CN112559981A - Software protection method and device - Google Patents
Software protection method and device Download PDFInfo
- Publication number
- CN112559981A CN112559981A CN202011459474.4A CN202011459474A CN112559981A CN 112559981 A CN112559981 A CN 112559981A CN 202011459474 A CN202011459474 A CN 202011459474A CN 112559981 A CN112559981 A CN 112559981A
- Authority
- CN
- China
- Prior art keywords
- authentication
- software
- target
- shell
- virtual code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 34
- 238000006243 chemical reaction Methods 0.000 claims abstract description 55
- 230000004044 response Effects 0.000 claims abstract description 9
- 238000012545 processing Methods 0.000 claims description 15
- 238000004891 communication Methods 0.000 claims description 8
- 238000004590 computer program Methods 0.000 claims 1
- 230000006870 function Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 4
- 238000005336 cracking Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000013519 translation Methods 0.000 description 2
- 238000010276 construction Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
Abstract
The application discloses a software protection method and device. The method comprises the following steps: receiving an authentication operation for protected software; the protected software is first software which is added with a shell, authentication data and a virtual code corresponding to a target authentication algorithm are stored in the shell of the protected software, and the authentication data is used for representing a use certificate of the first software; in response to the authentication operation, sending the virtual code in the shell of the protected software and the authentication data to a hardware dongle; obtaining an authentication result fed back by the hardware encryption lock; the authentication result is obtained by authenticating the authentication data by the hardware encryption lock based on a target authentication algorithm corresponding to the virtual code; a target conversion mode for converting the virtual code into a target authentication algorithm is pre-stored in the hardware encryption lock; determining validity of the authentication operation based on the authentication result. By the adoption of the method and the device, the safety of the protected software can be improved.
Description
Technical Field
The present disclosure relates to software protection, and more particularly, to a software protection device and method.
Background
With the development of internet technology, various kinds of software are produced. The problem of software piracy also arises. Software piracy seriously disturbs the economic order of society and greatly hinders the development of the whole software industry. Therefore, corresponding technical measures must be taken to defend against software cracking.
In the current software protection technology, a hardware encryption lock is the most common and safer one. The hardware encryption lock is a hardware system which adopts a high-strength smart card chip and an advanced cryptography technology and has certain operation and storage capacity. When a software developer uses the hardware encryption lock to protect developed software, a part of functions in the software can be transferred to the hardware encryption lock to be implemented, and the functions are called when the software runs. However, the hardware encryption lock is easy to be cracked reversely, so that the software is easy to be operated and used illegally, and the safety of the software cannot be guaranteed.
Disclosure of Invention
The embodiment of the invention aims to provide a software protection method and a software protection device, which are used for solving the problem that software is illegally used because a hardware encryption lock in the prior art is easy to reversely break.
In order to solve the technical problem, the embodiment of the application adopts the following technical scheme: a software protection method comprises the following steps:
receiving an authentication operation for protected software; the protected software is first software which is added with a shell, authentication data and a virtual code corresponding to a target authentication algorithm are stored in the shell of the protected software, and the authentication data is used for representing a use certificate of the first software;
in response to the authentication operation, sending the virtual code in the shell of the protected software and the authentication data to a hardware dongle;
obtaining an authentication result fed back by the hardware encryption lock; the authentication result is obtained by authenticating the authentication data by the hardware encryption lock based on a target authentication algorithm corresponding to the virtual code; a target conversion mode for converting the virtual code into a target authentication algorithm is pre-stored in the hardware encryption lock;
determining validity of the authentication operation based on the authentication result.
Optionally, the protected software is software obtained by performing shell adding processing on the first software based on a shell adding tool; the database of the shell adding tool stores virtual codes corresponding to at least two authentication algorithms, and the target authentication algorithm is any one of the at least two authentication algorithms.
Optionally, the hardware encryption lock pre-stores a target conversion manner for converting the virtual code into a target authentication algorithm, and specifically includes:
and the hardware encryption lock is pre-stored with codes of a first virtual machine for realizing the target conversion mode, so that the virtual codes are converted based on the virtual machine codes to obtain the target authentication algorithm.
In order to solve the above technical problem, the present application provides a software protection method, including the following steps:
receiving a virtual code and authentication data of a target authentication algorithm in a shell of protected software, which are sent by a terminal; the protected software is software subjected to shell adding processing on first software based on a shell adding tool, and the authentication data is used for indicating whether a software developer allows a specified software user to use the first software;
converting the virtual code based on a pre-stored target conversion mode to obtain a target authentication algorithm corresponding to the virtual code;
authenticating the authentication data based on the target authentication algorithm to obtain an authentication result;
and sending the authentication result to the terminal.
Optionally, the protected software is software obtained by performing shell adding processing on the first software based on a shell adding tool; the database of the shell adding tool stores virtual codes corresponding to at least two authentication algorithms, and the target authentication algorithm is any one of the at least two authentication algorithms.
Optionally, the method further includes:
acquiring a target conversion mode for converting the target authentication algorithm into a virtual code from a database of the shell adding tool;
and storing the code of the first virtual machine for realizing the target conversion mode.
In order to solve the above technical problem, the present application provides a software protection method, including the following steps:
receiving a virtual code of a target authentication algorithm selected by a user from a shell adding tool database; the database of the shell adding tool stores virtual codes corresponding to at least two authentication algorithms, and the target authentication algorithm is any one of the at least two authentication algorithms;
receiving authentication data; wherein the authentication data is used to indicate whether a software developer allows a specified software user to use the first software;
adding a shell to the first software based on the virtual code of the target authentication algorithm and the authentication data to obtain protected software; the virtual code and the authentication data corresponding to the target authentication algorithm are stored in the shell of the protected software.
In order to solve the above technical problem, the present application provides a software protection apparatus, including:
an authentication operation receiving module configured to receive an authentication operation for protected software; the protected software is first software which is added with a shell, authentication data and a virtual code corresponding to a target authentication algorithm are stored in the shell of the protected software, and the authentication data is used for representing a use certificate of the first software;
a response module configured to send the virtual code in the shell of the protected software and the authentication data to a hardware dongle in response to the authentication operation;
the acquisition module is configured to acquire an authentication result fed back by the hardware encryption lock; the authentication result is obtained by authenticating the authentication data by the hardware encryption lock based on a target authentication algorithm corresponding to the virtual code; a target conversion mode for converting the virtual code into a target authentication algorithm is pre-stored in the hardware encryption lock;
a determination module configured to determine validity of the authentication operation based on the authentication result.
In order to solve the above technical problem, the present application provides a software protection apparatus, including:
the receiving module is configured to receive the virtual code of the target authentication algorithm in the shell of the protected software and the authentication data which are sent by the terminal; the protected software is software subjected to shell adding processing on first software based on a shell adding tool, and the authentication data is used for indicating whether a software developer allows a specified software user to use the first software;
the conversion module is configured to convert the virtual code based on a pre-stored target conversion mode so as to obtain a target authentication algorithm corresponding to the virtual code;
the authentication module is configured to authenticate the authentication data based on the target authentication algorithm to obtain an authentication result;
a sending module configured to send the authentication result to the terminal.
In order to solve the above technical problem, the present application provides a software protection apparatus, including:
a first communication module configured to receive a virtual code of a target authentication algorithm selected by a user from a shell tool database; the database of the shell adding tool stores virtual codes corresponding to at least two authentication algorithms, and the target authentication algorithm is any one of the at least two authentication algorithms;
a second communication module configured to receive authentication data; wherein the authentication data is used to indicate whether a software developer allows a specified software user to use the first software;
the shell adding module is configured to add a shell to the first software based on the virtual code of the target authentication algorithm and the authentication data to obtain protected software; the virtual code and the authentication data corresponding to the target authentication algorithm are stored in the shell of the protected software.
The virtual code of the authentication algorithm is stored in the shell of the protected software, so that the virtual code and the authentication data in the shell of the protected software can be sent to the hardware encryption lock when the user operates, operates and uses the software, the hardware encryption lock converts the virtual code according to a pre-stored target conversion mode to obtain the authentication algorithm, and the authentication data is authenticated by using the authentication algorithm. In the application, the target conversion mode is stored in the hardware encryption lock in advance. The virtual code can be converted to obtain the authentication algorithm only by adopting the target conversion mode, so that even if the virtual code and the authentication algorithm in the shell of the protected software are illegally obtained, the virtual code cannot be converted to obtain the authentication algorithm, the authentication data cannot be authenticated, the protected software cannot be operated, and the safety of the protected software is improved.
Drawings
FIG. 1 is a flow chart of a software protection method according to an embodiment of the present invention;
FIG. 2 is a flowchart of a software protection method according to another embodiment of the present invention;
FIG. 3 is a flowchart of a software protection method according to another embodiment of the present invention;
Detailed Description
Various aspects and features of the present application are described herein with reference to the drawings.
It will be understood that various modifications may be made to the embodiments of the present application. Accordingly, the foregoing description should not be construed as limiting, but merely as exemplifications of embodiments. Those skilled in the art will envision other modifications within the scope and spirit of the application.
The accompanying drawings, which are incorporated in and constitute a part of the specification, illustrate embodiments of the application and, together with a general description of the application given above and the detailed description of the embodiments given below, serve to explain the principles of the application.
These and other characteristics of the present application will become apparent from the following description of preferred forms of embodiment, given as non-limiting examples, with reference to the attached drawings.
It should also be understood that, although the present application has been described with reference to some specific examples, a person of skill in the art shall certainly be able to achieve many other equivalent forms of application, having the characteristics as set forth in the claims and hence all coming within the field of protection defined thereby.
The above and other aspects, features and advantages of the present application will become more apparent in view of the following detailed description when taken in conjunction with the accompanying drawings.
Specific embodiments of the present application are described hereinafter with reference to the accompanying drawings; however, it is to be understood that the disclosed embodiments are merely exemplary of the application, which can be embodied in various forms. Well-known and/or repeated functions and constructions are not described in detail to avoid obscuring the application of unnecessary or unnecessary detail. Therefore, specific structural and functional details disclosed herein are not to be interpreted as limiting, but merely as a basis for the claims and as a representative basis for teaching one skilled in the art to variously employ the present application in virtually any appropriately detailed structure.
The specification may use the phrases "in one embodiment," "in another embodiment," "in yet another embodiment," or "in other embodiments," which may each refer to one or more of the same or different embodiments in accordance with the application.
An embodiment of the present invention provides a software protection method, which may be applied to a shell adding tool, as shown in fig. 1, the software protection method in this embodiment includes the following steps:
step S101, receiving a virtual code of a target authentication algorithm selected by a user from a shell adding tool database; the database of the shell adding tool stores virtual codes corresponding to at least two authentication algorithms, and the target authentication algorithm is any one of the at least two authentication algorithms.
In this step, the virtual code corresponding to the target authentication algorithm is developed by the add-on tool developer and stored in the add-on tool database, that is, the add-on tool developer can convert the machine codes of the plurality of authentication algorithms into corresponding virtual codes by using a predetermined conversion method and then store the virtual codes in the add-on tool database. For example, the database of the shell adding tool stores virtual codes obtained by converting the machine codes of the authentication algorithms in the same conversion mode, and stores the corresponding relationship between the authentication algorithms and the virtual codes; or, each virtual code obtained by converting the machine code of each authentication algorithm by using various different conversion modes may be stored, and the corresponding relationship among the authentication algorithm, the virtual code and the conversion mode is stored at the same time, so that a software developer can conveniently perform shell adding processing on the first software by using the shell adding tool and the database of the shell adding tool. The target conversion mode corresponding to the virtual code in the protected software shell is stored in the hardware encryption lock conveniently, for example, the code of the first virtual machine realizing the target conversion mode is burnt in the hardware encryption lock.
Step S102, receiving authentication data; wherein the authentication data is used to represent a use credential for the first software. The authentication data is used to represent the usage credentials of the first software, i.e. whether the software developer allows a specified user to use the first software. The authentication data may be issued by a software developer for a software user.
Step S103, adding a shell to the first software based on the virtual code of the target authentication algorithm and the authentication data to obtain protected software; the virtual code and the authentication data corresponding to the target authentication algorithm are stored in the shell of the protected software.
In this embodiment, after receiving the virtual code of the target authentication algorithm and the authentication data selected by the user, the first software may be further shelled, so that the virtual code of the target authentication algorithm and the authentication data are stored in the shell of the first software, thereby obtaining the protected software.
It should be noted that, for a software developer, the same software may be separately shelled to obtain a plurality of corresponding protected software. The same authentication algorithm can be selected each time the shell is added, and different authentication algorithms can also be selected. The authentication data in the shell of the protected software may be different or the same for different protected software. Generally, since the certification data in the shell of one protected software is issued by the software developer for one or a few specified users, the certification data in the shells of different protected software are different in large probability.
In this example, the virtual code corresponding to the target authentication algorithm and the authentication data are stored in the shell of the protected software, so that when a subsequent user uses the protected software, the virtual code in the shell can be reversely converted by using a hardware encryption lock to obtain a machine code of the target authentication algorithm, and then the machine code is operated to complete authentication of the obtained authentication data. On one hand, an attacker is difficult to acquire the code of the target authentication algorithm when attacking the protected software, and only the virtual code can be acquired at most. Because the mapping relation between the codes of the target authentication algorithm and the virtual codes is not known, the difficulty of analyzing and cracking the target authentication algorithm is greatly increased. On the other hand, the hardware encryption lock provides higher guarantee for authentication security from the aspect of hardware. Moreover, when authentication is not performed, codes for realizing the functions of reverse conversion and execution of the authentication algorithm (such as the subsequent first virtual machine) exist in the hardware encryption lock, and a target authentication algorithm does not exist, so that the problems that the authentication algorithm is leaked due to reverse cracking of the hardware encryption lock, even the authentication data is illegally authenticated, and protected software is illegally used and operated can be effectively prevented.
In addition, for a software developer, the software developer can select different authentication algorithms to shell the same piece of software at the time of shell adding. Therefore, protected software acquired by different users may adopt different authentication algorithms, so that even if protected software or a hardware encryption lock used by a certain user is cracked by an attacker, normal use of other software users cannot be influenced in a large area, and the rights and interests of software developers can be guaranteed to a certain extent.
After the software developer shells the developed software, the software developer delivers the obtained protected software and hardware encryption lock to the software user. When a software user uses the protected software on a certain user terminal, the hardware encryption lock is physically connected with the user terminal to realize communication, authentication is completed by using the hardware encryption lock, and then the protected software can be normally used.
An embodiment of the present invention provides a software protection method, where the method in this embodiment may be applied to a user terminal using protected software, as shown in fig. 2, and includes the following steps:
step S201, receiving an authentication operation aiming at protected software; the protected software is first software which is added with a shell, authentication data and a virtual code corresponding to a target authentication algorithm are stored in the shell of the protected software, and the authentication data is used for representing a use certificate of the first software.
The authentication operation in this step may specifically be that the user clicks an icon key on the display interface of the terminal device, drags the icon key to a predetermined area, and the like. The authentication data is used to represent the usage credentials of the first software, i.e. whether the software developer allows a specified user to use the first software.
Step S202, responding to the authentication operation, and sending the virtual code in the shell of the protected software and the authentication data to a hardware encryption lock.
After the user inputs the authentication operation on the display interface of the terminal device, the terminal device can acquire the virtual code and the authentication data from the shell of the protected software, and then send the authentication data to the hardware encryption lock. In this step, before the authentication operation, the hardware encryption lock is inserted into the terminal device to be in communication connection with the terminal device.
Step S203, obtaining an authentication result fed back by the hardware encryption lock; the authentication result is obtained by authenticating the authentication data by the hardware encryption lock based on a target authentication algorithm corresponding to the virtual code; and a target conversion mode for converting the virtual code into a target authentication algorithm is prestored in the hardware encryption lock.
In this step, a code of a first virtual machine for implementing the target conversion mode is pre-stored in the hardware encryption lock, and the virtual code is converted based on the code of the first virtual machine to obtain the target authentication algorithm. The code of the first virtual machine is burned into the hardware encryption lock in advance, so that after the hardware encryption lock receives the virtual code, the first virtual machine is operated to convert the virtual code to obtain the machine code of the target authentication algorithm.
Step S204, determining the validity of the authentication operation based on the authentication result.
In this step, when the authentication result is that the authentication is passed, it is determined that the authentication operation is a legal operation; and determining that the authentication operation is illegal operation when the authentication result is that the authentication fails.
In this embodiment, the protected software is obtained by a software developer performing shell adding processing on first software based on a shell adding tool, a database of the shell adding tool stores virtual codes corresponding to at least two authentication algorithms, and the target authentication algorithm is any one of the at least two authentication algorithms. That is, a software developer may select any one authentication algorithm as a target authentication algorithm based on a database of the shell adding tool, obtain a virtual code of the target authentication algorithm from the database of the shell adding tool, and then add a shell to the first software based on the shell adding tool to store the virtual code of the target authentication algorithm and authentication data in the shell.
In this embodiment, the virtual code corresponding to the target authentication algorithm is developed by the add-on tool developer and stored in the database of the add-on tool. The database of the specific shell adding tool can store each virtual code obtained by converting the machine code of each authentication algorithm in the same conversion mode, and simultaneously store the corresponding relation between the authentication algorithm and the virtual code; or, each virtual code obtained by converting the machine code of each authentication algorithm by using various different conversion modes can be stored, and the corresponding relation among the authentication algorithm, the virtual code and the conversion mode is stored, so that a software developer can conveniently use the shell adding tool and the database of the shell adding tool to add the shell to the first software. The target conversion mode corresponding to the virtual code for realizing the target algorithm in the protected software shell is stored in the hardware encryption lock, namely the code of the first virtual machine for realizing the target conversion mode is burned in the hardware encryption lock, so that when the hardware encryption lock authenticates the authentication data, the virtual code can be reversely converted based on the stored target conversion mode to obtain the machine code of the target authentication algorithm, and the hardware encryption lock can conveniently execute the machine code of the target authentication algorithm to authenticate the authentication data.
Another embodiment of the present invention provides a software protection method, which can be applied to a hardware encryption lock, as shown in fig. 3, the software protection method in this embodiment includes the following steps:
step S301, receiving a virtual code and authentication data of a target authentication algorithm in a shell of protected software, which are sent by a terminal; the protected software is software subjected to shell adding processing on first software based on a shell adding tool, and the authentication data is used for representing the authentication data and the use certificate of the first software;
step S302, converting the virtual code based on a pre-stored target conversion mode to obtain a target authentication algorithm corresponding to the virtual code;
step S303, authenticating the authentication data based on the target authentication algorithm to obtain an authentication result;
and step S304, sending the authentication result to the terminal.
In this embodiment, the protected software is software obtained by performing shell adding processing on the first software based on a shell adding tool. The database of the shell adding tool stores virtual codes corresponding to at least two authentication algorithms, and the target authentication algorithm is any one of the at least two authentication algorithms.
The virtual code corresponding to the target authentication algorithm is developed by the add-on tool developer and stored in the add-on tool database. Specifically, the database of the shell adding tool may store each virtual code obtained by converting each authentication algorithm in the same conversion manner, and store the corresponding relationship between the authentication algorithm and the virtual code; or, each virtual code obtained by converting each authentication algorithm through various different conversion modes may be stored, and the corresponding relationship among the authentication algorithm, the virtual code, and the conversion mode is stored, so that when a software developer performs shell processing on the first software by using the shell adding tool and the database of the shell adding tool, the virtual code may be obtained from the database of the shell adding tool.
In this embodiment, after the software developer uses the shelling tool to shell the first software by using the virtual code of the target authentication algorithm and the authentication data, the target conversion mode may be determined according to the correspondence between the target authentication algorithm, the virtual code, and the conversion mode stored in the shelling tool database, so that the target conversion mode is stored in the hardware dongle, so that when the subsequent hardware dongle authenticates the authentication data, the virtual code may be reversely converted based on the target conversion mode, thereby obtaining the corresponding target authentication algorithm. Specifically, the code of the first virtual machine for implementing the target translation mode may be stored, that is, the code of the first virtual machine for implementing the target translation mode is burned in the hardware encryption lock. In this embodiment, the code of the first virtual machine is burned into the hardware encryption lock, so that after the hardware encryption lock receives the virtual code, the code of the first virtual machine can be run, and thus the virtual code is reversely converted into the target authentication algorithm, that is, the machine code of the target authentication algorithm is obtained by conversion, and then the virtual machine of the hardware encryption lock can run the machine code of the target authentication algorithm to authenticate the authentication data, so as to obtain the authentication result.
In this embodiment, since the hardware dongle stores a conversion manner for converting the virtual code into the authentication algorithm, the virtual code corresponding to any one authentication algorithm can be converted, and the authentication algorithm corresponding to the virtual code can be obtained after the conversion, so that the protected software that authenticates the authentication data based on any authentication algorithm can be authenticated. That is, any authentication algorithm corresponding to the virtual code can be obtained by the stored conversion method, so that various authentication data can be authenticated. The problem that the hardware encryption lock can only singly use the stored authentication algorithm to authenticate one or more fixed authentication data because the target algorithm is stored in the hardware encryption lock in the prior art is solved, namely the problem that the authentication by using the hardware encryption lock has certain limitation is solved. Meanwhile, the problem that the authentication algorithm is easy to illegally obtain due to the fact that the authentication algorithm is directly stored is solved, and therefore the protected software is authenticated based on the illegally obtained authentication algorithm, and further illegal operation and use of the protected software are caused.
Another embodiment of the present invention provides a software protection apparatus, which can be specifically applied to a user terminal using protected software, and includes:
an authentication operation receiving module configured to receive an authentication operation for protected software; the protected software is first software which is added with a shell, authentication data and virtual codes corresponding to a target authentication algorithm are stored in the shell of the protected software, and the authentication data is used for indicating whether a software developer allows a specified user to use the first software;
a response module configured to send the virtual code in the shell of the protected software and the authentication data to a hardware dongle in response to the authentication operation;
the acquisition module is configured to acquire an authentication result fed back by the hardware encryption lock; the authentication result is obtained by authenticating the authentication data by the hardware encryption lock based on a target authentication algorithm corresponding to the virtual code; a target conversion mode for converting the virtual code into a target authentication algorithm is pre-stored in the hardware encryption lock;
a determination module configured to determine validity of the authentication operation based on the authentication result.
Specifically, the protected software is software subjected to shell adding processing on the basis of a shell adding tool; the database of the shell adding tool stores virtual codes corresponding to at least two authentication algorithms, and the target authentication algorithm is any one of the at least two authentication algorithms.
Specifically, the hardware encryption lock pre-stores a code of a first virtual machine for implementing the target conversion mode, so as to convert the virtual code based on the virtual machine code to obtain the target authentication algorithm.
Another embodiment of the present invention provides a software protection device, which can be applied to a hardware encryption lock, and includes:
the receiving module is configured to receive the virtual code of the target authentication algorithm in the shell of the protected software and the authentication data which are sent by the terminal; the protected software is software subjected to shell adding processing on first software based on a shell adding tool, and the authentication data is used for indicating whether a software developer allows a specified software user to use the first software;
the conversion module is configured to convert the virtual code based on a pre-stored target conversion mode so as to obtain a target authentication algorithm corresponding to the virtual code;
the authentication module is configured to authenticate the authentication data based on the target authentication algorithm to obtain an authentication result;
a sending module configured to send the authentication result to the terminal.
In this embodiment, the protected software is software obtained by performing shell adding processing on first software based on a shell adding tool; the database of the shell adding tool stores virtual codes corresponding to at least two authentication algorithms, and the target authentication algorithm is any one of the at least two authentication algorithms.
Specifically, the software protection device in this embodiment further includes a storage module, configured to obtain, from a database of the shell adding tool, a target conversion manner for converting the target authentication algorithm into the virtual code; and storing the code of the first virtual machine for realizing the target conversion mode.
Another embodiment of the present invention provides a software protection device, which can be specifically used for a terminal device of a software developer, including:
a first communication module configured to receive a virtual code of a target authentication algorithm selected by a user from a shell tool database; the database of the shell adding tool stores virtual codes corresponding to at least two authentication algorithms, and the target authentication algorithm is any one of the at least two authentication algorithms;
a second communication module configured to receive authentication data; wherein the authentication data is used to indicate whether a software developer allows a specified software user to use the first software;
the shell adding module is configured to add a shell to the first software based on the virtual code of the target authentication algorithm and the authentication data to obtain protected software; the virtual code and the authentication data corresponding to the target authentication algorithm are stored in the shell of the protected software.
It should be understood that the above-described apparatus embodiments are merely illustrative, and that, for example, the division of a unit is merely a logical division, and that in actual implementation, there may be other divisions. For example, multiple units or components may be combined or may be integrated into another system, or some features may be omitted, or not implemented. Units or modules illustrated as separate components may or may not be physically separate. These separate components may be located in one place or may be distributed over a plurality of network elements. A person skilled in the art can select some or all of the units according to actual needs to achieve the purpose of the solution of the present embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit, which is not limited in this application.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program check codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
In this example, the virtual code and the authentication data corresponding to the target authentication algorithm are stored in the shell of the protected software, so that when a subsequent user uses the protected software, the virtual code in the shell can be reversely converted by using the hardware encryption lock to obtain the target authentication algorithm, authentication of the authentication data in the shell is completed, and the problems that the authentication algorithm is leaked due to reverse cracking of the hardware encryption lock, so that the authentication data is illegally authenticated, and the protected software is illegally used and operated can be effectively prevented.
The above embodiments are only exemplary embodiments of the present invention, and are not intended to limit the present invention, and the scope of the present invention is defined by the claims. Various modifications and equivalents may be made by those skilled in the art within the spirit and scope of the present invention, and such modifications and equivalents should also be considered as falling within the scope of the present invention.
Claims (11)
1. A software protection method is characterized by comprising the following steps:
receiving an authentication operation for protected software; the protected software is first software which is added with a shell, authentication data and a virtual code corresponding to a target authentication algorithm are stored in the shell of the protected software, and the authentication data is used for representing a use certificate of the first software;
in response to the authentication operation, sending the virtual code in the shell of the protected software and the authentication data to a hardware dongle;
obtaining an authentication result fed back by the hardware encryption lock; the authentication result is obtained by authenticating the authentication data by the hardware encryption lock based on a target authentication algorithm corresponding to the virtual code; a target conversion mode for converting the virtual code into a target authentication algorithm is pre-stored in the hardware encryption lock;
determining validity of the authentication operation based on the authentication result.
2. The software protection method of claim 1, wherein the protected software is software after a first software is shelled based on a shell adding tool; the database of the shell adding tool stores virtual codes corresponding to at least two authentication algorithms, and the target authentication algorithm is any one of the at least two authentication algorithms.
3. The method according to claim 1, wherein the hardware dongle pre-stores a target conversion method for converting the virtual code into a target authentication algorithm, and specifically comprises:
and the hardware encryption lock is pre-stored with a code of a first virtual machine for realizing the target conversion mode, and the virtual code is converted based on the code of the first virtual machine to obtain the target authentication algorithm.
4. A software protection method is characterized by comprising the following steps:
receiving a virtual code and authentication data of a target authentication algorithm in a shell of protected software, which are sent by a terminal; the protected software is software subjected to shell adding processing on first software based on a shell adding tool, and the authentication data is used for representing a use certificate of the first software;
converting the virtual code based on a pre-stored target conversion mode to obtain a target authentication algorithm corresponding to the virtual code;
authenticating the authentication data based on the target authentication algorithm to obtain an authentication result;
and sending the authentication result to the terminal.
5. The method of claim 4, wherein the protected software is software after a first software is shelled based on a shell adding tool; the database of the shell adding tool stores virtual codes corresponding to at least two authentication algorithms, and the target authentication algorithm is any one of the at least two authentication algorithms.
6. The method of claim 4, wherein the method further comprises:
acquiring a target conversion mode for converting the target authentication algorithm into a virtual code from a database of the shell adding tool;
and storing the code of the first virtual machine for realizing the target conversion mode.
7. A software protection method is characterized by comprising the following steps:
receiving a target authentication algorithm selected by a user; the method comprises the following steps that a database of a shell adding tool stores virtual codes corresponding to at least two authentication algorithms, and the target authentication algorithm is any one of the at least two authentication algorithms;
receiving authentication data; wherein the authentication data is used to represent a use credential for the first software;
adding a shell to the first software based on the virtual code of the target authentication algorithm and the authentication data to obtain protected software; the virtual code and the authentication data corresponding to the target authentication algorithm are stored in the shell of the protected software.
8. A software protection device, comprising:
an authentication operation receiving module configured to receive an authentication operation for protected software; the protected software is first software which is added with a shell, authentication data and a virtual code corresponding to a target authentication algorithm are stored in the shell of the protected software, and the authentication data is used for representing a use certificate of the first software;
a response module configured to send the virtual code in the shell of the protected software and the authentication data to a hardware dongle in response to the authentication operation;
the acquisition module is configured to acquire an authentication result fed back by the hardware encryption lock; the authentication result is obtained by authenticating the authentication data by the hardware encryption lock based on a target authentication algorithm corresponding to the virtual code; a target conversion mode for converting the virtual code into a target authentication algorithm is pre-stored in the hardware encryption lock;
a determination module configured to determine validity of the authentication operation based on the authentication result.
9. A software protection device, comprising:
the receiving module is configured to receive the virtual code of the target authentication algorithm in the shell of the protected software and the authentication data which are sent by the terminal; the protected software is software subjected to shell adding processing on first software based on a shell adding tool, and the authentication data is used for indicating whether a software developer allows a specified software user to use the first software;
the conversion module is configured to convert the virtual code based on a pre-stored target conversion mode so as to obtain a target authentication algorithm corresponding to the virtual code;
the authentication module is configured to authenticate the authentication data based on the target authentication algorithm to obtain an authentication result;
a sending module configured to send the authentication result to the terminal.
10. A software protection device, comprising:
a first communication module configured to receive a virtual code of a target authentication algorithm selected by a user from a shell tool database; the database of the shell adding tool stores virtual codes corresponding to at least two authentication algorithms, and the target authentication algorithm is any one of the at least two authentication algorithms;
a second communication module configured to receive authentication data; wherein the authentication data is used to indicate whether a software developer allows a specified software user to use the first software;
the shell adding module is configured to add a shell to the first software based on the virtual code of the target authentication algorithm and the authentication data to obtain protected software; the virtual code and the authentication data corresponding to the target authentication algorithm are stored in the shell of the protected software.
11. A computer-readable storage medium, in which a computer program is stored which, when executed by a processor, causes the processor to carry out the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011459474.4A CN112559981B (en) | 2020-12-11 | 2020-12-11 | Software protection method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011459474.4A CN112559981B (en) | 2020-12-11 | 2020-12-11 | Software protection method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112559981A true CN112559981A (en) | 2021-03-26 |
| CN112559981B CN112559981B (en) | 2021-09-17 |
Family
ID=75062124
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011459474.4A Active CN112559981B (en) | 2020-12-11 | 2020-12-11 | Software protection method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112559981B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101261664A (en) * | 2008-04-10 | 2008-09-10 | 北京深思洛克数据保护中心 | A method for realizing software protection based on the program code stored in the software protection device |
| CN102136052A (en) * | 2011-04-29 | 2011-07-27 | 北京深思洛克软件技术股份有限公司 | Software protecting method |
| CN105678115A (en) * | 2015-12-31 | 2016-06-15 | 北京神州绿盟信息安全科技股份有限公司 | Software authentication method and related device and system |
| CN106295257A (en) * | 2015-06-29 | 2017-01-04 | 中兴通讯股份有限公司 | A kind of authentication method being reinforced software and device |
| US20200019678A1 (en) * | 2018-07-16 | 2020-01-16 | Vmware, Inc. | Systems and methods for improved authentication |
-
2020
- 2020-12-11 CN CN202011459474.4A patent/CN112559981B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101261664A (en) * | 2008-04-10 | 2008-09-10 | 北京深思洛克数据保护中心 | A method for realizing software protection based on the program code stored in the software protection device |
| CN102136052A (en) * | 2011-04-29 | 2011-07-27 | 北京深思洛克软件技术股份有限公司 | Software protecting method |
| CN106295257A (en) * | 2015-06-29 | 2017-01-04 | 中兴通讯股份有限公司 | A kind of authentication method being reinforced software and device |
| CN105678115A (en) * | 2015-12-31 | 2016-06-15 | 北京神州绿盟信息安全科技股份有限公司 | Software authentication method and related device and system |
| US20200019678A1 (en) * | 2018-07-16 | 2020-01-16 | Vmware, Inc. | Systems and methods for improved authentication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112559981B (en) | 2021-09-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6882254B2 (en) | Safety verification methods based on biological characteristics, client terminals, and servers | |
| Bojinov et al. | Kamouflage: Loss-resistant password management | |
| EP3358783A1 (en) | Integrated authentication system for authentication using single-use random numbers | |
| CN107454048B (en) | Information processing method and device, and information authentication method, device and system | |
| US10713381B2 (en) | Method and apparatus for securely calling fingerprint information, and mobile terminal | |
| CN107818253B (en) | Face template data entry control method and related product | |
| US20200076592A1 (en) | Method for generating seed and device thereof | |
| CN106549957B (en) | terminal application copyright authentication method and system | |
| CN106790243B (en) | A kind of password remapping method of safe U disc | |
| CN112507326B (en) | Encryption method and device for password information based on SM3 hash algorithm and computer equipment | |
| CN110941809A (en) | File encryption and decryption method and device, fingerprint password device and readable storage medium | |
| CN110909340A (en) | Login processing method, system, device, electronic equipment and storage medium | |
| CN114662150A (en) | Data acquisition method and device and electronic equipment | |
| CN111125665A (en) | Authentication method and device | |
| CN112559981B (en) | Software protection method and device | |
| CN113127844A (en) | Variable access method, device, system, equipment and medium | |
| JP2011192154A (en) | Usb storage device | |
| CN110990853A (en) | Dynamic heterogeneous redundant data access protection method and device | |
| CN115086008A (en) | Method and device for realizing password security protection, storage medium and electronic equipment | |
| CN110875921B (en) | Printer network access security detection method and device and electronic equipment | |
| CN109145645B (en) | Method for protecting short message verification code in android mobile phone | |
| CN113595731A (en) | Protection method and device for shared link and computer readable storage medium | |
| CN107172106B (en) | Security information interaction method and system | |
| US9015476B1 (en) | Cryptographic device operable in a challenge-response mode | |
| CN108574657B (en) | Server access method, device and system, computing equipment and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP01 | Change in the name or title of a patent holder | ||
| CP01 | Change in the name or title of a patent holder |
Address after: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee after: Beijing Shendun Technology Co.,Ltd. Address before: 100193 5th floor 510, No. 5 Building, East Yard, No. 10 Wangdong Road, Northwest Haidian District, Beijing Patentee before: BEIJING SENSESHIELD TECHNOLOGY Co.,Ltd. |