Software protection method utilizing hidden application code in a protection dynamic link library object
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-012/14
H04L-009/00
출원번호
US-0298701
(2002-11-18)
등록번호
US-7320075
(2008-01-15)
발명자
/ 주소
Sotoodeh,Mehdi
Grove,Brian Douglas
Elteto,Laszlo
출원인 / 주소
SafeNet, Inc.
대리인 / 주소
Drinker Biddle & Reath LLP
인용정보
피인용 횟수 :
15인용 특허 :
23
초록▼
A system and method in which the operating system of the user computer loads the software application and a DLL having a portion of the application execution code stored therein into memory is disclosed. At selected points during its execution, the software application calls the DLL to execute a por
A system and method in which the operating system of the user computer loads the software application and a DLL having a portion of the application execution code stored therein into memory is disclosed. At selected points during its execution, the software application calls the DLL to execute a portion of the application code that was saved into the DLL before delivery to the end user. Since this code is encrypted and the encryption key is stored in a hardware security device and not in the DLL or the software application, the application code portion cannot be executed without recovering the key.
대표청구항▼
What is claimed is: 1. A method of protecting a software application from unauthorized use, the method comprising: preparing the software application using a computer having a processor and a hardware security device including a secure coprocessor; and executing the prepared software on an end-user
What is claimed is: 1. A method of protecting a software application from unauthorized use, the method comprising: preparing the software application using a computer having a processor and a hardware security device including a secure coprocessor; and executing the prepared software on an end-user computer having a processor; wherein the preparing software application comprises: (a) encrypting a first portion (C) of a compiled application code (A) according to an encryption key (K) using the computer processor to produce an encrypted code (C*); (b) storing the encrypted code (C*) in a dynamic link library (DLL) executed by the computer processor and associated with the software application; (c) generating a value (Ck) derived from at least a part of the compiled application code (A); (d) generating a second value (K*) derived from the value (Ck) and the encryption key (K); (e) storing the second value (K*) in the hardware security device; and executing the prepared software on the end-user computer comprises: (f) generating the value (Ck) derived from the at least a part of the compiled application code (A) with the processor of the end-user computer; (k) generating a fifth value (Y) with the secure coprocessor based on the second value (K*); (l) transmitting the fifth value (Y) from the hardware security device to the DLL; (m) computing a seventh value (K') with the processor of the end user computer from the fifth value (Y); (n) decrypting the encrypted code (C*) with the processor of the end user computer using the seventh value (K'); and (o) executing the decrypted code (C) with the processor of the end user computer. 2. The method of claim 1, wherein the value (Ck) is derived from at least a part of a second portion (A)-(C) of the compiled application code (A). 3. The method of claim 1, further comprising the steps of compiling an uncompiled application code to produce the compiled application code (A); and selecting the first portion (C) of the compiled application code (A) for encryption and storage in the DLL. 4. The method of claim 1, further comprising the step of generating an encryption key K. 5. The method of claim 1, wherein the encryption key K is randomly generated. 6. The method of claim 1, wherein the encryption key K is a symmetric key. 7. The method of claim 1, wherein the value (Ck) is a checksum derived from at least a part of the compiled application code (A). 8. The method of claim 1, wherein the second value (K*) is derived according to K*=K XOR (Ck). 9. The method of claim 1, wherein: the value (Ck) generated in step (c) is derived from at least a part of a second portion (A)-(C) of the compiled application code (A); and the value (Ck) generated in step (f) is derived from at least a part of the second portion (A)-(C) of the compiled application code (A). 10. The method of claim 1, wherein: the value (Ck) is generated in step (c) is a checksum derived from at least a part of a second portion (A)-(C) of the compiled application code (A); and the value (Ck) generated in step (f) is a checksum derived from at least a part of the second portion (A)-(C) of the compiled application code (A). 11. The method of claim 1, wherein, executing the protected software further comprises, after step (f) and before step (k): (g) generating a random number (R); (h) generating a third value (X) from the value (Ck) and the random number (R); and (j) transmitting the third value (X) to the hardware security device; wherein, step (k) further comprises using the third value (X) and the second value (K*) to generate a fifth value (Y) with the secure coprocessor; and wherein, step (m) further comprises the fifth value (Y) and the random number (R) to compute a seventh value (K') with the processor of the end-user computer. 12. The method of claim 11, wherein steps (f) and (h) are performed by the DLL. 13. The method of claim 11, wherein steps (f)-(h) are performed by the DLL. 14. The method of claim 11, wherein the third value X=Ck XOR R. 15. The method of claim 11, further comprising the step of calling the DLL from the software application to execute the first portion of the application code (C) using the end-user computer processor. 16. The method of claim 11, wherein: the method further comprises the steps of: generating a key pair having a public key Kpu and private key Kpr; storing the private key Kpr in a memory of a hardware security device; and storing the public key Kpu; the step of transmitting the third value to the hardware security device comprises the steps of: encrypting the third value with the public key Kpu to produce a fourth value (X*); and decrypting the fourth value (X*) using the private key Kpr to produce the third value (X); and the step of transmitting the fifth value to the DLL comprises the steps of: encrypting the fifth value (Y) according to the private key Kpr to produce a sixth value (Y*); and decrypting the sixth value (Y*) with the public key Kpu to produce the fifth value (Y). 17. The method of claim 16, wherein the public key Kpu is stored in the DLL. 18. The method of claim 16, wherein the public key Kpu is stored in the software application. 19. The method of claim 16, wherein the step of encrypting the third value (X) with the public key Kpu to produce a fourth value (X*) is performed by the DLL using the computer processor. 20. The method of claim 16, wherein the step of decrypting the fourth value (X*) using the private key Kpr to produce the third value (X) is performed by the hardware security device. 21. The method of claim 11, further comprising the step of re-encrypting the decrypted code (C) according to the encryption key (K). 22. The method of claim 21, further comprising the step of: saving the result after executing the decrypted code (C) and before re-encrypting the decrypted code (C) according to the encryption key (K). 23. An apparatus of protecting a software application from unauthorized use, comprising a software preparation means and a software execution means, wherein: the software preparation means comprises: (a) means for encrypting a first portion (C) of a compiled application code (A) according to an encryption key (K) on a computer having a processor to produce an encrypted code (C*); (b) means for storing the encrypted code (C*) in a dynamic link library (DLL) executed by the computer processor and associated with the software application; (c) means for generating a value (Ck) derived from at least a part of the compiled application code (A); (d) means for generating a second value (K*) derived from the value (Ck) and the encryption key (K); (e) means for storing the second value (K*) in a hardware security device having a secure coprocessor; and the software execution means comprises: (f) means for generating the value (Ck) derived from the at least a part of the compiled application code (A) on an end-user computer having a processor; (k) means for generating a fifth value (Y) with the secure coprocessor based on the second value (K*); (l) means for transmitting the fifth value (Y) from the hardware security device to the DLL; (m) means for computing a seventh value (K') with the processor of the end-user computer from the fifth value (Y); and (n) means for decrypting the encrypted code (C*) with the processor of the end-user computer using the seventh value (K'); and (o) means for executing the decrypted code (C) with the processor of the end-user computer. 24. The apparatus of claim 23, wherein the value (Ck) is derived from at least a part of a second portion (A)-(C) of the compiled application code (A). 25. The apparatus of claim 23, further comprising: means for compiling an uncompiled application code to produce the compiled application code (A); and means for selecting the first portion (C) of the compiled application code (A) for encryption and storage in the DLL. 26. The apparatus of claim 23, further comprising means for generating an encryption key K. 27. The apparatus of claim 23, wherein the encryption key K is randomly generated. 28. The apparatus of claim 23, wherein the encryption key K is a symmetric key. 29. The apparatus of claim 23, wherein the value (Ck) is a checksum derived from at least a part of the compiled application code (A). 30. The apparatus of claim 23, wherein the second value (K*) is derived according to K*=K XOR (Ck). 31. The apparatus of claim 23, wherein: the value (Ck) is derived from at least a part of the second portion (A)-(C) of the compiled application code (A). 32. An apparatus of claim 23, wherein the software execution means further comprises: (g) means for generating a random number (R); (h) means for generating a third value (X) from the value (Ck) and the random number (R); and (j) means for transmitting the third value (X) to the hardware security device; wherein, (k) further comprises using the third value (X) and the second value (K*) to generate the fifth value (Y); and wherein, (m) further comprises using the fifth value (Y) and the random number (R) to compute the seventh value (K'). 33. The apparatus of claim 32, wherein the means for generating the value (Ck) derived from the at least a part of the compiled application code (A) and the means for generating a random number (R) comprises the DLL and the processor of the end-user computer. 34. The apparatus of claim 32, wherein the means for generating the value (Ck) derived from the at least a part of the compiled application code (A), for generating a random number (R), and for generating a third value (X) from the value (Ck) and the random number (R) comprises the DLL and the processor of the end-user computer. 35. The apparatus of claim 23, wherein: the value (Ck) is a checksum derived from at least a part of the second portion (A)-(C) of the compiled application code (A). 36. The apparatus of claim 32, wherein the third value X=Ck XOR R. 37. The apparatus of claim 32, wherein: the means for generating a fifth value (Y) from the third value (X) and the second value (K*) comprises the hardware security device; and the means for computing a seventh value (K') from the fifth value (Y) and the random number (R) comprises the DLL and the processor of the end-user computer. 38. The apparatus of claim 32, wherein: the means for generating a fifth value (Y) from the third value (X) and the second value (K*) comprises the hardware security device; and the means for computing a seventh value (K') from the fifth value (Y) and the random number (R), and the means for decrypting the encrypted code (C*) using the seventh value (K') comprises the DLL and the processor of the end-user computer. 39. The apparatus of claim 23, further comprising means for calling the DLL from the software application to execute the first portion of the application code (C) using the processor of the end-user computer. 40. The apparatus of claim 32, wherein: the apparatus further comprises: means for generating a key pair having a public key Kpu and private key Kpr ; means for storing a private key Kpr in a memory of a hardware security device; and means for storing the public key Kpu; the means for transmitting the third value to the hardware security device comprises: means for encrypting the third value with the public key Kpu to produce a fourth value (X*); and means for decrypting the fourth value (X*) using the private key Kpr to produce the third value (X); and the means for transmitting the fifth value to the DLL comprises: means for encrypting the fifth value (Y) according to the private key Kpr to produce a sixth value (Y*); and means for decrypting the sixth value (Y*) with the public key Kpu to produce the fifth value (Y). 41. The apparatus of claim 40, wherein the public key Kpu is stored in the DLL. 42. The apparatus of claim 40, wherein the public key Kpu is stored in the software application. 43. The apparatus of claim 32, further comprising means for re-encrypting the decrypted code (C) according to the encryption key (K). 44. The apparatus of claim 43, wherein the means for re-encrypting the decrypted code (C) according to the encryption key (K) comprises the DLL and the computer processor. 45. The apparatus of claim 43, further comprising: means for saving the result after executing the decrypted code (C) and before re-encrypting the decrypted code (C) according to the encryption key (K). 46. An apparatus for protecting a software application from unauthorized use, comprising: a first software module executing in a developer computer, the first software module for encrypting a first portion (C) of a compiled application code (A) according to an encryption key (K) to produce an encrypted code (C*); storing the encrypted code (C*) in a dynamic link library (DLL) associated with the software application; generating a value (Ck) derived from at least a part of the compiled application code (A); generating a second value (K*) derived from the value (Ck) and the encryption key (K); means for storing the second value (K*) in a hardware security device; the DLL executing in an end-user computer, the DLL for generating the value (Ck) derived from the at least a part of the compiled application code (A); generating a random number (R); generating a third value (X) from the value (Ck) and the random number (R); transmitting the third value (X) to a hardware security device, the hardware security device including a secure co-processor for generating a fifth value (Y) from the third value (X) and the second value (K*); transmitting the fifth value (Y) to the DLL; wherein the DLL further computes a seventh value (K') from the fifth value (Y) and the random number (R) and decrypts the encrypted code (C*) using the seventh value (K'). 47. The apparatus of claim 46, wherein the value (Ck) is derived from at least a part of a second portion (A)-(C) of the compiled application code (A). 48. The apparatus of claim 46, wherein the value (Ck) is a checksum derived from at least a part of the compiled application code (A). 49. The apparatus of claim 46, wherein the second value (K*) is derived according to K*=K XOR (Ck).
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (23)
Cooper Tommy G. (Friendswood TX) Smith Ross E. (Houston TX) Macha Emil S. (Sugarland TX), Apparatus for recording reagent test strip data by comparison to color lights on a reference panel.
Hagy Lee Emison ; Harish Grama Kasturi ; Heath James Darrell ; Kulkarni Deepak Anantarao ; Quinn William Francis, Embedded system having dynamically linked dynamic loader and method for linking dynamic loader shared libraries and application programs.
Andrew T. Jennings ; G. Lawrence Krablin ; Timothy Neilson Fender ; William Stratton, METHOD, APPARATUS, AND COMPUTER PROGRAM PRODUCT FOR REPLACING A DYNAMIC LINK LIBRARY (DLL) OF A FIRST COMPUTING ENVIRONMENT WITH A DLL OF A SECOND COMPUTING ENVIRONMENT THAT CAN BE INVOKED FROM THE F.
Schmidt Michael A. ; Thomason Jonathan G. ; Cutshall Scott M., Method and system for protecting shared code and data in a multitasking operating system.
Held Andrew F. ; Jung Edward K. ; Leach Paul ; Misra Pradyumna K. ; Sailor Richard K. ; Seaman Michael R. C. ; Brown Nathaniel S., Method and system for transparently executing code using a surrogate process.
Chorley Bernard J. (Hampton GB2) Parkin Graeme I. P. (London GB2) Wichmann Brian A. (Woking GB2) Elsom Simon M. (Feltham GB2), Software protection device.
Kotlarsky, Anatoly; Au, Ka Man; Veksland, Michael; Zhu, Xiaoxun; Meagher, Mark; Good, Timothy; Hou, Richard; Hu, Daniel, Automatic digital video-imaging based code symbol reading system employing illumination and imaging subsystems controlled within a control loop maintained as long as a code symbol has not been successfully read and the object is detected in the field of view of the system.
Kotlarsky, Anatoly; Zhu, Xiaoxun, Digital image capture and processing system employing multi-layer software-based system architecture permitting modification and/or extension of system features and functions by way of third party code plug-ins.
Kotlarsky, Anatoly; Zhu, Xiaoxun, Method of modifying and/or extending the standard features and functions of a digital image capture and processing system.
Smith, Taylor; Kotlarsky, Anatoly; Wilz, Sr., David M.; Mandal, Sudhin; De Foney, Shawn; Allen, Christopher; Murashka, Pavel, Method of programming the system configuration parameters of a digital image capture and processing system during the implementation of its communication interface with a host system without reading programming-type bar code symbols.
Kotlarsky, Anatoly; Zhu, Xiaoxun; Veksland, Michael; Au, Ka Man; Giordano, Patrick; Yan, Weizhen; Ren, Jie; Smith, Taylor; Miraglia, Michael V.; Knowles, C. Harry; Mandal, Sudhin; De Foney, Shawn; Allen, Christopher; Wilz, Sr., David M., Optical code symbol reading system employing an acoustic-waveguide structure for coupling sonic energy, produced from an electro-transducer, to sound wave ports formed in the system housing.
Kotlarsky, Anatoly; Zhu, Xiaoxun, digital image capturing and processing system allowing third-parties to extend the features and functions of said system, and modify the standard behavior thereof without permanently modifying the standard features and functions thereof.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.