JP2004537801A - How to protect software against unauthorized use by "basic function" principle - Google Patents

Abstract

The present invention relates to a method for protecting, by a unit, balunable software against unauthorized use. The valuable software runs on a data processing system. The method defines a set of basic functions that can be executed by the unit and a set of basic commands in the generation of the protected software. The protected software is selected because it is generated by modifying the source of the balunable software by creating the source of the protected software from the source of the balunable software by selecting at least one algorithmic operation. The at least one algorithmic process is split when the protected software is executed. The algorithm processing is executed by using a basic function.

Description

[0001]
The present invention relates generally to the technical field of data processing systems and in particular to means for protecting software running on said data processing system against unauthorized use.
[0002]
The subject of the invention is especially aimed at providing a means of using a processing / storage unit to protect software against unauthorized use. Such a unit is generally realized by a chip card or a physical key on a USB port.
[0003]
In the above technical field, a major problem relates to unauthorized use of software by a user who has not paid for a license. Illegal use of this software causes obvious losses to software editors, software vendors, and / or anyone who integrates such software into a product. In order to prevent such illegal copying, the latest technology proposes various solutions for protecting software.
[0004]
For example, protection solutions are known that utilize hardware protection systems, such as physical components called protection keys or "dongles". Such a protection key must ensure that the software is executed only in the presence of the key. However, this solution is not effective because it causes a disadvantage that it is easy to avoid. A Service-to-Self or hacker can remove the control instructions for the protection key with the help of special tools such as disassemblers. In that case, an illegal copy corresponding to the modified version of the software can be executed without protection. Furthermore, this solution cannot be generalized to all software because it is difficult to connect more than two protection keys to the same system.
[0005]
The subject of the present invention is to precisely protect the software against unauthorized use by using a processing / storage unit so that the presence of such a unit is necessary for the software to be fully functional The aim is to find a solution to the above problem by proposing a process to do it.
[0006]
In order to achieve such a goal, the subject of the present invention is to use at least one blank unit comprising at least processing means and storage means to convert valuable software generated from a source and running on a data processing system into at least one blank unit. Related to protecting against unauthorized use. The process according to the invention comprises:
→ During the protection phase,
A set of basic functions whose basic functions can be performed in the unit,
-And a set of elementary commands for said set of elementary functions, said set of elementary commands being executed in a data processing system and triggering execution in a unit;
To define
Building utilization means that can be converted into units capable of executing said set of basic functions (the execution of said basic functions is triggered by execution in a data processing system);
・ Protected software
By using at least one operand and selecting at least one algorithmic operation capable of obtaining at least one result during execution of the valuable software;
By selecting at least one portion of the source of the valuable software, including at least one selected algorithmic process;
-Changing the at least one selected portion of the source of the protected software from the source of the protected software to obtain at least one modified portion of the source of the protected software; To create (this change
> During execution of the protected software, a first execution part is executed in the data processing system and a second execution part is executed in a unit obtained from the blank unit after uploading information;
> At least a function of at least one selected algorithmic processing is performed by a second execution part;
At least one selected algorithmic process is split, whereby said algorithmic process is executed by a second execution part using a basic function during execution of the protected software;
> For at least one selected algorithmic operation, the basic commands are integrated into the source of the protected software, whereby during the protected software execution each basic command is executed by the first execution part, Triggers the execution of the basic function by the second execution part at
A sequence of elementary commands is selected from a set of sequences enabling execution of the protected software,
Is such a change)
− And
A first object part of the protected software from the source of the protected software (the first object part being an object part such that a first execution part appears during execution of the protected software, Parts are executed in the data processing system, at least one part of which takes into account that the basic commands are executed according to the selected sequence),
And a second object part of the protection software including the utilization means, wherein the basic function triggered by the first execution part is executed during execution of the protection software after uploading to the blank unit, Like two execution parts,
By generating
To create,
Uploading the second object part to a blank unit for the purpose of obtaining the unit, and
→ During the exploitation phase where the protection software is executed,
In the presence of the unit, each time a basic command contained in a part of the first execution part requests, by executing the corresponding basic function in the unit, the part is executed correctly, and as a result, the protected software is completely To work,
And, in the absence of the unit, despite the request by the part of the first execution part to trigger the execution of the basic function in the unit, at least the part cannot be fulfilled due to the inability to fulfill the request And, as a result, make sure that the protected software is not fully functional,
including.
[0007]
According to a preferred embodiment, the process according to the invention comprises:
→ During the protection phase,
・ Protected software
-During execution of the protected software, by selecting at least one variable used in at least one selected algorithmic process that partially defines the state of the protected software;
Altering at least one selected portion of the source of the protected software (this change may occur during execution of the protected software if at least one selected variable or at least one copy of the selected variable is a unit) Changes that exist in
− And
A first object part of the protected software, wherein during execution of the protected software, at least one part of the first execution part also takes into account that at least one variable or at least one copy of the variable is present in the unit; Something like
> And a second object part of the protected software, after uploading to the unit, during execution of the protected software, a second execution part appears, whereby at least one selected variable or selected variable Such that at least one copy of is also present in the unit,
By generating
Change,
Including
→ During the use phase,
• In the presence of the unit, each time a portion of the first execution part requests, by using the variable or a copy of the variable that exists in the unit, that portion is executed correctly, resulting in complete protection of the protected software. Make it work,
And at least the failure to correctly satisfy the request in the absence of the unit, despite the request by the part of the first execution part to use a variable or a copy of the variable present in the unit. To ensure that parts do not run properly, and as a result, the protected software is not fully functional;
including.
[0008]
According to another preferred embodiment, the process according to the invention comprises:
→ During the protection phase,
-At least one software execution characteristic that can be monitored at least partially in the unit;
-At least one criterion that at least one software execution characteristic must adhere to;
Detection means implemented in the unit and capable of detecting that at least one software execution characteristic does not comply with at least one relevant criterion;
And and enforcement means implemented in the unit to notify the data processing system when at least one criterion is not adhered to and / or to change the execution of the software;
To define
Building utilization means that also enable the unit to implement detection and enforcement means;
And and the protected software,
-By selecting at least one software execution characteristic to be monitored from among the software execution characteristics that can be monitored;
By selecting at least one criterion that at least one selected software execution characteristic must adhere to;
By selecting, in the source of the protected software, at least one selected basic function whose software execution characteristics are to be monitored;
Altering at least one selected part of the source of the protected software, the change being performed during execution of the protected software, wherein at least one selected execution characteristic is monitored by the second execution part and the criterion is Non-compliance is a change that informs the data processing system and / or changes the execution of the protected software)
And generating a second object part of the protected software including utilization means that also implements detection means and forcing means, said second object part being at least during the execution of the protected software after uploading to the unit. One first software execution characteristic is monitored and the non-compliance of the criteria is a notification to the data processing system and / or an object part that changes the execution of the protected software)
Change,
Including
→ During the use phase,
・ When a unit exists,
-As long as all the criteria corresponding to all monitored execution characteristics of all changed parts of the protected software are observed, said parts of the protected software will operate nominally and consequently the protected software To work as nominal,
And notifying the data processing system if at least one criterion corresponding to the monitored execution characteristic of the portion of the protected software has not been complied with and / or controlling the function of the portion of the protected software. Make changes to the functionality of the protected software,
including.
[0009]
According to a variant embodiment, the process according to the invention comprises:
→ During the protection phase,
-Software performance characteristics that can be monitored, such as measurement variables for the usage of software functions,
-At least one threshold value associated with each measurement variable,
-And an enabling means capable of updating at least one measurement variable,
To define
Building utilization means that also enable the unit to carry out activation means;
And and the protected software,
By selecting at least one measurement variable of the usage of at least one function of the software as a software execution characteristic to be monitored;
-> At least one function of the protected software whose use can be monitored using the measurement variables;
> At least one measurement variable used to quantify the use of said function,
> At least one threshold value associated with the selected measurement variable corresponding to the usage limit of said function;
> And at least one method of updating selected measurement variables depending on the usage of said function,
By selecting
And altering at least one selected part of the source of the protected software (this change being realized by the second execution part, during the execution of the protected software, the measurement variables depend on the use of said function) And at least one threshold crossing is taken into account)
Changing the
Including
→ notify the data processing system during the use phase when the unit is present and at least one threshold crossing corresponding to at least one use limit is detected and / or protected Modify the functionality of the software parts so that the functionality of the protected software is modified,
including.
[0010]
According to a variant embodiment, the process according to the invention comprises:
→ During the protection phase,
-Some associated thresholds for at least one measurement variable;
-And different forcing means corresponding to each of said thresholds,
To define
And and the protected software,
By selecting in the source of the protected software at least one selected measurement variable to which several threshold values corresponding to different usage limits of the function have to be associated;
By selecting at least two thresholds associated with the selected measurement variable,
And altering at least one selected portion of the source of the protected software (this change is such that during execution of the protected software, various threshold crossings are considered differently by the second execution part) Changes that are made)
Change,
Including
→ During the use phase,
・ When a unit exists,
-Instructing the protected software not to use the corresponding function anymore if the first threshold is exceeded;
-Disabling the corresponding function and / or at least part of the protected software if a second threshold is exceeded;
including.
[0011]
According to a variant embodiment, the process according to the invention comprises:
→ During the protection phase,
Defining a replenishment measure that allows at least one additional use of at least one software function monitored by the measurement variable;
Building utilization measures that also allow the unit to implement replenishment measures;
And and the protected software,
By selecting at least one selected measurement variable in the source of the protected software that can limit the use of functions that must be able to allow at least one additional use;
And altering at least one selected portion, such that the alteration permits at least one additional use of at least one function corresponding to the selected measurement variable during a phase called the replenishment phase. Change)
Change,
Including
→ During the replenishment phase,
Re-enabling at least one selected measurement variable and / or at least one associated threshold to enable at least one additional use of the function;
including.
[0012]
According to a variant embodiment, the process according to the invention comprises:
→ During the protection phase,
-Software usage characteristics that can be monitored include software usage profiles,
-And at least one software execution characteristic,
To define
And and the protected software,
By choosing to monitor at least one software usage profile as a software execution characteristic;
By selecting at least one execution characteristic that at least one selected usage profile must adhere to;
And altering at least one selected part of the source of the protected software (this change is required during execution of the protected software if the second execution part does not comply with all selected execution features) Changes that don't have to be)
Change,
Including
→ During the use phase, notify the data processing system when the unit is present and when it is detected that at least one execution feature is not being adhered to and / or Modify the functionality so that the functionality of the protected software is changed,
including.
[0013]
According to a variant embodiment, the process according to the invention comprises:
→ During the protection phase,
A set of instructions that can be executed by the unit;
-A set of instruction commands for said instruction set, said set of instruction commands being executed in a data processing system and triggering execution of the instructions in the unit;
-A chain of instructions,
-The expected execution sequence for the execution of the instruction,
-Means for detecting that the chain of instructions does not correspond to the expected one;
-And as a coercive means, a means capable of notifying the data processing system if the chain of instructions does not correspond to what is expected and / or changing the function of the part of the protected software;
To define
Building utilization means that also allow the unit to execute instructions of the instruction set (the execution of said instructions is triggered by the execution of instruction commands in the data processing system);
And and the protected software,
-At least one selected part of the source of the protected software,
> By converting basic functions into instructions,
By specifying a chain that at least part of the instructions must adhere to during their execution in the unit,
> And by converting the basic command to an instruction command corresponding to the instruction used,
By changing
Change,
Including
→ During the usage phase, if the presence of the unit detects that the chain of instructions executed by the unit does not correspond to the expected one, it informs the data processing system of it and / or Modify the functionality of the protected software so that the functionality of the protected software is changed,
including.
[0014]
According to a variant embodiment, the process according to the invention comprises:
→ During the protection phase,
-As an instruction set, at least some instructions cooperating with registers and using at least one operand for the purpose of returning a result;
-For at least some of the instructions associated with the registers,
> A part that defines the function of the instruction, and> a part that defines the expected chain for the execution of the instruction,
(The part is
識別 Instruction identification field,
◇ and for each operand of the instruction:
* Flag field,
* And the expected identification field of the operand,
That contains the bit field corresponding to),
For each register belonging to the exploitation means used by the instruction set, a generation identification field in which the identification of the last instruction which returned its result is automatically stored;
As detecting means, during execution of the instruction, for each operand, when the flag field requires, the generation identification field corresponding to the register used by the operand and the expected identification field of the source of the operand; Means to check for equality,
-And means for being able to change the result of the instruction if at least one of the checked equalities is false, as enforcement means;
To define
including.
[0015]
According to another preferred embodiment, the process according to the invention comprises:
→ During the protection phase,
.- Basic commands or instruction commands as trigger commands,
-As dependent functions, basic functions or instructions;
-At least one argument to a trigger command that, as an order, at least partially corresponds to the information sent by the data processing system to the unit and triggers execution of the corresponding dependent function;
-A method for renaming an order, wherein the order can be renamed to obtain a trigger command having the renamed order;
-And recovery means designed to be used in the unit during the use phase and capable of recovering dependent functions to be performed from the renamed order;
To define
Building utilization measures that also allow the unit to implement restoration measures;
And and the protected software,
-By selecting a trigger command in the source of the protected software,
By modifying at least one selected part of the source of the protected software by renaming the order of the selected trigger command so as to hide the identification of the corresponding dependent function;
− And
The first object part of the protected software, such that during execution of the protected software, a trigger command with the renamed order is executed;
And a dependent function whose execution is triggered by the first execution part during execution of the protected software after uploading to the unit, and a second object part of the protected software including utilization means also implementing the restoration means , The identity of which is restored by the second execution part and the dependent function is executed by the second execution part,
By generating
Change,
Including
→ During the use phase,
Each time a trigger command with a renamed order contained in a part of the first execution part requests in the presence of the unit, the identity of the corresponding dependent function is restored in the unit and the part is executed correctly , As a result, making the protected software fully functional,
And, in the absence of the unit, despite the request by the part of the first execution part to trigger the execution of the dependent function in the unit, the request cannot be fulfilled correctly, so that at least the part Will not be executed, and as a result, the protected software will not be fully functional,
including.
[0016]
According to a variant embodiment, the process according to the invention comprises:
→ During the protection phase,
Defining, for at least one dependent function, a set of dependent functions that are algorithmically equivalent, but whose renamed orders are triggered by different trigger commands;
And and the protected software,
By selecting at least one trigger command having a renamed order in the source of the protected software,
And by replacing at least the renamed order of one selected trigger command having the renamed order with another renamed order that triggers the same group of dependent functions, By changing at least one selected part,
Change,
including.
[0017]
According to a variant embodiment, the process according to the invention comprises:
→ During the protection phase, for at least one dependent function, a set of algorithmically equivalent
-By concatenating the noise field with information defining the functional part of the dependent function to be performed by the unit;
-Or by using the identification field of the instruction and the expected identification field of the operand,
To define,
including.
[0018]
According to a variant embodiment, the process according to the invention comprises:
→ During the protection phase,
.-An order renaming method, an encryption method for encrypting the order,
-And means for implementing a decoding method as decoding means for decoding the renamed order to restore the identity of the dependent function to be performed in the unit,
To define
including.
[0019]
According to another preferred embodiment, the process according to the invention comprises:
→ During the protection phase,
・ Protected software
By selecting at least one conditional branch executed in at least one selected algorithmic process in the source of the protected software,
Altering at least one selected part of the source of the protected software (this change is performed during execution of the protected software, if the function of at least one selected conditional branch is a unit, a second execution part) Is the change performed by
− And
> The first object part of the protected software, such that during execution of the protected software, at least one selected conditional branching function is performed in the unit;
> The second object part of the protected software, after uploading to the unit, during execution of the protected software, a second execution part appears, whereby the function of at least one selected conditional branch is executed Something like
By generating
Change,
Including
→ During the use phase,
Performing at least one conditional branching function on the unit each time a part of the first execution part requests in the presence of the unit, so that the part is executed correctly, so that the protected software is fully functional To do,
And, in the absence of the unit, despite the request by the part of the first execution part to perform the function of the conditional branch in the unit, the request cannot be fulfilled correctly, so that at least the part Will not be executed, and as a result, the protected software will not be fully functional,
including.
[0020]
According to a variant embodiment, the process according to the invention comprises, during the protection phase, the protected software:
-By selecting at least one selected conditional branch sequence in the source of the protected software,
Altering at least one selected part of the source of the protected software (this change means that during execution of the protected software, all functions of the at least one selected conditional branching sequence are in units of the second Changes that are performed by the execution part)
− And
> The first object part of the protected software, such that during execution of the protected software, at least one function of the selected conditional branch sequence is performed in the unit;
A second object part of the protected software, after uploading to the unit, during execution of the protected software, a second execution part appears, whereby all functions of at least one selected conditional branch sequence are executed Something like
By generating
Including making changes.
[0021]
Thus, the process according to the invention makes it possible to protect the use of software by using a processing / storage unit that exhibits the property of containing a part of the software to be executed. Thus, any derivative version of the software that attempts to operate without a processing / storage unit requires that during execution that part of the software contained in the storage unit be recreated, otherwise the derivative version of the software is completely Does not work.
[0022]
Various other features will be apparent in the following description, which refers to the accompanying drawings, which illustrate non-limiting examples, embodiments, and implementations of the present inventive subject matter.
[0023]
In the following description, the following definitions are used.
[0024]
The data processing system 3 is a system that can execute a program.
[0025]
A processing / storage unit is a unit that can perform the following:
Receiving data provided by the data processing system 3;
Return the data to the data processing system 3;
-Store data at least partially secretly and retain at least part of this data even when the unit is powered off.
Perform algorithmic processing on the data and keep some or all of the results secret;
[0026]
The unit 6 is a processing / storage unit for implementing the process according to the invention.
[0027]
The blank unit 60 is a unit that does not implement the process according to the invention, but can receive data and convert it to the unit 6.
[0028]
The pre-customized unit 66 is a blank unit 60 that has received a portion of the data and can be converted to unit 6 after receiving the supplemental data.
[0029]
Uploading information to blank unit 60 or pre-customized unit 66 is equivalent to transferring information to blank unit 60 or pre-customized unit 66 and storing the transferred information. This transfer can include a change in the information format.
[0030]
Use uppercase letters to indicate variables, functions, or data contained in data processing system 3 and use lowercase letters to designate variables, functions, or data contained in unit 6;
[0031]
"Protected software" is software that is protected by at least one of the protection principles implemented by the process according to the present invention.
[0032]
"Varnable software" is software that is not protected by any of the protection principles implemented by the process according to the present invention.
[0033]
• Use the word "software" when the difference between the valuable software and the protected software is not significant.
[0034]
-Software has the following various expressions depending on the point of consideration (instant considered) in its life cycle.
− Source representation
− Object representation
− Distribution
-Or dynamic expressions
[0035]
-A software source expression is an expression that becomes an object expression after conversion. Source representations can have various levels, from conceptual abstraction levels to levels that can be directly executed by a data processing system or processing / storage unit.
[0036]
The object representation of the software represents the level of representation that can be performed after transfer to distribution and upload to the data processing system or processing / storage unit. For example, the object representation may be a binary code, an interpreted code, or the like.
[0037]
• Distribution is physical or virtual support, including object representation, and it is up to the user to use the software.
[0038]
• Dynamic representation is equivalent to executing software from software distribution.
[0039]
A piece of software is a piece of software, for example, one or more continuous or non-contiguous instructions, and / or one or more contiguous or non-contiguous functional blocks, and It can be one or more functions, and / or one or more subprograms, and / or one or more modules. Also, the software part may correspond to the entire software.
[0040]
FIGS. 10 and 11 respectively show various representations of the balunable software 2v in a general sense and of the protected software 2p protected according to the process according to the invention.
[0041]
FIG. 10 shows various representations of the valuable software 2v that appear in the life cycle. The valuable software 2v may appear in any of the following expressions.
・ Source representation 2vs
・ Object representation 2vo
・ Distribution 2vd. The distribution often takes the form of a physical distribution medium such as a CDROM or a file distributed via a network (such as GSM or the Internet).
Or a dynamic representation 2ve which generally corresponds to the execution of the varnable software 2v on a data processing system 3 of a known type, which generally comprises at least one processor 4.
[0042]
FIG. 11 shows various expressions of the protected software 2p appearing in the life cycle. The protected software 2p may appear in any of the following expressions.
A source representation including a first object part 2pos for the data processing system 3 and a second object part 2pos for the unit 6. Parts of both source parts are often contained in a common file.
An object display 2po including a first object part 2pos for the data processing system 3 and a second object part 2pou for the unit 6;
・ Distribution 2pd including:
A first distribution part 2pds including a first object part 2pos. The first distribution part 2pds is for the data processing system 3, and often takes the form of a physical distribution medium such as a CDROM or a file distributed via a network (GSM, the Internet, or the like).
-And a second distribution part 2 pdu of the form
Or alternatively, at least one pre-customized unit 66 in which a part of the second object part 2 pou has been uploaded and the user has to complete the customization by uploading supplementary data in order to obtain the unit 6. This supplementary data is acquired by downloading via a network or the like.
Or at least one unit 6 to which the second object part 2pou has been uploaded
Or a dynamic expression 2pe corresponding to the execution of the protected software 2p. The dynamic expression 2pe includes a first execution part 2pes executed by the data processing system 3 and a second execution part 2peu executed by the unit 6.
[0043]
Where the difference between the various expressions of the protected software 2p is not significant, the terms "first part of the protected software" and "second part of the protected software" shall be used.
[0044]
An implementation of the process according to the invention according to the dynamic representation of FIG. 11 uses a device 1p comprising a data processing system 3 connected to a unit 6 by a link 5. The data processing system 3 may be of any type, but generally includes at least one processor 4. The data processing system 3 can be part of a computer, or various machines, equipment, fixed or mobile products, or vehicles in a general sense. The link 5 can be realized by any method such as a serial link, a USB bus, a wireless link, an optical link, a network link, and a direct electrical connection to a circuit of the data processing system 3. It should be noted that the unit 6 can be physically located in the same integrated circuit as the processor 4 of the data processing system 3. In this case, the unit 6 can be regarded as a coprocessor in relation to the processor 4 of the data processing system 3, and the link 5 is in an integrated circuit.
[0045]
20 to 22 show various embodiments of the device 1p enabling the implementation of a protection process according to the invention, in a specific and non-limiting manner.
[0046]
In the embodiment shown in FIG. 20, the protection device 1p includes a computer as the data processing system 3, a chip card 7 as the unit 6, and its interface 8 (generally called a card reader). Computer 3 is connected to unit 6 by link 5. During the execution of the protected software 2p, both the first execution part 2pes executed on the computer 3 and the second execution part 2peu executed on the chip card 7 and its interface 8 are required for the protected software 2p to fully function. Must work.
[0047]
In the embodiment shown in FIG. 21, the product 9 in a general sense that is equipped with the protection device 1p includes various components 10 that are adapted to the functions that such a product 9 performs. The protection device 1p includes on the one hand a data processing system 3 integrated in the product 9, and on the other hand a unit 6 associated with the product 9. For the product 9 to be fully functional, the protected software 2p must be fully functional. Therefore, during execution of the protected software 2p, both the first execution part 2pes executed by the data processing system 3 and the second execution part 2peu executed by the unit 6 must function. Therefore, unauthorized use of the product 9 or any of its functions can be indirectly prevented by the protected software 2p. Product 9 can be equipment, systems, machines, toys, indoor appliances, telephones, and the like.
[0048]
In the embodiment shown in FIG. 22, the protection device 1p includes a plurality of computers and a part of a communication network. The data processing system 3 is a first computer connected by a network-type link 5 to a unit 6 constituted by a second computer. In the implementation of the present invention, the second computer 6 is used as a license server for the protected software 2p. During execution of the protected software 2p, both the first execution part 2pes executed by the first computer 3 and the second execution part 2peu executed by the second computer 6 are required for the protected software 2p to fully function. Must work.
[0049]
FIG. 30 clearly shows the protection process according to the invention. It should be noted that the valuable software 2v is assumed to be fully running on the data processing system 3. On the other hand, in the implementation of the protected software 2p, since the transfer means 13 which is a part of the unit 6 is connected to the transfer means 12 provided in the data processing system 3 by the link 5, the first execution of the protected software 2p is performed. Communication between part 2pes and the second execution part 2peu can be established.
[0050]
It should be noted that the transfer means 12, 13 have the nature of software and / or hardware and can realize (and possibly optimize) data communication between the data processing system 3 and the unit 6. The transfer means 12 and 13 are preferably configured to freely use the protected software 2p which does not depend on the type of the link 5 used. Since these transfer means 12, 13 are not the subject of the present invention and are well known to those skilled in the art, they will not be described in further detail. The first part of the protected software 2p includes a command. Executing this command by the first execution part 2pes during execution of the protected software 2p enables communication between the first execution part 2pes and the second execution part 2peu. In the following description, this command is represented as IN, OUT, or TRIG.
[0051]
As shown in FIG. 31, the unit 6 is equipped with a protection means 14 to enable the implementation of the second execution part 2peu of the protected software 2p. The protection means 14 includes a storage means 15 and a processing means 16.
[0052]
In order to simplify the following description, the presence or absence of the unit 6 during execution of the protected software 2p will be examined. Indeed, a unit 6 with a protection means 14 that is not suitable for the execution of the second execution part 2peu of the protected software 2p is always regarded as absent if the protected software 2p is not executed correctly. The following applies to the presence or absence of units.
A unit 6 which is physically present and comprises a protection means 14 suitable for the execution of the second execution part 2peu of the protected software 2p is always considered to be present.
A unit 6 with protection means 14 that is physically present but is not suitable for the correct implementation of the second execution part 2peu of the protected software 2p (which does not allow this implementation) If the protected software 2p does not function correctly, it is deemed to be absent.
The unit 6 that does not physically exist is always regarded as not existing.
[0053]
If the unit 6 comprises a chip card 7 and its interface 8, the transfer means 13 is divided into two parts. One is a part on the interface 8 and the other is a part on the chip card 7. In this embodiment, the absence of the chip card 7 is considered the same as the absence of the unit 6. That is, when the chip card 7 and / or its interface 8 are not present, the protection means 14 is inaccessible and cannot execute the second execution part 2peu of the protected software 2p, so that the protected software 2p is completely Does not work.
[0054]
The purpose of the protection process according to the invention is to implement a protection principle called << basic function >>. This implementation will be described with reference to FIGS.
[0055]
The implementation of the principle of protection by basic functions defines:
-Basic function set. The basic functions included in the basic function set can be executed by the second execution part 2peu in the unit 6, and in some cases, data can be transferred between the data processing system 3 and the unit 6. .
-The basic command set for this basic function set. This elementary command can be executed in the data processing system 3, which triggers the execution of the corresponding elementary function in the unit 6.
[0056]
In the implementation of the protection principle by the basic function, a utilization means capable of converting the blank unit 60 into the unit 6 capable of executing the basic function is also configured. The execution of the basic function is triggered by the execution of the basic command in the data processing system 3.
[0057]
In the implementation of the protection principle by elementary functions, at least one algorithmic operation using at least one operand and returning at least one result is also selected in the source 2v of the valuable software. Also, at least one source 2 vs. portion of the valuable software that includes at least one selected algorithmic operation is selected.
[0058]
Next, at least one selected portion of the source 2v of the valuable software is modified to obtain the source 2ps of the protected software. As a result of this change:
During the execution of the protected software 2p, at least one part of the first execution part 2pes executed in the data processing system 3 takes into account that at least one selected algorithm processing function is executed in the unit 6. .
During the execution of the protected software 2p, the second execution part 2peu executed in the unit 6 performs at least one function of at least one selected algorithmic process.
During the execution of the protected software 2p, each of the selected algorithm processes is split such that each of the selected algorithm processes is performed by the second execution part 2peu using a primitive function. Each of the selected algorithm processes is performed by the basic function fe_n(The range of n is preferably 1 to N). That is, it is divided into the following basic functions.
One or more elementary functions (as the case may be) that allow the handling of one or more operands to be left to unit 6
Basic functions, some of which use the operands and which, when combined, perform the function of the selected algorithmic operation using this operand;
One or more elementary functions (optional) allowing unit 6 to delegate to data processing system 3 the handling of the results of the selected algorithmic processing.
A sequence of basic commands is selected from a series of sequences enabling execution of the protected software 2p;
[0059]
The first execution part 2pes of the protected software 2p executed by the data processing system 3 is a basic command CEF._n(The range of n is 1 to N). This command is based on the basic function fe defined earlier._nThe respective execution by the second execution part 2peu is triggered in unit 6.
[0060]
FIG. 60 illustrates an example of execution of the valuable software 2v. In this example, the calculation Z ← (X, Y) is executed at a predetermined time during the execution of the valuable software 2v in the data processing system 3. This calculation is equivalent to substituting the result of the algorithm processing represented by the function F using the operands X and Y into the variable Z.
[0061]
FIG. 61 shows an implementation example of the present invention in which the algorithm processing selected in FIG. In this example, if the unit 6 exists during the execution of the first execution part 2pes of the protected software 2p in the data processing system 3, the following is performed.
・ Time t₁, T₂In the basic command CFE₁, CFE₂Is executed. This command is executed by the corresponding basic function fe by the second execution part 2peu.₁, Fe₂Is triggered in unit 6. This basic function transfers the data X, Y from the data processing system 3 to the storage zones x, y arranged in the storage means 15 of the unit 6, respectively. This basic command CFE₁, CFE₂Are represented as OUT (x, X) and OUT (y, Y), respectively.
・ Time t₃~ T_N-1In the basic command CFE₃~ CFE_N-1Is executed. This command is executed by the corresponding basic function fe by the second execution part 2peu.₃~ Fe_N-1Is triggered in unit 6. This basic command CFE₃~ CFE_N-1Are TRIG (fe₃)-TRIG (fe_N-1). A series of basic functions fe executed in combination₃~ Fe_N-1Is the same as the function F. More precisely, when this basic command is executed, the basic function fe that returns the result to the storage zone z of the unit 6 using the contents of the storage zones x and y₃~ Fe_N-1Is executed in the unit 6.
・ Time t_NIn the basic command CFE_NIs executed. This command is a basic function fe by the second execution part 2peu._NIs triggered in unit 6. This function transfers the result of the algorithm processing contained in the storage zone z of the unit 6 to the data processing system 3 in order to substitute the result into the variable Z. This basic command CFE_NIs represented as IN (z).
[0062]
In this example, basic commands 1 to N are continuously executed. However, it should be noted that the following two improvements can be made.
The first improvement concerns the case where a plurality of algorithm processes are remotely processed in the unit 6 and at least the result of one algorithm process is used in another algorithm process. In such a case, some of the basic commands used for the transfer can be deleted.
The purpose of the second improvement is to select an appropriate basic command sequence from a sequence that allows the execution of the protected software 2p. In this regard, it is desirable to select a basic command sequence that temporarily separates the execution of the basic function. To do this, a portion of code executed by the data processing system 3 that includes (or does not include) a basic command used to determine another data is inserted between the basic commands. Figures 62 and 63 illustrate the principles of such an embodiment.
[0063]
FIG. 62 illustrates an execution example of the valuable software 2v. In this example, during execution of the valuable software 2v, two algorithm processes are executed in the data processing system 3 to determine Z and Z '. This processing is represented by Z ← F (X, Y) and Z ′ ← F ′ (X ′, Y ′).
[0064]
FIG. 63 shows an example of an implementation of the process according to the invention in which the two algorithmic operations selected in FIG. In this example, if the unit 6 exists during the execution of the first execution part 2pes of the protected software 2p in the data processing system 3, as described above, the basic command CFE₁~ CFE_NIs equivalent to determining Z, and the basic command CFE '₁~ CFE '_MIs equivalent to determining Z ′. As shown in the figure, the basic command CFE '₁~ CFE '_MAnd other code parts are inserted, the basic command CFE₁~ CFE_NIs not executed continuously. That is, in this example, CFE₁, Inserted code portion, CFE '₁, CFE₂, Inserted code portion, CFE '₂, CFE '₃, Inserted code portion, CFE '₄, CFE₃, CFE₄, ..., CFE_N, CFE '_MIs executed.
[0065]
If the unit 6 is present during execution of the protected software 2p, the corresponding basic function is executed in the unit 6 each time a basic command included in the first execution part 2pes of the protected software 2p requests. You should be careful. Thus, if unit 6 is present, this part will be executed correctly, and as a result, the protected software 2p will be fully functional.
[0066]
FIG. 64 shows an example of execution of the protected software 2p when the unit 6 does not exist. In this example, even if the basic command is executed at each time during the execution of the first execution part 2pes of the protected software 2p in the data processing system 3, since the unit 6 does not exist, the execution of the corresponding basic function is triggered. I can't. Therefore, the value to be substituted for the variable Z cannot be determined correctly.
[0067]
Therefore, if the unit 6 is not present, at least one request by the part of the first execution part 2pes of the protected software 2p, which seeks to trigger the execution of the basic function in the unit 6, cannot be correctly performed. Is not executed correctly, so that the protected software 2p does not function completely.
[0068]
The purpose of a protection process according to another advantageous characteristic of the invention is to implement a protection principle called << variable >>. This implementation will be described with reference to FIGS.
[0069]
In the implementation of the principle of protection by variables, at least one variable is selected in the source 2v of the variable software, the variable partially defining its state during the execution of the variable software 2v. The term "software state" refers to the set of information at a given point in time necessary for the complete execution of the software. Thus, the absence of the selected variable impairs the complete execution of the software. Also, at least one portion of the source 2vs of the valuable software that includes at least one selected variable is selected.
[0070]
Next, at least one selected portion of the source 2v of the valuable software is modified to obtain the source 2ps of the protected software. As a result of this change, during execution of the protected software 2p, at least one part of the first execution part 2pes executed in the data processing system 3 has at least one selected variable or at least one copy of the selected variable. Is present in the unit 6.
[0071]
FIG. 40 shows an execution example of the valuable software 2v. In this example, during execution of the valuable software 2v in the data processing system 3, the following is performed.
・ Time t₁, Data X is a variable V₁(V₁← X).
・ Time t₂In the variable V₁Is assigned to a variable Y (Y ← V₁).
・ Time t₃In the variable V₁Is assigned to the variable Z (Z ← V₁).
[0072]
FIG. 41 shows an example of a first embodiment of the implementation of the present invention, where the variables are in unit 6. In this example, if the unit 6 exists during the execution of the first execution part 2pes of the protected software 2p in the data processing system 3, the following is performed.
・ Time t₁, The variable v stored in the storage means 15 of the unit 6 from the data processing system 3₁A transfer command that triggers the transfer of data X to X is executed. This transfer command is output from OUT (v₁, X), and finally the data X is a variable v₁Is assigned to
・ Time t₂, The variable v present in unit 6₁Is assigned to the variable Y, a transfer command which triggers the transfer of this value to the data processing system 3 is executed. This transfer command is IN (v₁) And finally the variable v₁Is assigned to the variable Y.
・ Time t₃, The variable v present in unit 6₁Is assigned to the variable Z, a transfer command which triggers the transfer of this value to the data processing system 3 is executed. This transfer command is IN (v₁) And finally the variable v₁Is assigned to the variable Z.
[0073]
It should be noted that at least one variable is present in unit 6 during execution of protected software 2p. For this reason, if the part of the first execution part 2pes of the protected software 2p requests, if the unit 6 is present, this variable existing in the unit 6 is used for the first execution part 2pes of the protected software 2p. Is transferred to the data processing system 3. This allows this part to be executed correctly, so that the protected software 2p is fully functional.
[0074]
FIG. 42 shows an example of a second embodiment of the implementation of the present invention, where a copy of the variable resides in unit 6. In this example, if the unit 6 exists during the execution of the first execution part 2pes of the protected software 2p in the data processing system 3, the following is performed.
・ Time t₁, The data X is stored in the variable V₁Is assigned to In addition, the variable v stored in the storage unit 15 of the unit 6 is transmitted from the data processing system 3.₁A transfer command that triggers the transfer of data X to X is also executed. This transfer command is output from OUT (v₁, X).
・ Time t₂In the variable V₁Is assigned to the variable Y.
・ Time t₃, The variable v present in unit 6₁Is assigned to the variable Z, a transfer command which triggers the transfer of this value to the data processing system 3 is executed. This transfer command is IN (v₁).
[0075]
It should be noted that during execution of the protected software 2p, at least one of the copies of the variables is in unit 6. Therefore, when the first execution part 2pes of the protected software 2p requests, if the unit 6 is present, the variable existing in the unit 6 is used for the first execution part 2pes of the protected software 2p. The value of this copy is transferred to the data processing system 3. Thus, this part is executed correctly, and as a result, the protected software 2p is fully functional.
[0076]
FIG. 43 shows an execution example of the protected software 2p when the unit 6 does not exist. In this example, during execution of the first execution part 2pes of the protected software 2p in the data processing system 3, the following is performed.
・ Time t₁In the transfer command OUT (v₁, X), since the unit 6 does not exist, the variable v₁Transfer of data X cannot be triggered.
・ Time t₂In the transfer command IN (v₁), Since the unit 6 does not exist, the variable v to the data processing system 3₁Can not trigger the transfer of the value of.
・ Time t₃In the transfer command IN (v₁), Since the unit 6 does not exist, the variable v to the data processing system 3₁Can not trigger the transfer of the value of.
[0077]
Therefore, if unit 6 is not present, at least one part of the first execution part 2pes requesting the use of a variable or a copy of a variable present in unit 6 cannot be fulfilled correctly, so that at least this part Is not executed, and as a result, the protected software 2p does not function completely.
[0078]
In the data transfer between the data processing system 3 and the unit 6 shown in the above-described example, only a simple assignment is used, but the simple assignment is combined with another operation to obtain OUT (v₁, 2 * X + 3) or Z ← (5 * v₁+ V₂It should be noted that a person skilled in the art will know how to obtain complex operations such as
[0079]
The purpose of the protection process according to another advantageous characteristic of the invention is to implement a protection principle called << Detection and Enforcement >>. This implementation will be described with reference to FIGS.
[0080]
The implementation of the detection and enforcement protection principle defines the following:
At least one software execution characteristic that can be monitored at least partially in unit 6
At least one criterion to be followed for at least one software execution characteristic
A detection means 17 provided in the unit 6 which can detect that at least one software execution characteristic does not comply with at least one relevant criterion.
The enforcement means 18 provided in the unit 6 that can notify the data processing system 3 and / or change the software execution if at least one criterion is not adhered to
[0081]
In the implementation of the principle of protection by detection and enforcement, utilization means are also constructed which can convert the blank unit 60 into a unit 6 comprising at least the detection means 17 and the enforcement means 18.
[0082]
FIG. 70 illustrates the measures necessary to implement this protection principle by detection and enforcement. The unit 6 is equipped with a detecting means 17 and a forcing means 18 belonging to the processing means 16. If the standard has not been complied with, the forcing means 18 is notified by the detecting means 17 to that effect.
[0083]
More precisely, the detection means 17 uses information sent from the transfer means 13 and / or the storage means 15 and / or the processing means 16 to monitor one or more software execution characteristics. At least one criterion to be followed is set for each software execution characteristic.
[0084]
When detecting that at least one software execution characteristic does not comply with at least one criterion, the detecting unit 17 notifies the forcing unit 18 of the fact. The forcing means 18 is configured so that the state of the unit 6 can be changed by an appropriate method.
[0085]
In the implementation of the detection and enforcement protection principle, the following are also selected:
Select at least one software execution characteristic to be monitored from the software execution characteristics that can be monitored.
Select at least one criterion to be followed for at least one selected software execution characteristic.
Select at least one algorithmic process in which at least one software execution characteristic is monitored in the source 2v of the valuable software;
Select at least one portion of the valuable software source 2vs that includes at least one selected algorithmic operation.
[0086]
Next, at least one selected portion of the source 2v of the valuable software is modified to obtain the source 2ps of the protected software. As a result of this change, during execution of the protected software 2p, in particular, the following occurs.
Considering that at least one part of the first execution part 2pes executed in the data processing system 3 needs to monitor, at least in part, at least one selected software execution characteristic in the unit 6.
A second execution part 2peu executed in the unit 6 monitors at least in part the selected software execution characteristics.
[0087]
If the unit 6 is present during the execution of the protected software 2p protected by this protection principle by detection and enforcement, then:
As long as all of the changed parts of the protected software 2p comply with all the criteria corresponding to all monitored execution characteristics, the changed parts of the protected software 2p will work as nominal, thus the protected software 2p works nominally.
If at least one criterion corresponding to the monitored execution characteristic of the part of the protected software 2p has not been complied with, the data processing system 3 is notified accordingly and / or of the part of the protected software 2p The function is changed, and as a result, the function of the protected software 2p is changed.
[0088]
Naturally, if the unit 6 is not present, at least one request by the first execution part 2pes of the protected software 2p for use of the unit 6 cannot be performed correctly, so that at least this part is correctly executed. However, as a result, the protected software 2p does not function completely.
[0089]
In implementing the protection principle by detection and enforcement, two types of software execution characteristics are used preferentially.
[0090]
A first type of software execution characteristic corresponds to a measurement variable of software execution, and a second type of software execution characteristic corresponds to a software usage profile. These two types of properties can be used individually or in combination.
[0091]
The implementation of the detection and enforcement protection principle, which uses software execution measurement variables as execution characteristics, defines:
The storage means 15 can store at least one measurement variable used to quantify the use of at least one software function;
The detection means 17 can monitor at least one threshold value associated with each measurement variable
・ Activating means that can update each measurement variable according to the usage status of the function associated with the measurement variable
[0092]
In addition to the detecting means 17 and the forcing means 18, a utilization means having an enabling means is also constructed.
[0093]
Also, the following is selected in the source 2v of the valuable software.
-At least one function of the valuable software 2v that can monitor the usage status using the measurement variables.
At least one measurement variable used to quantify the use of this function
At least one threshold value associated with the measurement variable corresponding to the limit of use of this function
At least one way to update measurement variables according to the usage of this function
[0094]
Next, the source 2vs of the valuable software is modified to obtain the source 2ps of the protected software. As a result of this change, during execution of the protected software 2p, the second execution part 2peu performs the following.
・ Enable measurement variables according to the usage status of this function.
• Consider at least one threshold violation.
[0095]
That is, during execution of the protected software 2p, the measurement variable is updated in accordance with the use status of this function, and when the threshold value is exceeded, the detection unit 17 notifies the forcing unit 18 of the update. The forcing unit 18 appropriately determines whether to notify the data processing system 3 and / or change the processing executed by the processing unit 16. When changing, the function of the part of the protected software 2p is changed, and as a result, the function of the protected software 2p is changed.
[0096]
In the implementation of the first preferred variant of the principle of detection and enforcement protection using measurement variables as properties, the following is defined.
· Several relevant thresholds for at least one measurement variable
・ Various forcing means corresponding to each of these thresholds
[0097]
Also, the following is selected in the source 2v of the valuable software.
At least one measurement variable that is used to quantify the usage of at least one function of the software and needs to be associated with multiple thresholds corresponding to different usage limits of this function
At least two thresholds associated with the measurement variable
[0098]
Next, the source 2vs of the valuable software is modified to obtain the source 2ps of the protected software. As a result of this change, during execution of the protected software 2p, the second execution part 2peu performs the following.
・ Enable measurement variables according to the usage status of this function.
• Consider various threshold crossings individually.
[0099]
That is, in general, when the first threshold value is exceeded during execution of the protected software 2p, the unit 6 notifies the data processing system 3 of the fact, and the data processing system 3 gives the protected software 2p this function. Order not to use. If the protected software 2p continues to use this function, the second threshold may be exceeded. If the second threshold is exceeded, the enforcement means 18 can disable the selected function and / or the protected software 2p.
[0100]
In an implementation of the second preferred variant of the protection by detection and enforcement principle, which uses the measurement variable as a characteristic, at least one additional use of at least one software function monitored by the measurement variable can be permitted. Means are defined.
[0101]
In addition, a utilization means including a replenishing means in addition to the detecting means 17, the forcing means 18, and the enabling means is constructed.
[0102]
In addition, in the source 2v of the valuable software, at least one measurement variable is selected that is used to limit the use of at least one function of the software, which must be allowed at least one additional use.
[0103]
Next, the source 2vs of the valuable software is modified to obtain the source 2ps of the protected software. As a result of this change, it is possible to allow at least one additional use of at least one function corresponding to the selected measurement variable in a phase called replenishment.
[0104]
In order to allow at least one additional use of the corresponding function, at least one selected measurement variable and / or at least one relevant threshold value is re-enabled in the replenishment phase. That is, in the supplement phase, additional use of at least one function of the protected software 2p can be recognized.
[0105]
Implementation of the detection and enforcement protection principle using a software usage profile as a characteristic defines at least one software execution feature as a criterion to be followed for this usage profile.
[0106]
The following is also selected in the source 2v of the valuable software.
At least one usage profile to be monitored
At least one performance feature that at least one selected usage profile must adhere to
[0107]
Next, the source 2vs of the valuable software is modified to obtain the source 2ps of the protected software. As a result of this change, during execution of the protected software 2p, the second execution part 2peu follows all selected execution features. That is, the unit 6 itself monitors the manner in which the second execution part 2peu is executed, and, if at least one execution feature is not observed, notifies the data processing system 3 to that effect, and / or The function of the protected software 2p can be changed.
[0108]
If the unit 6 is present during execution of the protected software 2p protected by this principle, the following occurs.
-The protected software 2p functions nominally, since the changed part of the protected software 2p functions nominally as long as all the execution features of all the changed parts of the protected software 2p are observed.
If at least one execution characteristic of a part of the protected software 2p is not adhered to, the data processing system 3 is informed accordingly and / or the function of that part of the protected software 2p is changed, so that , The function of the protected software 2p is changed.
[0109]
Monitoring of various execution characteristics can be considered. For example, it is possible to monitor the presence or absence of an instruction including a marker and the execution chain of at least one part of the instruction.
[0110]
The implementation of the protection principle by detection and enforcement, which uses monitoring of the execution chain of at least one part of the instruction as an execution feature to be adhered to, defines:
An instruction set containing instructions that can be executed by the unit 6
• Instruction command set for this instruction set. This command can be executed by the data processing system 3. Execution of each of these command commands in data processing system 3 triggers execution of the corresponding command in unit 6.
Detection means 17 capable of detecting that the instruction chain is not what is expected
If the instruction chain is not the expected one, notify the data processing system 3 to that effect and / or force the software execution to change
[0111]
Further, utilization means for enabling the unit 6 to execute the instructions of the instruction set is also constructed. Execution of this instruction is triggered by execution of the instruction command in the data processing system 3.
[0112]
In addition, at the source 2v of the valuable software, at least one algorithmic process which must be processed remotely in the unit 6 and which needs to monitor the chain of at least one part of the instructions is also selected.
[0113]
Next, the source 2vs of the valuable software is modified to obtain the source 2ps of the valuable software. As a result of this change, the following processing is performed during execution of the protected software 2p.
The second execution part 2peu performs at least the function of the selected algorithm processing.
-The selected algorithm process is divided into multiple instructions.
A chain is specified that at least some instructions must adhere to during execution in unit 6;
The first execution part 2pes of the protected software 2p executes an instruction command which triggers the execution of the instruction in the unit 6;
[0114]
According to this principle, if the unit 6 is present during execution of the protected software 2p, the following is performed.
-As long as the instruction chain of all the changed parts of the protected software 2p executed in the unit 6 is as expected, the protected parts of the protected software 2p function as nominal, so that the protected software 2p Works as nominal.
If the instruction chain of the part of the protected software 2p executed in the unit 6 is not the expected one, the data processing system 3 is notified to that effect and / or the function of that part of the protected software 2p is As a result, the function of the protected software 2p is changed.
[0115]
FIG. 71 shows an example where the expected chain is observed in the implementation of the protection principle by detection and enforcement, which utilizes the monitoring of the execution chain of at least one part of the instruction as an execution feature to be adhered to. I have.
[0116]
The first execution part 2pes of the protected software 2p executed by the data processing system 3 includes, in the unit 6, an instruction i belonging to an instruction set._iCommand CI that triggers the execution of_iExecute In this instruction set, at least some of the instructions each include a part that defines the function of the instruction and a part that can confirm that the execution chain of the instruction is expected. In this example, the command CI_iIs TRIG (i_i), And the expected chain of instruction execution is i_n, I_{n + 1}, And i_{n + 2}It is. Instruction i in unit 6_nTo produce the result a, and the instruction i_{n + 1}And the result b is obtained. order_{n + 2}Then, the instruction i_nAnd i_{n + 1}Are used as operands. order_{n + 2}Is c.
[0117]
Since this instruction chain executed in the unit 6 is the expected one, the protected software 2p comes to function normally, that is to say as nominal.
[0118]
FIG. 72 shows an example of an implementation of the protection principle by detection and enforcement that utilizes monitoring of the execution chain of at least one part of the instruction as an execution feature to be observed, where the expected chain is not observed. .
[0119]
Also in this example, the expected chain of instruction execution is i_n, I_{n + 1}, And i_{n + 2}It is. However, the instruction i_nTo the instruction i '_nReplaces the execution chain, so the actual execution chain is i ′_n, I_{n + 1}, And i_{n + 2}Becomes Instruction i '_nIs executed, the result a, that is, the instruction i_nHas the same effect as running However, the instruction i '_nIs the instruction i_{n + 2}Is not an expected instruction for generating a result a used as an operand of_{n + 2}Detect while executing. The detecting means 17 notifies the forcing means 18 to that effect._{n + 2}Change the function of. With this change, the instruction i_{n + 2}May be different from c. Naturally, the instruction i '_nIs the instruction i_nIf the result a differs from the result a, the instruction i_{n + 2}It is clear that the result of can also be different from c.
[0120]
Therefore, the function of the protected software 2p can be changed unless the execution chain of the instruction executed by the unit 6 is expected.
[0121]
FIGS. 73 and 74 illustrate a preferred variant of the protection by detection and enforcement principle, which utilizes the monitoring of the execution chain of at least one part of the instruction as an execution feature to be adhered to. In this preferred variant, an instruction set is defined that includes at least some instructions that work with registers and use at least one operand for the purpose of returning a result.
[0122]
As shown in FIG. 73, for at least some of the instructions that work with the registers, a part PF that defines the function of the instruction and a part PE that defines the expected chain of instruction execution are defined. The part PF corresponds to an operation code known to those skilled in the art. The partial PE defining the expected chain includes the following bit fields.
・ Instruction identification field CII
For each operand k of the instruction, the following fields (k ranges from 1 to K, where K indicates the number of operands of the instruction)
A flag field CD indicating whether it is appropriate to check the origin of the operand k_k
The expected identity field CIP of the operand, indicating the expected identity of the instruction which generated the content of the operand k_k
[0123]
As shown in FIG. 74, the instruction set includes V registers belonging to the processing means 16. Each register has R_v(V ranges from 1 to V). Each register R_v, The following two fields are defined:
A function field CF, known to those skilled in the art, capable of storing the execution result of the instruction_v
-Function field CF_vGeneration identification field CIG that can store the identity of the instruction that generated the contents of_v. This generation identification field CIG_vIs the function field CF_vIs automatically updated with the contents of the instruction identification field CII that generated the. This generation identification field CIG_vCannot be accessed or changed by an instruction, and is used only by the detecting means 17.
[0124]
During execution of the instruction, the detecting means 17 performs the following processing for each operand k.
・ Flag field CD_kRead.
・ Flag field CD_kRequest, the expected identification field CIP corresponding to the register used in operand k_kAnd generation identification field CIG_vRead both.
・ Two fields CIP_kAnd CIG_vCheck if are equal.
If not equal, the detecting means 17 considers that the execution chain of the instruction is not observed.
[0125]
When the detection unit 17 is notified that the instruction chain is not adhered to, the forcing unit 18 can change the instruction result. Changing the function part PF of the currently executing instruction or the function part PF of the following instruction implements the preferred embodiment.
[0126]
The purpose of a protection process according to another advantageous characteristic of the invention is to implement a protection principle called << Rename >>. This implementation will be described with reference to FIGS.
[0127]
The implementation of the rename protection principle defines the following:
• Dependent function set. The dependent functions included in the dependent function set can be executed by the second execution part 2peu in the unit 6, and in some cases, data can be transferred between the data processing system 3 and the unit 6. This set of dependent functions may be finite or infinite.
• Trigger command set for this dependent function. This trigger command is executed in the data processing system 3 and can trigger the execution of the corresponding dependent function in the unit 6.
The order of each trigger command, which at least partially corresponds to the information transferred by the first execution part 2pes to the second execution part 2peu in order to trigger the execution of the corresponding dependent function. This order has the form of at least one argument of the trigger command.
An order renaming method used during the change of the valuable software 2v. In this way, the order can be renamed to obtain a trigger command with the renamed order, which can hide the identity of the corresponding dependent function.
A restoring means 20 which can restore the original order from the renamed order in order to restore the dependent function used and executed in the unit 6 in the use phase.
[0128]
In the implementation of the protection principle by renaming, a utilization means capable of converting the blank unit 60 into a unit 6 including at least the detection means 17 and the forcing means 18 is also constructed.
[0129]
In the implementation of the principle of protection by renaming, the following is also selected in the source 2vs of the valuable software.
At least one algorithmic process that uses at least one operand and returns at least one result
At least one portion of the source 2vs of the valuable software, including at least one selected algorithmic process
[0130]
Next, the source 2vs of the valuable software is modified to obtain the source 2ps of the protected software. As a result of this change, in particular:
During the execution of the protected software 2p, at least one part of the first execution part 2pes executed in the data processing system 3 takes into account that at least one selected algorithm processing function is executed in the unit 6. .
During the execution of the protected software 2p, the second execution part 2peu executed in the unit 6 performs at least one function of the selected algorithm processing.
During the execution of the protected software 2p, each selected algorithmic process is split to be executed by the second execution part 2peu using the dependent function. Each selected algorithm process has the following dependent function fd_n(The range of n is preferably 1 to N).
One or more dependent functions, which may leave the handling of one or more operands to unit 6 (optional)
-Dependent functions, some of which use operands and which, when combined, perform the function of the selected algorithmic operation using this operand;
One or more dependent functions (optional) allowing unit 6 to delegate to data processing system 3 the handling of the results of the selected algorithmic processing.
During the execution of the protected software 2p, the second execution part 2peu changes the dependent function fd._nExecute
-During execution of the protected software 2p, the dependent function is triggered by a trigger command having the renamed order.
-The sequence of the trigger command is selected from a series of sequences enabling execution of the protected software 2p.
[0131]
The first execution part 2pes of the protected software 2p executed in the data processing system 3 executes a trigger command having the renamed order. This command transfers the renamed order to the unit 6 and triggers the restoration of that order by the restoring means 20 in the unit 6, and then each previously defined dependent function fd by the second execution part 2peu_nTriggers the execution of
[0132]
That is, the principle of protection by rename is implemented by renaming the order of the trigger command in order to obtain the trigger command with the renamed order. Execution of the trigger command with the renamed order in the data processing system 3 triggers the execution of the dependent function in the unit 6. This dependent function is a dependent function that would have been triggered by a trigger command having an order that has not been renamed, but examining the protected software 2p does not identify the identity of the dependent function to be executed.
[0133]
FIG. 80 illustrates an example of execution of the valuable software 2v. In this example, the calculation Z ← F (X, Y) is executed at a predetermined time during the execution of the valuable software 2v in the data processing system 3. This calculation is equivalent to substituting the result of the algorithm processing represented by the function F using the operands X and Y into the variable Z.
[0134]
81 and 82 show implementation examples of the present invention.
[0135]
FIG. 81 shows a partial implementation of the present invention. In this example, if the unit 6 exists during the execution of the first execution part 2pes of the protected software 2p in the data processing system 3, the following is performed.
・ Time t₁, T₂In the trigger command CD₁, CD₂Is executed. This command uses the corresponding dependent function fd by the second execution part 2peu₁, Fd₂Is triggered in unit 6. This dependent function transfers the data X, Y from the data processing system 3 to the storage zones x, y arranged in the storage means 15 of the unit 6, respectively. This trigger command CD₁, CD₂Are represented as OUT (x, X) and OUT (y, Y), respectively.
・ Time t₃~ T_N-1In the trigger command CD₃~ CD_N-1Is executed. This command uses the corresponding dependent function fd by the second execution part 2peu₃~ Fd_N-1Is triggered in unit 6. This trigger command CD₃~ CD_N-1Are TRIG (fd₃) -TRIG (fd_N-1). A series of dependent functions fd executed in combination₃~ Fd_N-1Is the same as the function F. More precisely, when this trigger command is executed, the dependent function fd which uses the contents of the storage zones x and y and returns a result to the storage zone z of the unit 6₃~ Fd_N-1Is executed in the unit 6.
・ Time t_NIn the trigger command CD_NIs executed. This command uses the dependent function fd by the second execution part 2peu._NIs triggered in unit 6. This function transfers the result of the algorithm processing contained in the storage zone z of the unit 6 to the data processing system 3 in order to substitute the result into the variable Z. This command is represented as IN (z).
[0136]
In this example, in order to fully implement the present invention, the first argument of the trigger command OUT and the arguments of the trigger commands TRIG and IN are selected as an order. The order selected in this way is renamed by the order rename method. In this method, R (x), R (y), R (fd₃). . . , R (fd_N-1) And R (z), respectively, to obtain the trigger command CD₁~ CD_N-1Order (x, y, fd₃, Fd_N-1, Z) are renamed.
[0137]
FIG. 82 shows a complete implementation of the present invention. In this example, if the unit 6 exists during the execution of the first execution part 2pes of the protected software 2p in the data processing system 3, the following is performed.
・ Time t₁, T₂Trigger command CDCR with renamed order₁, CDCR₂Is executed. This command transfers the renamed orders R (x), R (y) and data X, Y to the unit 6. Thereby, the restoration of the renamed order by the restoration means 20 is triggered in the unit 6, and the order (identities of the storage zones x, y) is restored. Next, the dependent function fd corresponding to the second execution part 2peu₁, Fd₂Is executed. This dependent function transfers the data X, Y from the data processing system 3 to the storage zones x, y arranged in the storage means 15 of the unit 6, respectively. This trigger command CDCR with the renamed order₁, CDCR₂Are represented as OUT (R (x), X) and OUT (R (y), Y), respectively.
・ Time t₃~ T_N-1Trigger command CDCR with renamed order₃~ CDCR_N-1Is executed. This command returns the renamed order R (fd₃) To R (fd_N-1) To the unit 6. As a result, the order (fd₃~ Fd_N-1) Is triggered in unit 6. Next, the dependent function fd is obtained by the second execution part 2peu.₃~ Fd_N-1Is executed. This trigger command CDCR with the renamed order₃~ CDCR_N-1Are TRIG (R (fd₃)) To TRIG (R (fd_N-1)).
・ Time t_NTrigger command CDCR with renamed order_NIs executed. This command transfers the renamed order R (z) to the unit 6. Thereby, the restoration of the order (identity of the storage zone z) by the restoration means 20 is triggered in the unit 6. Next, the dependent function fd is obtained by the second execution part 2peu._NIs executed. This dependent function transfers the result of the algorithm processing contained in the storage zone z of the unit 6 to the data processing system 3 in order to substitute the result into the variable Z. This trigger command CDCR with the renamed order_NIs represented as IN (R (z)).
[0138]
In this example, trigger commands 1 to N having the renamed order are executed successively. However, it should be noted that the following two improvements can be made.
The first improvement concerns the case where a plurality of algorithm processes are remotely processed in the unit 6 and at least the result of one algorithm process is used in another algorithm process. In such a case, a part of the trigger command having the renamed order used for the transfer can be deleted.
The purpose of the second improvement is to select an appropriate sequence of trigger commands with the renamed order from a series that allows the execution of the protected software 2p. In this regard, it is desirable to select a sequence of trigger commands that has a renamed order that temporarily isolates the execution of the dependent function. To separate, insert between the trigger commands a portion of the code that includes (or does not include) the trigger command with the renamed order used in the data processing system 3 to determine another data. . Figures 83 and 84 illustrate the principles of such an embodiment.
[0139]
FIG. 83 illustrates an example of execution of the valuable software 2v. In this example, during execution of the valuable software 2v, two algorithm processes are executed in the data processing system 3 to determine Z and Z '. This processing is represented by Z ← F (X, Y) and Z ′ ← F ′ (X ′, Y ′).
[0140]
FIG. 84 shows an example of an implementation of the process according to the invention in which the two algorithmic operations selected in FIG. In this example, during execution of the first execution part 2pes of the protected software 2p in the data processing system 3, if the unit 6 is present, as described above, the trigger command CDCR having the renamed order is used.₁~ CDCR_NIs equivalent to determining Z and the trigger command CDCR 'with the renamed order₁~ CDCR '_MIs equivalent to determining Z ′. As shown in the figure, the trigger command CDCR 'having the renamed order₁~ CDCR '_MCommand with the renamed order, CDCR₁~ CDCR_NIs not executed continuously. That is, in this example, the CDCR₁, Inserted code portion, CDCR '₁, CDCR₂, Inserted code portion, CDCR '₂, CDCR '₃, Inserted code portion, CDCR '₄, CDCR₃, CDCR₄, ..., CDCR_N, CDCR '_MIs executed.
[0141]
Note the following: That is, during the execution of the first execution part 2pes part of the protected software 2p, the trigger command with the renamed order executed in the data processing system 3 triggers in the unit 6 the restoration of the identity of the corresponding dependent function. And then trigger execution of this dependent function. Thus, if unit 6 is present, this part will be executed correctly, and as a result, the protected software 2p will be fully functional.
[0142]
FIG. 85 shows an execution trial example of the protected software 2p when the unit 6 does not exist. In this example, during execution of the first execution part 2pes of the protected software 2p in the data processing system 3, even if a trigger command having a renamed order is executed at each time, since the unit 6 does not exist, the order is restored. Nor can the execution of the corresponding dependent function be triggered. Therefore, the value to be substituted for the variable Z cannot be determined correctly.
[0143]
Therefore, if the unit 6 is not present, at least one request by the first execution part 2pes of the protected software 2p for retrieving the order and triggering execution of the dependent function in the unit 6 cannot be correctly performed. , At least this part is not executed correctly, so that the protected software 2p does not function completely.
[0144]
With this protection principle by renaming, examining the triggered command with the renamed order in the protected software 2p does not identify the identity of the dependent function that needs to be executed in unit 6. It should be noted that order renaming is performed when changing the valuable software 2v to the protected software 2p.
[0145]
A variant of the rename protection principle defines for at least one dependent function a set of dependent functions that are the same in terms of algorithm, but are triggered by different trigger commands with renamed orders. In this variant, at least one algorithmic operation using the dependent function is split into the dependent functions. Rather than the same dependent function appearing multiple times, at least one of these dependent functions is replaced by the same group of dependent functions. To accomplish this, the trigger command with the renamed order is modified to allow for the replacement of the dependent function with the same group of dependent functions. That is, two dependent functions of the same group have different orders and consequently have different trigger commands with the renamed orders. Further, even if the protected software 2p is examined, it cannot be found that the algorithm of the called dependent function is the same.
[0146]
In a first preferred variant of the principle of protection by rename, for at least one dependent function, a group of dependent functions whose algorithm is the same is defined. This definition is performed by concatenating information defining the functional part of the dependent function executed in the unit 6 with the noise field.
[0147]
In a second preferred variant of the principle of protection by rename, for at least one dependent function, the use of an identification field defines a set of dependent functions whose algorithm is the same.
[0148]
In a preferred variant of the principle of protection by renaming, an order renaming method defines an encryption method by which an order can be encrypted and converted into a renamed order. It must be remembered that order renaming is performed in the protection phase P. In this preferred variant, the reconstructing means 20 are means for implementing a decoding method which can decode the renamed order and restore the identity of the dependent function performed in the unit 6. This restoring means is implemented in the unit 6 and can have software or hardware properties. This restoring means 20 is required in the use phase U each time a trigger command with the renamed order is executed in the data processing system 3 in order to trigger the execution of the dependent function in the unit 6.
[0149]
The purpose of the protection process according to another advantageous characteristic of the invention is to implement a protection principle called << conditional branch >>. This implementation will be described with reference to FIGS.
[0150]
In the implementation of the protection principle by conditional branch, at least one conditional branch BC is selected in the source 2 vs. of the valuable software. Also, at least one portion of the source 2vs of the valuable software including at least one selected conditional branch BC is selected.
[0151]
Next, at least one selected portion of the source 2v of the valuable software is modified to obtain the source 2ps of the protected software. As a result of this change, during execution of the protected software 2p, in particular, the following occurs.
The at least one part of the first execution part 2pes executed in the data processing system 3 takes into account that the function of the at least one selected conditional branch BC is executed in the unit 6;
The second execution part 2peu executed in the unit 6 performs at least the function of the at least one selected conditional branch BC and the information enabling the first execution part 2pes to continue execution at the selected spot; The handling is left to the data processing system (3).
[0152]
The first execution part 2pes of the protected software 2p executed in the data processing system 3 executes the conditional branch command. This command triggers in unit 6 the execution of the remotely processed conditional branch bc by the second execution part 2peu. The function of this conditional branch is the same as the function of the selected conditional branch BC.
[0153]
FIG. 90 shows an execution example of the valuable software 2v. In this example, during execution of the valuable software 2v in the data processing system 3, a spot where execution of the valuable software 2v is continued at a specific time, that is, three spots B₁, B₂Or B₃Is specified by the conditional branch BC to the valuable software 2v. That is, the conditional branch BC is₁, B₂Or B₃To determine where the software execution should continue.
[0154]
FIG. 91 shows an implementation of the present invention where the conditional branch selected for remote processing in unit 6 is a conditional branch BC. In this example, if the unit 6 exists during the execution of the first execution part 2pes of the protected software 2p in the data processing system 3, the following is performed.
・ Time t₁In the conditional branch command CBC₁Is executed. This command triggers the execution in the unit 6 by the second execution part 2peu of the remotely processed conditional branch bc, which is the same in terms of algorithm as the conditional branch BC. This conditional branch command CBC₁Is represented as TRIG (bc).
・ Time t₂, The spot where the first execution part 2pes is selected, ie, B₁, B₂Or B₃Is transmitted from the unit 6 to the data processing system 3 so that execution can be continued.
[0155]
Note the following: That is, during the execution of the first execution part 2pes portion of the protected software 2p, the conditional branch command executed in the data processing system 3 triggers the execution of the corresponding remotely processed conditional branch in the unit 6. Thus, if unit 6 is present, this part will be executed correctly, and as a result, the protected software 2p will be fully functional.
[0156]
FIG. 92 shows an example of an execution trial of the protected software 2p when the unit 6 does not exist. In this example, during execution of the first execution part 2pes of the protected software 2p in the data processing system 3, the following is performed.
・ Time t₁In the conditional branch command CBC₁Does not trigger the execution of the remotely processed conditional branch bc because the unit 6 does not exist.
・ Time t₂Since the unit 6 does not exist, the transfer of information that allows the first execution part 2pes to continue execution at the selected spot fails.
[0157]
For this reason, if unit 6 is not present, at least one request by the part of the first execution part 2pes for triggering the execution of the remotely processed conditional branch in unit 6 cannot be performed correctly, so at least this part Is not executed correctly, so that the protected software 2p does not function completely.
[0158]
In the preceding description with reference to FIGS. 90-92, it is the object of the subject of the present invention that the conditional branch be processed remotely in unit 6. Of course, the preferred embodiment of the present invention can be implemented if the unit 6 remotely processes conditional branch sequences having overall functions corresponding to all functions of the remotely processed conditional branches. By executing the entire function of the remotely processed conditional branch sequence, the data processing system 3 leaves the handling of information that enables the first execution part 2pes of the protected software 2p to continue execution at the selected spot. be able to.
[0159]
In the preceding description with reference to FIGS. 40-92, five different software protection principles have been shown as being independent of one another. The protection process according to the invention is implemented using the principle of protection by elementary functions and possibly combining this principle with one or more further protection principles. If the principle of protection by elementary functions is complemented by implementing at least one other principle of protection, the principle of protection by elementary functions is protected by variables and / or by detection and enforcement and / or renamed. And / or by the conditional branching protection principle.
[0160]
Also, when implementing the protection principle by detection and enforcement, this protection principle can be supplemented by the protection principle by rename and / or the protection principle by conditional branching.
[0161]
Also, when implementing the protection principle by the rename, this protection principle can be complemented by the protection principle by the conditional branch.
[0162]
In a preferred variant, the principle of protection by elementary functions is complemented by the principle of protection by variables, the principle of protection by variables is complemented by the principle of protection by detection and enforcement, the principle of protection by detection and enforcement is complemented by the principle of protection by renames, The principle of protection by rename is complemented by the principle of protection by conditional branching.
[0163]
If another protection principle is applied to supplement the protection principle by the basic function, the following changes need to be made to the above explanation in consideration of the implementation combining protection principles.
-The word "balnable software" needs to be understood in the sense of software that is vulnerable in the context of the protection principles described above. Thus, where the protection principle has already been applied to the valuable software, the expression "barnable software" must be understood in the sense of "software protected by the protection principle already applied".
-The term protected software needs to be understood in the sense of software that is protected in the context of the protection principles described above. Therefore, if the protection principle has already been applied, the expression "protected software" must be understood in the sense of "new version of the protected software".
-Also, when choosing to implement the protection principle described above, it is necessary to consider the choice of implementing the protection principle that has already been applied.
[0164]
In the following description, the implementation of the protection process according to the invention will be more clearly understood. This protection process according to the invention more precisely consists of the following, as shown in FIG.
First, the protection phase P in which the varnable software 2v is changed to become the protected software 2p
Next, a use phase U in which the protected software 2p is used. In this use phase U, the following is performed.
-If a unit 6 is present, each time the part of the first execution part 2pes in the data processing system 3 requests, the requested function is executed in the unit 6, so that this part is executed correctly and as a result The protection software 2p is fully functional.
If the unit 6 is not present, even if there is a request by the part of the first execution part 2pes for execution of the function in the unit 6, this request cannot be fulfilled correctly, so at least this part will not be executed correctly, and , The protected software 2p does not function completely.
• Replenishment phase R, if applicable. In this replenishment phase R, at least one additional use of the functions protected by the implementation of the second preferred variant of the protection by detection and enforcement principle, which uses measured variables as characteristics, is permitted.
[0165]
The protection phase P consists of two protection sub-phases P₁And P₂Can be divided into The first protection subphase is the preceding protection subphase P₁And does not depend on the balunable software 2v to be protected. The second protection subphase is a subsequent protection subphase P₂And depends on the balunable software 2v to be protected. Early protection sub-phase P₁And subsequent protection subphase P₂Can be conveniently performed by two different persons or two different teams. For example, one person or one company developing a software protection system may have a prior protection subphase P₁And a person or company that develops software that requires protection may require a subsequent protection subphase P₂Can be performed. Naturally, the advance protection subphase P₁And subsequent protection subphase P₂Can be performed by the same person or team.
[0166]
Early protection sub-phase P₁Has several stages S₁₁, ..., S_1iConsists of Various tasks and jobs are executed for each stage.
[0167]
This advanced protection subphase P₁The first step is “definition step S₁₁". This definition stage S₁₁Then, the following is performed.
・ The following are selected.
The type of unit 6; As an illustrative example, a unit 6, a chip card reader 8, and a chip card 7 associated with the reader may be selected.
Transfer means 12,13; This transfer means is provided in each of the data processing system 3 and the unit 6 in the use phase U, and transfers data between the data processing system 3 and the unit 6.
If the protection process according to the invention implements the protection principle by elementary functions, the following is also defined:
A basic function set including basic functions that can be executed in unit 6
A basic command set for this basic function set. This basic command is executed in the data processing system 3 and can trigger the execution of the basic function in the unit 6.
If the protection process according to the invention implements the detection and enforcement protection principle, the following is also defined:
At least one software execution characteristic that can be monitored at least partially by the unit 6;
-At least one criterion to be followed for at least one software execution characteristic;
Detection means 17 mounted on the unit 6 and capable of detecting that at least one software execution characteristic does not comply with at least one relevant criterion
An enforcement means 18 implemented in the unit 6 for notifying the data processing system 3 if at least one criterion is not observed and / or changing the execution of the software.
If the protection process according to the invention implements the detection and enforcement protection principle, which uses software-executed measurement variables as characteristics, the following is also defined:
− Measurement variables of the use of software functions as software execution characteristics that can be monitored;
-At least one threshold value associated with each measurement variable, as a criterion to be followed
An enabling means by which at least one measurement variable can be updated
If the protection process according to the invention implements the first preferred variant of the detection and enforcement protection principle, which uses software-executed measurement variables as properties, the following is also defined:
-Multiple relevant threshold values for at least one measurement variable
-Various enforcement measures corresponding to each of these thresholds;
If the protection process according to the invention implements a second preferred variant of the detection and enforcement protection principle, which uses a software-executed measurement variable as a characteristic, at least one additional use is monitored by the measurement variable A supplementary means that can be added to at least one software function to be performed is also defined.
If the protection process according to the invention implements the detection and enforcement protection principle using a software usage profile as a characteristic, the following is also defined:
-Software usage profiles as software execution characteristics that can be monitored;
-At least one characteristic of software execution as a standard to be followed;
If the protection process according to the present invention implements the detection and enforcement protection principle using execution chain monitoring as the execution feature to be adhered to, the following is also defined:
An instruction set comprising instructions that can be executed in the unit 6
The instruction command set for this instruction set. This instruction command is executed in the data processing system 3 and can trigger the execution of the instruction in the unit 6.
-Instruction chains as usage profiles.
The expected chain of instruction execution as an execution feature;
Detection means 17 which can detect that the instruction chain is not what is expected;
If the instruction chain is not the expected one, notify the data processing system 3 to that effect and / or change the function of the part of the protected software 2p;
If the protection process according to the invention implements a preferred variant of the protection by detection and enforcement principle using execution chain monitoring as the execution feature to be adhered to, the following is also defined:
An instruction set comprising at least part of an instruction that works with a register and uses at least one operand to return a result;
For at least some of the instructions that work with registers, the following are defined:
> Part PF that defines the function of the instruction
> The part that defines the expected chain of instruction execution and includes the following bit fields:
◇ Instruction identification field CII
· The following fields for each operand of the instruction
* Flag field CD_k
* Expected identification field CIP of operand_k
A generation identification field CIG for each register mounted on the exploitation means and used in the instruction set;_v. This field automatically stores the identity of the last instruction that returned a result in this register.
During execution of the instruction, for each operand, a flag field CD_kRequest the generation identification field CIG corresponding to the register used in this operand._vIs the expected identification field CIP of the origin of this operand_kDetecting means 17 capable of checking whether or not equal to
An enforcement means 18 which can change the result of the instruction if at least one checked equivalence is false.
If the protection process according to the invention implements the protection principle by rename, the following is also defined:
A basic or command command as a trigger command
-Basic functions or instructions as dependent functions;
At least one argument (as an order) of a trigger command, which at least partially corresponds to the information transferred by the data processing system 3 to the unit 6 to trigger the execution of the corresponding dependent function.
-An order renaming method, in which the order can be renamed to obtain a trigger command with the renamed order;
Restoration means 20 used in unit 6 in use phase U and capable of restoring the dependent function to be executed from the renamed order
If the protection process according to the invention implements a variant of the protection principle by rename, for at least one dependent function, the dependent functions that are the same in terms of algorithm but whose renamed order is triggered by a different trigger command are also Defined.
If the protection process according to the invention implements one of the preferred embodiments of the variant of the protection principle by rename, for at least one of the dependent functions, the set of dependent functions whose algorithm is the same is also defined by:
By concatenating the noise field with information defining the functional part of the dependent function to be performed in unit 6
Or the instruction identification field CII and the expected identification field CIP of the operand_kBy using
If the protection process according to the invention implements a preferred variant of the protection principle by rename, the following is also defined:
-An encryption method for encrypting the order, as an order rename method.
Restoration means 20 implementing a decoding method for decoding the renamed order and restoring the identity of the dependent function to be performed in unit 6
[0168]
Early protection sub-phase P₁In the definition stage S₁₁Followed by "Construction stage S₁₂Followed by a stage called "". This construction stage S₁₂, The transfer means 12, 13 are constructed and, if appropriate,₁₁Utilization means corresponding to the definition of are also constructed.
[0169]
Therefore, this construction stage S₁₂The following is performed in.
Transfer means 12, 13 capable of transferring data between the data processing system 3 and the unit 6 in the use phase U are constructed.
A utilization means is built which also enables the execution of the basic functions of the basic function set by the unit 6 in the use phase U.
• If the principle of protection by detection and enforcement is also implemented, the following will be established.
-Utilization means that also enable the unit 6 to implement the detection means 17 and the forcing means 18 in the use phase U
-Utilization means (if applicable) that also enable the implementation of the activation means by the unit 6 in the use phase U
-Utilization means (possible) that also allow the implementation of replenishment measures by the unit 6 in the use phase U
Exploitation means (possible) which also enable the execution of the instructions of the instruction set by the unit 6 in the use phase U;
In the case where the principle of protection by rename is also implemented, a utilization means is constructed which enables the unit 6 to implement the restoration means in the use phase U.
[0170]
The construction of the utilization means is usually performed by the program development unit, and the definition step S₁₁The intervened definition is taken into account. Such a unit will be described with reference to FIG.
[0171]
Early protection sub-phase P₁In the construction stage S₁₂Followed by “Pre-customization stage S_Thirteen"May follow. This pre-customization stage S_ThirteenAt, at least a portion of the transfer means 13 and / or the utilization means are uploaded to at least one blank unit 60 to obtain at least one pre-customized unit 66. It should be noted that once a portion of the leverage has been transferred to the pre-customized unit 66, that portion cannot be directly accessed from outside of the pre-customized unit 66. The transfer of the utilization means to the blank unit 60 can be performed by a suitable pre-customization unit. The pre-customization unit will be described with reference to FIG. If the pre-customized unit 66 consists of the chip card 7 and its reader 8, the pre-customization involves only the chip card 7.
[0172]
Early protection sub-phase P₁In the definition stage S₁₁After, and possibly in the construction phase S₁₂After the “Tool creation stage S₁₄"May follow. This tool creation stage S₁₄In, tools are created that enable the creation of protected software and automate software protection. With such tools, you can:
-In the balunable software 2v to be protected, assist the following selection or make the following selection automatically.
An algorithmic process which can be divided into steps which can be processed remotely by the unit 6
-Parts that can be changed;
-Variables that can be processed remotely by unit 6 (if the principle of protection by variables is also implemented)
The execution characteristics to be monitored and, in some cases, algorithmic processing that can be broken up into instructions that can be processed remotely in the unit 6 (if the principle of protection by detection and enforcement is also implemented)
Algorithmic processing that can be divided into dependent functions that can be processed remotely in the unit 6 and that the order of trigger commands can be renamed (if the principle of protection by rename is also implemented)
A conditional branch with a function that can be remotely processed by the unit 6 (when the principle of protection by the conditional branch is also implemented)
• In some cases, assist in generating protected software or automate software protection.
[0173]
These various tools can be executed individually or in combination. Each tool can take various forms, such as a preprocessor, assembler, compiler, and the like.
[0174]
Early protection sub-phase P₁Followed by a subsequent protection subphase P depending on the valuable software 2v to be protected₂Followed by This subsequent protection subphase P₂Is also composed of multiple stages. The first stage corresponding to the implementation of the principle of protection by variables is the "₂₁". This creation stage S₂₁Now, the definition stage S₁₁The selection made in is used. This selection and the tool creation stage S₁₄The protected software 2p is created by executing the following processing using the tool (depending on the case) constructed in the above.
-During execution of the valuable software 2v, use at least one operand and select at least one algorithmic operation capable of obtaining at least one result.
Select at least one portion of the source 2vs of the valuable software that includes at least one selected algorithmic operation.
-Protect from the source 2vs of the varnable software by modifying at least one selected part of the source 2vs of the varnable software to obtain at least one modified part of the source 2ps of the protected software. Create 2ps of software source. This change is the following processing.
> During execution of the protected software 2p, the first execution part 2pes is executed in the data processing system 3, and the second execution part 2peu is executed in the unit 6 obtained from the blank unit 60 after information upload. .
> At least one function of the at least one selected algorithmic processing is performed by the second execution part 2peu.
> The at least one selected algorithm process is split, whereby during the execution of the protected software 2p, said algorithm process is executed by the second execution part using the basic functions.
> For at least one selected algorithmic operation, the basic commands are integrated into the protected software source 2ps, whereby during the protected software 2p execution each basic command is executed by the first execution part 2pes Then, in the unit 6, the execution of the basic function by the second execution part 2peu is triggered.
A sequence of basic commands is selected from a set of sequences enabling execution of the protected software 2p.
> The first object part 2pos of the protected software 2p from the protected software source 2ps. The first object part 2pos is an object part in which the first execution part 2peu appears during the execution of the protected software 2p, and the first execution part 2peu is executed by the data processing system 3 and at least one of the first execution part 2peu is executed. The part takes into account that the basic commands are executed according to the selected sequence.
> The second object part 2pou of the protection software 2p including the utilization means, which has been triggered by the first execution part (2pes) during execution of the protection software (2p) after uploading to the blank unit (60). When the function is executed, the second execution part (2peu) appears.
[0175]
Of course, the principle of protection by variables according to the invention can be applied directly during the development of new software, without having to realize the variable software 2v in advance. In this way, the protected software 2p is directly obtained.
[0176]
Subsequent protection subphase P₂, If at least one further protection principle is applied in addition to the protection principle by the basic function,₂₂Is executed. This change stage S₂₂Now, the definition stage S₁₁The intervened definition is used. This definition and the tool creation phase S allow the implementation of the protection principle according to one of the previously defined arrangements.₁₄The protected software 2p is changed using the tool (depending on the case) constructed in the above.
[0177]
When implementing the protection principle using variables, the protected software 2p is changed by the following processing.
During the execution of the protected software 2p, select at least one variable used in at least one selected algorithm process that partially defines the state of the protected software.
Modify at least one selected part of the protected software source 2ps. This change is such that during execution of the protected software 2p, there is at least one selected variable or at least one copy of the selected variable in the unit 6.
・ Create the following.
The first object part 2pos of the protected software 2p, wherein during execution of the protected software (2p), at least one part of the first execution part 2pes is a unit of at least one variable or at least one copy of the variable; Considering that it exists in 6
The second object part 2pou of the protected software 2p, after uploading to the unit 6, during execution of the protected software 2p, a second execution part 2peu appears, whereby at least one selected variable or selection Such that at least one copy of the assigned variable is also present in unit 6.
[0178]
When the protection principle by detection and enforcement is implemented, the protected software 2p is changed by the following processing.
Select at least one software execution characteristic to be monitored from the software execution characteristics that can be monitored.
Select at least one criterion to be followed for at least one selected software execution characteristic.
• In the protected software source 2ps, select a primitive function for which at least one selected software execution characteristic is monitored.
Modify at least one selected part of the protected software source 2ps. As a result of this change, during execution of the protected software 2p, at least one selected execution characteristic is monitored by the second execution part 2peu. Further, when the standard is not observed, the data processing system 3 is notified of the fact and / or the execution of the protected software 2p is changed.
Create a second object part 2pou of the protected software 2p that includes a utilization unit that also implements the detection unit 17 and the enforcement unit 18. As a result of the creation of the second object part 2pou, after uploading to the unit 6, at least one software execution characteristic is monitored during execution of the protected software 2p. Further, when the standard is not observed, the data processing system 3 is notified of the fact and / or the execution of the protected software 2p is changed.
[0179]
In the implementation of the protection principle by detection and enforcement, which uses measured variables of software execution as characteristics, the protected software 2p is modified by the following process.
Select at least one measurement variable of the usage of at least one function of the software as the software execution characteristic to be monitored.
・ Select the following.
-At least one function of the protected software 2p, capable of monitoring usage using measured variables.
-At least one measurement variable used to quantify the use of this function.
-At least one threshold value associated with the selected measurement variable corresponding to the limit of use of this function.
-At least one method of updating the selected measurement variable depending on the use of this function.
Modify at least one selected part of the protected software source 2ps. As a result of this change, during the execution of the protected software 2p, the measurement variables are validated by the second execution part 2peu according to the usage of this function, so that at least one threshold violation is taken into account.
[0180]
In the implementation of the first preferred variant of the detection and enforcement protection principle, which uses measured variables as properties, the protected software 2p is modified by the following process.
Select at least one measurement variable in the protected software source 2ps that needs to be associated with multiple thresholds corresponding to various usage limits of the feature.
Select at least two thresholds associated with the selected measurement variable.
Modify at least one selected part of the protected software source 2ps. As a result of this change, during execution of the protected software 2p, the second execution part 2peu will individually consider exceeding various thresholds.
[0181]
In the implementation of the second preferred variant of the detection and enforcement protection principle, which uses measured variables as properties, the protected software 2p is modified by the following process.
Select at least one selected measurement variable in the protected software source 2ps that must be able to limit the use of the function and allow at least one additional use.
Change at least one selected part. As a result of this change, it is possible to allow at least one additional use of at least one function corresponding to the selected measurement variable in a phase called replenishment.
[0182]
In the implementation of the protection principle by detection and enforcement using a software usage profile as a characteristic, the protected software 2p is modified by the following process.
Select at least one software usage profile as a software execution characteristic to be monitored.
Select at least one performance feature that the at least one selected usage profile must adhere to.
Modify at least one selected part of the protected software source 2ps. As a result of this change, during execution of the protected software 2p, the second execution part 2peu follows all the selected execution features.
[0183]
In the implementation of the detection and enforcement protection principle, which uses execution chain monitoring as the execution feature to be adhered to, the protected software 2p is modified by the following process.
Modify at least one selected portion of the protected software source 2ps by the following process.
-Convert basic functions into instructions.
-Specify the chain that at least some of the instructions must adhere to during execution in unit 6;
Convert the basic command into an instruction command corresponding to the instruction used.
[0184]
When implementing the protection principle by rename, the protected software 2p is changed by the following processing.
-Select a trigger command in the protected software source 2ps.
Modify at least one selected part of the protected software source 2ps by renaming the order of the selected trigger command to hide the identity of the corresponding dependent function.
・ Create the following.
A first object part 2pos of the protected software 2p. As a result of the creation of the first object part 2pos, during execution of the protected software 2p, a trigger command having the renamed order is executed.
A second object part 2pou of the protected software 2p comprising utilization means which also implements the restoration means 20. As a result of this second object part 2pou being created, after the upload to the unit 6, during execution of the protected software 2p, the identity of the dependent function whose execution is triggered by the first execution part 2pes is changed by the second execution part 2peu. It is restored and the dependent function is executed by the second execution part 2peu.
[0185]
In the implementation of the modification of the protection principle by the rename, the protected software 2p is changed by the following processing.
Select at least one trigger command with the renamed order in the protected software source 2ps.
The replacement of the renamed order of at least one selected trigger command with the renamed order with another renamed order and triggering the same group of dependent functions, so that the protected software source 2ps Modify at least one selected part.
[0186]
When implementing the protection principle by the conditional branch, the protected software 2p is changed by the following processing.
Select at least one conditional branch to be executed in at least one selected algorithm process in the protected software source 2ps.
Modify at least one selected part of the protected software source 2ps. As a result of this change, during the execution of the protected software 2p, the function of at least one selected conditional branch is executed in the unit 6 by the second execution part 2peu.
・ Create the following.
A first object part 2pos of the protected software 2p. As a result of the creation of this first object part 2pos, at least one selected conditional branch function is executed in the unit 6 during execution of the protected software 2p.
A second object part 2pou of the protected software 2p. As a result of the creation of the second object part 2pou, after uploading to the unit 6, during execution of the protected software 2p, a second execution part 2peu for executing at least one selected conditional branch function appears. Become.
[0187]
In the implementation of the preferred embodiment of the principle of protection by conditional branching, the protected software 2p is modified by the following process.
Select at least one selected conditional branch sequence in the source 2 ps of the protected software.
Modify at least one selected part of the protected software source 2ps. As a result of this change, during execution of the protected software 2p, the overall function of the at least one selected conditional branch sequence is executed in the unit 6 by the second execution part 2peu.
・ Create the following.
A first object part 2pos of the protected software 2p. As a result of the creation of the first object part 2pos, the function of at least one selected conditional branch sequence is executed in the unit 6 during execution of the protected software 2p.
A second object part 2pou of the protected software 2p. As a result of the creation of this second object part 2pou, after uploading to the unit 6, during execution of the protected software 2p, a second execution part 2peu that executes the overall function of at least one selected conditional branch sequence To appear.
[0188]
Of course, the protection principle according to the invention can be applied directly during the development of new software without having to execute intermediate protected software in advance. In this way, the creation step S₂₁And change stage S₂₂At the same time, the protected software 2p can be directly obtained.
[0189]
Subsequent protection subphase P₂In the creation step S of the protected software 2p₂₁After and possibly in the change phase S₂₂Followed by “Customization Step S₂₃Followed by a stage called "". This customization stage S₂₃The second object part 2pou including the exploitation means is uploaded to at least one blank unit 60 to obtain at least one unit 6, or the exploitation means is used to acquire at least one unit 6 Is uploaded to the at least one pre-customized unit 66. By uploading the customization information, at least one unit 6 can be operated. It should be noted that once a part of this information has been transferred to the unit 6, that part cannot be directly accessed from outside this unit 6. The transfer of the customization information to the blank unit 60 or the pre-customized unit 66 can be performed by a suitable customizing unit. The customizing unit will be described with reference to FIG. If the unit 6 is made up of a chip card 7 and its reader 8, customization concerns only the chip card 7.
[0190]
Various technical means in implementing the protection phase P will be described in more detail with reference to FIGS. 110, 120, 130, 140, and 150.
[0191]
FIG. 110 shows the construction stage S₁₂1 illustrates an embodiment of a system 25 in which can be implemented. This construction stage S₁₂Now, the definition stage S₁₁The intervened definition is taken into account, and the utilization means for the transfer means 12, 13 and possibly the unit 6 are constructed. Such a system 25 generally includes a computer unit including programs such as a file editor, an assembler, a preprocessor, a compiler, an interpreter, a debugger, and a link editor. A program development unit or workstation.
[0192]
FIG. 120 shows an embodiment of the pre-customization unit 30. The pre-customization unit 30 can upload the transfer means 13 and / or the utilization means at least partially to the at least one blank unit 60 to obtain the pre-customized unit 66. The pre-customizing unit 30 includes a read / write means 31 capable of electrically pre-customizing the blank unit 60 in order to obtain the pre-customized unit 66 to which the transfer means 13 and / or the utilization means have been uploaded. Have been. Also, the physical customizing means 32 of the blank unit 60, which can take the form of a printer, for example, can be included in the pre-customizing unit 30. If the unit 6 consists of a chip card 7 and its reader 8, pre-customization generally involves only the chip card 7.
[0193]
FIG. 130 illustrates an embodiment of a system 35 that can perform the creation of tools that assist in generating protected software and automate software protection. Such a system 35 generally includes a computer form including a system such as a file editor, an assembler, a preprocessor, a compiler, an interpreter, a debugger, and a link editor. A program development unit or workstation.
[0194]
FIG. 140 illustrates an embodiment of a system 40 that allows the protected software 2p to be created directly or the varnable software 2v to be modified to obtain the protected software 2p. The system 40 includes a system unit, a screen, and peripheral devices (such as a keyboard and a mouse), and generates programs such as a file editor, an assembler, a preprocessor, a compiler, an interpreter, a debugger, and a link editor, and generates protected software. A program development unit or workstation, typically in the form of a computer, which includes tools that enable it to assist in software protection and automate software protection.
[0195]
FIG. 150 shows an embodiment of the customizing unit 45. The customizing unit 45 may upload the second object part 2 pou to at least one blank unit 60 to obtain at least one unit 6, or upload the second object part 2 pou to obtain at least one unit 6. Portions can be uploaded to at least one pre-customized unit 66. The customizing unit 45 includes read / write means 46 that can electrically customize at least one blank unit 60 or at least one pre-customized unit 66 to obtain at least one unit 6. At the end of this customization, unit 6 contains the information needed to execute protected software 2p. The customizing unit 45 can also include a physical customizing means 47 for at least one unit 6, which can for example take the form of a printer. If the unit 6 consists of a chip card 7 and its reader 8, customization generally involves only the chip card 7.
[0196]
The following improvements can be made to the protection process according to the invention.
The second object part 2 pou of the protected software 2 p can be modified to use a plurality of allocated processing / storage units together. This allows the execution of the protected software 2p when used together, and prevents the use of the protected software 2p when at least one of the processing / storage units does not exist.
・ Similarly, pre-customization stage S_ThirteenAfter, customization stage S₂₃In the above, by including a part of the second object part 2 pou necessary for converting the pre-customized unit 66 into the unit 6 in the processing / storage unit used in the customization unit 45, the second object part 2 pou Access to some can be restricted. Of course, part of this second object part 2 pou can be distributed to a plurality of processing / storage units. Thereby, access to a part of the second object part 2 pou can be permitted only when the processing / storage unit is used together.
[Brief description of the drawings]
[0197]
FIG. 10 is a functional block diagram illustrating various representations of software that are not protected and protected by a process according to the present invention, respectively.
FIG. 11 is a functional block diagram illustrating various representations of software not protected and protected by a process according to the present invention, respectively.
FIG. 20 shows by way of example various embodiments of an apparatus for implementing a process according to the invention.
FIG. 21 shows by way of example various embodiments of an apparatus for implementing a process according to the invention.
FIG. 22 shows by way of example various embodiments of an apparatus for implementing a process according to the invention.
FIG. 30 is a functional block diagram that clearly illustrates the general principles of the process according to the present invention.
FIG. 31 is a functional block diagram that clearly illustrates the general principles of the process according to the present invention.
FIG. 40 illustrates a protection process according to the present invention that implements the principle of protection by variables.
FIG. 41 illustrates a protection process according to the invention implementing the protection principle by variables.
FIG. 42 illustrates a protection process according to the invention implementing the principle of protection by variables.
FIG. 43 illustrates a protection process according to the present invention that implements the protection principle by variables.
FIG. 60 shows a protection process according to the invention implementing the protection principle by elementary functions.
FIG. 61 illustrates a protection process according to the invention implementing the protection principle by elementary functions.
FIG. 62 illustrates a protection process according to the invention implementing the protection principle by elementary functions.
FIG. 63 shows a protection process according to the invention implementing the protection principle by elementary functions.
FIG. 64 shows a protection process according to the invention implementing the protection principle by elementary functions.
FIG. 70 illustrates a protection process according to the present invention that implements the detection and enforcement protection principle.
FIG. 71 illustrates a protection process according to the present invention that implements the protection principle by detection and enforcement.
FIG. 72 illustrates a protection process according to the present invention that implements the principle of protection by detection and enforcement.
FIG. 73 illustrates a protection process according to the present invention that implements the principle of protection by detection and enforcement.
FIG. 74 illustrates a protection process according to the present invention that implements the principle of protection by detection and enforcement.
FIG. 80 illustrates a protection process according to the present invention that implements the protection principle by rename.
FIG. 81 illustrates a protection process according to the present invention that implements the protection principle by rename.
FIG. 82 illustrates a protection process according to the present invention that implements the protection principle by rename.
FIG. 83 illustrates a protection process according to the present invention that implements the protection principle by rename.
FIG. 84 illustrates a protection process according to the present invention that implements the protection principle by rename.
FIG. 85 illustrates a protection process according to the present invention that implements the protection principle by rename.
FIG. 90 illustrates a protection process according to the present invention that implements the protection principle by conditional branching.
FIG. 91 illustrates a protection process according to the invention that implements the protection principle by conditional branching.
FIG. 92 illustrates a protection process according to the present invention that implements the protection principle by conditional branching.
FIG. 100 illustrates various implementation phases of the present inventive subject matter.
FIG. 110 illustrates an embodiment of a system that enables implementation of a build phase of a protection phase according to the present invention.
FIG. 120 shows an embodiment of a pre-customization unit used in the protection process according to the invention.
FIG. 130 illustrates an embodiment of a system that enables implementation of a tool creation phase of a protection phase in accordance with the present invention.
FIG. 140 shows an embodiment of a system enabling the implementation of a protection process according to the invention.
FIG. 150 shows an embodiment of a customization unit used in the protection process according to the invention.

Claims (35)

Using at least one blank unit (60) comprising at least storage means (15) and processing means (16), the variable software (2v) running on the data processing system (3) for its unauthorized use. Process to protect against:
→ During the protection phase (P),
A set of basic functions whose basic functions can be performed in unit (6);
And-a set of elementary commands for the set of elementary functions, said set of elementary commands being executed in a data processing system (3) and triggering execution in a unit (6);
To define
Building utilization means that can be converted into a unit (6) capable of executing said set of basic functions (the execution of said basic functions is triggered by execution in a data processing system (3));
・ Protected software (2p)
By using at least one operand and selecting at least one algorithmic operation capable of obtaining at least one result during execution of the valuable software (2v)
By selecting at least one part of the source (2 vs.) of the valuable software comprising at least one selected algorithmic processing
-Changing the at least one selected part of the source of the balunable software (2vs) to obtain at least one changed part of the source of the protected software (2ps), thereby obtaining the source of the valuable software; (2vs) create protected software source (2ps) (this change is
> During the execution of the protected software (2p), the first execution part (2pes) is executed in the data processing system (3), and the second execution part (2peu) is executed after the information is uploaded to the blank unit (60). Executed in the unit (6) obtained from
> At least a function of at least one selected algorithmic processing is performed by a second execution part (2peu);
> At least one selected algorithmic process is split, whereby during execution of the protected software (2p) said algorithmic process is executed by a second execution part using a basic function,
> For at least one selected algorithmic operation, the basic commands are integrated into the protected software source (2ps), so that during the protected software (2p) execution, each basic command is first executed Executed by the part (2pes), triggering the execution of the basic function by the second execution part (2peu) in the unit (6),
A sequence of elementary commands is selected from a set of sequences enabling execution of the protected software (2p),
Is such a change)
− And
> The first object part (2pos) of the protected software (2p) from the source of the protected software (2ps) (the first object part (2pos) is the first object part (2pos) during execution of the protected software (2p)). An object part in which one execution part (2peu) appears, the first execution part (2peu) being executed in the data processing system (3), at least one part of which is executed with a basic command according to a selected sequence. Consider that),
And the second object part (2pou) of the protection software (2p) including the utilization means, and after the upload to the blank unit (60), during the execution of the protection software (2p), the first execution part (2pes) ) The execution of the elementary function triggered by) causes a second execution part (2peu) to appear;
By generating
To create,
And uploading a second object part (2 pou) to the blank unit (60) for the purpose of obtaining the unit (6);
→ During the utilization phase (U) where the protection software (2p) is executed,
In the presence of the unit (6), each time a basic command included in a part of the first execution part (2pes) requests, by executing the corresponding basic function in the unit (6), the part is correctly executed. Ensuring that the protected software (2p) is fully functional,
And, in the absence of unit (6), the request cannot be fulfilled in spite of a request by a part of the first execution part (2pes) to trigger the execution of a basic function in unit (6) Thereby ensuring that at least the part is not executed correctly and consequently the protected software (2p) does not function completely;
Including the process. → During the protection phase (P)
・ Protected software (2p)
By selecting, during execution of the protected software (2p), at least one variable used in at least one selected algorithmic process that partially defines the state of the protected software;
Altering at least one selected part of the source (2ps) of the protected software (this change may occur during execution of the protected software (2p) by at least one selected variable or selected variable); At least one copy is present in unit (6)).
− And
> The first object part (2pos) of the protected software (2p), wherein during execution of the protected software (2p), at least one part of the first execution part (2pes) has at least one variable or variable Taking into account that at least one copy is present in unit (6),
> And the second object part (2pou) of the protected software (2p), after uploading to the unit (6), during execution of the protected software (2p), a second execution part (2peu) appears, Whereby such that at least one selected variable or at least one copy of the selected variable is also present in unit (6),
By generating
Change,
Including
→ During the use phase (U),
Whenever a portion of the first execution part (2pes) requests in the presence of unit (6), by using the variable or a copy of the variable present in unit (6), that portion is executed correctly, As a result, making the protected software (2p) fully functional;
And, in the absence of unit (6), despite the request by a part of the first execution part (2pes) to use the variable or a copy of the variable present in unit (6), correct the request Failure to fulfill at least the part is not performed correctly, and consequently the protected software (2p) is not fully functional;
The process of claim 1 comprising: → During the protection phase (P)
-At least one software execution characteristic that can be monitored at least partially in unit (6);
-At least one criterion that at least one software execution characteristic must adhere to;
Detection means (17) implemented in the unit (6) and capable of detecting that at least one software execution characteristic does not comply with at least one relevant criterion;
And enforcement means (18) implemented in the unit (6), which can notify the data processing system (3) when at least one criterion is not adhered to and / or change the execution of the software. ),
To define
Building utilization means that also allow the unit (6) to implement the detection means (17) and the forcing means (18);
And and the protected software (2p)
-By selecting at least one software execution characteristic to be monitored from among the software execution characteristics that can be monitored;
By selecting at least one criterion that at least one selected software execution characteristic must adhere to;
By selecting in the source of protected software (2 ps) a basic function for which at least one selected software execution characteristic is to be monitored,
Altering at least one selected part of the source (2ps) of the protected software (this change is performed during execution of the protected software (2p) if at least one selected execution characteristic is the second execution part); (2peu), a change in which non-compliance with the standards is notified to the data processing system (3) and / or changes in the execution of the protected software (2p))
And generating a second object part (2pou) of the protected software (2p) including a utilization means that also implements the detection means (17) and the enforcement means (18), wherein the second object part (2pou) After the upload to the unit (6), during execution of the protected software (2p), at least one first software execution characteristic is monitored and a notification to the data processing system (3) that the standard has not been complied with. And / or object parts that lead to a change in the execution of the protected software (2p))
Change,
Including
→ During the use phase (U),
-When unit (6) is present,
-Said part of the protected software (2p) operates nominally, as long as all the criteria corresponding to all monitored execution characteristics of all the changed parts of the protected software (2p) are complied with; Allowing the protected software (2p) to operate nominally as a result,
And notifying the data processing system (3) if at least one criterion corresponding to the monitored execution characteristic of a part of the protected software (2p) has not been complied with, and / or Changing the function of the software (2p) part so that the function of the protected software (2p) is changed;
The process of claim 1 comprising: To restrict the use of protected software (2p)
→ During the protection phase (P)
-Software performance characteristics that can be monitored, such as measurement variables for the usage of software functions,
-At least one threshold value associated with each measurement variable,
-And an enabling means capable of updating at least one measurement variable,
To define
Constructing utilization means that also enable the unit (6) to carry out activation means;
And and the protected software (2p)
By selecting at least one measurement variable of the usage of at least one function of the software as a software execution characteristic to be monitored;
-> At least one function of the protected software (2p) whose use can be monitored using the measurement variables,
> At least one measurement variable used to quantify the use of said function,
> At least one threshold value associated with the selected measurement variable corresponding to the usage limit of said function;
> And at least one method of updating selected measurement variables depending on the usage of said function,
By selecting
And modifying at least one selected part of the source (2 ps) of the protected software (this change depends on the usage of said function during the execution of the protected software (2p) By a second execution part (2peu), where at least one threshold crossing is taken into account)
Changing the
Including
→ During the use phase (U), in the presence of the unit (6) and if at least one threshold crossing corresponding to at least one use limit is detected, it is sent to the data processing system (3). Notifying and / or changing the function of the portion of the protected software (2p) so that the function of the protected software (2p) is changed;
The process of claim 3, comprising: → During the protection phase (P)
-Some associated thresholds for at least one measurement variable;
-And different forcing means corresponding to each of said thresholds,
To define
And and the protected software (2p)
By selecting in the protected software source (2 ps) at least one selected measurement variable to which several threshold values corresponding to different usage limits of the function must be associated;
By selecting at least two thresholds associated with the selected measurement variable,
And modifying at least one selected part of the source (2 ps) of the protected software (this change may occur during execution of the protected software (2p) if a different threshold is exceeded during the second execution) Part (2 peu) is a change that is considered differently)
Change,
Including
→ During the use phase (U),
-When unit (6) is present,
-Instructing the protected software (2p) not to use the corresponding function anymore if a first threshold is exceeded.
-Deactivating the corresponding function and / or at least part of the protected software (2p) if a second threshold is exceeded.
The process of claim 4 comprising: → During the protection phase (P)
Defining a replenishment measure that allows at least one additional use of at least one software function monitored by the measurement variable;
Building utilization means that also allow the unit (6) to implement replenishment means;
And and the protected software (2p)
By selecting at least one selected measurement variable in the source of the protected software (2 ps) that can limit the use of functions that must be able to allow at least one additional use;
And altering at least one selected portion, such that the alteration permits at least one additional use of at least one function corresponding to the selected measurement variable during a phase called the refill phase. Change)
Change,
Including
→ During the replenishment phase,
Re-enabling at least one selected measurement variable and / or at least one associated threshold to enable at least one additional use of the function;
The process according to claim 4 or 5, comprising: → During the protection phase (P)
-Software usage characteristics that can be monitored include software usage profiles,
-And at least one software execution characteristic,
To define
And and the protected software (2p)
By choosing to monitor at least one software usage profile as a software execution characteristic;
-By selecting at least one execution characteristic that the at least one selected usage profile must adhere to;
And modifying at least one selected part of the source (2 ps) of the protected software (this change is performed during execution of the protected software (2p) by the second execution part (2 peu) making all selections) Changes that must adhere to the implemented performance features)
Change,
Including
→ Notify the data processing system (3) during the use phase (U) upon the presence of the unit (6) and if it is detected that at least one execution feature has not been observed, and And / or changing the function of the protected software (2p) so that the function of the protected software (2p) is changed;
The process of claim 3, comprising: → During the protection phase (P)
A set of instructions that can be executed in unit (6);
-A set of instruction commands for said set of instructions, said set of instruction commands being executed in a data processing system (3) and triggering execution of the instructions in a unit (6);
-A chain of instructions,
-The expected execution sequence for the execution of the instruction,
Means as detecting means (17) capable of detecting that the chain of instructions does not correspond to what is expected;
And, as forcing means (18), notify the data processing system (3) if the chain of instructions does not correspond to what is expected and / or change the function of the part of the protected software (2p). Means capable of,
To define
Building utilization means that also allow the unit (6) to execute instructions of the instruction set (the execution of said instructions is triggered by the execution of instruction commands in the data processing system (3));
And and the protected software (2p)
-At least one selected part of the protected software source (2ps)
> By converting basic functions into instructions,
By specifying a chain that at least part of the instructions must adhere to during their execution in unit (6)
> And by converting the basic command to an instruction command corresponding to the instruction used,
By changing
Change,
→ During the use phase (U), if it is detected that the chain of instructions executed in the unit (6) does not correspond to the expected one, Notifying the processing system (3) and / or changing the function of the part of the protected software (2p) so that the function of the protected software (2p) is changed;
The process of claim 7, comprising: → During the protection phase (P)
-As an instruction set, at least some instructions cooperating with registers and using at least one operand for the purpose of returning a result;
-For at least some of the instructions associated with the registers,
> Part (PF) that defines the function of the instruction
> And a part that defines the expected chain for execution of the instruction,
(The part is
識別 Instruction identification field (CII),
◇ and for each operand of the instruction:
* Flag field (CD _k ),
* And the expected identification field of the operand (CIP _k ),
That contains the bit field corresponding to),
A generation identification field (CIG _v ), for each register belonging to the exploitation means and used by the instruction set, in which the identification of the last instruction which returned its result is automatically stored;
As detection means (17), for each operand during execution of the instruction, when a flag field (CD _k ) requires, a generation identification field (CIP _k ) corresponding to the register used by said operand; Means capable of checking the equality with the expected identification field (CIP _k ) of the source of the operand,
And means for being able to change the result of the instruction if at least one checked equality is false, as forcing means (18);
To define
9. The process of claim 8, comprising: → During the protection phase (P)
.- Basic commands or instruction commands as trigger commands,
-As dependent functions, basic functions or instructions;
-At least one argument to a trigger command which, as an order, at least partially corresponds to the information sent by the data processing system (3) to the unit (6) and triggers the execution of the corresponding dependent function;
-A method for renaming an order, wherein the order can be renamed to obtain a trigger command having the renamed order;
Restoration means (20) designed to be used in the unit (6) during the use phase (U) and capable of restoring the dependent function to be executed from the renamed order;
To define
Constructing utilization means that also allow the unit (6) to implement restoration means;
And and the protected software (2p)
-By selecting a trigger command in the protected software source (2ps)
By modifying at least one selected part of the source of protected software (2 ps) by renaming the order of the selected trigger command so as to hide the identity of the corresponding dependent function;
− And
> The first object part (2pos) of the protected software (2p), such that during execution of the protected software (2p), a trigger command having the renamed order is executed;
> The second object part (2pou) of the protected software (2p) including the utilization means that also implements the restoration means (20), and after the upload to the unit (6), during the execution of the protected software (2p) The identity of the dependent function whose execution is triggered by the first execution part (2pes) is restored by the second execution part (2peu) and the dependent function is executed by the second execution part (2peu),
By generating
Change,
Including
→ During the use phase (U),
Whenever a trigger command having a renamed order included in a part of the first execution part (2pes) requires the presence of the unit (6), the identification of the corresponding dependent function and its execution are performed in the unit (6). And that the part is executed correctly so that the protected software (2p) is fully functional;
And correctly fulfilling the request in the absence of unit (6), despite the request by a part of the first execution part (2pes) to trigger execution of the dependent function in unit (6) The inability to at least prevent the part from being executed correctly and consequently the protected software (2p) from completely functioning;
9. The process according to claim 1 or 8, comprising: → During the protection phase (P)
Defining, for at least one dependent function, a set of dependent functions that are algorithmically equivalent, but whose renamed orders are triggered by different trigger commands;
And and the protected software (2p)
By selecting at least one trigger command having a renamed order in the source of protected software (2 ps)
-And by replacing at least the renamed order of one selected trigger command with the renamed order with another renamed order that triggers the same group of dependent functions, 2ps) by changing at least one selected part
Change,
The process of claim 10 comprising: → During the protection phase (P), for at least one dependent function, an algorithmically equivalent set of dependent functions is
By concatenating the noise field with information defining the functional part of the dependent function to be performed in unit (6)
Or by using the identification field of the instruction (CII) and the expected field of the operands (CIP _k )
To define,
The process of claim 11 comprising: → During the protection phase (P)
.-An order renaming method, an encryption method for encrypting the order,
And means for implementing as decoding means (20) a decoding method for decoding the renamed order to restore the identity of the dependent function to be performed in unit (6),
To define
The process according to claim 10, 11 or 12, comprising: → During the protection phase (P)
・ Protected software (2p)
By selecting at least one conditional branch executed in at least one selected algorithmic process in the source of protected software (2 ps)
Modifying at least one selected part of the source (2 ps) of the protected software, the change being performed during execution of the protected software (2p) by the function of at least one selected conditional branch; (6) is a change as performed by the second execution part (2peu))
− And
> The first object part (2pos) of the protected software (2p), such that during execution of the protected software (2p) at least one selected conditional branch function is executed in the unit (6) thing,
> The second object part (2pou) of the protected software (2p), after uploading to the unit (6), during execution of the protected software (2p), a second execution part (2peu) appears, Such that the function of at least one selected conditional branch is performed,
By generating
Change,
Including
→ During the use phase (U),
In the presence of the unit (6), each time a part of the first execution part (2pes) requests, by executing at least one function of the conditional branch in the unit (6), the part is executed correctly and the result To make the protected software (2p) fully functional,
And, in the absence of unit (6), correctly satisfying the request, despite the request by a part of the first execution part (2pes) to perform the function of the conditional branch in unit (6). The inability to at least prevent the part from being executed correctly and consequently the protected software (2p) from completely functioning;
14. The process according to any one of claims 1 to 13, comprising: During the protection phase (P), the protected software (2p)
By selecting at least one selected conditional branch sequence in the source of protected software (2 ps),
Altering at least one selected part of the source (2ps) of the protected software (this change is performed during execution of the protected software (2p) if all functions of at least one selected conditional branching sequence are changed); , Unit (6), which is the change performed by the second execution part (2peu))
− And
> The first object part (2pos) of the protected software (2p) such that during execution of the protected software (2p), at least one function of the selected conditional branch sequence is executed in the unit (6); Things,
> The second object part (2pou) of the protected software (2p), after uploading to the unit (6), during execution of the protected software (2p), a second execution part (2peu) appears, Such that all functions of at least one selected conditional branching sequence are performed,
By generating
15. The process of claim 14, including changing. 16. The method according to claim 1, comprising dividing the protection phase into a pre-protection sub-phase independent of the software to be protected and a subsequent protection sub-phase dependent on the software to be protected. The process of claim 1. 17. The process according to claim 16, comprising inserting a definition phase (S11) in which all definitions are performed during the pre-protection sub-phase (P1). 18. The process according to claim 17, comprising, after the definition step (S11), inserting a construction step (S12) in which the exploitation means is constructed. After the construction step (S12), including inserting a pre-customization step (S13) including uploading at least a portion of the utilization means to the blank unit (60) in order to obtain a pre-customized unit (66). The process according to claim 18. Claims include, during the pre-protection sub-phase (P1), inserting a tool creation step (S14) in which a tool is created that assists in the generation of the protected software or that enables automation of the software protection. Item 19. The process according to item 17 or 18. Subsequent protection sub-phase (P2)
A creation step (S21) in which the protected software (2p) is created from the valuable software (2v);
A change step (S22) in which the protected software (2p) is changed, as the case may be;
· and,
The second object part (2pou) of the protected software (2p) including the exploitation means is uploaded to at least one blank unit (60) for the purpose of obtaining at least one unit (6);
Or a part of the second object part (2pou) of the protected software (2p), optionally including exploitation means, for obtaining at least one unit (6), at least one pre-customized unit (66) Customization stage uploaded to (S23),
20. The process of claims 16 and 19, comprising splitting into. 21. Use of at least one tool that assists in generating protected software or automates software protection during the creating step (S21) and possibly during the modifying step (S22). The process of claim 21. Considering the definitions inserted during the definition stage (S11), including during the construction stage (S12) a program development unit used to execute the construction of the utilization means for the unit (6) The system for performing the process of claim 18. A pre-customized unit (30) capable of uploading at least a portion of the exploitation means to the at least one blank unit (60) for the purpose of obtaining at least one pre-customized unit (66). A system for performing the process of claim 19. 21. A program development unit used during the tool creation step (S14) to support creation of protected software or to execute creation of tools to automate software protection. A system for performing the process of claim 1. 23. A system for implementing the process according to claim 21 or 22, comprising a program deployment unit used to generate or modify the protected software (2p). A second object part (2pou) in at least one blank unit (60) for the purpose of obtaining at least one unit (6);
Or a customization unit (45) capable of uploading a part of the second object part (2 pou) to at least one pre-customized unit (66) for the purpose of obtaining at least one unit (6) 22. The system for performing a process according to claim 21, comprising: A pre-customized unit (66) obtained by the system according to claim 24. 28. A second object of the protected software (2p) that is capable of executing the protected software (2p) and preventing its unauthorized use and uploaded using the customization unit (45) according to claim 27. A unit (6) comprising a part (2 pou). 28. The second object part (2pou) of the protected software (2p) uploaded using the customizing unit (45) according to claim 27 is divided into a plurality of processing / storage units, and the protected software (2p) is used simultaneously. 2p). A set of units (6), characterized in that it is possible to carry out 2p). A first distribution part (2pds) including a first object part (2pos) and designed to work with the data processing system (3);
· and,
A blank unit (60),
-Or a pre-customization unit (66) according to claim 28, which can be converted into a unit (6) after uploading the customization information,
-Or a unit (6) according to claim 29;
A second distribution part (2pdu) having the form
A distribution set (2pd) of the protected software (2p). 32. The protected software (2p) according to claim 31, wherein the first distribution part (2pds) includes a format of a physical distribution medium such as a CDROM or a format of a file distributed through a network. Distribution set (2pd). 32. The second distribution part (2pdu) in the form of a blank unit (60), a pre-customized unit (66) or a unit (6) comprises at least one chip card (7). Distribution set (2pd) of the protected software (2p) described. Processing / storage comprising a part of a second object part (2 pou) necessary for converting a pre-customized unit (66) according to claim 28 into a unit (6) according to claim 29. unit. A set of processing / storage units that are used simultaneously to convert the pre-customized unit (66) of claim 28 to a unit (6) of claim 29. A set of processing / storage units characterized by including a part including a part of a second object part (2pou).

Images