RU2467391C1 - Method of protecting software and data from copying, illegal use, unauthorised distribution and access using distributed electronic key - Google Patents

Abstract

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to computer engineering and specifically to protecting software and data from copying, illegal use and unauthorised distribution. According to the method of protecting software and data, an electronic key is made distributive, i.e., includes a main module and auxiliary modules. The main module is connected to a defined computer interface (e.g., USB, LPT or PCMCIA) or is embedded into a software or data storage device. Through a special driver, the protected program or data then send the main module information which is processed in accordance with a given algorithm and then returned. If the key response is correct, the program continues to operate. Otherwise it can execute any action set by the developers, e.g., switch to a demonstration mode, while blocking access to certain functions. When generating a response, the main module accesses auxiliary modules which are rigidly tied to a specific physical location (embedded into walls, floor etc) or a certain moving object.

EFFECT: high security of software and data from copying, illegal use, unauthorised distribution and access.

12 cl

Description

Technical field

The invention relates to computer technology, namely to protect software (software) and data from copying, illegal use, unauthorized distribution.

State of the art

Currently, efforts are being made in the computing market to create reliable systems for protecting intellectual property. Such systems are designed to ensure compliance with copyright and prevent unauthorized copying and use of information. However, even the most recent protection systems cannot be called perfect. The proposed method is intended to significantly improve the reliability of the system of counteraction to unauthorized copying of information due to a fundamentally new approach to the implementation of the electronic key and its use.

An electronic key is the closest analogue to the proposed invention and is considered as a prototype. An electronic key is a hardware tool designed to protect software (software) and data from copying, illegal use and unauthorized distribution.

An electronic key is a small hardware device.

The basis of this technology is a specialized ASIC microcircuit, or a specialized protected microcontroller with unique operation algorithms for each key. Dongles also have a small non-volatile protected memory, more complex devices can have a built-in cryptoprocessor (for hardware implementation of encryption algorithms), a real-time clock. Hardware keys can have various form factors, but most often they are connected to a computer via USB, LPT, or PCMCIA interfaces.

The principle of operation of electronic keys is as follows: the key is attached to a specific computer interface, then the protected program sends it information through a special driver, which is processed in accordance with the specified algorithm and returned back. If the key answer is correct, then the program continues its work. Otherwise, it can perform any actions specified by the developers, for example, switch to demo mode, blocking access to certain functions.

To ensure the security of network software, special electronic keys are used. For protection and licensing (limiting the number of copies of the program running on the network) of a network product, one key is required for the entire local network. The key is installed on any workstation or network server.

The disadvantage of this approach is the vulnerability of this technology. An attacker, buying a secure tool and an electronic key to it, has the ability to intercept all calls to the key, log and analyze these calls, send requests to the key and receive answers to them, log and analyze these answers, send answers on behalf of the key, etc. d. All this allows you to create a key emulator and later pirated copies of software products.

Binding to the serial numbers of computer components is also a close analogue to the present invention. Its advantage is that it does not require any specific hardware, and the program can be distributed through digital distribution. If the user upgrades the computer, the protection fails. The authors of many programs protected by binding, in such cases are ready to give a new registration code. As a binding, the BIOS serial number of the motherboard and the serial number of the hard drive are used. The disadvantage of this approach is that an attacker can “reflash” BOIS or use a pseudo-upgrade of a computer in order to obtain a new registration code, which will be used already for the pirated version of the product.

Disclosure of invention

The claimed invention is aimed at solving these shortcomings of the prior art solutions for protecting software and data from copying, illegal use, unauthorized distribution and access.

The technical result of the invention is to increase the protection of software and data from copying, illegal use, unauthorized distribution and access.

The technical result is achieved by the claimed method of securing software and data from copying, illegal use, unauthorized distribution and access due to the fact that the likelihood of faking an electronic key or developing its emulator is significantly reduced, since the work of the software or access to data is physically limited only by the place where the physical parts of the key are located.

According to the present invention, a method for securing software (software) and data from copying, illegal use, unauthorized distribution and access comprises the steps of:

send a request to an electronic distributed key built on the basis of a wired or wireless reader device connected to a computer or device on which the software is run and data is stored, and a set of auxiliary modules, while auxiliary modules are rigidly attached to a physical place by embedding them in a hard fixed components of the anchor point;

form a deterministic response to the request using auxiliary modules;

receive, and if necessary analyze, a response from an electronic distributed key, and

prohibit or restrict access to data and software operation in the absence of a signal from at least one auxiliary module.

In another aspect of the present invention, auxiliary modules storing the constituent parts of the algorithm for generating a response to a request from software and data can be moved with the user or integrated into a moving object.

In another aspect of the present invention, auxiliary modules can store unique information on the basis of which an electronic key response is generated to a request from software or stored data.

In another aspect of the present invention, the reader may not be connected to a computer on which the software is installed or data is stored, but be embedded in a hard disk operating in read-only or read-write mode with data or programs.

In yet another aspect of the present invention, the data or software can be stored in encrypted form, and for display or operation with it, it must be decrypted using a hardware, software, or hardware-software decryption mechanism using a reader, which, for this operation to succeed, must read the contents of each of the aggregate of used auxiliary modules.

In another aspect of the present invention, each of the auxiliary modules performs data decryption.

In another aspect of the present invention, the software and data are stored, in whole or in part, on auxiliary modules, and without the information stored on the auxiliary modules, the software or data stored on other carriers lose their relevance, availability or integrity.

In another aspect of the present invention, software and data can be protected both on a separate computing machine, and being located on different machines connected to a local network.

In another aspect of the present invention, RFID tags are used as auxiliary modules.

In another aspect of the present invention, Bluetooth devices are used as auxiliary modules.

In another aspect of the present invention, WIFI devices are used as auxiliary modules.

In another aspect of the present invention, the protected software and data send a request to the electronic distributed key each time the protected program is started or the protected data is accessed, as well as at some time intervals.

The implementation of the invention

The way to ensure protection of software and data from copying, illegal use, unauthorized distribution and access includes a completely new approach to the implementation of an electronic key connected to a computer on which protected software is installed or data is stored.

According to this method of protecting software and data, the electronic key is made distributed, that is, it includes a main module and auxiliary modules. The main module connects to a specific computer interface (for example: USB, LPT or PCMCIA) or integrates into a software or data storage device. Further, a protected program or data through a special driver sends information to the main module, which is processed in accordance with the specified algorithm and returned back. If the key answer is correct, then the program continues its work. Otherwise, it can perform any actions specified by the developers, for example, switch to demo mode, blocking access to certain functions. When forming the answer, the main module refers to auxiliary modules that are rigidly attached to a specific physical place (built into walls, floors, etc.) or to a specific moving object.

Thus, the main module can give the correct answer only if the entire set of auxiliary modules is in its environment. Communication technologies of the main module and auxiliary modules can be implemented on the basis of wired technologies (for example: USB) or wireless technologies RFID, Bluetooth, WI-FI, or other technologies. Moreover, auxiliary modules can either perform part of the algorithm for generating the correct answer, or simply store some unique data, without which the main module will not be able to generate the correct answer.

The main advantage of this method is that the likelihood of counterfeiting an electronic key or developing its emulator is significantly reduced, since the operation of the software or access to data is physically limited only to the place where the physical parts of the key are located.

Usually, to create a copy of an electronic key or create its emulator, you need to be able to intercept all calls to the key, log and analyze these calls, send requests to the key and receive answers to them, log and analyze these answers, send answers on behalf of the key, etc. .d. However, the impossibility of the main key module to work without auxiliary modules, as well as the impossibility of physically extracting auxiliary key modules, make the above necessary actions possible only within the specified location, which easily excludes access to protected content using a fake key.

To implement the proposed method of software protection, the following components are required:

software or data in need of protection;

an electronic key (dongle) with a built-in reader working on wireless or wired communication technologies;

auxiliary modules that transmit data rigidly embedded in walls, floors or other physical components tied to a specific place.

To implement the proposed method of data protection, the following sequence of actions is required.

1. Parts of the distributed key, which is used in the request processing algorithm from the protected program, are written to auxiliary modules.

2. Auxiliary modules are rigidly attached to a specific physical place (built into the floor, walls).

3. In the protected software, the copyright holders place a software insert, which, at each start of the protected program, as well as at some time intervals, accesses an electronic key connected to one of the physical ports of the computer on which the software is used.

4. The electronic key implements a unique data processing algorithm from the protected software product based on the parts of the key distributed in the physical components. When executing the algorithm, the electronic key interrogates all auxiliary modules and collects a unique key in parts to generate the correct answer. The answer, which is the result of the implementation of the algorithm embedded in the electronic key, is sent to the software. The correct answer is proof that the user has the right to run the program or to access data.

Scopes and examples of use

Documents with Vulture Chipboard (for official use), secret, top secret.

Often organizations use documents whose removal outside the building is strictly prohibited. Typically, such documents are assigned the status of chipboard (for official use). The organization is interested so that only people allowed in the perimeter of the building can familiarize themselves with the documents. In order for electronic documents to obtain such a status, it seems appropriate to use the described device. In this case, documents can be written to memory of type RO (read only) with control of the physical binding of the information keeper according to the scheme described in the patent.

Utility Software

A number of organizations use software that is designed, for example, to generate activation keys for licensed copies of a software product sold. Often, such key generation mechanisms are passed on to fraudsters by insiders inside the company. Security services of IT companies cannot control the fact that special software for generating keys is not taken out of a closed room. At the same time, security experts can control the work of a specialist indoors. Based on the described, it seems advisable to place such software in a closed area of the hard drive of a special computer and make a binding of computer use in a dedicated room. Thus, you can be sure that the specified software will not be taken outside the premises.

Workflow control system in a distributed company structure

Some companies have a distributed structure: they have offices in various parts of the country and in different cities. Provided that the company needs to use secret documents or software, there is a need for the physical movement of certain data / documents without using the capabilities of e-mail. In such cases, it seems possible to use special drives that will be tied to certain rooms where you can open a document / run the program.

Confidential Data Protection System

Under the law, companies that process confidential data must provide adequate protection for stored information. Currently, there are often cases when such data, even in very large companies, become available in pirated copies. The situation can be changed when the data will be stored on the described media with strict reference to the room. In this case, the physical absence of external drives for recording information on them should be ensured.

Claims (12)

1. A method of protecting software (software) and data from copying, illegal use, unauthorized distribution and access, comprising stages in which:
send a request to an electronic distributed key built on the basis of a wired or wireless reader device connected to a computer or device on which the software is run and data is stored, and a set of auxiliary modules, while auxiliary modules are rigidly attached to a physical place by embedding them in a hard fixed components of the anchor point;
form a deterministic response to the request using auxiliary modules;
receive, and if necessary analyze, a response from an electronic distributed key, and
prohibit or restrict access to data and software operation in the absence of a signal from at least one auxiliary module. 2. The method according to claim 1, characterized in that the auxiliary modules that store the components of the algorithm for generating a response to a request from software and data can be moved with the user or be embedded in a moving object. 3. The method according to claim 1 or 2, characterized in that the auxiliary modules can store unique information, on the basis of which an electronic key response to a request from software or stored data is generated. 4. The method according to claim 1 or 2, characterized in that the reader may not connect to a computer on which the software is installed or data is stored, but be embedded in a hard disk operating in read-only or read-write mode, with data or programs. 5. The method according to claim 1 or 2, characterized in that the data or software can be stored in encrypted form, and to display or work with them must be decrypted using hardware, software or hardware-software implementation of the decryption mechanism, carried out using a reader , which for the successful completion of this operation must read the contents of each of the totality of used auxiliary modules. 6. The method according to claim 5, characterized in that each of the auxiliary modules decrypts the data. 7. The method according to claim 1 or 2, characterized in that the software and data are fully or partially stored on the auxiliary modules, and without the information stored on the auxiliary modules, the software, or data on other media, lose its relevance, performance or integrity. 8. The method according to claim 1 or 2, characterized in that the software and data can be protected both on a separate computer and being located on different machines connected to a local network. 9. The method according to claims 1, 2 or 6, characterized in that RFID tags are used as auxiliary modules. 10. The method according to claims 1, 2 or 6, characterized in that Bluetooth devices are used as auxiliary modules. 11. The method according to claims 1, 2 or 6, characterized in that WI-FI devices are used as auxiliary modules. 12. The method according to claim 1, characterized in that the protected software and data send a request to the electronic distributed key each time the protected program is started or the protected data is accessed, as well as at some time intervals.