CN1517858A - Method and system for protecting software on additional card of peripheral equipment - Google Patents
Method and system for protecting software on additional card of peripheral equipment Download PDFInfo
- Publication number
- CN1517858A CN1517858A CNA031018092A CN03101809A CN1517858A CN 1517858 A CN1517858 A CN 1517858A CN A031018092 A CNA031018092 A CN A031018092A CN 03101809 A CN03101809 A CN 03101809A CN 1517858 A CN1517858 A CN 1517858A
- Authority
- CN
- China
- Prior art keywords
- additional card
- software
- microcontroller
- main frame
- microprocessor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
A method and system for protecting the software on additional card of peripheral is disclosed. Said method includes such steps as reading the encryped particular information from non-volatile memory by microcontroller when the first reset signal from peripheral bus is disabled, decrypting it, generating the second reset signal by microcontroller, receiving it by microprocessor, reading the decrypted particular information, transmitting it to host, recognizing and varifying it, and running the dedicated program of microprocessor to start said additional card.
Description
Technical field
The present invention relates to the field of relevant method for protecting software, particularly a kind of technology of protecting executive software on the peripherals additional card.
Background technology
Generally speaking control chip on the peripherals additional card, all has associated driver or application program to come and the operating system cooperating on main frame, makes the peripherals additional card can bring into play best function.In addition, in the present chip design to multifunction and systematized integration trend development, can satisfy different different requirements of customers for making application as far as possible, control chip on many peripherals additional card all provides the interface of read-write non-volatile internal memory, driver or application program just can indicate control chip to read and write the necessary or customized particular data that is stored in the Nonvolatile memory by interface like this, thus, the manufacturer of peripherals additional card just can define and plan voluntarily, reaches other purpose of product zone.
Yet when reading and writing data by aforesaid Nonvolatile memory interface, traditional practice does not prevent that through suitable safety encipher mechanism data are stolen.In case obtain the data in the Nonvolatile memory, the peripherals additional card of hard research and development and the driver of collocation or application program etc. are soft, the hardware wisdom crystallization will be easy to suffer illegal the plagiarism and massive duplication.Therefore, how to protect that these are soft, the Wise property of hardware just becomes important problem.
Summary of the invention
Technical matters to be solved by this invention provides a kind of mechanism of protecting peripherals additional card software, prevents that the confidential data and the program that are stored in Nonvolatile memory from being stolen and plagiarizing.
Another technical matters to be solved by this invention provides a kind of system and method thereof of protecting software on the peripherals additional card, and program that prevents peripherals additional card and collocation etc. is soft, hardware suffers illegal massive duplication.
For achieving the above object, the invention provides a kind of method of protecting peripherals additional card software, be applicable to the peripherals additional card that is installed on the main frame peripheral bus, this method step is as follows: when removing from first reset signal of peripheral bus, and the customizing messages that microcontroller is crossed from the Nonvolatile memory reading encrypted; Microcontroller then is decrypted this information, to obtain the customizing messages of deciphering; After the customizing messages of having been deciphered, microcontroller sends second reset signal; When microprocessor is received second reset signal, promptly read the customizing messages of having deciphered from microcontroller; Then, microprocessor transmits the customizing messages deciphered to main frame by peripheral bus, carries out identification and checking.Main frame can carry out identification to the above-mentioned customizing messages of having deciphered, if checking is passed through, main frame begins to carry out the microprocessor specific program, and the peripherals additional card is started working.The performed program of main frame is sent the inquiry message of having encrypted to microcontroller termly by peripheral bus and microprocessor; Microcontroller is decrypted this inquiry message, to obtain reply message, then by microprocessor and peripheral bus, passes this reply message back to main frame; Then, the performed program verification reply message of main frame; If reply message can't meet the inquiry inquiry message, then main frame stops execution procedures.
For achieving the above object, the present invention also provides a kind of system that protects peripherals additional card software, is made up of a main frame and a peripherals additional card, and wherein, main frame has a peripheral bus, and the peripherals additional card then is installed on the peripheral bus.The peripherals additional card comprises a Nonvolatile memory, a microcontroller and a microprocessor.Nonvolatile memory is used for storing the customizing messages of encrypting.Microcontroller connects Nonvolatile memory, is used for when removing from first reset signal of peripheral bus, and the customizing messages that reading encrypted is crossed also is decrypted, and the customizing messages that acquisition has been deciphered sends second reset signal again.Microprocessor is connected between peripheral bus and the microcontroller, be used for after receiving second reset signal, read the customizing messages of having deciphered from microcontroller, and transmit customizing messages to the main frame of having deciphered by peripheral bus and carry out identification and checking, and main frame has the microprocessor specific program, when the customizing messages of having deciphered passes through checking, main frame is an executive routine, and the peripherals additional card is started working.
For making purpose of the present invention, structural attitude and function thereof that further understanding be arranged, conjunction with figs. is described in detail as follows:
Description of drawings
Fig. 1 is the block diagram that traditional peripherals additional card is connected with main frame by pci bus;
Fig. 2 is that peripherals additional card of the present invention is connected block diagram by pci bus with main frame; And
Fig. 3 is a preferred embodiment process flow diagram of the present invention.
Wherein, description of reference numerals is as follows:
100,200~main frame, 102,202~microprocessor specific program, 110,210~pci bus, 122,222~microprocessor, 124,224~Nonvolatile memory, 226~microcontroller, RST#~first reset signal, P_RST#~second reset signal
Embodiment
With reference to figure 1, traditional peripherals additional card 120 is made up of microprocessor 122 and Nonvolatile memory 124, microprocessor 122 has interface 126 and connects Nonvolatile memory 124 in order to read-write storage data wherein, and microprocessor 122 can be used Application Specific Integrated Circuit (Application SpecificIntegrated Circuit, ASIC) substitute, with the microprocessor is example, main frame 100 by peripheral component interconnection (Peripheral Component Interconnect, PCI) microprocessor 122 on the bus 110 control peripheral devices additional card 120 and with its swap data.The driver of microprocessor 122 special uses or application program 102 load main frame 100 and carry out after start, and, by pci bus 110 reset signal RST#, microprocessor 122 is reset, activate 120 work of peripherals additional card.Because during by the data in the interface 126 read-write non-volatile internal memories 124, do not prevent that through suitable safety encipher mechanism data are stolen, therefore the content of Nonvolatile memory 124 is easy to be replicated, or intercepts the data of Nonvolatile memory 124 on interface 126 with all means.
Data and peripherals that the present invention adopts a microcontroller that includes enciphering/deciphering mechanism to be responsible in the Nonvolatile memory add the relevant software protection work of khaki.The difference of microcontroller and microprocessor, generally speaking, microprocessor can provide more function and stronger arithmetic capability, also complicated many on the line design, therefore, microprocessor need load program curing or load specific drivers from main frame and could work from the Nonvolatile memory of outside; Otherwise; the program curing that microcontroller only need be simplified mostly just can be worked; and program curing can be stored in the ROM (read-only memory) that is embedded in microcontroller; because the design meeting of microcontroller is read at program and is protected; therefore program curing can't illegally be learnt from the external world; so adopt microcontroller to be responsible for enciphering/deciphering work, can obtain splendid secret effect.
According to the present invention, peripherals additional card 220 is made up of microprocessor 222, Nonvolatile memory 224 and microcontroller 226, as shown in Figure 2, microcontroller 226 has interface 228 connection Nonvolatile memories 224 and reads and writes storage data wherein, microprocessor 222 then connects microcontroller 226 and it is carried out the access of data by interface 230, for example, interface 230 and interface 228 can be the online bus of IC (Inter-Integrated Circuit Bus, I2C) two-wire interface can be simplified circuit design like this.Main frame 200 has the peripheral bus as pci bus, in case the driver or the application program 202 of microprocessor 222 special uses are loaded execution, main frame 200 just can be by microprocessor 222 on the pci bus 210 control peripheral devices additional card 220 and swap data with it.
For embodying feature of the present invention,, the present invention is described further next with Fig. 2 and cooperate the process flow diagram of preferred embodiment among Fig. 3.Because regulation main frame 200 must be removed a period of time Trhfa (about 0.5 second or 1 second at the reset signal RST# of pci bus 210 in the PCI specifications, clock frequency on pci bus is decided) after, poll is connected system identification (Device ID) and dealer's identification code configuration datas such as (Vendor ID) of each system on the pci bus 210, obtain leaving in configuration datas such as system in the Nonvolatile memory 224 and dealer's identification code within the Trhfa that peripherals additional card 220 therefore of the present invention needs after RST# removes.In (booting) stage of activation, when from the RST# signal relief of pci bus 210, the information (step S301) that microcontroller 226 is crossed from Nonvolatile memory 224 reading encrypted by interface 228, this information comprises configuration datas such as system identification and dealer's identification code.Then, microcontroller 226 is decrypted the information that obtains deciphering with this information of encrypting, and behind the configuration data of having been deciphered, microcontroller sends reset signal P RST# (step S303).When receiving P RST# signal, microprocessor 222 reads the configuration data of having deciphered (step S305) via interface 230 from microcontroller 226.As previously mentioned, begin the information of having been deciphered to microprocessor 222 from the RST# signal relief, whole time must be designed within Trhfa to satisfy the PCI specification.
Next, microprocessor 222 transmits the configuration data deciphered to main frame 200, to carry out identification and checking (step S307) by pci bus 210.Main frame 200 can be discerned (step S309) to configuration datas such as the system of having deciphered and dealer's identification codes, checks whether the information of encrypting is passed through suitable deciphering and obtained correct configuration data (step S311).If can't be by checking, the executive routine of relevant peripherals additional card 220 can be stopped, and peripherals additional card 220 can't be worked.Because the data that leave in the Nonvolatile memory 224 are to encrypt through microcontroller 226, also have only by microcontroller 226 and could correctly be deciphered, therefore, even the data in the Nonvolatile memory 224 are stolen or duplicated, the content that also is difficult to understand is wherein plagiarized, is distorted.
If checking is passed through, main frame 200 beginning load and execution microprocessor specific programs 202 are so that peripherals additional card 220 is started working (step S321).For more rigorous safeguard measure further is provided; main frame 200 performed programs 202 are passed through pci bus 210 and microprocessor 222; regularly send the inquiry message of having encrypted to microcontroller 226, wherein, this inquiry message is to produce at random and encrypt (step S323) with key value K1.After microcontroller 226 is received the inquiry message of encrypting, be decrypted the acquisition reply message, and then pass this reply message back by microprocessor 222 and pci bus 210 and give main frame 200 (step S325) with key value K2.According to the present invention, as long as appoint in advance, the key value K1 that encrypts usefulness can be inequality with the key value K2 of deciphering usefulness, and certainly, both also can adopt same key value; Moreover, can utilize the enciphering/deciphering that carries out data such as the algorithm of classes such as RSA or Deffie-Hellman, and the method for enciphering/deciphering is not a category of the present invention, so locate not elaborate.
Next, main frame 200 performed programs 202 are verified the reply message of passing back (step S327).If checking is passed through, main frame 200 continues to carry out the exclusive program 202 of microprocessor, and repeats above-mentioned steps termly; If reply message can't meet inquiry message, main frame 200 performed microprocessor specific programs 202 quit work (step S329) then.In this way, microprocessor specific program 202 can judge whether microcontroller 226 exists or unusually, to guarantee that peripherals additional card 220 is not illegal Counterfeit Item, therefore, can prevent that peripherals additional card 202 and microprocessor specific program 202 wisdom crystallizations such as grade of arranging in pairs or groups from suffering illegal the plagiarism and massive duplication.
The above only is preferred embodiment of the present invention, but is not to be used for limiting practical range of the present invention; Therefore the present invention's claim scope required for protection should be applied for that the claim of protecting is as the criterion with claims.
Claims (20)
1. a method of protecting software on the peripherals additional card is applicable to the peripherals additional card on the peripheral bus that is installed in a main frame, it is characterized in that this method comprises the following steps:
When removing, read a customizing messages of encrypting from a Nonvolatile memory by a microcontroller from one first reset signal of peripheral bus;
The customizing messages that microcontroller will be encrypted is decrypted, and obtains a customizing messages of having deciphered;
Behind the customizing messages that microcontroller has been deciphered, promptly send one second reset signal;
When one microprocessor is received second reset signal, read the customizing messages of having deciphered from microcontroller; And
Microprocessor transmits the customizing messages deciphered to main frame by peripheral bus, carries out identification and checking.
2. protect the method for software on the peripherals additional card according to claim 1, it is characterized in that, also comprise the following steps:
If the customizing messages that the main frame identification has been deciphered, and verify and pass through that main frame begins to carry out the specific program of a microprocessor, and the peripherals additional card is started working;
The performed program of main frame is sent an inquiry message of having encrypted to microcontroller termly by peripheral bus and microprocessor;
Microcontroller is decrypted the inquiry message of having encrypted, to obtain a reply message;
Microcontroller is passed reply message back by microprocessor and peripheral bus;
This reply message of program verification that main frame is performed; And
If reply message can't meet inquiry message, then the performed program of main frame quits work.
3. as the method for software on the protection peripherals additional card as described in the claim 2, it is characterized in that the performed program of main frame is encrypted inquiry message with one first key value.
4. as the method for software on the protection peripherals additional card as described in the claim 3, it is characterized in that microcontroller is decrypted with one second key value and obtains reply message.
5. as the method for software on the protection peripherals additional card as described in the claim 4, it is characterized in that first key value is identical with second key value.
6. as the method for software on the protection peripherals additional card as described in the claim 4, it is characterized in that, but first key value and second key value are inequality through agreement in advance.
7. protect the method for software on the peripherals additional card according to claim 1; it is characterized in that; the customizing messages of having deciphered comprises a system identification and dealer's identification code, and system identification and dealer's identification code are followed the definition of peripheral component interconnection PCI specification.
8. as the method for software on the protection peripherals additional card as described in the claim 7; it is characterized in that; first reset signal is a peripheral component interconnection PCI reset signal; and in the special time of microprocessor after peripheral component interconnection PCI reset signal is removed, from microcontroller reading system identification code and dealer's identification code.
9. as the method for software on the protection peripherals additional card as described in the claim 8, it is characterized in that special time is the defined one section time T rhfa of peripheral component interconnection PCI specification.
10. as the method for software on the protection peripherals additional card as described in the claim 2, it is characterized in that inquiry message is to produce at random.
11. a system that protects software on the peripherals additional card is characterized in that comprising:
One main frame has a peripheral bus; And
One peripherals additional card is connected on this peripheral bus, comprising:
One Nonvolatile memory is used for storing a customizing messages of encrypting;
One microcontroller connects Nonvolatile memory, is used for when removing from one first reset signal of this peripheral bus, and the customizing messages that reading encrypted is crossed also is decrypted and obtains a customizing messages of having deciphered, sends one second reset signal again; And
One microprocessor is connected between peripheral bus and the microcontroller, is used for reading the customizing messages of having deciphered from microcontroller after receiving second reset signal, and transmits customizing messages to the main frame of having deciphered by peripheral bus and carry out identification and checking.
12. system as software on the protection peripherals additional card as described in the claim 11; it is characterized in that main frame has a program of microprocessor special use, when the customizing messages of having deciphered passes through checking; main frame begins executive routine, and the peripherals additional card is started working.
13. system as software on the protection peripherals additional card as described in the claim 12; it is characterized in that; the performed program of main frame has one first key value; and with first key value inquiry message that produces is at random encrypted termly; and, send the inquiry message of having encrypted to microcontroller by peripheral bus and microprocessor.
14. system as software on the protection peripherals additional card as described in the claim 13; it is characterized in that; microcontroller has one second key value; and the inquiry message that will encrypt with second key value of microcontroller is decrypted and obtains a reply message; and, pass reply message back by microprocessor and peripheral bus.
15. the system as software on the protection peripherals additional card as described in the claim 14 is characterized in that, the program verification reply message that main frame is performed, if reply message can't meet inquiry message, then main frame stops execution procedures.
16. the system as software on the protection peripherals additional card as described in the claim 14 is characterized in that first key value is identical with second key value.
17. the system as software on the protection peripherals additional card as described in the claim 14 is characterized in that, but first key value and second key value are inequality through agreement in advance.
18. the system as software on the protection peripherals additional card as described in the claim 10 is characterized in that, the peripheral bus of main frame is a bus of following peripheral component interconnection PCI specification.
19. system as software on the protection peripherals additional card as described in the claim 18; it is characterized in that; the customizing messages of having deciphered is to comprise a system identification and dealer's identification code, and this system identification and dealer's identification code are all followed the definition of peripheral component interconnection PCI specification.
20. system as software on the protection peripherals additional card as described in the claim 19; it is characterized in that; first reset signal is a peripheral component interconnection reset signal; and in the special time of microprocessor after peripheral component interconnection reset signal is removed; from microcontroller reading system identification code and dealer's identification code, and special time is the defined one section time T rhfa of peripheral component interconnection PCI specification.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03101809 CN1269024C (en) | 2003-01-16 | 2003-01-16 | Method and system for protecting software on additional card of peripheral equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 03101809 CN1269024C (en) | 2003-01-16 | 2003-01-16 | Method and system for protecting software on additional card of peripheral equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1517858A true CN1517858A (en) | 2004-08-04 |
| CN1269024C CN1269024C (en) | 2006-08-09 |
Family
ID=34281470
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 03101809 Expired - Fee Related CN1269024C (en) | 2003-01-16 | 2003-01-16 | Method and system for protecting software on additional card of peripheral equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1269024C (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101227596B (en) * | 2007-12-26 | 2010-06-23 | 王波 | DVR video monitoring software enciphering method and implementing circuit |
| CN102592064A (en) * | 2011-01-07 | 2012-07-18 | 深圳同方电子设备有限公司 | Dynamic crypto chip |
| CN105631362A (en) * | 2014-10-29 | 2016-06-01 | 奇方科技有限公司 | Encryption method of microcontroller unit |
| CN112100580A (en) * | 2020-08-13 | 2020-12-18 | 宁波吉利汽车研究开发有限公司 | Signature checking method, device and medium for small memory controller |
-
2003
- 2003-01-16 CN CN 03101809 patent/CN1269024C/en not_active Expired - Fee Related
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101227596B (en) * | 2007-12-26 | 2010-06-23 | 王波 | DVR video monitoring software enciphering method and implementing circuit |
| CN102592064A (en) * | 2011-01-07 | 2012-07-18 | 深圳同方电子设备有限公司 | Dynamic crypto chip |
| CN105631362A (en) * | 2014-10-29 | 2016-06-01 | 奇方科技有限公司 | Encryption method of microcontroller unit |
| CN112100580A (en) * | 2020-08-13 | 2020-12-18 | 宁波吉利汽车研究开发有限公司 | Signature checking method, device and medium for small memory controller |
| CN112100580B (en) * | 2020-08-13 | 2022-08-02 | 宁波吉利汽车研究开发有限公司 | Signature checking method, device and medium for small memory controller |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1269024C (en) | 2006-08-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7389536B2 (en) | System and apparatus for limiting access to secure data through a portable computer to a time set with the portable computer connected to a base computer | |
| US6032257A (en) | Hardware theft-protection architecture | |
| US6704872B1 (en) | Processor with a function to prevent illegal execution of a program, an instruction executed by a processor and a method of preventing illegal execution of a program | |
| US6463537B1 (en) | Modified computer motherboard security and identification system | |
| RU2538329C1 (en) | Apparatus for creating trusted environment for computers of information computer systems | |
| US20050108532A1 (en) | Method and system to provide a trusted channel within a computer system for a SIM device | |
| OA10588A (en) | Preboot protection for a data security system | |
| WO1996034334A1 (en) | Device for executing enciphered program | |
| CN101765845A (en) | System and method for digital content distribution | |
| CN1465002A (en) | Data-protected memory device for a processor | |
| US20080263542A1 (en) | Software-Firmware Transfer System | |
| CN107832589B (en) | Software copyright protection method and system | |
| US8522351B2 (en) | Production security control apparatus for software products and control method thereof | |
| US20200019324A1 (en) | Card activation device and methods for authenticating and activating a data storage device by using a card activation device | |
| US20080126810A1 (en) | Data protection method for optical storage media/device | |
| CN100587698C (en) | Method and system for protecting rent resource in computer | |
| JP2002032141A (en) | Method for preventing unapproved application of software constitutional element | |
| CN114785503A (en) | Cipher card, root key protection method thereof and computer readable storage medium | |
| JPH08508352A (en) | Safe critical processor and processing method for data processing system | |
| CN1269024C (en) | Method and system for protecting software on additional card of peripheral equipment | |
| CN101615160A (en) | The security system and the safety method that are used for code dump protection | |
| CN102937907B (en) | Utilize SD card to authorize software to install and upgrade the method using | |
| CN101627391B (en) | Method and system for controlling access to digital content | |
| KR100310445B1 (en) | Method for controlling Universal Serial Bus security module using crypto-chip | |
| CN108256336B (en) | Binding and identifying method for operating system and mainboard |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C19 | Lapse of patent right due to non-payment of the annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |