WO2006063876A1 - Procede et dispositif pour coder et executer une bibliotheque logicielle - Google Patents
Procede et dispositif pour coder et executer une bibliotheque logicielle Download PDFInfo
- Publication number
- WO2006063876A1 WO2006063876A1 PCT/EP2005/054909 EP2005054909W WO2006063876A1 WO 2006063876 A1 WO2006063876 A1 WO 2006063876A1 EP 2005054909 W EP2005054909 W EP 2005054909W WO 2006063876 A1 WO2006063876 A1 WO 2006063876A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- software library
- library
- java
- computer
- software
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000004590 computer program Methods 0.000 claims description 47
- 230000006870 function Effects 0.000 claims description 20
- 230000001419 dependent effect Effects 0.000 description 4
- 238000004049 embossing Methods 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 1
- 238000000354 decomposition reaction Methods 0.000 description 1
- 230000007717 exclusion Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
Definitions
- the invention relates to a method for encrypting and executing a software library according to the preamble of patent claim 1 and to a computer program product for use in such a method according to the preamble of patent claim 12.
- source code "source code”
- object code "byte code”
- DLLs Computer programs (applications) are often created and delivered as a collection of libraries, which are often referred to as “DLLs” (DLL) in the environment of the operating system "Windows” and in the environment of
- JAR files Programming language JAVA are usually available in so-called JAR files. These software libraries are usually in a compiled form, but can be restored (almost) completely to source codes using so-called decompilers.
- the JAVA programming language is a completely object-oriented programming language from the manufacturer SUN Microsystems, which, because of its platform independence, is often used for programming across operating systems
- the computer programs for decompiling make use of the fact that in the byte code, ie in the compiled computer program, a lot of information is available in "plain text", for example function names, variables, line numbers, debug information, etc .. Such information is often referred to as “symbolic information”. Ultimately, they ensure that the source code recovered by a decompiler can be easily traced (analyzed) and changed by a knowledgeable programmer.
- the Nach- Part of the byte-code obfuscation lies in the fact that "debugging" of the bytecode processed in this way is practically no longer possible.Furthermore, with the JAVA programming language, a special means of speech, the so-called JAVA reflection API, can not be used.
- the JAVA Reflection API is a means of language in which, during runtime of a computer program, computer program properties are analyzed by the computer program and used to alter the program flow or even to change the computer program itself. Since such an analysis inter alia analyzes function names and variable names, the JAVA Reflection API can only be used with such computer programs or computer program parts (in JAVA one also speaks of "classes") which are not represented by a byte code. Obfuscation are protected.
- byte code encryption An alternative method for protecting byte code is the so-called "byte code encryption.”
- the byte code is encrypted using a cryptographic method (algorithm) so that a decompiler does not have a "readable” byte Code finds more. But since an execution instance (operating system or - in the JAVA
- this method breaks the "platform independence" of the JAVA programming language because the decrypting program together with the encrypted class forms an executable file, called an "executable”, which is platform-dependent “Executable.”
- Another disadvantage of this method is that so protected Software libraries can only be executed directly and use in a different environment, for example on a web server (as so-called JAVA Applets) is not possible. This is due to the fact that a load instance (eg "JAVA Class Loader”) can not freely access the encrypted classes, so that a dynamic loading of the elements of the software library is not possible or only possible to a limited extent.
- the method of byte-code obfuscation provides protection against the analysis and reuse of a decompiled computer program and also ensures the platform independence of computer programs such as JAVA classes and JAVA libraries, but because of the change in the Byte codes, on the one hand, limits the scope for debugging and, on the other, prevents the use of language resources, such as the JAVA Reflection API.
- the byte code restored in byte-code encryption has the same quality and thus the same possibilities (debug capability, reflection API-capability) as the original byte-code, but this method has the disadvantage Affects that the platform independence is broken and the usability of the computer program is limited, for example, by a use as a so-called "JAVA Applet", in which dynamic program parts are reloaded, is hindered or impossible.
- the object is achieved for the method by the features of independent claim 1 and for the computer program by the features of independent claim 12.
- the solution provides a method for encrypting and executing a software library, wherein in a first step the software library is encrypted by means of a cryptographic method, in a second step the encrypted software library is transferred to a computer with an execution instance in that a decryption program is transmitted to the computer in a third step, and in a fourth step the encrypted software library is restored by the decryption program, transferred to the execution instance and executed there.
- a loading instance equipped with a decryption function is used as the decryption program, the loading instance being used for loading elements of the software library into the execution instance.
- the method steps two and three can also be combined or carried out in the reverse order.
- the execution entity is supplied with a "full" byte code, which can use methods such as “debugging” or the use of language means such as the "Reflection API.”
- one encrypted by such a method and executed software library can also be used for applications such as the JAVA applets, whereby the combination of the second and the third method step is particularly advantageous there
- the method is also advantageously applicable to the programs or computer program products of other programming languages.
- the solution further provides a computer program product for use in the above methods, wherein the computer program product can be used as a loading unit by an execution instance.
- the computer program product has a decryption function for decrypting a software library protected by means of a cryptographic method.
- Such a computer program product may be used by an execution entity, such as a JAVA virtual machine, instead of and in the same manner as a standard.
- the execution instance receives the same program information (byte code), which is also processed by an unencrypted software library the computer program product can be used platform independent on all computers and operating systems on which such an execution instance is operated.Also, the integration of the decryption function in the Ladeinstanz for increased security, because access to the decrypted byte code is so difficult.
- the unencrypted charge is transmitted to the computer in compiled form and protected from decompilation before transmission, thereby preventing analysis and manipulation of the decryption function, advantageously providing protection against decomposition of the entire charge, or at least the contained therein decryption function by a
- the load instance can be addressed in the same way as the default load instance, allowing the execution instance to continue to be used as it is.
- the charge density can advantageously also be used for loading unencrypted elements from the software library and / or another, either unencrypted or similarly coded, software library, so that mixed encrypted and unencrypted ones can also be used with one and the same charge instance
- Software libraries can be loaded.
- the method can be used universally if in each case platform-independent software is used for the software library, for the loading unit and / or for the decryption function. This is especially true if a JAVA library is used for the software library and a JAVA virtual machine is used for the execution instance. At least partially compiled byte code is used for the JAVA library, whereby not only the compiled byte code but also non-compiled resources, for example texts and image information, can be contained in the same software library. If a JAVA class loader is used as the load instance, such protected (encrypted) JAVA classes can be used as software libraries.
- the single figure shows schematically the method steps for encryption, decryption and execution of a software library.
- a software library in the JAVA programming language will be considered below with reference to FIG. 1 as an example of the encryption and execution of a software library.
- This software library consists of several elements, which are combined into one file (".jar-File").
- the individual elements of the software library are encoded in a first step SIa using a conventional encryption method.
- all elements of the software library are encrypted.
- individual elements of the software library can be excluded from the encryption. This is useful, for example, if individual elements, eg multimedia data (audio data, video data), do not need to be protected against reverse engineering and thus an unnecessary amount of computing time would be caused by the encryption and subsequent decryption.
- the encryption of the software library takes place here on a computer (server) of the manufacturer of the software library.
- the manufacturer also offers a suitable decryption program, which in the present exemplary embodiment is not only used for the software library encrypted here but can also be used for all software libraries of this manufacturer.
- the decryption program is also created in the JAVA programming language.
- JAVA programming language can One and the same decryption program can be used unchanged on different computer platforms, provided that a suitable execution instance, in this case a JAVA virtual machine, is installed on each of these computer platforms.
- the decryption program with the decryption function is provided only in compiled form in order to avoid the misuse of the source code and thus in the functioning.
- the decryption program is in this case designed as a load instance, a so-called "class loader” (JAVA class loader), this load instance comprising, on the one hand, the decryption function for restoring the byte code of the encrypted elements of the software library, and secondly, in the same way that the standard class loader from a JAVA virtual machine is used to dynamically load elements of a JAVA software library.
- class loader JAVA class loader
- the decrypting program that is, in this case, the embossing function-equipped embossing function
- this embossing instance will be included in the file in the present embodiment inserted into the elements of the software library - step SIb - and thus de facto a component of the software library.
- the charge density is protected by the use of an "obfuscator" according to the method of byte code obfuscation, so that the algorithm for decoding can not be reconstructed by decompiling the charge value
- the software library is a so-called "JAVA applet" which is transmitted to the computer via the Internet and handed over there to the JAVA virtual machine as an execution instance for execution -
- Virtual-Machine instructs not to use the already pre-installed JAVA class loader ("Default Class Loader"), but to use the class loader included in the new software library Bypassing software components and using other versions of these software components that come with them is provided for the JAVA programming language.
- the JAVA class loader is now used to feed the JAVA virtual machine software library elements - step S4c. For each element requested, it is checked whether it is an encrypted or an unencrypted element, whereby the access function (JAVA class loader) is used for decryption when accessing an encrypted element - step S4b. During decryption, the byte code of the respective element is completely restored so that the debug information, variable names, function names, etc. contained in the byte code are also restored. In the event of program errors, error messages can be generated which can be transmitted by the computer running to a computer of the manufacturer of the software library and can be evaluated there.
- the access function JAVA class loader
- the software library may also be provided with a reference identifying the location of the "appropriate" dummy in which on the computer on which the software library is to be used, the "matching" Ladeinstanz already exists, a re-transmission of Ladeinstanz, for example via the Internet, be avoided. It also does not necessarily need to be uninstalled after use if unencrypted software libraries are used again, because unencrypted software libraries or unencrypted elements are also treated by the load instance in the same way as the standard Load instance of the execution instance (JAVA Virtual Machine).
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102004061634.5 | 2004-12-17 | ||
DE200410061634 DE102004061634A1 (de) | 2004-12-17 | 2004-12-17 | Verfahren und Vorrichtung zur Verschlüsselung und Ausführung einer Software-Bibliothek |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2006063876A1 true WO2006063876A1 (fr) | 2006-06-22 |
Family
ID=35500801
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2005/054909 WO2006063876A1 (fr) | 2004-12-17 | 2005-09-29 | Procede et dispositif pour coder et executer une bibliotheque logicielle |
Country Status (2)
Country | Link |
---|---|
DE (1) | DE102004061634A1 (fr) |
WO (1) | WO2006063876A1 (fr) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102262555A (zh) * | 2011-08-22 | 2011-11-30 | 迈普通信技术股份有限公司 | 加载java三方库的不同版本的方法和装置 |
CN103218551A (zh) * | 2013-05-03 | 2013-07-24 | 飞天诚信科技股份有限公司 | 一种保护java程序的方法 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1999041651A2 (fr) * | 1998-02-13 | 1999-08-19 | National Computer Board, Acting Through Its R & D Division, The Information Technology Institute | Procede servant a proteger un code binaire |
DE10105053A1 (de) * | 2001-02-05 | 2002-08-29 | Hmd Software Ag | Verfahren und Einrichtung zum Übertragen von Programmcodes im Internet |
US20040039926A1 (en) * | 2000-10-11 | 2004-02-26 | Lambert Martin Richard | Methods of providing java tamperproofing |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6134324A (en) * | 1991-07-31 | 2000-10-17 | Lsi Logic Corporation | Method and system for distributing a plurality of software products, and limiting access thereto |
US7346781B2 (en) * | 2001-12-06 | 2008-03-18 | Mcafee, Inc. | Initiating execution of a computer program from an encrypted version of a computer program |
-
2004
- 2004-12-17 DE DE200410061634 patent/DE102004061634A1/de not_active Withdrawn
-
2005
- 2005-09-29 WO PCT/EP2005/054909 patent/WO2006063876A1/fr active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO1999041651A2 (fr) * | 1998-02-13 | 1999-08-19 | National Computer Board, Acting Through Its R & D Division, The Information Technology Institute | Procede servant a proteger un code binaire |
US20040039926A1 (en) * | 2000-10-11 | 2004-02-26 | Lambert Martin Richard | Methods of providing java tamperproofing |
DE10105053A1 (de) * | 2001-02-05 | 2002-08-29 | Hmd Software Ag | Verfahren und Einrichtung zum Übertragen von Programmcodes im Internet |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102262555A (zh) * | 2011-08-22 | 2011-11-30 | 迈普通信技术股份有限公司 | 加载java三方库的不同版本的方法和装置 |
CN103218551A (zh) * | 2013-05-03 | 2013-07-24 | 飞天诚信科技股份有限公司 | 一种保护java程序的方法 |
WO2014176950A1 (fr) * | 2013-05-03 | 2014-11-06 | 飞天诚信科技股份有限公司 | Procédé de protection de programmes java |
US9665730B2 (en) | 2013-05-03 | 2017-05-30 | Feitian Technologies Co., Ltd. | Method for protecting java program |
Also Published As
Publication number | Publication date |
---|---|
DE102004061634A1 (de) | 2006-06-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE69714752C5 (de) | Verwendung einer hohen programmiersprache in einem mikrokontroller | |
DE102008021567B4 (de) | Computersystem mit sicherem Hochlaufmechanismus auf der Grundlage einer Verschlüsselung mit symmetrischem Schlüssel | |
DE60127310T2 (de) | Vorrichtung zum schutz digitaler daten | |
DE102009041176B4 (de) | Compiler-System und Verfahren zum Kompilieren eines Quellencodes zu einem verschlüsselten Maschinensprachcode | |
DE102012215196A1 (de) | Schützen von Anwendungsprogrammen vor zerstörerischer Software oder Malware | |
EP2193471A1 (fr) | Procédé et système pour empêcher l'accès à un code machine d'un dispositif | |
EP3403214B1 (fr) | Procédé et dispositif pour fournir une fonction de sécurité cryptographique pour le fonctionnement d'un appareil | |
DE102004057490B4 (de) | Vorrichtung und Verfahren zum Verarbeiten eines Programmcodes | |
EP2510475B1 (fr) | Dispositif matériel | |
WO2006063876A1 (fr) | Procede et dispositif pour coder et executer une bibliotheque logicielle | |
EP1636700A1 (fr) | Procede de rechargement d'un logiciel dans le secteur d'amor age d'une memoire morte programmable | |
DE102005046696B4 (de) | Verfahren zum Erzeugen von geschütztem Programmcode und Verfahren zum Ausführen von Programmcode eines geschützten Computerprogramms sowie Computerprogrammprodukt | |
EP2394232B1 (fr) | Dispositif et procédé empêchant l'utilisation et/ou la manipulation illicites de logiciels | |
EP3497606B1 (fr) | Chiffrement individuel d'instructions de commande | |
WO2006119928A1 (fr) | Procede pour ajouter une fonctionnalite a un premier module executable de progiciel | |
EP1318451B1 (fr) | Méthode pour exécuter un programme sur un ordinateur | |
DE102022207883A1 (de) | Verfahren zum Programmieren einer speicherprogrammierbaren Steuerung mittels eines ausführbaren Steuerprogramms und speicherprogrammierbare Steuerungsanlage | |
EP4064090A1 (fr) | Fourniture des données à protéger dans un environnement d'exécution sécurisé d'un système de traitement des données | |
DE10336083A1 (de) | Verfahren zur Sicherung von Computerprogrammen gegen unbefugte Mehrfachnutzung | |
WO2024022830A1 (fr) | Procédé de programmation d'un dispositif de commande logique programmable au moyen d'un programme de commande exécutable et système de dispositif de commande logique programmable | |
WO2024110546A1 (fr) | Procédé de chiffrement d'un texte source, procédé de déchiffrement d'un texte source et système de développement | |
EP1105798A1 (fr) | Procede, dispositif et jeu de dispositifs pour la protection de plusieurs programmes et/ou de plusieurs fichiers contre un acces non autorise tente par un processus | |
AT500519A2 (de) | Verfahren zur ausführung interpretierbarer computerprogramme | |
AT524619A1 (de) | Computerimplementiertes Verfahren zum autorisierten Ausführen einer Software, System zur Datenverarbeitung, Computerprogrammprodukt und computerlesbares Speichermedium | |
DE102017214591A1 (de) | Verfahren und Vorrichtung zum Schützen eines Gerätes |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A1 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BW BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE EG ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KM KP KR KZ LC LK LR LS LT LU LV LY MA MD MG MK MN MW MX MZ NA NG NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SM SY TJ TM TN TR TT TZ UA UG US UZ VC VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A1 Designated state(s): BW GH GM KE LS MW MZ NA SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LT LU LV MC NL PL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 05807984 Country of ref document: EP Kind code of ref document: A1 |