall instruction or stops the timing instruction.
Above embodiment is exemplary embodiment of the present invention only, is not used in restriction the present invention, and protection scope of the present invention is defined by the claims.Those skilled in the art can make various modifications or be equal to replacement the present invention in essence of the present invention and protection domain, this modification or be equal to replacement and also should be considered as dropping in protection scope of the present invention.