| Method to protect software against unwanted use with a detection and coercion principle -> Monitor Keywords |
|
|
Method to protect software against unwanted use with a detection and coercion principleRelated Patent Categories: Information Security, Prevention Of Unauthorized Use Of Data Including Prevention Of Piracy, Privacy Violations, Or Unauthorized Data ModificationMethod to protect software against unwanted use with a detection and coercion principle description/claimsThe Patent Description & Claims data below is from USPTO Patent Application 20070136816, Method to protect software against unwanted use with a detection and coercion principle. Brief Patent Description - Full Patent Description - Patent Application Claims
BACKGROUND OF THE INVENTION [0001] This invention concerns the technical domain of data processing systems in the general sense, and is more precisely aimed at the means of protecting software running on said data processing systems against unauthorized usage. [0002] The subject of the invention aims in particular at the means of protecting software against unauthorized usage, using a processing and memorizing unit, such a unit being commonly materialized by a chip card or a material key on USB port. [0003] In the technical domain above, the main problem concerns the unauthorized usage of software by users who have not paid the license rights. This illicit use of software causes an obvious loss for software editors, software distributors and/or any person integrating such software in products. To avoid such illicit copies, various solutions, in the state of technology, have been proposed to protect software. [0004] Thus, a protection solution is known, which makes use of a hardware protection system, such as a physical component named protection key or "dongle". Such a protection key should guarantee that the software executes only in presence of the key. Yet, it must be acknowledged that this solution is ineffective because it presents the inconvenience of being easy to bypass. An ill-intentioned person or a hacker can, with the aid of specialized tools such as disassemblers, delete the control instructions of the protection key. It becomes then possible to make illicit copies corresponding to modified versions of the software able to run without the protection. Moreover, this solution cannot be generalized to all software, inasmuch as it is difficult to connect more than two protection keys to the same system. BRIEF SUMMARY OF THE INVENTION [0005] The subject of the invention aims precisely at finding a solution to the aforementioned problems by proposing a process to protect a software against unauthorized usage, using an ad hoc processing and memorizing unit, inasmuch as the presence of such a unit is necessary for the software to be completely functional. [0006] So as to reach such a goal, the subject of the invention concerns a process to protect, using at least one blank unit including at least processing means and memorization means, a vulnerable software against its unauthorized usage, said vulnerable software being produced from a source and working on a data processing system. The process according to the invention comprises: [0007] during a protection phase: [0008] defining: [0009] at least one software execution characteristic, liable to be monitored at least in part in a unit, [0010] at least one criterion to abide by for at least one software execution characteristic, [0011] detection means to implement in a unit and enabling to detect that at least one software execution characteristic does not abide by at least one associated criterion, [0012] and coercion means to implement in a unit and enabling to inform the data processing system and/or modify the execution of a software when at least one criterion is not abided by, [0013] constructing exploitation means enabling to transform the blank unit into a unit able to implement the detection means and the coercion means, [0014] creating a protected software: [0015] by choosing at least one software execution characteristic to monitor, among the software execution characteristics liable to be monitored, [0016] by choosing at least one criterion to abide by for at least one chosen software execution characteristic, [0017] by choosing, at least one algorithmic processing which, during the execution of the vulnerable software, uses at least one operand and enables to obtain at least one result, and for which at least one chosen software execution characteristic, is to be monitored, [0018] by choosing at least one portion of the source of the vulnerable software containing, at least one chosen algorithmic processing, [0019] by producing the source of the protected software from the source of the vulnerable software, by modifying at least one chosen portion of the source of the vulnerable software to obtain at least one modified portion of the source of the protected software, this modification being such that: [0020] during the execution of the protected software a first execution part is executed in the data processing system and a second execution part is executed in a unit, obtained from the blank unit after upload of information, [0021] the second execution part executes at least the functionality of at least one chosen algorithmic processing, [0022] and during the execution of the protected software, at least one chosen execution characteristic is monitored by means of the second execution part and the fact that a criterion is not abided by leads to a modification of the execution of the protected software, [0023] and by producing: [0024] a first object part of the protected software, from the source of the protected software, said first object part being such that during the execution of the protected software, appears a first execution part which is executed in the data processing system and whose at least a portion takes into account that at least one chosen software execution characteristic is monitored, [0025] and a second object part of the protected software, containing the exploitation means implementing the detection means and the coercion means, said second object part being such that, after upload to the blank unit and during the execution of the protected software, appears the second execution part by means of which at least one chosen software execution characteristic is monitored and by means of which the fact that a criterion is not abided by leads to a modification of the execution of the protected software, [0026] and uploading the second object part to the blank unit, with the intention of obtaining the unit, [0027] and during a usage phase during which the protected software is executed: [0028] in the presence of the unit: [0029] and as long as all the criteria corresponding to all the monitored execution characteristics of all the modified portions of the protected software are abided by, enabling said portions of the protected software to work nominally and consequently enabling the protected software to work nominally, [0030] and if at least one of the criteria corresponding to a monitored execution characteristic of a portion of the protected software is not abided by, informing the data processing system of it and/or modifying the functioning of the portion of the protected software, so that the functioning of the protected software is modified, [0031] and in the absence of the unit, in spite of the request by a portion of the first execution part to trigger the execution in the unit, of the functionality of a chosen algorithmic processing, in not being able to fulfill said request correctly, so that at least said portion is not executed correctly and that consequently, the protected software is not completely functional. [0032] According to a variant embodiment, the process according to the invention comprises: [0033] during the protection phase: [0034] defining: [0035] as software execution characteristic liable to be monitored, a variable of measurement of the usage of a functionality of a software, [0036] as criterion to abide by, at least one threshold associated to each variable of measurement, [0037] and actualization means enabling to update at least one variable of measurement, [0038] constructing the exploitation means enabling the unit to also implement the actualization means, [0039] and modifying the protected software: [0040] by choosing as software execution characteristic to monitor, at least one variable of measurement of the usage of at least one functionality of a software, [0041] by choosing: [0042] at least one functionality of the protected software whose usage is liable to be monitored using a variable of measurement, [0043] at least one variable of measurement used to quantify the usage of said functionality, [0044] at least one threshold associated to a chosen variable of measurement corresponding to a limit of usage of said functionality, [0045] and at least one method of update of a chosen variable of measurement depending on the usage of said functionality, [0046] and by modifying at least one chosen portion of the source of the protected software, this modification being such that, during the execution of the protected software, the variable of measurement is actualized by means of the second execution part depending on the usage of said functionality, and at least one threshold crossing is taken into account, [0047] and during the usage phase, in the presence of the unit, and in the case where at least one threshold crossing corresponding to at least one limit of usage is detected, informing the data processing system of it and/or modifying the functioning of the portion of the protected software, so that the functioning of the protected software is modified. [0048] According to a variant embodiment, the process according to the invention comprises: [0049] during the protection phase: [0050] a defining: [0051] for at least one variable of measurement, several associated thresholds, [0052] and different coercion means corresponding to each of said thresholds, [0053] and modifying the protected software: [0054] by choosing in the source of the protected software, at least one chosen variable of measurement to which must be associated several thresholds corresponding to different limits of usage of the functionality, [0055] by choosing at least two thresholds associated to the chosen variable of measurement, [0056] and by modifying at least one chosen portion of the source of the protected software, this modification being such that, during the execution of the protected software, the crossings of the various thresholds are taken into account differently, by means of the second execution part, [0057] and during the usage phase: [0058] in the presence of the unit: [0059] in the case where the crossing of a first threshold is detected, enjoining the protected software not to use the corresponding functionality anymore, [0060] and in the case where the crossing of a second threshold is detected, making ineffective the corresponding functionality and/or at least one portion of the protected software. [0061] According to a variant embodiment, the process according to the invention comprises: [0062] during the protection phase: [0063] defining refilling means enabling to credit at least one software functionality monitored by a variable of measurement with at least one additional usage, [0064] constructing the exploitation means also allowing the unit to implement the refilling means, [0065] and modifying the protected software: [0066] by choosing in the source of the protected software, at least one chosen variable of measurement enabling to limit the usage of a functionality and which must be able to be credited with at least one additional usage, [0067] and by modifying at least one chosen portion, this modification being such that during a phase called of refilling, at least one additional usage of at least one functionality corresponding to a chosen variable of measurement can be credited, [0068] and during the phase of refilling: [0069] reactualizing at least one chosen variable of measurement and/or at least one associated threshold, so as to allow at least one additional usage of the functionality. [0070] According to a variant embodiment, the process according to the invention comprises: [0071] during the protection phase: [0072] defining: [0073] as software execution characteristic liable to be monitored, a profile of software usage, [0074] and as criterion to abide by, at least one feature of software execution, [0075] and modifying the protected software: [0076] by choosing as software execution characteristic to monitor at least one profile of software usage, [0077] by choosing at least one feature of execution by which at least one chosen profile of usage must abide, [0078] and by modifying at least one chosen portion of the source of the protected software, this modification being such that, during the execution of the protected software, the second execution part abides by all the chosen features of execution, [0079] and during the usage phase in the presence of the unit, and in the case where it is detected that at least one feature of execution is not abided by, informing the data processing system of it and/or modifying the functioning of the portion of the protected software, so that the functioning of the protected software is modified. [0080] According to a variant embodiment, the process according to the invention comprises: [0081] during the protection phase: [0082] defining: [0083] an instructions set whose instructions are liable to be executed in the unit, [0084] a set of instructions commands for said instructions set, said instructions commands being liable to be executed in the data processing system and to trigger in the unit the execution of the instructions, [0085] as profile of usage, the chaining of the instructions, [0086] as feature of execution, an expected chaining for the execution of the instructions, [0087] as detection means, means enabling to detect that the chaining of the instructions does not correspond to the expected one, [0088] and as coercion means, means enabling to inform the data processing system and/or to modify the functioning of the portion of protected software when the chaining of the instructions does not correspond to the expected one, [0089] constructing the exploitation means also enabling the unit to execute the instructions of the instructions set, the execution of said instructions being triggered by the execution in the data processing system, of the instructions commands, [0090] and modifying the protected software: [0091] by modifying at least one chosen portion of the source of the protected software, this modification being such that: [0092] at least one chosen algorithmic processing is split so that during the execution of the protected software, said algorithmic processing is executed by means of the second execution part, using instructions, [0093] for at least one chosen algorithmic processing, instructions commands are integrated to the source of the protected software, so that during the execution of the protected software, each instruction command is executed by the first execution part and triggers in the unit, the execution by means of the second execution part, of an instruction, [0094] a sequence of the instructions commands is chosen among the set of sequences allowing the execution of the protected software, [0095] and the chaining by which must abide at least some of the instructions during their execution in the unit is specified, [0096] and during the usage phase, in the presence of the unit, in the case where it is detected that the chaining of the instructions executed in the unit does not correspond to the expected one, informing the data processing system of it and/or modifying the functioning of the portion of the protected software, so that the functioning of the protected software is modified. [0097] According to a variant embodiment, the process according to the invention comprises: [0098] during the protection phase: [0099] defining: [0100] as instructions set, an instructions set whose at least some instructions work with registers and use at least one operand with the intention of returning a result, [0101] for at least some of the instructions working with registers: [0102] a part defining the functionality of the instruction, [0103] and a part defining the expected chaining for the execution of the instructions and including bits fields corresponding to: [0104] an identification field of the instruction, [0105] and for each operand of the instruction: [0106] a flag field, [0107] and an expected identification field of the operand, [0108] for each register belonging to the exploitation means and used by the instructions set, a generated identification field in which is automatically memorized the identification of the last instruction which has returned its result in said register, [0109] as detection means, means enabling, during the execution of an instruction, for each operand, when the flag field imposes it, to check the equality of the generated identification field corresponding to the register used by said operand, and the expected identification field of the origin of said operand, [0110] and as coercion means, means enabling to modify the result of the instructions, if at least one of the checked equalities is false. [0111] According to a preferred embodiment, the process according to the invention comprises: [0112] during the protection phase: [0113] modifying the protected software: [0114] by choosing at least one variable used in at least one chosen algorithmic processing, which during the execution of the protected software, partially defines the state of the protected software, [0115] by modifying at least one chosen portion of the source of the protected software, this modification being such that during the execution of the protected software, at least one chosen variable or at least one copy of chosen variable resides in the unit, [0116] and by producing: [0117] the first object part of the protected software, said first object part being such that during the execution of the protected software, at least one portion of the first execution part takes also into account that at least one variable or at least one copy of variable resides in the unit, [0118] and the second object part of the protected software, said second object part being such that, after upload to the unit and during the execution of the protected software, appears the second execution part by means of which at least one chosen variable, or at least one copy of chosen variable resides too in the unit, [0119] and during the usage phase: [0120] in the presence of the unit each time a portion of the first execution part imposes it, using a variable or a copy of variable residing in the unit, so that said portion is executed correctly and that, consequently, the protected software is completely functional, [0121] and in the absence of the unit, in spite of the request by a portion of the first execution part to use a variable or a copy of variable residing in the unit, not being able to fulfill said request correctly, so that at least said portion is not executed correctly and that, consequently the protected software is not completely functional. [0122] According to another preferred embodiment, the process according to the invention comprises: [0123] during the protection phase: [0124] defining: [0125] as a triggering command, an instruction command, [0126] as a dependent function, an instruction, [0127] as an order, at least one argument for a triggering command, corresponding at least in part to the information transmitted by the data processing system to the unit, so as to trigger the execution of the corresponding dependent function, [0128] a method of renaming of the orders enabling to rename the orders so as to obtain triggering commands with renamed orders, [0129] and restoring means designed to be used in the unit during the usage phase, and enabling to restore the dependent function to execute, from the renamed order, [0130] constructing exploitation means enabling the unit to also implement the restoring means, [0131] and modifying the protected software: [0132] by choosing in the source of the protected software, triggering commands, [0133] by modifying at least one chosen portion of the source of the protected software by renaming the orders of the chosen triggering commands, so as to conceal the identity of the corresponding dependent functions, [0134] and by producing: [0135] the first object part of the protected software, said first object part being such that during the execution of the protected software, the triggering commands with renamed orders are executed, [0136] and the second object part of the protected software containing the exploitation means also implementing the restoring means, said second object part being such that, after upload to the unit and during the execution of the protected software, the identity of the dependent functions whose execution is triggered by the first execution part is restored by means of the second execution part, and the dependent functions are executed by means of the second execution part, [0137] and during the usage phase: [0138] in the presence of the unit and each time a triggering command with renamed order, contained in a portion of the first execution part imposes it, restoring in the unit, the identity of the corresponding dependent function and executing it, so that said portion is executed correctly and that, consequently, the protected software is completely functional, [0139] and in the absence of the unit, in spite of the request by a portion of the first execution part, to trigger the execution of a dependent function in the unit, not being able to fulfill said request correctly, so that at least said portion is not executed correctly and that, consequently, the protected software is not completely functional. [0140] According to a variant embodiment, the process according to the invention comprises: [0141] during the protection phase: [0142] defining for at least one dependent function, a family of dependent functions algorithmically equivalent, but triggered by triggering commands whose renamed orders are different, [0143] and modifying the protected software: [0144] by choosing, in the source of the protected software at least one triggering command with renamed order, [0145] and by modifying at least one chosen portion of the source of the protected software by replacing at least the renamed order of one chosen triggering command with renamed order, with another renamed order, triggering a dependent function of the same family. [0146] According to a variant embodiment, the process according to the invention comprises: [0147] during the protection phase, defining, for at least one dependent function, a family of algorithmically equivalent dependent functions: [0148] by concatenating a field of noise to the information defining the functional part of the dependent function to execute in the unit, [0149] or by using the identification field of the instruction and the expected identification fields of the operands. [0150] According to a variant embodiment, the process according to the invention comprises: [0151] during the protection phase: [0152] defining: [0153] as method of renaming of the orders, a ciphering method to cipher the orders, [0154] and as restoring means, means implementing a deciphering method to decipher the renamed orders and thus restore the identity of the dependent functions to execute in the unit. [0155] According to another preferred embodiment, the process according to the invention comprises: [0156] during the protection phase: [0157] modifying the protected software: [0158] by choosing, in the source of the protected software, at least one conditional branch carried out in at least one chosen algorithmic processing, [0159] by modifying at least one chosen portion of the source of the protected software, this modification being such that during the execution of the t protected software, the functionality of at least one chosen conditional branch is executed, by means of the second execution part, in the unit, [0160] and by producing: [0161] the first object part of the protected software, said first object part being such that during the execution of the protected software, the functionality of at least one chosen conditional branch is executed in the unit, [0162] and the second object part of the protected software, said second object part being such that, after upload to the unit and during the execution of the protected software, appears the second execution part by means of which the functionality of at least one chosen conditional branch is executed, [0163] and during the usage phase: [0164] in the presence of the unit and each time a portion of the first execution part imposes it, executing the functionality of at least one conditional branch in the unit, so that said portion is executed correctly and that, consequently, the protected software is completely functional, [0165] and in the absence of the unit and in spite of the request by a portion of the first execution part to execute the functionality of a conditional branch in the unit, not being able to fulfill said request correctly, so that at least said portion is not executed correctly and that consequently, the protected software is not completely functional. [0166] According to a variant embodiment, the process according to the invention comprises, during the protection phase, modifying the protected software: [0167] by choosing, in the source of the protected software, at least one series of chosen conditional branches, [0168] by modifying at least one chosen portion of the source of the protected software, this modification being such that during the execution of the protected software, the overall functionality of at least one chosen series of conditional branches is executed, by means of the second execution part, in the unit, [0169] and by producing: [0170] the first object part of the protected software, said first object part being such that during the execution of the protected software, the functionality of at least one chosen series of conditional branches is executed in the unit, [0171] and the second object part of the protected software, said second object part being such that, after upload to the unit and during the execution of the protected software, appears the second execution part by means of which the overall functionality of at least one chosen series of conditional branches is executed. [0172] The process according to the invention thus enables to protect usage of a software by using a processing and memorizing unit which presents the characteristic of containing a part of the software being executed. It follows that any derived version of the software attempting to work without the processing and memorizing unit imposes to recreate the part of the software contained in the processing and memorizing unit during the execution, or else said derived version of the software will not be completely functional. BRIEF DESCRIPTION OF THE DRAWINGS [0173] Various other characteristics emerge from the description made below in reference to the appended diagrams which show, as non-limiting examples, embodiments and implementations of the subject of the invention. Continue reading about Method to protect software against unwanted use with a detection and coercion principle... Full patent description for Method to protect software against unwanted use with a detection and coercion principle Brief Patent Description - Full Patent Description - Patent Application Claims Click on the above for other options relating to this Method to protect software against unwanted use with a detection and coercion principle patent application. ###  How KEYWORD MONITOR works... a FREE service from FreshPatents1. Sign up (takes 30 seconds). 2. Fill in the keywords to be monitored. 3. Each week you receive an email with patent applications related to your keywords. Start now! - Receive info on patent apps like Method to protect software against unwanted use with a detection and coercion principle or other areas of interest. ### Previous Patent Application: Content data reproducing system, content data reproducing program, and reproducing apparatus Next Patent Application: Wager game license management in a peer gaming network Industry Class: ### FreshPatents.com Support Thank you for viewing the Method to protect software against unwanted use with a detection and coercion principle patent info. IP-related news and info Results in 0.19975 seconds Other interesting Feshpatents.com categories: Electronics: Semiconductor , Audio , Illumination , Connectors , Crypto , 174 |
 * Protect your Inventions * US Patent Office filing 
PATENT INFO |
|
