TW201337633A - System, devices and methods for collaborative execution of a software application comprising at least one encrypted instruction - Google Patents
System, devices and methods for collaborative execution of a software application comprising at least one encrypted instruction Download PDFInfo
- Publication number
- TW201337633A TW201337633A TW102101877A TW102101877A TW201337633A TW 201337633 A TW201337633 A TW 201337633A TW 102101877 A TW102101877 A TW 102101877A TW 102101877 A TW102101877 A TW 102101877A TW 201337633 A TW201337633 A TW 201337633A
- Authority
- TW
- Taiwan
- Prior art keywords
- encryption
- instruction
- keyword
- encrypted
- software application
- Prior art date
Links
Landscapes
- Storage Device Security (AREA)
Abstract
Description
本發明一般係關於加密,尤指共同處理之安全協定。 The present invention relates generally to encryption, and more particularly to security protocols for common processing.
此節旨在對讀者介紹諸項技術面向,與下述和/或申請專利範圍所述本發明諸要旨可能相關。此項討論咸信有助於對讀者提供背景資訊,以便更為明瞭本發明諸要旨。因此,須知此等陳述係就此閱讀,而非納入先前技術。 This section is intended to introduce the reader to the technical aspects and may be related to the gist of the invention described below and/or in the scope of the claims. This discussion helps to provide readers with background information to better understand the gist of the present invention. Therefore, it is to be understood that such statements are read here rather than incorporated into the prior art.
已知安全問題,是如何確保軟體應用,未進行原先支援儲存軟體應用,無法適當執行軟體應用。 The known security issue is how to ensure the application of the software. The original software application is not supported, and the software application cannot be properly executed.
典型之先前技術保護,包含軟體應用裝紮於配銷所用之支援。裝紮機制一般係基於支援(支援ID、支援關鍵詞等)專用之若干資訊。惟特別是應用旨在無信用平台上運作時,尚有不足。 Typical prior art protection, including support for software applications being tied to distribution. The binding mechanism is generally based on information specific to support (support ID, support keywords, etc.). However, there are still shortcomings, especially when the application is designed to operate on a non-credit platform.
因此,須知亟需有一種協定,在共同處理某些共享資料之際,致使第一裝置核對第二裝置之存在,亦即此協定確保例如運作一種應用之電腦,係在適當執行應用所需一種擋件(dongle)存在下。 Therefore, it is necessary to have an agreement that, when co-processing certain shared data, causes the first device to check the existence of the second device, that is, the agreement ensures that, for example, a computer that operates an application is required for proper execution of the application. The dongle exists.
WO 2009/095493記載如下協定,以核對小裝置存在: WO 2009/095493 describes the following agreement to verify the existence of small devices:
1.軟體廠商使用演算法和只有軟體廠商知道的關鍵詞,預加密軟體應用之至少一些指令,即J=Epre{kpre}(I)。然後,把加密軟體應用複製到其配銷支援上。 1. The software vendor uses algorithms and only keywords known to the software vendor to pre-encrypt at least some of the instructions of the software application, ie J=E pre {k pre }(I). Then, copy the encryption software application to its distribution support.
2.相對應解密模組Epre -1和關鍵詞kpre,為焊在配銷支援上的電路所知,但軟體應用則不知。因此,指令J=Epre{kpre}(I)不能以在主機上運作的應用加以解密,若照此執行時,會導致不正確之錯誤操作。 2. Corresponding to the decryption module E pre -1 and the keyword k pre , the circuit is known for welding on the distribution support, but the software application is unknown. Therefore, the instruction J=E pre {k pre }(I) cannot be decrypted by the application running on the host, and if executed as such, it may result in an incorrect error operation.
3.應用發送資料至支援,每次需執行保護指令J時,則使用電路。 3. The application sends the data to the support, and the circuit is used each time the protection command J needs to be executed.
此協定有趣,惟對字典侵入,仍有價值。若侵入者能密探到主機與配銷支援機之通訊匯流排,則此特別真實。 This agreement is interesting, but it still has value for dictionary intrusion. This is especially true if the intruder can detect the communication bus of the host and the distribution support machine.
一種可能之替代項,是使用標準公用關鍵詞密碼術機制。例如安全認證之通道,可設立在遊戲器控制台和電路之間,可防止任何通訊密探。惟此舉會大為增加電路成本,因需安全且有效實施公用關鍵詞密碼術演算法。尤其是使用公用關鍵詞密碼術,可防止僅用硬體實施。 A possible alternative is to use the standard public keyword cryptography mechanism. For example, a channel for secure authentication can be set up between the game console and the circuit to prevent any communication spies. However, this will greatly increase the cost of the circuit, because it is necessary to implement the public keyword cryptography algorithm safely and effectively. In particular, the use of public keyword cryptography prevents the implementation of hardware only.
位於所述二者間之解決方案,見於WO 2005/064433,其中電腦使用擋件之公用關鍵詞,檢復所加密之靜態資料,產生隨機值,使用公用關鍵詞加密,把加密靜態資料和隨機值,發送到擋件。擋件使用其私用關鍵詞解密此等項目,使用隨機值做為加密關鍵詞,加密靜態資料,把再加密靜態資料送回到電腦,解密靜態資料並加以使用。雖然解決方案作業良好,惟須知相當耗費資源,因為不但用到不對稱加密,而且特別為各擋件加密靜態資料。 A solution between the two is found in WO 2005/064433, in which the computer uses the common keywords of the block, procure the encrypted static data, generate random values, encrypt using public keywords, encrypt the static data and randomize Value, sent to the block. The block uses its private keyword to decrypt these items, uses the random value as the encryption key, encrypts the static data, sends the re-encrypted static data back to the computer, decrypts the static data and uses it. Although the solution works well, it is quite resource-intensive because it uses asymmetric encryption and encrypts static data specifically for each block.
因此,亟需一種解決方案,可以克服先前技術之缺點。本發明即提供如此之解決方案。 Therefore, there is a need for a solution that overcomes the shortcomings of the prior art. The present invention provides such a solution.
本發明第一要旨,針對參與共同執行軟體應用之第一方法,此軟體應用包括至少一加密指令,係未加密指令之加密。第一裝置獲得第一加密指令;產生審理關鍵詞;使用對稱加密演算法和第一關鍵詞,加密審理關鍵詞;並將第一加密指令和加密審理關鍵詞,轉移到第二裝置;從第二裝置接收第二加密指令,第二加密指令係未加密指令使用審理關鍵詞加密;第二加密指令使用對稱加密演算法和審理關鍵詞解密,而得未加密指令;並執行未加密指令。 The first aspect of the present invention is directed to a first method of participating in a common execution of a software application, the software application comprising at least one encryption instruction, which is an encryption of an unencrypted instruction. The first device obtains the first encryption instruction; generates a trial keyword; encrypts the trial keyword using the symmetric encryption algorithm and the first keyword; and transfers the first encryption command and the encrypted trial keyword to the second device; The second device receives the second encryption instruction, the second encryption instruction is the unencrypted instruction using the trial keyword encryption; the second encryption instruction uses the symmetric encryption algorithm and the trial keyword decryption to obtain the unencrypted instruction; and executes the unencrypted instruction.
在第一較佳具體例中,第一裝置超加密第一加密指令後,才轉移到第二裝置。 In the first preferred embodiment, the first device super-encrypts the first encryption command before transferring to the second device.
本發明第二要旨,針對參與共同執行軟體應用之第二方法,此軟體應用包括至少一加密指令。第二裝置從第一裝置接收第一加密指令和加密審理關鍵詞,審理關鍵詞係使用對稱加密演算法和第一關鍵詞加密;使用第一關鍵詞把加密審理關鍵詞解密;第一加密指令使用對稱加密 演算法和第三關鍵詞解密,獲得指令;指令使用對稱加密演算法和審理關鍵詞加密,而得第二加密指令;並將第二加密指令轉移到第一裝置。 A second aspect of the present invention is directed to a second method of participating in a co-executing software application, the software application including at least one encryption instruction. The second device receives the first encryption instruction and the encryption trial keyword from the first device, the trial keyword uses a symmetric encryption algorithm and the first keyword encryption; uses the first keyword to decrypt the encryption trial keyword; the first encryption instruction Use symmetric encryption The algorithm and the third keyword are decrypted to obtain an instruction; the instruction uses a symmetric encryption algorithm and a trial keyword encryption to obtain a second encryption instruction; and the second encryption instruction is transferred to the first device.
在第一較佳具體例中,接收之第一加密指令經超加密,而第二指令進一步把加密的第一加密指令之超加密解密。 In a first preferred embodiment, the received first encrypted command is over-encrypted, and the second command further decrypts the encrypted first encrypted command.
本發明第三要旨,針對構成參與共同執行軟體應用之第一裝置,此軟體應用包括至少一加密指令,係未加密指令之加密。第一裝置包括處理器,構成:獲得第一加密指令,產生審理關鍵詞;使用對稱加密演算法和第一關鍵詞,加密審理關鍵詞;把第一加密指令和加密審理關鍵詞,轉移到第二裝置;從第二裝置接收第二加密指令,第二加密指令係未加密指令使用審理關鍵詞加密;第二加密指令使用對稱加密演算法和審理關鍵詞解密,而得指令;並執行指令。 A third aspect of the present invention is directed to a first device constituting a co-executing software application, the software application including at least one encryption instruction, which is an encryption of an unencrypted instruction. The first device comprises a processor, configured to: obtain a first encryption instruction, generate a trial keyword; use a symmetric encryption algorithm and a first keyword to encrypt the trial keyword; and transfer the first encryption command and the encrypted trial keyword to the first The second device receives a second encryption instruction from the second device, the second encryption instruction is an unencrypted instruction using a trial keyword encryption; the second encryption instruction uses a symmetric encryption algorithm and a trial keyword decryption to obtain an instruction; and executes the instruction.
在第一較佳具體例中,處理器又構成對第一加密指令超加密後,才轉移到第二裝置。 In the first preferred embodiment, the processor is configured to super-encrypt the first encrypted command before transferring to the second device.
本發明第四要旨,針對構成參與共同執行軟體應用之第二裝置,此軟體應用包括至少一加密指令。第二裝置包括處理器,構成:從第一裝置接收第一加密指令和加密審理關鍵詞,審理關鍵詞係使用對稱加密演算法和第一關鍵詞加密;加密審理關鍵詞使用第一關鍵詞解密;第一加密指令使用對稱加密演算法和第三關鍵詞解密,獲得指令;指令使用對稱加密演算法和審理關鍵詞加密,而得第二加密指令;並將第二加密指令轉移到第一裝置。 A fourth aspect of the present invention is directed to a second device constituting a co-executing software application, the software application including at least one encryption instruction. The second device comprises a processor, configured to: receive the first encryption instruction and the encryption trial keyword from the first device, the trial keyword uses a symmetric encryption algorithm and the first keyword encryption; and the encrypted trial keyword uses the first keyword to decrypt The first encryption instruction uses a symmetric encryption algorithm and a third keyword decryption to obtain an instruction; the instruction uses a symmetric encryption algorithm and a trial keyword encryption to obtain a second encryption instruction; and transfers the second encryption instruction to the first device .
在第一較佳具體例中,處理器構成接收超加密之第一加密指令,並將加密的第一加密指令之超加密解密,而得第一加密指令。 In a first preferred embodiment, the processor constitutes a first encrypted instruction that receives the super-encryption, and decrypts the encrypted first encrypted instruction by a super-encryption to obtain a first encrypted instruction.
110‧‧‧主機 110‧‧‧Host
120‧‧‧電路 120‧‧‧ Circuitry
200‧‧‧系統 200‧‧‧ system
210‧‧‧主機 210‧‧‧Host
211‧‧‧ROM 211‧‧‧ROM
212‧‧‧RAM 212‧‧‧RAM
213‧‧‧處理器 213‧‧‧ processor
214‧‧‧界面 214‧‧‧ interface
215‧‧‧軟體應用 215‧‧‧Software applications
220‧‧‧輔助裝置 220‧‧‧Auxiliary devices
221‧‧‧界面 221‧‧‧ interface
222‧‧‧區塊密碼電路 222‧‧‧ Block cipher circuit
223‧‧‧非無常性記憶器 223‧‧‧ non-argumental memory
2111‧‧‧本族軟體 2111‧‧‧This family of software
2131‧‧‧核心CPU 2131‧‧‧ Core CPU
2132‧‧‧CPU窖藏器 2132‧‧‧CPU hidden device
2133‧‧‧CPU暫存器 2133‧‧‧CPU register
2151‧‧‧區塊密碼 2151‧‧‧block password
2152‧‧‧加密指令 2152‧‧‧Encryption instructions
S10‧‧‧讀取預加密指令J S10‧‧‧Read pre-encrypted instruction J
S11‧‧‧使用關鍵詞k1加密J和隨機k2而得L S11‧‧‧L by using the keyword k 1 to encrypt J and random k 2
S12‧‧‧把第一轉移值L發送到電路120 S12‧‧‧ sends the first transfer value L to the circuit 120
S13‧‧‧使用k1解密L而得J和k2 S13‧‧‧Use k 1 to decrypt L and get J and k 2
S14‧‧‧解密J而得I S14‧‧‧Decrypted J and got I
S15‧‧‧M=以k2加密I S15‧‧‧M=Encryption with k 2
S16‧‧‧把第二轉移值M發送到主機110 S16‧‧‧ sends the second transfer value M to the host 110
S17‧‧‧使用k2解密M而得I S17‧‧‧ Use k 2 to decrypt M and get I
S18‧‧‧執行指令I S18‧‧‧Execution Directive I
S20‧‧‧產生隨機k2 S20‧‧‧ generates random k 2
S21‧‧‧XORs k2和J得第一轉移值L1=J ♁ k2 S21‧‧‧XORs k 2 and J have the first transfer value L 1 =J ♁ k 2
S22‧‧‧使用第一匯流排加密模組E1和關鍵詞k1加密隨機得第二轉 移值L2=E1{k1}(k2) S22‧‧‧ encrypting the random second transfer value L 2 =E 1 {k 1 }(k 2 ) using the first bus encryption module E 1 and the keyword k 1
S23‧‧‧發送第一轉移值、第二轉移值一對(L1,L2)至電路120 S23‧‧‧ sends a first transfer value and a second transfer value pair (L 1 , L 2 ) to the circuit 120
S24‧‧‧使用第一匯流排解密模組D1和k1把L2解密得隨機k2 S24‧‧‧ Decrypt L 2 to random k 2 using the first bus decryption modules D 1 and k 1
S25‧‧‧計算J=L1 ♁ k2 S25‧‧‧calculated J=L 1 ♁ k 2
S26‧‧‧使用第三解密模組Dpre和第三關鍵詞kpre把J解密獲得指令I S26‧‧‧Use the third decryption module D pre and the third keyword k pre to decrypt J to obtain the instruction I
S27‧‧‧計算指令I和k2間之XOR得第三轉移值M=I ♁ k2 S27‧‧‧ Calculate the XOR between instruction I and k 2 to obtain the third transfer value M=I ♁ k 2
S28‧‧‧發送第三轉移值M至主機 S28‧‧‧ sends the third transfer value M to the host
S29‧‧‧計算I=M ♁ k2獲得清除中的指令I S29‧‧‧ Calculate I=M ♁ k 2 Get the instruction I cleared
S30‧‧‧執行指令I S30‧‧‧Execution Directive I
第1圖繪示本發明執行軟體應用之概括方法;第2圖繪示本發明較佳具體例執行軟體應用之方法;第3圖繪示本發明較佳具體例共同執行軟體應用之系統;第4圖繪示本發明較佳具體例處理器之方塊圖;第5圖繪示本發明較佳具體例區塊密碼電路之方塊圖。 1 is a schematic diagram of a method for executing a software application according to a preferred embodiment of the present invention; FIG. 3 is a diagram showing a preferred embodiment of the present invention for performing a software application; 4 is a block diagram of a processor of a preferred embodiment of the present invention; and FIG. 5 is a block diagram of a block cipher circuit of a preferred embodiment of the present invention.
茲參照附圖所示非限制實施例,說明本發明較佳特點。 Preferred features of the invention are described with reference to the non-limiting embodiments illustrated in the drawings.
本發明主要構想是使用生命保護機制,扣合預加密機制。 The main idea of the invention is to use a life protection mechanism to engage the pre-encryption mechanism.
易言之,保護機制是在資料轉移之際,用來保護匯流排。由主機執行之此資料匯流排保護機制,設計方式是使未保護操作(亦部份由主機執行)只有在電路存在下有效,最好聯合到配銷支援。為此,在主機和電路實施的硬體模組之間,共享部份保護機制,即電路包括軟體應用所未知之解密方法。所擬保護實務上在效益和硬體/軟體實施上有效。 In other words, the protection mechanism is used to protect the bus at the time of data transfer. The data bus protection mechanism implemented by the host is designed such that unprotected operations (also partially performed by the host) are only effective in the presence of the circuit, preferably in conjunction with distribution support. To this end, a partial protection mechanism is shared between the host and the hardware modules implemented by the circuit, that is, the circuit includes a decryption method unknown to the software application. The proposed protection practice is effective in terms of efficiency and hardware/software implementation.
旨在利用主機CPU執行之軟體應用,包括第一匯流排加密模組E1和(最好是對稱)關鍵詞k1,以及第二匯流排解密模組D2。軟體應用亦包括至少一加密(甚至預加密)指令J,需在執行之前解密。儲存軟體應用之配銷支援,包括電路,有第一匯流排解密模組D1和關鍵詞k1,相當於第一匯流排加密模組(即對稱加密情況時一致,而在不對稱加密情況時,是成對關鍵詞之「其他」關鍵詞),以及第二匯流排加密模組E2。電路又包括第三解密模組Dpre,和固定之第三關鍵詞kpre;此等致能把預加密解密。須知至少一加密指令J已在軟體應用配銷之前,由軟體提供者使用相當於第三關鍵詞kpre之加密關鍵詞加密;最好是軟體提供者兼能加密和解密,而電流只能解密。 A software application intended to be executed by a host CPU includes a first bus cryptographic module E 1 and a (preferably symmetric) keyword k 1 and a second bus decryption module D 2 . The software application also includes at least one encrypted (or even pre-encrypted) instruction J that needs to be decrypted prior to execution. The distribution support for the storage software application, including the circuit, has the first bus decryption module D 1 and the keyword k 1 , which is equivalent to the first bus encryption module (ie, the symmetric encryption case is consistent, and in the asymmetric encryption case) At the time, it is the "other" keyword of the pair of keywords), and the second bus encryption module E 2 . The circuit further includes a third decryption module Dpre , and a fixed third keyword kpre ; these enable decryption of the pre-encryption. It should be noted that at least one encryption command J has been encrypted by the software provider using the encrypted keyword equivalent to the third keyword k pre before the software application is distributed; preferably, the software provider can encrypt and decrypt, and the current can only be decrypted. .
關鍵詞k1宜先預定,並由電路和主機共享。最好在要利用主機CPU執行之軟體應用中攪混。主機和電路也最好只能單一「方向」進行加密演算法,即加密或解密,且主機和電路之「方向」不同。 The keyword k 1 should be reserved first and shared by the circuit and the host. It is best to mix in the software application to be executed by the host CPU. It is also preferable for the host and the circuit to perform the encryption algorithm in a single "direction", that is, encryption or decryption, and the "direction" of the host and the circuit are different.
第1圖繪示本發明執行軟體應用之概括方法。當軟體應用要執行加密指令J時,主機CPU 110(執行軟體應用):a.讀取S10加密指令J;b.使用第一匯流排加密模組E1和關鍵詞k1,加密S11隨機k2和加密指令J之組合,得第一轉移值L,即L=E1{k1}(J ∥ k2);c.發送S12第一轉移值L至電路120。 Figure 1 is a diagram showing a generalized method of executing a software application of the present invention. When the software application is to execute the encryption instruction J, the host CPU 110 (execution software application): a. reads the S10 encryption instruction J; b. uses the first bus encryption module E 1 and the keyword k 1 to encrypt the S11 random k2 In combination with the encryption command J, a first transfer value L is obtained, that is, L = E 1 {k 1 } (J ∥ k 2 ); c. The first transfer value L of S12 is transmitted to the circuit 120.
接到第一轉移值L時,電路120:d.使用第一匯流排解密模組D1和關鍵詞k1,把L解密S13,得隨機k2和加密指令J;e.使用第三解密模組Dpre和第三關鍵詞kpre,把J解密S14,得指令I; f.使用第二匯流排加密模組E2和隨機k2(有關鍵詞作用),把指令I加密S15,得第二轉移值M,即M=E2{k2}(I);g.發送S16第二轉移值M至主機110。 When receiving the first transfer value L, the circuit 120: d. uses the first bus decryption module D 1 and the keyword k 1 , decrypts L to S13, obtains random k 2 and encrypts the command J; e. uses the third decryption Module D pre and third keyword k pre , decrypt J to S14 to obtain instruction I; f. use second bus encryption module E 2 and random k 2 (with keyword action) to encrypt instruction S1, A second transfer value M is obtained, that is, M=E 2 {k 2 }(I); g. The S16 second transfer value M is transmitted to the host 110.
最後,由於軟體應用知道k2,又包括匯流排解密模組D2,可藉計算I=D2{k2}(M),獲得S17清除中之指令J,然後,主機即可執行S18指令I。 Finally, since the software application knows k 2 and includes the bus decryption module D 2 , the instruction J in the S17 clear can be obtained by calculating I=D 2 {k 2 }(M), and then the host can execute the S18 command. I.
由此可見,隨機k2可說有指令之審理關鍵詞的作用,二者均呈其加密形式及其再加密形式。可知進行概括方法,不需加密指令J之超加密,在此情況是在清除中發送(最好連同加密隨機k2),亦即意味在步驟d中之解密,只提供隨機k2。 It can be seen that the random k 2 can be said to have the role of the instruction hearing keyword, both of which are in their encrypted form and their re-encrypted form. It can be seen that the generalization method does not require super-encryption of the encryption instruction J, in which case it is sent in the clear (preferably together with the encrypted random k 2 ), that is to say the decryption in the step d, only the random k 2 is provided.
本發明協定可大為改進安全性,因為加密是根據每次迭打時所產生的新鮮隨機,意味再播放侵入受到攔阻。 The protocol of the present invention can greatly improve security because encryption is based on fresh randomness generated during each iteration, meaning that replay intrusion is blocked.
由於主機應用環境不可信任,軟體應用之第一加密操作最好在白箱內實施,從訊碼奮力獲取關鍵詞k1。最好k2也以此方式保護,防止對抗者以合理代價檢復。其措施有例如使用晶片上硬體隨機數產生器,為CPU產生(開機時)新關鍵詞值,並儲存於防混亂關鍵詞暫存器內。 Since the host application environment is not trusted, the first encryption operation of the software application is preferably implemented in a white box, and the keyword k 1 is obtained from the code. It is best that k 2 is also protected in this way to prevent the opponent from checking at a reasonable cost. The measures include, for example, using a hardware random number generator on the chip to generate a new keyword value for the CPU (at boot time) and store it in the anti-chaos keyword register.
軟體應用較佳保護方式是,在軟體應用執行之際,規則性使用協定,例如藉用複數受到保護之指令。 A preferred protection for software applications is the use of regular usage agreements, such as borrowing multiple protected instructions, while the software application is executing.
又,每當主機不用外部電流時,最好產生隨機仿真存取,以便造成匯流排觀察分析複雜。 Moreover, whenever the host does not use an external current, it is preferable to generate a random simulation access in order to make the bus bar observation analysis complicated.
第2圖繪示本發明執行軟體應用之方法例。軟體應用包括至少一加密軟體指令,例如位於軟體碼之特定位址或資料段內。當軟體應用要執行加密指令J時,主機CPU 110正執行軟體應用:a.產生S20隨機k2;b. XORs k2和J,得第一轉移值;L1=J ♁ k2,步驟S21;c.使用第一匯流排加密模組E1和關鍵詞k1,加密S22隨機,得第二轉移值,即L2=E1{k1}(k2);d.發送S23第一轉移值、第二轉移值一對(L1,L2),至電路120。 FIG. 2 is a diagram showing an example of a method for executing a software application according to the present invention. The software application includes at least one cryptographic software instruction, such as located within a particular address or data segment of the software code. When the software application is to execute the encryption instruction J, the host CPU 110 is executing the software application: a. generating S20 random k 2 ; b. XORs k 2 and J, obtaining the first transfer value; L 1 = J ♁ k 2 , step S21 c. Using the first bus encryption module E 1 and the keyword k 1 , the encryption S22 is random, and the second transfer value is obtained, that is, L 2 = E 1 {k 1 }(k 2 ); d. The transfer value and the second transfer value are paired (L 1 , L 2 ) to the circuit 120.
於接收一對轉移值(L1,L2)時,電路120: e.使用第一匯流排解密模組D1和k1,把L2解密S24,得隨機k2;f.計算S25,J=L1 ♁ k2;g.使用第三解密模組Dpre和第三關鍵詞kpre,把J解密S26,獲得指令I;h.計算S27指令I和k2間之XOR,得第三轉移值M,M=I ♁ k2;i.發送S28第三轉移值M至主機。 When receiving a pair of transfer values (L 1 , L 2 ), the circuit 120: e. uses the first bus decryption module D 1 and k 1 , decrypts L 2 to S 24 to obtain a random k 2 ; f. calculates S25, J=L 1 ♁ k 2 ;g. Using the third decryption module D pre and the third keyword k pre , decrypting J S26 to obtain the instruction I; h. calculating the XOR between the S27 instruction I and k 2 The triple transfer value M, M = I ♁ k 2 ; i. Send the S28 third transfer value M to the host.
最後,由於應用知道,可藉計算I=M ♁ k2獲得S29清除中的指令I,然後主機即可執行S30指令I。 Finally, since the application knows, the instruction I in the S29 clear can be obtained by computing I=M ♁ k 2 , and then the host can execute the S30 instruction I.
在變化具體例中,加密指令J是在清除中從主機發送到電路,意即L1=J,則步驟b和f即不進行。 In the specific example of the change, the encryption command J is sent from the host to the circuit during the clearing, that is, L 1 = J, then steps b and f are not performed.
第3圖繪示本發明較佳具體例共同執行軟體應用之系統。此系統200包括主機210和輔助裝置220。 FIG. 3 is a diagram showing a preferred embodiment of the present invention for jointly executing a software application system. This system 200 includes a host 210 and an auxiliary device 220.
主機210實際上可為任何型式之處理裝置,以個人電腦和遊戲器控制台為佳。主機210最好包括ROM 211、RAM 212、至少一處理器213,和適於與輔助裝置220互動之界面214。ROM 211儲存本族軟體2111,而RAM 212儲存軟體應用215(宜從輔助裝置220下載),包括白箱實施區塊密碼2151(諸如AES),和許多加密指令2152。處理器213適於執行本族軟體2111和軟體應用215。 The host 210 can be virtually any type of processing device, preferably a personal computer and a game console. The host 210 preferably includes a ROM 211, a RAM 212, at least one processor 213, and an interface 214 adapted to interact with the auxiliary device 220. The ROM 211 stores the family of software 2111, while the RAM 212 stores the software application 215 (which should be downloaded from the auxiliary device 220), including the white box implementation block code 2151 (such as AES), and a number of encryption instructions 2152. The processor 213 is adapted to execute the native software 2111 and the software application 215.
輔助裝置220宜為RFID,包括與主機210通訊之界面221,有存取至少上述二關鍵詞k1和kpre之處理器(區塊密碼電路)222,以及非無常性記憶器223。須知亦可為輔助裝置220實施二不同區塊密碼,關鍵詞各一。區塊密碼電路222係功能性連接至界面221和非無常性記憶器223。 The auxiliary device 220 is preferably an RFID, and includes an interface 221 for communicating with the host 210, a processor (block cipher circuit) 222 for accessing at least the above two keywords k 1 and k pre , and a non-aliasable memory 223. It should be noted that the auxiliary device 220 can also implement two different block passwords, one for each keyword. The block cipher circuit 222 is functionally coupled to the interface 221 and the non-aliasable memory 223.
於執行當中,軟體應用215可儲存資料於非無常性記憶器223,或由此檢復資料。 During execution, the software application 215 can store data in the non-aliasable memory 223, or thereby remedy the data.
如第4圖繪示,主機CPU 213包括核心CPU 2131,以執行軟體。資料匯流排保護功能載錄於CPU窖藏器2132內,產生隨機k2;使用E1加密k2和J,並發送加密至界面214。資料匯流排解密功能載錄於CPU暫存器2133內,從CPU窖藏器2132接收k2,和從界面214接收加密指令M=k2 ♁ I,再藉計算I=k2 ♁ M,獲得清除中的指令I,然後,核心CPU 2131可執行指令I。 As shown in FIG. 4, the host CPU 213 includes a core CPU 2131 to execute software. The data bus protection function is recorded in the CPU buffer 2132, generating a random k 2 ; encrypting k 2 and J using E 1 and transmitting the encryption to the interface 214. The data bus decryption function is recorded in the CPU register 2133, receives k 2 from the CPU buffer 2132, and receives the encrypted command M=k 2 ♁ I from the interface 214, and then obtains the clear by calculating I=k 2 ♁ M In the instruction I, then the core CPU 2131 can execute the instruction 1.
軟體應用配銷之前,把至少一指令加密。最好是使用機率加 密達成,以便對同樣關鍵詞下,對同一輸入有二不同加密。 At least one instruction is encrypted before the software application is distributed. It is best to use the chance plus The secret is reached so that under the same keyword, there are two different encryptions for the same input.
軟體應用可使用任何適當配銷機制(例如網際網路、光學媒體,或在輔助裝置220內),輸送至主機210。以軟體應用透過網際網路配銷之情況言,輔助裝置220必須設法輸送給軟體應用之使用者,妥當運轉。 The software application can be delivered to host 210 using any suitable dispensing mechanism (e.g., internet, optical media, or within auxiliary device 220). In the case of software applications distributed through the Internet, the auxiliary device 220 must try to deliver to the user of the software application and operate properly.
軟體應用最好包括白箱實施具有祕密關鍵詞k1之AES解密模組。軟體應用亦含有加密指令集合。 Software application preferably comprises a white-box implementation of a private keyword of k AES decryption module. Software applications also contain a collection of encrypted instructions.
於此,指令係以加密隨機值E(Ri)將各指令Ii進行XOR,予以加密,即Ii ♁ E(Ri)。加密指令連同相對應隨機值儲存,賦予加密指令子集:{(I0 ♁ E(R0);R0);... Here, the instruction XORs each instruction I i with an encrypted random value E(R i ), that is, I i ♁ E(R i ). The encryption instruction is stored along with the corresponding random value, and is given a subset of the encryption instruction: {(I 0 ♁ E(R 0 ); R 0 );...
(Ii ♁ E(Ri);Ri);... (I i ♁ E(R i ); R i );...
(In ♁ E(Rn);Rn)} (I n ♁ E(R n ); R n )}
主機協定可按下述實施,假設指令I為64位元長,而隨機值Ri、k2和k3亦64位元長,演算法E1和Epre係以ECB模態實施之128位元AES加密。在關鍵詞k1下之E1係以白箱實施,而加密演算法E2(以及解密演算法D2),係使用二隨機值k2和k3,以XOR操作實施。 The host protocol can be implemented as follows, assuming that the instruction I is 64 bits long, and the random values R i , k 2 and k 3 are also 64 bits long, and the algorithms E 1 and E pre are 128 bits implemented in the ECB mode. Meta AES encryption. Under the keyword k 1 E 1 lines in white-box implementation, the encryption algorithm E 2 (and a decryption algorithm D 2), using a two-based random value k 2 and k 3, to implement an XOR operation.
相對應輔助裝置協定實施如下:
可知協定部份吻合,即使變數名稱不同;此反映出例如當協定按應然作業時,k2和k’2一致,惟輔助裝置無從知道情況是否如此(以下第5圖所示相同)。 It can be seen that the agreement partially coincides, even if the variable names are different; this reflects, for example, that k 2 and k' 2 are identical when the agreement is supposed to work, but the auxiliary device has no way of knowing whether this is the case (the same is shown in Figure 5 below).
對輔助裝置而言,假設非無常性記憶器223由主機可容易讀取,但區塊密碼電路223係防混亂。第5圖繪示本發明第二具體例區塊密碼電路之方塊圖。 For the auxiliary device, it is assumed that the non-aliasing memory 223 is easily readable by the host, but the block cipher circuit 223 is confusing. Figure 5 is a block diagram showing a block cipher circuit of a second embodiment of the present invention.
Menezes,van Oorschot和Vanstone所述AES實施,是有3,595閘的晶片。加密128位元需約1000時計週期。由於在協定中需要二加密步驟,指定一場即需約2000時計週期來處理資料。 The AES implementation described by Menezes, van Oorschot and Vanstone is a wafer with 3,595 gates. Encrypting 128 bits takes about 1000 cycles. Since a two-encryption step is required in the agreement, specifying a field requires approximately 2000 hours to process the data.
由此可知,本發明提供輕便協定,以認證和核對輔助裝置的存在。 It will thus be appreciated that the present invention provides a lightweight agreement to authenticate and verify the presence of an auxiliary device.
從效益觀點,其好處包括:‧交換訊文及其內容數量最少。以64位元指令和AES區塊密碼而言,所交換位元組數為32位元組(L1+L2+M);‧在協定中只有兩次傳接;‧兩邊的計算複雜性均低:主機有1區塊加密,輔助裝置有2區塊加密。 From a benefit perspective, the benefits include: • The minimum number of exchanges and their content. In terms of 64-bit instructions and AES block ciphers, the number of bytes exchanged is 32 bytes (L 1 +L 2 +M); ‧ only two transfers in the agreement; ‧ computational complexity on both sides Both are low: the host has 1 block encryption, and the auxiliary device has 2 block encryption.
從安全性觀點: From a security point of view:
‧協定可更新,由於軟體應用之間可有不同協定關鍵詞和白箱實施。 ‧ The agreement can be updated due to different agreement keywords and white box implementations between software applications.
‧更重要的是,協定安全,因可對抗再播放和侵入者在資料轉移之際密探匯流排之字典侵入。 ‧ More importantly, the agreement is safe, because it can be used against the replay and intruders in the dictionary of the secret search bus at the time of data transfer.
‧協定可提供優惠價碼/安全性交易,故可用來保護現時應用。 ‧The agreement can provide preferential price/security transactions and can be used to protect current applications.
雖然上述加密指令有利於從配銷支援,諸如DVD或CD-ROM讀取,亦可從伺服器或網際網路等外部來源接收之訊號讀取。此外,在說明書中,加密指令是使用廣義的加密方式加密,包含例如通常加 密(諸如為保護審理關鍵詞k2所用)和混亂(例如利用運算碼之排列),而關鍵詞即相當於如何收回混亂之「指令」。 Although the above encryption instructions facilitate reading from distribution support, such as DVD or CD-ROM, it can also be read from external sources such as servers or the Internet. Moreover, in the specification, the encryption instructions are encrypted using a generalized encryption method, including, for example, normal encryption (such as used to protect the trial keyword k 2 ) and confusion (eg, using an arrangement of the operation codes), and the keyword is equivalent to how to recover The "instructions" of chaos.
說明書以及(適當時)申請專利範圍及附圖內揭示之特點,可單獨或以任何適當方式組合提供。所述特點係以硬體實施者,亦可藉軟體實施,反之亦然。申請專利範圍內出現之參照數字僅供繪示參考,對申請專利範圍無限制效力。 The specification and, where appropriate, the scope of the patent application and the features disclosed in the drawings may be provided separately or in any suitable manner. The features are implemented by hardware or by software, and vice versa. The reference numbers appearing within the scope of patent application are for reference only and have no limitation on the scope of patent application.
110‧‧‧主機 110‧‧‧Host
120‧‧‧電路 120‧‧‧ Circuitry
S10‧‧‧讀取預加密指令J S10‧‧‧Read pre-encrypted instruction J
S11‧‧‧使用關鍵詞k1加密J和隨機k2而得L S11‧‧‧L by using the keyword k 1 to encrypt J and random k 2
S12‧‧‧把第一轉移值L發送到電路120 S12‧‧‧ sends the first transfer value L to the circuit 120
S13‧‧‧使用k1解密L而得J和k2 S13‧‧‧Use k 1 to decrypt L and get J and k 2
S14‧‧‧解密J而得I S14‧‧‧Decrypted J and got I
S15‧‧‧M=以k2加密I S15‧‧‧M=Encryption with k 2
S16‧‧‧把第二轉移值M發送到主機110 S16‧‧‧ sends the second transfer value M to the host 110
S17‧‧‧使用k2解密M而得I S17‧‧‧ Use k 2 to decrypt M and get I
S18‧‧‧執行指令I S18‧‧‧Execution Directive I
Claims (8)
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
EP12030516 | 2012-02-14 |
Publications (1)
Publication Number | Publication Date |
---|---|
TW201337633A true TW201337633A (en) | 2013-09-16 |
Family
ID=49627881
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW102101877A TW201337633A (en) | 2012-02-14 | 2013-01-18 | System, devices and methods for collaborative execution of a software application comprising at least one encrypted instruction |
Country Status (1)
Country | Link |
---|---|
TW (1) | TW201337633A (en) |
-
2013
- 2013-01-18 TW TW102101877A patent/TW201337633A/en unknown
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9152805B2 (en) | Security device | |
JP5184489B2 (en) | Method and apparatus for instruction level software encryption | |
US8000467B2 (en) | Data parallelized encryption and integrity checking method and device | |
JP2018529271A (en) | Key generation method and apparatus using double encryption | |
EP2629225A1 (en) | System, devices and methods for collaborative execution of a software application comprising at least one encrypted instruction | |
CN107005415A (en) | For encrypting/decrypting the block encryption method of message and realize the encryption device of this method | |
US20210097187A1 (en) | Protecting data from brute force attack | |
BR102018015221A2 (en) | METHOD FOR SECURE SHARING OF INFORMATION AND RELATED SYSTEM | |
US7636441B2 (en) | Method for secure key exchange | |
CN105468940B (en) | Method for protecting software and device | |
JP2020506611A (en) | Addressing to a trusted execution environment using a signing key | |
JP2012005129A (en) | Method for securing transmission data and security system | |
KR20150142623A (en) | Cryptographic method for securely exchanging messages and device and system for implementing this method | |
JP2021525030A (en) | User protection license | |
US20220094519A1 (en) | Preserving aggregation using homomorphic encryption and trusted execution environment, secure against malicious aggregator | |
JP2010517449A (en) | Secret protection for untrusted recipients | |
Sharma et al. | Secure file storage on cloud using hybrid cryptography | |
US20210126776A1 (en) | Technologies for establishing device locality | |
US20190044709A1 (en) | Incorporating software date information into a key exchange protocol to reduce software tampering | |
JP2007515723A (en) | Software execution protection using active entities | |
KR20140071775A (en) | Cryptography key management system and method thereof | |
US11496287B2 (en) | Privacy preserving fully homomorphic encryption with circuit verification | |
Magdum et al. | A secure data transfer algorithm for USB mass storage devices to protect documents | |
CN110020533A (en) | A kind of method for security protection and terminal of VR resource | |
TWI675578B (en) | Encryption and decryption system, encryption device, decryption device and encryption and decryption method |