WO2003012604A2 - Procede pour proteger un logiciel a l'aide de 'renommage' contre son utilisation non autorisee de diluant - Google Patents
Procede pour proteger un logiciel a l'aide de 'renommage' contre son utilisation non autorisee de diluant Download PDFInfo
- Publication number
- WO2003012604A2 WO2003012604A2 PCT/FR2002/002340 FR0202340W WO03012604A2 WO 2003012604 A2 WO2003012604 A2 WO 2003012604A2 FR 0202340 W FR0202340 W FR 0202340W WO 03012604 A2 WO03012604 A2 WO 03012604A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- execution
- unit
- protected software
- software
- protected
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 110
- 238000012545 processing Methods 0.000 claims abstract description 234
- 230000001419 dependent effect Effects 0.000 claims abstract description 105
- 238000001514 detection method Methods 0.000 claims description 67
- 238000005259 measurement Methods 0.000 claims description 62
- 238000012986 modification Methods 0.000 claims description 55
- 230000004048 modification Effects 0.000 claims description 55
- 238000003860 storage Methods 0.000 claims description 41
- 238000009826 distribution Methods 0.000 claims description 21
- 238000011084 recovery Methods 0.000 claims description 21
- 230000001960 triggered effect Effects 0.000 claims description 18
- 238000010276 construction Methods 0.000 claims description 15
- 238000011144 upstream manufacturing Methods 0.000 claims description 13
- 230000001131 transforming effect Effects 0.000 claims description 8
- 238000000354 decomposition reaction Methods 0.000 claims description 3
- 238000012546 transfer Methods 0.000 description 54
- 238000012544 monitoring process Methods 0.000 description 11
- 238000011282 treatment Methods 0.000 description 9
- 238000010586 diagram Methods 0.000 description 8
- 230000006872 improvement Effects 0.000 description 7
- 230000014509 gene expression Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 3
- 238000011161 development Methods 0.000 description 3
- 230000002093 peripheral effect Effects 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000009877 rendering Methods 0.000 description 3
- 230000004069 differentiation Effects 0.000 description 2
- 229940083753 renown Drugs 0.000 description 2
- 238000012163 sequencing technique Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000003550 marker Substances 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/125—Restricting unauthorised execution of programs by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F1/00—Details not covered by groups G06F3/00 - G06F13/00 and G06F21/00
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/12—Protecting executable software
- G06F21/121—Restricting unauthorised execution of programs
- G06F21/123—Restricting unauthorised execution of programs by using dedicated hardware, e.g. dongles, smart cards, cryptographic processors, global positioning systems [GPS] devices
Definitions
- the present invention relates to the technical field of data processing systems in the general sense and it relates, more specifically, to the means for protecting, against its unauthorized use, software running on said data processing systems.
- the object of the invention relates, more particularly, to the means for protecting software against its unauthorized use, from a processing and storage unit, such a unit being commonly embodied by a smart card or by a hardware key on USB port.
- a processing and storage unit such a unit being commonly embodied by a smart card or by a hardware key on USB port.
- the main drawback concerns the unauthorized use of software by users who have not paid license fees.
- This unlawful use of software causes obvious damage to software publishers, software distributors and / or any person integrating such software into products.
- various solutions have been proposed in the state of the art to protect software.
- a protection solution which consists in implementing a material protection system, such as a physical element called a protection key or "dongle" in English terminology.
- a protection key should guarantee the execution of the software only in the presence of the key.
- a malicious person or hacker can, using specialized tools, such as disassemblers, remove the control key control instructions. It then becomes possible to make illegal copies corresponding to modified versions of software that no longer have any protection.
- this solution cannot be generalized to all software, since it is difficult to connect more than two protection keys on the same system.
- the object of the invention is precisely to remedy the drawbacks stated above by proposing a method for protecting software against its unauthorized use, from an ad hoc processing and storage unit, in the since the presence of such a unit is necessary for the software to be fully functional.
- the object of the invention relates to a method for protecting, from at least one blank unit comprising at least processing means and storage means, vulnerable software against its unauthorized use, said vulnerable software running on a data processing system.
- the method according to the invention consists: -> in a protection phase:
- triggering commands being capable of being executed in the data processing system and of triggering the execution in a unit, of dependent functions
- a set point corresponding at least in part to the information transmitted from the data processing system to a unit, in order to trigger the execution of the corresponding dependent function in a unit, this set point being under the form of at least one argument of the triggering command,
- a first part of execution is executed in the data processing system and a second part of execution is executed in a unit, obtained from the blank unit after loading of information ,> the second execution part performs at least the functionality of at least one chosen algorithmic processing,
- triggering commands with renamed instructions are integrated into the source of the protected software, so that during the execution of the protected software, each triggering command with renamed instructions is executed by the first part of execution and triggers in the unit, the restoration, by means of restoration, of the setpoint and the execution, by means of the second part of execution, of the corresponding dependent function,> and a sequencing of the triggering commands at renamed instructions is chosen from among all the schedules allowing the execution of the protected software, - and by producing:
- the method according to the invention consists:
- the method according to the invention consists: - in the protection phase:
- the method according to the invention consists:
- this first part object being such that during the execution of the protected software, at least a portion of the first part of execution also takes into account that at least one variable or at least one copy of variable resides in the unit,> and the second object part of the protected software, this second object part being such that, after loading into the unit and during the execution of the protected software, the second part of execution appears by means of which at least one chosen variable, or at at least one copy of the chosen variable also resides in the unit,
- the method according to the invention consists: -> in the protection phase:
- this first object part being such that during the execution of the protected software, at least a portion of the first execution part also executes the elementary commands according to the scheduling chosen,
- the second object part of the protected software also containing the operating means, this second object part being such that, after loading into the unit and during the execution of the protected software, the second part of execution appears using from which the elementary functions triggered by the first execution part are also executed, - and in the use phase:
- the method according to the invention consists:
- - detection means to be implemented in the unit and making it possible to detect that at least one software execution characteristic does not comply with the minus an associated criterion
- the second object part of the protected software containing the operating means also implementing the detection means and the coercion means, this second object part being such that, after loading into the unit and during the execution of the protected software, at least one characteristic of software execution is monitored and non-compliance with a criterion results in information to the data processing system and / or to a modification of the execution of the protected software,
- the method according to the invention consists: - in the protection phase: • to be defined:
- the method according to the invention consists: - in the protection phase:
- the method according to the invention consists: - in the protection phase:
- the method according to the invention consists:
- the method according to the invention consists: -> in the protection phase:
- detection means means making it possible to detect that the sequence of instructions does not correspond to that desired
- the method according to the invention consists:
- detection means means making it possible, during the execution of an instruction, for each operand, when the flag field requires it, to check the equality between the identification field generated corresponding to the register used by this operand, and the expected identification field of the origin of this operand,
- the method according to the invention consists: - in the protection phase:
- the method according to the invention consists, in the protection phase, of modifying the protected software: - by choosing, in the source of the protected software at least one series of selected conditional connections,
- the first object part of the protected software is such that during the execution of the protected software, the functionality of at least one selected series of conditional connections is executed in the unit,> and the second object part of the protected software, this second object part being such that, after loading into the unit and during the execution of the protected software, the second execution part appears by means of which the overall functionality of at least one selected series of conditional branching is performed.
- the method according to the invention thus makes it possible to protect the use of software by the implementation of a processing and storage unit which has the particularity of containing part of the software being executed. It follows that any version derived from the software attempting to operate without the processing and storage unit requires recreating the part of the software contained in the processing and storage unit during execution, on pain of this version derived from the software is not fully functional.
- the fîg. 10 and 11 are functional block diagrams illustrating the various representations of software respectively unprotected and protected by the method according to the invention.
- Figs. 20 to 22 illustrate, by way of examples, various embodiments of a device for implementing the method according to the invention.
- Figs. 30 and 31 are functional block diagrams explaining the general principle of the method according to the invention.
- Figs. 40 to 43 are diagrams illustrating the protection method according to the invention implementing the principle of protection by variable.
- Figs. 60 to 64 are diagrams illustrating the protection method according to the invention implementing the principle of protection by elementary functions.
- Figs. 70 to 74 are diagrams illustrating the protection method according to the invention implementing the principle of protection by detection and coercion.
- Figs. 80 to 85 are diagrams illustrating the protection method according to the invention implementing the principle of protection by renaming.
- Figs. 90 to 92 are diagrams illustrating the protection method according to the invention implementing the principle of protection by conditional branching.
- Fig. 100 is a diagram illustrating the different phases of implementation of the subject of the invention.
- Fig. 110 illustrates an exemplary embodiment of a system allowing the implementation of the stage of construction of the protection phase according to the invention.
- Fig. 120 illustrates an exemplary embodiment of a pre-personalization unit used in the protection method according to the invention.
- Fig. 130 illustrates an embodiment of a system allowing the implementation of the tool-making stage of the protection phase according to the invention.
- Fig. 140 illustrates an embodiment of a system allowing the implementation of the protection method according to the invention.
- Fig. 150 illustrates an embodiment of a personalization unit used in the protection method according to the invention.
- a data processing system 3 is a system capable of executing a program.
- a processing and storage unit is a unit capable of:
- a unit 6 is a processing and storage unit implementing the method according to the invention.
- a blank unit 60 is a unit which does not implement the method according to the invention, but which can receive information transforming it into a unit 6.
- a pre-personalized unit 66 is a blank unit 60 having received part of the information allowing it, after receiving additional information, to be transformed into a unit 6.
- the loading of information into a blank unit 60 or a pre-personalized unit 66 corresponds to a transfer of information into the blank unit 60 or the pre-personalized unit 66, and to a storage of said transferred information.
- the transfer may include a change in information format.
- a variable, data or function contained in the data processing system 3 will be indicated by a capital letter, while a variable, data or function contained in unit 6 will be indicated by a small letter.
- Protected software is software that has been protected by at least one protection principle implemented by the process according to the invention.
- Vulnerable software is software that has not been protected by any protection principle implemented by the process according to the invention. • In the case where the differentiation between vulnerable software and protected software does not matter, the term "software" is used.
- a source representation of software is understood as a representation which, after transformation, gives an object representation.
- a source representation can be presented at different levels, from an abstract conceptual level to a level executable directly by a data processing system or a processing and storage unit.
- An object representation of a software corresponds to a level of representation which after transfer to a distribution and then loading into a data processing system or a processing and storage unit, can be executed. It can be, for example, a binary code, an interpreted code, etc.
- a distribution is a physical or virtual medium containing the object representation, this distribution must be made available to the user to enable him to use the software.
- a dynamic representation corresponds to the execution of the software from its distribution.
- a portion of software corresponds to any part of software and may, for example, correspond to one or more instructions, consecutive or not, and / or to one or more functional blocks consecutive or not, and / or to one or more functions, and / or one or more subroutines, and / or one or more modules.
- a portion of software can also correspond to all of this software.
- Figs. 10 and 11 illustrate the various representations respectively of vulnerable software 2v in the general sense, and of protected software 2p according to the method according to the invention.
- Fig. 10 illustrates various representations of vulnerable software 2 appearing during its life cycle.
- Vulnerable 2v software can thus appear under one of the following representations: • a 2 s source representation,
- This distribution can be commonly presented in the form of a physical distribution means such as a CDROM or in the form of files distributed across a network (GSM, Internet, etc.),
- FIG. 11 illustrates various representations of 2p protected software appearing during its life cycle.
- Protected 2p software can thus appear under one of the following representations:
- a 2ps source representation comprising a first source part intended for the data processing system 3 and a second source part intended for the unit 6, a part of these source parts possibly commonly being contained in common files
- a 2in object representation comprising a first object part 2pos intended for the data processing system 3 and a second object part 2pou intended for the unit 6
- this first 2pds distribution part being intended for the data processing system 3 and which can commonly be in the form of a physical distribution means such as a CDROM, or in the form of files distributed over a network (GSM, Internet, etc.), - and a second part of 2pdu distribution in the form:
- This dynamic representation 2pe comprises a first part of execution 2pes which is executed in the data processing system 3 and a second part of execution 2peu which is executed in unit 6. In the case where the differentiation between the different representations of protected software 2p does not matter, the expressions first part of the protected software and second part of the protected software are used.
- the implementation of the method according to the invention in accordance with the dynamic representation of FIG. 11, uses a device lp comprising a data processing system 3 connected by a link 5 to a unit 6.
- the data processing system 3 is of all types and comprises, in a conventional manner, at least one processor 4.
- the system 3 may be a computer or be part, for example, of various machines, devices, fixed or mobile products, or vehicles in the general sense.
- the link 5 can be made in any possible way, such as for example by a serial line, a USB bus, a radio link, an optical link, a network link or a direct electrical connection on a circuit of the data processing system 3 , etc.
- the unit 6 can possibly be physically inside the same integrated circuit as the processor 4 of the data processing system 3.
- the unit 6 can be considered as a coprocessor with respect to to processor 4 of the data processing system 3 and the link 5 is internal to the integrated circuit.
- Figs. 20 to 22 show, by way of illustration and without implied limitation, various embodiments of the lp device allowing the implementation of the protection method according to the invention.
- the protection device lp comprises, as a data processing system 3, a computer and, as a unit 6, a smart card 7 and its interface 8 commonly called a card reader.
- the computer 3 is connected to the unit 6 by a link 5.
- the first part of execution 2pes which is executed in the computer 3 and the second execution part 2peu which is executed in the chip card 7 and its interface 8, both must be functional so that the protected software 2p is fully functional.
- the lp protection device equips a product 9 in the general sense, comprising various members 10 adapted to the function or functions assumed by such a product 9.
- the lp protection device comprises, on the one hand, a data processing system 3 embedded in the product 9 and, on the other hand, a unit 6 associated with the product 9.
- the protected software 2p must be fully functional.
- the first part of execution 2pes which is executed in the data processing system 3 and the second part of execution 2peu which is executed in the unit 6, must all two be functional.
- This 2p protected software therefore makes it possible, indirectly, to protect against unauthorized use, the product 9 or one of its functionalities.
- the product 9 can be an installation, a system, a machine, a toy, a household appliance, a telephone, etc.
- the protection device lp includes several computers, as well as part of a communication network.
- the data processing system 3 is a first computer connected by a network type link 5, to a unit 6 constituted by a second computer.
- the second computer 6 is used as a license server for 2p protected software.
- the first part of execution 2pes which is executed in the first computer 3 and the second part of execution 2peu which is executed in the second computer 6, both must be functional so that the protected 2p software is fully functional.
- Fig. 30 makes it possible to explain more precisely, the protection method according to the invention.
- vulnerable software 2v is considered to be executed completely in a data processing system 3.
- the data processing system 3 comprises transfer means 12 connected by the link 5, to transfer means 13 forming part of the unit 6 making it possible to make communicate between them, the first part of execution 2pes and the second part of execution 2peu of the protected software 2p.
- the transfer means 12, 13 are of software and / or hardware nature and are capable of ensuring and, if necessary, optimizing the communication of data between the data processing system 3 and the unit 6. These transfer means 12, 13 are adapted to allow protected software 2p to be available which is preferably independent of the type of link 5 used. These transfer means 12, 13 are not part of the object of the invention and are not described more precisely because they are well known to those skilled in the art.
- the first part of the 2p protected software includes commands. During the execution of the protected software 2p, the execution of these commands by the first part of execution 2pes allows the communication between the first part of execution 2pes and the second part of execution 2peu. In the following description, these commands are represented by IN, OUT or TRIG. As illustrated in fig. 31, to allow the implementation of the second part of execution 2peu of the protected software 2p, the unit 6 comprises protection means 14.
- the protection means 14 comprise storage means 15 and processing means 16.
- a unit 6 physically present and comprising protection means 14 adapted to the execution of the second execution part 2peu of the protected software 2p is always considered to be present
- a unit 6 physically present but comprising unsuitable protection means 14 that is to say not allowing the correct implementation of the second execution part 2peu of the protected software 2p is considered to be present, when it functions correctly, and as absent when 'it doesn't work properly, • and a unit 6 physically absent is always considered to be absent.
- the transfer means 13 are broken down into two parts, one of which is located on the interface 8 and the other of which is located on the smart card 7.
- the absence of the smart card 7 is considered to be equivalent to the absence of the unit 6.
- the protection means 14 are not accessible and therefore do not allow the execution of the second execution part 2peu of the protected software, so that the protected software 2p is not completely functional.
- the protection method aims to implement a protection principle, known as "renaming”, a description of which is given in relation to FIGS. 80 to 85.
- this instruction being in the form of at least one argument of the triggering command
- • and recovery means 20 intended to be implemented in the unit 6 during the use phase and making it possible to find the initial setpoint, from the renamed setpoint, in order to find the dependent function to be executed.
- operating means are also constructed making it possible to transform a blank unit 60 into a unit 6 using at least the recovery means 20.
- the source of the vulnerable 2vs software is then modified, so as to obtain the source of the protected 2ps software.
- This modification is such that in particular:
- the second execution part 2peu which is executed in the unit 6, performs at least the functionality of at least one chosen algorithmic processing
- each chosen algorithmic processing is broken down so that during the execution of the protected software 2p, each chosen algorithmic processing is executed, by means of the second execution part 2peu, using dependent functions.
- each chosen algorithmic processing is broken down into dependent functions fd n (with n varying from 1 to N), namely: - possibly one or more dependent functions allowing the provision of one or more operands for the unit 6 - dependent functions, some of which use the operand (s) and which, in combination, execute the functionality of the chosen algorithmic processing, using this or these operand (s),
- the second execution part 2peu executes the dependent functions fdminister
- the first execution part 2pes of the protected software 2p, executed in the data processing system 3, executes triggering commands with renamed setpoints transferring renamed setpoints to unit 6, and initiating recovery in unit 6 by means recovery means 20, instructions, then execution by means of the second execution part 2peu, of each of the dependent functions fd n previously defined.
- the principle of protection by renaming consists in renaming the instructions of the triggering commands, so as to obtain triggering commands with renowned instructions whose execution in the data processing system 3, triggers in the unit 6 , the execution of the dependent functions which would have been triggered by the triggering commands with instructions not renamed, without however that the examination of the protected software 2p does not make it possible to determine the identity of the dependent functions executed.
- Fig. 80 illustrates an example of execution of a vulnerable 2v software. In this example, it appears during the execution of the vulnerable software 2v in the data processing system 3, at a given instant, the calculation of Z ⁇ - F (X, Y) corresponding to the assignment to a variable Z of the result of an algorithmic processing represented by a function F and using the operands X and Y.
- Figs. 81 and 82 illustrate an example of implementation of the invention.
- Fig. 81 illustrates the partial implementation of the invention.
- CDi CD 2 being represented respectively by OUT (x, X), OUT (y, Y),
- the first argument of the triggering commands OUT and the argument of the triggering commands TRIG and IN is chosen as a setpoint.
- the instructions thus chosen are renamed by the renaming method.
- the instructions of the triggering commands CDi to CDN namely x, y, fd 3 , fd -i, z are renamed so as to obtain respectively R (x), R (y), R (fd 3 ). ., R (fdN- ⁇ ), R (z).
- Fig. 82 illustrates the full implementation of the invention.
- the execution in the data processing system 3 of the first part of execution 2pes of the protected software 2p, and in the presence of the unit 6, it appears:
- the first improvement concerns the case where several algorithmic treatments are deported to unit 6 and at least the result of an algorithmic processing is used by another algorithmic processing. In this case, certain triggering commands with renowned instructions used for the transfer can be possibly deleted.
- the second improvement aims to opt for a relevant scheduling of triggering commands with renowned instructions among all the scheduling allowing the execution of the protected software 2p.
- Figs. 83 and 84 illustrate the principle of such an embodiment.
- Fig. 83 shows an example of execution of vulnerable 2v software.
- the execution of two algorithmic processing leading to the determination of Z and Z ' such that Z - F ( X, Y) and Z ' ⁇ - F' (X ',
- Fig. 84 illustrates an example of implementation of the method according to the invention for which the two algorithmic treatments chosen in FIG. 83 are deported to unit 6.
- the triggering commands with renamed setpoints CDCRi to CDCR N are not executed consecutively, insofar as the triggering commands with renamed setpoints CDCR'i to CDCR 'and other portions of code are interleaved.
- the following scheduling is thus carried out: CDCRi, portion of interleaved code, CDCR'i, CDCR 2 , portion of interleaved code, CDCR'2, CDCR ' 3 , portion of interleaved code, CDCR', CDCR 3 , CDCRt, ..., CDCRN, CDCR'M
- Fig. 85 illustrates an example of an attempt to execute the protected software 2p, while the unit 6 is absent.
- the execution of a triggering command with a renamed setpoint cannot trigger restoring the setpoint or executing the corresponding dependent function, due to the absence of unit 6.
- the value to be assigned to variable Z cannot therefore be determined correctly.
- the examination in the software protected 2p from triggering commands with renamed setpoints does not allow the identity of the dependent functions to be executed in unit 6 to be determined.
- the renaming of setpoints is carried out when the vulnerable 2v software is changed to software protected 2p.
- it is defined for at least one dependent function, a family of dependent functions algorithmically equivalent but triggered by triggering commands with different renamed setpoints.
- this algorithmic processing is broken down into dependent functions which for at least one of them is replaced by a dependent function of the same family instead of keeping several occurrences of the same dependent function.
- triggering commands with renamed setpoints are modified to take account of the replacement of dependent functions by dependent functions of the same family.
- two dependent functions of the same family have different instructions and therefore triggering commands with different renamed instructions and, it is not possible, on examination of the protected software 2p, to detect that the functions called dependents are algorithmically equivalent.
- the recovery means 20 are means implementing a decryption method making it possible to decrypt the renamed instructions and thus to restore the identity of the dependent functions to be executed in unit 6. These recovery means are implemented in unit 6 and can be of software or hardware. These recovery means 20 are requested in the use phase U each time a triggering command with a renamed setpoint is executed in the data processing system 3 with the aim of triggering in unit 6, the execution of 'a dependent function.
- the protection method aims to implement a protection principle known as "variable”, a description of which is given in relation to FIGS. 40 to 43.
- variable For the implementation of the principle of protection by variable, it is chosen in the source of the vulnerable software 2vs at least one variable which during the execution of the vulnerable software 2v, partially defines the state of this one.
- state of a software it must be understood all the information, at a given time, necessary for the complete execution of this software, so that the absence of such a chosen variable harms the complete execution of this software. It is also chosen at least a portion of the source of the vulnerable software 2vs containing at least one chosen variable.
- At least a selected portion of the source of the vulnerable 2vs software is then modified, so as to obtain the source of the protected 2ps software.
- This modification is such that during the execution of the protected software 2p, at least a portion of the first part of execution 2pes which is executed in the data processing system 3, takes into account that at least one chosen variable or at least one copy of the chosen variable resides in unit 6.
- FIG. 40 illustrates an example of execution of a vulnerable software 2v. In this example, it appears during the execution of the vulnerable software 2v in the data processing system 3:
- Fig. 41 illustrates an example of a first embodiment of the invention for which the variable resides in unit 6.
- the variable resides in unit 6.
- Fig. 42 illustrates an example of a second embodiment of the invention for which a copy of the variable resides in the unit 6.
- a copy of the variable resides in the unit 6.
- Fig. 43 illustrates an example of an attempt to execute the protected software 2p, while the unit 6 is absent.
- the protection method aims to implement a protection principle, known as "elementary functions", a description of which is given in relation to FIGS. 60 to 64.
- the source of the vulnerable software 2vs at least one processing algorithmic using at least one operand and rendering at least one result. It is also chosen at least a portion of the source of the vulnerable software 2vs containing at least one chosen algorithmic processing.
- At least a selected portion of the source of the vulnerable 2vs software is then modified, so as to obtain the source of the protected 2ps software.
- This modification is such that in particular:
- the second execution part 2peu which is executed in the unit 6, performs at least the functionality of at least one chosen algorithmic processing
- each chosen algorithmic processing is broken down so that during the execution of the protected software 2p, each chosen algorithmic processing is executed, by means of the second execution part 2peu, using elementary functions.
- each chosen algorithmic processing is broken down into elementary functions fe (with n varying from 1 to N), namely: - possibly one or more elementary functions allowing the provision of one or more operands for the unit 6, - elementary functions, some of which use the operand (s) and which, in combination, execute the functionality of the chosen algorithmic processing, using this or these operands, - and possibly one or more elementary functions enabling the unit to make them available 6 , for the data processing system 3 of the result of the chosen algorithmic processing,
- the first part of 2pe executes elementary commands
- FIG. 60 illustrates an example of execution of vulnerable 2v software. In this example, it appears, during the execution of the vulnerable software 2v in the data processing system 3, at a given instant, the calculation of Z ⁇ - F (X, Y) corresponding to the assignment to a variable Z of the result of an algorithmic processing represented by a function F and using operands X and Y.
- FIG. 61 illustrates an example of implementation of the invention for which the algorithmic processing chosen in FIG. 60 is deported to unit 6.
- CFEi, CFE 2 being represented respectively by OUT (x, X), OUT (y, Y),
- the elementary commands 1 to N are executed successively. It should be noted that two improvements can be made: “The first improvement concerns the case where several algorithmic treatments are deported to unit 6 and at least the result of an algorithmic treatment is used by another algorithmic treatment.
- the second improvement aims to opt for a relevant scheduling of elementary orders among all the scheduling allowing the execution of the protected software 2p.
- Figs. 62 and 63 illustrate the principle of such an embodiment.
- Fig. 62 shows an example of execution of vulnerable 2v software.
- Fig. 63 illustrates an example of implementation of the method according to the invention for which the two algorithmic treatments chosen in FIG. 62 are deported to unit 6.
- the execution of elementary commands CFEi to CFE N corresponding to the determination of Z
- the execution of the elementary commands CFE'i to CFE ' M corresponding to the determination of Z'.
- the elementary commands CFEi to CFE N are not executed consecutively, insofar as the elementary commands CFE'i to CFE ' M , as well as other portions of code are interleaved.
- Fig. 64 illustrates an example of an attempt to execute the protected software 2p, while the unit 6 is absent.
- the execution of an elementary command cannot trigger the execution of the corresponding elementary function, due to the absence of unit 6.
- the value to be assigned to the variable Z cannot therefore be determined correctly.
- the protection method aims to implement a protection principle, known as “detection and coercion", a description of which is given in relation to FIGS. 70 to 74.
- detection and coercion a protection principle, known as “detection and coercion”, a description of which is given in relation to FIGS. 70 to 74.
- Detection means 17 to be implemented in unit 6 and making it possible to detect that at least one software execution characteristic does not meet at least one associated criterion
- • and coercion means 18 to be implemented in the unit 6 and making it possible to inform the data processing system 3 and / or to modify the execution of a software, when at least one criterion is not not respected.
- Fig. 70 illustrates the means necessary for the implementation of this principle of protection by detection and coercion.
- the unit 6 comprises the detection means 17 and the coercion means 18 belonging to the processing means 16.
- the coercion means 18 are informed of the non-compliance with a criterion by the detection means 17. More precisely , the detection means 17 use information coming from the transfer means 13 and / or the storage means 15 and / or the processing means 16, in order to monitor one or more characteristics of software execution. At least one criterion to be respected is attached to each software execution characteristic. In the case where it is detected that at least one characteristic of software execution does not meet at least one criterion, the detection means 17 inform the coercion means 18. These coercion means 18 are adapted to modify, de appropriately, the condition of the unit 6.
- At least one execution characteristic of software to be monitored among the execution characteristics liable to be monitored, • at least one criterion to be respected for at least one characteristic of software execution chosen,
- At least a selected portion of the source of the vulnerable 2vs software is then modified, so as to obtain the source of the protected 2ps software.
- This modification is such as in particular when running the 2p protected software:
- the first type of software execution characteristic corresponds to a variable for measuring the execution of software and the second type corresponds to a usage profile for software. These two types of characteristics can be used independently or in combination.
- the storage means 15 the possibility of storing at least one measurement variable serving to quantify the use of at least one software functionality
- the detection means 17 the possibility of monitoring at least one threshold associated with each measurement variable
- At least one threshold associated with the measurement variable corresponding to a limit of use of said functionality At least one threshold associated with the measurement variable corresponding to a limit of use of said functionality
- the source of the vulnerable software 2vs is then modified, so as to obtain the source of the protected software 2ps, this modification being such that, during the execution of the protected software 2p, the second part of execution 2peu:
- the detection means 17 inform the means of coercion 18 which take a suitable decision to inform the data processing system 3 and / or modify the processing carried out by the processing means 16 making it possible to modify the operation of the portion of the protected software 2p, so that the operation of the software protected 2p is changed.
- the source of the vulnerable software 2vs is then modified, so as to obtain the source of the protected software 2ps, this modification being such that, during the execution of the protected software 2p, the second part of execution 2peu:
- the unit 6 informs the data processing system 3 directing the protected software 2p to no longer use this functionality . If the 2p protected software continues to use this functionality, the second threshold may be exceeded. In the event that the second threshold is exceeded, the coercion means 18 can render the chosen functionality inoperative and / or render the protected software 2p inoperative.
- reloading means are defined making it possible to credit at least one additional use for at least one software functionality monitored by a measurement variable.
- Operating means are also constructed using, in addition to detection means 17, coercion means 18 and updating means, reloading means.
- At least one measurement variable serving to limit the use of at least one functionality of the software and to which at least one additional use must be able to be credited.
- the source of the vulnerable software 2vs is then modified, so as to obtain the source of the protected software 2ps, this modification being such that, in a phase known as reloading, at least one additional use of at least one functionality corresponding to a variable of selected measure can be credited.
- At least one selected measurement variable and / or at least one associated threshold is updated, so as to allow at least one additional use of the corresponding functionality.
- a software usage profile it is defined as a criterion to be respected for this usage profile, at least one performance trait of software.
- the source of the vulnerable software 2vs is then modified, so as to obtain the source of the protected software 2ps, this modification being such that, during the execution of the protected software 2p, the second part of execution 2peu respects all the features of selected execution.
- the unit 6 itself monitors the way in which the second execution part 2peu is executed and can inform the data processing system 3 and / or modify the operation of the protected software 2p, in the case where at least one performance line is not respected.
- the data processing system 3 is informed thereof and / or the operation of the portion of protected software 2p is modified, so that the operation of the protected 2p software is modified.
- monitoring different execution traits such as for example monitoring the presence of instructions comprising a marker or monitoring the execution sequence for at least part of the instructions.
- the monitoring of the execution sequence for at least part of the instructions it is defined:
- • and coercion means 18 making it possible to inform the data processing system 3 and / or to modify the execution of software when the sequence of instructions does not correspond to that desired. It is also constructed operating means allowing, at unit 6, to also execute the instructions of the instruction set, the execution of these instructions being triggered by the execution in the data processing system 3 of instruction commands.
- the source of the vulnerable software 2vs is then modified so as to obtain the source of the protected software 2ps, this modification is such that, during the execution of the protected software 2p: • the second part of execution 2peu executes at least the functionality of the chosen algorithmic processing,
- Fig. 71 illustrates an example of implementation of the principle of protection by detection and coercion using, as an execution trait to respect the monitoring of the execution sequence of at least part of the instructions, in the case where the sequence desired is respected.
- the first execution part 2 pes of the protected software 2p, executed in the data processing system 3, executes instruction commands C1 triggering, in the unit 6, the execution of the instructions ii belonging to the instruction set.
- the instructions each include a part defining the functionality of the instruction and a part making it possible to check the desired sequence for the execution of the instructions.
- the Cli instruction commands are represented by TRIG (ii) and the desired sequence for the execution of the instructions is i n , i n + ⁇ and i mecanic + 2 - Execution in unit 6, of the instruction i n gives the result a and the execution of the instruction i donne+ ⁇ gives the result b.
- the instruction i n + 2 uses as operand, the results a and b of the instructions i n and i mecanic+ ⁇ and its execution gives the result c.
- Fig. 72 illustrates an example of implementation of the principle of protection by detection and coercion using, as an execution trait to be observed, monitoring the execution sequence of at least part of the instructions, in the case where the desired sequence is not respected.
- the desired sequence for the execution of the instructions is always i Stahl, i n + ⁇ and i n + 2.
- the sequence of execution of the instructions is modified by replacing the instruction i n by the instruction i ' n , so that the sequence actually executed is i ' tone, i n + ⁇ and i fasci +2 .
- the execution of the instruction i ' n gives the result a, that is to say the same result as the execution of the instruction i vide.
- the detection means 17 detect that the instruction i ' n does not correspond to the desired instruction to generate the result used as the operand of the instruction i n + 2 -
- the detection means 17 inform the coercion means 18 which consequently modify the operation of the instruction i n + 2, so that the execution of the instruction i Vietnamese +2 gives the result c 'may be different from c.
- the execution of the instruction i ' maygives a result a' different from the result a of the instruction i Vietnamese, it is clear that the result of the instruction i Vietnamese +2 can also be different from c .
- Figs. 73 and 74 illustrate a preferred embodiment of the principle of protection by detection and coercion using, as an execution trait to be observed, monitoring of the execution sequence of at least part of the instructions.
- a set of instructions is defined, at least certain instructions of which work on registers and use at least one operand in order to render a result.
- a part PF defining the functionality of the instruction
- a part PE defining the desired sequence for the execution of the instructions.
- the PF part corresponds to the operation code known to those skilled in the art.
- the PE part defining the desired sequence includes bit fields corresponding to:
- the instruction set includes V registers belonging to the processing means 16, each register being named R v , with v varying from 1 to V.
- R v For each register R v , two fields are defined, namely: • a field functional CF V , known to those skilled in the art and making it possible to store the result of the execution of the instructions,
- This CIG V generated identification field is neither accessible nor modifiable by any instruction and is used only for the detection means 17.
- the detection means 17 perform the following operations for each operand k:
- the detection means 17 consider that the sequence of execution of the instructions is not respected.
- the coercion means 18 make it possible to modify the result of the instructions when the detection means 17 have informed them of a chain of instructions that has not been observed.
- a preferred embodiment consists in modifying the functional part
- the protection method aims to implement a protection principle known as "conditional connection", the description of which is given in relation to FIGS. 90 to 92.
- conditional connection For the implementation of the principle of protection by conditional connection, it is chosen in the source of the vulnerable 2vs software, at least one conditional connection BC. It is also chosen at least a portion of the source of the vulnerable software 2vs containing at least one conditional branch BC chosen.
- At least a selected portion of the source of the vulnerable 2vs software is then modified, so as to obtain the source of the protected 2ps software.
- This modification is such as in particular when running the 2p protected software:
- At least a portion of the first execution part 2pes, which is executed in the data processing system 3, takes into account that the functionality of at least one conditional branching BC chosen is executed in unit 6,
- the second execution part 2peu which is executed in the unit 6, executes at least the functionality of at least one conditional connection BC chosen and makes available to the data processing system 3, information allowing the first part of 2pes execution, to continue its execution at the chosen location.
- Fig. 90 illustrates an example of execution of vulnerable 2v software.
- a conditional connection BC indicating to the vulnerable software 2v the place where to continue its unfolding, namely the '' one of the three possible places Bi, B 2 or B 3 .
- the conditional branch BC takes the decision to continue executing the software at location Bi, B 2 or B 3 .
- Fig. 91 illustrates an example of implementation of the invention for which the conditional branch chosen to be deported to the unit 6, corresponds to the conditional branch BC.
- the conditional branch chosen to be deported to the unit 6 corresponds to the conditional branch BC.
- the execution of the conditional branching command CBCi triggering in unit 6 the execution by means of the second execution part 2peu, of the remote conditional branching bc algorithmically equivalent to the conditional branching BC, this conditional branching command CBCi being represented by
- Fig. 92 illustrates an attempt to execute the protected software 2p, while the unit 6 is absent.
- the first 2pes execution part of the protected software 2p is executed in the data processing system 3:
- the object of the invention aims to deport in unit 6, a conditional connection.
- a preferred embodiment of the invention can consist in deporting in unit 6, a series of conditional branches whose overall functionality is equivalent to all of the functionalities of the conditional branches which have been deported.
- the execution of the global functionality of this series of deported conditional connections results in the provision, for the data processing system 3, of information allowing the first part of execution 2pes of the protected software 2p to continue its execution at the chosen location.
- the protection method according to the invention is implemented using the principle of protection by renaming, possibly associated with one or more other principles of protection.
- the principle of protection by renaming is advantageously supplemented by the principle of protection by variable and / or the principle of protection by elementary functions and / or the principle of protection by conditional connection.
- this can in turn be supplemented by the principle of protection by detection and coercion and / or the principle of protection by conditional branching.
- the principle of protection by renaming is supplemented by the principle of protection by variable and by the principle of protection by elementary functions, supplemented by the principle of protection by detection and coercion, supplemented by the principle of protection by conditional connection.
- a use phase U during which the protected software 2p is implemented.
- this phase of use U - in the presence of the unit 6 and each time that a portion of the first 2pes execution part executed in the data processing system 3 requires it, an imposed functionality is executed in unit 6, so that this portion is executed correctly and that, therefore, the protected software 2p is fully functional, - in the absence of unit 6 and despite the request for a portion of the first part of execution 2pes to execute a functionality in unit 6, this request cannot be honored correctly, so that at least this portion is not executed correctly and that therefore the 2p protected software is not fully functional,
- the protection phase P can be broken down into two protection sub-phases Pi and P 2 .
- the first known as the upstream protection sub-phase Pi, is implemented independently of the vulnerable software 2v to be protected.
- the second, called downstream protection sub-phase P 2 is dependent on the vulnerable software 2v to be protected.
- the upstream protection sub-phases Pi and downstream P 2 can be carried out advantageously by two different people or two different teams.
- the upstream protection sub-phase Pi can be carried out by a person or a company ensuring the development of software protection systems
- the downstream protection sub-phase P2 can be carried out by a person or a company ensuring the development of software to be protected.
- upstream protection sub-phases Pi and downstream P2 can also be carried out by the same person or the same team.
- the upstream protection sub-phase Pi involves several stages Su, ..., u for each of which different tasks or works are to be performed.
- the first stage of this upstream protection sub-phase Pi is called "definition stage Su”. During this Su definition stage: • it is chosen:
- unit 6 As an illustration, it may be chosen as unit 6, a reader 8 of smart cards and the smart card 7 associated with the reader,
- triggering commands being capable of being executed in the data processing system 3 and of triggering the execution in a unit 6, of dependent functions
- the protection method according to the invention implements a variant of the principle of protection by renaming, it is also defined for at least one dependent function, a family of dependent functions algorithmically equivalent, but triggered by commands triggers whose famous instructions are different,
- this set of elementary commands being a subset of the set of triggering commands
- detection means 17 to be implemented in unit 6 and making it possible to detect that at least one characteristic of software execution does not meet at least one associated criterion
- - and coercion means 18 to be implemented in the unit 6 and making it possible to inform the data processing system 3 and / or to modify the execution of a software, when at least one criterion is not not respected, • and in the case where the protection method according to the invention implements the principle of protection by detection and coercion using as a characteristic a variable for measuring the execution of the software, it is also defined:
- - as a software execution characteristic capable of being monitored, a variable for measuring the use of a software functionality, - as a criterion to be respected, at least one threshold associated with each measurement variable,
- the protection method according to the invention implements a second preferred alternative embodiment of the principle of protection by detection and coercion using as a characteristic a variable for measuring the execution of the software, it is also defined reloading means making it possible to credit at least one additional use for at least one software functionality monitored by a measurement variable,
- the protection method according to the invention implements the principle of protection by detection and coercion using as characteristic a software use profile, it is also defined: as a characteristic of software execution likely to be monitored, a software usage profile,
- an instruction set the instructions of which can be executed in unit 6, a set of instruction commands for this set of instructions, these instruction commands being capable of being executed in the data processing system 3 and of triggering in unit 6 the execution of the instructions, as a usage profile, the sequence of instructions,
- detection means 17 means making it possible, during the execution of an instruction, for each operand, when the flag field CD k requires it, to control the equality between the identification field generated CIG V corresponding to the register used by this operand, and the expected identification field CHY of the origin of this operand,
- the definition stage Su is followed by a stage called "construction stage S 12 ".
- the transfer means 12, 13 and the operating means corresponding to the definitions of the definition stage Su are constructed.
- pre-personalization stage S ⁇ 3 At least part of the transfer means 13 and / or the operating means are loaded into at least one blank unit 60 in order to obtain at least one pre-personalized unit 66. It should be noted that part of the operating means, once transferred to a pre-personalized unit 66, is no longer directly accessible from outside this pre-personalized unit 66.
- the transfer of the operating means in a blank unit 60 can be achieved by means of a suitable pre-personalization unit, which is described in the following description in FIG. 120. In the case of a pre-personalized unit 66, consisting of a smart card 7 and its reader 8, the pre-personalization only concerns the smart card 7.
- the upstream protection sub-phase Pi it can be implemented, after the definition stage Su and, possibly after the construction stage S 12 , a stage called "tool making stage S ⁇ 4 ".
- tools S ⁇ are made tools making it possible to help in the generation of protected software or to automate the protection of software. Such tools allow:
- conditional branch (es) whose functionality is likely to be transferred to unit 6,
- each tool can take various forms, such as preprocessor, assembler, compiler, etc.
- the upstream protection sub-phase Pi is followed by a downstream protection sub-phase P 2 dependent on the vulnerable software 2v to be protected.
- This downstream protection sub-phase P 2 also involves several stages.
- the first stage corresponding to the implementation of the principle of protection by renaming is called "creation stage S21".
- This creation stage S21 the choices made at the definition stage Su are used.
- the protected software 2p is created:
- At least one algorithmic processing which, when the vulnerable 2v software is executed, uses at least one operand and makes it possible to obtain at least one result, • by choosing at least a portion of the source of the vulnerable 2vs software containing at least one chosen algorithmic processing,
- a first part of execution 2pes is executed in the data processing system 3 and a second part of execution 2peu is executed in a unit 6, obtained from the blank unit 60 after loading information,
- the second execution part 2peu executes at least the functionality of at least one chosen algorithmic processing
- triggering commands with renamed instructions are integrated in the source of the protected software 2ps, so that during the execution of the protected software 2p, each triggering command with renamed instruction is executed by the first party 2pes execution and triggers in unit 6, the restoration, by means of recovery means 20, of the setpoint and the execution, by means of the second execution part 2peu, of the corresponding dependent function, - and an ordering of the triggering commands with renowned instructions is chosen from all the orders allowing the execution of the protected software 2p,
- this first 2pos object part being such that during the execution of the 2p protected software, a first part of execution 2pes which is executed in the data processing system 3 and of which at least a portion takes into account that the triggering commands with renamed instructions are executed according to the scheduling chosen, - and a second part object 2pou of the software protected 2p, containing the operating means, this second object part 2pou being such that, after loading into the blank unit 60 and during the execution of the protected software 2p, the second execution part 2peu appears by means of which the instructions are restored and the dependent functions are executed.
- a "modification stage S22" is implemented.
- the definitions used at the definition stage Su are used.
- the protected software 2p is modified to allow the implementation of the protection principles according to one of the arrangements defined above.
- this first part object 2pos being such that during the execution of the protected software
- At least a portion of the first 2pes execution part also takes into account that at least one variable or at least one copy of a variable resides in unit 6,
- this first part object 2pos being such that during the execution of the protected software 2p, at least a portion of the first part of execution 2pes also executes the elementary commands according to the scheduling selected
- this second object part 2pou being such that, after loading into the unit 6 and during the execution of the protected software 2p, the second part appears of execution 2peu by means of which the elementary functions triggered by the first part of execution 2pes are also executed.
- the protected software 2p • and by producing the second object part 2pou of the protected software 2p containing the operating means also implementing the detection means 17 and the coercion means 18, this second object part 2pou being such that, after loading into the unit 6 and during the execution of the protected software 2p, at least one characteristic of software execution is monitored and non-compliance with a criterion leads to information from the data processing system 3 and / or to a modification of the protected software 2p.
- the protected software 2p is modified:
- the protected software 2p is modified:
- the protected software 2p is modified:
- At least one chosen measurement variable making it possible to limit the use of a functionality to which at least one additional use must be able to be credited, • and by modifying at least one selected portion, this modification being such that in a so-called reloading phase, at least one additional use of at least one functionality corresponding to a chosen measurement variable can be credited.
- the protected 2p software is modified:
- the protected software 2p is modified:
- this first part object 2pos being such that during the execution of the protected software
- this second object part 2pou being such that, after loading into the unit 6 and during the execution of the protected software 2p, the second execution part 2peu appears by means of which the overall functionality of least a selected series of conditional branchings is executed.
- the protection principles according to the invention can be applied directly during the development of new software without requiring the prior production of intermediate protected software.
- the stages of creation S 2 ⁇ and of modification S 22 can be carried out concomitantly so as to obtain the protected software 2p directly.
- the downstream protection sub-phase P 2 it is implemented after the creation stage S 21 of the protected software 2p, and possibly after the modification stage S 22 , a stage called "personalization stage S2 3 ".
- the second object part 2pou containing the operating means is loaded into at least one blank unit 60, with a view to obtaining at least one unit 6, or a part of the second object part 2pou possibly containing the operating means is loaded into at least one pre-personalized unit 66, with a view to obtaining at least one unit 6.
- Loading this personalization information makes it possible to make at least one unit 6 operational. It should be noted that part of this information, once transferred to a unit 6, is not directly accessible from outside this unit 6.
- the transfer of personalization information to a blank unit 60 or a pre-personalized unit 66 can be carried out by through a suitable personalization unit which is described in the following description in FIG. 150.
- a suitable personalization unit which is described in the following description in FIG. 150.
- the personalization only concerns the smart card 7.
- Fig. 110 illustrates an exemplary embodiment of a system 25 making it possible to implement the construction stage S 12 taking into account the definitions intervened at the definition stage Su and during which the transfer means 12, 13 are constructed and possibly the operating means intended for unit 6.
- a system 25 includes a program development unit or workstation conventionally in the form of a computer comprising a central unit, a screen, peripherals of the keyboard type mouse, and having, in particular, the following programs: file editors, assemblers, preprocessors, compilers, interpreters, debuggers and linkers.
- Fig. 120 illustrates an exemplary embodiment of a pre-personalization unit 30 making it possible to at least partially load the transfer means 13 and / or the operating means in at least one blank unit 60 in order to obtain at least one pre-unit -personalized 66.
- This prepersonalization unit 30 includes a reading and writing means 31 making it possible to electrically prepersonalize a blank unit 60, so as to obtain a pre-personalized unit 66 in which the transfer means 13 and / or operating have been loaded.
- the pre-personalization unit 30 can also include means for physical personalization 32 of the blank unit 60 which can be, for example, in the form of a printer. In the case where the unit 6 is constituted by a smart card 7 and its reader 8, the pre-personalization generally relates only to the smart card 7.
- FIG. 120 illustrates an exemplary embodiment of a pre-personalization unit 30 making it possible to at least partially load the transfer means 13 and / or the operating means in at least one blank unit 60 in order to obtain at least one pre-unit -personalized
- Such a system 35 comprises a program development unit or workstation conventionally in the form of a computer comprising a central unit, a screen, peripherals of the keyboard-mouse type, and comprising, in particular, the following programs: file editors, assemblers, pre-processors, compilers, interpreters, debuggers and linkers.
- Fig. 140 illustrates an embodiment of a system 40 allowing direct creation of 2p protected software or modification of vulnerable 2v software in order to obtain 2p protected software.
- a system 40 includes a program development unit or workstation conventionally in the form of a computer comprising a central unit, a screen, peripherals of the keyboard-mouse type, and comprising, in particular, the following programs: file editors, assemblers, pre-processors, compilers, interpreters, debuggers and linkers, as well as tools to help generate protected software or to automate software protection.
- Fig. 150 illustrates an exemplary embodiment of a personalization unit 45 allowing the second object part 2pou to be loaded into at least one blank unit 60 in order to obtain at least one unit 6 or a part of the second object part 2pou in at least one pre-personalized unit 66 in order to obtain at least a unit 6.
- This personalization unit 45 comprises a reading and writing means 46 making it possible to electrically personalize at least one blank unit 60 or at least one pre-personalized unit 66, so as to obtain at least one unit 6.
- a unit 6 includes the information necessary for the execution of the protected software 2p.
- the personalization unit 45 can also include physical personalization means 47 for at least one unit 6 which can be, for example, in the form of a printer. In the case where a unit 6 is constituted by a smart card 7 and its reader 8, the personalization generally relates only to the smart card 7.
- the protection method of the invention can be implemented with the following improvements: • Provision may be made for jointly using several processing and storage units in which the second object part 2p or of the protected software 2p is distributed so that their joint use allows the 2p protected software to be executed, the absence of at least one of these processing and storage units preventing the use of the 2p protected software.
- the part of the second object part 2pou necessary to transform the pre-personalized unit 66 into a unit 6 can be contained in a unit processing and storage used by the personalization unit 45 in order to limit access to this part of the second object part 2pou.
- this part of the second object part 2pou can be distributed in several processing and storage units so that this part of the second object part 2pou is accessible only when the processing and storage units are used together. .
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Computer Hardware Design (AREA)
- Remote Sensing (AREA)
- Radar, Positioning & Navigation (AREA)
- Storage Device Security (AREA)
- Executing Machine-Instructions (AREA)
- Logic Circuits (AREA)
Abstract
Description
Claims
Priority Applications (13)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
MXPA04000596A MXPA04000596A (es) | 2001-07-31 | 2002-07-04 | Metodo para proteger un software con la ayuda de un principio llamado de "renombramiento" contra su uso no autorizado. |
CA002454094A CA2454094A1 (fr) | 2001-07-31 | 2002-07-04 | Procede pour proteger un logiciel a l'aide d'un principe dit de "renommage" contre son utilisation non autorisee |
HU0400232A HUP0400232A2 (en) | 2001-07-31 | 2002-07-04 | Method for protecting a software using a so-called renaming principle against its unauthorised use |
IL15995102A IL159951A0 (en) | 2001-07-31 | 2002-07-04 | Method to protect software against unauthorised use with a renaming principle |
EP02762526A EP1412837A2 (fr) | 2001-07-31 | 2002-07-04 | Procede pour proteger un logiciel a l'aide de "renommage" contre son utilisation non autorisee de diluant |
JP2003517722A JP3949105B2 (ja) | 2001-07-31 | 2002-07-04 | 「リネーム」原理を使用してその無許可使用に対してソフトウェアを保護する方法 |
KR10-2004-7000806A KR20040032858A (ko) | 2001-07-31 | 2002-07-04 | 소위 이름 변경 원리를 사용하여 소프트웨어를 불법사용으로부터 보호하는 방법 |
BR0211375-9A BR0211375A (pt) | 2001-07-31 | 2002-07-04 | Processo para proteger um software vulnerável contra o seu uso não autorizado; sistema para a implementação do processo; unidade pré-personalizada; unidade que permite executar um software protegido e impedir sua utilização não autorizada; conjunto de unidades; conjunto de distribuição de um software protegido; unidade de processamento e de memorização e conjunto de unidades de processamento e de memorização |
ZA2004/00350A ZA200400350B (en) | 2001-07-31 | 2004-01-16 | Method for protecting a software using a so called renaming principle against its unauthorised use |
TNP2004000013A TNSN04013A1 (fr) | 2001-07-31 | 2004-01-19 | Procede pour proteger un logiciel a l'aide d'un principe dit de "renommage" contre son utilisation non autorisee |
NO20040231A NO20040231L (no) | 2001-07-31 | 2004-01-19 | Fremgangsmate for a beskytte en programvare, ved anvendelse av et sakalt omnavnings-prinsipp, mot uautorisert bruk av den |
HR20040048A HRP20040048A2 (en) | 2001-07-31 | 2004-01-19 | Method for protecting a software using a so-called renaming principle against its unauthorised use |
HK05102677A HK1070154A1 (en) | 2001-07-31 | 2005-03-30 | Method to protect software against unwanted use with a renaming principle |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
FR0110246A FR2828303B1 (fr) | 2001-07-31 | 2001-07-31 | Procede pour proteger un logiciel a l'aide d'un principe dit de "renommage" contre son utilisation non autorisee |
FR01/10246 | 2001-07-31 |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2003012604A2 true WO2003012604A2 (fr) | 2003-02-13 |
WO2003012604A3 WO2003012604A3 (fr) | 2004-01-22 |
Family
ID=8866121
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/FR2002/002340 WO2003012604A2 (fr) | 2001-07-31 | 2002-07-04 | Procede pour proteger un logiciel a l'aide de 'renommage' contre son utilisation non autorisee de diluant |
Country Status (19)
Country | Link |
---|---|
EP (1) | EP1412837A2 (fr) |
JP (1) | JP3949105B2 (fr) |
KR (1) | KR20040032858A (fr) |
CN (1) | CN1288524C (fr) |
BR (1) | BR0211375A (fr) |
CA (1) | CA2454094A1 (fr) |
FR (1) | FR2828303B1 (fr) |
HK (1) | HK1070154A1 (fr) |
HR (1) | HRP20040048A2 (fr) |
HU (1) | HUP0400232A2 (fr) |
IL (1) | IL159951A0 (fr) |
MA (1) | MA26127A1 (fr) |
MX (1) | MXPA04000596A (fr) |
NO (1) | NO20040231L (fr) |
PL (1) | PL367440A1 (fr) |
TN (1) | TNSN04013A1 (fr) |
WO (1) | WO2003012604A2 (fr) |
YU (1) | YU5604A (fr) |
ZA (1) | ZA200400350B (fr) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100346252C (zh) * | 2005-09-28 | 2007-10-31 | 珠海金山软件股份有限公司 | 计算机软件安全漏洞修复装置和方法 |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4770425B2 (ja) * | 2005-11-24 | 2011-09-14 | 富士ゼロックス株式会社 | 保護済み実行プログラムの作成のためのプログラム、方法及び装置 |
CN100437615C (zh) * | 2006-10-16 | 2008-11-26 | 珠海金山软件股份有限公司 | 一种Windows平台下保护动态链接库接口的方法 |
CN103198244B (zh) * | 2013-03-26 | 2016-06-29 | 北京深思数盾科技股份有限公司 | 保护动态链接库的方法 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2634917A1 (fr) * | 1988-08-01 | 1990-02-02 | Pionchon Philippe | Procede et dispositif de protection d'un logiciel, en particulier contre les copies non autorisees |
US5754646A (en) * | 1995-07-19 | 1998-05-19 | Cable Television Laboratories, Inc. | Method for protecting publicly distributed software |
WO1999001815A1 (fr) * | 1997-06-09 | 1999-01-14 | Intertrust, Incorporated | Techniques d'obscurcissement pour augmenter la securite de logiciels |
WO1999066387A1 (fr) * | 1998-06-12 | 1999-12-23 | Gemplus | Procede de controle de l'execution d'un produit logiciel |
-
2001
- 2001-07-31 FR FR0110246A patent/FR2828303B1/fr not_active Expired - Lifetime
-
2002
- 2002-07-04 EP EP02762526A patent/EP1412837A2/fr not_active Withdrawn
- 2002-07-04 WO PCT/FR2002/002340 patent/WO2003012604A2/fr active Application Filing
- 2002-07-04 YU YU5604A patent/YU5604A/sh unknown
- 2002-07-04 PL PL02367440A patent/PL367440A1/xx not_active Application Discontinuation
- 2002-07-04 IL IL15995102A patent/IL159951A0/xx unknown
- 2002-07-04 JP JP2003517722A patent/JP3949105B2/ja not_active Expired - Fee Related
- 2002-07-04 MX MXPA04000596A patent/MXPA04000596A/es unknown
- 2002-07-04 CA CA002454094A patent/CA2454094A1/fr not_active Abandoned
- 2002-07-04 HU HU0400232A patent/HUP0400232A2/hu unknown
- 2002-07-04 CN CNB028146719A patent/CN1288524C/zh not_active Expired - Fee Related
- 2002-07-04 KR KR10-2004-7000806A patent/KR20040032858A/ko not_active Application Discontinuation
- 2002-07-04 BR BR0211375-9A patent/BR0211375A/pt not_active IP Right Cessation
-
2004
- 2004-01-16 ZA ZA2004/00350A patent/ZA200400350B/en unknown
- 2004-01-19 TN TNP2004000013A patent/TNSN04013A1/fr unknown
- 2004-01-19 NO NO20040231A patent/NO20040231L/no not_active Application Discontinuation
- 2004-01-19 HR HR20040048A patent/HRP20040048A2/hr not_active Application Discontinuation
- 2004-01-19 MA MA27493A patent/MA26127A1/fr unknown
-
2005
- 2005-03-30 HK HK05102677A patent/HK1070154A1/xx not_active IP Right Cessation
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FR2634917A1 (fr) * | 1988-08-01 | 1990-02-02 | Pionchon Philippe | Procede et dispositif de protection d'un logiciel, en particulier contre les copies non autorisees |
US5754646A (en) * | 1995-07-19 | 1998-05-19 | Cable Television Laboratories, Inc. | Method for protecting publicly distributed software |
WO1999001815A1 (fr) * | 1997-06-09 | 1999-01-14 | Intertrust, Incorporated | Techniques d'obscurcissement pour augmenter la securite de logiciels |
WO1999066387A1 (fr) * | 1998-06-12 | 1999-12-23 | Gemplus | Procede de controle de l'execution d'un produit logiciel |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN100346252C (zh) * | 2005-09-28 | 2007-10-31 | 珠海金山软件股份有限公司 | 计算机软件安全漏洞修复装置和方法 |
Also Published As
Publication number | Publication date |
---|---|
NO20040231L (no) | 2004-03-30 |
FR2828303A1 (fr) | 2003-02-07 |
YU5604A (sh) | 2006-08-17 |
TNSN04013A1 (fr) | 2006-06-01 |
JP3949105B2 (ja) | 2007-07-25 |
HK1070154A1 (en) | 2005-06-10 |
PL367440A1 (en) | 2005-02-21 |
FR2828303B1 (fr) | 2010-09-03 |
CA2454094A1 (fr) | 2003-02-13 |
MA26127A1 (fr) | 2004-04-01 |
EP1412837A2 (fr) | 2004-04-28 |
KR20040032858A (ko) | 2004-04-17 |
WO2003012604A3 (fr) | 2004-01-22 |
HRP20040048A2 (en) | 2004-06-30 |
ZA200400350B (en) | 2005-03-30 |
JP2004537800A (ja) | 2004-12-16 |
CN1288524C (zh) | 2006-12-06 |
BR0211375A (pt) | 2004-08-17 |
CN1535408A (zh) | 2004-10-06 |
MXPA04000596A (es) | 2005-02-17 |
HUP0400232A2 (en) | 2004-09-28 |
IL159951A0 (en) | 2004-06-20 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP1238340B1 (fr) | Dispositif informatique pour l'application de donnees accreditives a un logiciel ou a un service | |
EP1412837A2 (fr) | Procede pour proteger un logiciel a l'aide de "renommage" contre son utilisation non autorisee de diluant | |
EP1412862A2 (fr) | Procede pour proteger un logiciel a l'aide de "dissociation temporelle" contre son utilisation non autorisee | |
EP1412838B1 (fr) | Procede pour proteger un logiciel a l'aide de "detection et coercition" contre son utilisation non autorisee | |
WO2003012649A2 (fr) | Procede pour proteger un logiciel a l'aide de 'variables' contre son utilisation non autorisee | |
WO2003012374A2 (fr) | Procede pour proteger un logiciel a l'aide de 'branchement conditionnel' contre son utilisation non autorisee | |
CH716295A2 (fr) | Procédé de signature multiple d'une transaction destinée à une blockchain, au moyen de clés cryptographiques distribuées parmi les noeuds d'un réseau pair-à-pair. | |
WO2003012605A2 (fr) | Procede pour proteger un logiciel a l'aide de 'fonctions elementaires' contre son utilisation non autorisee | |
WO2008084154A2 (fr) | Traitement de donnee relative a un service numerique | |
EP1185914B1 (fr) | Procede pour securiser un logiciel d'utilisation a partir d'une unite de traitement et de memorisation d'un secret et systeme en faisant application | |
CH716294A2 (fr) | Procédé de signature décentralisée, sous contrôle biométrique et sous conditions d'identification personnelle et de géolocalisation, d'une transaction destinée à une blockchain. | |
WO2022238636A1 (fr) | Procédé pour l'exécution d'un programme charge dans la mémoire non volatile d'un microcontrôleur en circuit intégré | |
FR2781066A1 (fr) | Procedure de securisation de donnees dans une machine de test de composants electroniques | |
EP3923169A1 (fr) | Démarrage sécurisé d'un circuit électronique | |
EP1185913B1 (fr) | Procede pour securiser l'utilisation d'un logiciel a partir d'une unite de traitement et de memorisation d'un secret et systyme en faisant application | |
CH716276A2 (fr) | Procédé de traitement, au sein d'un réseau blockchain et sous enclave, de données informatiques chiffrées au moyen d'une application chiffrée, pour un tiers autorisé. | |
WO2009081028A2 (fr) | Plateforme et dispositif de gestion et de contrôle des droits d'usage associés à un objet multimédia | |
CH716284A2 (fr) | Procédé de traitement distribué, au sein d'un réseau blockchain et sous enclaves, de données informatiques chiffrées avec une clé fragmentée. | |
CH716277A2 (fr) | Procédé de traitement, au sein d'un réseau blockchain et sous enclave, de données informatiques chiffrées au moyen d'une application chiffrée, sous condition de géolocalisation. | |
CH716299A2 (fr) | Procédé de signature d'une transaction destinée à une blockchain, au moyen d'une clé cryptographique distribuée parmi les noeuds d'un réseau pair-à-pair. | |
CH716293A2 (fr) | Procédé de signature décentralisée, sous contrôle biométrique et sous condition d'identification personnelle, d'une transaction destinée à une blockchain. | |
CH716275A2 (fr) | Procédé de traitement, au sein d'un réseau blockchain et sous enclave, de données informatiques chiffrées au moyen d'une application chiffrée. | |
CH716302A2 (fr) | Procédé de signature décentralisée d'une transaction destinée à une blockchain, suivant les instructions d'un contrat intelligent. | |
CH716291A2 (fr) | Procédé de signature décentralisée, sous contrôle biométrique, d'une transaction destinée à une blockchain. | |
CH716296A2 (fr) | Procédé de signature multiple d'une transaction destinée à une blockchain, sous condition de géolocalisation, au moyen de clés cryptographiques distribuées parmi les noeuds d'un réseau pair-à-pair. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
WWE | Wipo information: entry into national phase |
Ref document number: P-56/04 Country of ref document: YU |
|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BY BZ CA CH CN CO CR CU CZ DE DM DZ EC EE ES FI GB GD GE GH HR HU ID IL IN IS JP KE KG KP KR LC LK LR LS LT LU LV MA MD MG MN MW MX MZ NO NZ OM PH PL PT RU SD SE SG SI SK SL TJ TM TN TR TZ UA UG US UZ VN YU ZA ZM |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ UG ZM ZW AM AZ BY KG KZ RU TJ TM AT BE BG CH CY CZ DK EE ES FI FR GB GR IE IT LU MC PT SE SK TR BF BJ CF CG CI GA GN GQ GW ML MR NE SN TD TG Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR IE IT LU MC NL PT SE SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
DFPE | Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101) | ||
WWE | Wipo information: entry into national phase |
Ref document number: 2264/DELNP/2003 Country of ref document: IN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2003517722 Country of ref document: JP |
|
WWE | Wipo information: entry into national phase |
Ref document number: DZP2003000327 Country of ref document: DZ |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2004/00350 Country of ref document: ZA Ref document number: 200400350 Country of ref document: ZA Ref document number: 2454094 Country of ref document: CA |
|
WWE | Wipo information: entry into national phase |
Ref document number: 1020047000806 Country of ref document: KR |
|
WWE | Wipo information: entry into national phase |
Ref document number: P20040048A Country of ref document: HR Ref document number: 159951 Country of ref document: IL |
|
WWE | Wipo information: entry into national phase |
Ref document number: PA/a/2004/000596 Country of ref document: MX Ref document number: 20028146719 Country of ref document: CN |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2002762526 Country of ref document: EP |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2002328375 Country of ref document: AU |
|
WWP | Wipo information: published in national office |
Ref document number: 2002762526 Country of ref document: EP |
|
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |