WO2008141992A1 - Method and apparatus for encrypting and decrypting software - Google Patents

Method and apparatus for encrypting and decrypting software Download PDF

Info

Publication number
WO2008141992A1
WO2008141992A1 PCT/EP2008/055912 EP2008055912W WO2008141992A1 WO 2008141992 A1 WO2008141992 A1 WO 2008141992A1 EP 2008055912 W EP2008055912 W EP 2008055912W WO 2008141992 A1 WO2008141992 A1 WO 2008141992A1
Authority
WO
WIPO (PCT)
Prior art keywords
secret key
software
cipher text
module
psk
Prior art date
Application number
PCT/EP2008/055912
Other languages
French (fr)
Inventor
Wen Tang
Jian Jun Hu
Original Assignee
Siemens Aktiengesellschaft
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Siemens Aktiengesellschaft filed Critical Siemens Aktiengesellschaft
Priority to JP2010508801A priority Critical patent/JP5167348B2/en
Priority to EP08759593A priority patent/EP2150917A1/en
Publication of WO2008141992A1 publication Critical patent/WO2008141992A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes

Definitions

  • the present invention relates to the field of computer security, in particular to the field of computer encryption, and specifically to a method and an apparatus for encrypting and decrypting software.
  • DES Data Encryption Standard
  • the solution uses the Data Encryption Standard (DES) to encrypt a Java executable program, stores the encrypted program encoding and secret key in a memory, uses a loader to load the encrypted Java program encoding and key into system, takes out the secret key to decrypt the program encoding, converts it into the form of executable encoding, and loads it into a Java Virtual Machine to run.
  • DES Data Encryption Standard
  • the above method is very easy to be traced by crackers, and a cracker can trace every step from starting a program merely by using a debugging tool. If the program accesses a certain file every time when it is running, and obtains the secret key or the system's symbol name from the file, it will make the cracker to think that the file could be the secret key to the program or the comparison table for the system's symbol names, and if the cracker has confirmed that the file is the secret key file, then he will try every possible means to crack the file; and once the file is cracked, the software coding's cipher text can be converted into software coding's plaintext, and the source code of the software can be generated by reverse engineering, thereby causing a loss to the owner of the software .
  • an object of the present invention is to provide a method for encrypting software and a corresponding decryption method, wherein a threshold encryption feature is included, and every time when starting the software the address of threshold secret key factors obtained is different, which makes a cracker unable to decide which one is the secret key address.
  • the present invention also provides an apparatus for encrypting software and a corresponding decryption apparatus, which can store a plurality of factors of a threshold secret key into different paragraphs of the software and at the time of decryption it can obtain the factors of the threshold secret key from some paragraphs at random for decrypting the software.
  • Step 101 encrypting a software plaintext in a storage medium into a first software cipher text by using a first encryption module, wherein a secret key for decryption is a first secret key SK;
  • step 102 generating a second secret key by a second encryption module using n factors of a threshold secret key, encrypting said first secret key SK into an secret key cipher text PSK by using the second secret key, and splicing said secret key cipher text PSK into said first software cipher text, wherein n is a positive integer greater than 1;
  • step 103 dividing said secret key cipher text PSK and said first software cipher text as an integrated whole into n paragraphs by using an encapsulation module, and splicing said factors of the threshold secret key into said paragraphs to form a second software cipher text which is stored in said storage medium.
  • said encryption method specified in said step 101 comprises a symmetric encryption algorithm or an asymmetric encryption algorithm.
  • the threshold secret key algorithm used in said step 102 comprises a Shamir threshold secret key scheme .
  • said encapsulation module divides said secret key cipher text PSK and the first software cipher text as the integrated whole into n paragraphs;
  • C represents any paragraph in said n paragraphs, and the paragraph C comprises blocks Co, C ⁇ , - , C m ⁇ lr and the following calculations are performed on each paragraph C and its corresponding k:
  • C m C m _ x (Em) in which x is the arithmetic multiplication operation, at the same time a hash value h of the threshold secret key factor k is calculated, the values of C 0 to C 1n are combined to form C , and the C s of the n paragraphs and their corresponding hash values h are spliced together to form said second software cipher text.
  • a method for decrypting software comprising the following steps during the process of loading the software: step 201: selecting t factors of a threshold secret key by a decapsulation module from n paragraphs of a second software cipher text at random; and restoring a first software cipher text and an secret key cipher text PSK from said second software cipher text, wherein t is greater than or equal to 1 and less than or equal to n, and n is a positive integer greater than 1; step 202: extracting said secret key cipher text PSK, generating a second secret key by a second decryption module according to said t factors of the threshold secret key, and decrypting the secret key cipher text PSK into a first secret key SK by using the second secret key; and step 203: decrypting said first software cipher text by a first decryption module using said first secret key SK, and transmitting a software plaintext to a CPU, so as to execute the software.
  • said decapsulation module performs calculation on each of the n paragraphs of the second software cipher text: eliminating Co, Ci, ... C m -i according to EO to Em, so as to obtain the equation -C m '_ 2 ⁇ k m - 2 +...
  • a polynomial Newton iteration method is used to solve k in said equation (PO) .
  • An apparatus for encrypting software characterized in that it comprises a first encryption module, a second encryption module and an encapsulation module; said first encryption module encrypts a software plaintext to a first software cipher text using a first secret key SK; said second encryption module, which is connected with said first encryption module, generates a second encryption module using n factors of a threshold secret key, encrypts said first secret key SK into an secret key cipher text PSK using the second secret key, and stores said secret key cipher text PSK into said first software cipher text; and said encapsulation module, which is connected with said second encryption module, divides said first software cipher text into n paragraphs, and splices said factors of the threshold secret key into said paragraphs to form a second software cipher text.
  • An apparatus for decrypting software characterized in that it comprises a decapsulation module, a second decryption module and a first decryption module; said decapsulation module decapsulates a second software cipher text into a first software cipher text and an secret key cipher text PSK, and selects t factors of a threshold secret key from n paragraphs of the second software cipher text at random; said second decryption module, which is connected with said decapsulation module, generates a second secret key according to said t factors of the threshold secret key, and decrypts the secret key cipher text PSK into the first secret key SK by using the second secret key; said first decryption module, which is connected with said second decryption module, decrypts said first software cipher text by using said first secret key SK, obtains a software plaintext and transmits the same to a CPU so as to execute the software.
  • the beneficial effects of the present invention are that it enhances the protection of the software encrypting key, and makes it more difficult for a cracker to crack the software by way of tracking the software's loading process, obtaining the physical address of the secret key by tracing the software loading process, thereby achieving the purpose of cracking the software by analyzing the secret key, and the present invention enhances the current solution of encrypting the software to improve the security thereof by the technology of dynamically storing the secret key.
  • Fig. 1 is a flowchart of performing the software encryption according to the present invention
  • Fig. 2 is a flowchart of performing the software decryption according to the present invention
  • Fig. 3 is a structure scheme of an apparatus for performing the software encryption according to the present invention.
  • Fig. 4 is a structure scheme of an apparatus for performing the software decryption according to the present invention.
  • Fig. 5 is a structural diagram of an apparatus for implementing the present invention.
  • the present invention utilizes the theory of a threshold secret key to provide further protection to said first secret key, and splices the factors of the threshold secret key into the encrypted software, so as to make a cracker obtain a different jump address every time he traces the program running, so that the cracker will not be able to determine where to seek said first secret key.
  • the software that can be protected by the present invention is not only limited to executable programs, but also includes functional modules and the software's core algorithms and so on.
  • the current threshold encryption method is to encrypt said first secret key SK to a secret key cipher text PSK by using a random number as a second secret key, and at the same time generates n factors of the threshold secret key for computing the random number; at the time that the secret key needs to be decrypted, it only needs t factors of the threshold secret key (t ⁇ n) to generate said second secret key for decryption.
  • the purpose for proposing the threshold cryptography is to disperse the rights and to enhance the security; the dispersion of rights is demonstrated in that when using the threshold cryptography for performing the decryption and if every person holds one secret key factor, the decryption can be accomplished only if the number of participators reach a certain number (the threshold value t) ; security, on the one hand, is to prevent the case that obtaining one key factor makes the encryption meaningless, therefore as long as the number of cracked persons in this group does not reach the threshold value it is still impossible to do the decryption; on the other hand, it is to prevent the case of the loss of a key factor affecting the normal decryption, since the decryption can still be carried out as long as the number of persons having valid key factors is greater than or equal to the threshold value.
  • the threshold encryption algorithm uses the Shamir scheme as an example, but it is not limited to the Shamir scheme, it is also possible to use the Asmuth-Bloom threshold secret key scheme.
  • the vendor of the software encrypts the software plaintext by using an encryption algorithm which is the currently available symmetric or asymmetric encryption algorithm such as AES, DES or RSA, ECC and so on. If the symmetric encryption algorithm is used, then the encryption secret key of software is the same as the decryption secret key, which can also be used for decryption, and the decryption secret key is the secret key SK (namely, the first secret key) . If the asymmetric encryption algorithm is used, then the encryption secret key has a corresponding relationship with the decryption secret key of said asymmetric encryption algorithm, and the decryption secret key is the secret key SK (namely, the first secret key) in the present invention.
  • an encryption algorithm which is the currently available symmetric or asymmetric encryption algorithm such as AES, DES or RSA, ECC and so on.
  • the encryption secret key of software is the same as the decryption secret key, which can also be used for decryption
  • the decryption secret key is the secret key
  • the present invention specifically uses the Shamir scheme of threshold encryption to generate a second secret key by calculating n factors of the threshold secret key, K 1 , K 2 , , K n , the second secret key is used to encrypt the secret key SK into a secret key cipher text PSK, and the secret key cipher text PSK is spliced into the encrypted software, for example it is spliced into the head or tail of the encrypted software.
  • n factors of the threshold secret key are spliced into different physical paragraphs of the encrypted software by a strong splicing algorithm (or a simple splicing mode), for example, they splice it into the head or tail of the software.
  • step one encrypting the software which needs to be protected
  • step two encrypting the first secret key SK from step one
  • step three splicing the secret key factors for performing the encryption in step two
  • the restoration method of the threshold secret key makes the software loading process have dynamic characteristics, and every time the threshold secret key factors for decryption are obtained from different positions of the software, so it can effectively increase the degree of difficulty for cracking by a cracking method of tracing the software loading process.
  • FIG. 1 A flowchart of software encryption process of the present invention is shown in Fig. 1.
  • Step 101 select a suitable symmetric encryption algorithm such as AES, DES and so on, and encrypt the software plaintext into a first software cipher text by using a first encryption module, wherein the secret key used is a first secret key SK.
  • a suitable symmetric encryption algorithm such as AES, DES and so on
  • Step 102 protect the aforementioned secret key SK by using the Shamir algorithm in threshold encryption algorithms by a second encryption module, and use the Shamir scheme of Lagrange interpolation polynomial algorithm in a Z p field to generate a t-1 order polynomial, where Z p is a prime field:
  • P n (x) ⁇ 0 + Ci 1 X + a 2 x 2 + ... + a t ⁇ x t ⁇ wherein the coefficients ao, a n of P n (x) are generated at random.
  • Step 103 divide the integrated whole of the first software cipher text and key cipher text into n paragraphs by using the encapsulation module, and splice the n factors of the threshold secret key into n paragraphs.
  • the n factors of the secret key can be directly spliced respectively into the head and tail of each paragraph of the first software cipher text, so as to form the second software cipher text which is stored in storage medium, as shown in this figure, the black parts are the factors of the secret key and the white parts are the n paragraphs; and it is also possible to use the following splicing method to form a more complicated second software cipher text.
  • each paragraph C comprises Co, C2, ., C m -i, k represents P n (i) of threshold secret key factor pair K 1 , and the specific splicing process is as follows:
  • h hash (A:) is calculated, namely the hash value of the threshold secret key factor k is recorded, which is used for verifying whether the restored threshold factor is correct or not at the time of decryption.
  • the final software cipher text for storing namely the second software cipher text, is formed by splicing all the paragraphs Cs and the corresponding hash values h, and the second software cipher text is stored into the storage medium.
  • any t factors of the secret key can be used to restore the second secret key ao, so as to decrypt PSK, and therefore the software loader will select t of n factors of the secret key at random for decrypting PSK every time when the encrypted software is loaded, so as to provide a highly powerful protection mechanism with dynamic characteristics to prevent a cracker from tracing and analyzing the software loading process.
  • Fig. 2 is a flowchart of loading and decrypting software according to the present invention.
  • the second software cipher text is loaded into the memory from a storage medium by a loader, and in this figure the black parts are the secret key factors, and the white parts are the first software cipher text and PSK; if the splicing method as shown in step 103 is not used in the encryption step, and only n factors of the secret key are directly spliced into the head or tail of the corresponding paragraphs of the software cipher text, then t factors of the secret key can be obtained by directly selecting from the cipher text t paragraphs at random by the decapsulation module in step 201, and the second cipher text is restored into the first cipher text and PSK.
  • step 103 If the splicing method as shown in step 103 is used during the encryption, then one cipher text paragraph C and its corresponding hash value h are selected by the decapsulation module, and the factor k of the threshold secret key carried in that paragraph of the cipher text is restored.
  • the restoration algorithm is as follows: eliminating the Co to C m - ⁇ from EO to Em, substituting
  • step b Repeat step b, till k l _ l -k l ⁇ 1 , then Tc 1+1 is approximate to the root of Pl.
  • Said Hash algorithm in the present invention is a one-way algorithm, that is to say, the original data cannot be deduced inversely after the data are calculated, and therefore if it is necessary to compare whether the data are altered before and after they are transmitted, it is only necessary to make a comparison of the hash values before and after the transmission.
  • step (e) If k is not found in step (d) , then it means that PO has several real roots, and the other real roots can be obtained by the following method:
  • step (d) Use the root k 1+1 obtained in step (d) as a new k 0 .
  • step (e) Calculate all of the real roots of PO by this step (e) , and repeat to check step (d) every time after passing step (e) to determine whether or not the real secret key factor has been obtained, and then obtain the factor k of the threshold secret key.
  • Step 203 decrypt the encrypted software by using SK by the first encryption module, so as to obtain the original software plaintext .
  • a CPU operates according to the software plaintext.
  • FIG. 3 A schematic diagram of an encryption apparatus of the present invention is shown in Fig. 3, which comprises a first encryption module, a second encryption module and an encapsulation module; said first encryption module encrypts a software plaintext into a first software cipher text by using a first secret key SK; said second encryption module, which is connected with said first encryption module, generates a second encryption module using n factors of a threshold secret key, encrypts said first secret key SK into an secret key cipher text PSK by using the second secret key, and stores said secret key cipher text PSK into said first software cipher text; and said encapsulation module, which is connected with said second encryption module, divides said first software cipher text into n paragraphs, and splices said factors of the threshold secret key into said paragraphs to form a second software cipher text.
  • FIG. 4 A schematic diagram of a decryption apparatus of the present invention is shown in Fig. 4, which comprises a decapsulation module, a second decryption module and a first decryption module; said decapsulation module decapsulates a second software cipher text into a first software cipher text, and selects t factors of a threshold secret key from n paragraphs of the second software cipher text at random; said second decryption module, which is connected with said decapsulation module, generates a second secret key according to said t factors of the threshold secret key, and decrypts the secret key cipher text PSK into the first secret key SK by using the second secret key; said first decryption module, which is connected with said second decryption module, decrypts said first software cipher text by using said first secret key SK, so as to obtain a software plaintext.
  • FIG. 5 A schematic operation diagram of an apparatus of the present invention is shown in Fig. 5. It comprises a loader for loading software from a storage medium, and also the encryption apparatus as shown in Fig. 4, here redundant description on the same parts is not repeated.
  • the loader loads the second software cipher text from the storage medium (for example a hard disk) , and inputs it into said decryption apparatus which transforms said second software cipher text to the software plaintext, and then transmits it to the CPU for executing .
  • the storage medium for example a hard disk
  • the beneficial effects of the present invention are that, it encrypts executable software so as to make it impossible for a cracker to obtain the secret key by simply tracing the software loading process, so that it prevents the software from being decrypted and compiled by way of reverse engineering and so on. It enhances the protection to the software's secret key, and makes it more difficult for crackers to obtain the physical address of the secret key by tracing the software loading process so as to achieve the object of cracking the software by analyzing the secret key; and the present invention, by way of the technology of dynamically storing the secret key, enhances the currently available solutions of encrypting the software for improving the security thereof.

Abstract

The present invention relates to the field of computer security, and particularly to a method and an apparatus for encrypting and decrypting software. The decryption process of the present invention comprises the following steps: step 201, selecting t factors of a threshold secret key from n paragraphs of a second software cipher text at random, restoring a first software cipher text and an secret key cipher text PSK from the second software cipher text, wherein n is a positive integer greater than 1, t is a positive integer less than or equal to n; step 202, extracting said secret key cipher text PSK, calculating a second secret key according to said t factors of the threshold secret key, and using the second secret key to decrypt the secret key cipher text PSK into the first secret key SK; and step 203, decrypting said first software cipher text using said first secret key SK, so as to obtain the software's plaintext. The beneficial effects of the present invention are that it enhances the protection of the software encrypting key, and makes it more difficult for a cracker to crack the software by way of tracking the software' s loading process.

Description

Description
Method and apparatus for encrypting and decrypting software
Technical field
The present invention relates to the field of computer security, in particular to the field of computer encryption, and specifically to a method and an apparatus for encrypting and decrypting software.
Background art
Nowadays, software has become a commodity with independent value, and the functions, executing processes, coding, etc. in a piece of software tend to become objects plagiarized by competitors and other organizations or individuals . Therefore, software, particularly the software programmed in an intermediate language such as an programming language like Java, .NET, and so on are very easy to be encoded reversely by reverse engineering, for example by using .NET Reflect (a reverse engineering tool from Microsoft) , JAD (a reverse engineering tool from Java) , thereby obtaining the information regarding core algorithms, encoding and so on, and if such information is used in bad faith by crackers, for example by imitating the core algorithms of the software to bypass the registered software and so on, they will causes losses to the developers .
In the prior art, the measures for confusing the crackers in their cracking activities by changing the names of internal functions, rearranging the control flows or other methods have certain effects, which make the software programs reverse-coded difficult to read and understand or even impossible to read and understand, however this kind of protection mechanism to source codes cannot avoid the software program being encoded reversely, so it is still possible for the information of the software program to be lost.
In the article entitled "Using DES Encryption Algorithm to Protect Java Source Code", published in May 2005 in Computer and information technology, is disclosed a solution for encrypting software compiled by Java and decrypting it when running. The solution uses the Data Encryption Standard (DES) to encrypt a Java executable program, stores the encrypted program encoding and secret key in a memory, uses a loader to load the encrypted Java program encoding and key into system, takes out the secret key to decrypt the program encoding, converts it into the form of executable encoding, and loads it into a Java Virtual Machine to run.
The above method is very easy to be traced by crackers, and a cracker can trace every step from starting a program merely by using a debugging tool. If the program accesses a certain file every time when it is running, and obtains the secret key or the system's symbol name from the file, it will make the cracker to think that the file could be the secret key to the program or the comparison table for the system's symbol names, and if the cracker has confirmed that the file is the secret key file, then he will try every possible means to crack the file; and once the file is cracked, the software coding's cipher text can be converted into software coding's plaintext, and the source code of the software can be generated by reverse engineering, thereby causing a loss to the owner of the software .
Contents of the present invention
In order to solve the above problem and to enhance the degree of difficulty in software decompilation, an object of the present invention is to provide a method for encrypting software and a corresponding decryption method, wherein a threshold encryption feature is included, and every time when starting the software the address of threshold secret key factors obtained is different, which makes a cracker unable to decide which one is the secret key address.
The present invention also provides an apparatus for encrypting software and a corresponding decryption apparatus, which can store a plurality of factors of a threshold secret key into different paragraphs of the software and at the time of decryption it can obtain the factors of the threshold secret key from some paragraphs at random for decrypting the software.
Step 101: encrypting a software plaintext in a storage medium into a first software cipher text by using a first encryption module, wherein a secret key for decryption is a first secret key SK; step 102: generating a second secret key by a second encryption module using n factors of a threshold secret key, encrypting said first secret key SK into an secret key cipher text PSK by using the second secret key, and splicing said secret key cipher text PSK into said first software cipher text, wherein n is a positive integer greater than 1; and step 103: dividing said secret key cipher text PSK and said first software cipher text as an integrated whole into n paragraphs by using an encapsulation module, and splicing said factors of the threshold secret key into said paragraphs to form a second software cipher text which is stored in said storage medium.
According to a further aspect of the encryption method of the present invention, said encryption method specified in said step 101 comprises a symmetric encryption algorithm or an asymmetric encryption algorithm.
According to yet a further aspect of the encryption method of the present invention, the threshold secret key algorithm used in said step 102 comprises a Shamir threshold secret key scheme .
According to another further aspect of the encryption method of the present invention, in said step 103, said encapsulation module divides said secret key cipher text PSK and the first software cipher text as the integrated whole into n paragraphs; C represents any paragraph in said n paragraphs, and the paragraph C comprises blocks Co, C, - , Cm~lr and the following calculations are performed on each paragraph C and its corresponding k:
Q=Coxk (EO)
Figure imgf000006_0001
C2= C2xk+ C1 (E3)
Cm_x=Cm_x xk + Cm_2 (Em-I)
Cm=Cm_x (Em) in which x is the arithmetic multiplication operation, at the same time a hash value h of the threshold secret key factor k is calculated, the values of C0 to C1n are combined to form C , and the C s of the n paragraphs and their corresponding hash values h are spliced together to form said second software cipher text.
A method for decrypting software, comprising the following steps during the process of loading the software: step 201: selecting t factors of a threshold secret key by a decapsulation module from n paragraphs of a second software cipher text at random; and restoring a first software cipher text and an secret key cipher text PSK from said second software cipher text, wherein t is greater than or equal to 1 and less than or equal to n, and n is a positive integer greater than 1; step 202: extracting said secret key cipher text PSK, generating a second secret key by a second decryption module according to said t factors of the threshold secret key, and decrypting the secret key cipher text PSK into a first secret key SK by using the second secret key; and step 203: decrypting said first software cipher text by a first decryption module using said first secret key SK, and transmitting a software plaintext to a CPU, so as to execute the software.
According to a further aspect of the decryption method of the present invention, in said step 201, said decapsulation module performs calculation on each of the n paragraphs of the second software cipher text: eliminating Co, Ci, ... Cm-i according to EO to Em, so as to obtain the equation
Figure imgf000007_0001
-Cm'_2χkm-2 +... + (-ir'χC; (PO), k in the equation is solved, when the hash value of k is equal to the corresponding hash value h of the paragraph C" , the values of Co to Cm-i are restored from CO to C'm-i by using k, Co to Cm-i are combined to obtain the paragraph C which is one of the n paragraphs of the integrated whole of the first software cipher text and the secret key cipher text; n ks are solved, and the first software cipher text and the secret key cipher text PSK are restored from the second software cipher text.
According to yet a further aspect of the decryption method of the present invention, a polynomial Newton iteration method is used to solve k in said equation (PO) .
An apparatus for encrypting software, characterized in that it comprises a first encryption module, a second encryption module and an encapsulation module; said first encryption module encrypts a software plaintext to a first software cipher text using a first secret key SK; said second encryption module, which is connected with said first encryption module, generates a second encryption module using n factors of a threshold secret key, encrypts said first secret key SK into an secret key cipher text PSK using the second secret key, and stores said secret key cipher text PSK into said first software cipher text; and said encapsulation module, which is connected with said second encryption module, divides said first software cipher text into n paragraphs, and splices said factors of the threshold secret key into said paragraphs to form a second software cipher text.
An apparatus for decrypting software, characterized in that it comprises a decapsulation module, a second decryption module and a first decryption module; said decapsulation module decapsulates a second software cipher text into a first software cipher text and an secret key cipher text PSK, and selects t factors of a threshold secret key from n paragraphs of the second software cipher text at random; said second decryption module, which is connected with said decapsulation module, generates a second secret key according to said t factors of the threshold secret key, and decrypts the secret key cipher text PSK into the first secret key SK by using the second secret key; said first decryption module, which is connected with said second decryption module, decrypts said first software cipher text by using said first secret key SK, obtains a software plaintext and transmits the same to a CPU so as to execute the software.
The beneficial effects of the present invention are that it enhances the protection of the software encrypting key, and makes it more difficult for a cracker to crack the software by way of tracking the software's loading process, obtaining the physical address of the secret key by tracing the software loading process, thereby achieving the purpose of cracking the software by analyzing the secret key, and the present invention enhances the current solution of encrypting the software to improve the security thereof by the technology of dynamically storing the secret key.
Brief description of the drawings
Fig. 1 is a flowchart of performing the software encryption according to the present invention;
Fig. 2 is a flowchart of performing the software decryption according to the present invention;
Fig. 3 is a structure scheme of an apparatus for performing the software encryption according to the present invention;
Fig. 4 is a structure scheme of an apparatus for performing the software decryption according to the present invention; and
Fig. 5 is a structural diagram of an apparatus for implementing the present invention.
Detailed description of the preferred embodiments
Hereinbelow, the present invention is explained in detail in combination with the drawings .
The present invention utilizes the theory of a threshold secret key to provide further protection to said first secret key, and splices the factors of the threshold secret key into the encrypted software, so as to make a cracker obtain a different jump address every time he traces the program running, so that the cracker will not be able to determine where to seek said first secret key. The software that can be protected by the present invention is not only limited to executable programs, but also includes functional modules and the software's core algorithms and so on. The current threshold encryption method is to encrypt said first secret key SK to a secret key cipher text PSK by using a random number as a second secret key, and at the same time generates n factors of the threshold secret key for computing the random number; at the time that the secret key needs to be decrypted, it only needs t factors of the threshold secret key (t ≤ n) to generate said second secret key for decryption. The purpose for proposing the threshold cryptography is to disperse the rights and to enhance the security; the dispersion of rights is demonstrated in that when using the threshold cryptography for performing the decryption and if every person holds one secret key factor, the decryption can be accomplished only if the number of participators reach a certain number (the threshold value t) ; security, on the one hand, is to prevent the case that obtaining one key factor makes the encryption meaningless, therefore as long as the number of cracked persons in this group does not reach the threshold value it is still impossible to do the decryption; on the other hand, it is to prevent the case of the loss of a key factor affecting the normal decryption, since the decryption can still be carried out as long as the number of persons having valid key factors is greater than or equal to the threshold value. In the embodiments of the present invention the threshold encryption algorithm uses the Shamir scheme as an example, but it is not limited to the Shamir scheme, it is also possible to use the Asmuth-Bloom threshold secret key scheme.
Before selling a piece of software, the vendor of the software encrypts the software plaintext by using an encryption algorithm which is the currently available symmetric or asymmetric encryption algorithm such as AES, DES or RSA, ECC and so on. If the symmetric encryption algorithm is used, then the encryption secret key of software is the same as the decryption secret key, which can also be used for decryption, and the decryption secret key is the secret key SK (namely, the first secret key) . If the asymmetric encryption algorithm is used, then the encryption secret key has a corresponding relationship with the decryption secret key of said asymmetric encryption algorithm, and the decryption secret key is the secret key SK (namely, the first secret key) in the present invention. Since the software's secret key SK is critical to whether the software can be cracked or not, the security of the secret key SK is very important, and the present invention specifically uses the Shamir scheme of threshold encryption to generate a second secret key by calculating n factors of the threshold secret key, K1, K2, , Kn, the second secret key is used to encrypt the secret key SK into a secret key cipher text PSK, and the secret key cipher text PSK is spliced into the encrypted software, for example it is spliced into the head or tail of the encrypted software. Furthermore, the n factors of the threshold secret key are spliced into different physical paragraphs of the encrypted software by a strong splicing algorithm (or a simple splicing mode), for example, they splice it into the head or tail of the software. In the present invention, it is carried out by: step one, encrypting the software which needs to be protected; step two, encrypting the first secret key SK from step one; and step three, splicing the secret key factors for performing the encryption in step two; while when the software needs to be decrypted in order to run, t (1 ≤ t ≤ n, both t and n are positive integers) factors of the threshold secret key are obtained from the protected software cipher text at random, and then the first secret key SK of encrypted software can be solved from the secret key cipher text PSK by using the Shamir scheme, so as to decrypt the software cipher text. The restoration method of the threshold secret key makes the software loading process have dynamic characteristics, and every time the threshold secret key factors for decryption are obtained from different positions of the software, so it can effectively increase the degree of difficulty for cracking by a cracking method of tracing the software loading process.
A flowchart of software encryption process of the present invention is shown in Fig. 1.
Step 101, select a suitable symmetric encryption algorithm such as AES, DES and so on, and encrypt the software plaintext into a first software cipher text by using a first encryption module, wherein the secret key used is a first secret key SK.
Step 102, protect the aforementioned secret key SK by using the Shamir algorithm in threshold encryption algorithms by a second encryption module, and use the Shamir scheme of Lagrange interpolation polynomial algorithm in a Zp field to generate a t-1 order polynomial, where Zp is a prime field:
Pn (x) = α0 + Ci1X + a2x2 + ... + ax wherein the coefficients ao, an of Pn(x) are generated at random.
Let Xi = 1, calculate -Pn(I) = cι0x + α2 +...+ αt_x ,
let Xn = n, calculate Pn(n) = α0ιn + cι2n2 +... + αn . wherein, Pn(I),...,Pn(«) < 2M , n is a positive integer greater than 1, and t is a positive integer greater than and equal to 1 and less than n.
Then generate n factor pairs of the threshold secret key K1 = (1, Pn(I)), ... Kn= (n, Pn (n)), encrypt the secret key SK into the secret key cipher text PSK using ao as the second secret key. Also, splice the secret key cipher text PSK after having been encrypted into the head or tail of said first software cipher text, and in this step a storage method in the prior art can be used.
Step 103, divide the integrated whole of the first software cipher text and key cipher text into n paragraphs by using the encapsulation module, and splice the n factors of the threshold secret key into n paragraphs. Here, the n factors of the secret key can be directly spliced respectively into the head and tail of each paragraph of the first software cipher text, so as to form the second software cipher text which is stored in storage medium, as shown in this figure, the black parts are the factors of the secret key and the white parts are the n paragraphs; and it is also possible to use the following splicing method to form a more complicated second software cipher text.
C represents a certain paragraph of the first software cipher text, wherein each paragraph C comprises Co, C2, ., Cm-i, k represents Pn (i) of threshold secret key factor pair K1, and the specific splicing process is as follows:
C - C x k (EO)
C C1 - - C C1 x k + C0 (E2)
C C7 - — C C7 x k + C1 (E3)
Figure imgf000013_0001
Cm=Cm_x (Em) wherein x is an arithmetic multiplication operation. As a preferred embodiment, the length of each paragraph C1 is equal to the length of k, that is to say length (C1) = length (k) . For example, the software is divided into n paragraphs after being encrypted, in which a certain paragraph C has a length of 128 bytes, while a factor of the secret key has a length of 16 bytes, then C is divided into 8 paragraphs, namely m = 7, and the length of each paragraph C1 in C has a length of 16 bytes. At the same time, h = hash (A:) is calculated, namely the hash value of the threshold secret key factor k is recorded, which is used for verifying whether the restored threshold factor is correct or not at the time of decryption. After having combined C0 to C1n to form a complete C", it is then spliced with the hash value h (h is added in front or behind the paragraph C), and then the final software cipher text for storing, namely the second software cipher text, is formed by splicing all the paragraphs Cs and the corresponding hash values h, and the second software cipher text is stored into the storage medium.
In the Shamir threshold encryption scheme, any t factors of the secret key can be used to restore the second secret key ao, so as to decrypt PSK, and therefore the software loader will select t of n factors of the secret key at random for decrypting PSK every time when the encrypted software is loaded, so as to provide a highly powerful protection mechanism with dynamic characteristics to prevent a cracker from tracing and analyzing the software loading process.
Fig. 2 is a flowchart of loading and decrypting software according to the present invention. At the stage of starting the software, the second software cipher text is loaded into the memory from a storage medium by a loader, and in this figure the black parts are the secret key factors, and the white parts are the first software cipher text and PSK; if the splicing method as shown in step 103 is not used in the encryption step, and only n factors of the secret key are directly spliced into the head or tail of the corresponding paragraphs of the software cipher text, then t factors of the secret key can be obtained by directly selecting from the cipher text t paragraphs at random by the decapsulation module in step 201, and the second cipher text is restored into the first cipher text and PSK. If the splicing method as shown in step 103 is used during the encryption, then one cipher text paragraph C and its corresponding hash value h are selected by the decapsulation module, and the factor k of the threshold secret key carried in that paragraph of the cipher text is restored. The restoration algorithm is as follows: eliminating the Co to Cm-ι from EO to Em, substituting
C»i-i = Cm' into (Em-I) to obtain the equation
Cm-2
Figure imgf000015_0001
xk , which is substituted into (Em-2) , , till (EO); and finally forming the polynomial
0 = -Cmkm + Cm_x x k -Cm_2 xkm-2 +... + (-Ir-1Xq , which is labeled as PO; the secret key factors Tc are the roots of the aforementioned polynomial, and the roots are found by calculating the polynomial in the numerical field, and Tc can be restored from the second software cipher texts Cϋ', C[,...,Cm' . The Newton iteration algorithm is used to seek one or more roots of the polynomial PO in this embodiment.
(a) Let
Figure imgf000015_0002
(Pl) , arbitrarily selecting an initial ko, for example k^=l!mgh(k)Λ . f(k )
(b ) Calculate kl+l = kt - , ' , i=0 to m , /(T) i s the derivative
/(K) of f(k), namely, f'(k) = -Cm'xmxkm'l + Cm'_lx(m-l)xkm'2-Cm'_2x(m-2)xkm'3+... + (-l)m'2xCl'
(c) Repeat step b, till kl_l-kl <1 , then Tc1+1 is approximate to the root of Pl.
(d) If hash (Tc1+1) = h, or hash (Tc1+1+1) = h, hash (Tc1+1-I) = h, wherein h is the h value in the encryption step (4) , then the Tc1+1 calculated in this step is the factor Tc of the threshold secret key in the encryption step, and jump to step (f) ; if it is not equal, then the algorithm for finding the numerical root Tc fails, enter into step (e) . Said Hash algorithm in the present invention is a one-way algorithm, that is to say, the original data cannot be deduced inversely after the data are calculated, and therefore if it is necessary to compare whether the data are altered before and after they are transmitted, it is only necessary to make a comparison of the hash values before and after the transmission.
(e) If k is not found in step (d) , then it means that PO has several real roots, and the other real roots can be obtained by the following method:
Use the root k1+1 obtained in step (d) as a new k0.
Let b0 =—Cm' , bk = (-I)* ' χCm'_k + k0 xbk_x , where k = 1 , 2, ..., m-1, and then establish a new polynomial,
Figure imgf000016_0001
use the aforementioned steps b-c to calculate the real roots of the new equation P2, so as to obtain the other real roots of PO .
Calculate all of the real roots of PO by this step (e) , and repeat to check step (d) every time after passing step (e) to determine whether or not the real secret key factor has been obtained, and then obtain the factor k of the threshold secret key.
(f) After having obtained the factor k of the secret key in a cipher text paragraph, substitute it back to EO to Em, and restore the first software cipher text C^C2,...,C1n from the second software cipher text C0, C1,...,C1n .
Perform steps a-f on n paragraphs C to obtain all the factors k of the threshold secret key needed in decrypting the secret key cipher text PSK, and restore all the cipher text C by using k to form the first software cipher text.
Step 202, after restoring the t factors of the threshold secret key, K1 = (xir Pn(X1)), l≤i≤t, establish a new polynomial by using t ks by the second decryption module
Figure imgf000017_0001
wherein, yk = Pn (xk), X1 and xk are X1 in the restored threshold secret key factor pair, in which i ≠ k, and finally let x = 0, to obtain Pn(0) = α0.
Extract PSK in the first software cipher text, and use ao as the secret key for decrypting the secret key cipher text PSK, so as to obtain the first secret key SK for decrypting the encrypted software.
Step 203, decrypt the encrypted software by using SK by the first encryption module, so as to obtain the original software plaintext .
A CPU operates according to the software plaintext.
A schematic diagram of an encryption apparatus of the present invention is shown in Fig. 3, which comprises a first encryption module, a second encryption module and an encapsulation module; said first encryption module encrypts a software plaintext into a first software cipher text by using a first secret key SK; said second encryption module, which is connected with said first encryption module, generates a second encryption module using n factors of a threshold secret key, encrypts said first secret key SK into an secret key cipher text PSK by using the second secret key, and stores said secret key cipher text PSK into said first software cipher text; and said encapsulation module, which is connected with said second encryption module, divides said first software cipher text into n paragraphs, and splices said factors of the threshold secret key into said paragraphs to form a second software cipher text. A schematic diagram of a decryption apparatus of the present invention is shown in Fig. 4, which comprises a decapsulation module, a second decryption module and a first decryption module; said decapsulation module decapsulates a second software cipher text into a first software cipher text, and selects t factors of a threshold secret key from n paragraphs of the second software cipher text at random; said second decryption module, which is connected with said decapsulation module, generates a second secret key according to said t factors of the threshold secret key, and decrypts the secret key cipher text PSK into the first secret key SK by using the second secret key; said first decryption module, which is connected with said second decryption module, decrypts said first software cipher text by using said first secret key SK, so as to obtain a software plaintext.
A schematic operation diagram of an apparatus of the present invention is shown in Fig. 5. It comprises a loader for loading software from a storage medium, and also the encryption apparatus as shown in Fig. 4, here redundant description on the same parts is not repeated. The loader loads the second software cipher text from the storage medium (for example a hard disk) , and inputs it into said decryption apparatus which transforms said second software cipher text to the software plaintext, and then transmits it to the CPU for executing .
The beneficial effects of the present invention are that, it encrypts executable software so as to make it impossible for a cracker to obtain the secret key by simply tracing the software loading process, so that it prevents the software from being decrypted and compiled by way of reverse engineering and so on. It enhances the protection to the software's secret key, and makes it more difficult for crackers to obtain the physical address of the secret key by tracing the software loading process so as to achieve the object of cracking the software by analyzing the secret key; and the present invention, by way of the technology of dynamically storing the secret key, enhances the currently available solutions of encrypting the software for improving the security thereof.
The above particular embodiments are only used to describe the present invention, not to define the present invention.

Claims

Claims
1. A method for encrypting software, comprising the following steps : step 101: encrypting a software plaintext in a storage medium into a first software cipher text by using a first encryption module, wherein an secret key for decryption is a first secret key SK; step 102: generating a second secret key by a second encryption module using n factors of a threshold secret key, wherein n is a positive integer greater than 1, encrypting said first secret key SK into an secret key cipher text PSK by using the second secret key, and splicing said secret key cipher text PSK into said first software cipher text; and step 103: dividing said secret key cipher text PSK and said first software cipher text as an integrated whole into n paragraphs by using an encapsulation module, and splicing said factors of the threshold secret key into said paragraphs to form a second software cipher text which is stored in said storage medium.
2. The method for encrypting software as claimed in claim 1, characterized in that said encryption method specified in said step 101 comprises a symmetric encryption algorithm or an asymmetric encryption algorithm.
3. The method for encrypting software as claimed in claim 1, characterized in that the threshold secret key algorithm used in said step 102 comprises a Shamir threshold secret key scheme, or an Asmuth-Bloom threshold secret key scheme.
4. The method for encrypting software as claimed in claim 3, characterized in that, in said step 103, said encapsulation module divides said secret key cipher text PSK and the first software cipher text as the integrated whole into n paragraphs; C represents any paragraph in said n paragraphs, and the paragraph C comprises blocks Co, C, -, Cm-lf wherein the length of each paragraph is equal to the length of a threshold secret key factor k, and the following calculations are performed on each paragraph C and its corresponding k:
Figure imgf000021_0001
Figure imgf000021_0002
Cm=Cm_λ (Em)
in which x is the arithmetic multiplication operation, at the same time a hash value h of the threshold secret key factor k is calculated, the values of C0 " to Cm' are combined to form C' , and the C" s of the n paragraphs and their corresponding hash values h are spliced together to form said second software cipher text.
5. A method for decrypting software, comprising the following steps during the process of loading the software: step 201: selecting t factors of a threshold secret key by a decapsulation module from n paragraphs of a second software cipher text at random, wherein t is greater than or equal to 1 and less than or equal to n, and n is a positive integer greater than 1; and restoring a first software cipher text and an secret key cipher text PSK from said second software cipher text; step 202: extracting said secret key cipher text PSK, generating a second secret key by a second decryption module according to said t factors of the threshold secret key, and decrypting the secret key cipher text PSK into a first secret key SK by using the second secret key; and step 203: decrypting said first software cipher text by a first decryption module using said first secret key SK, and transmitting a software plaintext to a CPU, so as to execute the software.
6. The method for decrypting software as claimed in claim
5, characterized in that, in said step 201, said decapsulation module performs calculation on each of the n paragraphs of the second software cipher text: eliminating Co, C1, ... , Cm-± according to EO to Em, so as to obtain the equation o=-cmkm +c;_, χkm-1 -cm_2χkm-2 +...+(-Ir1Xc; (PO), k in the equation is solved, when the hash value of k is equal to the corresponding hash value h of the paragraph C" , the values of Co to Cm-i are restored from CO to C'm-i by using k, Co to Cm-i are combined to obtain the paragraph C which is one of the n paragraphs of the integrated whole of the first software cipher text and the secret key cipher text; n ks are solved, and the first software cipher text and the secret key cipher text PSK are restored from the second software cipher text.
7. The method for decrypting software as claimed in claim
6, characterized in that the polynomial Newton iteration method is used to solve k in said equation (PO) .
8. An apparatus for encrypting software, characterized in that it comprises a first encryption module, a second encryption module and an encapsulation module; said first encryption module encrypts a software plaintext to a first software cipher text using a first secret key SK; said second encryption module, which is connected with said first encryption module, generates a second encryption module using n factors of a threshold secret key, encrypts said first secret key SK into an secret key cipher text PSK using the second secret key, and stores said secret key cipher text PSK into said first software cipher text; and said encapsulation module, which is connected with said second encryption module, divides said first software cipher text into n paragraphs, and splices said factors of the threshold secret key into said paragraphs to form a second software cipher text.
9. An apparatus for decrypting software, characterized in that it comprises a decapsulation module, a second decryption module and a first decryption module; said decapsulation module decapsulates a second software cipher text into a first software cipher text and an secret key cipher text PSK, and selects t factors of a threshold secret key from n paragraphs of the second software cipher text at random; said second decryption module, which is connected with said decapsulation module, generates a second secret key according to said t factors of the threshold secret key, and decrypts the secret key cipher text PSK into the first secret key SK by using the second secret key; said first decryption module, which is connected with said second decryption module, decrypts said first software cipher text by using said first secret key SK, obtains a software plaintext and transmits the same to a CPU so as to execute the software.
PCT/EP2008/055912 2007-05-23 2008-05-14 Method and apparatus for encrypting and decrypting software WO2008141992A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
JP2010508801A JP5167348B2 (en) 2007-05-23 2008-05-14 Software encryption method, software decryption method, software encryption device, and software decryption device
EP08759593A EP2150917A1 (en) 2007-05-23 2008-05-14 Method and apparatus for encrypting and decrypting software

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN2007101076366A CN101311942B (en) 2007-05-23 2007-05-23 Software encryption and decryption method and encryption and decryption device
CN200710107636.6 2007-05-23

Publications (1)

Publication Number Publication Date
WO2008141992A1 true WO2008141992A1 (en) 2008-11-27

Family

ID=39590378

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2008/055912 WO2008141992A1 (en) 2007-05-23 2008-05-14 Method and apparatus for encrypting and decrypting software

Country Status (4)

Country Link
EP (1) EP2150917A1 (en)
JP (1) JP5167348B2 (en)
CN (1) CN101311942B (en)
WO (1) WO2008141992A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150289133A1 (en) * 2014-04-04 2015-10-08 Alibaba Group Holding Limited Transmission of Beacon Message
US10469245B2 (en) 2014-12-24 2019-11-05 Koninklijke Philips N.V. Cryptographic system and method
CN112926074A (en) * 2021-03-26 2021-06-08 成都卫士通信息产业股份有限公司 SM9 key thresholding generation method, device, equipment and storage medium
CN116405293A (en) * 2023-04-07 2023-07-07 光谷技术有限公司 Data encryption storage method of safe operation and maintenance system

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106330435A (en) * 2015-07-02 2017-01-11 中兴通讯股份有限公司 Key transformation method and device, and terminal
CN106599628B (en) * 2016-12-08 2019-04-02 合肥康捷信息科技有限公司 A kind of Python byte code files guard method based on module hook
CN108880812B (en) * 2017-05-09 2022-08-09 北京京东尚科信息技术有限公司 Method and system for data encryption
CN107248914B (en) * 2017-08-14 2020-12-15 四川长虹电器股份有限公司 Novel symmetric encryption system and encryption method on iOS device
CN107579962B (en) * 2017-08-24 2019-04-30 中链科技有限公司 A kind of method and device of source code encryption and decryption
CN108270574B (en) * 2018-02-11 2021-02-09 浙江中控技术股份有限公司 Safe loading method and device for white list library file
CN108964912B (en) * 2018-10-18 2022-02-18 深信服科技股份有限公司 PSK generation method, PSK generation device, user equipment, server and storage medium
CN110166236B (en) * 2019-05-31 2022-01-18 北京中金国信科技有限公司 Key processing method, device and system and electronic equipment
CN110289955A (en) * 2019-06-25 2019-09-27 杭州趣链科技有限公司 A kind of key management method for serving certificate agency based on threshold cryptography model
CN110535642B (en) * 2019-09-02 2022-09-13 北京智游网安科技有限公司 Method for distributing storage keys, intelligent terminal and storage medium
CN111310211A (en) * 2020-02-19 2020-06-19 成都三零凯天通信实业有限公司 Method for encrypting database by using SM4 algorithm
CN112565400A (en) * 2020-12-03 2021-03-26 东北大学 Cooperative resource distribution system and method based on IPv6 campus network
CN112464270A (en) * 2020-12-30 2021-03-09 广汽本田汽车有限公司 Bidding file encryption and decryption method, equipment and storage medium
CN113094664B (en) * 2021-04-09 2022-11-04 每日互动股份有限公司 System for preventing android application program from being decompiled

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5915025A (en) * 1996-01-17 1999-06-22 Fuji Xerox Co., Ltd. Data processing apparatus with software protecting functions
WO2000041357A1 (en) * 1999-01-08 2000-07-13 Nortel Networks Limited Exchanging a secret over an unreliable network
US6236729B1 (en) * 1997-06-06 2001-05-22 Hitachi, Ltd. Key recovery method and system
WO2002025415A2 (en) * 2000-09-22 2002-03-28 Edc Systems, Inc. Systems and methods for preventing unauthorized use of digital content

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS61177479A (en) * 1985-02-01 1986-08-09 沖電気工業株式会社 Coding key managing system
US4853962A (en) * 1987-12-07 1989-08-01 Universal Computer Consulting, Inc. Encryption system
JPH0721688A (en) * 1993-06-30 1995-01-24 Victor Co Of Japan Ltd Optical recording medium and reproducing device therefor
JP3775175B2 (en) * 1996-06-28 2006-05-17 株式会社東芝 Key processing method and disk manufacturer side processing apparatus
GB2325123A (en) * 1997-05-08 1998-11-11 Ibm Data encryption/decryption using random numbers
JP3667988B2 (en) * 1997-06-06 2005-07-06 株式会社日立製作所 Key recovery method and apparatus
JP2005275694A (en) * 2004-03-24 2005-10-06 Hitachi Software Eng Co Ltd Method and protection system for protecting program from internal analysis
JP2006091967A (en) * 2004-09-21 2006-04-06 Matsushita Electric Ind Co Ltd Information processor and debugging device
CN100536393C (en) * 2005-01-14 2009-09-02 中兴通讯股份有限公司 Secret shared key mechanism based user management method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5915025A (en) * 1996-01-17 1999-06-22 Fuji Xerox Co., Ltd. Data processing apparatus with software protecting functions
US6236729B1 (en) * 1997-06-06 2001-05-22 Hitachi, Ltd. Key recovery method and system
WO2000041357A1 (en) * 1999-01-08 2000-07-13 Nortel Networks Limited Exchanging a secret over an unreliable network
WO2002025415A2 (en) * 2000-09-22 2002-03-28 Edc Systems, Inc. Systems and methods for preventing unauthorized use of digital content

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MENEZES ET AL: "HANDBOOK OF APPLIED CRYPTOGRAPHY", HANDBOOK OF APPLIED CRYPTOGRAPHY, BOCA RATON, FL, CRC PRESS.; US, US, 1 January 1997 (1997-01-01), pages 567 - 570,546, XP002356115, ISBN: 978-0-8493-8523-0 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150289133A1 (en) * 2014-04-04 2015-10-08 Alibaba Group Holding Limited Transmission of Beacon Message
US9686679B2 (en) * 2014-04-04 2017-06-20 Alibaba Group Holding Limited Transmission of beacon message
TWI695634B (en) * 2014-04-04 2020-06-01 香港商阿里巴巴集團服務有限公司 Beacon data transmission, method and device for providing service based on beacon
US10469245B2 (en) 2014-12-24 2019-11-05 Koninklijke Philips N.V. Cryptographic system and method
CN112926074A (en) * 2021-03-26 2021-06-08 成都卫士通信息产业股份有限公司 SM9 key thresholding generation method, device, equipment and storage medium
CN112926074B (en) * 2021-03-26 2022-08-23 成都卫士通信息产业股份有限公司 SM9 key thresholding generation method, device, equipment and storage medium
CN116405293A (en) * 2023-04-07 2023-07-07 光谷技术有限公司 Data encryption storage method of safe operation and maintenance system
CN116405293B (en) * 2023-04-07 2023-09-01 光谷技术有限公司 Data encryption storage method of safe operation and maintenance system

Also Published As

Publication number Publication date
EP2150917A1 (en) 2010-02-10
JP5167348B2 (en) 2013-03-21
JP2010528511A (en) 2010-08-19
CN101311942A (en) 2008-11-26
CN101311942B (en) 2011-08-24

Similar Documents

Publication Publication Date Title
EP2150917A1 (en) Method and apparatus for encrypting and decrypting software
EP2398182B1 (en) A device and a method for generating software code
JP5742849B2 (en) Encrypted database system, client terminal, encrypted database server, natural join method and program
CN110008745B (en) Encryption method, computer equipment and computer storage medium
TWI570590B (en) Dynamic encryption keys for use with xts encryption systems employing reduced-round ciphers
CN105468940B (en) Method for protecting software and device
CN110061840A (en) Data ciphering method, device, computer equipment and storage medium
CN111010266B (en) Message encryption and decryption, reading and writing method and device, computer equipment and storage medium
Brenner et al. How practical is homomorphically encrypted program execution? an implementation and performance evaluation
WO2018015325A1 (en) Device and method for performing obfuscated arithmetic
CN109687966A (en) Encryption method and its system
JP6554103B2 (en) How to protect secret data when used in cryptographic algorithms
US10572635B2 (en) Automatic correction of cryptographic application program interfaces
CN105426702A (en) Android operating system based application program encrypting method and device, and Android operating system based application program decrypting method and device
CN109255225A (en) Hard disc data security control apparatus based on dual-identity authentication
US8862896B2 (en) Data protection using key translation
EP3891925B1 (en) A computation device using shared shares
JP2009288616A (en) Secret sharing method, program and device
KR101440680B1 (en) Homomorphic Encryption and Decryption Method using Chinese Remainder Theorem and apparatus using the same
KR102602696B1 (en) Encryption device and decryption device, and method of operation thereof
CN113051587A (en) Privacy protection intelligent transaction recommendation method, system and readable medium
CN112580061A (en) Calling method of quantum encryption and decryption application interface and related equipment
KR101677138B1 (en) Method of on-line/off-line electronic signature system for security of off-line token
JP6296589B2 (en) Cryptographic processing system
JP2009271884A (en) Information processor and information processing program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08759593

Country of ref document: EP

Kind code of ref document: A1

WWE Wipo information: entry into national phase

Ref document number: 2008759593

Country of ref document: EP

NENP Non-entry into the national phase

Ref country code: DE

WWE Wipo information: entry into national phase

Ref document number: 2010508801

Country of ref document: JP