TW201337633A - System, devices and methods for collaborative execution of a software application comprising at least one encrypted instruction - Google Patents

System, devices and methods for collaborative execution of a software application comprising at least one encrypted instruction Download PDF

Info

Publication number
TW201337633A
TW201337633A TW102101877A TW102101877A TW201337633A TW 201337633 A TW201337633 A TW 201337633A TW 102101877 A TW102101877 A TW 102101877A TW 102101877 A TW102101877 A TW 102101877A TW 201337633 A TW201337633 A TW 201337633A
Authority
TW
Taiwan
Prior art keywords
encryption
instruction
keyword
encrypted
software application
Prior art date
Application number
TW102101877A
Other languages
Chinese (zh)
Inventor
Mohamed Karroumi
Alain Durand
Davide Alessio
Marc Joye
Original Assignee
Thomson Licensing
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Thomson Licensing filed Critical Thomson Licensing
Publication of TW201337633A publication Critical patent/TW201337633A/en

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

Collaborative execution by a first device (110) and a second device (120) of a software application comprising at least one encrypted instruction (J). The first device (110) obtains (S10) a first encrypted instruction (J); generates (S11; S20) a session key k2; encrypts (S11; S21) the first encrypted instruction (J); encrypts (S11; S22) the session key k2 using a symmetric algorithm and a first key k1; and transfers (S12; S23) the encrypted first encrypted instruction and the encrypted session key k2 to the second device (220). The second device (220) decrypts (S13; S24) the encrypted session key k2 using the first key k1; decrypts (S13; S25) the encrypted first encrypted instruction to obtain the first encrypted instruction (J); decrypts (S14; S26) the first encrypted instruction using a third key kpre to obtain an instruction (I); encrypts (S15; S27) the instruction (I) using the symmetric encryption algorithm and the session key k2 to obtain a second encrypted instruction (M); and transfers (S15; S28) the second encrypted instruction (M) to the first device (210). The first device (210) decrypts (S17; S29) the second encrypted instruction (M) using the session key k2 to obtain the instruction (I); and executes (S18; S30) the instruction (I).

Description

參與共同執行軟體應用之第一方法和第一裝置以及第二方法和第二裝置 First method and first device and second method and second device participating in co-executing software application

本發明一般係關於加密,尤指共同處理之安全協定。 The present invention relates generally to encryption, and more particularly to security protocols for common processing.

此節旨在對讀者介紹諸項技術面向,與下述和/或申請專利範圍所述本發明諸要旨可能相關。此項討論咸信有助於對讀者提供背景資訊,以便更為明瞭本發明諸要旨。因此,須知此等陳述係就此閱讀,而非納入先前技術。 This section is intended to introduce the reader to the technical aspects and may be related to the gist of the invention described below and/or in the scope of the claims. This discussion helps to provide readers with background information to better understand the gist of the present invention. Therefore, it is to be understood that such statements are read here rather than incorporated into the prior art.

已知安全問題,是如何確保軟體應用,未進行原先支援儲存軟體應用,無法適當執行軟體應用。 The known security issue is how to ensure the application of the software. The original software application is not supported, and the software application cannot be properly executed.

典型之先前技術保護,包含軟體應用裝紮於配銷所用之支援。裝紮機制一般係基於支援(支援ID、支援關鍵詞等)專用之若干資訊。惟特別是應用旨在無信用平台上運作時,尚有不足。 Typical prior art protection, including support for software applications being tied to distribution. The binding mechanism is generally based on information specific to support (support ID, support keywords, etc.). However, there are still shortcomings, especially when the application is designed to operate on a non-credit platform.

因此,須知亟需有一種協定,在共同處理某些共享資料之際,致使第一裝置核對第二裝置之存在,亦即此協定確保例如運作一種應用之電腦,係在適當執行應用所需一種擋件(dongle)存在下。 Therefore, it is necessary to have an agreement that, when co-processing certain shared data, causes the first device to check the existence of the second device, that is, the agreement ensures that, for example, a computer that operates an application is required for proper execution of the application. The dongle exists.

WO 2009/095493記載如下協定,以核對小裝置存在: WO 2009/095493 describes the following agreement to verify the existence of small devices:

1.軟體廠商使用演算法和只有軟體廠商知道的關鍵詞,預加密軟體應用之至少一些指令,即J=Epre{kpre}(I)。然後,把加密軟體應用複製到其配銷支援上。 1. The software vendor uses algorithms and only keywords known to the software vendor to pre-encrypt at least some of the instructions of the software application, ie J=E pre {k pre }(I). Then, copy the encryption software application to its distribution support.

2.相對應解密模組Epre -1和關鍵詞kpre,為焊在配銷支援上的電路所知,但軟體應用則不知。因此,指令J=Epre{kpre}(I)不能以在主機上運作的應用加以解密,若照此執行時,會導致不正確之錯誤操作。 2. Corresponding to the decryption module E pre -1 and the keyword k pre , the circuit is known for welding on the distribution support, but the software application is unknown. Therefore, the instruction J=E pre {k pre }(I) cannot be decrypted by the application running on the host, and if executed as such, it may result in an incorrect error operation.

3.應用發送資料至支援,每次需執行保護指令J時,則使用電路。 3. The application sends the data to the support, and the circuit is used each time the protection command J needs to be executed.

此協定有趣,惟對字典侵入,仍有價值。若侵入者能密探到主機與配銷支援機之通訊匯流排,則此特別真實。 This agreement is interesting, but it still has value for dictionary intrusion. This is especially true if the intruder can detect the communication bus of the host and the distribution support machine.

一種可能之替代項,是使用標準公用關鍵詞密碼術機制。例如安全認證之通道,可設立在遊戲器控制台和電路之間,可防止任何通訊密探。惟此舉會大為增加電路成本,因需安全且有效實施公用關鍵詞密碼術演算法。尤其是使用公用關鍵詞密碼術,可防止僅用硬體實施。 A possible alternative is to use the standard public keyword cryptography mechanism. For example, a channel for secure authentication can be set up between the game console and the circuit to prevent any communication spies. However, this will greatly increase the cost of the circuit, because it is necessary to implement the public keyword cryptography algorithm safely and effectively. In particular, the use of public keyword cryptography prevents the implementation of hardware only.

位於所述二者間之解決方案,見於WO 2005/064433,其中電腦使用擋件之公用關鍵詞,檢復所加密之靜態資料,產生隨機值,使用公用關鍵詞加密,把加密靜態資料和隨機值,發送到擋件。擋件使用其私用關鍵詞解密此等項目,使用隨機值做為加密關鍵詞,加密靜態資料,把再加密靜態資料送回到電腦,解密靜態資料並加以使用。雖然解決方案作業良好,惟須知相當耗費資源,因為不但用到不對稱加密,而且特別為各擋件加密靜態資料。 A solution between the two is found in WO 2005/064433, in which the computer uses the common keywords of the block, procure the encrypted static data, generate random values, encrypt using public keywords, encrypt the static data and randomize Value, sent to the block. The block uses its private keyword to decrypt these items, uses the random value as the encryption key, encrypts the static data, sends the re-encrypted static data back to the computer, decrypts the static data and uses it. Although the solution works well, it is quite resource-intensive because it uses asymmetric encryption and encrypts static data specifically for each block.

因此,亟需一種解決方案,可以克服先前技術之缺點。本發明即提供如此之解決方案。 Therefore, there is a need for a solution that overcomes the shortcomings of the prior art. The present invention provides such a solution.

本發明第一要旨,針對參與共同執行軟體應用之第一方法,此軟體應用包括至少一加密指令,係未加密指令之加密。第一裝置獲得第一加密指令;產生審理關鍵詞;使用對稱加密演算法和第一關鍵詞,加密審理關鍵詞;並將第一加密指令和加密審理關鍵詞,轉移到第二裝置;從第二裝置接收第二加密指令,第二加密指令係未加密指令使用審理關鍵詞加密;第二加密指令使用對稱加密演算法和審理關鍵詞解密,而得未加密指令;並執行未加密指令。 The first aspect of the present invention is directed to a first method of participating in a common execution of a software application, the software application comprising at least one encryption instruction, which is an encryption of an unencrypted instruction. The first device obtains the first encryption instruction; generates a trial keyword; encrypts the trial keyword using the symmetric encryption algorithm and the first keyword; and transfers the first encryption command and the encrypted trial keyword to the second device; The second device receives the second encryption instruction, the second encryption instruction is the unencrypted instruction using the trial keyword encryption; the second encryption instruction uses the symmetric encryption algorithm and the trial keyword decryption to obtain the unencrypted instruction; and executes the unencrypted instruction.

在第一較佳具體例中,第一裝置超加密第一加密指令後,才轉移到第二裝置。 In the first preferred embodiment, the first device super-encrypts the first encryption command before transferring to the second device.

本發明第二要旨,針對參與共同執行軟體應用之第二方法,此軟體應用包括至少一加密指令。第二裝置從第一裝置接收第一加密指令和加密審理關鍵詞,審理關鍵詞係使用對稱加密演算法和第一關鍵詞加密;使用第一關鍵詞把加密審理關鍵詞解密;第一加密指令使用對稱加密 演算法和第三關鍵詞解密,獲得指令;指令使用對稱加密演算法和審理關鍵詞加密,而得第二加密指令;並將第二加密指令轉移到第一裝置。 A second aspect of the present invention is directed to a second method of participating in a co-executing software application, the software application including at least one encryption instruction. The second device receives the first encryption instruction and the encryption trial keyword from the first device, the trial keyword uses a symmetric encryption algorithm and the first keyword encryption; uses the first keyword to decrypt the encryption trial keyword; the first encryption instruction Use symmetric encryption The algorithm and the third keyword are decrypted to obtain an instruction; the instruction uses a symmetric encryption algorithm and a trial keyword encryption to obtain a second encryption instruction; and the second encryption instruction is transferred to the first device.

在第一較佳具體例中,接收之第一加密指令經超加密,而第二指令進一步把加密的第一加密指令之超加密解密。 In a first preferred embodiment, the received first encrypted command is over-encrypted, and the second command further decrypts the encrypted first encrypted command.

本發明第三要旨,針對構成參與共同執行軟體應用之第一裝置,此軟體應用包括至少一加密指令,係未加密指令之加密。第一裝置包括處理器,構成:獲得第一加密指令,產生審理關鍵詞;使用對稱加密演算法和第一關鍵詞,加密審理關鍵詞;把第一加密指令和加密審理關鍵詞,轉移到第二裝置;從第二裝置接收第二加密指令,第二加密指令係未加密指令使用審理關鍵詞加密;第二加密指令使用對稱加密演算法和審理關鍵詞解密,而得指令;並執行指令。 A third aspect of the present invention is directed to a first device constituting a co-executing software application, the software application including at least one encryption instruction, which is an encryption of an unencrypted instruction. The first device comprises a processor, configured to: obtain a first encryption instruction, generate a trial keyword; use a symmetric encryption algorithm and a first keyword to encrypt the trial keyword; and transfer the first encryption command and the encrypted trial keyword to the first The second device receives a second encryption instruction from the second device, the second encryption instruction is an unencrypted instruction using a trial keyword encryption; the second encryption instruction uses a symmetric encryption algorithm and a trial keyword decryption to obtain an instruction; and executes the instruction.

在第一較佳具體例中,處理器又構成對第一加密指令超加密後,才轉移到第二裝置。 In the first preferred embodiment, the processor is configured to super-encrypt the first encrypted command before transferring to the second device.

本發明第四要旨,針對構成參與共同執行軟體應用之第二裝置,此軟體應用包括至少一加密指令。第二裝置包括處理器,構成:從第一裝置接收第一加密指令和加密審理關鍵詞,審理關鍵詞係使用對稱加密演算法和第一關鍵詞加密;加密審理關鍵詞使用第一關鍵詞解密;第一加密指令使用對稱加密演算法和第三關鍵詞解密,獲得指令;指令使用對稱加密演算法和審理關鍵詞加密,而得第二加密指令;並將第二加密指令轉移到第一裝置。 A fourth aspect of the present invention is directed to a second device constituting a co-executing software application, the software application including at least one encryption instruction. The second device comprises a processor, configured to: receive the first encryption instruction and the encryption trial keyword from the first device, the trial keyword uses a symmetric encryption algorithm and the first keyword encryption; and the encrypted trial keyword uses the first keyword to decrypt The first encryption instruction uses a symmetric encryption algorithm and a third keyword decryption to obtain an instruction; the instruction uses a symmetric encryption algorithm and a trial keyword encryption to obtain a second encryption instruction; and transfers the second encryption instruction to the first device .

在第一較佳具體例中,處理器構成接收超加密之第一加密指令,並將加密的第一加密指令之超加密解密,而得第一加密指令。 In a first preferred embodiment, the processor constitutes a first encrypted instruction that receives the super-encryption, and decrypts the encrypted first encrypted instruction by a super-encryption to obtain a first encrypted instruction.

110‧‧‧主機 110‧‧‧Host

120‧‧‧電路 120‧‧‧ Circuitry

200‧‧‧系統 200‧‧‧ system

210‧‧‧主機 210‧‧‧Host

211‧‧‧ROM 211‧‧‧ROM

212‧‧‧RAM 212‧‧‧RAM

213‧‧‧處理器 213‧‧‧ processor

214‧‧‧界面 214‧‧‧ interface

215‧‧‧軟體應用 215‧‧‧Software applications

220‧‧‧輔助裝置 220‧‧‧Auxiliary devices

221‧‧‧界面 221‧‧‧ interface

222‧‧‧區塊密碼電路 222‧‧‧ Block cipher circuit

223‧‧‧非無常性記憶器 223‧‧‧ non-argumental memory

2111‧‧‧本族軟體 2111‧‧‧This family of software

2131‧‧‧核心CPU 2131‧‧‧ Core CPU

2132‧‧‧CPU窖藏器 2132‧‧‧CPU hidden device

2133‧‧‧CPU暫存器 2133‧‧‧CPU register

2151‧‧‧區塊密碼 2151‧‧‧block password

2152‧‧‧加密指令 2152‧‧‧Encryption instructions

S10‧‧‧讀取預加密指令J S10‧‧‧Read pre-encrypted instruction J

S11‧‧‧使用關鍵詞k1加密J和隨機k2而得L S11‧‧‧L by using the keyword k 1 to encrypt J and random k 2

S12‧‧‧把第一轉移值L發送到電路120 S12‧‧‧ sends the first transfer value L to the circuit 120

S13‧‧‧使用k1解密L而得J和k2 S13‧‧‧Use k 1 to decrypt L and get J and k 2

S14‧‧‧解密J而得I S14‧‧‧Decrypted J and got I

S15‧‧‧M=以k2加密I S15‧‧‧M=Encryption with k 2

S16‧‧‧把第二轉移值M發送到主機110 S16‧‧‧ sends the second transfer value M to the host 110

S17‧‧‧使用k2解密M而得I S17‧‧‧ Use k 2 to decrypt M and get I

S18‧‧‧執行指令I S18‧‧‧Execution Directive I

S20‧‧‧產生隨機k2 S20‧‧‧ generates random k 2

S21‧‧‧XORs k2和J得第一轉移值L1=J ♁ k2 S21‧‧‧XORs k 2 and J have the first transfer value L 1 =J ♁ k 2

S22‧‧‧使用第一匯流排加密模組E1和關鍵詞k1加密隨機得第二轉 移值L2=E1{k1}(k2) S22‧‧‧ encrypting the random second transfer value L 2 =E 1 {k 1 }(k 2 ) using the first bus encryption module E 1 and the keyword k 1

S23‧‧‧發送第一轉移值、第二轉移值一對(L1,L2)至電路120 S23‧‧‧ sends a first transfer value and a second transfer value pair (L 1 , L 2 ) to the circuit 120

S24‧‧‧使用第一匯流排解密模組D1和k1把L2解密得隨機k2 S24‧‧‧ Decrypt L 2 to random k 2 using the first bus decryption modules D 1 and k 1

S25‧‧‧計算J=L1 ♁ k2 S25‧‧‧calculated J=L 1 ♁ k 2

S26‧‧‧使用第三解密模組Dpre和第三關鍵詞kpre把J解密獲得指令I S26‧‧‧Use the third decryption module D pre and the third keyword k pre to decrypt J to obtain the instruction I

S27‧‧‧計算指令I和k2間之XOR得第三轉移值M=I ♁ k2 S27‧‧‧ Calculate the XOR between instruction I and k 2 to obtain the third transfer value M=I ♁ k 2

S28‧‧‧發送第三轉移值M至主機 S28‧‧‧ sends the third transfer value M to the host

S29‧‧‧計算I=M ♁ k2獲得清除中的指令I S29‧‧‧ Calculate I=M ♁ k 2 Get the instruction I cleared

S30‧‧‧執行指令I S30‧‧‧Execution Directive I

第1圖繪示本發明執行軟體應用之概括方法;第2圖繪示本發明較佳具體例執行軟體應用之方法;第3圖繪示本發明較佳具體例共同執行軟體應用之系統;第4圖繪示本發明較佳具體例處理器之方塊圖;第5圖繪示本發明較佳具體例區塊密碼電路之方塊圖。 1 is a schematic diagram of a method for executing a software application according to a preferred embodiment of the present invention; FIG. 3 is a diagram showing a preferred embodiment of the present invention for performing a software application; 4 is a block diagram of a processor of a preferred embodiment of the present invention; and FIG. 5 is a block diagram of a block cipher circuit of a preferred embodiment of the present invention.

茲參照附圖所示非限制實施例,說明本發明較佳特點。 Preferred features of the invention are described with reference to the non-limiting embodiments illustrated in the drawings.

本發明主要構想是使用生命保護機制,扣合預加密機制。 The main idea of the invention is to use a life protection mechanism to engage the pre-encryption mechanism.

易言之,保護機制是在資料轉移之際,用來保護匯流排。由主機執行之此資料匯流排保護機制,設計方式是使未保護操作(亦部份由主機執行)只有在電路存在下有效,最好聯合到配銷支援。為此,在主機和電路實施的硬體模組之間,共享部份保護機制,即電路包括軟體應用所未知之解密方法。所擬保護實務上在效益和硬體/軟體實施上有效。 In other words, the protection mechanism is used to protect the bus at the time of data transfer. The data bus protection mechanism implemented by the host is designed such that unprotected operations (also partially performed by the host) are only effective in the presence of the circuit, preferably in conjunction with distribution support. To this end, a partial protection mechanism is shared between the host and the hardware modules implemented by the circuit, that is, the circuit includes a decryption method unknown to the software application. The proposed protection practice is effective in terms of efficiency and hardware/software implementation.

旨在利用主機CPU執行之軟體應用,包括第一匯流排加密模組E1和(最好是對稱)關鍵詞k1,以及第二匯流排解密模組D2。軟體應用亦包括至少一加密(甚至預加密)指令J,需在執行之前解密。儲存軟體應用之配銷支援,包括電路,有第一匯流排解密模組D1和關鍵詞k1,相當於第一匯流排加密模組(即對稱加密情況時一致,而在不對稱加密情況時,是成對關鍵詞之「其他」關鍵詞),以及第二匯流排加密模組E2。電路又包括第三解密模組Dpre,和固定之第三關鍵詞kpre;此等致能把預加密解密。須知至少一加密指令J已在軟體應用配銷之前,由軟體提供者使用相當於第三關鍵詞kpre之加密關鍵詞加密;最好是軟體提供者兼能加密和解密,而電流只能解密。 A software application intended to be executed by a host CPU includes a first bus cryptographic module E 1 and a (preferably symmetric) keyword k 1 and a second bus decryption module D 2 . The software application also includes at least one encrypted (or even pre-encrypted) instruction J that needs to be decrypted prior to execution. The distribution support for the storage software application, including the circuit, has the first bus decryption module D 1 and the keyword k 1 , which is equivalent to the first bus encryption module (ie, the symmetric encryption case is consistent, and in the asymmetric encryption case) At the time, it is the "other" keyword of the pair of keywords), and the second bus encryption module E 2 . The circuit further includes a third decryption module Dpre , and a fixed third keyword kpre ; these enable decryption of the pre-encryption. It should be noted that at least one encryption command J has been encrypted by the software provider using the encrypted keyword equivalent to the third keyword k pre before the software application is distributed; preferably, the software provider can encrypt and decrypt, and the current can only be decrypted. .

關鍵詞k1宜先預定,並由電路和主機共享。最好在要利用主機CPU執行之軟體應用中攪混。主機和電路也最好只能單一「方向」進行加密演算法,即加密或解密,且主機和電路之「方向」不同。 The keyword k 1 should be reserved first and shared by the circuit and the host. It is best to mix in the software application to be executed by the host CPU. It is also preferable for the host and the circuit to perform the encryption algorithm in a single "direction", that is, encryption or decryption, and the "direction" of the host and the circuit are different.

第1圖繪示本發明執行軟體應用之概括方法。當軟體應用要執行加密指令J時,主機CPU 110(執行軟體應用):a.讀取S10加密指令J;b.使用第一匯流排加密模組E1和關鍵詞k1,加密S11隨機k2和加密指令J之組合,得第一轉移值L,即L=E1{k1}(J ∥ k2);c.發送S12第一轉移值L至電路120。 Figure 1 is a diagram showing a generalized method of executing a software application of the present invention. When the software application is to execute the encryption instruction J, the host CPU 110 (execution software application): a. reads the S10 encryption instruction J; b. uses the first bus encryption module E 1 and the keyword k 1 to encrypt the S11 random k2 In combination with the encryption command J, a first transfer value L is obtained, that is, L = E 1 {k 1 } (J ∥ k 2 ); c. The first transfer value L of S12 is transmitted to the circuit 120.

接到第一轉移值L時,電路120:d.使用第一匯流排解密模組D1和關鍵詞k1,把L解密S13,得隨機k2和加密指令J;e.使用第三解密模組Dpre和第三關鍵詞kpre,把J解密S14,得指令I; f.使用第二匯流排加密模組E2和隨機k2(有關鍵詞作用),把指令I加密S15,得第二轉移值M,即M=E2{k2}(I);g.發送S16第二轉移值M至主機110。 When receiving the first transfer value L, the circuit 120: d. uses the first bus decryption module D 1 and the keyword k 1 , decrypts L to S13, obtains random k 2 and encrypts the command J; e. uses the third decryption Module D pre and third keyword k pre , decrypt J to S14 to obtain instruction I; f. use second bus encryption module E 2 and random k 2 (with keyword action) to encrypt instruction S1, A second transfer value M is obtained, that is, M=E 2 {k 2 }(I); g. The S16 second transfer value M is transmitted to the host 110.

最後,由於軟體應用知道k2,又包括匯流排解密模組D2,可藉計算I=D2{k2}(M),獲得S17清除中之指令J,然後,主機即可執行S18指令I。 Finally, since the software application knows k 2 and includes the bus decryption module D 2 , the instruction J in the S17 clear can be obtained by calculating I=D 2 {k 2 }(M), and then the host can execute the S18 command. I.

由此可見,隨機k2可說有指令之審理關鍵詞的作用,二者均呈其加密形式及其再加密形式。可知進行概括方法,不需加密指令J之超加密,在此情況是在清除中發送(最好連同加密隨機k2),亦即意味在步驟d中之解密,只提供隨機k2It can be seen that the random k 2 can be said to have the role of the instruction hearing keyword, both of which are in their encrypted form and their re-encrypted form. It can be seen that the generalization method does not require super-encryption of the encryption instruction J, in which case it is sent in the clear (preferably together with the encrypted random k 2 ), that is to say the decryption in the step d, only the random k 2 is provided.

本發明協定可大為改進安全性,因為加密是根據每次迭打時所產生的新鮮隨機,意味再播放侵入受到攔阻。 The protocol of the present invention can greatly improve security because encryption is based on fresh randomness generated during each iteration, meaning that replay intrusion is blocked.

由於主機應用環境不可信任,軟體應用之第一加密操作最好在白箱內實施,從訊碼奮力獲取關鍵詞k1。最好k2也以此方式保護,防止對抗者以合理代價檢復。其措施有例如使用晶片上硬體隨機數產生器,為CPU產生(開機時)新關鍵詞值,並儲存於防混亂關鍵詞暫存器內。 Since the host application environment is not trusted, the first encryption operation of the software application is preferably implemented in a white box, and the keyword k 1 is obtained from the code. It is best that k 2 is also protected in this way to prevent the opponent from checking at a reasonable cost. The measures include, for example, using a hardware random number generator on the chip to generate a new keyword value for the CPU (at boot time) and store it in the anti-chaos keyword register.

軟體應用較佳保護方式是,在軟體應用執行之際,規則性使用協定,例如藉用複數受到保護之指令。 A preferred protection for software applications is the use of regular usage agreements, such as borrowing multiple protected instructions, while the software application is executing.

又,每當主機不用外部電流時,最好產生隨機仿真存取,以便造成匯流排觀察分析複雜。 Moreover, whenever the host does not use an external current, it is preferable to generate a random simulation access in order to make the bus bar observation analysis complicated.

第一較佳具體例First preferred embodiment

第2圖繪示本發明執行軟體應用之方法例。軟體應用包括至少一加密軟體指令,例如位於軟體碼之特定位址或資料段內。當軟體應用要執行加密指令J時,主機CPU 110正執行軟體應用:a.產生S20隨機k2;b. XORs k2和J,得第一轉移值;L1=J ♁ k2,步驟S21;c.使用第一匯流排加密模組E1和關鍵詞k1,加密S22隨機,得第二轉移值,即L2=E1{k1}(k2);d.發送S23第一轉移值、第二轉移值一對(L1,L2),至電路120。 FIG. 2 is a diagram showing an example of a method for executing a software application according to the present invention. The software application includes at least one cryptographic software instruction, such as located within a particular address or data segment of the software code. When the software application is to execute the encryption instruction J, the host CPU 110 is executing the software application: a. generating S20 random k 2 ; b. XORs k 2 and J, obtaining the first transfer value; L 1 = J ♁ k 2 , step S21 c. Using the first bus encryption module E 1 and the keyword k 1 , the encryption S22 is random, and the second transfer value is obtained, that is, L 2 = E 1 {k 1 }(k 2 ); d. The transfer value and the second transfer value are paired (L 1 , L 2 ) to the circuit 120.

於接收一對轉移值(L1,L2)時,電路120: e.使用第一匯流排解密模組D1和k1,把L2解密S24,得隨機k2;f.計算S25,J=L1 ♁ k2;g.使用第三解密模組Dpre和第三關鍵詞kpre,把J解密S26,獲得指令I;h.計算S27指令I和k2間之XOR,得第三轉移值M,M=I ♁ k2;i.發送S28第三轉移值M至主機。 When receiving a pair of transfer values (L 1 , L 2 ), the circuit 120: e. uses the first bus decryption module D 1 and k 1 , decrypts L 2 to S 24 to obtain a random k 2 ; f. calculates S25, J=L 1 ♁ k 2 ;g. Using the third decryption module D pre and the third keyword k pre , decrypting J S26 to obtain the instruction I; h. calculating the XOR between the S27 instruction I and k 2 The triple transfer value M, M = I ♁ k 2 ; i. Send the S28 third transfer value M to the host.

最後,由於應用知道,可藉計算I=M ♁ k2獲得S29清除中的指令I,然後主機即可執行S30指令I。 Finally, since the application knows, the instruction I in the S29 clear can be obtained by computing I=M ♁ k 2 , and then the host can execute the S30 instruction I.

在變化具體例中,加密指令J是在清除中從主機發送到電路,意即L1=J,則步驟b和f即不進行。 In the specific example of the change, the encryption command J is sent from the host to the circuit during the clearing, that is, L 1 = J, then steps b and f are not performed.

第3圖繪示本發明較佳具體例共同執行軟體應用之系統。此系統200包括主機210和輔助裝置220。 FIG. 3 is a diagram showing a preferred embodiment of the present invention for jointly executing a software application system. This system 200 includes a host 210 and an auxiliary device 220.

主機210實際上可為任何型式之處理裝置,以個人電腦和遊戲器控制台為佳。主機210最好包括ROM 211、RAM 212、至少一處理器213,和適於與輔助裝置220互動之界面214。ROM 211儲存本族軟體2111,而RAM 212儲存軟體應用215(宜從輔助裝置220下載),包括白箱實施區塊密碼2151(諸如AES),和許多加密指令2152。處理器213適於執行本族軟體2111和軟體應用215。 The host 210 can be virtually any type of processing device, preferably a personal computer and a game console. The host 210 preferably includes a ROM 211, a RAM 212, at least one processor 213, and an interface 214 adapted to interact with the auxiliary device 220. The ROM 211 stores the family of software 2111, while the RAM 212 stores the software application 215 (which should be downloaded from the auxiliary device 220), including the white box implementation block code 2151 (such as AES), and a number of encryption instructions 2152. The processor 213 is adapted to execute the native software 2111 and the software application 215.

輔助裝置220宜為RFID,包括與主機210通訊之界面221,有存取至少上述二關鍵詞k1和kpre之處理器(區塊密碼電路)222,以及非無常性記憶器223。須知亦可為輔助裝置220實施二不同區塊密碼,關鍵詞各一。區塊密碼電路222係功能性連接至界面221和非無常性記憶器223。 The auxiliary device 220 is preferably an RFID, and includes an interface 221 for communicating with the host 210, a processor (block cipher circuit) 222 for accessing at least the above two keywords k 1 and k pre , and a non-aliasable memory 223. It should be noted that the auxiliary device 220 can also implement two different block passwords, one for each keyword. The block cipher circuit 222 is functionally coupled to the interface 221 and the non-aliasable memory 223.

於執行當中,軟體應用215可儲存資料於非無常性記憶器223,或由此檢復資料。 During execution, the software application 215 can store data in the non-aliasable memory 223, or thereby remedy the data.

如第4圖繪示,主機CPU 213包括核心CPU 2131,以執行軟體。資料匯流排保護功能載錄於CPU窖藏器2132內,產生隨機k2;使用E1加密k2和J,並發送加密至界面214。資料匯流排解密功能載錄於CPU暫存器2133內,從CPU窖藏器2132接收k2,和從界面214接收加密指令M=k2 ♁ I,再藉計算I=k2 ♁ M,獲得清除中的指令I,然後,核心CPU 2131可執行指令I。 As shown in FIG. 4, the host CPU 213 includes a core CPU 2131 to execute software. The data bus protection function is recorded in the CPU buffer 2132, generating a random k 2 ; encrypting k 2 and J using E 1 and transmitting the encryption to the interface 214. The data bus decryption function is recorded in the CPU register 2133, receives k 2 from the CPU buffer 2132, and receives the encrypted command M=k 2 ♁ I from the interface 214, and then obtains the clear by calculating I=k 2 ♁ M In the instruction I, then the core CPU 2131 can execute the instruction 1.

軟體應用配銷之前,把至少一指令加密。最好是使用機率加 密達成,以便對同樣關鍵詞下,對同一輸入有二不同加密。 At least one instruction is encrypted before the software application is distributed. It is best to use the chance plus The secret is reached so that under the same keyword, there are two different encryptions for the same input.

軟體應用可使用任何適當配銷機制(例如網際網路、光學媒體,或在輔助裝置220內),輸送至主機210。以軟體應用透過網際網路配銷之情況言,輔助裝置220必須設法輸送給軟體應用之使用者,妥當運轉。 The software application can be delivered to host 210 using any suitable dispensing mechanism (e.g., internet, optical media, or within auxiliary device 220). In the case of software applications distributed through the Internet, the auxiliary device 220 must try to deliver to the user of the software application and operate properly.

軟體應用最好包括白箱實施具有祕密關鍵詞k1之AES解密模組。軟體應用亦含有加密指令集合。 Software application preferably comprises a white-box implementation of a private keyword of k AES decryption module. Software applications also contain a collection of encrypted instructions.

第二較佳具體例Second preferred embodiment

於此,指令係以加密隨機值E(Ri)將各指令Ii進行XOR,予以加密,即Ii ♁ E(Ri)。加密指令連同相對應隨機值儲存,賦予加密指令子集:{(I0 ♁ E(R0);R0);... Here, the instruction XORs each instruction I i with an encrypted random value E(R i ), that is, I i ♁ E(R i ). The encryption instruction is stored along with the corresponding random value, and is given a subset of the encryption instruction: {(I 0 ♁ E(R 0 ); R 0 );...

(Ii ♁ E(Ri);Ri);... (I i ♁ E(R i ); R i );...

(In ♁ E(Rn);Rn)} (I n ♁ E(R n ); R n )}

主機協定可按下述實施,假設指令I為64位元長,而隨機值Ri、k2和k3亦64位元長,演算法E1和Epre係以ECB模態實施之128位元AES加密。在關鍵詞k1下之E1係以白箱實施,而加密演算法E2(以及解密演算法D2),係使用二隨機值k2和k3,以XOR操作實施。 The host protocol can be implemented as follows, assuming that the instruction I is 64 bits long, and the random values R i , k 2 and k 3 are also 64 bits long, and the algorithms E 1 and E pre are 128 bits implemented in the ECB mode. Meta AES encryption. Under the keyword k 1 E 1 lines in white-box implementation, the encryption algorithm E 2 (and a decryption algorithm D 2), using a two-based random value k 2 and k 3, to implement an XOR operation.

相對應輔助裝置協定實施如下: The corresponding auxiliary device agreement is implemented as follows:

可知協定部份吻合,即使變數名稱不同;此反映出例如當協定按應然作業時,k2和k’2一致,惟輔助裝置無從知道情況是否如此(以下第5圖所示相同)。 It can be seen that the agreement partially coincides, even if the variable names are different; this reflects, for example, that k 2 and k' 2 are identical when the agreement is supposed to work, but the auxiliary device has no way of knowing whether this is the case (the same is shown in Figure 5 below).

對輔助裝置而言,假設非無常性記憶器223由主機可容易讀取,但區塊密碼電路223係防混亂。第5圖繪示本發明第二具體例區塊密碼電路之方塊圖。 For the auxiliary device, it is assumed that the non-aliasing memory 223 is easily readable by the host, but the block cipher circuit 223 is confusing. Figure 5 is a block diagram showing a block cipher circuit of a second embodiment of the present invention.

Menezes,van Oorschot和Vanstone所述AES實施,是有3,595閘的晶片。加密128位元需約1000時計週期。由於在協定中需要二加密步驟,指定一場即需約2000時計週期來處理資料。 The AES implementation described by Menezes, van Oorschot and Vanstone is a wafer with 3,595 gates. Encrypting 128 bits takes about 1000 cycles. Since a two-encryption step is required in the agreement, specifying a field requires approximately 2000 hours to process the data.

由此可知,本發明提供輕便協定,以認證和核對輔助裝置的存在。 It will thus be appreciated that the present invention provides a lightweight agreement to authenticate and verify the presence of an auxiliary device.

從效益觀點,其好處包括:‧交換訊文及其內容數量最少。以64位元指令和AES區塊密碼而言,所交換位元組數為32位元組(L1+L2+M);‧在協定中只有兩次傳接;‧兩邊的計算複雜性均低:主機有1區塊加密,輔助裝置有2區塊加密。 From a benefit perspective, the benefits include: • The minimum number of exchanges and their content. In terms of 64-bit instructions and AES block ciphers, the number of bytes exchanged is 32 bytes (L 1 +L 2 +M); ‧ only two transfers in the agreement; ‧ computational complexity on both sides Both are low: the host has 1 block encryption, and the auxiliary device has 2 block encryption.

從安全性觀點: From a security point of view:

‧協定可更新,由於軟體應用之間可有不同協定關鍵詞和白箱實施。 ‧ The agreement can be updated due to different agreement keywords and white box implementations between software applications.

‧更重要的是,協定安全,因可對抗再播放和侵入者在資料轉移之際密探匯流排之字典侵入。 ‧ More importantly, the agreement is safe, because it can be used against the replay and intruders in the dictionary of the secret search bus at the time of data transfer.

‧協定可提供優惠價碼/安全性交易,故可用來保護現時應用。 ‧The agreement can provide preferential price/security transactions and can be used to protect current applications.

雖然上述加密指令有利於從配銷支援,諸如DVD或CD-ROM讀取,亦可從伺服器或網際網路等外部來源接收之訊號讀取。此外,在說明書中,加密指令是使用廣義的加密方式加密,包含例如通常加 密(諸如為保護審理關鍵詞k2所用)和混亂(例如利用運算碼之排列),而關鍵詞即相當於如何收回混亂之「指令」。 Although the above encryption instructions facilitate reading from distribution support, such as DVD or CD-ROM, it can also be read from external sources such as servers or the Internet. Moreover, in the specification, the encryption instructions are encrypted using a generalized encryption method, including, for example, normal encryption (such as used to protect the trial keyword k 2 ) and confusion (eg, using an arrangement of the operation codes), and the keyword is equivalent to how to recover The "instructions" of chaos.

說明書以及(適當時)申請專利範圍及附圖內揭示之特點,可單獨或以任何適當方式組合提供。所述特點係以硬體實施者,亦可藉軟體實施,反之亦然。申請專利範圍內出現之參照數字僅供繪示參考,對申請專利範圍無限制效力。 The specification and, where appropriate, the scope of the patent application and the features disclosed in the drawings may be provided separately or in any suitable manner. The features are implemented by hardware or by software, and vice versa. The reference numbers appearing within the scope of patent application are for reference only and have no limitation on the scope of patent application.

110‧‧‧主機 110‧‧‧Host

120‧‧‧電路 120‧‧‧ Circuitry

S10‧‧‧讀取預加密指令J S10‧‧‧Read pre-encrypted instruction J

S11‧‧‧使用關鍵詞k1加密J和隨機k2而得L S11‧‧‧L by using the keyword k 1 to encrypt J and random k 2

S12‧‧‧把第一轉移值L發送到電路120 S12‧‧‧ sends the first transfer value L to the circuit 120

S13‧‧‧使用k1解密L而得J和k2 S13‧‧‧Use k 1 to decrypt L and get J and k 2

S14‧‧‧解密J而得I S14‧‧‧Decrypted J and got I

S15‧‧‧M=以k2加密I S15‧‧‧M=Encryption with k 2

S16‧‧‧把第二轉移值M發送到主機110 S16‧‧‧ sends the second transfer value M to the host 110

S17‧‧‧使用k2解密M而得I S17‧‧‧ Use k 2 to decrypt M and get I

S18‧‧‧執行指令I S18‧‧‧Execution Directive I

Claims (8)

一種參與共同執行軟體應用之第一方法,軟體應用包括至少一加密指令(J)係未加密指令(I)之加密,此方法在第一裝置(210)包括步驟為:獲得(S10)第一加密指令(J);產生(S11;S20)審理關鍵詞k2;使用對稱加密演算法和第一關鍵詞k1,加密(S11;S22)審理關鍵詞k2;把第一加密指令(J)和加密審理關鍵詞k2,轉移(S12;S23)至第二裝置(220);從第二裝置(220)接收(S16;S28)第二加密指令(M),第二加密指令(M)係未加密指令(I)使用審理關鍵詞k2加密;使用對稱加密演算法和審理關鍵詞k2,解密(S17;S29)第二加密指令(M),得未加密指令(I);執行(S18;S30)未加密指令(I)者。 A first method for participating in a common execution software application, the software application comprising at least one encryption instruction (J) being an encryption of an unencrypted instruction (I), the method comprising the steps in the first device (210): obtaining (S10) the first Encryption instruction (J); generating (S11; S20) trial keyword k 2 ; using symmetric encryption algorithm and first keyword k 1 , encrypting (S11; S22) hearing keyword k 2 ; And encrypting the challenge keyword k 2 , transferring (S12; S23) to the second device (220); receiving (S16; S28) the second encryption command (M) from the second device (220), the second encryption command (M) The unencrypted instruction (I) is encrypted using the trial keyword k 2 ; the symmetric encryption algorithm and the trial keyword k 2 are used to decrypt (S17; S29) the second encrypted instruction (M), resulting in an unencrypted instruction (I); Execute (S18; S30) the unencrypted instruction (I). 如申請專利範圍第1項參與共同執行軟體應用之第一方法,又包括超加密第一加密指令(J),其中第一加密指令係經超加密轉移至第二裝置(220)者。 The first method of participating in the software application, as in the first application of the patent scope, further includes a super-encrypted first encryption instruction (J), wherein the first encryption instruction is transferred to the second device (220) by super-encryption. 一種參與共同執行軟體應用之第二方法,軟體應用包括至少一加密指令(J),此方法在第二裝置(220)包括步驟為:從第一裝置(210)接收(S12;S23)第一加密指令和加密審理關鍵詞k2,審理關鍵詞k2係使用對稱加密演算法和第一關鍵詞k1加密;使用第一關鍵詞k1,解密(S13;S24)加密審理關鍵詞k2;使用對稱加密演算法和第三關鍵詞kpre,解密(S14;S26)第一加密指令,獲得指令(I);使用對稱加密演算法和審理關鍵詞k2,解密(S15;S27)指令(I),獲得第二加密指令(M);將第二加密指令(M)轉移(S15;S28)至第一裝置(210)者。 A second method of participating in a common execution of a software application, the software application comprising at least one encryption instruction (J), the method comprising the step of: receiving, at the second device (210), the first device (210) (S12; S23) The encryption instruction and the encryption trial keyword k 2 , the trial keyword k 2 is encrypted using the symmetric encryption algorithm and the first keyword k 1 ; using the first keyword k 1 , decrypting (S13; S24) encrypting the trial keyword k 2 Using the symmetric encryption algorithm and the third keyword k pre , decrypting (S14; S26) the first encryption instruction, obtaining the instruction (I); using the symmetric encryption algorithm and the trial keyword k 2 , decrypting (S15; S27) instructions (I), obtaining a second encryption command (M); transferring the second encryption command (M) (S15; S28) to the first device (210). 如申請專利範圍第3項參與共同執行軟體應用之第二方法,其中第一加密指令係經超加密接收,且其中第二裝置又將加密的第一加密指令之超加密,加以解密者。 The second method of participating in the software application, as in the third aspect of the patent application, wherein the first encryption instruction is received by hyper-encryption, and wherein the second device further encrypts the encrypted first encryption instruction and decrypts it. 一種參與共同執行軟體應用之第一裝置(210),軟體應用包括至少一加密指令(J),係未加密指令(I)之加密,此第一裝置(210)包括處理器(213),構成:獲得第一加密指令(J);產生審理關鍵詞k2;使用對稱加密演算法和第一關鍵詞k1,加密審理關鍵詞k2;把第一加密指令(J)和加密審理關鍵詞k2,轉移至第二裝置(120);從第二裝置(120)接收第二加密指令(M),第二加密指令(M)係未加密指令(I)使用審理關鍵詞k2加密;使用對稱加密演算法和審理關鍵詞k2,解密第二加密指令(M),得指令(I);執行指令(I)者。 A first device (210) participating in a co-executing software application, the software application comprising at least one encryption instruction (J), which is an encryption of an unencrypted instruction (I), the first device (210) comprising a processor (213), constituting : obtaining a first encrypted instruction (J); generating trial keyword k 2; symmetric encryption algorithm using a first keyword and k 1, encryption trial keyword k 2; the first encrypted instruction (J) and Image encryption trial k 2 , transferring to the second device (120); receiving a second encryption instruction (M) from the second device (120), the second encryption instruction (M) being an unencrypted instruction (I) using the trial keyword k 2 to encrypt; The symmetric encryption algorithm and the trial keyword k 2 are used to decrypt the second encrypted instruction (M) to obtain the instruction (I); and the instruction (I) is executed. 如申請專利範圍第5項之第一裝置,又構成超加密第一加密指令(J),而其中第一加密指令(J)係經超加密轉移至第二裝置者。 For example, the first device of claim 5 of the patent scope further constitutes a super-encrypted first encryption command (J), and wherein the first encryption command (J) is transferred to the second device by super-encryption. 一種參與共同執行軟體應用之第二裝置(220),軟體應用包括至少一加密指令(J),此第二裝置(220)包括處理器(222),構成:從第一裝置(110)接收第一加密指令和加密審理關鍵詞k2,審理關鍵詞k2係使用對稱加密演算法和第一關鍵詞k1加密;使用第一關鍵詞k1,解密加密審理關鍵詞k2;使用對稱加密演算法和第三關鍵詞kpre,解密第一加密指令,獲得指令(I);使用對稱加密演算法和審理關鍵詞k2,解密指令(I),獲得第二加密指令(M);將第二加密指令(M)轉移至第一裝置(110)者。 A second device (220) participating in a co-executing software application, the software application comprising at least one encryption instruction (J), the second device (220) comprising a processor (222) configured to receive the first device (110) An encryption instruction and an encryption trial keyword k 2 , the trial keyword k 2 is encrypted using a symmetric encryption algorithm and a first keyword k 1 ; the first keyword k 1 is used to decrypt the encrypted trial keyword k 2 ; The algorithm and the third keyword k pre , decrypt the first encryption instruction, obtain the instruction (I); use the symmetric encryption algorithm and the trial keyword k2, decrypt the instruction (I), obtain the second encryption instruction (M); The second encryption instruction (M) is transferred to the first device (110). 如申請專利範圍第7項之第二裝置,其中處理器構成接收經超加密之第一加密指令,且將加密的第一加密指令之超加密,加以解密,而得第一加密指令(J)者。 The second device of claim 7, wherein the processor is configured to receive the super-encrypted first encryption instruction, and super-encrypt and encrypt the encrypted first encryption instruction to obtain the first encryption instruction (J) By.
TW102101877A 2012-02-14 2013-01-18 System, devices and methods for collaborative execution of a software application comprising at least one encrypted instruction TW201337633A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP12030516 2012-02-14

Publications (1)

Publication Number Publication Date
TW201337633A true TW201337633A (en) 2013-09-16

Family

ID=49627881

Family Applications (1)

Application Number Title Priority Date Filing Date
TW102101877A TW201337633A (en) 2012-02-14 2013-01-18 System, devices and methods for collaborative execution of a software application comprising at least one encrypted instruction

Country Status (1)

Country Link
TW (1) TW201337633A (en)

Similar Documents

Publication Publication Date Title
US9152805B2 (en) Security device
JP5184489B2 (en) Method and apparatus for instruction level software encryption
US8000467B2 (en) Data parallelized encryption and integrity checking method and device
JP2018529271A (en) Key generation method and apparatus using double encryption
EP2629225A1 (en) System, devices and methods for collaborative execution of a software application comprising at least one encrypted instruction
CN107005415A (en) For encrypting/decrypting the block encryption method of message and realize the encryption device of this method
US20210097187A1 (en) Protecting data from brute force attack
BR102018015221A2 (en) METHOD FOR SECURE SHARING OF INFORMATION AND RELATED SYSTEM
US7636441B2 (en) Method for secure key exchange
CN105468940B (en) Method for protecting software and device
JP2020506611A (en) Addressing to a trusted execution environment using a signing key
JP2012005129A (en) Method for securing transmission data and security system
KR20150142623A (en) Cryptographic method for securely exchanging messages and device and system for implementing this method
JP2021525030A (en) User protection license
US20220094519A1 (en) Preserving aggregation using homomorphic encryption and trusted execution environment, secure against malicious aggregator
JP2010517449A (en) Secret protection for untrusted recipients
Sharma et al. Secure file storage on cloud using hybrid cryptography
US20210126776A1 (en) Technologies for establishing device locality
US20190044709A1 (en) Incorporating software date information into a key exchange protocol to reduce software tampering
JP2007515723A (en) Software execution protection using active entities
KR20140071775A (en) Cryptography key management system and method thereof
US11496287B2 (en) Privacy preserving fully homomorphic encryption with circuit verification
Magdum et al. A secure data transfer algorithm for USB mass storage devices to protect documents
CN110020533A (en) A kind of method for security protection and terminal of VR resource
TWI675578B (en) Encryption and decryption system, encryption device, decryption device and encryption and decryption method