Background technology
At present, widely used most of software belongs to development, including industry, agricultural, building, design, engineering
Cost, finance etc., it almost relate to all aspects of people's life.Development due to its it is with strong points, easy to operate the features such as
And popularized.
Conventional method of software Protection includes the technological means such as virtual machine protection, algorithm transplanting, software shelling, anti-debug,
But in the case where tremendous economic interests are driven, hacker or cracker have carried out technology to the above method and cracked, and emulate industry algorithm,
Piracy is ultimately resulted in spread unchecked.And a big chunk ultimate consumer knows that software used is pirate, will also use piracy software perfectly well
Carry out various industries design and calculating, and with consumer's interactive data files of copyrighted software.Show according to data statistics, it is legal
The ratio of software consumer and piracy software consumer are more than 1:More than 9, pirate wildness, it is degrading the development ring of Software Industry
Border, huge loss is brought to developer, while very important loss also can be often brought to the user of piracy software.
In order to strengthen data safety, encryption lock is additionally used in the prior art software is encrypted.Specifically, such as machine
On startup, operating system backstage carries out License Authentication to tool graphics software etc. automatically by encryption lock, i.e. sends and wraps to encryption lock
The checking message of license ID (LicenseID) is included, verifies whether to authorize the license in encryption lock, verifying can also wrap in message
Include developer ID (DeveloperID).
However, although encryption lock belongs to the higher data safety hardware device of level of security, license ID and developer ID
It is possible to illegally known, so as to crack and reconstruct the encryption and decryption processes of encryption lock.And these above-mentioned developments
Middle major part can be all created for used project file during producing, store, transmitting etc., such as the text in office software
Shelves, form, mail, the drawing, design drawing etc. in Machine Design software, these project files are particularly important due to typically include
Or the part of secret, once the key that encryption lock uses is cracked, the leaking data that will cause in project file, the use to software
Cause greatly to lose in family.
The content of the invention
In view of this, it is an object of the present invention to carry out protecting data encryption to the project file that software creates, greatly
That improves encryption lock cracks difficulty.
Therefore, the present invention proposes a kind of method for protecting software, including:Running software is in first terminal equipment, establishment
During project file to be saved, project file data are sent to the first information being connected with first terminal equipment communication and set safely
It is standby;First information safety means dynamic calculation goes out key and returns to cryptograph files after project file data are carried out with license encryption
Give first terminal equipment, wherein, key according to including at least be arranged on specific identification information in first information safety means with
And data including the license identification information and developer's identification information of software and dynamic calculation generates, the specific identification information by
The developer of the software is arranged in the first information safety means.
Preferably, this method also includes:, will be close when the software in second terminal equipment is loaded into the cryptograph files
File is sent to the second information safety devices being connected with second terminal equipment communication;Second information safety devices dynamic calculation
Go out the key and cryptograph files be decrypted, decrypted obtained project file data are returned into second terminal equipment,
Wherein, the second information safety devices and first information safety means have same setting and preset data.
Preferably, the key according to including be arranged on the specific identification information in first information safety means and
Data including the license identification information and developer's identification information of salt figure and the software and dynamic calculation generates, the salt
Value be preset in before the first information safety means dispatch from the factory it is therein.
Preferably, when first information safety means receive the project file data of software transmission, first to project file
After data carry out license signature, then the license encryption is carried out to the project file data of licensed signature.
Preferably, first information safety means carry out the license signature using the key to project file data.
Preferably, first information safety means are according to including at least the institute being arranged in the first information safety means
The data including the license identification information and developer's identification information of specific identification information and the software are stated to generate for being permitted
Signable key simultaneously carries out the license signature to project file data.
Preferably, first information safety means receive the project file number of the software transmission from first terminal equipment
According to when, after first carrying out license signature to project file data, then the project file data of licensed signature are entered with the key
The row license encryption;Second information safety devices from second terminal equipment receive the cryptograph files when, with the key
The project file data of licensed signature are obtained after being decrypted to the cryptograph files, then described in will obtain after license sign test
Project file data return to second terminal equipment.
Preferably, first information safety means carry out the license signature using the key to project file data,
Second information safety devices carry out the license sign test using the key to the project file data of licensed signature.
Preferably, first information safety means are according to including at least the institute being arranged in the first information safety means
The data including the license identification information and developer's identification information of specific identification information and the software are stated to generate for being permitted
Signable key simultaneously carries out the license signature to project file data;It is used for described in the second information safety devices generation
The key of license signature and the project file data progress license sign test to licensed signature.
Preferably, first information safety means generate the key for the license encryption using symmetric encipherment algorithm.
Preferably, first information safety means are generated for described using symmetric encipherment algorithm or asymmetrical encryption algorithm
The key of license signature.
The present invention proposes a kind of security system for software simultaneously, and the system includes the first terminal equipment for being in communication with each other connection
With first information safety means.First terminal equipment includes:First processing units, it is configured to run the software;First passes
Defeated unit, it is configured to, when the software creates project file to be saved, project file data are sent into the first information
Safety means, and receive cryptograph files from first information safety means.The first information safety means include:Second transmission
Unit, it receives the project file data from the first terminal equipment, and cryptograph files are sent into first terminal and set
It is standby;First encryption/decryption element, it is configured to dynamic calculation and goes out key and the project file data are carried out with life after license encryption
Into cryptograph files;First memory cell, it is stored with the permission flag letter of AES, specific identification information and the software
Breath and developer's identification information, the specific identification information is disposed therein by the developer of software.Wherein, first adds solution
Close unit is configured to according to the license identification information and exploitation trade mark for comprising at least the specific identification information and the software
Know information including data and dynamic calculation goes out the key.
Preferably, the system also includes the second terminal equipment and the second information safety devices for being in communication with each other connection.
The second terminal equipment includes:Second processing unit, it is configured to run the software;3rd transmission unit, it is configured to
When the software is loaded into the cryptograph files, the cryptograph files are sent to the second information safety devices, and from second
Information safety devices receive decrypted project file data.Second information safety devices include:4th transmission unit, its
The cryptograph files from second terminal equipment are received, and decrypted project file data are sent to second terminal equipment;
Second encryption/decryption element, it is configured to dynamic calculation and goes out the key and cryptograph files are decrypted to obtain decrypted engineering
File data;Second memory cell, it is stored with the permission flag of AES, the specific identification information and the software
Information and developer's identification information.Wherein, the second information safety devices and first information safety means have same setting.
Preferably, the first memory cell is also stored with salt figure, and the first encryption/decryption element is configured to according to including institute
State the data including specific identification information, the license identification information of the salt figure and the software and developer's identification information and
Dynamic calculation goes out the key, the salt figure be preset in before the first information safety means dispatch from the factory it is therein.
Preferably, the first encryption/decryption element is further configured to, after first carrying out license signature to project file data, then
The license encryption is carried out to the project file data of licensed signature.
Preferably, the first encryption/decryption element is configured so that the key carries out the license to project file data and signed
Name.
Preferably, the first encryption/decryption element, which is configured to basis, comprises at least the specific identification information and the software
License identification information and developer's identification information including data generate key for license signature and to project file number
According to the progress license signature.
Preferably, the first encryption/decryption element is further configured to, after first carrying out license signature to project file data, then
The license encryption is carried out with the key to the project file data of licensed signature;Second encryption/decryption element further configures
To obtain the project file data of licensed signature after being decrypted with the key to the cryptograph files, then carry out license sign test
After obtain the project file data.
Preferably, the first encryption/decryption element is configured so that the key carries out the license to project file data and signed
Name, the second encryption/decryption element are configured so that the key carries out the license to the project file data of licensed signature and tested
Label.
Preferably, the first encryption/decryption element, which is configured to basis, comprises at least the specific identification information and the software
License identification information and developer's identification information including data generate key for license signature and to project file number
According to the progress license signature;Second encryption/decryption element is configured to the generation key for being used for license signature and to licensed label
The project file data of name carry out the license sign test.
Preferably, the first encryption/decryption element is configured so that symmetric encipherment algorithm is generated for the close of the license encryption
Key.
Preferably, the first encryption/decryption element is configured so that symmetric encipherment algorithm or asymmetrical encryption algorithm are generated and be used for
The key of the license signature.
Project file is encrypted by using information safety devices for the method and system of the present invention, and using only opening
The hair business specific identification information known produces cryptograph files, and drastically increase software cracks difficulty, protects engineering
The data safety of file, and project file can be prevented to be handed between the user of piracy software and the user of copyrighted software
Mutually.
Embodiment
Embodiments of the invention are described in detail with reference to the accompanying drawings.
Fig. 1 is the flow chart of one embodiment of the method for protecting software of the present invention.
As shown in figure 1, in the method for the present embodiment, running software in first terminal equipment, first terminal equipment with
First information secure device communication connects.When software creates project file to be saved, project file data are sent to
First information safety means.After first information safety means receive project file data, dynamically calculate for permitting to add
Close key, and license encryption is carried out to project file data accordingly, then the cryptograph files by license encryption generation are returned
Back to first terminal equipment, the cryptograph files are preserved by first terminal equipment or second terminal is sent to by network set
It is standby.
Wherein, the software operated in first terminal equipment can be that engineering drawing software, financial spreadsheet software etc. are used for
The software of project file is created, project file includes confidential data sometimes, it is therefore desirable to obtains data security protecting.
First information safety means can be encryption lock being connected by USB interface with first terminal equipment etc., can be with
It is bluetooth Key for passing through bluetooth connection with first terminal equipment etc..
Specific identification information is provided with first information safety means, and is provided with license identification information and the exploitation of software
Business's identification information, but the information or data not limited to this (being described further below) being arranged in first information safety means.Connecing
After receiving project file data, first information safety means according to the specific identification information, software license identification information and
Developer's identification information and dynamic calculation generate the key for license encryption.
Wherein, the specific identification information in first information safety means be after first information safety means dispatch from the factory, by
Software developer's setting of the first information safety means is bought, the specific identification information can be SeedID, that is, plant subcode.
In this way, the present embodiment may insure that even if information safety devices provider knows that developer ID and license ID can not be made and be used for
The key that project file data are encrypted, because information safety devices provider is not known set by software developer
SeedID, therefore software developer may not necessarily worry to obtain cracking for project file data in terms of information safety devices provider
Method.
On the other hand, it is assumed that hacker makes the piracy software of striking resemblances, and is reconstructed file by reverse means and reads
Process is taken and preserved, and has the further insight that the data encryption process of encryption lock, and is reconstructed data encryption and decryption process, but
It is due to the specific identification information for not knowing developer's setting, therefore the key used during encryption project file can not be known,
Project file cannot illegally be opened.
In addition, if the project file of this licensed encryption is loaded into by piracy software, because piracy software is not correct
Key decrypt this project file, then will be mess code when opening this project file.
By the method for the present embodiment, project file is encrypted using information safety devices, and uses software development
Specific identification information that business is specially set generates cryptograph files, and the project file for drastically increasing software cracks difficulty,
Protect the data safety of project file.
Fig. 2 is the flow chart of another embodiment of the method for protecting software of the present invention.The present embodiment is shown in Fig. 1
On the basis of embodiment, the encrypted project file generated is decrypted the process of reading.
As shown in Fig. 2 in the method for the present embodiment, the cryptograph files of above-mentioned generation are sent to by first terminal equipment
Second terminal equipment, second terminal equipment communicate to connect with the second information safety devices.Software in second terminal equipment is loaded into
During above-mentioned cryptograph files, the cryptograph files are sent to the second information safety devices.Second information safety devices dynamic calculation goes out
Cryptograph files are decrypted for the key of decryption, decrypted obtained project file data are returned into second terminal sets
It is standby.
Here, the second information safety devices and first information safety means have same setting.That is, the second letter
Breath safety means will be generated formula using the key same with first information safety means and generate same key to calculate, next pair
Project file is decrypted.
If piracy software creates a project file, this file is encrypted with incorrect key or without adding
Close, this project file is issued the terminal device for running copyrighted software, then when copyrighted software is close directly with correctly permitting
When key removes to decrypt the project file that this is received, portion will be obtained without mess code file in all senses, and can not read and compile
Volume.
Thus, the method for the present embodiment can prevent project file in the user of piracy software and the use of copyrighted software
Interaction between person, it is ensured that the data safety of copyrighted software user.
In one embodiment of the invention, information safety devices are preset with before dispatching from the factory by information safety devices provider
Salt figure saltbox, it can be fixed value.And first information safety means according to the specific identification information of above-mentioned setting and
The license identification information and developer's identification information of the salt figure and software and dynamic calculation generation key.Due to setting for the salt figure
Put and performed by information safety devices provider, software developer can not also know the salt figure, so as to further increase key
Security.
Information safety devices can calculate key of the generation for license encryption using symmetry algorithm, and symmetry algorithm can be with
Including AES, DES, TDES, RC etc..
As an example, the key for license encryption can use equation below to calculate generation:
Key=AES (Hash (license ID+developer ID+SeedID+saltbox)) for license encryption
In an optional embodiment, when first information safety means receive project file data, first to engineering text
After number of packages is according to license signature is carried out, then license encryption is carried out to the project file data of licensed signature.License signature can be same
Sample is carried out using the key for license encryption, or using with generating the computational methods same for the key of license encryption
To generate different keys, for example, license identification information and exploitation according to above-mentioned default specific identification information and software
Business's identification information, a difference calculated using asymmetric arithmetic (such as RSA, ECC) or different symmetry algorithm (such as CMAC)
Key.
When not carrying out license signature to project file data, first information safety means are straight using the key of dynamic calculation
Connect and the project file data of reception are carried out with license encryption generation cryptograph files.In the ban project file data have been carried out with license label
During name, then information safety devices carry out license encryption using the key of dynamic calculation to the project file data Jing Guo license signature
Generate cryptograph files.
After second information safety devices carry out license decryption to the cryptograph files received, if what is obtained is by license
The project file data of signature, then also license sign test is carried out to it, can just obtain project file data.
By the way that project file data are carried out with license signature and license encryption, and license decryption and license are carried out in decryption
Sign test, it can further improve the security of project file data.
Fig. 3 is the block diagram of one embodiment of the security system for software of the present invention.
As illustrated, in the present embodiment, the system includes the first terminal equipment 1 and the first information for being in communication with each other connection
Safety means 2, and it is in communication with each other the information safety devices 4 of second terminal equipment 3 and second of connection, wherein first terminal equipment
1 and second terminal equipment 3 be in communication with each other connection.
First terminal equipment 1 includes the transmission unit 12 of first processing units 11 and first, and wherein first processing units 11 are transported
The claimed software of row, and when the software creates project file to be saved, it is by the first transmission unit 12 that engineering is literary
Number of packages evidence is sent to first information safety means 2.
First information safety means 2 include the second transmission unit 21, the first encryption/decryption element 22 and the first memory cell 23,
Wherein, the second transmission unit 21 receives the project file data from first terminal equipment 1, by the dynamic of the first encryption/decryption element 22
Calculate key and generate cryptograph files after carrying out license encryption to the project file data, then should by the second transmission unit 21
Cryptograph files are sent to the first transmission unit 12 of first terminal equipment 1.First memory cell 23 is stored with AES, specific
The license identification information and developer's identification information of identification information and the software, the specific identification information are opening by software
What hair business was disposed therein.First encryption/decryption element 22 is configurable to the mark admissible according to the specific identification information and software
Know information and developer's identification information and dynamic calculation goes out key for license encryption.
Second terminal equipment 3 can obtain above-mentioned cryptograph files by way of network transmission from first terminal equipment 1.But
Second terminal equipment 3 obtains the mode not limited to this of cryptograph files, such as can also be incited somebody to action by using portable memory apparatus etc.
Cryptograph files are transferred in second terminal equipment 3 from first terminal equipment 1.
Second terminal equipment 3 can include the transmission unit 32 of second processing unit 31 and the 3rd, the energy of second processing unit 31
Above-mentioned software is enough run, when the software is loaded into above-mentioned cryptograph files and needs decryption, by the 3rd transmission unit 32 by the ciphertext
File is sent to the second information safety devices.
It is single that second information safety devices 4 can include the 4th transmission unit 41, the second encryption/decryption element 42 and the second storage
Member 43, wherein the 4th transmission unit 41 receives the cryptograph files from second terminal equipment 3, the second encryption/decryption element 42 is dynamically counted
Calculate key and cryptograph files are decrypted to obtain decrypted project file data, then will decryption by the 4th transmission unit 41
Obtained project file data are sent to the 3rd transmission unit 32 of second terminal equipment 3.Second memory cell 43 can store
There are AES, the license identification information of above-mentioned specific identification information and above-mentioned software and developer's identification information.
Wherein, the second information safety devices 4 and first information safety means 2 can have same setting, you can by software
Developer is uniformly to be configured with a copyrighted software.
In an embodiment of the invention, the first memory cell 23 is also stored with default salt figure, the first encryption/decryption element
22 can dynamically count according to the license identification information and developer's identification information of above-mentioned specific identification information, salt figure and software
The key for license encryption is calculated, thus further improves the security of project file data, the salt figure can be by information security
Equipment supplier is disposed therein before information safety devices dispatch from the factory.
In the present invention, the first encryption/decryption element 22 can calculate generation for the close of license encryption using symmetry algorithm
Key, symmetry algorithm can be including AES, DES, TDES, RC etc..
In another embodiment, the first encryption/decryption element 22 first can carry out license label to project file data
After name, then license encryption is carried out to the project file data of licensed signature.License signature, which can be used equally, to be used to permit to add
Close key is carried out, or using different close to generate from generating the computational methods same for the key of license encryption
Key, for example, the first encryption/decryption element 22 can be according to above-mentioned default specific identification information and the license identification information of software
One is calculated with developer's identification information, using asymmetric arithmetic (such as RSA, ECC) or different symmetry algorithm (such as CMAC)
Individual different key.
When not carrying out license signature to project file data, the first encryption/decryption element 22 is straight using the key of dynamic calculation
Connect and the project file data of reception are carried out with license encryption generation cryptograph files.In the ban project file data have been carried out with license label
During name, then the first encryption/decryption element 22 is then carried out using the key of dynamic calculation to the project file data Jing Guo license signature
License encryption generates cryptograph files.
After second encryption/decryption element 42 carries out license decryption to the cryptograph files received, if what is obtained is by license
The project file data of signature, then also license sign test is carried out to it, can just obtain project file data.
By the way that project file data are carried out with license signature and license encryption, and license decryption and license are carried out in decryption
Sign test, it can further improve the security of project file data.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the scope of the present invention.It is all
Within the spirit and principles in the present invention, any modification, equivalent substitution and improvement for being made etc., the guarantor of the present invention should be included in
Within the scope of shield.