CN101311942A - Software encryption and decryption method and encryption and decryption device - Google Patents

Software encryption and decryption method and encryption and decryption device Download PDF

Info

Publication number
CN101311942A
CN101311942A CNA2007101076366A CN200710107636A CN101311942A CN 101311942 A CN101311942 A CN 101311942A CN A2007101076366 A CNA2007101076366 A CN A2007101076366A CN 200710107636 A CN200710107636 A CN 200710107636A CN 101311942 A CN101311942 A CN 101311942A
Authority
CN
China
Prior art keywords
software
key
ciphertext
module
section
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CNA2007101076366A
Other languages
Chinese (zh)
Other versions
CN101311942B (en
Inventor
唐文
胡建钧
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Siemens Cerberus Electronics Ltd
Original Assignee
Siemens Ltd China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Ltd China filed Critical Siemens Ltd China
Priority to CN2007101076366A priority Critical patent/CN101311942B/en
Priority to JP2010508801A priority patent/JP5167348B2/en
Priority to PCT/EP2008/055912 priority patent/WO2008141992A1/en
Priority to EP08759593A priority patent/EP2150917A1/en
Publication of CN101311942A publication Critical patent/CN101311942A/en
Application granted granted Critical
Publication of CN101311942B publication Critical patent/CN101311942B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Abstract

The invention relates to the field of computer security, in particular to a method for encrypting and decrypting software and a device thereof. The decryption of the invention comprises the following steps: step 201, t threshold cryptographic key factors are taken out randomly from n sections of a second software cryptograph, and the second software cryptograph is restored to a first software cryptograph and a cryptographic key cryptograph PSK, in which n is signless integral which is more than one, and t is signless integral which is less than or equal to n; step 202, the cryptographic key cryptograph PSK is taken out, a second cryptographic key is calculated according to the t threshold cryptographic key factors, and the cryptographic key cryptograph PSK is decrypted to a first cryptographic key SK by the second cryptographic key; step 203, the first software cryptograph is decrypted by using the first cryptographic key SK, and the software plaintext is obtained. The beneficial effect of the method provided by the invention is that protection of software with cryptographic key is strengthened, which is difficult for crackers to realize the purpose of software crack by tracking the process of software load.

Description

The device of method that software is encrypted, deciphered and encryption, deciphering
Technical field
The present invention relates to computer safety field, particularly computer encipher field is the device of method that software is encrypted, deciphered and encryption, deciphering concretely.
Background technology
Now, software has become a kind of commodity with independent value, and the function of software, implementation and coding or the like all become the object that rival or other tissue or individual plagiarize probably.So software, particularly by intermediate language, for example, Java, .NET the software that waits programming language to write is easy to by reverse-engineering by reverse coding, for example use .NET Reflect (the reverse-engineering instrument of Microsoft), JAD (the reverse-engineering instrument of Java), thus obtain the information such as core algorithm, coding of software, if the use of these information person of being cracked malice can cause developer's loss, for example, the core algorithm of emulation software is walked around software of registering etc.
In the prior art; by change program intrinsic function title; rearranging control flow or other method confuses cracker's the behavior that cracks and has certain effect; can make the software program behind the reverse coding be difficult to understand or can't understand; but the protection mechanism of this source code can not avoid software program by reverse coding, and the information of software program still might be leaked.
In " computing machine and infotech " 5 monthly magazines in 2005 literary composition that " utilizes des encryption algorithm protection Java source code ", disclose a kind of software that Java edit and encrypted, and the scheme of when operation, deciphering.This scheme uses data encryption standards (DES:Data Encryption Standard) that executable java applet is encrypted, program coding and key after encrypting are stored in the storer, loader is loaded into java applet coding and the key of encrypting in the system, access key and program coding is deciphered, be converted to executable coding form, and be written into operation in the Java Virtual Machine (JVM).
Said method is easy to the person of being cracked and follows the tracks of, and the cracker is as long as use each step that debugging acid just can the trace routine startup.If program is all visited some files when each run, from this document, obtain key or obtain the system symbol name, can make the cracker suspect that this document may be the key file or the system symbol name table of comparisons of this software like this, if it is exactly key file that the cracker has determined this document, then can crack this key file by every possible means, if cracked key file, then just the software coding of ciphertext can be converted to software coding expressly, just can carry out reverse-engineering with the generation source code to this software, thereby cause the proprietary loss of software.
Summary of the invention
In order to overcome the above problems, increase software by the difficulty of decompiling, the object of the present invention is to provide and a kind of software is carried out method of encrypting and a kind of corresponding decryption method, added the thresholding encrypted feature, the address that obtains the thresholding cryptographic key factor when at every turn starting software is all different, makes the cracker can not determine which is a cipher key address.
The present invention also provides a kind of device and a kind of corresponding decryption device that software is encrypted, can at random a plurality of thresholding cryptographic key factors be stored in the different sections of software from some section, obtaining the thresholding cryptographic key factor and be used for decryption software at random during deciphering.
Step 101, utilizing first encrypting module is the first software ciphertext with the software plain text encryption in the storage medium, wherein deciphering used key is first key SK;
Step 102, second encrypting module utilizes n thresholding cryptographic key factor to generate second key, use this second key that described first key SK is encrypted as key ciphertext PSK, and described key ciphertext PSK is spliced in the described first software ciphertext, wherein the positive integer of n>1;
Step 103 utilizes package module that the described key ciphertext PSK and the first software ciphertext are divided into the n section as one, and described thresholding cryptographic key factor is spliced in described segmentation, forms the second software ciphertext, and is stored in the described storage medium.
Encryption method further aspect according to the present invention, the encryption method described in the described step 101 comprises, symmetric encipherment algorithm or rivest, shamir, adelman.
Another further aspect of encryption method according to the present invention, the thresholding key algorithm that uses in the described step 102 comprises Shamir thresholding key algorithm.
Another further aspect of encryption method according to the present invention, in the described step 103, described package module is divided into the n section with the described key ciphertext PSK and the first software ciphertext as one, and C represents any a section in the described n section, and C is by piece C for section 0, C 2..., C M-1Constitute, be directed to each section C and corresponding k calculating:
C′ 0=C 0×k (E0)
C′ 1=C 1×k+C 0 (E2)
C′ 2=C 2×k+C 1 (E3)
…?…?…
C′ m-1=C m-1×k+C m-2 (Em-1)
C′ m=C m-1 (Em)
Above * be the arithmetic multiplication computing, calculate simultaneously thresholding cryptographic key factor k cryptographic hash h, merging C ' 0To C ' mForm C ', with n section C ' and the corresponding cryptographic hash h described second software ciphertext of formation that stitchs together.
A kind of method that software is decrypted may further comprise the steps in the process of software loading:
Step 201, decapsulation module is got t thresholding cryptographic key factor at random from n of second software ciphertext section, the described second software ciphertext is reverted to the first software ciphertext and key ciphertext PSK, 1≤t≤n wherein, n is the positive integer greater than 1;
Step 202 is extracted described key ciphertext PSK, and second deciphering module generates second key according to described t thresholding cryptographic key factor, and utilizing this second key is first key SK with key ciphertext PSK deciphering;
Step 203, first deciphering module use described first key SK with the described first software decrypt ciphertext, and expressly send software to CPU, to carry out this software.
Decryption method further aspect according to the present invention, in the described step 201, described decapsulation module is calculated each section in the n section second software ciphertext respectively: according to E0 to Em cancellation C 0, C 1..., C M-1, obtain equation 0=-C ' mk m+ C ' M-1* k M-1-C ' M-2* k M-2+ ...+(1) M-1* C ' 0(P0),
Find the solution the k in this equation, when the cryptographic hash of k equals the corresponding cryptographic hash h of this C ' section, with this k with C ' 0To C ' mRevert to C 0To C M-1, with C 0To C M-1Merging to be obtaining a section C, and this section C is that the first software ciphertext and key ciphertext are as one section in the n section of one; Obtain n k, and the second software ciphertext is reverted to the first software ciphertext and key ciphertext PSK.
The k in the described solve equation of polynomial Newton iteration method (P0) is used in another further aspect of decryption method according to the present invention.
A kind of device that software is encrypted is characterized in that comprising, first encrypting module, second encrypting module and package module; Described first encrypting module, utilizing first key SK is the first software ciphertext with the software plain text encryption; Described second encrypting module is connected with described first encrypting module, utilize n thresholding cryptographic key factor to generate second key, use this second key that described first key SK is encrypted as key ciphertext PSK, and described key ciphertext PSK is stored in the described first software ciphertext; Described package module is connected with described second encrypting module, and the described first software ciphertext is divided into the n section, and described thresholding cryptographic key factor is spliced in described segmentation, forms the second software ciphertext.
A kind of device that software is decrypted is characterized in that comprising, decapsulation module, second deciphering module and first deciphering module; Described decapsulation module is descapsulated into the first software ciphertext and key ciphertext PSK with the second software ciphertext, and gets t thresholding cryptographic key factor at random in n section of the described first software ciphertext; Described second deciphering module is connected with described decapsulation module, generates second key according to described t thresholding cryptographic key factor, and utilizing this second key is first key SK with key ciphertext PSK deciphering; Described first deciphering module is connected with described second deciphering module, uses described first key SK with the described first software decrypt ciphertext, obtains the software plaintext and sends CPU to, to carry out this software.
Beneficial effect of the present invention is; strengthened the protection of software cryptography key; the cracker is difficult to by following the tracks of the software loading process; thereby obtain the key physical address and realize that by the analysis key purpose the present invention that software cracks has strengthened existing to software cryptography, to improve the scheme of its security by the technology of dynamic memory key.
Description of drawings
Fig. 1 carries out the process flow diagram of software cryptography for the present invention;
Fig. 2 carries out the process flow diagram of software decryption for the present invention;
Fig. 3 carries out the apparatus structure synoptic diagram of software cryptography for the present invention;
Fig. 4 carries out the apparatus structure synoptic diagram of software decryption for the present invention;
Fig. 5 is for implementing the apparatus structure synoptic diagram when of the present invention.
Embodiment
Below, carry out following detailed description for the present invention in conjunction with the accompanying drawings.
The theory of usage threshold key of the present invention is further protected described first key; and in the software that the splicing of thresholding cryptographic key factor is encrypted; all obtain different jump address when the each trace routine of cracker is moved, make the cracker can't determine where to seek described first key.The present invention the software that can protect be not limited only to executable program, also comprise the core algorithm of functional module and software etc.Existing thresholding encryption method is, utilizes a random number as second key described first key SK to be encrypted as key ciphertext PSK, generates n the thresholding cryptographic key factor that is used to calculate this random number simultaneously; When the needs key was decrypted, (t≤n) described second key of generation was used for deciphering only to need t thresholding cryptographic key factor.It is to disperse and the raising security for right that threshold cryptography is learned the purpose that proposes, the right dispersiveness is embodied in when the usage threshold cryptographic methods is decrypted, when everyone holds a cryptographic key factor, people's cooperation that then must reach some (threshold value t) just can be finished deciphering; Security is in order to prevent that obtaining a cryptographic key factor just makes encryption lose meaning, to be captured as long as be less than the people of threshold value in this group people, so still can't deciphering on the one hand; On the other hand, prevent that cryptographic key factor from losing the normal decryption work of influence, as long as because have more than or the people that equals threshold value have effective cryptographic key factor, still can decipher.The usage threshold cryptographic algorithm is an example with Shamir scheme (Shamir) in the specific embodiment of the invention, but is not limited to the Shamir scheme, can also use Alstonia paupera Si-Bu Long thresholding cipher key scheme (Asmuth-Bloom).
Before selling software, the seller of software utilizes cryptographic algorithm that software is expressly encrypted, and this cryptographic algorithm is existing symmetry or rivest, shamir, adelman, for example, and AES, DES or RSA, ECC etc.If used symmetric encipherment algorithm, then the software cryptography key is identical with decruption key, also can be used for deciphering, and this decruption key is key SK (that is first key).If the use rivest, shamir, adelman, then the decruption key of encryption key and described rivest, shamir, adelman exists corresponding relation, and decruption key is key SK (that is first key) in the present invention.Because the key SK of software is to be related to the key that can software be cracked, so just quite important about the safety of this key SK, the Shamir scheme that the special usage threshold of the present invention is encrypted is by n thresholding cryptographic key factor K 1, K 2..., K nComputing generate second key, utilize this second key that this key SK is encrypted as key ciphertext PSK, key ciphertext PSK is spliced in the encrypted software, for example it is spliced head or afterbody in encrypted software.And this n thresholding cryptographic key factor spliced in the different physics paragraph of encrypted software by a strong stitching algorithm (perhaps simple connecting method), for example, splice head or afterbody in software.The present invention encrypts the software that needs protection by the first step; In second step, encrypt first key SK in the first step; In the 3rd step, splicing realizes the second step encrypted secret key factor; When running software need be deciphered; from protected software ciphertext, obtain t (1≤t≤n randomly; t and n are positive integer) individual thresholding cryptographic key factor; just can be from key ciphertext PSK first key SK of encrypted software be solved by the Shamir scheme then, thereby the software ciphertext is decrypted.The thresholding key recovery method makes the process of software loading produce dynamic perfromance, each all from software different positions obtain the thresholding cryptographic key factor and be used for deciphering, can be effectively at the crack method of following the tracks of software loading, the difficulty that increase cracks.
As shown in Figure 1, be the process flow diagram of software cryptography process of the present invention.
Step 101 is selected suitable symmetric encipherment algorithm, AES for example, and DES etc., utilizing first encrypting module is the first software ciphertext with the plain text encryption of software, its key that uses is first key SK.
Step 102, second encrypting module utilize the Shamir algorithm in the thresholding cryptographic algorithm to protect above-mentioned key SK, use the Shamir scheme of Lagrange interpolation polynomial algorithm in the Zp of territory, and wherein Zp is by prime field, generates t-1 time polynomial expression:
P n(x)=a 0+a 1x+a 2x 2+...+a t-1x t-1
P wherein n(x) coefficient a 0..., a nGenerate at random.
Make x 1=1, calculate P n(1)=a 0+ a 1+ a 2+ ...+a T-1,
… … …
Make x n=n calculates P n(n)=a 0+ a 1N+a 2n 2+ ...+a T-1n T-1
Wherein, P n(1) ..., P n(n)<2 64, n is the positive integer greater than 1, t is more than or equal to 1 positive integer less than n.
Generated n thresholding cryptographic key factor then to K 1=(1, P n(1)) ..., K n=(n, P n(n)), use a 0Be that second key is encrypted as key ciphertext PSK with key SK.And the key ciphertext PSK after will encrypting splices head or afterbody in the described first software ciphertext, and this step can be used storage means of the prior art.
Step 103, package module is divided into n section with the first software ciphertext and key fine groove as one, and n thresholding cryptographic key factor spliced respectively in n section.At this, can directly n cryptographic key factor be spliced respectively in the head or the afterbody of first each section of software ciphertext, the part of black is a cryptographic key factor as shown in FIG., white portion is the n section, form the second software ciphertext and be stored in the storage medium, also can use following joining method, form the second complicated more software ciphertext.
C represents a certain section of the first software ciphertext, and wherein every section C is by piece C 0, C 2..., C M-1Constitute, k represents the thresholding cryptographic key factor to K iIn P n(i), concrete splicing is as follows,
C′ 0=C 0×k (E0)
C′ 1=C 1×k+C 0 (E2)
C′ 2=C 2×k+C 1 (E3)
… … …
C′ m-1=C m-1×k+C m-2 (Em-1)
C′ m=C m-1 (Em)
Wherein * be the arithmetic multiplication computing.As preferred embodiment, each piece C iLength equal the length of k, i.e. length (C i)=length (k).For example, be divided into n section after the software cryptography, the length of wherein a certain section C is 128 bytes, and the length of cryptographic key factor is 16 bytes, then C is divided into 8, i.e. m=7, each piece C of C iLength be 16 bytes.Calculate h=hash (k) simultaneously, the cryptographic hash that is about to thresholding cryptographic key factor k is noted, and whether the thresholding cryptographic key factor that checking recovers when being used to decipher is correct.C ' 0To C ' mAfter being merged into one section complete C ', splice (front or back that h is added in C ' section) again with cryptographic hash h, splice all sections C ' then and corresponding cryptographic hash h forms final saved software ciphertext, i.e. the second software ciphertext, and the second software ciphertext is stored in the storage medium.
In Shamir thresholding cipher key encryption scheme, can recover the second key a with t cryptographic key factor arbitrarily 0, being used to decipher PSK, so the software loading device is each when loading encrypted software; all will from n cryptographic key factor, select t at random; be used to decipher PSK, a kind of high-intensity cracker of preventing follows the tracks of to provide, the analysis software loading process, and has the protection mechanism of dynamic characteristic.
Fig. 2 is the process flow diagram of software loading deciphering of the present invention.Software the unloading phase, the second software ciphertext is loaded in the internal memory from storage medium by loader, wherein black part is divided into cryptographic key factor, white portion is first software ciphertext and the PSK, if at the joining method that does not have in the encrypting step to use as step 103, and the head or the afterbody that just n cryptographic key factor direct splicing are fallen in software ciphertext correspondent section, then step 201 can directly directly obtain t cryptographic key factor by decapsulation module from the t section ciphertext of picked at random, and the second software ciphertext is reverted to first software ciphertext and the PSK.If the joining method having used described in step 103 is then selected one section ciphertext C ' and corresponding cryptographic hash h by decapsulation module, recover the thresholding cryptographic key factor k that carries on this section ciphertext when encrypting.Recovery algorithms is as follows:
C among the cancellation E0 to Em 0To C M-1, with C M-1=C ' mSubstitution (Em-1) obtains equation C M-2=C ' M-1-C ' m* k+C m* k 2, with this equation substitution (Em-2) ...,, form 0=-C ' at last up to substitution (E0) mk m+ C ' M-1* k M-1-C ' M-2* k M-2+ ...+(1) M-1* C ' 0, with 0=-C ' mk m+ C ' M-1* k M-1-C ' M-2* k M-2+ ...+(1) M-1* C ' 0Be labeled as P0, cryptographic key factor k is above-mentioned root of polynomial, by finding out root in the calculating of polynomial number codomain, and can be from the second software ciphertext C ' 0, C ' 1..., C ' mThe middle k that recovers.Use Newton iterative to seek one or more of polynomial expression P0 in the present embodiment.
(a) make y=-C ' mk m+ C ' M-1* k M-1-C ' M-2* k M-2+ ...+(1) M-1* C ' 0=f (k) (P1) selects initial k arbitrarily 0, k for example 0=2 Lengh (k)-1
(b) calculate k i + 1 = k i - f ( k i ) f ′ ( k i ) , I=0 to m, f ' are the derivative of f (k) (k), that is, f ' (k)=-C ' m* m * k M-1+ C ' M-1* (m-1) * k M-2-C ' M-2* (m-2) * k M-3+ ...+(1) M-2* C ' 1
(c) repeating step b, up to | k I+1-k i|<1, this moment k I+1Be approximately the root of P1.
(d) if hash is (k I+1)=h, perhaps hash (k I+1+ 1)=and h, hash (k I+1-1)=and h, wherein h is the h value in the encrypting step (4), then the k that calculates of this step I+1Just be the thresholding cryptographic key factor k in the encrypting step, jump to step (f), if unequal, then digital root k finding algorithm failure enters step (e).Hash algorithm described in the present invention, whether promptly hashing algorithm is an one-way algorithm, can't instead release former data after promptly data are calculated, thereby changed before and after the comparing data transmission as if wanting, whether the cryptographic hash before and after only needing relatively to transmit equates to get final product.
(e) if in step (d), do not find k, mean that then P0 has a plurality of real roots, other real root can obtain by following method:
Use the root k in the step (d) I+1As new k 0
Make b 0=-C ' m, b k=(1) K-1* C ' M-k+ k 0* b K-1, k=1 wherein, 2 ..., m-1 sets up a new polynomial expression then, f (k)=b 0* k M-1+ b 1* k M-2+ ...+b M-1(P2);
Use above-mentioned steps b-c calculates the real root of new equation P2, obtains other real roots of P0.
Calculate all real roots of P0 by this step (e), each through after (e), rechecking step (d) judges whether to obtain real cryptographic key factor, obtains thresholding cryptographic key factor k then.
(f) obtain after one section thresholding cryptographic key factor k in the ciphertext, in generation, returned system of equations E0 to Em, with the second software ciphertext C ' 0, C ' 1..., C ' mRevert to the first software ciphertext C 1, C 2..., C m
To n section C, carry out a-f respectively, draw all required thresholding cryptographic key factor k of decryption key ciphertext PSK, and utilize k to recover all ciphertext C ', form the first software ciphertext.
Step 202, after having recovered t thresholding cryptographic key factor, K i=(x i, P n(x i), 1≤i≤t, second deciphering module makes up a new polynomial expression with t k
P n ( x ) = Σ i = 1 t ( Π i = 1 i ≠ k t x - x i x k - x i ) y k ,
Wherein, y k=P n(x k), x iAnd x kX for the thresholding cryptographic key factor centering of having recovered i, wherein i ≠ k makes x equal 0 at last, draws P n(0)=a 0
In the first software ciphertext, extract PSK, use a 0As the key of decruption key ciphertext PSK, thus first key SK of acquisition decrypt encrypted software.
Step 203, first deciphering module use SK that encrypted software is decrypted, and obtain priginal soft expressly.
CPU expressly carries out according to this software.
As shown in Figure 3, the synoptic diagram for encryption device of the present invention comprises, first encrypting module, second encrypting module and package module; Described first encrypting module, utilizing first key SK is the first software ciphertext with the software plain text encryption; Described second encrypting module is connected with described first encrypting module, utilize n thresholding cryptographic key factor to generate second key, use this second key that described first key SK is encrypted as key ciphertext PSK, and described key ciphertext PSK is stored in the described first software ciphertext; Described package module is connected with described second encrypting module, and the described first software ciphertext is divided into the n section, and described thresholding cryptographic key factor is spliced in described segmentation, forms the second software ciphertext.
As shown in Figure 4, the synoptic diagram for decryption device of the present invention comprises, decapsulation module, second deciphering module and first deciphering module; Described decapsulation module is descapsulated into the first software ciphertext with the second software ciphertext, and gets t thresholding cryptographic key factor at random in n section of the described first software ciphertext; Described second deciphering module is connected with described decapsulation module, generates second key according to described t thresholding cryptographic key factor, and utilizing this second key is first key SK with key ciphertext PSK deciphering; Described first deciphering module is connected with described second deciphering module, uses described first key SK with the described first software decrypt ciphertext, obtains software expressly.
As shown in Figure 5, the synoptic diagram that moves for apparatus of the present invention.Comprise loader, be used for also comprising decryption device as shown in Figure 4 that same section repeats no more from the storage medium load software.Loader (for example hard disk) from the storage medium of software loads the second software ciphertext, and it is imported described decryption device, and described decryption device is converted to software expressly with the described second software ciphertext, and sends it to CPU executive software.
Beneficial effect of the present invention is, encrypts executable software, makes the software cracker can not obtain key by the simple software loading of following the tracks of, thereby prevents that this software is decrypted and by the reverse compiling of methods such as reverse-engineering.Strengthened the protection of software cryptography key; the cracker is difficult to by following the tracks of the software loading process; thereby obtain the key physical address and realize that by the analysis key purpose the present invention that software cracks has strengthened existing to software cryptography, to improve the scheme of its security by the technology of dynamic memory key.
Above embodiment only is used to illustrate the present invention, but not is used to limit the present invention.

Claims (9)

1. one kind is carried out method of encrypting to software, may further comprise the steps:
Step 101, utilizing first encrypting module is the first software ciphertext with the software plain text encryption in the storage medium, wherein deciphering used key is first key SK;
Step 102, second encrypting module utilizes n thresholding cryptographic key factor to generate second key, wherein the positive integer of n>1 uses this second key that described first key SK is encrypted as key ciphertext PSK, and described key ciphertext PSK is spliced in the described first software ciphertext;
Step 103 utilizes package module that the described key ciphertext PSK and the first software ciphertext are divided into the n section as one, and described thresholding cryptographic key factor is spliced in described segmentation, forms the second software ciphertext, and is stored in the described storage medium.
2. according to claim 1 software is carried out method of encrypting, it is characterized in that the encryption method described in the described step 101 comprises, symmetric encipherment algorithm or rivest, shamir, adelman.
3. according to claim 1 software is carried out method of encrypting, it is characterized in that, the thresholding key algorithm that uses in the described step 102 comprises Shamir thresholding cipher key scheme, perhaps Alstonia paupera Si-Bu Long thresholding cipher key scheme.
4. according to claim 3 software is carried out method of encrypting, it is characterized in that in the described step 103, described package module is divided into the n section with the described key ciphertext PSK and the first software ciphertext as one, C represents any a section in the described n section, and C is by piece C for section 0, C 2..., C M-1Constitute, the equal in length of the length of each piece and thresholding cryptographic key factor k wherein is directed to each section C and corresponding k calculating:
C′ 0=C 0×k (E0)
C′ 1=C 1×k+C 0 (E2)
C′ 2=C 2×k+C 1 (E3)
………
C′ m-1=C m-1×k+C m-2 (Em-1)
C′ m=C m-1 (Em)
Above * be the arithmetic multiplication computing, calculate simultaneously thresholding cryptographic key factor k cryptographic hash h, merging C ' 0To C ' mForm C ', with n section C ' and the corresponding cryptographic hash h described second software ciphertext of formation that stitchs together.
5. method that software is decrypted may further comprise the steps in the process of software loading:
Step 201, decapsulation module is got t thresholding cryptographic key factor at random from n of second software ciphertext section, 1≤t≤n wherein, n is the positive integer greater than 1, and the described second software ciphertext is reverted to the first software ciphertext and key ciphertext PSK;
Step 202 is extracted described key ciphertext PSK, and second deciphering module generates second key according to described t thresholding cryptographic key factor, and utilizing this second key is first key SK with key ciphertext PSK deciphering;
Step 203, first deciphering module use described first key SK with the described first software decrypt ciphertext, and expressly send software to CPU, to carry out this software.
6. the method that software is decrypted according to claim 5 is characterized in that, in the described step 201, described decapsulation module is calculated each section in the n section second software ciphertext respectively: according to E0 to Em cancellation C 0, C 1..., C M-1, obtain equation 0=-C ' mk m+ C ' M-1* k M-1-C ' M-2* k M-2+ ...+(1) M-1* C ' 0(P0),
Find the solution the k in this equation, when the cryptographic hash of k equals the corresponding cryptographic hash h of this C ' section, with this k with C ' 0To C ' mRevert to C 0To C M-1, with C 0To C M-1Merging to be obtaining a section C, and this section C is that the first software ciphertext and key ciphertext are as one section in the n section of one; Obtain n k, and the second software ciphertext is reverted to the first software ciphertext and key ciphertext PSK.
7. the method that software is decrypted according to claim 6 is characterized in that, uses the k in the described solve equation of polynomial Newton iteration method (P0).
8. the device that software is encrypted is characterized in that comprising, first encrypting module, second encrypting module and package module; Described first encrypting module, utilizing first key SK is the first software ciphertext with the software plain text encryption; Described second encrypting module is connected with described first encrypting module, utilize n thresholding cryptographic key factor to generate second key, use this second key that described first key SK is encrypted as key ciphertext PSK, and described key ciphertext PSK is stored in the described first software ciphertext; Described package module is connected with described second encrypting module, and the described first software ciphertext is divided into the n section, and described thresholding cryptographic key factor is spliced in described segmentation, forms the second software ciphertext.
9. the device that software is decrypted is characterized in that comprising, decapsulation module, second deciphering module and first deciphering module; Described decapsulation module is descapsulated into the first software ciphertext and key ciphertext PSK with the second software ciphertext, and gets t thresholding cryptographic key factor at random in n section of the described first software ciphertext; Described second deciphering module is connected with described decapsulation module, generates second key according to described t thresholding cryptographic key factor, and utilizing this second key is first key SK with key ciphertext PSK deciphering; Described first deciphering module is connected with described second deciphering module, uses described first key SK with the described first software decrypt ciphertext, obtains the software plaintext and sends CPU to carry out this software.
CN2007101076366A 2007-05-23 2007-05-23 Software encryption and decryption method and encryption and decryption device Active CN101311942B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN2007101076366A CN101311942B (en) 2007-05-23 2007-05-23 Software encryption and decryption method and encryption and decryption device
JP2010508801A JP5167348B2 (en) 2007-05-23 2008-05-14 Software encryption method, software decryption method, software encryption device, and software decryption device
PCT/EP2008/055912 WO2008141992A1 (en) 2007-05-23 2008-05-14 Method and apparatus for encrypting and decrypting software
EP08759593A EP2150917A1 (en) 2007-05-23 2008-05-14 Method and apparatus for encrypting and decrypting software

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2007101076366A CN101311942B (en) 2007-05-23 2007-05-23 Software encryption and decryption method and encryption and decryption device

Publications (2)

Publication Number Publication Date
CN101311942A true CN101311942A (en) 2008-11-26
CN101311942B CN101311942B (en) 2011-08-24

Family

ID=39590378

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2007101076366A Active CN101311942B (en) 2007-05-23 2007-05-23 Software encryption and decryption method and encryption and decryption device

Country Status (4)

Country Link
EP (1) EP2150917A1 (en)
JP (1) JP5167348B2 (en)
CN (1) CN101311942B (en)
WO (1) WO2008141992A1 (en)

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017000726A1 (en) * 2015-07-02 2017-01-05 中兴通讯股份有限公司 Key transformation method, apparatus, and terminal
CN106599628A (en) * 2016-12-08 2017-04-26 合肥康捷信息科技有限公司 Python byte code file protection method based on module hook
CN107248914A (en) * 2017-08-14 2017-10-13 四川长虹电器股份有限公司 Novel symmetrical encryption system and encryption method in a kind of iOS device
CN107278357A (en) * 2014-12-24 2017-10-20 皇家飞利浦有限公司 Cryptographic system and method
CN107579962A (en) * 2017-08-24 2018-01-12 中积有限公司 A kind of method and device of source code encryption and decryption
CN108270574A (en) * 2018-02-11 2018-07-10 浙江中控技术股份有限公司 A kind of method for secure loading and device of white list library file
CN108880812A (en) * 2017-05-09 2018-11-23 北京京东尚科信息技术有限公司 The method and system of data encryption
CN108964912A (en) * 2018-10-18 2018-12-07 深信服科技股份有限公司 PSK generation method, device, user equipment, server and storage medium
CN110166236A (en) * 2019-05-31 2019-08-23 北京中金国信科技有限公司 Cipher key processing method, device and system and electronic equipment
CN110289955A (en) * 2019-06-25 2019-09-27 杭州趣链科技有限公司 A kind of key management method for serving certificate agency based on threshold cryptography model
CN110535642A (en) * 2019-09-02 2019-12-03 北京智游网安科技有限公司 A kind of method, intelligent terminal and the storage medium of dispersion storage key
CN111310211A (en) * 2020-02-19 2020-06-19 成都三零凯天通信实业有限公司 Method for encrypting database by using SM4 algorithm
CN112464270A (en) * 2020-12-30 2021-03-09 广汽本田汽车有限公司 Bidding file encryption and decryption method, equipment and storage medium
CN112565400A (en) * 2020-12-03 2021-03-26 东北大学 Cooperative resource distribution system and method based on IPv6 campus network
CN113094664A (en) * 2021-04-09 2021-07-09 每日互动股份有限公司 System for preventing android application program from being decompiled

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104980918B (en) * 2014-04-04 2019-09-17 阿里巴巴集团控股有限公司 Bootstrap information transmission provides the method and device of service based on beacon
CN112926074B (en) * 2021-03-26 2022-08-23 成都卫士通信息产业股份有限公司 SM9 key thresholding generation method, device, equipment and storage medium
CN116405293B (en) * 2023-04-07 2023-09-01 光谷技术有限公司 Data encryption storage method of safe operation and maintenance system

Family Cites Families (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS61177479A (en) * 1985-02-01 1986-08-09 沖電気工業株式会社 Coding key managing system
US4853962A (en) * 1987-12-07 1989-08-01 Universal Computer Consulting, Inc. Encryption system
JPH0721688A (en) * 1993-06-30 1995-01-24 Victor Co Of Japan Ltd Optical recording medium and reproducing device therefor
JP3627384B2 (en) * 1996-01-17 2005-03-09 富士ゼロックス株式会社 Information processing apparatus with software protection function and information processing method with software protection function
JP3775175B2 (en) * 1996-06-28 2006-05-17 株式会社東芝 Key processing method and disk manufacturer side processing apparatus
GB2325123A (en) * 1997-05-08 1998-11-11 Ibm Data encryption/decryption using random numbers
JP3667988B2 (en) * 1997-06-06 2005-07-06 株式会社日立製作所 Key recovery method and apparatus
US6236729B1 (en) * 1997-06-06 2001-05-22 Hitachi, Ltd. Key recovery method and system
US6182214B1 (en) * 1999-01-08 2001-01-30 Bay Networks, Inc. Exchanging a secret over an unreliable network
US7565697B2 (en) * 2000-09-22 2009-07-21 Ecd Systems, Inc. Systems and methods for preventing unauthorized use of digital content
JP2005275694A (en) * 2004-03-24 2005-10-06 Hitachi Software Eng Co Ltd Method and protection system for protecting program from internal analysis
JP2006091967A (en) * 2004-09-21 2006-04-06 Matsushita Electric Ind Co Ltd Information processor and debugging device
CN100536393C (en) * 2005-01-14 2009-09-02 中兴通讯股份有限公司 Secret shared key mechanism based user management method

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107278357B (en) * 2014-12-24 2020-04-07 皇家飞利浦有限公司 Cryptographic system and method
CN107278357A (en) * 2014-12-24 2017-10-20 皇家飞利浦有限公司 Cryptographic system and method
WO2017000726A1 (en) * 2015-07-02 2017-01-05 中兴通讯股份有限公司 Key transformation method, apparatus, and terminal
CN106599628A (en) * 2016-12-08 2017-04-26 合肥康捷信息科技有限公司 Python byte code file protection method based on module hook
CN106599628B (en) * 2016-12-08 2019-04-02 合肥康捷信息科技有限公司 A kind of Python byte code files guard method based on module hook
CN108880812B (en) * 2017-05-09 2022-08-09 北京京东尚科信息技术有限公司 Method and system for data encryption
CN108880812A (en) * 2017-05-09 2018-11-23 北京京东尚科信息技术有限公司 The method and system of data encryption
CN107248914A (en) * 2017-08-14 2017-10-13 四川长虹电器股份有限公司 Novel symmetrical encryption system and encryption method in a kind of iOS device
CN107579962A (en) * 2017-08-24 2018-01-12 中积有限公司 A kind of method and device of source code encryption and decryption
CN107579962B (en) * 2017-08-24 2019-04-30 中链科技有限公司 A kind of method and device of source code encryption and decryption
CN108270574B (en) * 2018-02-11 2021-02-09 浙江中控技术股份有限公司 Safe loading method and device for white list library file
CN108270574A (en) * 2018-02-11 2018-07-10 浙江中控技术股份有限公司 A kind of method for secure loading and device of white list library file
CN108964912A (en) * 2018-10-18 2018-12-07 深信服科技股份有限公司 PSK generation method, device, user equipment, server and storage medium
CN110166236A (en) * 2019-05-31 2019-08-23 北京中金国信科技有限公司 Cipher key processing method, device and system and electronic equipment
CN110166236B (en) * 2019-05-31 2022-01-18 北京中金国信科技有限公司 Key processing method, device and system and electronic equipment
CN110289955A (en) * 2019-06-25 2019-09-27 杭州趣链科技有限公司 A kind of key management method for serving certificate agency based on threshold cryptography model
CN110535642A (en) * 2019-09-02 2019-12-03 北京智游网安科技有限公司 A kind of method, intelligent terminal and the storage medium of dispersion storage key
CN111310211A (en) * 2020-02-19 2020-06-19 成都三零凯天通信实业有限公司 Method for encrypting database by using SM4 algorithm
CN112565400A (en) * 2020-12-03 2021-03-26 东北大学 Cooperative resource distribution system and method based on IPv6 campus network
CN112464270A (en) * 2020-12-30 2021-03-09 广汽本田汽车有限公司 Bidding file encryption and decryption method, equipment and storage medium
CN113094664A (en) * 2021-04-09 2021-07-09 每日互动股份有限公司 System for preventing android application program from being decompiled

Also Published As

Publication number Publication date
JP2010528511A (en) 2010-08-19
WO2008141992A1 (en) 2008-11-27
CN101311942B (en) 2011-08-24
EP2150917A1 (en) 2010-02-10
JP5167348B2 (en) 2013-03-21

Similar Documents

Publication Publication Date Title
CN101311942B (en) Software encryption and decryption method and encryption and decryption device
JP6227728B2 (en) System and method for wireless data protection
KR101324825B1 (en) Message authentication code pre-computation with applications to secure memory
CN101231622B (en) Data storage method and equipment base on flash memory, as well as data fetch method and apparatu
US9571289B2 (en) Methods and systems for glitch-resistant cryptographic signing
CN105468940B (en) Method for protecting software and device
US7841014B2 (en) Confidential information processing method, confidential information processor, and content data playback system
EP2629223A1 (en) System, devices and methods for collaborative execution of a software application comprising at least one encrypted instruction
CN111222148A (en) Key generation method, encryption method, decryption method and device
CN103745166A (en) Method and device for inspecting file attribute value
Kim et al. A study on the decryption methods of telegram X and BBM-Enterprise databases in mobile and PC
US10572635B2 (en) Automatic correction of cryptographic application program interfaces
CN101167301B (en) Confidential information processing host device and confidential information processing method
CN102480353A (en) Method of password authentication and secret key protection
Park et al. How to decrypt PIN-Based encrypted backup data of Samsung smartphones
CN105404470A (en) Data storage method, data security apparatus and data storage system
US20210367766A1 (en) A computation device using shared shares
KR101440680B1 (en) Homomorphic Encryption and Decryption Method using Chinese Remainder Theorem and apparatus using the same
CN105426702A (en) Android operating system based application program encrypting method and device, and Android operating system based application program decrypting method and device
CN109255225A (en) Hard disc data security control apparatus based on dual-identity authentication
JP2009288616A (en) Secret sharing method, program and device
CN111294199B (en) Encryption/decryption system, encryption device, decryption device, and encryption/decryption method
CN111130788B (en) Data processing method and system, data reading method and iSCSI server
CN107766725B (en) Template attack resistant data transmission method and system
CN101110098A (en) Generation and management method for digital content use trace based on reliable computing technology

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C41 Transfer of patent application or patent right or utility model
TR01 Transfer of patent right

Effective date of registration: 20150925

Address after: 100000 Beijing City, Haidian District information industry base on the information Chronoswiss Road No. 18 Building 2 layer

Patentee after: Beijing Siemens Cerberus Electronics Ltd.

Address before: 100102 Beijing, Wangjing, Central South Road, No. 7, No.

Patentee before: Simens Co., Ltd. (China)

C56 Change in the name or address of the patentee
CP02 Change in the address of a patent holder

Address after: 100094 Beijing, northwest Wang Feng Road, No. 1

Patentee after: Beijing Siemens Cerberus Electronics Ltd.

Address before: Beijing City, Haidian District information industry base on the information Rainbow Road No. 18 Building 2 layer

Patentee before: Beijing Siemens Cerberus Electronics Ltd.