KR20110013176A - Server for registering separating execution based contents, method thereof and computer recordable medium storing program performing the method - Google Patents

Abstract

PURPOSE: A contents registration server based on isolating execution is provided to improve the security performance of an application by extracting separation operational objection code block enabling separation execution from a part of an application program code region. CONSTITUTION: A transceiver performs communication with a contents providing terminal. A server control unit(15) receives a registration request of the contents through transceiver from the contents providing terminal. The server control unit divides the contents into the contents for the separation operational objection code block and service. The server control unit registers the separated contents in a database part(13). The server control unit receives the separation operational objection code block and service contents through the profiling and analysis about the contents.

Description

Server for registering separating execution based contents, method according to method and the computer recordable medium storing program performing the method}

The present invention relates to a technology for preventing copying of content, and more particularly, to separate the execution target code block and the content for the service necessary for the separation between the host terminal and the storage device for the content and to register the content for the service in the content registration server. An execution-based content registration server, a method, and a computer-readable recording medium having recorded thereon a program for performing the method.

In general, a plurality of contents are installed in a host terminal on an operating system. Content is a digital work that is stored and distributed in digital form and includes software, applications, multimedia data, and the like. For example, the user may perform document editing, image editing, games, etc. using various contents installed in the host terminal.

Although such content can be used free of charge, it is sold for a fee online or offline. The user purchases the necessary content and installs the purchased content in the host terminal. When the content passes the authentication through the authentication number, it is installed in the host terminal. Typically, the authentication number is provided with the purchased content.

Content of the authentication method using the authentication number has a problem that is easily exposed to hacking. That is, if the authentication number of the program is hacked or a code that bypasses authentication is added to the content, those who have not purchased the content can install the duplicated content on the host terminal and use it without permission.

The damage of the content provider (CP) due to the unauthorized use of such content is increasing. Unauthorized use of the content acts as a factor that lowers the motivation of the content provider to develop the content.

In addition, the content provider has to pay attention to a security method for suppressing unauthorized copying of the developed content, which is a burden on the content provider due to the high cost of developing the content.

Therefore, an object of the present invention is to isolate the content provider can easily register the content code for execution and the content block to execute the code block and the content execution server required for the separation between the host terminal and the storage device for the content in order to suppress the replication of the content; A computer-readable recording medium having recorded thereon an execution-based content registration server, a method thereof, and a program for performing the method.

Another object of the present invention is a computer-readable recording of a separate execution-based content registration server that allows a content provider to register a content registration server by adjusting the security level of the content, a method thereof, and a program for performing the method. To provide a medium.

In order to achieve the above object, the present invention provides a separate execution-based content registration server comprising a database unit, a transceiver and a server control unit. The transceiver performs communication with the content providing terminal. The server control unit receives a registration request for content from a content providing terminal through a transceiver, and a service for inserting a stub code into a code execution region in which a separate execution target code block is extracted from the content and a code execution region in which the separation execution target code block is extracted. Separate it into contents and register it in the database.

In the separate execution based content registration server according to the present invention, the server control unit receives the separated execution target code block and the content for the service separated by profiling and analyzing the content to be registered from the content providing terminal through the transceiver. Can be.

In the separate execution based content registration server according to the present invention, the server control unit executes the separated execution target code block in a test environment corresponding to the execution environment of the actual storage device to validate the validity based on the verification item, and the verification result. When an invalid separation execution target code block is detected, a verification failure result may be fed back to the content providing terminal, and if the verification result is valid, the separation execution target code block may be registered.

In the content execution server based on the separation execution according to the present invention, the server controller separates the execution target code block and the service separated by re-profiling and analyzing the content to be registered based on the verification failure result transmitted from the content providing terminal. Content can be received again.

In the separate execution based content registration server according to the present invention, the server controller receives a list of content to be registered from the content providing terminal through a transceiver and a list of separated execution target code blocks extracted by profiling and analyzing the content to be registered. Then, the separation execution target code block may be extracted from the received content based on the received list, and the stub code may be inserted into the code region from which the separation execution target code block is extracted to generate content for a service.

In the separate execution based content registration server according to the present invention, the server control unit executes the separated execution target code block in a test environment corresponding to the execution environment of the actual storage device to validate the validity based on the verification item, and validates the verification result. If the separate execution target code block is detected, the verification failure result is fed back to the content providing terminal, and if the verification result is valid, the separation execution target code block may be registered.

In the separate execution based content registration server according to the present invention, the server control unit, the list of the separated execution target code block extracted through re-profiling and analysis of the content to be registered based on the verification failure result transmitted from the content providing terminal Can be received again.

In the content execution server based on the separation execution according to the present invention, the verification item includes a floating point instruction, a SIMD instruction set, whether the memory range included in the initial context exceeds a threshold capacity, and a long time in the target block of execution code. It may include at least one of the presence or absence of a repeating loop, the presence or absence of data in the separation execution target code block.

In the separation execution based content registration server according to the present invention, the server control unit receives the content to be registered from the content providing terminal through the transceiver, extracts the separation execution target code block by profiling and analyzing the received content and In addition, the content for the service may be generated by inserting the stub code into the code region from which the separated execution target code block is extracted.

In the separate execution-based content registration server according to the present invention, the server controller may convert the separated execution target code block into a code block for storage that can be executed in a storage device provided with a processor and register the same in a database unit.

The present invention also relates to a computer-readable recording medium recording a program for performing content registration based on a separate execution, comprising: a calling step of calling a content to be registered, and a code region of the content through profiling and analyzing the called content. Extraction and generation step of extracting the separated execution target code block, inserting stub code into the code region from which the separated execution target code block is extracted, and generating the content for the service; The present invention provides a computer-readable recording medium having recorded thereon a program for performing a transmission step of requesting registration.

In a computer-readable recording medium recording a program according to the present invention, an execution step of executing a profiling and analysis tool downloaded from a content registration server may be further performed before the calling step. At this time, in the calling step, the content to be registered in the profiling and analysis tool can be called.

In a computer-readable recording medium recording a program according to the present invention, the calling step may further include a security level setting step of setting a security level for content to be registered. In this case, profiling and analysis may be performed according to the security level set in the extraction and generation step.

In a computer-readable recording medium recording a program according to the present invention, the setting of the security level may include displaying a security level setting item and setting the security level to a security level setting item selected from the security level setting items. Can be.

In a computer-readable recording medium recording a program according to the present invention, the security level setting item includes a frequency of calling a basic block group, a calling position of a basic block group, a memory reference frequency of a host terminal, an OS API reference frequency of a host terminal, It may include at least one of the hardware elements of the storage device.

In the computer-readable recording medium recording the program according to the present invention, the extracting and generating step is a selection step of selecting a plurality of basic block groups through profiling and analysis of the code region of the called content, a plurality of basic blocks The method may further include an extraction step of selecting a separation execution target code block from a group and extracting the code block from the content.

In the computer-readable recording medium recording the program according to the present invention, the selection step is a collection step of collecting the basic information through dynamic profiling of the code region of the called content, the content information based on the collected basic information A basic block group selection step of selecting a plurality of basic block groups by performing a static analysis, and inserting a stub code into the code region from which the separate execution target code block is extracted may generate the content for the service.

In the computer-readable recording medium recording the program according to the present invention, the basic information in the collecting step is information about the code region of the content collected by the code block extraction apparatus during the run-time of the content.

In the computer-readable recording medium recording the program according to the present invention, in the basic block group selection step, the indirect address of the collected basic information is substituted into the control flow to expand the analysis range of the code area of the content. Static analysis can be performed.

In the computer-readable recording medium recording the program according to the present invention, the basic block group includes a plurality of basic blocks, the entry of the control signal through the entry point and the movement of the control signal between the plurality of basic blocks It is a collection of a plurality of basic blocks that are related to each other and that do not enter a control signal into the plurality of basic blocks except for a starting point.

In a computer-readable recording medium recording a program according to the present invention, a basic block has a property of a single input and a single output, and an attribute that does not allow entry of a control signal from the outside to the inside. Is a code block with

In the computer-readable recording medium recording the program according to the present invention, the registration information of the content can be transmitted to the content registration server together in the transmission step. In this case, the registration information of the content includes at least one of a title, a Mime type, a description, a content provider name, and billing information.

A computer-readable recording medium having recorded a program according to the present invention, which receives a verification failure result indicating that an invalid separation execution target code block is included among the separation execution target code blocks transmitted from the content registration server after the transmission step. The retransmission step of separating the execution target code block and the content for the service and retransmitting it to the content registration server may be further performed through the receiving step and re-profiling and analyzing the content to be registered based on the received verification failure result. .

A computer-readable recording medium recording a program according to the present invention, the method comprising: receiving a verification pass result indicating that a separation execution target code block transmitted from a content registration server is valid after a transmission step or a retransmission step, and registering from a content registration server Receiving a registration complete message for the requested content may be further performed.

In a computer-readable recording medium recording a program according to the present invention, an invalid separate execution target code block included in a verification failure result received in a retransmission step is blacklisted to be excluded from the selection object and rewritten. Profiling and analysis can be performed.

The present invention also provides a computer-readable recording medium recording a program for performing content execution based on a separate execution, comprising the steps of: calling a content to be registered, profiling and analyzing the called content in a code area of the content; A computer that records a program for performing an extraction step of extracting a separate execution target code block, a generation step of generating a list of extracted separation execution target code blocks, and a transfer step of requesting registration by transferring content and the generated list to a content registration server. A computer-readable recording medium having recorded thereon a program according to the present invention, further comprising an execution step of executing a profiling and analysis tool downloaded from a content registration server before the calling step. Can be. At this time, in the calling step, the content to be registered in the profiling and analysis tool can be called.

In a computer-readable recording medium recording a program according to the present invention, the calling step may further include a security level setting step of setting a security level for content to be registered. At this time, profiling and analysis can be performed according to the security level set in the extraction step.

In the computer-readable recording medium recording the program according to the present invention, after the transmission step, verify that the invalid execution target code blocks included in the separation execution target code blocks included in the list transmitted from the content registration server are included. Receiving step of receiving a failure result, re-transmission step of generating a list of the separated execution target code blocks re-extracted through re-profiling and analysis of the content to be registered based on the received verification failure result and retransmitting to the content registration server. Can be done.

A computer-readable recording medium recording a program according to the present invention, the method comprising: receiving a verification pass result indicating that a list of separate execution target code blocks transmitted from a content registration server after a transmission step or a retransmission step is valid; The method may further include receiving a registration completion message for the content requested to be registered.

In the computer-readable recording medium recording the program according to the present invention, an invalid separate execution target code block included in the verification failure result received in the retransmission step is blacklisted and excluded from the selection target. Re-profiling and analysis can be performed.

According to the present invention, a content provider may register an application program with a content registration server by using a profiling and analysis tool provided by a content registration server through a web that is easily accessible. In this case, the profiling and analysis tool extracts a block of code to be separated from some blocks of the application program to enable a separate execution between the host terminal and the storage device, thereby improving security performance related to copy protection of the application. You can.

The content provider can register the application with the content registration server by dividing the application program into a separate execution target code block and a service application program for separation between the host terminal and the storage device using the profiling and analysis tool provided by the content registration server. have.

The content provider can set the security level for the application to be registered and, according to the set security level, can divide the application into separate execution target code blocks and service applications and register it with the content registration server. You can register the security application to the content registration server according to the security level.

In addition, a test block for the separated execution target code block extracted through profiling and analysis is verified by performing a test in a test process environment corresponding to a separate execution environment of a real host terminal and a storage device, and is responsible for profiling and analyzing the verification result. By feedback to the part, it is possible to extract a separate execution target code block that can provide a stable execution environment when the separation between the host terminal and the storage device for the application program. Therefore, it is possible to eliminate in advance the deterioration factors of performance and stability of the host terminal and the storage device, which may occur when executing a separate execution based application.

1 is a block diagram illustrating a digital rights management (DRM) system including a segregation execution based content registration system according to a first embodiment of the present invention.
2 is a block diagram illustrating a configuration of a content providing terminal of FIG. 1.
3 is a block diagram illustrating a configuration of a profiling and analysis tool provided by the content registration server of FIG. 1.
4 is a block diagram showing a data structure of content.
FIG. 5 is a block diagram illustrating a structure of a separated execution target code block divided from content and content for a service.
6 is a block diagram illustrating a configuration of a content registration server of FIG. 1.
7 is a flowchart illustrating a content execution method based on a separation execution according to a first embodiment of the present invention.
FIG. 8 is a detailed flowchart illustrating the separation execution target code block extraction and content generation step for a service of FIG. 7.
9 and 10 are exemplary diagrams for describing a step of selecting a basic block group to be extracted as the separated execution target code block of FIG. 8.
FIG. 11 is an exemplary diagram for describing a verification step of the registration method of FIG. 7.
12 is a block diagram illustrating a digital rights management system including a content execution system based on a separation execution according to a second embodiment of the present invention.
13 is a flowchart illustrating a content execution method based on a separation execution according to a second embodiment of the present invention.
FIG. 14 is a detailed flowchart of a list generation step of the separated execution target code block of FIG. 13.
FIG. 15 is an exemplary diagram for describing a verification step of the registration method of FIG. 13.
16 is a block diagram illustrating a digital rights management system including a content execution system based on a separation execution according to a third embodiment of the present invention.
17 is a flowchart illustrating a content execution method based on a separation execution according to a third embodiment of the present invention.
18 is an exemplary view for explaining a verification step of the registration method of FIG. 16.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings.

Digital rights management (DRM) system 100 based on separation execution according to the first embodiment of the present invention, as shown in FIG. ), The content registration server 20, the host terminal 51, and the storage device 53 connected to the host terminal 51 via a wired or wireless interface. In particular, the separation execution based digital rights management system 100 includes a separation execution based content registration system (hereinafter referred to as a 'content registration system'). The content registration system is configured to include a content providing terminal 10 and a content registration server 20 connected via a network 55.

In this case, the "separate execution" means that the host terminal 51 and the storage device 53 interoperate with each other in executing the content 30. In particular, in order to implement a separate execution, some code blocks (hereinafter referred to as 'separated execution target code blocks 34') are separated from the code area of the original content 30 and installed in the storage device 53, and a separate execution target is performed. The content in which the code block 34 has been removed (hereinafter referred to as "service content 32") is installed in the host terminal 51. Therefore, when the separated execution based content 30 is to be executed, the host terminal 51 stores the output value for the portion where the separated execution target code block 34 is removed during the execution of the service content 32. The content 30 is executed in the form of a request for return. In this case, the separated execution target code block 34 is converted into a storage device code block 27 used in the storage device 53 and provided to the storage device 53.

The network 55 performs a series of data transmission / reception operations for data transmission and information exchange between the content providing terminal 10, the content registration server 20, and the host terminal 51. The network 55 is an IP network that provides a large data transmission / reception service and a seamless data service through IP, and may be an ALL-IP network that is an IP network structure integrating different networks based on IP. The network 55 also includes a wired communication network, a mobile communication network, a WiBro (Wireless Broadband) network, a high-speed downlink packet access (HSDPA) network, a satellite communication network, or other well-known or future-developed wired or wireless networks or a combination thereof.

The content providing terminal 10 is a terminal operated by a content provider. The content providing terminal 10 communicates with the content registration server 20 through the network 55 and stores the content 30 developed by the content provider. In particular, the content providing terminal 10 receives the selection signal of the content provider and sets the security of the content 30 to be registered and registers it with the content registration server 20. That is, the content providing terminal 10 executes the profiling and analysis tool 40 downloaded from the content registration server 20. The content providing terminal 10 calls the content 30 to be registered in the profiling and analysis tool 40. The content providing terminal 10 may code areas of the content 30 through dynamic profiling and static analysis (hereinafter, referred to as 'profiling and analysis') of the called content 30. Extract the separate execution target code block 34 from. In addition, the content providing terminal 10 inserts a stub code into the code region from which the separate execution target code block 34 is extracted to generate the service content 32. The content providing terminal 10 registers the separation execution target code block 34 and the service content 32 in the content registration server 20. In this case, the content providing terminal 10 is a terminal capable of registering the content registration server 20 by setting security for the content 30, and may be a host terminal or a server built on the network 55.

The content registration server 20 receives and registers the content 30 from the content providing terminal 10 at the request of the content provider through the network 55. The content registration server 20 may sell the registered content 30 according to a customer's purchase request through the host terminal 51. At this time, the content registration server 20 receives and registers a separate execution target code block 34 of the content 30 and the service content 32 from the content providing terminal 10. The content registration server 20 operates a web page 21 that the content providing terminal 10 or the host terminal 51 can access through the network 55. The content registration server 20 provides a profiling and analysis tool 40 necessary for analysis and registration of the content 30. The content registration server 20 converts the separated execution target code block 34 into a code block that can be executed in the storage device 53, that is, a storage code block 37.

The host terminal 51 collectively refers to a computing device having an independent CPU capable of executing the content 30, such as a PC, a notebook, a workstation, and the like. The host terminal 51 includes a public computer that is accessible by a plurality of users. The host terminal 51 is provided with service contents 32. When the storage device 53 is connected to the host terminal 51 via a wired or wireless interface, the host terminal 51 performs a separate execution of the content 30 together with the connected storage device 53. The user of the host terminal 51 may purchase the content 30 registered in the content registration server 20. When the purchase of the content 30 is determined, the host terminal 51 installs the service content 32 of the purchased content 30 in itself, and the code block 27 for the storage device of the purchased content 30. May be installed in the connected storage device 53. Here, the wired / wireless interface may include a wired communication network using a USB, a USB2, a serial / parallel port, an Ethernet, a TCP / IP, a communication cable, and a short range wireless communication network. Bluetooth, Zigbee, Ruby, Infrared Data Association (IrDA), Ultra Wide Broadband (UWB), and the like may be used as a short range wireless communication method.

The storage device 53 is connected to the host terminal 51 through a wired or wireless interface, and stores the storage device code block 27 for the service content 32 installed in the host terminal 51. The storage device 53 performs an operation on the storage device code block 34 at the request of the host terminal 51 when the content 30 is executed, and returns an output value to the host terminal 51. In this case, the storage device 53 is a storage device having a processor, and includes a USB memory, a flash memory card, and various removable and portable storage media (for example, a Secure Digital (SD) memory card, a microSD memory card, and an ISO 7816 standard). Storage device, etc.).

Therefore, when the user requests execution of the content 30 through an input unit of the host terminal 51, for example, a keyboard, a mouse, a touch pad, etc., the host terminal 51 starts execution of the content for service 32. The host terminal 51 transmits an execution request for code not included in the service content 32 to the storage device 53. The storage device 53 executes the storage device code block 34 corresponding to the execution request and transmits the output value to the host terminal 51.

In addition, the content registration system according to the first exemplary embodiment performs verification on the content execution server 20 for the separation execution target code block 34 extracted through profiling and analysis of the content providing terminal 10, and the verification result. Is fed back to the content providing terminal 10 so that the separation execution target code block 34 which can provide a stable execution environment in the separation execution can be extracted.

The content providing terminal 10 transmits the separated execution target code block 34 extracted through profiling and analysis of the content 30 to be registered to the content registration server 20. If the feedback of the verification failure that the invalid execution target code block 34 is included among the separation execution target code blocks 34 transmitted from the content registration server 20 is received, the content providing terminal 10 receives the verification. Based on the failure result, the separated execution target code block 34 extracted through re-profiling and analysis of the content 30 to be registered is retransmitted to the content registration server 20. The content providing terminal 10 may receive and output a verification pass result indicating that the separation execution target code block 34 transmitted from the content registration server 10 is valid.

The content registration server 20 verifies the separation execution target code block 34 received from the content providing terminal 10 and feeds back the verification result to the content providing terminal 10. That is, the content registration server 20 executes the separated execution target code block 34 received from the content providing terminal 10 in a test environment corresponding to the execution environment of the actual storage device to verify validity. When the invalid execution target code block 34 is detected as a result of the verification, the content registration server 20 feeds back a verification failure result to the content providing terminal 10. If the verification result is valid, the content registration server 20 converts the separation execution target code block 34 to the storage code block 27 and feeds back the verification pass result to the content providing terminal 10.

As described above, the content registration system according to the first exemplary embodiment extracts the separated execution target code block 34 extracted from the content 30 to be registered before converting the separated execution target code block 34 into the storage device code block 27. For example, the separated execution target code block 34 may be extracted to provide a stable execution environment by feeding back the verification result. Through this, it is possible to remove in advance the deterioration factors of performance and stability that may occur when the content of the separation-based execution 30 is executed.

The content providing terminal 10 of the content registration system according to the first embodiment will be described in detail with reference to FIGS. 1 to 5. 2 is a block diagram illustrating a configuration of a content providing terminal of FIG. 1. 3 is a block diagram illustrating a configuration of a profiling and analysis tool provided by the content registration server of FIG. 1. 4 is a block diagram showing a data structure of content. FIG. 5 is a block diagram illustrating a configuration of a separate execution target code block divided from content and content for a service.

The content providing terminal 10 according to the first embodiment may include a communication unit 11, an input unit 12, a storage unit 13, and a terminal controller 15, and may further include a display unit 14.

The communication unit 11 communicates with the content registration server 20 through the network 55. The communication unit 11 transmits the separate execution target code block 34 and the service content 32 to the content registration server 20 to register the content 30 under the control of the terminal controller 15. The communication unit 11 receives a verification result of the separation execution target code block 34 transmitted from the content registration server 20, for example, a verification failure or a verification passing result, and transmits the result to the terminal controller 15. The communication unit 11 receives a registration completion message from the content registration server 20 and transmits the registration completion message to the terminal controller 15.

The input unit 12 provides a plurality of keys for the operation of the content providing terminal 10, and generates and transmits a selection signal according to the key selection of the content provider to the terminal controller 15. The content provider calls the content 30 to be registered through the input unit 12, sets the security level for the called content 30, extracts the separation execution target code block 34, and the contents of the service 32. A selection signal for generation can be input. In this case, the input unit 12 may be a keypad, a pointing device such as a touch pad, or an input device such as a touch screen.

The storage unit 13 stores a program necessary for controlling the operation of the content providing terminal 10 and information generated while executing the program. The storage unit 13 stores the content 30 developed by the content provider. The storage unit 13 stores the profiling and analysis tool 40 which extracts the separate execution target code block 34 through profiling and analysis of the content 30 to be registered. The storage unit 13 may store the extracted execution target code block 34 and the service content 32 in which the stub code 36 is inserted into the separated code area in which the separation execution target code block 34 is separated. .

In this case, the content 30 includes a plurality of files, for example, an application program interface (API) provided by an operating system, an API provided by a developer, or a file such as a dynamic linking library (DLL). As illustrated in FIG. 5, the content 30 including the plurality of files may be divided into a code area 31 and a data area 33. The code region 31 includes a plurality of code blocks, and the separation target code block 34 includes a plurality of code blocks extracted from the code region 31. For example, the separated execution target code block 34 includes a plurality of basic block groups 37, and the basic block groups 37 are a collection of a plurality of basic blocks 35.

In this case, the basic block 35 is a sequence of instructions having attributes of a single input and a single output, and is a code block having an attribute that does not allow entry from the outside to the inside. Can be defined That is, the basic block 35 means a series of sentences (groups of codes) that are always executed once from the beginning to the end, and is a group of statements in which execution is not stopped due to flow control in the middle.

The service content 32 includes a code area 31a in which a stub code 36 is inserted into a code area of a basic block group 37 extracted as a separate execution target code block 34, and a data area 33. do. At this time, the stub code 36 corresponds to the code region extracted from the service content 32 and the extracted code region when performing the separation of the content 30 between the host terminal 51 and the storage device 53. The separation execution target code block 34 is connected. That is, the stub code 36 transmits a control signal to the storage device 53 in the extracted code area when performing the separation on the content 30. The storage device 53 receiving the control signal returns an output value calculated by performing an operation on the separate execution target code block 34 corresponding to the control signal to the host terminal 51.

The separation execution target code block 34 includes a plurality of basic block groups 37 extracted from the code area 31 of the content 30 through profiling and analysis of the content 30. That is, the separated execution target code block 34 is a basic block group 37 selected in the code area 31 of the content 30 through profiling and analysis of the content 30, and the selected basic block group 37 is selected. At least one of the plurality of components) may be extracted to the separate execution target code block 34. The stub code 36 is inserted into the part where the separation execution target code block 34 is extracted. As will be described later, through the profiling and analysis of the content 30, the content 30 is divided into a separate execution target code block 34 and a content for service 32 from which the separation execution target code block 34 is extracted. .

The separate execution target code block 34 may be converted into the code block 27 for storage and provided in the form of being stored in the storage 53 or provided to the storage 53 in the form of a download. The separate execution target code block 34 is a basic block group 37 including a plurality of basic blocks 35 as described above. The split execution target code block 34 allows the entry of the control signal through the entry point of the split execution target code block 34 and the movement of the control signal between the basic block 35, but the split execution target code block ( It is preferable to select a basic block group 37 including a plurality of basic blocks 35 which are related to each other without entry of a control signal to the basic block 35 except for the start point of 34.

The reason is that when the basic block group 37 having the entry of the control signal to the basic block 35 except for the starting point from the basic block group 37 is extracted as the separate execution target code block 34, the corresponding execution target code After the block 34 is extracted, a control signal may enter the middle of the stub code 36 to be inserted and not to the beginning. In this case, the stub code 36 may not process the control signal, and thus the execution of the corresponding content 30 may be stopped or an error may be generated. That is, since the stub code 36 has a garbage value such as a no-operation instruction (NOP) in the remaining areas except for the first 5 bytes, an error may occur when the control signal enters the garbage containing area. In other words, since the basic block group 37 having the entry of the control signal to the basic block 35 except for the starting point has a high probability of generating an error when performing the separate execution, the separated execution target code block ( 34) is not suitable.

The display unit 14 may display information stored in the storage unit 13 including various function menus executed in the content providing terminal 10. The display unit 14 may display a list of content 30 to be registered under the control of the terminal controller 15. The display unit 15 may output a verification result and a registration completion message received from the content registration server 20 under the control of the terminal controller 15. In this case, an LCD (Liquid Crystal Display) or a touch screen may be used as the display unit 14. The touch screen simultaneously serves as a display device and an input device.

The terminal controller 15 is a microprocessor that performs overall control operations of the content providing terminal 10. The terminal controller 15 separates the content 30 to be registered using the profiling and analysis tool 40 into a separate execution target code block 34 and a service content 32, and separates the separated execution target code block. 34 and the service content 32 are registered in the content registration server 20.

In addition, the terminal controller 15 performs re-profiling and analysis according to the verification result of the separation execution target code block 34 fed back from the content registration server 20 during the registration of the content 20. That is, when a selection signal for the content 30 to be analyzed is input through the input unit 12, the terminal controller 15 calls the corresponding content 30 from the storage unit 13. The terminal controller 15 extracts the separate execution target code block 34 through profiling and analysis of the called content 30 and registers the extracted separation execution target code block 34 through the communication unit 11. Send to server 20. Upon receiving the verification failure result that the invalid execution target code block 34 included in the separation execution target code block 34 transmitted from the content registration server 20 is received, the terminal controller 15 receives the verification failure received. Based on the results, the extracted execution target code block 34 is extracted again through re-profiling and analysis of the called content 30, and the extracted separation execution target code block 34 is retransmitted to the content registration server 20. do. In addition, the terminal controller 15 may receive a verification pass result indicating that the separation execution target code block 34 transmitted from the content registration server 20 is valid through the communication unit 11. In this case, the terminal controller 15 may output the received verification failure result or the verification pass result through the display unit 14.

In this case, the terminal controller 15 may execute the profiling and analysis tool 40 as follows. That is, the terminal controller 15 accesses the content registration server 20 through the communication unit 11 and performs authentication. If the authentication passes, the terminal controller 15 downloads an Active-X launcher from the content registration server 20 through the communication unit 11 and executes Active-X. The terminal controller 15 checks whether the profiling and analysis tool 40 downloaded from the content registration server 20 is stored in the storage unit 13. If there is no check result, the terminal controller 15 requests and downloads the profiling and analysis tool 40 to the content registration server 20. If there is a check result, the terminal controller 15 executes the profiling and analysis tool 40. In this case, the active-X executed by the active-X launcher connects the content providing terminal 10 and the content registration server 20 and uses the profiling and analysis tool 40 executed in the content providing terminal 10. The separated execution execution code block 34 and the content for service 32 can be registered in the content registration server 20.

The profiling and analysis tool 40 includes a content caller 42, a basic block group selector 44, and an extractor and generator 46. The content caller 42 calls the content 30 to be analyzed. The basic block group selector 44 selects a plurality of basic block groups 37 through profiling and analysis of the code area 31 of the called content 30. The extraction and generation unit 46 extracts the separation execution target code block 34 from the plurality of basic block groups 37, separates the separation target code block 34 from the code area 31 of the content 30, and the separation execution target code block 34. ) Inserts the stub code 36 into the extracted code area to generate the service content 32. The extraction and generation unit 46 registers the separation execution target code block 34 and the service content 32 in the content registration server 20.

When the selection signal for the content 30 to be registered is input through the input unit 12, the content caller 42 may call the corresponding content 30 from the storage unit 13. When the content caller 42 calls the content 30 to be registered, the content caller 42 may receive and set a security level for the content 30 to be registered. That is, the content caller 42 may display a list of the content 30 to be registered on the display unit 14. The content provider selects the content 30 to be registered from the list through the input unit 12 and selects and sets a security level for the selected content 30. In this case, the content caller 42 displays a security level setting item that can be selected by the content provider on the display unit 14. When the content provider selects a specific security level setting item from the displayed security level setting items, the content calling unit 42 sets the security level of the content 30 to be registered as the selected security level setting item.

For example, the security level setting item may include a code block to be extracted, that is, a frequency of calls of the basic block group 37, a location of calls of the basic block group 37, a memory reference frequency of the host terminal 51, and an OS API of the host terminal 51. Reference frequency, at least one of the hardware elements of storage 53.

The call frequency item of the basic block group 37 is an item in which the content provider sets a call frequency preference of the separated execution target code block 34 to be automatically extracted by profiling and analysis. It is an item that can select how many times it is called during execution of the content 30. In this case, the higher the frequency of the call, the more important the basic block group 37 is. Therefore, the security effect is high. However, this may impose a burden on the storage device 53 and reduce the execution speed of the entire content 30. Therefore, the content provider preferably sets the appropriate call frequency according to the security level of the content 30 to be registered.

The call position item of the basic block group 37 selects the basic block group 37 called at the beginning of program execution in the selection of the separate execution target code block 34, or the basic block group 37 called at the time of executing a specific function. Select whether to select).

The memory reference frequency item of the host terminal 51 is an item that sets how often the separate execution target code block 34 to be selected refers to the memory of the host terminal 51. The higher the memory reference frequency, the stronger the dependency on the host terminal 51, which means that the security efficiency due to the separate execution target code block 34 is higher. However, if the memory of the host terminal 51 is referred to repeatedly, since the execution speed of the corresponding content 30 may be reduced, the content provider may set an appropriate memory reference frequency according to the security level of the content 30 to be registered. It is preferable.

The OS API reference frequency item of the host terminal 51 is an item that sets how often the separated execution target code block 34 to be selected refers to the OS API. The higher the OS API reference frequency, the stronger the dependency on the host terminal 51, which means that the security efficiency due to the separate execution target code block 34 is higher. However, if the OS API of the host terminal 51 is repeatedly referred to, since the execution speed of the corresponding content 30 may be reduced, the content provider may refer to the appropriate OS API reference frequency according to the security level of the content 30 to be registered. It is preferable to set.

The hardware element item of the storage device 53 may be a hardware form factor of the storage device 53 to be used together with the corresponding content 30, such as DRAM, NAND Flash, or Noah flash. NOR Flash) capacity and microprocessor speed can be selected. The hardware element of the storage device 53 may be one of important factors in executing the actual separate execution target code block 34 to calculate the output value.

Meanwhile, in the first embodiment, an example in which a content provider directly sets a security level is disclosed, but the security level may be set as a default. In the first embodiment, the example of setting the security level after selecting the content 30 to be registered is disclosed. However, the content 30 to be registered may be selected after setting the security level.

The basic block group selecting unit 44 includes a basic information collecting unit 44a and a static analyzing unit 44b. The basic information collecting unit 44a collects basic information through dynamic profiling of the called content 30. The static analysis unit 44b expands the analysis range of the code area 31 of the content 30 by performing a static analysis on the content 30 based on the collected basic information, and through this, a plurality of basic block groups ( 37).

As described above, the content 30 includes a plurality of files, for example, a file such as an API provided by an operating system, an API provided by a developer, or a DLL. Therefore, since the part to be analyzed in the content 30 must be set, and it is not preferable to select the basic block group selected by the API that is already published among the content 30 as the separate execution target code block 34, the content ( It is necessary to limit the portion to be analyzed in 30 to the code region 31.

The basic information is information collected about the code region 31 through dynamic profiling during run-time for the content 30. In other words, dynamic profiling can track the values assigned to inputs, outputs and registers, and the flow of content 30 in code, so that dynamic profiling can be used to expand the scope of analysis while collecting accurate and accurate basic information. can do. The collected basic information includes the start address of the basic block group 37, the end address of the basic block group 37, the number of calls of the basic block group 37, the size of the basic block group 37, and the basic block group 37. It contains information about the presence or absence of a real operation in). In particular, the collected basic information includes at least one indirect address among a branch address, a jump address, a call address, and an indirect address of the RET. The indirect address includes information about the start address of the basic block group 37, the size of the basic block group 37, and the branch taken address. In addition, the collected basic information is based on the set security level setting item, the number of times of referring to the memory of the host terminal in the basic block group 37, the number of times of calling the OS API of the host terminal in the basic block group 37, basic The execution time of the block group 37, the total number of instructions executed in the basic block group 37, the number and type of parameters passed for execution of the basic block group 37, the return after the execution of the basic block group 37 It may further include at least one of the kind of the value.

The static analyzer 44b performs a static analysis on the code region 31 of the content 30 based on the basic information collected about the code region 31. That is, since the static analysis unit 44b does not desirably select a part related to the published API of the content 30 as an analysis target, the static analysis unit 44b performs the static analysis of the code region 31 except for the corresponding part. In this case, the static analyzer 44b may perform static analysis based on the basic information other than the basic information related to the published API among the content 30 among the collected basic information.

A general static analysis is a method of finding the starting point of the code region 31 of the content 30 and analyzing the control flow from the found starting point. Therefore, static analysis does not have information that can be obtained at run-time, so it is only possible to move to a path marked with a certain value in binary code. In particular, there are restrictions such as register data, heap area data, and movement to external DLL. Also following the control flow is a significant limitation due to the lack of indirect information. Because of this, general static analysis can be approached by grasping various starting points arbitrarily, but it is hard to have big meaning, so the scope of analysis is narrow.

However, since the static analyzer 44b performs the static analysis based on the basic information collected through the dynamic profiling, the analysis range of the code region 31 of the content 30 may be extended. That is, the static analyzer 44b substitutes an indirect address among the collected basic information on the control flow, thereby extending the analysis range of the code region 31 of the content 30 to perform dynamic profiling alone or to perform static analysis. More valid basic block groups 37 can be selected for performance.

Since the scope of analysis of the content 30 can be extended by assigning an indirect address as described above, although there may be differences depending on the characteristics of the content 30 to be analyzed, compared to performing dynamic profiling or static analysis alone. The range of analysis can be increased by several orders of magnitude. For example, if the static analysis alone shows a compression range of less than 1% for compressed executable programs such as Alzip.exe (Eastsoft's solution), but static analysis is performed using the basic information collected through dynamic profiling. It can be seen that the analysis range is more than 27%. That is, a large number of indirect addresses present in the code area 31 of the content 30, and the possibility of extending the analysis range by using the indirect addresses means that various outputs, that is, the basic block group 37, can be derived. do.

On the other hand, since the size of the basic block group 37 may be tens to hundreds of bytes in 1 byte, such as RET, the larger the size of the basic block group 37 is, the greater the probability of internal entry is. In addition, if all instructions of the content 30 can be inspected and analyzed before execution, a more accurate and detailed basic block group 37 can be defined. However, this also cannot completely define the basic block group 37 due to the existence of indirect addresses.

Therefore, the basic block group 37 which allows the entry of the control signal through the starting point and the movement of the control signal between the basic block 35 but does not enter the control signal to the basic block 35 except for the starting point is included in the content 30. In order to extract from, the static analyzer 44b may select the basic block group 37 in the code area 31 of the content 30 by using the following definition (rule).

In this case, the definition of the basic block group 37 is as follows. First, the basic block group 37 defined once is not fixedly defined, and the basic block group 37 is separated and redefined according to the presence or absence of a control signal entering into the basic block group 37.

3, 4, and 9, the static analyzer 44b includes a basic block group 37 including a plurality of basic blocks 35 associated with each other in the code area 31 of the content 30. Can be defined In this case, the defined basic block group 37 may be referred to as a collection of basic blocks 35 without entering a control signal to the basic block 35b excluding the starting point.

Here, when a control signal through the basic block 35a positioned at the start of the basic block group 37 is input, the static analyzer 44b does not redefine the basic block group 37. In addition, even when the control signal is moved between the basic blocks 35 included in the basic block group 37, the static analyzer 44b does not redefine the basic block group 37. That is, in the above two cases, the static analyzer 44b maintains the basic block group 37 in the current defined state.

However, as shown in FIGS. 3, 4, and 10, when the control signal is input to the other basic block 35b except for the basic block 35a positioned at the start of the basic block group 37, the static analyzer 44b divides the basic block group 37 based on the basic block 35b to which the control signal is input and redefines it. That is, if there is a control signal entering the basic block group 37, the static analyzer 44b divides and redefines the basic block group 37 based on an instruction address of the control signal.

By redefining the basic block group 37 in this manner, it is possible to increase the probability that the divided basic block groups 37a and 37b are established as basic block groups without internal entry.

In this case, the basic block group 37 to be redefined has a first basic block group 37a based on the command address of the control signal and a second basic block group 37b including the command address of the control signal. Is redefined to). The branch address of the first basic block group 37a becomes the next instruction address for entry to the start point of the second basic block group 37b.

And by repeating this redefinition step, the finally redefined basic block group 37 is a plurality of basic blocks 35 having the properties of a single input and a single output and the property of not allowing entry from outside to inside. It may be defined as a basic block group 37 including a.

The extraction and generation unit 46 may extract the basic block group 37 as a separate execution target code block 34 according to a security level set among the plurality of selected basic block groups 37. The extraction and generation unit 46 may extract the separation execution target code block 34 according to the set security level. For example, the content provider may include a call frequency of the basic block group 37, a call position of the basic block group 37, a memory reference frequency of the host terminal 51, an OS API reference frequency of the host terminal 51, and a storage device 53. When the security level is set by assigning a weight to at least one of the hardware elements, the extraction and generation unit 46 may select the separation target code block 34 according to the set security level. That is, the content provider may set a security level at the user level in consideration of the type, value, and the like of the content 30, and thereby obtain a copy protection effect of the content 30.

The extraction and generation unit 46 inserts the stub code 36 into the code region from which the separate execution target code block 34 is extracted to generate the service content 32. At this time, the stub code 36 connects the code region extracted from the content 30 with the extracted separation target code block 34.

In addition, the extraction and generation unit 46 is a content for the service in which the stub code 36 is inserted into the separated execution target code block 34 extracted from the content 30 and the code region from which the separate execution target code block 34 is extracted. The data may be divided into 32 and stored in the storage unit 13.

As described above, the separation execution target code block 34 extracted by the extraction and generation unit 46 allows the input of the control signal when the control signal is input through the basic block 35 positioned at the start point. The separate execution target code block 34 allows the movement of the control signal between the basic blocks 35 according to the input of the control signal through the start point. The separate execution target code block 34 also includes a plurality of basic blocks 35 without entry of control signals to the basic block 35 except for the start point. In other words, the separated execution code block 34 includes a plurality of basic blocks 35 which do not allow entry of the control signal to the basic block 35 except for the start point.

The extraction and generation unit 46 transmits the separation execution target code block 34 and the service content 32 to the content registration server 20 to register. At this time, the extraction and generation unit 46 transmits and registers the registration information for the content 30 to be registered to the content registration server 20 together. For example, the registration information of the content includes at least one of a title, a Mime type, a description, a content provider name, and billing information.

In addition, the profiling and analysis tool 40 adds the verification failure result received through the feedback to the filtering list, puts the corresponding code block 32 on the black list, excludes it from the selection, and re-profiles and analyzes it. Next, the new separation execution target code block 34 is extracted and retransmitted to the content registration server 20.

The terminal controller 15 receives a registration completion message for the content 30 requesting registration from the content registration server 20 and outputs it to the display unit 14. In this case, the registration completion message may include information on the verification pass result.

The content registration server 20 of the content registration system according to the first embodiment will be described in detail with reference to FIGS. 1 and 6 as follows. 6 is a block diagram showing the configuration of the content registration server 20 of FIG.

The content registration server 20 according to the first embodiment includes a transceiver 21, a database 23, and a server controller 25.

The transceiver 21 communicates with the content providing terminal 10 through the network 55. The transceiver 21 transmits the separation execution target code block 34 and the service content 32 received from the content providing terminal 10 to the server controller 25. The transmitter / receiver 21 transmits the verification result of the separation execution target code block 34 to the content providing terminal 10 under the control of the server controller 25. The transceiver 1 transmits a registration completion message for the content 30 requested to be registered under the control of the server controller 25 to the content providing terminal 10.

The database unit 23 stores the profiling and analysis tool 40 and related information of the content 30 requested by the content providing terminal 10 to register. The related information of the content 30 includes a code block 27 for a storage device in which the separate execution target code block 34 is converted, a service content 32, and a registration information 39 of the content 30. The execution target code block 34 may further be included. For example, the registration information 39 of the content 30 includes at least one of a title, a Mime type, a description, a content provider name, and billing information.

In this case, the separation execution target code block 34 is a code block extracted from the content 30 executed in the host terminal 51. For example, the separated execution target code block 34 may be a code block extracted from a code area of the content 30 for x86 or x64. Therefore, the separated execution target code block 34 is converted into a code format that can be used in the storage device 53, which is called a code block 27 for storage device. For example, when the storage device 53 is a smart card, the separate execution target code block 34 is converted into a Java Byte code block or an ARM code block. The converted code block may be included in a right object (RO) or an applet and provided to the smart card.

The server controller 25 performs an overall control operation of the content registration server 20. The server controller 25 receives and registers a separate execution target code block 34 of the content 30 and a service content 32 from the content providing terminal 10 according to a request of the content provider through the network 55. . At this time, the server controller 25 verifies the separation execution target code block 34 received from the content providing terminal 10, feeds back the verification result to the content providing terminal 10, and provides stable separation execution based content 30. The separate execution target code block 34 that can provide the execution environment is guided to be extracted. That is, the server controller 25 receives the separated execution target code block 34 extracted through profiling and analysis of the content 30 to be registered from the content providing terminal 10 through the transceiver 21. The server controller 25 executes the received separate execution target code block 34 in a test environment corresponding to the execution environment of the actual storage device 53 to verify validity. When the invalid execution target code block 34 is detected as a result of the verification, the server controller 25 feeds back a verification failure result to the content providing terminal 10. If the verification result is valid, the server controller 25 converts the separate execution target code block 34 to the storage code block 27. The server control unit 25 registers the converted storage device code block 27 and the service content 32 in the database unit 23. In this case, if the verification result is valid, the server controller 25 may feed back the verification pass result to the content providing terminal 10. In addition, after completing the registration for the content requested to be registered 30, the server controller 25 may transmit a registration completion message to the content providing terminal 10.

The server controller 25 may verify the validity of the separate execution target code block 34 based on the following verification item. At this time, the verification items include: Floating Point Instruction, SIMD Instruction Set, whether the memory range included in the Initial Context exceeds the threshold capacity, the existence of a loop that repeats for a long time in the separate execution target code block 34, and the separation execution target. It includes at least one of the presence or absence of data in the code block 34.

1.Presence of Floating Point Instruction

This is because x86 floating point instruction is not easy to convert to floating point instruction for ARM. The reason is that x86 floating point instruction is not easy to interpret, and there is rarely 1: 1 instruction to ARM floating point instruction. In addition, it is necessary to compensate for floating point value loss that may occur in the conversion process, because it is difficult to determine the exact value.

2.Presence of SIMD (MMX, SSE, SSE2, 3DNow!) Instruction Set

The SIMD Instruction Set is an Instruction Set that supports Single Instruction Multiple Data added to support the Pentium III processor, the Vector processor, and the Array processor. This supports efficient access to large amounts of data and increases the performance of the same tasks. In order to convert such instruction set for ARM, corresponding instruction should be provided in ARM. Currently, it is not easy to cope with the same value as the complicated conversion process of several steps.

3. Whether the memory range included in the Initial Context exceeds the threshold capacity

When the content terminal 30 is executed in the host terminal 51, data about a memory referred to by the separate execution target code block 34 performed by the storage device 53 is transferred to the host terminal 51 during execution of the content 30. You want to reduce the communication overhead. In this case, when the memory area referred to by the separation execution target code block 34 becomes wider, the storage 53 may not be able to store the data due to the amount of data transferred in the Initial Context. Therefore, it is necessary to check the memory reference area of the separated execution target code block 34 and limit it to a certain range.

4. The existence of long loops in the code block

The user should not feel any performance degradation due to security when running the content 30. However, if the extracted execution target code block 30 takes its own loop while taking control of the host terminal for a long time, the congestion of the content 30 may occur and the user may feel difficulty in using the program. I need a routine to find and pad back.

5. The existence of non-code data in the code block to be executed

Occasionally, data may exist within a code region. There is a routine to check this in the profiler, but when selecting a block of code on the critical path as the target block of code 34 to be executed, a situation may arise in which a block of code outside of the selection range may be added. Insert it as an Error-Free check routine in case. At this time, the critical path means a path that is necessarily executed at least once when the content 30 is executed.

For example, if the separated execution target code block 34 is extracted from the code area 31 of the content for x86 30 and the storage 53 is based on an ARM processor, the verification item may include a floating point instruction or a SIMD instruction. It may include the presence or absence of a set.

The server controller 25 converts the separated execution target code block 34 that has passed the verification into a storage code block 27. For example, when the storage device 53 is a smart card, the separated execution target code block 34 that has passed the verification may be converted into a Java Byte code block or an ARM code block. At this time, the Java Byte code block can be included in the applet and installed in the smart card. Code blocks for ARM can be included in rights objects (ROs) and installed on smart cards.

The method of registering content according to the first embodiment of the present invention will be described with reference to FIGS. 1 to 11 as follows. 7 is a flowchart illustrating a content execution method based on a separation execution according to a first embodiment of the present invention. FIG. 8 is a detailed flowchart illustrating the separation execution target code block extraction and content generation step for a service of FIG. 7. 9 and 10 are exemplary diagrams for describing a step of selecting a basic block group to be extracted as the separated execution target code block of FIG. 8. FIG. 11 is an exemplary diagram for describing a verification step of the registration method of FIG. 7.

First, in steps S61 to S83, the content providing terminal 10 executes the profiling and analysis tool 40 downloaded from the content registration server 20. That is, in step S61, the content providing terminal 10 accesses the web page 21 of the content registration server 20. Subsequently, when the content providing terminal 20 requests a registration page for registering the content 30 in step S63, the content registration server 20 transmits a login page to the content providing terminal 10 in step S65.

Next, in step S67, the content providing terminal 10 receives the login information according to the selection signal through the input unit 12 of the content provider, and transmits the login information input in step S69 to the content registration server 20.

Next, in step S71, the content registration server 20 authenticates the content provider connected with the received login information. If the authentication passes, in step S73 the content registration server 20 transmits the active-X launcher to the content providing terminal 10. Subsequently, in step S75, the content providing terminal 10 executes Active-X through the Active-X Launcher.

Meanwhile, if authentication fails because the received login information does not match the registered login information, the content registration server 20 may request the content providing terminal 10 to re-enter the login information.

Next, in step S77, the content providing terminal 10 checks whether the profiling and analysis tool 40 downloaded from the content registration server 20 is in the storage unit 13.

If there is no check result of step S77, in step S79 content providing terminal 10 requests the transmission of the profiling and analysis tool 40 to the content registration server 20. In operation S81, the content registration server 20 transmits the profiling and analysis tool 40 to the content providing terminal 10.

Next, when the result of checking in step S77 or the profiling and analysis tool 40 is received through step S81, the content providing terminal 10 executes the downloaded profiling and analysis tool 40 in step S83.

Next, in step S85, the content providing terminal 10 calls the content 30 to be registered. That is, when a selection signal for calling the content 30 to be analyzed is input from the content provider, the content providing terminal 10 displays the list of the content 30 to be registered stored in the storage unit 13 on the display unit 45. . Subsequently, when specific content 30 is selected from the list, the content providing terminal 10 calls the selected content 30.

Next, in step S87, the content providing terminal 10 sets the security level for the selected content (30). That is, the content providing terminal 10 displays the security level setting item that the content provider can select on the display unit 14. When the content provider selects a specific security level setting item from the displayed security level setting items, the content providing terminal 10 sets the security level of the content 30 to be registered as the selected security level setting item.

In this case, the first embodiment discloses an example of proceeding in the order of step S85 and step S87, but may proceed in the reverse order. In addition, when the security level is set as a default, the content providing terminal 10 may omit step S87.

Next, in step S89, the content providing terminal 10 extracts the separate execution target code block 34 from the content 30 to be registered through the profiling and analysis tool 40 being executed, and extracts the content 32 for service. Create On the other hand, a detailed description of the step S89 will be described later.

In step S91, the content providing terminal 10 requests the content registration server 20 to register the corresponding content 30 using the extracted execution target code block 34 and the service content 32. In this case, the content providing terminal 10 may transmit the registration information 39 of the corresponding content 30 when requesting the registration of the content 30.

Next, the content registration server 20 parses the received separation execution target code block 34 and the service content 32 to determine whether it is valid, and if the content registration server 20 is valid, the separation execution target code block 34 and the content for the service. (32) is registered in the database (23). That is, the validity of the content 30 may be determined by testing the content 30 in a test process environment corresponding to a separate execution environment of the actual host terminal 51 and the storage device 53.

Referring to the registration process of the content 30 through the verification according to the steps S93 to S111 as follows.

First, in step S93, the content registration server 20 executes the received execution target code block 34 in a test environment corresponding to the execution environment of the actual storage device 53 to verify validity. In this case, the content registration server 20 may verify the validity of the separate execution target code block 34 based on the following verification item. At this time, the verification items include: Floating Point Instruction, SIMD Instruction Set, whether the memory range included in the Initial Context exceeds the threshold capacity, the existence of a loop that repeats for a long time in the separate execution target code block 34, and the separation execution target. It includes at least one of the presence or absence of data in the code block 34. For example, if the separated execution target code block 34 is extracted from the code area 31 of the content 30 for x86 or x64, and the storage device 53 is based on an ARM processor, the verification item may include the presence or absence of floating point instruction. It may include the presence or absence of a SIMD Instruction Set.

If an invalid separation execution target code block 34 is detected as a result of verification in step S93, that is, verification fails, the content registration server 20 feeds back a verification failure result to the content providing terminal 10 in step S95. . In this case, the verification failure result includes information on which verification item which the separation execution target code block 34 corresponds to among the separation execution target code blocks 34 received.

Next, in step S97, the content providing terminal 10 may output the received verification failure result to the display unit 14 so that the content provider can check. Subsequently, the content providing terminal 10 extracts the target code block 34 to be separated and re-generated again by re-profiling and analyzing the content 30 to be registered based on the received verification failure result to the content registration server 20. Resend. At this time, in step S99, the content providing terminal 10 adds the verification failure result received through the feedback to the filtering list, adds the corresponding code block 32 to the black list, and excludes it from the selection target, and re-profiling according to step S89 and Analysis may be performed to extract a new separate execution target code block 34.

As such, when the content providing terminal 10 receives the feedback of the verification failure result, the content providing terminal 10 performs steps S89 and S91 again. In addition, if the verification fails in step S93, the content providing terminal 10 and the content registration server 20 repeats steps S95, S97, S99, S89 and S91.

If the verification result of step S93 is valid, that is, if the verification passes, in step S101, the content registration server 20 feeds back the verification pass result that the separation execution target code block 34 received by the content providing terminal 10 is valid. do. Meanwhile, even if the verification result is invalid, the content registration server 20 may correct the error by passing the verification if the self registration is possible.

Subsequently, in step S105, the content registration server 20 converts the verified separation execution target code block 34 into a storage device code block 27. For example, the content registration server 20 may convert the separated execution target code block 34 that has passed the verification into a Java Byte code block or an ARM code block when the storage device 53 is a smart card.

Next, in step S107, the content registration server 20 registers the converted storage device code block 27 and the service content 32 to the database unit 23. At this time, the content registration server 20 also registers the registration information 39 of the corresponding content 30.

In step S109, the content registration server 20 transmits a registration completion message to the content providing terminal 10.

In step S111, the content providing terminal 10 outputs the received registration completion message. In this case, the content providing terminal 10 may display a registration completion message on the display unit 14 so that the content provider can check.

On the other hand, step S101 disclosed an example that is performed before step S105 is limited to this. That is, the verification pass result may be performed in a step after passing the verification according to step S93. For example, the verification pass result may be performed after the step S105 is completed, or may be transmitted together with the registration completion message in step S109.

Meanwhile, the extraction of the target execution code block extraction and the content generation step for the service according to step S89 will be described in detail.

First, in step S891, the profiling and analysis tool 40 starts execution of the called content 30. In step S893, the profiling and analysis tool 40 collects basic information about the code area 31 during the run-time for the content 30. In this case, the profiling and analysis tool 40 may collect at least one indirect address among a branch address, a jump address, a call address, and an indirect address of the RET as basic information. In this case, step S891 may be automatically performed according to the call of the content 30 according to step S85, or may be performed by inputting a selection signal through the input unit 12 of the operator.

In step S895, the profiling and analysis tool 40 performs a static analysis on the code region 31 of the called content 30 using the basic information collected through dynamic profiling to expand the scope of analysis. Through this, a plurality of basic block groups 37 are selected. That is, in step S895, the profiling and analysis tool 40 selects a plurality of basic block groups 37 by performing a static analysis on the code area 31 of the content 30 using the collected basic information. At this time, by assigning indirect addresses of the collected basic information on the control flow, the profiling and analysis tool 40 expands the analysis region of the code region 31 of the content 30 to perform dynamic profiling or static analysis alone. More basic block groups 37 can be selected for performance.

Meanwhile, in step S895, the profiling and analysis tool 40 may select the basic block group 37 through definitions (rules), as shown in FIGS. 9 and 10.

First, as shown in FIG. 9, the profiling and analysis tool 40 may define a basic block group 37 comprising a plurality of basic blocks 35 associated with each other in the code area 31 of the content 30. Can be.

Here, when a control signal through the basic block 35a positioned at the start of the basic block group 37 is input, the profiling and analysis tool 40 does not redefine the basic block group 37. In addition, even when the control signal moves between the basic blocks 35 included in the basic block group 37, the profiling and analysis tool 40 does not redefine the basic block group 37. That is, in the two cases described above, the profiling and analysis tool 40 maintains the basic block group 37 in its current defined state.

However, as shown in FIG. 10, when a control signal is input to the other basic block 35b except for the basic block 35a positioned at the start of the basic block group 37, the profiling and analysis tool 40 The basic block group 37 is divided and redefined based on the basic block 35b to which the control signal is input. That is, if there is a control signal entering the basic block group 37, the profiling and analysis tool 40 divides and redefines the basic block group 37 based on the instruction address of the control signal.

By redefining the basic block group 37 in this manner, it is possible to increase the probability that the divided basic block groups 37a and 37b are established as the basic block group 37 without internal entry.

In this case, the basic block group 37 to be redefined has a first basic block group 37a based on the command address of the control signal and a second basic block group 37b including the command address of the control signal. Is redefined to).

And by repeating this redefinition step, the finally redefined basic block group 37 is a plurality of basic blocks 35 having the properties of a single input and a single output and the property of not allowing entry from outside to inside. It may be defined as a basic block group 37 including a.

Next, in steps S897 and S899, the profiling and analysis tool 40 extracts the separation target code block 34 from the plurality of basic block groups 37 selected and separates it from the code area 31 of the content 30. Then, the stub code 36 is inserted into the code area from which the separated execution code block 34 is extracted.

That is, in step S897, the profiling and analysis tool 40 may extract the basic block group 37 as a separate execution target code block 34 according to a security level set among the plurality of selected basic block groups 37. For example, the content provider may include a call frequency of the basic block group 37, a call position of the basic block group 37, a memory reference frequency of the host terminal 51, an OS API reference frequency of the host terminal 51, and a storage device 53. When the security level is set by weighting at least one of the hardware elements of the profiling and analysis tool 40, the profiling and analysis tool 40 may select the separation target code block 34 according to the set security level.

In operation S899, the profiling and analysis tool 40 generates the service content 32 by inserting the stub code 36 into the code region from which the separate execution target code block 34 is extracted. At this time, the stub code 36 connects the code region extracted from the content 30 with the extracted separation target code block 34.

In this way, the separation execution target code block 34 is extracted from the content 30, and the stub code 36 is inserted into the code region from which the separation execution target code block 34 is extracted to generate the service content 32. The profiling and analysis tool 40 divides the content 30 into the extracted separated execution target code block 34 and the generated service content 32. In this case, in operation S873, the profiling and analysis tool 40 may store the separation execution target code block 34 and the service content 32 in the storage unit 13.

Meanwhile, in the first exemplary embodiment, the content execution server 20 extracts a separate execution target code block 34 from the corresponding content 30 by profiling and analyzing the content 30 to be registered by the content providing terminal 10. An example of performing verification by transmitting to the above is disclosed, but is not limited thereto. For example, as illustrated in FIGS. 12 to 15, the content registration server 20 may extract the separation execution target code block 34 from the content 30 to be registered and perform verification.

In the digital rights management system 200 based on the separation execution according to the second embodiment of the present invention, as illustrated in FIG. 12, the content providing terminal 10 and the content registration server 20 connected through the network 55. ) And a host terminal 51 and a storage device 53 connected to the host terminal 51 via a wired or wireless interface. In particular, the digital rights management system 200 based on the separation execution according to the second embodiment includes a content registration system. The content registration system is configured to include a content providing terminal 10 and a content registration server 20 connected via a network 55.

The content providing terminal 10 transmits the list 38 for the separated execution target code block 34 extracted through profiling and analysis together with the content 30 to be registered to the content registration server 20. If the feedback of the verification failure that the invalid execution target code block 34 included in the separated execution target code block 34 included in the transmitted list 38 is received, the content providing terminal 10 receives the verification. Based on the failure result, the list 38 for the separated execution target code block 34 extracted through re-profiling and analysis of the content 30 to be registered is resent to the content registration server 20. In addition, the content providing terminal 10 may receive and output a verification pass result indicating that the separation execution target code block 34 included in the list 38 transmitted from the content registration server 20 is valid. At this time, the content providing terminal 10 generates a list 38 of the separated execution target code block 34 by using the profiling and analysis tool 40.

The content registration server 20 extracts the separated execution target code block 34 from the content 30 to be registered based on the received list 38. The content registration server 20 inserts stub codes into the code region from which the separate execution target code block 34 is extracted to generate the service content 32. The content registration server 20 verifies the validity of the extracted execution target code block 34. When the invalid execution target code block 34 is detected as a result of the verification, the content registration server 20 feeds back a verification failure result to the content providing terminal 10. If the verification result is valid, the content registration server 20 converts the separation execution target code block 34 to the storage code block 27 and feeds back the verification pass result to the content providing terminal 10. The content registration server 20 registers the registration information of the converted code block 27 for storage device, the content for service 32 and the content 30 in the database unit.

The registration method of the content 30 according to the second embodiment of the present invention will be described with reference to FIGS. 12 to 15 as follows. 13 is a flowchart illustrating a content execution method based on a separation execution according to a second embodiment of the present invention. FIG. 14 is a detailed flowchart of a list generation step of the separated execution target code block of FIG. 13. FIG. 15 is an exemplary diagram for describing a verification step of the registration method of FIG. 13.

First, since steps S61 to S87 are performed in the same order as the registration method according to the first embodiment, detailed descriptions are omitted and the following steps are described from step S88.

In step S88, the content providing terminal 10 generates a list 38 for the separated execution target code block 34 extracted through profiling and analysis of the content 30 to be registered. In other words, the profiling and analysis tool 40 starts execution of the called content 30 in step S881. Next, in step S883, the profiling and analysis tool 40 collects basic information about the code area 31 during the run-time for the content 30. Next, in step S885, the profiling and analysis tool 40 performs a static analysis on the code region 31 of the called content 30 using the basic information collected through dynamic profiling to expand the scope of analysis. Through this, a plurality of basic block groups 37 are selected. Subsequently, in step S889, the profiling and analysis tool 40 selects the basic block group 37 as a separate execution target code block 34 according to a security level set among the plurality of selected basic block groups 37. The profiling and analysis tool 40 then generates a list 38 for the selected separate execution target code block 34.

Next, in step S90, the content providing terminal 10 transmits the generated list 38 to the content registration server 20. In this case, the content providing terminal 10 transmits the content 30 to be registered together with the list 38 and the registration information of the content 30.

Next, in step S92, the content registration server 20 extracts the separated execution target code block 34 from the content 30 to be registered based on the received list 38. In addition, the content registration server 20 inserts the stub code into the code area from which the separate execution target code block 34 is extracted to generate the service content 32.

Next, steps S93 to S111 are performed in substantially the same order as the registration method according to the first embodiment. That is, in step S93, the content registration server 20 executes the extracted execution target code block 34 in a test environment corresponding to the execution environment of the actual storage device 53 to verify validity. In this case, the content registration server 20 may verify the validity of the separate execution target code block 34 based on the following verification item. For example, the verification items include: floating point instruction, SIMD instruction set, whether the memory range included in the initial context exceeds the threshold capacity, existence of a loop that repeats for a long time in the separated execution code block 34, separated execution object It includes at least one of the presence or absence of data in the code block 34.

If an invalid separation execution target code block 34 is detected as a result of verification in step S93, that is, verification fails, the content registration server 20 feeds back a verification failure result to the content providing terminal 10 in step S95. . In this case, the verification failure result includes information on which verification item which the separation execution target code block 34 corresponds to among the extracted separation execution target code blocks 34.

Next, in step S97, the content providing terminal 10 may output the received verification failure result to the display unit 14 so that the content provider can check. Subsequently, the content providing terminal 10 generates the list 38 for the separated execution target code block 34 again by re-profiling and analyzing the content 30 to be registered based on the received verification failure result. Resend to the registration server 20. In this case, in step S99, the content providing terminal 10 adds the verification failure result received through the feedback to the filtering list, puts the corresponding execution target code block 34 on the black list, and excludes it from the selection target. Profiling and analysis is performed to generate a list 38 of new separate execution code blocks 34.

As such, when the content providing terminal 10 receives the feedback of the verification failure result, the content providing terminal 10 performs steps S88, S90, and S92 again. In addition, when the verification fails in step S93, the content providing terminal 10 and the content registration server 20 repeats the steps S95, S97, S99, S88, S90 and S92.

If the verification result of step S93 is valid, that is, if the verification passes, in step S101, the content registration server 20 feeds back the verification pass result that the separation execution target code block 34 received by the content providing terminal 10 is valid. do. Meanwhile, even if the verification result is invalid, the content registration server 20 may correct the error by passing the verification if the self registration is possible.

Subsequently, in step S105, the content registration server 20 converts the verified separation execution target code block 34 into a storage device code block 27. For example, the content registration server 20 may convert the separated execution target code block 34 that has passed the verification into a Java Byte code block or an ARM code block.

Next, in step S107, the content registration server 20 registers the converted storage device code block 27 and the service content 32 to the database unit. At this time, the content registration server 20 also registers the registration information of the corresponding content 30.

In step S109, the content registration server 20 transmits a registration completion message to the content providing terminal 10.

In step S111, the content providing terminal 10 outputs the received registration completion message. In this case, the content providing terminal 10 may display a registration completion message on the display unit 14 so that the content provider can check.

On the other hand, step S101 disclosed an example that is performed before step S105 is limited to this. That is, the verification pass result may be performed in a step after passing the verification according to step S93. For example, the verification pass result may be performed after the step S105 is completed, or may be transmitted together with the registration completion message in step S109.

Meanwhile, in the first embodiment, the content providing terminal 10 divides the content 30 to be registered into the separated execution target code block 34 and the service content 32 and transmits the content 30 to the content registration server 20 to request registration. An example is shown, but it is limited to this. For example, as illustrated in FIGS. 16 and 18, when the content providing terminal 10 transmits content 30 to be registered to the content registration server 20 to request registration, the content registration server 20 may profile and Through analysis, the content 30 may be divided into a separate execution target code block 34 and a service content 32 and registered.

In the digital rights management system 300 based on the separation execution according to the third embodiment of the present invention, as shown in FIG. 16, the content providing terminal 10 and the content registration server 20 connected through the network 55. ) And a host terminal 51 and a storage device 53 connected to the host terminal 51 via a wired or wireless interface. In particular, the digital rights management system 300 based on the separation execution according to the third embodiment includes a content registration system. The content registration system is configured to include a content providing terminal 10 and a content registration server 20 connected via a network 55.

The content providing terminal 10 transmits the content 30 to be registered to the content registration server 20. In this case, when the content providing terminal 10 requests registration of the content 30, the content providing terminal 10 may receive a security level of the corresponding content 30 from the content provider and transmit the same. When the content providing terminal 10 requests registration of the content 30, the content providing terminal 10 may transmit the registration information of the corresponding content 30 to the content registration server 20.

In addition, the content registration server 20 may separately register the content 30 received through profiling and analysis into a separate execution target code block 34 and a service content 32. That is, the content registration server 10 extracts the separated execution target code block 34 through profiling and analysis on the received content 30. The content registration server 20 inserts stub codes into the code region from which the separate execution target code block 34 is extracted to generate the service content 32. After verifying the validity of the extracted execution target code block 34, the content registration server 20 registers the corresponding content 30 in the database unit when the verification passes.

At this time, the content registration server 20 may perform the verification and registration process as follows. That is, when an invalid separation execution target code block 34 is detected as a result of the verification of the extracted separation execution target code block 34, the content registration server 20 determines that the verification failure. The content registration server 20 adds the verification failure result to the filtering list, puts the corresponding execution target code block 34 on the black list, excludes it from the selection target, and re-profiles and analyzes the new separation execution target code block. Extract 34.

If the verification result is valid, the content registration server 20 converts the separation execution target code block 34 to the storage code block 27 and feeds back the verification pass result to the content providing terminal 10. The content registration server 20 may register the converted code block 27 for the storage device and the service content 32 in the database unit and register the registration information of the corresponding content 30 together in the database unit.

The content registration server 20 transmits a registration completion message for the content 30 requested to be registered to the content providing terminal 10. Meanwhile, the content providing terminal 10 may output the registration completion message to the screen so that the content provider can check.

The content registration method according to the third embodiment of the present invention will be described with reference to FIGS. 16 to 18 as follows. 17 is a flowchart illustrating a content execution method based on a separation execution according to a third embodiment of the present invention. 18 is an exemplary view for explaining a verification step of the registration method of FIG. 17.

First, since steps S61 to S71 are performed in the same order as the registration method according to the first embodiment, detailed descriptions are omitted and the following steps are described from step S72.

If the authentication passes in step S71, the content registration server 20 transmits the authentication information to the content providing terminal 10 in step S72.

In operation S74, the content providing terminal 10 requests the content registration server 20 to register the corresponding content 30 together with the content 30. In this case, when the content providing terminal 10 requests registration of the content 30, the content providing terminal 10 may transmit a security level of the corresponding content 30.

In step S83 to step S111, the content registration server 20 collectively performs separation, verification, and registration of the corresponding content, and transmits the verification pass result and the registration completion message to the content providing terminal 10.

In other words, the content registration server 20 executes the profiling and analysis tool 40 in step S83. In step S85, the content registration server 20 calls the received content 30. Next, in step S89, the content registration server 20 extracts the separated execution target code block 34 from the content 30 to be registered through the profiling and analysis tool 40 being executed, and extracts the content 32 for the service. Create

Next, in step S93, the content registration server 20 executes the extracted execution target code block 34 in a test environment corresponding to the execution environment of the actual storage device 53 to verify validity. In this case, the content registration server 20 may verify the validity of the separate execution target code block 34 based on the following verification item. For example, the verification items include: floating point instruction, SIMD instruction set, whether the memory range included in the initial context exceeds the threshold capacity, existence of a loop that repeats for a long time in the separated execution code block 34, separated execution object It includes at least one of the presence or absence of data in the code block 34.

If an invalid separation execution target code block 34 is detected as a result of the verification in step S93, that is, the verification fails, in step S98, the content registration server 20 adds the verification failure result to the filtering list to perform the separation execution target. The code block 34 is blacklisted to be excluded from the selection target, and the new separation execution target code block 34 is extracted by performing re-profiling and analysis according to step S89.

If the verification result of step S93 is valid, that is, if the verification passes, in step S101, the content registration server 20 feeds back the verification pass result that the separation execution target code block 34 received by the content providing terminal 10 is valid. do. Meanwhile, even if the verification result is invalid, the content registration server 20 may correct the error by passing the verification if the self registration is possible.

Subsequently, in step S105, the content registration server 20 converts the verified separation execution target code block 34 into a storage device code block 27. For example, when the storage device is a smart card, the content registration server 20 may convert the separated execution target code block 34 that passes the verification into a Java Byte code block or an ARM code block.

Next, in step S107, the content registration server 20 registers the converted storage device code block 27 and the service content 32 to the database unit. In this case, the content registration server 20 may also register the registration information of the corresponding content 30.

In step S109, the content registration server 20 transmits a registration completion message to the content providing terminal 10.

In step S111, the content providing terminal 10 outputs the received registration completion message. In this case, the content providing terminal 10 may display a registration completion message on the display unit 14 so that the content provider can check.

On the other hand, step S101 disclosed an example that is performed before step S105 is limited to this. That is, the verification pass result may be performed in a step after passing the verification according to step S93. For example, the verification pass result may be performed after the step S105 is completed, or may be transmitted together with the registration completion message in step S109.

The content registration method according to the present embodiment may be implemented in the form of program instructions that may be executed by various computer means, and may be recorded in a computer-readable recording medium. The recording medium may include program instructions, data files, data structures, etc. alone or in combination. Program instructions recorded on the recording medium may be those specially designed and constructed for the present invention, or they may be of the kind well-known and available to those having skill in the computer software arts. For example, the recording medium may be magnetic media such as hard disks, floppy disks, and magnetic tapes, optical media such as CD-ROMs, DVDs, or magnetic-optical media such as floptical disks. magneto-optical media, and hardware devices specifically configured to store and execute program instructions, such as ROM, RAM, flash memory, and the like. Examples of program instructions may include high-level language code that can be executed by a computer using an interpreter as well as machine code such as produced by a compiler. Such hardware devices may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.

On the other hand, the embodiments disclosed in the specification and drawings are merely presented specific examples to aid understanding, and are not intended to limit the scope of the present invention. It is apparent to those skilled in the art that other modifications based on the technical idea of the present invention can be carried out in addition to the embodiments disclosed herein.

The present invention relates to a content execution server based on a separation execution, a method thereof, and a computer readable recording medium recording a program for performing the method. The content for the block and the service can be easily registered in the content registration server, and the content provider may provide a security method for extracting a separate execution target code block from the content to be registered according to the security level set by the content provider. In addition, by performing the verification step on the extracted execution target code block before converting the separated execution target code block extracted from the content to be registered into the code block for storage, You can provide a separate block of executable code that can eliminate the deterioration factor in advance to provide a stable execution environment.

10: content providing terminal 20: content registration server
21: transceiver 22: web page
23: database unit 25: server control unit
27: Code block for storage device 30: Content
31: Code area 32: Content for service
33: data area 34: code block to be separated
35: basic block 36: stub code
37: basic block group
38: list of code blocks to be separated
40: Profiling and Analysis Tool 42: Content Caller
44: code block group selection unit 44a: basic information collection unit
44b: static analysis unit 46: extraction and generation unit
51: host terminal 53: storage device
55: network
100,200,300: Separate execution based digital rights management system

Claims (30)

A content registration server that registers content based on separation execution,
A database unit;
Transmitting and receiving unit for communicating with the content providing terminal;
Receiving a request for registration of content from the content providing terminal through the transmission and reception unit, the service is inserted into the separation execution target code block extracted from the content and the code region from which the separation execution target code block is extracted A server control unit which separates content for registration into the database unit and registers the content;
Separation execution-based content registration server comprising a. The method of claim 1, wherein the server control unit,
Separating execution-based content registration server, characterized in that for receiving the separation execution target code block and the content for the service separated by profiling and analysis of the content to be registered from the content providing terminal through the transceiver. The method of claim 2, wherein the server control unit,
The separation execution target code block is executed in a test environment corresponding to an execution environment of an actual storage device to validate the validity based on a verification item, and if the invalid separation target code block is detected as a result of the verification, the content is provided. Separating execution-based content registration server, characterized in that for feeding back the verification failure result to the terminal, and if the verification result is valid, registering the separation execution target code block. The method of claim 3, wherein the server control unit,
On the basis of the separation execution based on the separation of the execution target code, characterized in that the re-receiving the separate execution target code block and the service content separated through the re-profiling and analysis of the content to be registered based on the result of the verification failure transmitted from the content providing terminal Content registration server. The method of claim 1, wherein the server control unit,
Receives a list of content to be registered from the content providing terminal and a list of separated execution target code blocks extracted by profiling and analyzing the content to be registered through the transceiver, and from the received content based on the received list. Separating execution-based content registration server, characterized in that for extracting the separation execution target code block, inserting the stub code in the code region from which the separation execution target code block is extracted. The method of claim 5, wherein the server control unit,
The separation execution target code block is executed in a test environment corresponding to an execution environment of an actual storage device to validate the validity based on a verification item, and if the invalid separation target code block is detected as a result of the verification, the content is provided. Separating execution-based content registration server, characterized in that for feeding back the verification failure result to the terminal, and if the verification result is valid, the separation execution target code block. The method of claim 6, wherein the server control unit,
Separating execution-based content registration server, characterized in that the re-received list of the separated execution target code block extracted through the re-profiling and analysis of the content to be registered based on the verification failure result transmitted from the content providing terminal . The method of claim 3 or 6, wherein the verification item,
Whether there is a floating point instruction, whether there is a SIMD instruction set, whether the memory range included in the initial context exceeds the critical capacity, whether there is a loop that repeats for a long time in the code block to be executed, and the data exists in the code block to be executed. Separate execution based content registration server, characterized in that it comprises at least one of the presence or absence. The method of claim 1, wherein the server control unit,
Receive content to be registered from the content providing terminal through the transmission and reception unit, extracts the separation execution target code block through profiling and analysis of the received content, and stubs the code region from which the separation execution target code block is extracted. Separation execution based content registration server, characterized in that to generate the content for the service by inserting code. The method of claim 1, wherein the server control unit,
Separating execution-based content registration server, characterized in that for converting the separated execution target code block to a code block for a storage device that can be executed in a storage device equipped with a processor to register in the database. A computer-readable recording medium having recorded thereon a program for performing content registration on a separate execution basis,
A calling step of calling content to be registered;
Extracting a target code block to be separated from the code area of the content through profiling and analysis of the called content, and inserts a stub code into the code area from which the code to be separated to generate the service content Extraction and generation step;
A transmission step of requesting registration by transmitting the separation execution target code block and the service content to a content registration server;
A computer-readable recording medium having recorded thereon a program for performing the program. A computer-readable recording medium having recorded thereon a program for performing content registration on a separate execution basis,
Calling content to be registered;
An extraction step of extracting a separation execution target code block from a code region of the content by profiling and analyzing the called content;
A generating step of generating a list of the separated execution target code blocks extracted;
A transmission step of requesting registration by transmitting the content and the generated list to a content registration server;
And a computer-readable recording medium having recorded thereon a program. The method of claim 11 or 12, wherein, prior to the calling step,
An execution step of executing a profiling and analysis tool downloaded from the content registration server;
Do more,
And recording the program to be registered in the profiling and analysis tool in the calling step. The method of claim 13, wherein the calling step,
A security level setting step of setting a security level of the content to be registered;
More,
A computer-readable recording medium having a program recorded thereon, wherein the extraction and generation step or the profiling and analysis are performed according to the set security level in the extraction step. The method of claim 14, wherein the setting of the security level comprises:
Displaying the security level setting item;
Setting a security level with a security level setting item selected from the security level setting items;
Computer-readable recording medium recording a program comprising a. The method of claim 15, wherein the security level setting item,
Read at least one of the following: at least one of a call frequency of a basic block group, a call position of a basic block group, a memory reference frequency of a host terminal, an OS API reference frequency of a host terminal, and a hardware element of a storage device. Possible recording media. The method of claim 11 or 12, wherein the extraction and generation step, or the extraction step,
A selection step of selecting a plurality of basic block groups by profiling and analyzing a code region of the called content;
An extraction step of selecting a separation execution target code block from the plurality of basic block groups and extracting the code block from the content area;
Computer-readable recording medium recording a program comprising a. The method of claim 17, wherein the selecting step,
A collecting step of collecting basic information through dynamic profiling of a code region of the called content;
A basic block group selection step of selecting a plurality of basic block groups by performing a static analysis on the content based on the collected basic information;
Generating content for a service by inserting a stub code into the code region from which the separation execution target code block is extracted;
Computer-readable recording medium recording a program comprising a. The method of claim 18, wherein in the collecting step,
And the basic information is information about a code region of the content collected by the code block extracting device during run-time of the content. The method of claim 18, wherein in the basic block group selection step,
And a static analysis by extending the analysis range of the code area of the content by substituting the indirect address of the collected basic information into a control flow. The method of claim 17,
The basic block group includes a plurality of basic blocks and allows entry of a control signal through an entry point and movement of control signals between the plurality of basic blocks, and into the plurality of basic blocks except for the starting point. And a plurality of basic blocks associated with each other without entering a control signal. The method of claim 21,
The basic block is a code block having a property of a single input and a single output, and a code block having properties of not allowing entry of a control signal from outside to inside. Possible recording media. The method of claim 11 or 12, wherein in the transmitting step,
And recording the content registration information together with the content registration server. The method of claim 23, wherein
And the registration information of the content includes at least one of a title, a mime type, a description, a content provider name, and billing information. 12. The method of claim 11, wherein after the transmitting step:
A reception step of receiving, from the content registration server, a verification failure result indicating that an invalid separation execution target code block is included among the transmitted separation execution target code blocks;
A retransmission step of re-segmenting the separation execution target code block and the content for service again by re-profiling and analyzing the content to be registered based on the received verification failure result and resending it to the content registration server;
And a computer-readable recording medium having recorded thereon a program. The method of claim 11,
Receiving a verification pass result indicating that the separated execution target code block transmitted from the content registration server is valid after the transmitting step or the resending step;
Receiving a registration completion message for the content requested to be registered from the content registration server;
And a computer-readable recording medium having recorded thereon a program. The method of claim 25, wherein in the retransmission step,
The computer-readable program for recording the program, wherein the invalid isolated execution target code block included in the received verification failure result is blacklisted, excluded from the selection target, and re-profiled and analyzed. Record carrier. The method of claim 12, wherein after the transmitting step:
A reception step of receiving, from the content registration server, a verification failure result indicating that an invalid separation execution code block included in the separated execution target code block included in the transmitted list is included;
A retransmission step of generating a list of the separated execution target code blocks re-extracted through re-profiling and analysis of the content to be registered based on the received verification failure result and retransmitting to the content registration server;
And a computer-readable recording medium having recorded thereon a program. The method of claim 28,
Receiving a verification pass result from the content registration server after the transmitting step or the resending step that the list of the separated execution target code blocks transmitted is valid;
Receiving a registration completion message for the content requested to be registered from the content registration server;
And a computer-readable recording medium having recorded thereon a program. The method of claim 28, wherein in the retransmission step,
The computer-readable program for recording the program, wherein the invalid isolated execution target code block included in the received verification failure result is blacklisted, excluded from the selection target, and re-profiled and analyzed. Record carrier.

Images