Software protection method utilizing hidden application code in a protection dynamic link library object
First Claim
Patent Images
1. A method of protecting a software application from unauthorized use, the method comprising:
- preparing the software application using a computer having a processor and a hardware security device including a secure coprocessor; and
executing the prepared software on an end-user computer having a processor;
wherein the preparing software application comprises;
(a) encrypting a first portion (C) of a compiled application code (A) according to an encryption key (K) using the computer processor to produce an encrypted code (C*);
(b) storing the encrypted code (C*) in a dynamic link library (DLL) executed by the computer processor and associated with the software application;
(c) generating a value (Ck) derived from at least a part of the compiled application code (A);
(d) generating a second value (K*) derived from the value (Ck) and the encryption key (K);
(e) storing the second value (K*) in the hardware security device; and
executing the prepared software on the end-user computer comprises;
(f) generating the value (Ck) derived from the at least a part of the compiled application code (A) with the processor of the end-user computer;
(k) generating a fifth value (Y) with the secure coprocessor based on the second value (K*);
(l) transmitting the fifth value (Y) from the hardware security device to the DLL;
(m) computing a seventh value (K′
) with the processor of the end user computer from the fifth value (Y);
(n) decrypting the encrypted code (C*) with the processor of the end user computer using the seventh value (K′
); and
(o) executing the decrypted code (C) with the processor of the end user computer.
11 Assignments
0 Petitions
Accused Products
Abstract
A system and method in which the operating system of the user computer loads the software application and a DLL having a portion of the application execution code stored therein into memory is disclosed. At selected points during its execution, the software application calls the DLL to execute a portion of the application code that was saved into the DLL before delivery to the end user. Since this code is encrypted and the encryption key is stored in a hardware security device and not in the DLL or the software application, the application code portion cannot be executed without recovering the key.
-
Citations
49 Claims
-
1. A method of protecting a software application from unauthorized use, the method comprising:
-
preparing the software application using a computer having a processor and a hardware security device including a secure coprocessor; and executing the prepared software on an end-user computer having a processor; wherein the preparing software application comprises; (a) encrypting a first portion (C) of a compiled application code (A) according to an encryption key (K) using the computer processor to produce an encrypted code (C*); (b) storing the encrypted code (C*) in a dynamic link library (DLL) executed by the computer processor and associated with the software application; (c) generating a value (Ck) derived from at least a part of the compiled application code (A); (d) generating a second value (K*) derived from the value (Ck) and the encryption key (K); (e) storing the second value (K*) in the hardware security device; and
executing the prepared software on the end-user computer comprises;(f) generating the value (Ck) derived from the at least a part of the compiled application code (A) with the processor of the end-user computer; (k) generating a fifth value (Y) with the secure coprocessor based on the second value (K*); (l) transmitting the fifth value (Y) from the hardware security device to the DLL; (m) computing a seventh value (K′
) with the processor of the end user computer from the fifth value (Y);(n) decrypting the encrypted code (C*) with the processor of the end user computer using the seventh value (K′
); and(o) executing the decrypted code (C) with the processor of the end user computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. An apparatus of protecting a software application from unauthorized use, comprising a software preparation means and a software execution means, wherein:
-
the software preparation means comprises; (a) means for encrypting a first portion (C) of a compiled application code (A) according to an encryption key (K) on a computer having a processor to produce an encrypted code (C*); (b) means for storing the encrypted code (C*) in a dynamic link library (DLL) executed by the computer processor and associated with the software application; (c) means for generating a value (Ck) derived from at least a part of the compiled application code (A); (d) means for generating a second value (K*) derived from the value (Ck) and the encryption key (K); (e) means for storing the second value (K*) in a hardware security device having a secure coprocessor; and the software execution means comprises; (f) means for generating the value (Ck) derived from the at least a part of the compiled application code (A) on an end-user computer having a processor; (k) means for generating a fifth value (Y) with the secure coprocessor based on the second value (K*); (l) means for transmitting the fifth value (Y) from the hardware security device to the DLL; (m) means for computing a seventh value (K′
) with the processor of the end-user computer from the fifth value (Y); and(n) means for decrypting the encrypted code (C*) with the processor of the end-user computer using the seventh value (K′
); and(o) means for executing the decrypted code (C) with the processor of the end-user computer. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
-
-
46. An apparatus for protecting a software application from unauthorized use, comprising:
- a first software module executing in a developer computer, the first software module for encrypting a first portion (C) of a compiled application code (A) according to an encryption key (K) to produce an encrypted code (C*);
storing the encrypted code (C*) in a dynamic link library (DLL) associated with the software application;
generating a value (Ck) derived from at least a part of the compiled application code (A);
generating a second value (K*) derived from the value (Ck) and the encryption key (K);
means for storing the second value (K*) in a hardware security device;the DLL executing in an end-user computer, the DLL for generating the value (Ck) derived from the at least a part of the compiled application code (A);
generating a random number (R);
generating a third value (X) from the value (Ck) and the random number (R);
transmitting the third value (X) to a hardware security device, the hardware security device including a secure co-processor for generating a fifth value (Y) from the third value (X) and the second value (K*);
transmitting the fifth value (Y) to the DLL;
wherein the DLL further computes a seventh value (K′
) from the fifth value (Y) and the random number (R) and decrypts the encrypted code (C*) using the seventh value (K′
). - View Dependent Claims (47, 48, 49)
- a first software module executing in a developer computer, the first software module for encrypting a first portion (C) of a compiled application code (A) according to an encryption key (K) to produce an encrypted code (C*);
Specification