Method to Protect Software Against Unwanted Use with a Variable Principle
First Claim
1. A method to protect, using at least one blank unit (60) including memorization means (15), a vulnerable software (2v) against its unauthorized usage, said vulnerable software (2v) being produced from a source (2vs) and working on a data processing system (3), said protection process comprising:
- during a protection phase (P);
creating a protected software (2p);
by choosing in the source of the vulnerable software (2vs);
at least one variable which, during the execution of the vulnerable software (2v), partially defines the state of the latter, and at least one portion containing at least one chosen variable, by producing a source of the protected software (2ps) from the source of the vulnerable software (2vs), by modifying at least one chosen portion of the source of the vulnerable software (2vs), this modification being such that during the execution of the protected software (2p), at least one chosen variable or at least one copy of chosen variable resides in the blank unit (60) which is thus transformed into a unit (6), and by producing a first object part (2pos) of the protected software (2p) from the source of the protected software (2ps), said first object part (2pos) being such that during the execution of the protected software (2p), appears a first execution part (2pes) which is executed in the data processing system (3) and whose at least a portion takes into account that at least a variable or at least a copy of variable resides in the unit (6), and during a usage phase (U) during which the protected software (2p) is executed;
in the presence of the unit (6), each time a portion of the first execution part (2pes) imposes it, using a variable or a copy of variable residing in the unit (6), so that said portion is executed correctly and that, consequently, the protected software (2p) is completely functional, and in the absence of the unit (6), in spite of the request by a portion of the first execution part (2pes) to use a variable or a copy of variable residing in the unit (6), not being able to fulfill said request correctly, so that at least said portion is not executed correctly and that, consequently the protected software (2p) is not completely functional, wherein said at least one blank unit (60) includes only the memorization means (15).
0 Assignments
0 Petitions
Accused Products
Abstract
The invention concerns a process to protect a vulnerable software working on a data processing system against its unauthorized usage using a memorizing unit. The process comprises creating a protected software by choosing in the source of the vulnerable software at least one variable and by producing the source of the protected software by modifying the source of the vulnerable software, so that the chosen variable resides in the memorizing unit.
13 Citations
16 Claims
-
1. A method to protect, using at least one blank unit (60) including memorization means (15), a vulnerable software (2v) against its unauthorized usage, said vulnerable software (2v) being produced from a source (2vs) and working on a data processing system (3), said protection process comprising:
-
during a protection phase (P);
creating a protected software (2p);
by choosing in the source of the vulnerable software (2vs);
at least one variable which, during the execution of the vulnerable software (2v), partially defines the state of the latter, and at least one portion containing at least one chosen variable, by producing a source of the protected software (2ps) from the source of the vulnerable software (2vs), by modifying at least one chosen portion of the source of the vulnerable software (2vs), this modification being such that during the execution of the protected software (2p), at least one chosen variable or at least one copy of chosen variable resides in the blank unit (60) which is thus transformed into a unit (6), and by producing a first object part (2pos) of the protected software (2p) from the source of the protected software (2ps), said first object part (2pos) being such that during the execution of the protected software (2p), appears a first execution part (2pes) which is executed in the data processing system (3) and whose at least a portion takes into account that at least a variable or at least a copy of variable resides in the unit (6), and during a usage phase (U) during which the protected software (2p) is executed;
in the presence of the unit (6), each time a portion of the first execution part (2pes) imposes it, using a variable or a copy of variable residing in the unit (6), so that said portion is executed correctly and that, consequently, the protected software (2p) is completely functional, and in the absence of the unit (6), in spite of the request by a portion of the first execution part (2pes) to use a variable or a copy of variable residing in the unit (6), not being able to fulfill said request correctly, so that at least said portion is not executed correctly and that, consequently the protected software (2p) is not completely functional, wherein said at least one blank unit (60) includes only the memorization means (15).
-
-
2. A method to protect software comprising:
-
storing a first portion of the software on a first unit, wherein the first unit comprises a memory and a processor;
storing a second portion of the software on a second unit, wherein the second unit comprises a secure processor and a secure memory, wherein the second portion of the software is secret, and wherein the first and second portions of the software form a single program; and
executing the single formed program by utilizing the first and second portions of the software, wherein the secret second portion of the software comprises at least two computing operations and at least one variable, and wherein portions of the at least two computing operations are interleaved with each other for transmission from the second unit to the first unit and vise versa, and wherein the first unit requests the at least one variable from the second unit during the execution of the single formed program. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system to protect software comprising:
-
a first unit comprising a memory and a processor and which stories a first portion of the software; and
a second unit comprising a secure processor and a secure memory and which stores a second portion of the software, wherein the second portion of the software is secret, wherein the first and second portions of the software form a single program, wherein the processor executes the single formed program utilizing the second unit, wherein the secret second portion of the software comprises at least two computing operations and at least one variable, and wherein portions of the at least two computing operations are interleaved with each other for transmission from the second unit to the first unit and vise versa, and wherein the first unit requests the at least one variable from the second unit during the execution of the single formed program.
-
-
15. A method to protect, using at least one blank unit (60) including at least memorization means (15), a vulnerable software (2v) against its unauthorized usage, said vulnerable software (2v) being produced from a source (2vs) and working on a data processing system (3), said protection process comprising:
-
during a protection phase (P);
creating a protected software (2p);
by choosing in the source of the vulnerable software (2vs);
at least one variable which, during the execution of the vulnerable software (2v), partially defines the state of the latter, and at least one portion containing at least one chosen variable, by producing a source of the protected software (2ps) from the source of the vulnerable software (2vs), by modifying at least one chosen portion of the source of the vulnerable software (2vs), this modification being such that during the execution of the protected software (2p), at least one chosen variable or at least one copy of chosen variable resides in the blank unit (60) which is thus transformed into a unit (6), and by producing a first object part (2pos) of the protected software (2p) from the source of the protected software (2ps), said first object part (2pos) being such that during the execution of the protected software (2p), appears a first execution part (2pes) which is executed in the data processing system (3) and whose at least a portion takes into account that at least a variable or at least a copy of variable resides in the unit (6), and during a usage phase (U) during which the protected software (2p) is executed;
in the presence of the unit (6), each time a portion of the first execution part (2pes) imposes it, using a variable or a copy of variable residing in the unit (6), so that said portion is executed correctly and that, consequently, the protected software (2p) is completely functional, and in the absence of the unit (6), in spite of the request by a portion of the first execution part (2pes) to use a variable or a copy of variable residing in the unit (6), not being able to fulfill said request correctly, so that at least said portion is not executed correctly and that, consequently the protected software (2p) is not completely functional. wherein during the protection phase (P);
defining;
a set of elementary functions whose elementary functions are liable to be executed in the unit (6) which also includes processing means (16), and a set of elementary commands for said set of elementary functions, said elementary commands being liable to be executed in the data processing system (3) and to trigger the execution in the unit (6), of the elementary functions, constructing exploitation means enabling to transform the blank unit (60) into the unit (6) able to execute the elementary functions of said set, the execution of said elementary functions being triggered by the execution in the data processing system (3), of elementary commands, modifying the protected software (2p);
by choosing in the source of the protected software (2ps);
at least one algorithmic processing which during the execution of the protected software (2p), uses at least one chosen variable, and enables to obtain at least one result variable, and at least one portion containing at least one chosen algorithmic processing, by modifying at least one chosen portion of the source of the protected software (2ps), this modification being such that;
during the execution of the protected software (2p) the first execution part (2pes) is executed in the data processing system (3) and a second execution part (2peu) is executed in the unit (6), at least the functionality of at least one chosen algorithmic processing is executed by means of the second execution part (2peu), said at least one chosen algorithmic processing is executed by means of the second execution part (2peu), using elementary functions of the set of elementary functions, for at least one chosen algorithmic processing, elementary commands are integrated to the source of the protected software (2ps), so that during the execution of the protected software (2p), each elementary command is executed by the first execution part (2pes) and triggers in the unit (6), the execution by means of the second execution part (2peu), of a corresponding elementary function of the set of elementary functions, and a sequence of the elementary commands is chosen among the set of sequences allowing the execution of the protected software (2p), and by producing;
the first object part (2pos) of the protected software (2p), said first object part (2pos) being such that during the execution of the protected software (2p), the elementary commands are executed according to the chosen sequence, and a second object part (2pou) independent of the protected software (2p) containing the exploitation means, said second object part (2pou) being such that, after upload to the blank unit (60) and during the execution of the protected software (2p), appears the second execution part (2peu) by means of which the elementary functions triggered by the first execution part (2pes) are executed, and uploading the second object part (2pou) to the blank unit (60), with the intention of obtaining the unit (6), and wherein during the usage phase (U);
in the presence of the unit (6) and each time an elementary command contained in a portion of the first execution part (2pes) imposes it, executing the corresponding elementary function in the unit (6), so that said portion is executed correctly and that, consequently, the protected software (2p) is completely functional, and in the absence of the unit (6), in spite of the request by a portion of the first execution part (2pes), to trigger the execution of an elementary function in the unit (6), not being able to fulfill said request correctly, so that at least said portion is not executed correctly and that, consequently, the protected software (2p) is not completely functional. - View Dependent Claims (16)
-
Specification