The present invention relates to a method and system for securing software. Specifically, the present invention relates to a unique method and system for generating, distributing and executing software that is partially encrypted, where the encrypted parts are located and run on a trusted computing device. Examples of such computing devices include different types of mobile phones, PDAs, smart flash drives, video game consoles, GPS devices and other memory cards, including but not limited to, Secure Digital (SD Card), Secure Digital High-Speed, Secure Digital Plus/Xtra/etc. (SD with USB connector).
The current invention addresses the problem of software piracy. The approach employed follows the Software Licensing Authentication Token (SLAT) solution, also known as the Digital Rights Management (DRM) solution.
Existing software security solutions on the market provide insufficient security and suffer from various deficiencies. Known typical hardware-based solutions, which use a dongle/key in conjunction with software are cumbersome and costly and can be easily removed since their integration is susceptible to simple attacks. Other software-based solutions are also less than optimal as they often require computer specialists for their implementation.
A comprehensive solution to address the software security problem should not only provide faultless security that is non-breakable and seamlessly integrated with the protected software, but also allow for the implementation of different software sales and licensing models. The solution should be non-disruptive when the software is in use, as well as during the programming stage when the software is created. In addition, the result of using the new method should not affect the performance of the running software, or make it not useful.
Some of the existing methods for protecting computer program usage are based on adding code to the computer program. For example, a software protection application may add an internal authorization mechanism that verifies the presence of a dongle or plug connected to a port of the computer. However, since the computer program is fully functional and capable of running properly without the added code, such protection methods may simply be bypassed by skipping over the added code.
A different approach, used in the prior art, includes a solution that splits the software that is being protected and puts a small portion of it onto a special non-breakable device. The unprotected part may be executed on the user hardware and therefore made publicly available; whereas, the protected part may be executed in a secure computing environment (“protected processor”) that is not publicly revealed in plain text form. The partition of the program may be chosen so that the protected part is difficult to reconstruct from the unprotected part of the program, or it is difficult to reverse-engineer. In addition, the partition may be designed so that in order for execution to succeed both parts of the computer program must be present during execution. This type of system was disclosed in ABYSS: An Architecture for Software Protection by White and Comerford, IEEE Transactions on Software Engineering, Vol 16, No. 6, June 1990. Finally, it should be noted that this invention neither limits the programming process nor the development stage.
The main limitation of the ABYSS system is that for security reasons, the protected part is located on a server in a remote computer that is connected via a network. The protected processor and the user hardware may communicate over the Internet or another network connection, which often puts communication ahead of performance and results in a noticeable delay whenever the protected part is accessed. This invention is therefore limited for use by only certain kinds of programs, based on a client-server structure or computer systems. It cannot be used in programs that require real-time performance, or in interactive programs such as user games. Furthermore, ABYSS authors neither disclosed a particular method for dividing a computer program to implement their security system, nor specified how to split monolithic software into a working client-server model.
Prior art that provides a method of partitioning a program, or the binary code of a program, and selecting parts of the code based on profiling information for its execution in a different computer or for compressing in order to save storage on small embedded systems, includes: (PCT WO 2006/120684 and Shlomit S. Pinter and Israel Waldman, “Selective Code Compression Scheme for Embedded Systems”, Transactions on HiPEAC—High-Performance Embedded Architectures and Compilers I, P. Stenström (Ed.); and LNCS 4050 Springer-Verlag Berlin Heidelberg, (February 2007) pp. 298-316), respectively.
There is a clear lack of a strong and performance-efficient solution for protecting the binary code of a program and the current invention addresses this need.
Other known protection mechanisms with a CD, dongle, or disk on key (data flash stick), namely solutions such as Approtec (PCT WO 2006120684 20061116), use a different approach from the current invention.
The present invention relates to a system for limiting the execution of a software program only to an authorized user. The software program can be provided in any suitable software form, such as a binary code, or it can be written in a high level program language. In the present invention, the binary code of the program is analyzed by an analyzing software (e.g., software profiling data) and partitioned into parts, some of which are selected to be protected. The protected parts are selected so that during any execution of the software, at least some of the selected parts must be present and executed. The protected code is encrypted and at least partially saved (together with a decryption engine) on an attached secured computing device such as a secured disk on key with a small processor or controller, or a smart flash drive, such as USB Flash Drives, SSD (solid-state drive), HDD; and various different flash devices such as SD (secure digital) cards, etc. These computing devices should have a small processor or controller or co-processor and possibly some type of memory. Each encrypted part of the software (i.e., the selected parts) is replaced with a piece of software routine or code (alteration software) that calls the corresponding encrypted part (e.g., such as a Stub call).
Of course, the encrypted code portions can be stored on any device that includes memory, and not necessarily just in the secured computing device. For example, this may occur when the memory volume of the secured computing device is insufficient (i.e., relatively low) and cannot accommodate all the encrypted code portions. In such cases, during software runtime, each time the software gets to a Stub call, the corresponding encrypted code portion is transferred to the secured computing device, where the decryption engine (that operates within the secured area of the computing device) decrypts the code and provides the required data to the software in order to continue running properly.
The system of the present invention for limiting the execution of a software program only to an authorized user, comprises: a) computer hardware suitable to operate analyzing software and alteration software; b) analyzing software suitable to analyze said software program and to select one or more code portions of said software program; c) alteration software suitable to replace each of said selected code portions with a corresponding calling code; d) encryption engine for encrypting said selected code portions; e) a first storage device for storing at least a portion of said software program, wherein said stored software program is the non-encrypted parts of said software program containing said calling code; 0 a second storage device, having a secured area, wherein said second storage device is capable of securely executing a code within said secured area; g) a decryption engine capable of operating within said secured area for decrypting said encrypted code portions whenever requested; and h) an executer engine capable of operating within said secured area for performing the following tasks: i) providing data related to said decrypted code whenever requested by said calling code; ii) submitting said decrypted code to execution within said secured area when requested; and iii) using said decryption engine if need to decrypt a called code.
According to an embodiment of the invention, the code selected by the analyzing software is selected from a group consisting essentially of: sequences of register-only instructions, basic blocks, or parts of them, and whole function or subroutine. Optionally, the code selected by the analyzing software may not be the same for all users.
According to an embodiment of the invention, the first storage device is a portable storage device capable of being used by a computing device, or a remote storage unit (e.g., a remote server). According to an embodiment of the invention, the first storage device can be located in at least one of a group of devices such as a disk on key, a PDA, a smart flash drive, a cellular device, a video game console, a GPS device, a removable storage card, secure digital cards, and any combination thereof.
According to an embodiment of the invention, the second storage device can be a stand alone device or coupled with a computing device. Alternatively, the second storage device can be part of at least one of a group consisting of: USB flash drives, PDAs, smart flash drives, cellular devices, Solid State Drives (SSD), video game consoles, GPS devices, removable storage cards, secure digital cards, NAND flash cards, such as xD memory cards (e.g., xD-picture card), CompactFlash drives, and any combination thereof. The second storage device can be located in at least one of a group consisting of: a disk on key, a PDA, a smart flash drive, a cellular device, a video game console, a GPS device, a removable storage card, secure digital cards, and any combination thereof.
According to an embodiment of the invention, the decryption key for the encrypted selected code portions is stored in the secured area of the second storage device.
According to an embodiment of the invention, the encryption of the selected code portions is unique for each second storage device (i.e., each decryption engine is provided with a unique private key, thus each provided second storage device is unique).
According to an embodiment of the invention, at least a portion of the encrypted code portions can be stored in the first storage device, in the second storage device, or any combination thereof.
According to an embodiment of the invention, the calling code includes calling routine or Remote Procedure Call (RPC) software, or any known JMP method.
The present invention further relates to a computer implementation method for protecting a software program so that it can be executed only by an authorized user, said method comprises: a) analyzing said software s program and selecting one or more code portions thereof to be protected; b) replacing each of said selected code portions with a corresponding calling code; c) storing at least a portion of the code obtained in b) in a first storage device; d) encrypting said selected code portion(s); e) storing at least a portion of said encrypted selected code portions on a second storage device; f) providing a decryption engine capable of operating within a secured area for decrypting said encrypted code portions; and g) providing an executer engine capable of operating within a secured area for providing data related to said decrypted code whenever requested by said calling code, and for submitting code to execution within a secure area when requested, wherein said executer engine is capable of using decryption engine if need to decrypt called code.
According to an embodiment of the invention, the executer engine is invoked with a part of at least one of a group consisting of: calling routine, or remote procedure call, or any of known JMP method.
According to an embodiment of the invention, the computer implementation method comprises the steps of: 1) executing the protected software program stored in the first storage device, that is the non-encrypted portion of the software program comprising a calling code; 2) decrypting, with a decrypting engine, a called portion of said encrypted selected code if requested; and 3) executing in a secured area of a second storage device said decrypted called portion with related data when requested.
According to an embodiment of the invention, the computer implementation method comprises the steps of: 1) decrypting, with a decrypting engine, a portion of said encrypted selected code; 2) executing the protected software program stored in the first storage device, that is the non-encrypted portion of the software program comprising a calling code; and 3) executing a requested decrypted called portion with related data in a secured area of a second storage device, by an executer engine.
The present invention also relates to a computer implementation method for protecting software program so that it can be executed only by an authorized user, said computer implemented method comprises: a) analyzing said software program and selecting one or more code portions of said software program to be protected; b) replacing each of said selected code portions with a corresponding calling code; c) storing at least a portion of said protected software program in a first storage device; and d) storing at least a portion of said selected code portions in a secured area of a second storage device. This method further comprises: a) Executing the protected software program, stored in the first storage device, comprising a calling code; and b) Executing the called code with related data, if requested, within a secured area of a second storage device when requested. Executing the called code is invoked by a method part of at least one of a group consisting of: calling routine, or remote procedure call, or any of known JMP method.
Some embodiments of the invention herein described are to be used only by way of example as a reference to the accompanying drawings. With respect to the detailed drawings, it must be stressed that the particulars shown are for explanatory and illustrative purposes in order to only discuss the exemplary embodiments of the present invention. They are designed to aid in providing what is believed to be the most useful and readily understood description of the principles and conceptual aspects of the invention. In this sense, no attempt is made to show the structural details of the invention in more detail than is necessary to obtain a fundamental understanding of the invention, with the descriptions provided alongside the drawings meant to demonstrate how different forms of the invention may be embodied in practice.
In the drawings:
a illustrates a secured system in accordance with an embodiment of the present invention;
b illustrates a secured system in accordance with another embodiment of the present invention;
The present invention describes systems and methods for protecting software so that it can only be executed by an authorized party. In this scheme, parts of the software are provided on non-protected media, and other parts are encrypted and at least partially reside on protected media that incorporates a protected computer processor. Examples of devices with such capabilities (i.e., protected media that incorporates a protected computer processor) include smart flash drives, mobile phone hardware, and software players. Each of these devices has a secured partition integrated into the hardware and is capable of executing code in a protected and timely manner.
a and 2b illustrate secured systems in accordance with some embodiments of the present invention. Within the sold software, provided on a type of memory 210, a CD in this example, segments of code 220 are encrypted and protected by a public key. Segments of code 220 are selected by any suitable partitioning method (e.g., by software based on profiling information) and are encrypted prior to software distribution. According to an embodiment of the present invention, upon software run time, parts of encrypted portions of code 220 are loaded on demand (when needed), decrypted, and executed on secured hardware (i.e., trusted zone). Thus, these portions of code are not accessible from non-protected areas and can only be instructed to execute when called at run time. In addition, the only permitted input and output (between the secured and non-secured areas) is passed through registers via a rigid interface. The selection process of code 220 is described and discussed later.
Of course, the encrypted portion of code 220 can be decrypted during different times and periods. For example, the encrypted portion of code 220 (or at least parts of the encrypted portions of code 220) can be decrypted prior to software run time in the trusted zone, thus the encrypted portions of code 220 are pre-loaded and decrypted in the trusted zone, and can be executed whenever required by the running software with minimal waiting time or delay.
In a first embodiment, encrypted segments of code 220 are stored in a protected part of a special disk on key 230a, which can execute code in a protected manner. Non-encrypted portions 240 of the distributed software are stored on non-protected storage 250a of the disk on key 230a.
In a second embodiment, encrypted segments of code 220 are stored in a protected part of cellular 230b, which can execute code in a protected manner. Non-encrypted portions 240 of the distributed software are stored in non-protected storage 250b of cellular 230b.
Optionally, non-protected code portions and encrypted codes are kept on other storage and computing devices such as PDAs, smart flash drives, video game consoles, GPS devices, and memory cards, such as, but not limited to, MMC/SDs, etc.
During execution of the software, the encrypted segments are called for execution by input data passed in the registers. Optionally, other means, such as secured memory, can be used to pass the input data to the protected portions.
Once an encrypted code is called, it is first decrypted and then executed in a protected area of device 230a or 230b for the first and second embodiments, respectively. When the execution of the encrypted segment is terminated, output data is passed to a non-protected area to continue execution of the software.
Preferably, the main goals of selecting specific portions of code to protect is to have representative portions of the code that must be executed in each run independent of the input data. However, the code must be selected so that the execution overhead introduced as a result of the need to decrypt those portions of code at run time (or prior to run time in several embodiments) and run them on a trusted entity is bounded as desired. Furthermore, in order to avoid bypass of the code selected for encryption, and to make it safe against changes by a third party, the selected code must be such a code, or located in such a place within the software, that it will be relatively difficult to create an alternative code for it, or for it to be bypassed (i.e., the code should be non-trivial and located in a non-trivial location). For example, in the case of software that represents a game, such as a sports game, and the sports game is provided with an “Intro” that runs at the beginning of the software run time (i.e., before the first level of the to game), the portion of code for encryption should not be selected from the
“Intro” location, as a third party may bypass the “Intro” and will still be able to play the sports game (without the “Intro”).
According to an embodiment of the invention, the encryption of the selected code portions is unique for each user. Each decryption engine (i.e., client) is provided with a unique decryption key (i.e., private key). As the decryption engine is kept in a secured area (i.e., trusted zone) the user has no access to the private key (i.e., like an airplane “black box”). Therefore, the encrypted code portion can be located anywhere; it can even be downloaded from a remote server (e.g., via an Internet connection). However, the decryption can only be executed in the trusted zone while using a unique decryption key which corresponds to a specific encryption.
An executer engine capable of operating within the trusted zone can be used for executing the selected secured code. At run time of the protected software, its goal is to ensure that the selected secured code that is called (needs to be executed) is actually executing. Thus, the executer engine is capable of using a decryption engine, if there is a need to decrypt a called code (i.e., if it is still encrypted), provides input data related to the called code, whenever requested by the calling code, and submits data to be executed by the computing entity within the trusted secured area when requested.
The executer engine code can be invoked by many known methods such as calling routine or Remote Procedure Call (RPC) software, or one of any known JMP method. The complexity and size of the executer engine can vary depending on the trusted device containing the secured area. It can be implemented with a simple table that stores the secured code (directly or with some pointing code such as an address, offset, pointer, etc.), or it can be more complex implemented with a small code (e.g., client code) that manges the execution. Other implementations for executing remote code are possible as well.
Reference is now made to
Based on profiling results that combine data from multiple characteristic runs, e.g., of a profiler (block 330), or by any other partitioning method known in the art, portions of the code, such as a set of Basic Blocks (BB) or parts of them, are selected to be secured on the protected hardware partition, e.g., by subroutine BB chooser (block 340). Optionally, the selected code portions can include only sequences of register-only instructions. Alternatively, the selected code portions can include a whole function or subroutine.
The selected parts may be presented, (block 350), in any way known in the art, such as, by the entry code addresses or with a list of instructions. In
The input binary code, together with pointers to the code selected for encryption, are transferred to an alteration software, such as an assembly transformer (block 360) to split the code, removing the selected code for encryption, and inserting calling codes (e.g., Stub calls) instead of the selected code portions that were removed. According to an embodiment of the invention, the calling code generated by the alteration software includes calling routine or Remote Procedure Call (RPC) software, or one of any known JMP method. For example, code for the Stubs are built and inserted by components such as Subroutine BB Stub Replacer (block 370) and Binary Updater (block 380).
According to an embodiment of the invention, the generated modified code with the Stubs (block 390) is the same for all prospective customers. Of course, in some cases, different or partially different BBs of the same software may be selected, thus the generated modified code with the Stubs will not be the same for all prospective customers.
The selected code portions for encryption can be provided in a database or a file indexed by key and data, where the key is the starting address of a code fragment, and the data is a sequence of machine instructions, or any other storage means and types known in the art. Optionally, for further security, different lists of selected code portions can be selected for each customer.
Upon customer request to use or buy a software, which may reside on a server at the producer, distributor, or another entity; or optionally, prior to initial distribution to a customer, the selected code portions in the database are encrypted with a public key, such as by a Database Key Constructor (block 362) and a Key encryptor (block 364). For example, the selected code portions in the database are encrypted with the public key of the customer's trusted device or with the public key of a secure dongle. The results of the encryption process (block 366) are passed to protected areas in the user protected device such as device 230a or 230b (
Reference is now made to
According to an embodiment of the invention, the decryption key for the encrypted selected code portions is stored in the secured area of the secured computing device. For example, the execution of the received packed data in the secured computing device (block 450) may execute as follows: At first, block 451, the data is unpacked (e.g., providing address and registers). In the next step, block 452, the provided unpacked address point on the location of the required code portion is stored in the encrypted database. In the next step, block 453, the required code portion is decrypted thereby providing the original non-encrypted code portion, e.g., BB-ArcProg (block 454). In the next step, block 455, the original code portion is executed with the registers (from the unpacked data) as input and output registers. In the next step, block 456, the output registers are packed. In the next step, block 457, the packed data is moved (outside of the secured computing device) to the running software (block 460).
It should be clear that the description of the embodiments and attached figures set forth in this specification serves only to provide a better understanding of the invention, without limiting its scope as covered by the following claims.
It should also be noted that a person skilled in the art, after reading the present specification can make adjustments or amendments to the attached figures and the above described embodiments that would still be covered by the following claims.
Filing Document | Filing Date | Country | Kind | 371c Date |
---|---|---|---|---|
PCT/IL10/00593 | 7/26/2010 | WO | 00 | 5/1/2013 |
Number | Date | Country | |
---|---|---|---|
61229720 | Jul 2009 | US |