JP3949106B2 - How to protect software against fraudulent use by "fundamental function" principle - Google Patents

Description

Detailed Description of the Invention

  The present invention relates generally to the technical field of data processing systems, and more particularly to means for protecting software executing on the data processing system against unauthorized use.

  The subject of the invention is in particular aimed at providing means for protecting software against unauthorized use using a processing / storage unit. Such a unit is generally realized by a chip card or a substance key on a USB port.

  In the above technical field, the main problem is related to unauthorized use of software by users who have not paid for the license. This illegal use of software causes obvious losses for software editors, software sellers, and / or anyone who bundles such software into a product. In order to prevent such illegal copying, the latest technology has proposed various solutions to protect the software.

  Protection solutions are known that make use of hardware protection systems, for example physical components called protection keys or “dongles”. Such a protection key must ensure that the software is executed only in the presence of the key. However, this solution is not effective because it has the disadvantage of being easy to avoid. A Service-to-Self or a hacker may delete the protection key control command with the help of a special tool such as a disassembler. In that case, an illegal copy corresponding to a modified version of the software can be executed without protection. Furthermore, this solution cannot be generalized to all software because it is difficult to connect more than two protection keys to the same system.

  The subject of the present invention is precisely using a processing / storage unit to protect the software against unauthorized use, such that the presence of such a unit is necessary for the software to be fully functional. The purpose is to find a solution to the above problem by proposing a process to do.

In order to achieve such a goal, the subject of the present invention is the use of at least one blank unit comprising at least processing means and storage means to enable the varnarable software to be generated from a source and run on a data processing system. It relates to protecting against unauthorized use. The process according to the invention consists of:
→ During the protection phase
A set of basic functions whose basic functions can be executed in the unit,
-And a set of basic commands that are basic commands for the set of basic functions and that can be executed in a data processing system and trigger execution in a unit;
Defining
Building a lever that can be transformed into a unit capable of executing the set of basic functions (execution of the basic functions is triggered by execution in a data processing system);
・ Protected software
By selecting at least one algorithm processing capable of using at least one operand and obtaining at least one result during the execution of the balnarable software,
-By selecting at least one part of the source of the balnarable software, including at least one selected algorithm processing;
-The source of protected software from the source of valarable software by modifying at least one selected portion of the source of valarable software to obtain at least one modified part of the source of protected software; (This change is
> During execution of the protected software, the first execution part is executed in the data processing system and the second execution part is executed in the unit obtained from the blank unit after uploading the information,
> At least one function of at least one selected algorithm processing is performed by the second execution part;
> At least one selected algorithm processing is divided, so that during the execution of the protected software, said algorithm processing is executed by the second execution part using a basic function;
> For at least one selected algorithm processing, basic commands are integrated into the protected software source so that during the protected software execution, each basic command is executed by the first execution part, Trigger the execution by the second execution part of the basic function in
> A sequence of basic commands is selected from a set of sequences that allow execution of protected software;
Change)
− And
A first object part of protected software from a source of protected software (the first object part is an object part in which the first execution part appears during execution of the protected software; Part is executed in the data processing system, at least one part of which takes into account that the basic command is executed according to the selected sequence),
> And the second object part of the protection software including the exploitation means, and after the upload to the blank unit, the basic function triggered by the first execution part is executed during the execution of the protection software. 2 Things that appear as an execution part
By generating
Creating,
And uploading the second object part to the blank unit for the purpose of obtaining the unit,
→ During the utilization phase when the protection software is executed,
-When a basic command included in a part of the first execution part is requested in the presence of the unit, the corresponding basic function is executed in the unit, so that the part is executed correctly. As a result, the protected software is completely To make it work,
And, in the absence of the unit, at least the part executes correctly because it cannot satisfy the request despite the request by the part of the first execution part that seeks to trigger the execution of the basic function in the unit. And as a result, ensure that the protected software is not fully functional,
including.

According to a preferred embodiment, the process according to the invention is:
→ During the protection phase,
・ Protected software
-During execution of the protected software, by selecting at least one variable used in at least one selected algorithm process that partially defines the state of the protected software;
-Changing at least one selected part of the source of protected software (this change means that at least one selected variable or at least one copy of the selected variable is a unit during execution of the protected software); Is a change that exists in
− And
> Is the first object part of the protected software, and during execution of the protected software, at least one part of the first execution part also considers that at least one variable or at least one copy of the variable exists in the unit Something to do,
> And the second object part of the protected software, and after uploading to the unit, during execution of the protected software, the second execution part appears, whereby at least one selected variable or selected variable Such that at least one copy of is also present in the unit,
By generating
Changing,
Including
→ During the usage phase
Whenever a part of the first execution part requests in the presence of a unit, it uses the variable or copy of the variable that exists in the unit to execute it correctly, and as a result, the protected software is completely To make it work,
And, in the absence of the unit, despite the request by the part of the first execution part that seeks to use a variable or a copy of the variable that exists in the unit, To ensure that the protected software is not fully functional as a result,
including.

According to another preferred embodiment, the process according to the invention comprises:
→ During the protection phase,
-At least one software execution characteristic that can be at least partially monitored by the unit,
-At least one standard to be observed by at least one software execution characteristic;
A detection means implemented in the unit and capable of detecting that at least one software execution characteristic does not comply with at least one relevant criterion;
-And enforcement means that can be implemented in the unit and notify the data processing system and / or change the execution of the software when at least one criterion is not complied with;
Defining
Building a means of utilization that allows the unit to implement detection and enforcement means;
・ And the protected software
-By selecting at least one software execution characteristic to be monitored from among the software execution characteristics that can be monitored;
-By selecting at least one criterion that at least one selected software execution characteristic should comply with;
-By selecting a basic function in the source of protected software that at least one selected software execution characteristic is to be monitored;
-Changing at least one selected part of the source of protected software (this change means that during execution of the protected software, at least one selected execution characteristic is monitored by the second execution part and the criteria are Non-compliance is a change that leads to a notification to the data processing system and / or a change in the execution of protected software)
-And generating a second object part of the protected software including a utilization means that also implements the detection means and the forcing means (the second object part is at least during execution of the protected software after uploading to the unit) One primary software execution characteristic is monitored and failure to comply with standards is an object part that leads to notification to the data processing system and / or changes in the execution of protected software)
Changing,
Including
→ During the usage phase
・ When the unit exists,
-As long as all standards corresponding to all monitored execution characteristics of all modified parts of protected software are observed, said part of protected software operates nominally and as a result Enabling the to operate nominally,
And if the at least one standard corresponding to the monitored execution characteristics of a part of the protected software is not observed, this is notified to the data processing system and / or the function of the part of the protected software is To change the functionality of the protected software,
including.

According to a variant embodiment, the process according to the invention is:
→ During the protection phase,
-As software execution characteristics that can be monitored, measurement variables for the usage of software functions,
-As a criterion to be observed, at least one threshold value associated with each measurement variable,
-And enabling means capable of updating at least one measurement variable,
Defining
-Building a means of use that will allow the unit to implement the enabling means;
・ And the protected software
-By selecting at least one measurement variable of usage of at least one function of the software as a software execution characteristic to be monitored;
-> At least one function of protected software whose use can be monitored using measurement variables,
> At least one measurement variable used to quantify the usage of the function,
> At least one threshold value associated with the selected measurement variable corresponding to the use limit of the function;
> And at least one method of updating the selected measurement variable depending on the usage of the function,
By selecting
-And changing at least one selected part of the source of the protected software (this change is realized by a second execution part during execution of the protected software, whose measurement variables depend on the usage of the function) Is such that at least one threshold crossing is taken into account)
Changing the
Including
→ During the usage phase, notify the data processing system and / or protect it when the unit is present and if at least one threshold excess corresponding to at least one usage limit is detected Changing the function of the software part to change the function of the protected software,
including.

According to a variant embodiment, the process according to the invention is:
→ During the protection phase,
-Several relevant thresholds for at least one measurement variable,
-And different forcing means corresponding to each of said threshold values,
Defining
・ And the protected software
-By selecting at least one selected measurement variable in the source of the protected software, to which several threshold values corresponding to different usage limits of the function must be associated,
-By selecting at least two threshold values associated with the selected measurement variable,
-And changing at least one selected part of the source of the protected software (this change is considered differently by the second execution part when various thresholds are exceeded during execution of the protected software) Change)
Changing,
Including
→ During the usage phase
・ When the unit exists,
-Commanding the protected software not to use the corresponding function any more when the first threshold is exceeded,
-Disabling a corresponding function and / or at least part of the protected software if a second threshold is exceeded,
including.

According to a variant embodiment, the process according to the invention is:
→ During the protection phase,
Defining replenishment means that can allow at least one additional use for at least one software function monitored by a measurement variable;
-Building a means of use that will allow the unit to implement replenishment means;
・ And the protected software
-By selecting at least one selected measurement variable that can limit the use of at least one additional function that must be allowed to be permitted in the source of the protected software;
-And changing at least one selected part (this change is such that at least one additional use of at least one function corresponding to the selected measurement variable is permitted during a phase called the replenishment phase) Change)
Changing,
Including
→ During the replenishment phase
Re-enabling at least one selected measurement variable and / or at least one associated threshold to allow at least one additional use of the function;
including.

According to a variant embodiment, the process according to the invention is:
→ During the protection phase,
-Software usage profiles as software execution characteristics that can be monitored,
-And at least one software execution feature as a standard to be observed,
Defining
・ And the protected software
-By selecting as a software execution characteristic to monitor at least one software usage profile;
-By selecting at least one execution feature that at least one selected usage profile must comply with;
-And changing at least one selected part of the source of protected software (if the second execution part does not comply with all selected execution features during execution of the protected software) Is a change that would not be possible)
Changing,
Including
→ during the use phase, notify the data processing system in the presence of the unit and if it is detected that at least one execution feature has not been observed and / or Changing the function to change the function of the protected software,
including.

According to a variant embodiment, the process according to the invention is:
→ During the protection phase,
A set of instructions that can be executed on the unit,
A set of instruction commands for said instruction set, said instruction command set being executed in a data processing system and capable of triggering execution of instructions in a unit;
-As a usage profile, a chain of instructions,
-As an execution feature, the expected chain for the execution of the instruction;
-Means capable of detecting that the chain of instructions does not correspond to what is expected, as detection means;
And, as a forcing means, means capable of notifying the data processing system when the chain of instructions does not correspond to what is expected and / or changing the function of the protected software part,
Defining
Building a lever that also allows the unit to execute instructions of the instruction set (execution of the instructions is triggered by execution of instruction commands in the data processing system);
・ And the protected software
-At least one selected part of the source of protected software,
> By converting basic functions into instructions,
> By specifying the chain at least part of the instructions must comply during their execution in the unit,
> And by converting the basic command into an instruction command corresponding to the instruction used,
By changing
Changing,
Including
→ During the usage phase, if the unit is present, if it is detected that the chain of instructions executed on the unit does not correspond to what is expected, it is notified to the data processing system and / or Changing the function of the protected software part to change the function of the protected software,
including.

According to a variant embodiment, the process according to the invention is:
→ During the protection phase,
-An instruction set in which at least a part of the instructions works with a register and uses at least one operand to return a result, as an instruction set;
-For at least some instructions that work with registers
> A part that defines the function of the instruction,> and a part that defines the expected chain for execution of the instruction,
(The part is
◇ Instruction identification field,
◇ And for each operand of the instruction,
* Flag field,
* And the expected identification field of the operand,
Part containing a bit field corresponding to
A generated identification field for each register used by the instruction set belonging to the exploitation means in which the identification of the last instruction that returned the result is automatically stored in the register;
As a means of detection, for each operand during execution of the instruction, when the flag field requires, the generated identification field corresponding to the register used by the operand and the expected identification field from which the operand originated; Means capable of checking equality,
And, as a forcing means, means capable of changing the result of the instruction if at least one of the checked equivalences is false,
Defining
including.

According to another preferred embodiment, the process according to the invention comprises:
→ During the protection phase,
-Basic command or command command as trigger command,
-A basic function or instruction as a dependent function,
-At least one argument to a trigger command which, as an order, corresponds at least in part to the information sent to the unit by the data processing system and triggers the execution of the corresponding dependent function;
-A method of renaming an order capable of renaming an order so as to obtain a trigger command having a renamed order;
And a restoration means designed to be used in the unit during the use phase and capable of restoring dependent functions to be executed from the renamed order,
Defining
-Building a means of utilization that will allow the unit to implement the means of restoration;
・ And the protected software
-By selecting a trigger command in the source of the protected software,
By changing at least one selected part of the source of the protected software by renaming the order of the selected trigger command so as to hide the identification of the corresponding dependent function
− And
> The first object part of the protected software, such that a trigger command with the renamed order is executed during execution of the protected software;
And a dependent function whose execution is triggered by the first execution part during execution of the protected software after uploading to the unit, including a utilization means that also implements the restoration means Such that the identity is restored by the second execution part and the dependent function is executed by the second execution part,
By generating
Changing,
Including
→ During the usage phase
-Each time a trigger command with a renamed order included in a part of the first execution part requests in the presence of a unit, the corresponding dependent function identification is restored in the unit and the part is executed correctly. As a result, ensuring that the protected software is fully functional,
And in the absence of the unit, despite the request by the part of the first execution part that seeks to trigger the execution of the dependent function in the unit, the request cannot be satisfied correctly, so that at least the part is correctly Not be executed and, as a result, prevent protected software from fully functioning,
including.

According to a variant embodiment, the process according to the invention is:
→ During the protection phase,
Defining a set of dependent functions that are algorithmically equivalent for at least one dependent function, but whose renamed order is triggered by a different trigger command;
・ And the protected software
-By selecting at least one trigger command with the renamed order in the source of protected software;
-And by replacing at least the renamed order of one selected trigger command with the renamed order with another renamed order that triggers the same group of dependent functions, By changing at least one selected part
Changing,
including.

According to a variant embodiment, the process according to the invention is:
→ During the protection phase, a group of dependent functions that are algorithmically equivalent for at least one dependent function,
-By concatenating the noise field to the information defining the functional part of the dependent function to be executed in the unit,
Or alternatively, by using the instruction's identification field and the expected identification field of the operand,
Defining,
including.

According to a variant embodiment, the process according to the invention is:
→ During the protection phase,
・-As an order renaming method, an encryption method to encrypt the order,
-And means for implementing as a restoring means a decoding method for restoring the identity of the dependent function to be executed in the unit by decoding the renamed order;
Defining
including.

According to another preferred embodiment, the process according to the invention comprises:
→ During the protection phase,
・ Protected software
-By selecting at least one conditional branch executed in at least one selected algorithm processing in the source of protected software;
-Changing at least one selected part of the source of the protected software (this change means that during execution of the protected software, the function of at least one selected conditional branch is Is a change as performed by
− And
> The first object part of the protected software, such that at least one selected conditional branch function is executed in the unit during the execution of the protected software;
> The second object part of the protected software, after uploading to the unit, the second execution part appears during the execution of the protected software, thereby executing the function of at least one selected conditional branch Something like,
By generating
Changing,
Including
→ During the usage phase
Whenever a part of the first execution part requests in the presence of the unit, the unit executes the function of at least one conditional branch, so that the part is executed correctly and as a result, the protected software is fully functional To do,
And, in the absence of the unit, despite the request by the part of the first execution part that asks the unit to execute the function of the conditional branch, the request cannot be satisfied correctly, so that at least the part is correctly Not be executed and, as a result, prevent protected software from fully functioning,
including.

According to an alternative embodiment, the process according to the present invention, during the protection phase,
-By selecting at least one selected conditional branch sequence in the source of protected software;
-Changing at least one selected part of the source of the protected software (this change means that during execution of the protected software, all functions of the at least one selected conditional branch sequence are Is a change as performed by the execution part)
− And
> The first object part of the protected software, such that at least one function of the selected conditional branching sequence is executed in the unit during the execution of the protected software;
> The second object part of the protected software, after uploading to the unit, the second execution part appears during the execution of the protected software, thereby executing all functions of at least one selected conditional branch sequence Something like
By generating
Including changing.

  In this way, the process according to the invention makes it possible to protect the use of software by using a processing / storage unit that exhibits the property of containing a portion of the software to be executed. Thus, any derivative version of software that attempts to operate without a processing / storage unit requires that that part of the software contained in the storage unit be recreated during execution, otherwise the derivative version of the software is completely Does not work.

  Various other characteristics will become apparent in the following description, which refers to the accompanying drawings, illustrating non-limiting examples, embodiments, and implementations of the subject matter of the present invention.

  In the following description, the following definitions are used.

  The data processing system 3 is a system that can execute a program.

A processing / storage unit is a unit that can:
Receiving data provided by the data processing system 3;
Return the data to the data processing system 3;
-Even if the unit is turned off, store the data at least partly secretly and retain at least part of this data.
-Perform algorithmic processing on the data and keep some or all of the results secret.

  Unit 6 is a processing / storage unit that implements the process according to the invention.

  A blank unit 60 is a unit that does not implement a process according to the present invention, but can receive data and convert it to unit 6.

  The pre-customized unit 66 is a blank unit 60 that can be converted to the unit 6 after receiving supplementary data because it has received a portion of the data.

  -Uploading information to the blank unit 60 or the pre-customized unit 66 is equivalent to transferring the information to the blank unit 60 or the pre-customized unit 66 and storing the transferred information. This transfer can include changing the information format.

  Use capital letters to indicate variables, functions, or data included in the data processing system 3, and use lowercase letters to indicate variables, functions, or data included in the unit 6.

  “Protected software” is software that is protected by at least one of the protection principles implemented by the process according to the invention.

  “Valnarable software” is software that is not protected by any of the protection principles implemented by the process according to the invention.

  • Use the word “software” when the difference between balnarable software and protected software is not important.

-Software has the following expressions depending on the instant considered in its life cycle.
− Source representation − object representation − distribution − or dynamic representation

  -Software source expression is an expression that becomes object expression after conversion. The source representation can have various levels, from a conceptual abstraction level to a level that can be directly executed by a data processing system or processing / storage unit.

  The software object representation represents the level of representation that can be performed after transfer to distribution and upload to the data processing system or processing / storage unit. For example, the object representation can be binary code or interpreted code.

  Distribution is physical support or virtual support including object representation, and it is up to the user to use the software.

  • Dynamic representation corresponds to software execution from software distribution.

  A software part is a part of the software, for example one or more consecutive or non-consecutive instructions and / or one or more continuous or non-contiguous functional blocks; and It may be / or one or more functions and / or one or more subprograms and / or one or more modules. The software part may correspond to all software.

  FIG. 10 and FIG. 11 respectively show various representations of balableable software 2v in a general sense, and various representations of protected software 2p protected according to the process according to the present invention.

FIG. 10 shows various representations of the balnarable software 2v that appear in the life cycle. Balnarable software 2v may appear in any of the following expressions:
・ Source expression 2vs
・ Object representation 2vo
-Distribution 2vd. Distribution is often in the form of a physical distribution medium such as a CDROM or a file distributed via a network (such as GSM or the Internet).
Or a dynamic representation 2ve, which generally corresponds to the execution of the valarable software 2v on a known type of data processing system 3 equipped with at least one processor 4.

FIG. 11 shows various representations of protected software 2p that appear in the life cycle. The protected software 2p may appear in any of the following expressions.
A source representation including a first object part 2pos for the data processing system 3 and a second object part 2pos for the unit 6. Part of both source parts are often included in a common file.
An object display 2po including a first object part 2pos for the data processing system 3 and a second object part 2pou for the unit 6;
・ Distribution 2 pd including:
A first distribution part 2pds including a first object part 2pos. This first distribution part 2pds is for the data processing system 3, and often takes the form of a physical distribution medium such as a CDROM or the form of a file distributed via a network (such as GSM or the Internet).
-And a second distribution part 2pdu of the form
> Or at least one pre-customized unit 66 where a part of the second object part 2 pou is uploaded and the user has to complete the customization by uploading supplemental data in order to obtain the unit 6. This supplementary data is acquired by downloading via a network.
> Or at least one unit 6 in which the second object part 2 pou is uploaded
Or dynamic expression 2pe corresponding to execution of protected software 2p. The dynamic expression 2pe includes a first execution part 2pes executed by the data processing system 3 and a second execution part 2peu executed by the unit 6.

  If the difference between the various representations of protected software 2p is not significant, the terms “first part of protected software” and “second part of protected software” shall be used.

  The implementation of the process according to the invention according to the dynamic representation of FIG. 11 uses a device 1 p comprising a data processing system 3 connected to a unit 6 by a link 5. The data processing system 3 may be of any type, but generally includes at least one processor 4. The data processing system 3 may be part of a computer or various machines, equipment, fixed or mobile products, or vehicles in a general sense. The link 5 can be realized by any method such as a serial link, a USB bus, a wireless link, an optical link, a network link, or a direct electrical connection to the data processing system 3 circuit. It should be noted that the unit 6 can be physically located in the same integrated circuit as the processor 4 of the data processing system 3. In this case, the unit 6 can be regarded as a coprocessor in relation to the processor 4 of the data processing system 3, and the link 5 is in the integrated circuit.

  FIGS. 20 to 22 show in particular and without limitation various embodiments of the device 1p that enable the implementation of the protection process according to the invention.

  In the embodiment shown in FIG. 20, the protection device 1p includes a computer as the data processing system 3, a chip card 7 as the unit 6, and its interface 8 (generally called a card reader). The computer 3 is connected to the unit 6 by a link 5. During the execution of the protected software 2p, in order for the protected software 2p to be fully functional, both the first execution part 2pes executed by the computer 3 and the second execution part 2peu executed by the chip card 7 and its interface 8 Must work.

  In the embodiment shown in FIG. 21, the product 9 in a general sense equipped with the protection device 1 p includes various components 10 that match the functions of the product 9. The protection device 1p includes on the one hand a data processing system 3 incorporated in the product 9 and on the other hand a unit 6 associated with the product 9. In order for the product 9 to be fully functional, the protected software 2p must be fully functional. For this reason, both the first execution part 2pes executed by the data processing system 3 and the second execution part 2peu executed by the unit 6 must function during execution of the protected software 2p. Accordingly, the protected software 2p can indirectly prevent unauthorized use of the product 9 or any of its functions. Product 9 can be equipment, systems, machines, toys, indoor appliances, telephones, and the like.

  In the embodiment shown in FIG. 22, the protection device 1p includes a plurality of computers and a part of a communication network. The data processing system 3 is a first computer connected by a network link 5 to a unit 6 constituted by a second computer. In the implementation of the present invention, the second computer 6 is used as a license server for the protected software 2p. In order for the protected software 2p to be fully functional during the execution of the protected software 2p, both the first execution part 2pes executed on the first computer 3 and the second execution part 2peu executed on the second computer 6 Must function.

  FIG. 30 clearly shows the protection process according to the invention. It should be noted that it is assumed that the vernalable software 2v is fully running on the data processing system 3. On the other hand, in the implementation of the protected software 2p, since the transfer means 13 which is a part of the unit 6 is connected to the transfer means 12 provided in the data processing system 3 by the link 5, the first execution of the protected software 2p is performed. Communication between part 2 pes and the second execution part 2 peu can be established.

  It should be noted that the transfer means 12, 13 have software and / or hardware properties and can implement (and possibly optimize) data communication between the data processing system 3 and the unit 6. The transfer means 12 and 13 are preferably configured to freely use the protected software 2p that does not depend on the type of the link 5 to be used. The transfer means 12, 13 are not the subject of the present invention and are well known to those skilled in the art and will not be described in further detail. The first part of the protected software 2p includes a command. By executing this command by the first execution part 2pes during execution of the protected software 2p, communication between the first execution part 2pes and the second execution part 2peu becomes possible. In the following description, this command is expressed as IN, OUT, or TRIG.

  As shown in FIG. 31, in order to enable the implementation of the second execution part 2peu of the protected software 2p, the protection means 14 is provided in the unit 6. The protection means 14 includes a storage means 15 and a processing means 16.

In order to simplify the following description, the presence or absence of the unit 6 during the execution of the protected software 2p will be examined. Actually, the unit 6 including the protection means 14 that is not suitable for the execution of the second execution part 2peu of the protected software 2p is also considered to be absent whenever the protected software 2p is not executed correctly. The following applies to the presence or absence of units.
A unit 6 that is physically present and has a protection means 14 suitable for the execution of the second execution part 2peu of the protected software 2p is always considered to be present.
The unit 6 that includes the protection means 14 that physically exists but is not suitable for the correct implementation of the second execution part 2 peu of the protected software 2p (does not allow this implementation), the protected software 2p functions correctly. If the protected software 2p does not function correctly, it is considered not to exist.
Also, units 6 that do not physically exist are always considered not to exist.

  When the unit 6 is composed of the chip card 7 and its interface 8, the transfer means 13 is divided into two parts. One is a part on the interface 8 and the other is a part on the chip card 7. In this embodiment, the absence of the chip card 7 is considered the same as the absence of the unit 6. That is, when the chip card 7 and / or its interface 8 does not exist, the protection means 14 is inaccessible and the second execution part 2 peu of the protected software 2 p cannot be executed, so that the protected software 2 p is completely Does not work.

  The purpose of the protection process according to the invention is to implement a protection principle called << basic function >>. This implementation will be described with reference to FIGS.

The implementation of the protection principle with basic functions defines the following:
• Basic function set. The basic functions included in the basic function set can be executed by the second execution part 2 peu in the unit 6, and in some cases, data can be transferred between the data processing system 3 and the unit 6. .
• Basic command set for this basic function set. This basic command can be executed in the data processing system 3, which triggers the execution of the corresponding basic function in the unit 6.

  The implementation of the protection principle based on the basic function also constitutes a utilization means that can convert the blank unit 60 into the unit 6 that can execute the basic function. The execution of this basic function is triggered by the execution of a basic command in the data processing system 3.

  In the implementation of the protection principle with basic functions, at least one algorithmic processing that uses at least one operand and returns at least one result is also selected in the source 2 vs. varnarable software. Also, at least one portion of the source 2 vs. varnalable software that includes at least one selected algorithm processing is selected.

Next, at least one selected portion of the source 2 vs. valable software is modified to obtain the source 2 ps of the protected software. As a result of this change:
During execution of the protected software 2p, at least one part of the first execution part 2pes executed in the data processing system 3 takes into account that at least one selected algorithm processing function is executed in the unit 6 .
During execution of the protected software 2p, the second execution part 2peu executed in the unit 6 performs at least one function of at least one selected algorithm processing.
During the execution of the protected software 2p, each selected algorithm process is divided so that each selected algorithm process is executed by the second execution part 2peu using the basic function. Each selected algorithm process is preferably divided into basic functions fe _n (where n ranges from 1 to N). That is, it is divided into the following basic functions.
-One or more elementary functions (depending on the case) that can leave the handling of one or more operands to unit 6
A basic function, partly using operands and combined to perform the selected algorithm processing function using this operand; unit 6 handles the results of the selected algorithm processing; One or more basic functions that can be delegated to
Also, the basic command sequence is selected from a series of sequences that allow execution of the protected software 2p.

Executing within data processing system 3, the first execution part 2pes basic command _CEF n of the protected software 2p (the n range 1 to N) executes. This command triggers basic function fe _n of each previously defined, the execution by the second execution part 2peu in unit 6.

  FIG. 60 shows an example of execution of the balnarable software 2v. In this example, the calculation Z ← (X, Y) is executed at a predetermined time during the execution of the vernal software 2v in the data processing system 3. This calculation corresponds to substituting the result of the algorithm processing represented by the function F using the operands X and Y into the variable Z.

FIG. 61 shows an implementation example of the present invention in which the algorithm processing selected in FIG. In this example, if the unit 6 exists during execution of the first execution part 2 pes of the protected software 2 p in the data processing system 3, the following occurs.
The basic commands CFE ₁ and CFE ₂ are executed at times t ₁ and t ₂ . This command triggers in unit 6 the execution of the corresponding basic functions fe ₁ , fe ₂ by the second execution part 2 peu. This basic function transfers data X, Y from the data processing system 3 to the storage zones x, y arranged in the storage means 15 of the unit 6, respectively. The basic commands CFE ₁ and CFE ₂ are expressed as OUT (x, X) and OUT (y, Y), respectively.
Basic commands CFE _{3 to} CFE _N-1 are executed at times t _{3 to} t _N−1 . This command triggers in unit 6 the execution of the corresponding basic functions fe _{3 to} fe _N−1 by the second execution part 2 peu. The basic commands CFE _{3 to} CFE _N−1 are represented as TRIG (fe ₃ ) to TRIG (fe _N−1 ), respectively. The algorithm of the series of basic functions fe _{3 to} fe _N−1 executed in combination is the same as the function F. More precisely, when this basic command is executed, the basic functions fe _{3 to} fe _N−1 that use the contents of the storage zones x and y and return the result to the storage zone z of the unit 6 are executed in the unit 6.
In-time _{t N,} the basic command CFE _N is executed. This command triggers in unit 6 the execution of the basic function fe _N by the second execution part 2 peu. This function transfers this result to the data processing system 3 in order to assign the result of the algorithm processing contained in the storage zone z of the unit 6 to the variable Z. This basic command CFE _N is expressed as IN (z).

In this example, basic commands 1 to N are executed continuously. However, it should be noted that the following two improvements can be made.
The first improvement relates to a case where a plurality of algorithm processes are processed remotely by the unit 6 and at least the result of one algorithm process is used in another algorithm process. In such a case, a part of basic commands used for transfer can be deleted.
The purpose of the second improvement is to select an appropriate basic command sequence from a sequence that allows execution of the protected software 2p. In this regard, it is desirable to select a basic command sequence that temporarily isolates execution of the basic function. For separation, a code portion that is executed by the data processing system 3 and includes (or does not include) a basic command used to determine another data is inserted between the basic commands. 62 and 63 illustrate the principle of such an embodiment.

  FIG. 62 shows an example of execution of the balable software 2v. In this example, during the execution of the balable software 2v, two algorithm processes are executed in the data processing system 3, and Z and Z 'are determined. This process is expressed as Z ← F (X, Y) and Z ′ ← F ′ (X ′, Y ′).

FIG. 63 shows an example implementation of a process according to the present invention in which the two algorithm processes selected in FIG. In this example, if the unit 6 exists during the execution of the first execution part 2pes of the protected software 2p in the data processing system 3, as described above, the execution of the basic commands CFE _{1 to} CFE _N is as follows: And executing the basic commands CFE ′ _{1 to} CFE ′ _M corresponds to determining Z ′. As shown in the figure, since the basic commands CFE ′ _{1 to} CFE ′ _M and other code portions are inserted, the basic commands CFE _{1 to} CFE _N are not continuously executed. That is, in this example, CFE ₁ , inserted code portion, CFE ′ ₁ , CFE ₂ , inserted code portion, CFE ′ ₂ , CFE ′ ₃ , inserted code portion, CFE ′ ₄ , CFE ₃ , CFE ₄ ,..., CFE _N , CFE ′ _M are executed.

  If the unit 6 exists during execution of the protected software 2p, the corresponding basic function is executed in the unit 6 each time a basic command included in the portion of the first execution part 2pes of the protected software 2p requests. Should be noted. Therefore, if the unit 6 exists, this part is executed correctly, and as a result, the protected software 2p is fully functional.

  FIG. 64 shows an execution trial example of the protected software 2p when the unit 6 does not exist. In this example, even if the basic command is executed at each time during the execution of the first execution part 2pes of the protected software 2p in the data processing system 3, the unit 6 does not exist, so the execution of the corresponding basic function is triggered. I can't. For this reason, the value to be substituted into the variable Z cannot be determined correctly.

  Therefore, if the unit 6 does not exist, at least one part of the first execution part 2pes of the protected software 2p that requests the trigger for the execution of the basic function in the unit 6 cannot be correctly executed. Is not executed correctly, and as a result, the protected software 2p does not function completely.

  The purpose of the protection process according to another advantageous characteristic of the invention is to implement a protection principle called << Variable >>. This implementation will be described with reference to FIGS.

  In the implementation of the protection principle by variable, at least one variable is selected in the source 2 vs. varnalable software, and that variable partially defines its state during the execution of valarable software 2v. The term “software state” means a set of information at a given point in time that is necessary for complete execution of the software. Thus, if the selected variable does not exist, complete execution of the software is compromised. Also, at least one portion of the source 2 vs. varnalable software that includes at least one selected variable is selected.

  Next, at least one selected portion of the balnarable software source 2 vs is modified to obtain the protected software source 2 ps. As a result of this change, during execution of the protected software 2p, at least one part of the first execution part 2pes executed in the data processing system 3 is at least one selected variable or at least one copy of the selected variable. Is present in unit 6.

FIG. 40 shows an example of execution of the balnarable software 2v. In this example, the following occurs during execution of the balloonable software 2v in the data processing system 3.
At time t ₁ , data X is substituted into variable V ₁ (represented by V ₁ ← X).
· At time _{t 2,} (expressed in Y ← _{V 1)} the value of the variable _{V 1} is substituted into the variable Y.
· At time _{t 3,} (represented by Z ← _{V 1)} the value of the variable _{V 1} is is assigned to the variable Z.

FIG. 41 shows an example of a first form of implementation of the invention in which variables are present in unit 6. In this example, if the unit 6 exists during execution of the first execution part 2 pes of the protected software 2 p in the data processing system 3, the following occurs.
At time t ₁ , a transfer command that triggers transfer of data X from the data processing system 3 to the variable v ₁ arranged in the storage unit 15 of the unit 6 is executed. This transfer command is expressed as OUT (v ₁ , X), and finally the data X is substituted into the variable v ₁ .
At time t ₂ , in order to substitute the value of variable v ₁ present in unit 6 for variable Y, a transfer command is executed that triggers the transfer of this value to data processing system 3. This transfer command is expressed as IN (v ₁ ), and the value of the variable v _{1 is} finally substituted into the variable Y.
At time t ₃ , in order to substitute the value of variable v ₁ present in unit 6 for variable Z, a transfer command is executed that triggers the transfer of this value to data processing system 3. This transfer command is expressed as IN (v ₁ ), and the value of the variable v _{1 is} finally substituted into the variable Z.

  It should be noted that at least one variable is present in the unit 6 during execution of the protected software 2p. For this reason, when the part of the first execution part 2pes of the protected software 2p requests, if the unit 6 exists, this variable existing in the unit 6 is used for the first execution part 2pes of the protected software 2p. Is transferred to the data processing system 3. As a result, this part is executed correctly, and as a result, the protected software 2p is fully functional.

FIG. 42 shows an example of a second form of implementation of the invention in which a copy of the variable exists in unit 6. In this example, if the unit 6 exists during execution of the first execution part 2 pes of the protected software 2 p in the data processing system 3, the following occurs.
At time t ₁ , data X is assigned to variable V ₁ arranged in data processing system 3. Also, a transfer command that triggers the transfer of data X from the data processing system 3 to the variable v ₁ arranged in the storage means 15 of the unit 6 is executed. This transfer command is expressed as OUT (v ₁ , X).
In-time _{t 2, the} value of variable _{V 1} is substituted into the variable Y.
At time t ₃ , in order to substitute the value of variable v ₁ present in unit 6 for variable Z, a transfer command is executed that triggers the transfer of this value to data processing system 3. This transfer command is represented as IN (v ₁ ).

  It should be noted that during execution of the protected software 2p, at least one copy of the variable exists in the unit 6. For this reason, when the part of the first execution part 2pes of the protected software 2p requests, if the unit 6 exists, the variable existing in the unit 6 is used for use in the first execution part 2pes of the protected software 2p. The value of this copy is transferred to the data processing system 3. For this reason, this part is executed correctly, and as a result, the protected software 2p is fully functional.

FIG. 43 shows an execution trial example of the protected software 2p when the unit 6 does not exist. In this example, during the execution of the first execution part 2pes of the protected software 2p in the data processing system 3, the following occurs.
Even if the transfer command OUT (v ₁ , X) is executed at time t ₁ , the transfer of the data X to the variable v ₁ cannot be triggered because the unit 6 does not exist.
Even if the transfer command IN (v ₁ ) is executed at time t ₂ , the transfer of the value of the variable v ₁ to the data processing system 3 cannot be triggered because the unit 6 does not exist.
Even if the transfer command IN (v ₁ ) is executed at time t ₃ , the unit 6 does not exist, and therefore the transfer of the value of the variable v ₁ to the data processing system 3 cannot be triggered.

  Therefore, if unit 6 does not exist, at least one request by the part of the first execution part 2 pes that requires the use of a variable or a copy of the variable that exists in unit 6 cannot be correctly performed, so at least this part is correct. As a result, the protected software 2p does not function completely.

In the data transfer between the data processing system 3 and the unit 6 shown in the above example, only simple substitution is used, but OUT (v ₁ , 2 * X + 3) or It should be noted that those skilled in the art can know how to obtain complex operations such as Z ← (5 * v ₁ + v ₂ ).

  The purpose of the protection process according to another advantageous characteristic of the invention is to implement a protection principle called << Detection and Enforcement >>. This implementation will be described with reference to FIGS.

In the implementation of the detection and enforcement protection principle, the following are defined:
At least one software execution characteristic that can be monitored at least in part at unit 6 at least one criterion to be observed for at least one software execution characteristic at least one software execution characteristic has at least one relevant criterion Detecting means 17 provided in the unit 6 that can detect non-compliance
A forcing means 18 provided in the unit 6 capable of notifying the data processing system 3 and / or changing the software execution if at least one criterion is not observed

  In the implementation of the protection principle by detection and forcing, a utilization means that can convert the blank unit 60 into a unit 6 comprising at least the detection means 17 and the forcing means 18 is also constructed.

  FIG. 70 shows the means necessary to implement this protection principle by detection and enforcement. The unit 6 is equipped with detection means 17 and forcing means 18 belonging to the processing means 16. When the standard is not observed, the forcing unit 18 is notified from the detecting unit 17 to that effect.

  More precisely, the detection means 17 uses the information sent from the transfer means 13 and / or the storage means 15 and / or the processing means 16 to monitor one or more software execution characteristics. At least one standard to be observed is set for each software execution characteristic.

  If it is detected that at least one software execution characteristic does not comply with at least one criterion, the detection means 17 notifies the forcing means 18 to that effect. The forcing means 18 is configured so that the state of the unit 6 can be changed by an appropriate method.

In the implementation of the detection and enforcement protection principle, the following are also selected:
• Select at least one software execution characteristic to be monitored from among the software execution characteristics that can be monitored.
• Select at least one criterion to be observed for at least one selected software execution characteristic.
At least one algorithmic process in which at least one software execution characteristic is monitored is selected in the source 2 vs. varnarable software.
• Select at least one portion of the source 2 vs. varnalable software that contains at least one selected algorithm processing.

Next, at least one selected portion of the balnarable software source 2 vs is modified to obtain the protected software source 2 ps. As a result of this change, in particular, the following occurs during execution of the protected software 2p.
Take into account that at least one part of the first execution part 2 pes executed in the data processing system 3 needs to monitor at least one selected software execution characteristic, at least partly in the unit 6.
The second execution part 2 peu executed in the unit 6 at least partly monitors the selected software execution characteristics;

If the unit 6 is present during the execution of the protected software 2p protected by this protection principle by detection and enforcement, the following occurs.
As long as all standards corresponding to all monitored execution characteristics of all modified parts of protected software 2p are observed, the modified parts of protected software 2p will function nominally, so protected software 2p works as nominal.
If at least one criterion corresponding to the monitored execution characteristics of the protected software 2p part is not observed, the data processing system 3 is notified and / or of that part of the protected software 2p The function is changed, and as a result, the function of the protected software 2p is changed.

  Of course, if unit 6 does not exist, at least one request by the first execution part 2pes of protected software 2p that requires the use of unit 6 cannot be correctly executed, so at least this part is executed correctly. As a result, the protected software 2p does not function completely.

  In implementing the detection and enforcement protection principle, two types of software execution characteristics are preferentially used.

  The first type of software execution characteristics corresponds to software execution measurement variables, and the second type of software execution characteristics corresponds to software usage status profiles. These two types of properties can be used individually or in combination.

In the implementation of the detection and enforcement protection principle, using software-executed measurement variables as execution characteristics, the following are defined:
The storage means 15 can store at least one measurement variable used to quantify the usage of at least one software function. The detection means 17 can store at least one threshold value associated with each measurement variable.・ An enabling method that can update each measurement variable according to the usage status of the function associated with the measurement variable

  In addition to the detection means 17 and the forcing means 18, a utilization means including an enabling means is also constructed.

The following is also selected in the source 2 vs. varnarable software.
-At least one function of valable software 2v that can monitor the usage status using measurement variables-At least one measurement variable used to quantify the usage status of this function-Usage limit of this function At least one threshold associated with the measurement variable corresponding to the at least one method of updating the measurement variable according to the use of this function

Next, in order to obtain the source 2ps of the protected software, the source 2vs of the balnarable software is changed. As a result of this change, during execution of the protected software 2p, the second execution part 2peu performs the following.
• Enable measurement variables according to the usage status of this function.
• Consider at least one threshold crossing.

  That is, during execution of the protected software 2p, when this measurement variable is updated according to the usage status of this function and the threshold value is exceeded, the detection means 17 notifies the forcing means 18 to that effect. The forcing unit 18 appropriately determines whether to notify the data processing system 3 and / or change the processing executed by the processing unit 16. When changing, the function of the protected software 2p is changed, and as a result, the function of the protected software 2p is changed.

In the implementation of the first preferred variant embodiment of the detection and enforcement protection principle using measurement variables as characteristics, the following is defined:
• Multiple related thresholds for at least one measurement variable • Various forcing measures corresponding to each of these thresholds

The following is also selected in the source 2 vs. varnarable software.
At least one measurement variable that is used to quantify the usage of at least one function of the software and needs to be associated with multiple thresholds corresponding to various usage limits of this function At least two thresholds

Next, in order to obtain the source 2ps of the protected software, the source 2vs of the balnarable software is changed. As a result of this change, during execution of the protected software 2p, the second execution part 2peu performs the following.
• Enable measurement variables according to the usage status of this function.
• Consider exceeding various thresholds individually.

  That is, generally, when the first threshold is exceeded during execution of the protected software 2p, the unit 6 notifies the data processing system 3 to that effect, and the data processing system 3 provides this function to the protected software 2p. Order not to use. If the protected software 2p continues to use this function, the second threshold may be exceeded. If the second threshold is exceeded, the forcing means 18 can disable the selected function and / or protected software 2p.

  In the implementation of the second preferred variant embodiment of the detection and enforcement protection principle, which uses a measurement variable as a characteristic, a supplementation that allows at least one additional use to at least one software function monitored by the measurement variable Means are defined.

  Further, in addition to the detecting means 17, the forcing means 18, and the enabling means, a utilization means including a replenishing means is also constructed.

  In addition, at least one measurement variable used to limit the use of at least one function of the software, which must be allowed at least one additional use, in the source 2 vs. varnalable software is selected.

  Next, in order to obtain the source 2ps of the protected software, the source 2vs of the balnarable software is changed. As a result of this change, in a phase called replenishment, at least one additional use of at least one function corresponding to the selected measurement variable can be permitted.

  In order to allow at least one additional use of the corresponding function, at least one selected measurement variable and / or at least one associated threshold is re-enabled in the replenishment phase. That is, in the replenishment phase, additional use of at least one function of the protected software 2p can be permitted.

  In the implementation of the detection and enforcement protection principle using a software usage profile as a characteristic, at least one software execution feature is defined as a criterion to be observed for this usage profile.

The following is also selected in the source 2 vs. varnarable software.
At least one usage profile to be monitored at least one execution feature that at least one selected usage profile must comply with

  Next, in order to obtain the source 2ps of the protected software, the source 2vs of the balnarable software is changed. As a result of this change, during execution of the protected software 2p, the second execution part 2peu will comply with all selected execution features. That is, the unit 6 itself monitors how the second execution part 2 peu is executed and, if at least one execution feature is not observed, notifies the data processing system 3 and / or The function of the protected software 2p can be changed.

If the unit 6 exists during the execution of the protected software 2p protected by this principle, the following occurs.
As long as all the execution features of all the changed parts of the protected software 2p are observed, the changed parts of the protected software 2p function nominally, so the protected software 2p functions nominally.
If at least one execution feature of a part of the protected software 2p is not complied with, the data processing system 3 is notified and / or the function of that part of the protected software 2p is changed and consequently The function of the protected software 2p is changed.

  Various monitoring of execution characteristics can be considered. For example, the presence / absence of an instruction including a marker and the execution chain of at least one part of the instruction can be monitored.

As an implementation feature to be observed, in the implementation of the detection and enforcement protection principle using the monitoring of the execution chain of at least one part of the instruction, the following is defined:
An instruction set that includes instructions that can be executed by unit 6. An instruction command set for this instruction set. This instruction command can be executed by the data processing system 3. When each of the command commands is executed by the data processing system 3, the execution of the corresponding command is triggered in the unit 6.
Detection means 17 that can detect that the instruction chain is not expected.
If the instruction chain is not expected, a forcing means 18 can notify the data processing system 3 and / or change the software execution

  Also, a utilization means that enables execution of instructions of the instruction set by the unit 6 is constructed. The execution of this instruction is triggered by the execution of an instruction command in the data processing system 3.

  In addition, at least one algorithmic process that must be remotely processed in unit 6 and needs to monitor the chain of at least one part of the instruction in the source 2vs of the balnarable software is also selected.

Next, in order to obtain the source 2ps of the valenable software, the source 2vs of the valable software is changed. As a result of this change, the following processing is performed while the protected software 2p is being executed.
The second execution part 2 peu performs at least the function of the selected algorithm processing;
• The selected algorithm processing is divided into multiple instructions.
A chain is specified that must be complied with by at least some instructions during execution in unit 6.
The first execution part 2 pes of the protected software 2 p executes an instruction command that triggers the execution of the instruction in the unit 6.

If the unit 6 is present during execution of the protected software 2p according to this principle, the following occurs.
As long as the instruction chain of all modified parts of protected software 2p executed in unit 6 is expected, the modified part of protected software 2p functions nominally, so protected software 2p is Works as nominal.
If the instruction chain of the part of the protected software 2p executed in the unit 6 is not expected, the data processing system 3 is notified of this and / or the function of that part of the protected software 2p is As a result, the function of the protected software 2p is changed.

  FIG. 71 shows an example where the expected chain is observed in an implementation of the detection and enforcement protection principle that utilizes the monitoring of the execution chain of at least one part of the instruction as an execution feature to be observed. Yes.

The first execution part 2 pes of the protected software 2 p executed in the data processing system 3 executes an instruction command CI _i that triggers the execution of the instruction i _i belonging to the instruction set in the unit 6. In this instruction set, at least a part of each instruction includes a part for defining the function of the instruction and a part for confirming that an instruction execution chain is expected. In this example, the instruction command CI _i is represented as TRIG (i _i ), and the expected chain of instruction execution is i _n , i _{n + 1} , and i _{n + 2} . Executing instruction i _{n in} unit 6 yields result a and executing instruction i _{n + 1} yields result b. In the instruction _{n + 2} , the results a and b of the instructions i _n and i _{n + 1} are used as operands. The execution result of the instruction _{n + 2} is c.

  Since this instruction chain executed by the unit 6 is expected, the protected software 2p functions normally, that is, nominally.

  FIG. 72 illustrates an example where an expected chain is not observed in an implementation of a detection and enforcement protection principle that utilizes execution chain monitoring of at least one part of an instruction as an execution feature to be observed. .

Again, the expected chain of instruction execution is i _n , i _{n + 1} , and i _{n + 2} . However, since the execution chain is changed by replacing the instruction i _n with the instruction i ′ _n , the actually executed chain is i ′ _n , i _{n + 1} , and i _{n + 2} . Executing instruction i ′ _n yields the same result as executing result a, ie instruction i _n . However, the instruction i _'n is the instruction i _{n + 2} operands are not instructions results used a expected to generate a detecting means 17 at the latest detected during execution of instructions i _{n + 2.} The detection means 17 notifies the forcing means 18 to that effect, and the forcing means 18 changes the function of the instruction in _{+ 2} . Due to this change, the execution result c ′ of the instruction i _{n + 2} may be different from c. Of course, if the instruction i _'n execution result a' is different from the result a of the instruction i _n, it is clear that it may be different from the instruction i _{n + 2} of the results are also c.

  Therefore, if the execution chain of instructions executed in the unit 6 is not expected, the function of the protected software 2p can be changed.

  73 and 74 show a preferred variant embodiment of the detection and enforcement protection principle, which utilizes the monitoring of the execution chain of at least one part of the instruction as an execution feature to be observed. In this preferred variation, an instruction set is defined that includes at least some instructions that work with registers and use at least one operand to return a result.

As shown in FIG. 73, for at least some of the instructions that operate together with the register, a part PF that defines the function of the instruction and a part PE that defines the expected chain of instruction execution are defined. The portion PF corresponds to an operation code well known to those skilled in the art. The part PE that defines the expected chain includes the following bit fields:
Instruction identification field CII
For each operand k of the instruction, the following fields (range k is 1 to K, where K indicates the number of operands of the instruction)
A flag field CD _k indicating whether it is appropriate to confirm the origin of operand _k
The expected identification field CIP _{k of the} operand indicating the expected identity of the instruction that generated the contents of the operand _k

As shown in FIG. 74, the instruction set includes V registers belonging to the processing means 16. Each register is named R _v (v ranges from 1 to V). For each register _Rv , the following two fields are defined:
A function field CF _v known to those skilled in the art that can store the execution result of the instruction.
- Capability CF _v generated identification field _CIG v capable of storing the identity of the instruction that generated the contents of the. The generation identification field CIG _v is automatically updated with the contents of the instruction identification field CII that generated the function field CF _v . This generation identification field CIG _v cannot be accessed or changed by an instruction and is used only by the detection means 17.

During the execution of the instruction, the detecting means 17 performs the following processing for each operand k.
Read the flag field CD _k .
If flag field CD _k requires, read both expected identification field CIP _k and generated identification field CIG _v corresponding to the register used in operand k.
Check if the two fields CIP _k and CIG _v are equal.
If they are not equal, the detection means 17 considers that the instruction execution chain is not observed.

  When the detection means 17 is notified that the instruction chain is not observed, the forcing means 18 can change the instruction result. The preferred embodiment is implemented by changing the functional part PF of the currently executed instruction or the functional part PF of the subsequent instruction.

  The purpose of the protection process according to another advantageous characteristic of the present invention is to implement a protection principle called "Rename". This implementation will be described with reference to FIGS.

The implementation of the rename protection principle defines the following:
Dependent function set. The dependent functions included in the dependent function set can be executed by the second execution part 2 peu in the unit 6, and in some cases, data can be transferred between the data processing system 3 and the unit 6. This dependent function set may be either finite or infinite.
• Trigger command set for this dependent function. This trigger command is executed in the data processing system 3 and can trigger the execution of the corresponding dependent function in the unit 6.
The order of each trigger command corresponding at least in part to the information transferred by the first execution part 2pes to the second execution part 2peu in order to trigger the execution of the corresponding dependent function; This order has the form of at least one argument of the trigger command.
An order renaming method used during the change of the varnarable software 2v. In this way, an order can be renamed to obtain a trigger command with a renamed order that can hide the identity of the corresponding dependent function.
A restoration means 20 that can restore the original order from the renamed order in order to restore the dependent function that is used and executed in unit 6 in the usage phase.

  In the implementation of the protection principle by renaming, a utilization means that can convert the blank unit 60 into the unit 6 including at least the detection means 17 and the forcing means 18 is also constructed.

In the implementation of the protection principle by renaming, the following is also selected in the source 2 vs. varnarable software.
At least one algorithm processing using at least one operand and returning at least one result at least one part of the source 2 vs. varnalable software comprising at least one selected algorithm processing

Next, in order to obtain the source 2ps of the protected software, the source 2vs of the balnarable software is changed. As a result of this change, in particular:
During execution of the protected software 2p, at least one part of the first execution part 2pes executed in the data processing system 3 takes into account that at least one selected algorithm processing function is executed in the unit 6 .
During execution of the protected software 2p, the second execution part 2peu executed in the unit 6 performs at least one function of at least one selected algorithm processing.
During the execution of the protected software 2p, each selected algorithm process is divided so that it is executed by the second execution part 2peu using a dependent function. Each selected algorithm process is preferably divided into the following dependent functions fd _n (where n ranges from 1 to N).
-One or more dependent functions (depending on the case) that can be left to unit 6 to handle one or more operands
A subordinate function such that some use operands and combine to perform the selected algorithm processing function using this operand; unit 6 handles the results of the selected algorithm processing; One or more dependent functions that can be delegated to
- during the execution of the protected software 2p, the second execution part 2peu executes the dependent functions fd _n.
During execution of the protected software 2p, the dependent function is triggered by a trigger command with the renamed order.
In addition, the sequence of trigger commands is selected from a sequence that allows execution of the protected software 2p.

The first execution part 2pes of the protected software 2p executed in the data processing system 3 executes a trigger command having the renamed order. This command transfers the renamed order to unit 6, triggers the restoration of that order by the restoring means 20 in unit 6, and then each previously defined dependent function fd _n according to the second execution part 2peu. Trigger execution of.

  That is, the protection principle by renaming is executed by renaming the order of the trigger command in order to obtain the trigger command having the renamed order. Executing a trigger command with the renamed order in data processing system 3 triggers execution of the dependent function in unit 6. This dependent function is a dependent function that would have been triggered by a trigger command having an unrenamed order, but the identity of the dependent function to be executed cannot be identified by examining the protected software 2p.

  FIG. 80 shows an example of execution of the balnarable software 2v. In this example, the calculation Z ← F (X, Y) is executed at a predetermined time during the execution of the balloonable software 2v in the data processing system 3. This calculation corresponds to substituting the result of the algorithm processing represented by the function F using the operands X and Y into the variable Z.

  81 and 82 show an implementation example of the present invention.

FIG. 81 shows a partial implementation of the present invention. In this example, if the unit 6 exists during execution of the first execution part 2 pes of the protected software 2 p in the data processing system 3, the following occurs.
The trigger commands CD ₁ and CD ₂ are executed at times t ₁ and t ₂ . This command triggers in unit 6 the execution of the corresponding dependent functions fd ₁ , fd ₂ by the second execution part 2 peu. This dependent function transfers the data X, Y from the data processing system 3 to the storage zones x, y arranged in the storage means 15 of the unit 6, respectively. The trigger commands CD ₁ and CD ₂ are expressed as OUT (x, X) and OUT (y, Y), respectively.
In-time _t 3 _{~t N-1,} trigger commands _CD 3 _{~CD N-1} is executed. This command triggers in unit 6 the execution of the corresponding dependent functions fd _{3 to} fd _N−1 by the second execution part 2 peu. The trigger commands CD _{3 to} CD _N-1 are represented as TRIG (fd ₃ ) to TRIG (fd _N-1 ), respectively. The algorithm of the series of dependent functions fd _{3 to} fd _N−1 executed in combination is the same as the function F. More precisely, when this trigger command is executed, the dependent functions fd _{3 to} fd _N−1 are executed in the unit 6 which use the contents of the storage zones x, y and return the result to the storage zone z of the unit 6.
In-time _{t N,} trigger command CD _N is executed. This command triggers in unit 6 the execution of the dependent function fd _N by the second execution part 2 peu. This function transfers this result to the data processing system 3 in order to assign the result of the algorithm processing contained in the storage zone z of the unit 6 to the variable Z. This command is represented as IN (z).

In this example, in order to fully implement the present invention, the first argument of the trigger command OUT and the arguments of the trigger commands TRIG and IN are selected as orders. The order thus selected is renamed by the order renaming method. In this method, R (x), R (y), R (fd ₃ ). . . , R (fd _N-1 ), R (z), the orders (x, y, fd ₃ , fd _N-1 , z) of the trigger commands CD _{1 to} CD _N-1 are renamed. .

FIG. 82 shows a complete implementation of the present invention. In this example, if the unit 6 exists during execution of the first execution part 2 pes of the protected software 2 p in the data processing system 3, the following occurs.
At time t ₁ and t ₂ , trigger commands CDCR ₁ and CDCR ₂ having the renamed order are executed. This command transfers the renamed orders R (x), R (y) and data X, Y to the unit 6. Thereby, the restoration of the renamed order by the restoration means 20 is triggered in the unit 6 and the order (identities of the storage zones x, y) is restored. Next, the corresponding dependent functions fd ₁ and fd ₂ are executed by the second execution part 2 peu. This dependent function transfers the data X, Y from the data processing system 3 to the storage zones x, y arranged in the storage means 15 of the unit 6, respectively. The trigger commands CDCR ₁ and CDCR ₂ having the renamed order are expressed as OUT (R (x), X) and OUT (R (y), Y), respectively.
At time t _{3 to} t _N−1 , trigger commands CDCR _{3 to} CDCR _N−1 having the renamed order are executed. This command transfers the renamed orders R (fd ₃ ) to R (fd _N−1 ) to the unit 6. As a result, the restoration of the order (fd _{3 to} fd _N-1 ) by the restoration means 20 is triggered in the unit 6. Next, the dependent functions fd _{3 to} fd _N−1 are executed by the second execution part 2 peu. The trigger commands CDCR _{3 to} CDCR _N−1 having the renamed order are expressed as TRIG (R (fd ₃ )) to TRIG (R (fd _N−1 )), respectively.
In and time _{t N,} trigger command CDCR _N with renamed order is executed. This command transfers the renamed order R (z) to unit 6. As a result, the restoration of the order (identity of the storage zone z) by the restoration means 20 is triggered in the unit 6. Next, the dependent function fd _N is executed by the second execution part 2 peu. This dependent function transfers this result to the data processing system 3 in order to substitute the result of the algorithm processing contained in the storage zone z of the unit 6 for the variable Z. This trigger command CDCR _N with the renamed order is denoted IN (R (z)).

In this example, the trigger commands 1 to N having the renamed order are executed continuously. However, it should be noted that the following two improvements can be made.
The first improvement relates to a case where a plurality of algorithm processes are processed remotely by the unit 6 and at least the result of one algorithm process is used in another algorithm process. In such a case, part of the trigger command with the renamed order used for transfer can be deleted.
The purpose of the second improvement is to select an appropriate sequence of trigger commands with renamed orders from among a sequence of sequences that allow execution of protected software 2p. In this regard, it is desirable to select a sequence of trigger commands having a renamed order that temporarily separates the execution of dependent functions. To separate, a portion of code that includes (or does not include) a trigger command with a renamed order that is used in the data processing system 3 to determine another data is inserted between the trigger commands. . 83 and 84 illustrate the principle of such an embodiment.

  FIG. 83 shows an example of execution of the balable software 2v. In this example, during the execution of the balable software 2v, two algorithm processes are executed in the data processing system 3, and Z and Z 'are determined. This process is expressed as Z ← F (X, Y) and Z ′ ← F ′ (X ′, Y ′).

FIG. 84 shows an example implementation of a process according to the present invention in which the two algorithm processes selected in FIG. 83 are remotely processed by unit 6. In this example, if the unit 6 exists during the execution of the first execution part 2pes of the protected software 2p in the data processing system 3, as described above, the trigger commands CDCR _{1 to} CDCR _N having the renamed order are issued. Executing corresponds to determining Z, and executing the trigger commands CDCR ′ _{1 to} CDCR ′ _M having the renamed order corresponds to determining Z ′. As shown in the figure, since the trigger commands CDCR ′ _{1 to} CDCR ′ _M having the renamed order and other code parts are inserted, the trigger commands CDCR _{1 to} CDCR _N having the renamed order are consecutive. Will not be executed. That is, in this example, CDCR ₁ , inserted code portion, CDCR ′ ₁ , CDCR ₂ , inserted code portion, CDCR ′ ₂ , CDCR ′ ₃ , inserted code portion, CDCR ′ ₄ , CDCR ₃ , CDCR ₄ ,..., CDCR _N , CDCR ′ _M are executed.

  It should be noted that: That is, during execution of the first execution part 2pes portion of the protected software 2p, the trigger command having the renamed order executed in the data processing system 3 triggers the restoration of the identity of the corresponding dependent function in the unit 6. And then trigger the execution of this dependent function. Therefore, if the unit 6 exists, this part is executed correctly, and as a result, the protected software 2p is fully functional.

  FIG. 85 shows an execution trial example of the protected software 2p when the unit 6 does not exist. In this example, during execution of the first execution part 2pes of the protected software 2p in the data processing system 3, even if the trigger command having the renamed order is executed at each time, the unit 6 does not exist, so the order is restored. Neither can trigger the execution of the corresponding dependent function. For this reason, the value to be substituted into the variable Z cannot be determined correctly.

  Therefore, when the unit 6 does not exist, at least one request by the first execution part 2pes portion of the protected software 2p for requesting the restoration of the order and the execution of the dependent function in the unit 6 cannot be correctly performed. At least this part is not executed correctly, and as a result, the protected software 2p does not function completely.

  With this protection principle by renaming, it is not possible to identify the identity of the dependent function that needs to be executed in unit 6, even if the protected software 2p examines the trigger command with the renamed order. It should be noted that the order renaming is performed when changing the narulatable software 2v to the protected software 2p.

  In the modification of the protection principle by renaming, for at least one dependent function, a group of dependent functions which are the same in terms of the algorithm but are triggered by different trigger commands with the renamed order are defined. In this variant, at least one algorithmic process that uses a dependent function is divided into dependent functions. Rather than appearing the same dependent function multiple times, at least one of these dependent functions is replaced with the same group of dependent functions. To accomplish this, the trigger command with the renamed order is modified to take into account the replacement of the dependent function with the same group of dependent functions. That is, two dependent functions in the same group have different orders and, as a result, have different trigger commands with renamed orders. Further, even if the protected software 2p is examined, it cannot be found that the algorithm of the called dependent function is the same.

  In a first preferred variant of the rename protection principle, a group of dependent functions are defined whose algorithms are the same for at least one dependent function. This definition is performed by concatenating information defining the functional part of the dependent function executed in the unit 6 and the noise field.

  In a second preferred variant of the rename protection principle, for at least one dependent function, a group of dependent functions with the same algorithm is defined by using an identification field.

  In a preferred variant of the rename protection principle, an order renaming method is defined which is an encryption method that can encrypt an order and convert it to a renamed order. It must be remembered that order renaming is performed in the protection phase P. In this preferred variant, the restoring means 20 are means for implementing a decoding method that can decrypt the renamed order and restore the identity of the dependent function executed in unit 6. This restoring means is implemented in the unit 6 and can have software or hardware properties. This restoring means 20 is required in the use phase U each time a trigger command with a renamed order is executed in the data processing system 3 in order to trigger the execution of the dependent function in the unit 6.

  The purpose of the protection process according to another advantageous characteristic of the invention is to implement a protection principle called << conditional branch >>. This implementation will be described with reference to FIGS.

  In the implementation of the protection principle by conditional branching, at least one conditional branch BC is selected in the source 2 vs. varnarable software. Also, at least one portion of the source 2 vs. balnarable software that includes at least one selected conditional branch BC is selected.

Next, at least one selected portion of the balnarable software source 2 vs is modified to obtain the protected software source 2 ps. As a result of this change, during the execution of the protected software 2p, in particular, the following occurs.
-At least one part of the first execution part 2pes executed in the data processing system 3 takes into account that the function of at least one selected conditional branch BC is executed in the unit 6.
Information of the second execution part 2 peu executed in the unit 6 that performs at least the function of at least one selected conditional branch BC and allows the first execution part 2 pes to continue execution at the selected spot Handling is left to the data processing system (3).

  The first execution part 2pes of the protected software 2p executed in the data processing system 3 executes the conditional branch command. This command triggers in unit 6 the execution of the remotely processed conditional branch bc by the second execution part 2 peu. The function of this conditional branch is the same as the function of the selected conditional branch BC.

FIG. 90 shows an example of execution of the balnarable software 2v. In this example, during the execution of the valable software 2v in the data processing system 3, a spot that continues execution of the valable software 2v at a specific time, that is, any one of the three spots B ₁ , B ₂ , or B ₃ The conditional branch BC instructs the varnarable software 2v. That is, the conditional branch BC determines which spot of B ₁ , B ₂ , or B ₃ to continue execution of the software.

FIG. 91 shows an implementation example of the present invention in which the conditional branch selected for remote processing by the unit 6 is a conditional branch BC. In this example, if the unit 6 exists during execution of the first execution part 2 pes of the protected software 2 p in the data processing system 3, the following occurs.
In-time _{t 1, the} conditional branch command CBC ₁ is executed. This command triggers the execution in unit 6 by the second execution part 2 peu of the remotely processed conditional branch bc which is the same in terms of the algorithm as the conditional branch BC. This conditional branch command CBC ₁ is expressed as TRIG (bc).
At time t ₂ , information is transferred from the unit 6 to the data processing system 3 that allows the first execution part 2 pes to continue execution at the selected spot, ie, B ₁ , B ₂ , or B ₃ .

  It should be noted that: That is, during execution of the portion of the first execution part 2 pes of the protected software 2 p, the conditional branch command executed in the data processing system 3 triggers the execution of the corresponding remote processed conditional branch in the unit 6. Therefore, if the unit 6 exists, this part is executed correctly, and as a result, the protected software 2p is fully functional.

FIG. 92 shows an execution trial example of the protected software 2p when the unit 6 does not exist. In this example, during execution of the first execution part 2pes of the protected software 2p in the data processing system 3, the following occurs.
Even when the conditional branch command CBC ₁ is executed at time t ₁ , the execution of the remotely processed conditional branch bc cannot be triggered because the unit 6 does not exist.
In-time t _2, the order unit 6 is not present, the transfer of information that allows continue execution at the spot where the first execution part 2pes is selected to fail.

  For this reason, if the unit 6 does not exist, at least one part of the first execution part 2 pes for triggering the execution of the remotely processed conditional branch in the unit 6 cannot be correctly executed, so at least this part Is not executed correctly, and as a result, the protected software 2p does not function completely.

  In the above description with reference to FIGS. 90-92, the object of the present inventive subject matter is to remotely process conditional branches in unit 6. Naturally, if a conditional branch sequence having an overall function corresponding to all functions of a remotely processed conditional branch is processed remotely by the unit 6, the preferred embodiment of the present invention can be implemented. If the overall function of this remotely processed conditional branch sequence is executed, the data processing system 3 is left to handle information that allows the first execution part 2pes of the protected software 2p to continue execution at the selected spot. be able to.

  In the previous discussion with reference to FIGS. 40-92, five different software protection principles have been shown as unrelated to each other. The protection process according to the invention is implemented using a protection principle with a basic function and possibly combining this principle with one or more other protection principles. If a basic function protection principle is complemented by implementing another at least one protection principle, the basic function protection principle is replaced by a variable protection principle and / or a detection and enforcement protection principle and / or a rename. It is expedient to supplement with the protection principle by and / or the protection principle by conditional branching.

  Also, when implementing the protection principle based on detection and enforcement, this protection principle can be supplemented by a protection principle based on rename and / or a protection principle based on conditional branching.

  Also, when implementing the protection principle by renaming, this protection principle can be supplemented by the protection principle by conditional branching.

  In a preferred variant embodiment, the protection principle by basic function is complemented by the protection principle by variable, the protection principle by variable is supplemented by the protection principle by detection and enforcement, the protection principle by detection and enforcement is complemented by the protection principle by rename, The protection principle by renaming is supplemented by the protection principle by conditional branching.

If another protection principle is applied to complement the protection principle based on the basic function, the following changes need to be added to the above explanation in consideration of the implementation combining the protection principles.
• The word balnarable software needs to be understood in the sense of software that is vulnerable in the context of the protection principles described so far. Therefore, if the protection principle has already been applied to the valenable software, the expression “valenable software” must be understood in the sense of “software protected by the already applied protection principle”.
• The term protected software should be understood in the sense of protected software in the context of the protection principles described so far. Therefore, if the protection principle has already been applied, the expression “protected software” must be understood in the sense of “new version of protected software”.
・ Also, when selecting the implementation of the protection principle described so far, it is necessary to consider the selection of the implementation of the protection principle already applied.

In the following description, the implementation of the protection process according to the present invention will be more clearly understood. This protection process according to the present invention more precisely consists of the following as shown in FIG.
First, the protection phase P is changed so that the valarable software 2v becomes the protected software 2p.
Next, the use phase U in which the protected software 2p is used. In this use phase U, the following occurs.
-When the unit 6 exists, every time the part of the first execution part 2pes requests in the data processing system 3, the requested function is executed in the unit 6, so that this part is executed correctly, and as a result, The protection software 2p is fully functional.
-If unit 6 does not exist, even if there is a request by the part of the first execution part 2pes that requests execution of the function in unit 6, this request cannot be performed correctly, so at least this part is not executed correctly, and as a result The protected software 2p does not function completely.
-In some cases, replenishment phase R. In this replenishment phase R, at least one additional use of the function protected by the implementation of the second preferred variant of the detection and enforcement protection principle using the measurement variable as a characteristic is permitted.

Protection phase P can be split in two protection subphase P ₁ and P _2. The first protection sub-phase is called the pre-protection sub-phase P ₁ and does not depend on the valable software 2v to be protected. The second protection sub-phase is called the subsequent protection sub-phase P ₂ and depends on the valable software 2v to be protected. Prior protection subphase P ₁ and the subsequent protection subphase P ₂ is to be noted that can be conveniently performed by two different persons or two different teams. For example, one person or one company that develops a software protection system performs the pre-protection subphase P ₁ and one person or one company that develops software that requires protection requires a subsequent protection subphase P ₂ can be executed. Of course, prior protection subphase P ₁ and the subsequent protection subphase P ₂ are the same person or team may also be performed.

The preceding protection sub-phase P ₁ is composed of a plurality of stages S ₁₁ ,..., S _1i . Various tasks and jobs are executed for each stage.

The first stage of the prior protection subphase P ₁ is referred to as "defining step S _11". In the definition stage _{S 11,} the following takes place.
• The following are selected:
-The type of unit 6; As an illustrative example, the unit 6, chip card reader 8, and chip card 7 associated to the reader can be selected.
Transfer means 12, 13; This transfer means is provided in each of the data processing system 3 and the unit 6 in the use phase U, and transfers data between the data processing system 3 and the unit 6.
If the protection process according to the invention implements the protection principle with basic functions, the following is also defined:
A basic function set including basic functions that can be executed in unit 6; a basic command set for this basic function set; This basic command is executed in the data processing system 3 and can trigger the execution of the basic function in the unit 6.
If the protection process according to the invention implements the detection and enforcement protection principle, the following is also defined:
At least one software execution characteristic that can be monitored at least in part by unit 6; at least one criterion to be observed for at least one software execution characteristic; at least one software execution characteristic implemented in unit 6; Detection means 17 that can detect that the device does not comply with at least one related criterion
A forcing means 18 that can be implemented in the unit 6 and can notify the data processing system 3 and / or change the execution of the software if at least one criterion is not complied with;
If the protection process according to the invention implements a detection and enforcement protection principle that uses software-implemented measurement variables as characteristics, the following are also defined:
-Measurement variables for the usage of software functions as software execution characteristics that can be monitored-At least one threshold value associated with each measurement variable, as a criterion to be observed-Update at least one measurement variable Possible enabling means: If the protection process according to the invention implements a first preferred variant embodiment of the detection and enforcement protection principle using software-implemented measurement variables as characteristics, the following is also defined:
-A plurality of associated thresholds for at least one measurement variable-various enforcement measures corresponding to each of these thresholds-protection by detection and enforcement, where the protection process according to the invention uses software-implemented measurement variables as characteristics When implementing the second preferred variant embodiment of the principle, a supplementary means is also defined that can add at least one additional use to at least one software function monitored by a measurement variable.
If the protection process according to the present invention implements a detection and enforcement protection principle that uses a software usage profile as a characteristic, the following is also defined:
-Software usage profile as a software execution characteristic that can be monitored-At least one characteristic of software execution as a standard to be observed-Monitoring the execution chain as an execution characteristic that the protection process according to the present invention should comply with When implementing the detection and enforcement protection principle using, the following are also defined:
An instruction set containing instructions that can be executed in unit 6; an instruction command set for this instruction set; This instruction command is executed by the data processing system 3 and can trigger execution of the instruction in the unit 6.
An instruction chain as a usage status profile, an expected chain of instruction execution as an execution feature, and a detection means 17 capable of detecting that the instruction chain is not expected.
-If the instruction chain is not expected, forcing means 18 for notifying the data processing system 3 and / or changing the function of the protected software 2p part
If the protection process according to the invention implements a preferred variant embodiment of the detection and enforcement protection principle, using execution chain monitoring as an execution feature to be observed, the following is also defined:
An instruction set that includes at least a part of an instruction that works with a register and uses at least one operand to return a result; for at least a part of an instruction that works with a register, the following is defined:
> Partial PF that defines the function of the instruction
> Defines the expected chain of instruction execution and includes the following bit fields: ◇ Instruction identification field CII
◇ The following fields for each operand of the instruction
* Flag field CD _k
* Operand expected identification field CIP _k
A generation identification field CIG _v for each register mounted on the exploitation means and used in the instruction set. This field automatically stores the identification of the last instruction that returned a result in this register.
During execution of the instruction, for each operand, if the flag field CD _k requires, the generation identification field CIG _v corresponding to the register used in this operand is the expected identification field of origin of this operand Detection means 17 capable of checking whether it is equal to CIP _k
A forcing means 18 that can change the result of the instruction if at least one of the checked equivalences is false;
If the protection process according to the invention implements the rename protection principle, the following is also defined:
A basic command or instruction command as a trigger command; a basic function or instruction as a dependent function; at least part of the information transferred to the unit 6 by the data processing system 3 to trigger the execution of the corresponding dependent function At least one argument (as an order) of the trigger command corresponding to
An order renaming method, in which an order can be renamed to obtain a trigger command with a renamed order, and a dependent function to be used and executed in unit 6 in the use phase U is restored from the renamed order. Restoration means 20 capable of
If the protection process according to the invention implements a variant of the protection principle by renaming, there is also a group of dependent functions that are the same in terms of the algorithm for at least one dependent function, but whose renamed orders are triggered by different trigger commands Defined.
If the protection process according to the present invention implements one of the preferred embodiments of the modification of the protection principle by renaming, a set of dependent functions whose algorithms are the same for at least one dependent function is also defined by:
By concatenating the noise field with the information defining the functional part of the dependent function to be executed in unit 6 or by using the instruction identification field CII and the expected identification field CIP _k of the operand If the protection process according to implements a preferred variant of the rename protection principle, the following is also defined:
An encryption method for encrypting an order as an order rename method; a restoring means 20 for implementing a decryption method for decrypting the renamed order and restoring the identity of the dependent function to be executed in the unit 6;

In the pre-protection sub-phase P ₁ , the definition phase S ₁₁ is followed by a phase called “construction phase S ₁₂ ”. In this construction stage S _12, the transfer means 12, 13 is constructed, utilizing means corresponding to the definition of the definition phase S ₁₁ in some cases also be constructed.

Therefore, the following is performed in this construction stage S _12.
Transfer means 12 and 13 are constructed that can transfer data between the data processing system 3 and the unit 6 in the use phase U.
A utilization means is constructed that enables the basic function of the basic function set to be executed by the unit 6 in the use phase U.
• If the detection and enforcement protection principle is also implemented, the following is established:
-Utilization means for enabling the implementation of the detection means 17 and the forcing means 18 by the unit 6 in the use phase U-Utilization means for enabling the implementation means by the unit 6 in the use phase U (depending on the case)
-Utilization means (possibly) that also allow the implementation of replenishment means by unit 6 in use phase U
-Utilization means that also allow execution of instructions in the instruction set by unit 6 in use phase U (depending on the case)
In addition, when the protection principle by renaming is also implemented, a utilization means that enables the restoration means by the unit 6 to be implemented in the use phase U is constructed.

Construction of utilization means is usually done by a program development unit, it is inserted (intervened) defined by defining step S ₁₁ is considered. Such a unit will be described with reference to FIG.

In the prior protection subphase P _1, it may be stages that after the construction phase S ₁₂ called "pre-customization stage S _13" is followed. In this pre-customization step S ₁₃ , the transfer means 13 and / or at least part of the utilization means are uploaded to at least one blank unit 60 in order to obtain at least one pre-customized unit 66. It should be noted that once a part of the exploitation means is transferred to the pre-customized unit 66, it cannot be accessed directly from outside the pre-customized unit 66. Transfer of the utilization means to the blank unit 60 can be performed by a suitable pre-customization unit. The pre-customization unit will be described with reference to FIG. If the pre-customized unit 66 is composed of the chip card 7 and its reader 8, the pre-customization involves only the chip card 7.

In the pre-protection sub-phase P ₁ , a stage called “tool creation stage S ₁₄ ” may follow after the definition stage S ₁₁ and possibly the construction stage S ₁₂ . In this tool creation stage S _14, a tool that makes it possible to automate the or software protection for supporting the generation of the protected software is created. With such tools, you can:
-The following selection is supported or automatically performed in the balableable software 2v to be protected.
-Algorithm processing that can be divided into steps that can be processed remotely by unit 6-Parts that can be changed-Variables that can be processed remotely by unit 6 (if the protection principle by variables is also implemented)
-The execution characteristics to be monitored and, in some cases, algorithmic processing that can be divided into instructions that can be remotely processed by unit 6 (if detection and enforcement protection principles are also implemented)
-Algorithmic processing that can be divided into dependent functions that can be processed remotely in unit 6 and that allows the order of trigger commands to be renamed (if the protection principle by renaming is also implemented)
-Conditional branching with a function that can be remotely processed by unit 6 (when protection principle by conditional branching is also implemented)
• In some cases, support the generation of protected software or automate software protection.

  These various tools can be executed individually or in combination. Each tool can take various forms such as a preprocessor, an assembler, and a compiler.

The pre-protection sub-phase P ₁ is followed by a subsequent protection sub-phase P ₂ which depends on the vernable software 2v to be protected. The subsequent protection subphase P ₂ also consists of a plurality of stages. The first stage corresponding to the implementation of the protection principle with variables is called “creation stage S ₂₁ ”. In the preparatory stage _{S 21,} selection made by the defined step _{S 11} is used. And this selection, using the tools built in tool generation step S ₁₄ (as the case) by executing the following processing, the protected software 2p is created.
At least one operand is used during the execution of the vernalable software 2v, and at least one algorithm processing capable of obtaining at least one result is selected.
• Select at least one part of the source 2 vs. varnarable software that contains at least one selected algorithm processing.
• protected from source 2 vs. balable software by modifying at least one selected part of source 2 vs. balable software to obtain at least one modified part of source 2 ps of protected software Create software source 2ps. This change is the following process.
> During execution of the protected software 2p, the first execution part 2pes is executed in the data processing system 3 and the second execution part 2peu is executed in the unit 6 obtained from the blank unit 60 after uploading information .
> At least one function of at least one selected algorithm processing is performed by the second execution part 2 peu.
> At least one selected algorithm process is divided, so that during the execution of the protected software 2p, said algorithm process is executed by the second execution part using a basic function.
> For at least one selected algorithm processing, basic commands are integrated into the protected software source 2ps, so that during execution of the protected software 2p, each basic command is executed by the first execution part 2pes. In unit 6, the execution of the basic function by the second execution part 2peu is triggered.
> The sequence of basic commands is selected from a set of sequences that allow execution of the protected software 2p.
> The first object part 2pos of the protected software 2p from the protected software source 2ps. This first object part 2 pos is an object part in which the first execution part 2 peu appears during the execution of the protected software 2 p, and the first execution part 2 peu is executed by the data processing system 3, and at least one of the first execution part 2 peu is executed. The part comes into consideration that basic commands are executed according to the selected sequence.
> The second object part 2pou of the protection software 2p including the exploitation means, which is triggered by the first execution part (2pes) during the execution of the protection software (2p) after uploading to the blank unit (60) When the function is executed, the second execution part (2 peu) appears.

  Of course, the variable protection principle according to the present invention can be applied directly during the development of new software, without the prior implementation of the balnarable software 2v. In this way, the protected software 2p is obtained directly.

In the subsequent protection sub-phase P ₂ , if at least one other protection principle is applied in addition to the protection principle by the basic function, the “change stage S ₂₂ ” is executed. In the change step S _22, it is inserted (intervened) defined by defining step S ₁₁ is used. Previously to allow implementation of the protection principle according to one of the configurations that have been defined (Arrangements), by utilizing the definition and tools constructed in the creation step S ₁₄ tool (as the case), the protected software 2p Is changed.

When the protection principle based on variables is implemented, the protected software 2p is changed by the following processing.
• During execution of the protected software 2p, select at least one variable used in at least one selected algorithm process that partially defines the state of the protected software.
Change at least one selected part of the protected software source 2 ps. This change is such that during execution of the protected software 2p, at least one selected variable or at least one copy of the selected variable exists in the unit 6.
・ Create the following.
The first object part 2pos of the protected software 2p, and during execution of the protected software (2p), at least one part of the first execution part 2pes is a unit of at least one variable or at least one copy of the variable The second object part 2pou of the protected software 2p, after uploading to the unit 6, the second execution part 2peu appears during the execution of the protected software 2p, So that at least one selected variable or at least one copy of the selected variable is also present in the unit 6.

When the protection principle based on detection and enforcement is implemented, the protected software 2p is changed by the following processing.
• Select at least one software execution characteristic to be monitored from among the software execution characteristics that can be monitored.
• Select at least one criterion to be observed for at least one selected software execution characteristic.
Select a basic function at which at least one selected software execution characteristic is monitored at 2 ps of protected software source.
Change at least one selected part of the protected software source 2 ps. As a result of this change, during execution of the protected software 2p, at least one selected execution characteristic is monitored by the second execution part 2peu. If the standard is not observed, the data processing system 3 is notified of this and / or the execution of the protected software 2p is changed.
Create the second object part 2pou of the protected software 2p having utilization means that also implements the detection means 17 and the forcing means 18. As a result of the creation of the second object part 2pou, after uploading to the unit 6, at least one software execution characteristic is monitored during execution of the protected software 2p. If the standard is not observed, the data processing system 3 is notified of this, and / or the execution of the protected software 2p is changed.

In the implementation of the protection principle based on detection and enforcement that uses measurement variables of software execution as characteristics, the protected software 2p is changed by the following processing.
• Select at least one measurement variable for the usage of at least one function of the software as a software execution characteristic to be monitored.
・ Select the following.
-At least one function of the protected software 2p that can monitor the usage using measurement variables-at least one measurement variable used to quantify the usage of this function-the usage limit of this function At least one threshold value associated with the selected measurement variable corresponding to-at least one method of updating the selected measurement variable according to the use of this function; at least one of the protected software sources 2ps Change one selected part. As a result of this change, during the execution of the protected software 2p, the measurement variable is enabled by the second execution part 2peu according to the usage status of this function, and at least one threshold excess is taken into account.

In the implementation of the first preferred variant embodiment of the detection and enforcement protection principle using measured variables as characteristics, the protected software 2p is modified by the following process.
Select at least one measurement variable that needs to be associated with multiple thresholds corresponding to various usage limits of the function in the source of protected software 2ps.
Select at least two threshold values associated with the selected measurement variable.
Change at least one selected part of the protected software source 2 ps. As a result of this change, during execution of the protected software 2p, the second execution part 2peu individually considers exceeding various threshold values.

In the implementation of the second preferred variant embodiment of the detection and enforcement protection principle, using measured variables as characteristics, the protected software 2p is modified by the following process.
• Select at least one selected measurement variable that must be able to restrict the use of functions and allow at least one additional use in the protected software source 2ps.
Change at least one selected part. As a result of this change, it is possible to allow at least one additional use of at least one function corresponding to the selected measurement variable in a phase called replenishment.

In the implementation of the detection and enforcement protection principle using the software usage profile as a characteristic, the protected software 2p is changed by the following process.
• Select at least one software usage profile as the software execution characteristics to be monitored.
Select at least one execution feature that at least one selected usage profile must comply with.
Change at least one selected part of the protected software source 2 ps. As a result of this change, during execution of the protected software 2p, the second execution part 2peu complies with all selected execution characteristics.

In the implementation of the detection and enforcement protection principle using execution chain monitoring as an execution feature to be observed, the protected software 2p is modified by the following process.
Change at least one selected part of the source 2 ps of the protected software by the following process:
− Convert basic functions into instructions.
-Specify the chain that at least some of the instructions must comply with during execution in unit 6.
-Convert basic commands into instruction commands corresponding to the instructions used.

When the protection principle by renaming is implemented, the protected software 2p is changed by the following processing.
-Select the trigger command at the source of protected software 2ps.
Modify at least one selected part of the protected software source 2ps by renaming the selected trigger command order to hide the identity of the corresponding dependent function.
・ Create the following.
The first object part 2pos of the protected software 2p. As a result of the creation of the first object part 2pos, a trigger command having the renamed order is executed during execution of the protected software 2p.
The second object part 2pou of the protected software 2p comprising a utilization means that also implements the restoration means 20; As a result of the creation of the second object part 2pou, after uploading to the unit 6, during execution of the protected software 2p, the identity of the dependent function whose execution is triggered by the first execution part 2pes is determined by the second execution part 2peu. It is restored and the dependent function is executed by the second execution part 2 peu.

In the implementation of the modification of the protection principle by renaming, the protected software 2p is changed by the following processing.
• Select at least one trigger command with the renamed order in the protected software source 2ps.
The selected one trigger command with the renamed order replaces the renamed order with at least another renamed order and triggers the same group of dependent functions to trigger the source of protected software 2ps Change at least one selected portion.

When the protection principle based on conditional branching is implemented, the protected software 2p is changed by the following processing.
-Select at least one conditional branch to be executed by at least one selected algorithm processing in the protected software source 2ps.
Change at least one selected part of the protected software source 2 ps. As a result of this change, during the execution of the protected software 2p, the function of at least one selected conditional branch is executed in the unit 6 by the second execution part 2peu.
・ Create the following.
The first object part 2pos of the protected software 2p. As a result of the creation of the first object part 2 pos, at least one selected conditional branch function is executed in the unit 6 during execution of the protected software 2 p.
The second object part 2pou of the protected software 2p. As a result of the creation of the second object part 2pou, after uploading to the unit 6, during execution of the protected software 2p, a second execution part 2peu that executes the function of at least one selected conditional branch appears. Become.

In the implementation of the preferred embodiment of the protection principle by conditional branching, the protected software 2p is modified by the following process.
At least one selected conditional branch sequence is selected in the protected software source 2 ps.
Change at least one selected part of the protected software source 2 ps. As a result of this change, during the execution of the protected software 2p, the overall function of at least one selected conditional branch sequence is executed in the unit 6 by the second execution part 2peu.
・ Create the following.
The first object part 2pos of the protected software 2p. As a result of the creation of the first object part 2 pos, at least one selected conditional branch sequence function is executed in the unit 6 during execution of the protected software 2 p.
The second object part 2pou of the protected software 2p. As a result of the creation of the second object part 2 pou, after uploading to the unit 6, during execution of the protected software 2 p, the second execution part 2 peu that executes the overall function of at least one selected conditional branch sequence is Appears.

Of course, the protection principle according to the invention can be applied directly during the development of new software without having to execute intermediate protected software in advance. In this way, it is possible to perform the creation phase S ₂₁ changes step S ₂₂ at the same time, to obtain the protected software 2p directly.

In the subsequent protection sub-phase P ₂ , a stage called “customization stage S ₂₃ ” follows the creation stage S ₂₁ of the protected software ₂ p and possibly also the modification stage S ₂₂ . In this customization step S ₂₃ , in order to obtain at least one unit 6, the second object part 2 pou including the utilization means is uploaded to at least one blank unit 60, or at least one unit 6 is obtained. For this purpose, a part of the second object part 2 pou, which may contain exploitation means, is uploaded to at least one pre-customized unit 66. By uploading this customization information, at least one unit 6 can be activated. It should be noted that once a portion of this information is transferred to unit 6, it cannot be accessed directly from outside of unit 6. The transfer of customization information to the blank unit 60 or the pre-customized unit 66 can be performed by a suitable customization unit. The customization unit will be described with reference to FIG. If the unit 6 is composed of a chip card 7 and its reader 8, customization involves only the chip card 7.

  Various technical means in the implementation of the protection phase P will be described in more detail with reference to FIGS. 110, 120, 130, 140, and 150. FIG.

Figure 110 illustrates an embodiment of a system 25 that can implement the construction stage _{S 12.} In the construction stage S _12, the consideration inserted (intervened) defined by defining step S _11, the transfer means 12, 13 and optionally utilizing means for unit 6 is constructed. Such a system 25 is generally composed of a system unit, a screen, and peripheral devices (such as a keyboard and a mouse) and includes a computer form including programs such as a file editor, an assembler, a preprocessor, a compiler, an interpreter, a debugger, and a link editor. A program development unit or workstation.

  FIG. 120 shows an embodiment of the pre-customization unit 30. The pre-customization unit 30 can upload the transfer means 13 and / or the utilization means at least partially to the at least one blank unit 60 in order to obtain the pre-customized unit 66. The pre-customization unit 30 includes a read / write unit 31 that can electrically pre-customize the blank unit 60 in order to obtain the transfer unit 13 and / or the pre-customized unit 66 on which the utilization unit is uploaded. It is. The pre-customization unit 30 may also include physical customization means 32 for the blank unit 60, which may take the form of a printer, for example. If the unit 6 consists of a chip card 7 and its reader 8, pre-customization generally involves only the chip card 7.

  FIG. 130 illustrates an embodiment of a system 35 that can perform the creation of a tool that can assist in the generation of protected software and automate software protection. Such a system 35 is generally composed of a system unit, a screen, peripheral devices (such as a keyboard and a mouse), and includes a computer form including programs such as a file editor, an assembler, a preprocessor, a compiler, an interpreter, a debugger, and a link editor. A program development unit or workstation.

  FIG. 140 illustrates an embodiment of the system 40 that allows the protected software 2p to be created directly or the varnarable software 2v to be modified for the purpose of obtaining the protected software 2p. Such a system 40 includes a system unit, a screen, and peripheral devices (such as a keyboard and a mouse). A program such as a file editor, an assembler, a preprocessor, a compiler, an interpreter, a debugger, and a link editor, and generation of protected software. Included is a program development unit or workstation that typically takes the form of a computer that includes tools that can assist with automating software protection.

  FIG. 150 shows an embodiment of the customization unit 45. The customization unit 45 uploads the second object part 2 pou to the at least one blank unit 60 in order to obtain at least one unit 6, or the second object part 2 pou in order to obtain at least one unit 6. A portion can be uploaded to at least one pre-customized unit 66. The customization unit 45 includes read / write means 46 that can electrically customize at least one blank unit 60 or at least one pre-customized unit 66 to obtain at least one unit 6. At the end of the customization, the unit 6 contains information necessary for executing the protected software 2p. The customization unit 45 can also include physical customization means 47 for at least one unit 6, which can take the form of a printer, for example. If the unit 6 is composed of a chip card 7 and its reader 8, customization generally involves only the chip card 7.

The following improvements can be made to the protection process according to the invention.
The second object part 2pou of the protected software 2p can be improved to use together a plurality of processing / storage units. Thus, when used together, the protected software 2p can be executed, and when at least one of the processing / storage units does not exist, the use of the protected software 2p can be prevented.
Similarly, after the pre-customization step S _13, a part of the second object part 2 pou necessary for converting the pre-customized unit 66 into the unit 6 is used in the customization unit 45 in the customization step S ₂₃ . By including it in the processing / storage unit, access to a part of the second object part 2 pou can be restricted. Of course, a part of this second object part 2 pou can be distributed to a plurality of processing / storage units. Thereby, access to a part of this second object part 2 pou can be permitted only when this processing / storage unit is used together.

FIG. 3 is a functional block diagram illustrating various representations of software that are not protected and protected by processes according to the present invention, respectively. FIG. 3 is a functional block diagram illustrating various representations of software that are not protected and protected by processes according to the present invention, respectively. Fig. 3 shows by way of example various embodiments of an apparatus for implementing a process according to the present invention. Fig. 3 shows by way of example various embodiments of an apparatus for implementing a process according to the present invention. Fig. 3 shows by way of example various embodiments of an apparatus for implementing a process according to the present invention. Figure 2 is a functional block diagram clearly illustrating the general principles of the process according to the present invention. Figure 2 is a functional block diagram clearly illustrating the general principles of the process according to the present invention. FIG. 3 shows a protection process according to the invention implementing the protection principle by variable. FIG. 3 shows a protection process according to the invention implementing the protection principle by variable. FIG. 3 shows a protection process according to the invention implementing the protection principle by variable. FIG. 3 shows a protection process according to the invention implementing the protection principle by variable. FIG. 3 shows a protection process according to the invention implementing a protection principle with basic functions. FIG. 3 shows a protection process according to the invention implementing a protection principle with basic functions. FIG. 3 shows a protection process according to the invention implementing a protection principle with basic functions. FIG. 3 shows a protection process according to the invention implementing a protection principle with basic functions. FIG. 3 shows a protection process according to the invention implementing a protection principle with basic functions. FIG. 3 shows a protection process according to the invention implementing the detection and enforcement protection principle. FIG. 3 shows a protection process according to the invention implementing the detection and enforcement protection principle. FIG. 3 shows a protection process according to the invention implementing the detection and enforcement protection principle. FIG. 3 shows a protection process according to the invention implementing the detection and enforcement protection principle. FIG. 3 shows a protection process according to the invention implementing the detection and enforcement protection principle. FIG. 3 shows a protection process according to the invention implementing the protection principle by renaming. FIG. 3 shows a protection process according to the invention implementing the protection principle by renaming. FIG. 3 shows a protection process according to the invention implementing the protection principle by renaming. FIG. 3 shows a protection process according to the invention implementing the protection principle by renaming. FIG. 3 shows a protection process according to the invention implementing the protection principle by renaming. FIG. 3 shows a protection process according to the invention implementing the protection principle by renaming. FIG. 3 shows a protection process according to the invention implementing the protection principle with conditional branches. FIG. 3 shows a protection process according to the invention implementing the protection principle with conditional branches. FIG. 3 shows a protection process according to the invention implementing the protection principle with conditional branches. FIG. 6 illustrates various implementation phases of the inventive subject matter. Fig. 2 shows an embodiment of a system that enables the implementation of the construction phase of the protection phase according to the present invention. Fig. 4 shows an embodiment of a pre-customization unit used in the protection process according to the present invention. Fig. 3 shows an embodiment of a system that enables the implementation of the tool creation phase of the protection phase according to the present invention. 1 illustrates an embodiment of a system that enables implementation of a protection process in accordance with the present invention. Fig. 4 shows an embodiment of a customization unit used in the protection process according to the present invention.

Claims (22)

Using at least one blank unit (60) including at least a storage means (15) and a processing means (16), the valable software (2v) running on the data processing system (3) is used for its unauthorized use. How to protect against:
→ During the protection phase (P)
A set of basic functions whose basic functions can be executed in unit (6),
And a set of basic commands, which are basic commands for the set of basic functions, which are executed in the data processing system (3) and can trigger execution in the unit (6);
Defining
Building a lever that can be transformed into a unit (6) that can execute the set of basic functions (execution of the basic functions is triggered by execution in the data processing system (3));
・ Protected software (2p)
By selecting at least one algorithm processing capable of using at least one operand and obtaining at least one result during the execution of the varnalable software (2v),
-By selecting at least one part of the source (2vs) of the balableable software that contains at least one selected algorithm processing;
-The source of valarable software by modifying at least one selected part of the source of valarable software (2vs) to obtain at least one modified part of the source of protected software (2ps); (2vs) create protected software source (2ps) (this change is
> During execution of the protected software (2p), the first execution part (2pes) is executed in the data processing system (3), and the second execution part (2peu) is blank unit (60) after uploading information. Executed in unit (6) obtained from
> At least one function of at least one selected algorithm processing is performed by the second execution part (2 peu);
> At least one selected algorithm process is divided, so that during the execution of the protected software (2p), said algorithm process is executed by the second execution part using a basic function;
> For at least one selected algorithm processing, basic commands are integrated into the protected software source (2 ps), so that during each protected software (2p) execution, each basic command is the first execution Executed by the part (2 pes), triggering the execution by the second execution part (2 peu) of the basic function in the unit (6),
> The sequence of basic commands is selected from a set of sequences that allow execution of protected software (2p).
Change)
− And
> The first object part (2pos) of the protected software (2p) from the source of protected software (2ps) (the first object part (2pos) is the first object part during the execution of the protected software (2p)) An execution part (2pe s ) is an object part, and the first execution part (2pe s ) is executed by the data processing system (3), at least one part of which is a basic command according to the selected sequence. To be executed)
> And the second object part (2pou) of the protection software (2p) including the utilization means, and after the upload to the blank unit (60), during the execution of the protection software (2p), the first execution part (2pes The second execution part (2 peu) appears by executing the basic function triggered by
By generating
Creating,
And uploading the second object part (2 pou) to the blank unit (60) for the purpose of obtaining the unit (6),
→ During the utilization phase (U) when the protection software (2p) is executed,
-When a basic command included in a part of the first execution part (2pes) is requested when the unit (6) exists, the corresponding basic function is executed in the unit (6), so that the part is executed correctly. As a result, ensure that the protected software (2p) is fully functional,
And in the absence of unit (6), the request cannot be satisfied despite the request by the part of the first execution part (2pes) that seeks to trigger the execution of the basic function in unit (6). By ensuring that at least the part does not execute correctly and as a result the protected software (2p) is not fully functional,
Including methods . → During the protection phase (P)
・ Protected software (2p)
-During execution of the protected software (2p), by selecting at least one variable used in at least one selected algorithm processing that partially defines the state of the protected software;
-Changing at least one selected part of the source of protected software (2 ps) (this change will occur during the execution of the protected software (2p) Is a change such that at least one copy exists in unit (6))
− And
> The first object part (2pos) of the protected software (2p), and during execution of the protected software (2p), at least one part of the first execution part (2pes) is at least one variable or variable Taking into account that there is at least one copy in unit (6),
> And the second object part (2pou) of the protected software (2p), and after uploading to the unit (6), the second execution part (2peu) appears during execution of the protected software (2p), Such that at least one selected variable or at least one copy of the selected variable is also present in the unit (6),
By generating
Changing,
Including
→ During the usage phase (U)
Each time a part of the first execution part (2pes) requests, in the presence of unit (6), that part is executed correctly by using a variable or a copy of the variable present in unit (6), As a result, ensure that the protected software (2p) is fully functional,
And, in the absence of unit (6), despite the request by the part of the first execution part (2 pes) that asks to use the variable or a copy of the variable that exists in unit (6) The failure to satisfy at least that part does not execute correctly and as a result the protected software (2p) is not fully functional,
The method of claim 1 comprising : → During the protection phase (P)
-At least one software execution characteristic that can be monitored at least partly in the unit (6);
-At least one standard to be observed by at least one software execution characteristic;
Detection means (17) implemented in unit (6) and capable of detecting that at least one software execution characteristic does not comply with at least one relevant criterion;
And enforcement means (18) that can be implemented in the unit (6) and notify the data processing system (3) and / or change the execution of the software when at least one criterion is not being complied with ),
Defining
Building a means of utilization that also allows the unit (6) to implement the detection means (17) and the forcing means (18);
・ And protected software (2p)
-By selecting at least one software execution characteristic to be monitored from among the software execution characteristics that can be monitored;
-By selecting at least one criterion that at least one selected software execution characteristic should comply with;
By selecting a basic function in which at least one selected software execution characteristic is to be monitored in the source of protected software (2 ps);
-Changing at least one selected part of the source of protected software (2ps) (this change means that during execution of the protected software (2p), at least one selected execution characteristic is a second execution part); (2 peu) is a change that leads to a notification to the data processing system (3) and / or a change in the execution of the protected software (2p))
And generating a second object part (2pou) of the protected software (2p) including a utilization means that also implements the detection means (17) and the forcing means (18) (the second object part (2pou) After uploading to the unit (6), during execution of the protected software (2p), at least one first software execution characteristic is monitored and notification to the data processing system (3) that the standards are not being observed And / or an object part that leads to a change in the execution of protected software (2p))
Changing,
Including
→ During the usage phase (U)
・ When unit (6) is present,
-As long as all standards corresponding to all monitored execution characteristics of all modified parts of protected software (2p) are observed, said part of protected software (2p) operates nominally. Enabling the protected software (2p) to operate nominally as a result,
And if the at least one criterion corresponding to the monitored execution characteristics of a part of the protected software (2p) is not observed, this is notified to the data processing system (3) and / or protected Changing the function of the software (2p) part so that the function of the protected software (2p) is changed;
The method of claim 1 comprising : To restrict the use of protected software (2p)
→ During the protection phase (P)
-As software execution characteristics that can be monitored, measurement variables for the usage of software functions,
-As a criterion to be observed, at least one threshold value associated with each measurement variable,
-And enabling means capable of updating at least one measurement variable,
Defining
-Building a means of utilization that allows the unit (6) to implement the enabling means;
・ And protected software (2p)
-By selecting at least one measurement variable of usage of at least one function of the software as a software execution characteristic to be monitored;
-> At least one function of the protected software (2p) whose use can be monitored using measurement variables,
> At least one measurement variable used to quantify the usage of the function,
> At least one threshold value associated with the selected measurement variable corresponding to the use limit of the function;
> And at least one method of updating the selected measurement variable depending on the usage of the function,
By selecting
And changing at least one selected part of the source of protected software (2 ps) (this change depends on the usage of the function during the execution of the protected software (2p) By the second execution part (2 peu), a change in which at least one threshold crossing is taken into account)
Changing the
Including
→ During the usage phase (U), in the presence of the unit (6) and if at least one threshold excess corresponding to at least one usage limit is detected, it is passed to the data processing system (3) Notifying and / or changing the function of the protected software (2p) part so that the function of the protected software (2p) is changed,
The method of claim 3 comprising : → During the protection phase (P)
-Several relevant thresholds for at least one measurement variable,
-And different forcing means corresponding to each of said threshold values,
Defining
・ And protected software (2p)
By selecting at least one selected measurement variable in the source of protected software (2 ps), to which several thresholds corresponding to different usage limits of the function must be associated,
-By selecting at least two threshold values associated with the selected measurement variable,
And changing at least one selected part of the source of protected software (2 ps) (this change occurs during the execution of the protected software (2p) when the various thresholds are exceeded for the second time). Part (2 peu) is considered differently)
Changing,
Including
→ During the usage phase (U)
・ When unit (6) is present,
-If an excess of the first threshold is detected, command the protected software (2p) not to use the corresponding function any more;
-Disabling the corresponding function and / or at least part of the protected software (2p) if an excess of the second threshold is detected;
The method of claim 4 comprising : → During the protection phase (P)
Defining replenishment means that can allow at least one additional use for at least one software function monitored by a measurement variable;
-Building a means of utilization that will allow the unit (6) to implement replenishment means;
・ And protected software (2p)
-By selecting at least one selected measurement variable that can limit the use of at least one function that must be allowed to be allowed in the source of protected software (2 ps);
-And changing at least one selected part (this change is such that at least one additional use of at least one function corresponding to the selected measurement variable is permitted during a phase called the replenishment phase) Change)
Changing,
Including
→ During the replenishment phase
Re-enabling at least one selected measurement variable and / or at least one associated threshold to allow at least one additional use of the function;
The method according to claim 4 or 5, comprising : → During the protection phase (P)
-Software usage profiles as software execution characteristics that can be monitored,
-And at least one software execution feature as a standard to be observed,
Defining
・ And protected software (2p)
-By selecting as a software execution characteristic to monitor at least one software usage profile;
-By selecting at least one execution feature that at least one selected usage profile must comply with;
-And changing at least one selected part of the source of protected software (2 ps) (this change is made by the second execution part (2 peu) all selections while the protected software (2p) is running). Is a change that must comply with the execution characteristics specified)
Changing,
Including
→ during the usage phase (U), informing the data processing system (3) of the presence of the unit (6) and if it is detected that at least one execution feature is not observed, and / Or change the function of the protected software (2p) part so that the function of the protected software (2p) is changed,
The method of claim 3 comprising : → During the protection phase (P)
-A set of instructions that can be executed in unit (6),
A set of instruction commands for said set of instructions, said instruction command set being executed in a data processing system (3) and capable of triggering execution of an instruction in unit (6);
-As a usage profile, a chain of instructions,
-As an execution feature, the expected chain for the execution of the instruction;
-Means for detecting as detection means (17) that the chain of instructions does not correspond to what is expected;
And, as forcing means (18), notify the data processing system (3) if the instruction chain does not correspond to what is expected and / or change the function of the protected software (2p) part Possible means,
Defining
Building a lever that also allows the unit (6) to execute instructions of the instruction set (execution of the instructions is triggered by execution of instruction commands in the data processing system (3));
・ And protected software (2p)
-At least one selected part of the source of protected software (2 ps),
> By converting basic functions into instructions,
> By specifying the chain at least part of the instructions must comply during their execution in the unit (6)
> And by converting the basic command into an instruction command corresponding to the instruction used,
By changing
Changing,
→ During the use phase (U), if it is detected that the chain of instructions executed in unit (6) does not correspond to what is expected when unit (6) is present, Notifying the processing system (3) and / or changing the function of the protected software (2p) part so that the function of the protected software (2p) is changed,
The method of claim 7 comprising : → During the protection phase (P)
-An instruction set in which at least a part of the instructions works with a register and uses at least one operand to return a result, as an instruction set;
-For at least some instructions that work with registers
> Part (PF) that defines the function of the instruction,
> And a part that defines the expected chain for instruction execution,
(The part is
◇ Instruction identification field (CII),
◇ And for each operand of the instruction,
* Flag field (CD _k ),
* And the expected identification field of the operand (CIP _k ),
Part containing a bit field corresponding to
For each register used by the instruction set belonging to the exploitation means, a generation identification field (CIG _v ) in which the identification of the last instruction that returned its result is automatically stored in the register;
As a detection means (17), during execution of the instruction, for each operand, when the flag field (CD _k ) requires, a generation identification field (CIP _k ) corresponding to the register used by the operand; Means capable of checking equivalence with the expected identification field (CIP _k ) of the source of the operands;
And, as a forcing means (18), means capable of changing the result of the instruction if at least one of the checked equivalences is false,
Defining
The method of claim 8 comprising : → During the protection phase (P)
-Basic command or command command as trigger command,
-As a dependent function, a basic function or instruction,
-At least one argument to a trigger command that, as an order, corresponds at least in part to the information sent by the data processing system (3) to the unit (6) and triggers the execution of the corresponding dependent function;
-A method of renaming an order capable of renaming an order so as to obtain a trigger command having a renamed order;
And a restoration means (20) designed to be used in the unit (6) during the use phase (U) and capable of restoring dependent functions to be executed from the renamed order,
Defining
-Building a means of utilization that allows the unit (6) to implement the means of restoration;
・ And protected software (2p)
-By selecting a trigger command in the source of protected software (2ps)
By changing at least one selected part of the protected software source (2 ps) by renaming the order of the selected trigger command so as to hide the identification of the corresponding dependent function
− And
> The first object part (2pos) of the protected software (2p), such that a trigger command with the renamed order is executed during execution of the protected software (2p);
> And the second object part (2 pou) of the protected software (2p) including the utilization means that also implements the restoration means (20), and after uploading to the unit (6), Such that the identification of the dependent function whose execution is triggered by the first execution part (2 pes) is restored by the second execution part (2 peu) and the dependent function is executed by the second execution part (2 peu),
By generating
Changing,
Including
→ During the usage phase (U)
In the presence of unit (6), each time a trigger command with a renamed order contained in a part of the first execution part (2pes) requests, the identification of the corresponding dependent function and its execution are performed in unit (6) To ensure that the protected software (2p) is fully functional as a result of the correct execution of that part,
And, in the absence of unit (6), to satisfy the request correctly despite the request by the part of the first execution part (2 pes) seeking to trigger the execution of the dependent function in unit (6). Not being able to execute at least that part correctly, as a result of which the protected software (2p) is not fully functional,
The method according to claim 1 or 8, comprising : → During the protection phase (P)
Defining a set of dependent functions that are algorithmically equivalent for at least one dependent function, but whose renamed order is triggered by a different trigger command;
・ And protected software (2p)
-By selecting at least one trigger command with the renamed order in the source of protected software (2ps)
And the source of the protected software by replacing at least the renamed order of one selected trigger command with the renamed order with another renamed order that triggers the same group of dependent functions ( By changing at least one selected portion of 2 ps)
Changing,
The method of claim 10 comprising : → During the protection phase (P), an algorithmically equivalent group of dependent functions for at least one dependent function,
-By concatenating the noise field to the information defining the functional part of the dependent function to be executed in unit (6),
Or alternatively, by using the identification field (CII) of the instruction and the expected identification field (CIP _k ) of the operand,
Defining,
The method of claim 11 comprising : → During the protection phase (P)
・-As an order renaming method, an encryption method to encrypt the order,
And means for implementing a decoding method as decoding means (20) for restoring the identity of the dependent function to be executed in unit (6) by decoding the renamed order,
Defining
The method of claim 10, 11 or 12 including. → During the protection phase (P)
・ Protected software (2p)
-By selecting at least one conditional branch to be executed with at least one selected algorithm processing in the source of protected software (2 ps);
-Changing at least one selected part of the source of protected software (2ps) (this change means that during the execution of the protected software (2p), the function of at least one selected conditional branch is (6) is a change as executed by the second execution part (2 peu))
− And
> The first object part (2pos) of the protected software (2p), such that at least one selected conditional branch function is executed in the unit (6) during the execution of the protected software (2p) thing,
> The second object part (2pou) of the protected software (2p), after uploading to the unit (6), the second execution part (2peu) appears during the execution of the protected software (2p), thereby , Such that at least one selected conditional branch function is performed,
By generating
Changing,
Including
→ During the usage phase (U)
Whenever a part of the first execution part (2pes) requests in the presence of the unit (6), the unit (6) executes the function of at least one conditional branch, so that the part is executed correctly and the result Make sure that the protected software (2p) is fully functional,
And, in the absence of unit (6), that the request can be satisfied correctly despite the request by the part of the first execution part (2pes) that requires the unit (6) to execute the conditional branch function. Not being able to execute at least that part correctly, as a result of which the protected software (2p) is not fully functional,
14. A method according to any one of the preceding claims comprising : During the protection phase (P), the protected software (2p)
-By selecting at least one selected conditional branch sequence in the source of protected software (2 ps);
-Changing at least one selected part of the source of protected software (2 ps) (this change will cause the full functionality of at least one selected conditional branching sequence during execution of the protected software (2p)). , In unit (6), a change as performed by the second execution part (2 peu))
− And
> The first object part (2pos) of the protected software (2p) so that during the execution of the protected software (2p), at least one function of the conditional branch sequence is executed in the unit (6) What,
> The second object part (2pou) of the protected software (2p), after uploading to the unit (6), the second execution part (2peu) appears during the execution of the protected software (2p), thereby , Such that all functions of at least one selected conditional branch sequence are performed,
By generating
The method of claim 14, comprising modifying. 16. The protection phase (P) according to any one of claims 1 to 15, comprising dividing the protection phase (P) into a preceding protection subphase (P1) independent of the software to be protected and a subsequent protection subphase (P2) dependent on the software to be protected. 2. The method according to item 1. 17. Method according to claim 16, comprising inserting a definition step (S11) during which all definitions are executed during the pre-protection sub-phase (P1). The method according to claim 17, comprising inserting a construction step (S12) in which the utilization means is constructed after the definition step (S11). After the construction step (S12), for the purpose of obtaining the pre-customized unit (66), including inserting a pre-customization step (S13) including uploading at least a part of the utilization means to the blank unit (60). The method of claim 18. Claims including inserting a tool creation step (S14) during the pre-protection sub-phase (P1) in which a tool is created that assists in the generation of the protected software or enables the software protection to be automated. Item 19. The method according to Item 17 or 18. Subsequent protection subphase (P2)
A creation stage (S21) in which the protected software (2p) is created from the balnarable software (2v);
A change stage (S22) in which the protected software (2p) is changed in some cases,
· and,
The second object part (2pou) of the protected software (2p) including the exploitation means is uploaded to at least one blank unit (60) for the purpose of obtaining at least one unit (6);
Or alternatively, at least one pre-customized unit (66) for the purpose of obtaining at least one unit (6) by a part of the second object part (2pou) of the protected software (2p) optionally including a means of exploitation Customization stage uploaded to (S23),
20. The method according to claim 16 and 19, comprising dividing into two. Using at least one tool that assists in the generation of protected software or automates software protection during the creation phase (S21) and optionally during the modification phase (S22) The method according to 21.

Images