Thanks to visit codestin.com
Credit goes to patents.google.com

CN107135077B - Software protection method and device - Google Patents

Software protection method and device Download PDF

Info

Publication number
CN107135077B
CN107135077B CN201710313959.4A CN201710313959A CN107135077B CN 107135077 B CN107135077 B CN 107135077B CN 201710313959 A CN201710313959 A CN 201710313959A CN 107135077 B CN107135077 B CN 107135077B
Authority
CN
China
Prior art keywords
software
node
developer
identity information
cryptographic hash
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710313959.4A
Other languages
Chinese (zh)
Other versions
CN107135077A (en
Inventor
田新雪
马书惠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China United Network Communications Group Co Ltd
Original Assignee
China United Network Communications Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China United Network Communications Group Co Ltd filed Critical China United Network Communications Group Co Ltd
Priority to CN201710313959.4A priority Critical patent/CN107135077B/en
Publication of CN107135077A publication Critical patent/CN107135077A/en
Application granted granted Critical
Publication of CN107135077B publication Critical patent/CN107135077B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

本发明实施例提供一种软件防护方法及装置。该方法包括:对等网络中的节点接收软件开发平台发送的签名信息;根据软件开发者的公钥对软件开发平台发送的签名信息进行验证;若节点根据软件开发者的公钥对软件开发平台发送的签名信息验证成功,则根据历史哈希值和随机数计算第二哈希值;若第二哈希值小于阈值,则节点将软件开发者的身份信息、待发布的软件的标识信息、第一哈希值、随机数和第二哈希值发送给对等网络中的其他节点。本发明实施例避免非法节点对软件进行修改,同时根据软件标识对应的哈希值可以方便确定,该软件是否被修改,提高了对软件的防护力度。

Embodiments of the present invention provide a software protection method and device. The method includes: the node in the peer-to-peer network receives the signature information sent by the software development platform; the signature information sent by the software development platform is verified according to the public key of the software developer; if the node verifies the signature information sent by the software development platform according to the public key of the software developer, If the sent signature information is successfully verified, the second hash value is calculated according to the historical hash value and the random number; if the second hash value is less than the threshold, the node sends the identity information of the software developer, the identification information of the software to be released, The first hash value, the random number and the second hash value are sent to other nodes in the peer-to-peer network. The embodiment of the present invention prevents illegal nodes from modifying the software, and at the same time can conveniently determine whether the software has been modified according to the hash value corresponding to the software identification, thereby improving the protection of the software.

Description

软件防护方法及装置Software protection method and device

技术领域technical field

本发明实施例涉及通信技术领域,尤其涉及一种软件防护方法及装置。The embodiments of the present invention relate to the field of communication technologies, and in particular, to a software protection method and device.

背景技术Background technique

Web广泛普及,人们使用着各种Web应用,这些Web应用服务给人们的工作和生活带来了巨大的便利,推动了社会的发展。然而,随着Web应用的高速发展,针对Web应用漏洞的攻击导致的信息泄漏和经济损失正在增加。软件被篡改已成为web系统所面临的最大的威胁。The Web is widely popularized, and people use various Web applications. These Web application services bring great convenience to people's work and life, and promote the development of society. However, with the rapid development of web applications, the information leakage and economic losses caused by attacks on web application vulnerabilities are increasing. Software tampering has become the biggest threat to web systems.

为了解决该问题,现有技术提出了一些技术方案,以防止软件被篡改,其中,一种方式是:将软件或信息产品的内容分为本地信息和网络信息分别存放在独立介质和网络中心上;合法的用户拥有一个唯一的标识信息;网络中心运行一个应用软件,能够通过用户传来的标识信息判断该用户是否合法,并向该合法用户传送所需的网络信息。使得软件的内容不易被非法复制,从而有效地制止盗版,甚至杜绝盗版,可用于面市的应用软件或信息产品。该发明主要是用户有合法的标识后,可以从网络下载该软件。另外,还有一种方式是:根据接收到的软件控制指令,生成相应的第一软件特征字符串;以第一软件特征字符串为解密密钥,对预存的加密图片文件进行解密,获取相应的解密图片文件;加载解密图片文件,并判断解密图片文件是否能够正常加载;若是,则软件识别为未被篡改;若否,则软件识别为被篡改。其将传统的采用验证字符串来识别软件是否被篡改替换为采用解密图片文件来进行识别,使得识别过程不再依赖于独立的验证字符串,并且识别过程更加直观,且不需要人工比对。In order to solve this problem, some technical solutions have been proposed in the prior art to prevent the software from being tampered with, one of which is: divide the content of software or information products into local information and network information and store them on independent media and network centers respectively A legal user has a unique identification information; the network center runs an application software, which can judge whether the user is legal through the identification information transmitted by the user, and transmit the required network information to the legal user. The content of the software is not easy to be illegally copied, thereby effectively preventing piracy, and even eliminating piracy, and can be used for application software or information products on the market. This invention is mainly that after the user has a legal identification, the software can be downloaded from the network. In addition, there is another way: according to the received software control command, generate the corresponding first software characteristic character string; use the first software characteristic character string as the decryption key to decrypt the pre-stored encrypted image file to obtain the corresponding Decrypt the image file; load the decrypted image file, and judge whether the decrypted image file can be loaded normally; if so, the software recognizes it as not tampered with; if not, the software recognizes it as tampered with. It replaces the traditional use of verification strings to identify whether software has been tampered with with decrypted image files for identification, making the identification process no longer dependent on independent verification strings, and the identification process is more intuitive and does not require manual comparison.

但是,上述技术方案存在一个问题是对软件的防护力度不够强。However, there is a problem in the above technical solution that the protection of software is not strong enough.

发明内容Contents of the invention

本发明实施例提供一种软件防护方法及装置,以提高对软件的防护力度。Embodiments of the present invention provide a software protection method and device, so as to improve the strength of software protection.

本发明实施例的一个方面是提供一种软件防护方法,包括:An aspect of the embodiments of the present invention is to provide a software protection method, including:

对等网络中的节点接收软件开发平台发送的签名信息,所述签名信息是所述软件开发平台采用其对应的私钥对软件开发者的身份信息、待发布的软件的标识信息、第一哈希值进行签名后得到的信息;The nodes in the peer-to-peer network receive the signature information sent by the software development platform. The signature information is the identity information of the software developer, the identification information of the software to be released, and the first hash information of the software development platform using its corresponding private key. The information obtained after the hash value is signed;

所述节点根据所述软件开发者的身份信息,查询历史记录获得所述软件开发者的公钥;The node obtains the public key of the software developer by querying historical records according to the identity information of the software developer;

所述节点根据所述软件开发者的公钥对所述软件开发平台发送的签名信息进行验证;The node verifies the signature information sent by the software development platform according to the public key of the software developer;

若所述节点根据所述软件开发者的公钥对所述软件开发平台发送的签名信息验证成功,则根据历史哈希值和随机数计算第二哈希值;If the node successfully verifies the signature information sent by the software development platform according to the public key of the software developer, then calculates the second hash value according to the historical hash value and the random number;

若所述第二哈希值小于阈值,则所述节点将所述软件开发者的身份信息、待发布的软件的标识信息、所述第一哈希值、所述随机数和所述第二哈希值发送给所述对等网络中的其他节点。If the second hash value is less than the threshold, the node will use the identity information of the software developer, the identification information of the software to be released, the first hash value, the random number, and the second The hash value is sent to other nodes in the peer-to-peer network.

本发明实施例的另一个方面是提供一种软件防护装置,包括:Another aspect of the embodiments of the present invention provides a software protection device, including:

接收模块,用于接收软件开发平台发送的签名信息,所述签名信息是所述软件开发平台采用其对应的私钥对软件开发者的身份信息、待发布的软件的标识信息、第一哈希值进行签名后得到的信息;The receiving module is used to receive the signature information sent by the software development platform, and the signature information is the identity information of the software developer, the identification information of the software to be released, and the first hash of the software development platform using its corresponding private key. The information obtained after the value is signed;

查询模块,用于根据所述软件开发者的身份信息,查询历史记录获得所述软件开发者的公钥;A query module, configured to query historical records to obtain the public key of the software developer according to the identity information of the software developer;

验证模块,用于根据所述软件开发者的公钥对所述软件开发平台发送的签名信息进行验证;A verification module, configured to verify the signature information sent by the software development platform according to the public key of the software developer;

计算模块,用于根据所述软件开发者的公钥对所述软件开发平台发送的签名信息验证成功时,根据历史哈希值和随机数计算第二哈希值;A calculation module, configured to calculate a second hash value according to historical hash values and random numbers when the signature information sent by the software development platform is successfully verified according to the public key of the software developer;

发送模块,用于当所述第二哈希值小于阈值时,将所述软件开发者的身份信息、待发布的软件的标识信息、所述第一哈希值、所述随机数和所述第二哈希值发送给所述对等网络中的其他节点。A sending module, configured to send the identity information of the software developer, the identification information of the software to be released, the first hash value, the random number, and the The second hash value is sent to other nodes in the peer-to-peer network.

本发明实施例提供的软件防护方法及装置,通过对等网络中的节点接收软件开发平台发送的签名信息,并根据软件开发者的公钥对该签名信息进行验证;如果验证成,则该节点根据历史哈希值和随机数计算新的哈希值,如果新的哈希值小于阈值,则该节点将软件开发者的身份信息、待发布的软件的标识信息、随机数和新的哈希值发送给对等网络中的其他节点,避免非法节点对软件进行修改,同时根据软件标识对应的哈希值可以方便确定,该软件是否被修改,提高了对软件的防护力度。The software protection method and device provided by the embodiments of the present invention receive the signature information sent by the software development platform through the nodes in the peer-to-peer network, and verify the signature information according to the public key of the software developer; if the verification is successful, the node Calculate a new hash value based on the historical hash value and random number. If the new hash value is less than the threshold, the node will share the identity information of the software developer, the identification information of the software to be released, the random number and the new hash value. The value is sent to other nodes in the peer-to-peer network to prevent illegal nodes from modifying the software. At the same time, according to the hash value corresponding to the software identification, it can be conveniently determined whether the software has been modified, which improves the protection of the software.

附图说明Description of drawings

图1为本发明实施例提供的软件防护方法流程图;FIG. 1 is a flowchart of a software protection method provided by an embodiment of the present invention;

图2为本发明实施例提供的软件防护方法适用的网络架构图;FIG. 2 is a network architecture diagram applicable to the software protection method provided by the embodiment of the present invention;

图3为本发明实施例提供的软件防护装置的结构图;FIG. 3 is a structural diagram of a software protection device provided by an embodiment of the present invention;

图4为本发明另一实施例提供的软件防护装置的结构图。FIG. 4 is a structural diagram of a software protection device provided by another embodiment of the present invention.

具体实施方式Detailed ways

图1为本发明实施例提供的软件防护方法流程图;图2为本发明实施例提供的软件防护方法适用的网络架构图。具体的软件防护方法步骤如下:FIG. 1 is a flowchart of a software protection method provided by an embodiment of the present invention; FIG. 2 is a network architecture diagram applicable to the software protection method provided by an embodiment of the present invention. The specific software protection method steps are as follows:

步骤S101、对等网络中的节点接收软件开发平台发送的签名信息,所述签名信息是所述软件开发平台采用其对应的私钥对软件开发者的身份信息、待发布的软件的标识信息、第一哈希值进行签名后得到的信息。Step S101, the nodes in the peer-to-peer network receive the signature information sent by the software development platform, the signature information is the identity information of the software developer, the identification information of the software to be released, The information obtained after the first hash value is signed.

如图2所示,软件开发平台在发布一款软件时,同时发布软件开发者的身份信息、待发布的软件的标识信息、待发布的软件和第一哈希值,该第一哈希值是软件开发平台对软件开发者的身份信息、待发布的软件的标识信息、待发布的软件进行哈希运算得到的哈希值。例如软件开发平台将软件开发者的身份信息、待发布的软件的标识信息、待发布的软件和第一哈希值发送到应用服务器。其中,软件开发者的身份信息具体可以是软件开发者名称,待发布的软件的标识信息具体可以是待发布的软件的名称,待发布的软件具体可以是软件开发者经过开发后待发布的软件本身。为了防止恶意修改者修改软件的同时计算新的HASH值使得验证者无法察觉,在发布软件的同时,软件开发平台还需要将软件开发者的身份信息、待发布的软件的标识信息和第一哈希值发布到公共账本,该公共账本由对等网络中的各个节点维护,并保证该公共账本不被篡改,另外,软件开发平台也可以是对等网络中的节点。As shown in Figure 2, when the software development platform releases a piece of software, it simultaneously releases the identity information of the software developer, the identification information of the software to be released, the software to be released, and the first hash value, the first hash value It is the hash value obtained by the software development platform performing hash operations on the identity information of the software developer, the identification information of the software to be released, and the software to be released. For example, the software development platform sends the identity information of the software developer, the identification information of the software to be released, the software to be released, and the first hash value to the application server. Wherein, the identity information of the software developer may specifically be the name of the software developer, the identification information of the software to be released may specifically be the name of the software to be released, and the software to be released may specifically be the software to be released after being developed by the software developer. itself. In order to prevent malicious modifiers from modifying the software while calculating a new HASH value so that the verifier cannot detect it, while releasing the software, the software development platform also needs to share the identity information of the software developer, the identification information of the software to be released, and the first hash value. The hash value is published to the public ledger, which is maintained by each node in the peer-to-peer network, and the public ledger is guaranteed not to be tampered with. In addition, the software development platform can also be a node in the peer-to-peer network.

当用户终端从应用服务器查询到其需要的软件本身后获得该软件本身对应的软件开发者的身份信息、待发布的软件的标识信息和第一哈希值;同时,用户终端还从对等网络中的公共账本中获取该软件本身对应的第一哈希值。用户终端比较从应用服务器获得的该软件本身对应的第一哈希值和从公共账本中获取的该软件本身对应的第一哈希值是否一致,如果不一致,则该用户终端不下载该软件本身;如果一致,该用户终端下载该软件本身,当用户终端下载完该软件本身后,对软件开发者的身份信息、待发布的软件的标识信息、待发布的软件进行哈希运算得到一个哈希值,并比较计算出的哈希值和应用服务器、公共账本中记录的该软件本身对应的第一哈希值是否一致,如果不一致,则该用户终端不安装或使用该软件本身,如果一致,则该用户终端安装或使用该软件本身。When the user terminal queries the software itself from the application server, it obtains the identity information of the software developer corresponding to the software itself, the identification information of the software to be released, and the first hash value; Obtain the first hash value corresponding to the software itself from the public ledger in . The user terminal compares whether the first hash value corresponding to the software itself obtained from the application server is consistent with the first hash value corresponding to the software itself obtained from the public ledger. If not, the user terminal does not download the software itself ; If consistent, the user terminal downloads the software itself. After the user terminal downloads the software itself, the identity information of the software developer, the identification information of the software to be released, and the software to be released are hashed to obtain a hash value, and compare whether the calculated hash value is consistent with the first hash value corresponding to the software itself recorded in the application server and the public ledger. If they are not consistent, the user terminal will not install or use the software itself. If they are consistent, Then the user terminal installs or uses the software itself.

软件开发平台具体可以采用其对应的私钥对该软件开发者的身份信息、待发布的软件的标识信息、第一哈希值进行签名后得到签名信息,并将签名信息发送给对等网络中的节点。Specifically, the software development platform can use its corresponding private key to sign the identity information of the software developer, the identification information of the software to be released, and the first hash value to obtain the signature information, and send the signature information to the peer-to-peer network. of nodes.

步骤S102、所述节点根据所述软件开发者的身份信息,查询历史记录获得所述软件开发者的公钥。Step S102, the node searches history records according to the identity information of the software developer to obtain the public key of the software developer.

在本实施例中,公共账本还可以记录每个节点的身份信息和每个节点的公钥的对应关系,例如可以记录软件开发者的身份信息和该软件开发者的公钥。In this embodiment, the public ledger can also record the correspondence between the identity information of each node and the public key of each node, for example, it can record the identity information of the software developer and the public key of the software developer.

对等网络中的节点接收到软件开发平台发送的签名信息后,查询公共账本中该软件开发者的身份信息对应的该软件开发者的公钥。After receiving the signature information sent by the software development platform, the nodes in the peer-to-peer network query the public key of the software developer corresponding to the identity information of the software developer in the public ledger.

步骤S103、所述节点根据所述软件开发者的公钥对所述软件开发平台发送的签名信息进行验证。Step S103, the node verifies the signature information sent by the software development platform according to the public key of the software developer.

对等网络中的节点根据该软件开发者的公钥对该软件开发平台发送的签名信息进行验证。The nodes in the peer-to-peer network verify the signature information sent by the software development platform according to the software developer's public key.

步骤S104、若所述节点根据所述软件开发者的公钥对所述软件开发平台发送的签名信息验证成功,则根据历史哈希值和随机数计算第二哈希值。Step S104, if the node successfully verifies the signature information sent by the software development platform according to the public key of the software developer, calculate a second hash value according to the historical hash value and the random number.

如果对等网络中的节点根据该软件开发者的公钥对该软件开发平台发送的签名信息验证成功,说明该软件开发者的身份是真实合法的,则该节点根据历史哈希值和随机数计算第二哈希值,该节点计算第二哈希值的同时,对等网络中的其他节点也在计算第二哈希值,对等网络中的各个节点计算第二哈希值的目的是:各个节点根据计算出的第二哈希值获得记录该软件开发者的身份信息、待发布的软件的标识信息、第一哈希值的权利,具体的,若各个节点中的某一个节点计算出的第二哈希值小于阈值,则该节点即可获取到记录该软件开发者的身份信息、待发布的软件的标识信息、第一哈希值的权利。If the node in the peer-to-peer network successfully verifies the signature information sent by the software development platform according to the public key of the software developer, it means that the identity of the software developer is true and legal, then the node will use the historical hash value and random number Calculate the second hash value. When the node calculates the second hash value, other nodes in the peer-to-peer network are also calculating the second hash value. The purpose of each node in the peer-to-peer network to calculate the second hash value is : Each node obtains the right to record the identity information of the software developer, the identification information of the software to be released, and the first hash value according to the calculated second hash value. Specifically, if one of the nodes calculates If the second hash value obtained is less than the threshold, the node can obtain the right to record the identity information of the software developer, the identification information of the software to be released, and the first hash value.

步骤S105、若所述第二哈希值小于阈值,则所述节点将所述软件开发者的身份信息、待发布的软件的标识信息、所述第一哈希值、所述随机数和所述第二哈希值发送给所述对等网络中的其他节点。Step S105, if the second hash value is less than the threshold, the node sends the identity information of the software developer, the identification information of the software to be released, the first hash value, the random number and the The second hash value is sent to other nodes in the peer-to-peer network.

如果该第二哈希值小于阈值,则该节点将该软件开发者的身份信息、待发布的软件的标识信息、第一哈希值、所述随机数和所述第二哈希值发送给所述对等网络中的其他节点。If the second hash value is less than the threshold, the node sends the identity information of the software developer, the identification information of the software to be released, the first hash value, the random number and the second hash value to other nodes in the peer-to-peer network.

本发明实施例通过对等网络中的节点接收软件开发平台发送的签名信息,并根据软件开发者的公钥对该签名信息进行验证;如果验证成,则该节点根据历史哈希值和随机数计算新的哈希值,如果新的哈希值小于阈值,则该节点将软件开发者的身份信息、待发布的软件的标识信息、随机数和新的哈希值发送给对等网络中的其他节点,避免非法节点对软件进行修改,同时根据软件标识对应的哈希值可以方便确定,该软件是否被修改,提高了对软件的防护力度。In the embodiment of the present invention, the node in the peer-to-peer network receives the signature information sent by the software development platform, and verifies the signature information according to the public key of the software developer; Calculate a new hash value, if the new hash value is less than the threshold, the node will send the identity information of the software developer, the identification information of the software to be released, the random number and the new hash value to the peer-to-peer network Other nodes prevent illegal nodes from modifying the software, and at the same time, it can be conveniently determined whether the software has been modified according to the hash value corresponding to the software identification, which improves the protection of the software.

在上述实施例的基础上,对等网络中的节点还可以将自己的身份信息和该节点的公钥发送给对等网络中的其他节点,以便其他节点将该节点的身份信息和该节点的公钥存储到公共账本中。此外,节点接收软件开发平台发送的签名信息之前,该节点还可以接收该软件开发平台发送的所述软件开发者的身份信息和所述软件开发者的公钥的对应关系;并将所述软件开发者的身份信息和所述软件开发者的公钥的对应关系存储在所述历史记录中。On the basis of the above-mentioned embodiments, a node in the peer-to-peer network can also send its own identity information and the node's public key to other nodes in the peer-to-peer network, so that other nodes can combine the node's identity information and the node's public key The public key is stored in the public ledger. In addition, before the node receives the signature information sent by the software development platform, the node can also receive the corresponding relationship between the software developer's identity information and the software developer's public key sent by the software development platform; The corresponding relationship between the developer's identity information and the software developer's public key is stored in the history record.

图3为本发明实施例提供的软件防护装置的结构图。本发明实施例提供的软件防护装置可以执行软件防护方法实施例提供的处理流程,如图3所示,软件防护装置30包括接收模块31、查询模块32、验证模块33、计算模块34、发送模块35,其中,接收模块31用于接收软件开发平台发送的签名信息,所述签名信息是所述软件开发平台采用其对应的私钥对软件开发者的身份信息、待发布的软件的标识信息、第一哈希值进行签名后得到的信息;查询模块32用于根据所述软件开发者的身份信息,查询历史记录获得所述软件开发者的公钥;验证模块33用于根据所述软件开发者的公钥对所述软件开发平台发送的签名信息进行验证;计算模块34用于根据所述软件开发者的公钥对所述软件开发平台发送的签名信息验证成功时,根据历史哈希值和随机数计算第二哈希值;发送模块35用于当所述第二哈希值小于阈值时,将所述软件开发者的身份信息、待发布的软件的标识信息、所述第一哈希值、所述随机数和所述第二哈希值发送给所述对等网络中的其他节点。FIG. 3 is a structural diagram of a software protection device provided by an embodiment of the present invention. The software protection device provided by the embodiment of the present invention can execute the processing flow provided by the embodiment of the software protection method. As shown in FIG. 35, wherein the receiving module 31 is configured to receive the signature information sent by the software development platform, the signature information is the identity information of the software developer, the identification information of the software to be released, The information obtained after the first hash value is signed; the query module 32 is used to query the historical records to obtain the public key of the software developer according to the identity information of the software developer; the verification module 33 is used to develop the software according to the software developer. The public key of the software developer verifies the signature information sent by the software development platform; when the calculation module 34 is used to verify the signature information sent by the software development platform according to the public key of the software developer successfully, according to the historical hash value and the random number to calculate the second hash value; the sending module 35 is used to send the identity information of the software developer, the identification information of the software to be released, the first hash value when the second hash value is less than the threshold Send the hash value, the random number and the second hash value to other nodes in the peer-to-peer network.

本发明实施例通过对等网络中的节点接收软件开发平台发送的签名信息,并根据软件开发者的公钥对该签名信息进行验证;如果验证成,则该节点根据历史哈希值和随机数计算新的哈希值,如果新的哈希值小于阈值,则该节点将软件开发者的身份信息、待发布的软件的标识信息、随机数和新的哈希值发送给对等网络中的其他节点,避免非法节点对软件进行修改,同时根据软件标识对应的哈希值可以方便确定,该软件是否被修改,提高了对软件的防护力度。In the embodiment of the present invention, the node in the peer-to-peer network receives the signature information sent by the software development platform, and verifies the signature information according to the public key of the software developer; Calculate a new hash value, if the new hash value is less than the threshold, the node will send the identity information of the software developer, the identification information of the software to be released, the random number and the new hash value to the peer-to-peer network Other nodes prevent illegal nodes from modifying the software, and at the same time, it can be conveniently determined whether the software has been modified according to the hash value corresponding to the software identification, which improves the protection of the software.

图4为本发明另一实施例提供的软件防护装置的结构图。在上述实施例的基础上,所述第一哈希值是所述软件开发平台对所述软件开发者的身份信息、待发布的软件的标识信息、待发布的软件进行哈希运算得到的哈希值。FIG. 4 is a structural diagram of a software protection device provided by another embodiment of the present invention. On the basis of the above embodiments, the first hash value is the hash value obtained by the software development platform performing hash operations on the identity information of the software developer, the identification information of the software to be released, and the software to be released. Greek value.

所述第一哈希值是所述软件开发平台对所述软件开发者的身份信息、待发布的软件的标识信息、待发布的软件进行哈希运算得到的哈希值。The first hash value is a hash value obtained by the software development platform performing a hash operation on the identity information of the software developer, the identification information of the software to be released, and the software to be released.

发送模块35还用于将所述节点的身份信息和所述节点的公钥发送给所述对等网络中的其他节点。接收模块31还有用于接收所述软件开发平台发送的所述软件开发者的身份信息和所述软件开发者的公钥的对应关系;另外,软件防护装置30还包括存储模块36,存储模块36用于将所述软件开发者的身份信息和所述软件开发者的公钥的对应关系存储在所述历史记录中。The sending module 35 is also configured to send the node's identity information and the node's public key to other nodes in the peer-to-peer network. The receiving module 31 is also used to receive the corresponding relationship between the identity information of the software developer sent by the software development platform and the public key of the software developer; in addition, the software protection device 30 also includes a storage module 36, the storage module 36 and storing the corresponding relationship between the software developer's identity information and the software developer's public key in the history record.

本发明实施例提供的软件防护装置可以具体用于执行上述图1所提供的方法实施例,具体功能此处不再赘述。The software protection device provided by the embodiment of the present invention can be specifically used to execute the method embodiment provided in FIG. 1 above, and the specific functions will not be repeated here.

本发明实施例通过对等网络中的节点接收软件开发平台发送的签名信息,并根据软件开发者的公钥对该签名信息进行验证;如果验证成,则该节点根据历史哈希值和随机数计算新的哈希值,如果新的哈希值小于阈值,则该节点将软件开发者的身份信息、待发布的软件的标识信息、随机数和新的哈希值发送给对等网络中的其他节点,避免非法节点对软件进行修改,同时根据软件标识对应的哈希值可以方便确定,该软件是否被修改,提高了对软件的防护力度。In the embodiment of the present invention, the node in the peer-to-peer network receives the signature information sent by the software development platform, and verifies the signature information according to the public key of the software developer; Calculate a new hash value, if the new hash value is less than the threshold, the node will send the identity information of the software developer, the identification information of the software to be released, the random number and the new hash value to the peer-to-peer network Other nodes prevent illegal nodes from modifying the software, and at the same time, it can be conveniently determined whether the software has been modified according to the hash value corresponding to the software identification, which improves the protection of the software.

综上所述,本发明实施例通过对等网络中的节点接收软件开发平台发送的签名信息,并根据软件开发者的公钥对该签名信息进行验证;如果验证成,则该节点根据历史哈希值和随机数计算新的哈希值,如果新的哈希值小于阈值,则该节点将软件开发者的身份信息、待发布的软件的标识信息、随机数和新的哈希值发送给对等网络中的其他节点,避免非法节点对软件进行修改,同时根据软件标识对应的哈希值可以方便确定,该软件是否被修改,提高了对软件的防护力度。To sum up, the embodiment of the present invention receives the signature information sent by the software development platform through the nodes in the peer-to-peer network, and verifies the signature information according to the public key of the software developer; Hash value and random number to calculate a new hash value, if the new hash value is less than the threshold, the node will send the identity information of the software developer, the identification information of the software to be released, the random number and the new hash value to Other nodes in the peer-to-peer network prevent illegal nodes from modifying the software, and at the same time, it is convenient to determine whether the software has been modified according to the hash value corresponding to the software identification, which improves the protection of the software.

在本发明所提供的几个实施例中,应该理解到,所揭露的装置和方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided by the present invention, it should be understood that the disclosed devices and methods can be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or May be integrated into another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用硬件加软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit. The above-mentioned integrated units can be implemented in the form of hardware, or in the form of hardware plus software functional units.

上述以软件功能单元的形式实现的集成的单元,可以存储在一个计算机可读取存储介质中。上述软件功能单元存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)或处理器(processor)执行本发明各个实施例所述方法的部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(Read-Only Memory,ROM)、随机存取存储器(Random Access Memory,RAM)、磁碟或者光盘等各种可以存储程序代码的介质。The above-mentioned integrated units implemented in the form of software functional units may be stored in a computer-readable storage medium. The above-mentioned software functional units are stored in a storage medium, and include several instructions to make a computer device (which may be a personal computer, server, or network device, etc.) or a processor (processor) execute the methods described in various embodiments of the present invention. partial steps. The aforementioned storage medium includes: U disk, mobile hard disk, read-only memory (Read-Only Memory, ROM), random access memory (Random Access Memory, RAM), magnetic disk or optical disk and other various media that can store program codes. .

本领域技术人员可以清楚地了解到,为描述的方便和简洁,仅以上述各功能模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能模块完成,即将装置的内部结构划分成不同的功能模块,以完成以上描述的全部或者部分功能。上述描述的装置的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。Those skilled in the art can clearly understand that for the convenience and brevity of description, only the division of the above-mentioned functional modules is used as an example for illustration. The internal structure of the system is divided into different functional modules to complete all or part of the functions described above. For the specific working process of the device described above, reference may be made to the corresponding process in the foregoing method embodiments, and details are not repeated here.

最后应说明的是:以上各实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述各实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分或者全部技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。Finally, it should be noted that: the above embodiments are only used to illustrate the technical solutions of the present invention, rather than limiting them; although the present invention has been described in detail with reference to the foregoing embodiments, those of ordinary skill in the art should understand that: It is still possible to modify the technical solutions described in the foregoing embodiments, or perform equivalent replacements for some or all of the technical features; and these modifications or replacements do not make the essence of the corresponding technical solutions deviate from the technical solutions of the various embodiments of the present invention. scope.

Claims (10)

1. a kind of software protecting method characterized by comprising
Node in peer-to-peer network receives the signing messages that Software Development Platform is sent, and the signing messages is the software development Platform is using its corresponding private key to the identity information of software developer, the identification information of software to be released, the first cryptographic Hash The information obtained after being signed;
Identity information of the node according to the software developer, the public affairs of the query history record acquisition software developer Key;
The node is verified according to the signing messages that the public key of the software developer sends the Software Development Platform;
If the signing messages verifying that the node sends the Software Development Platform according to the public key of the software developer at Function then calculates the second cryptographic Hash according to history cryptographic Hash and random number;
If second cryptographic Hash is less than threshold value, the node is by the identity information of the software developer, to be released soft The identification information of part, first cryptographic Hash, the random number and second cryptographic Hash are sent in the peer-to-peer network Other nodes.
2. the method according to claim 1, wherein first cryptographic Hash is the Software Development Platform to institute It states the identity information of software developer, the identification information of software to be released, software to be released and carries out what Hash operation obtained Cryptographic Hash.
3. according to the method described in claim 2, it is characterized in that, the identity information of the software developer, to be released soft The identification information of part, software to be released and first cryptographic Hash storage are on the application server.
4. according to the method described in claim 3, it is characterized by further comprising:
The public key of the identity information of the node and the node is sent to other sections in the peer-to-peer network by the node Point.
5. the method according to claim 1, wherein the node receives the A.L.S. that Software Development Platform is sent Before breath, further includes:
The node receive the software developer that the Software Development Platform is sent identity information and the software development The corresponding relationship of the public key of person;
The corresponding relationship of the identity information of the software developer and the public key of the software developer is stored in by the node In the historical record.
6. a kind of software safeguards, which is characterized in that applied to the node in peer-to-peer network, comprising:
Receiving module, for receiving the signing messages of Software Development Platform transmission, the signing messages is that the software development is flat Platform using its corresponding private key to the identity information of software developer, the identification information of software to be released, the first cryptographic Hash into The information obtained after row signature;
Enquiry module, for the identity information according to the software developer, query history record obtains the software developer Public key;
Authentication module, for being carried out according to the public key of the software developer to the signing messages that the Software Development Platform is sent Verifying;
Computing module, for being verified according to the public key of the software developer to the signing messages that the Software Development Platform is sent When success, the second cryptographic Hash is calculated according to history cryptographic Hash and random number;
Sending module, for when second cryptographic Hash is less than threshold value, by the identity information of the software developer, to be released Identification information, first cryptographic Hash, the random number and second cryptographic Hash of software be sent to the peer-to-peer network In other nodes.
7. software safeguards according to claim 6, which is characterized in that first cryptographic Hash is the software development Platform carries out Hash fortune to the identity information of the software developer, the identification information of software to be released, software to be released Obtained cryptographic Hash.
8. software safeguards according to claim 7, which is characterized in that the identity information of the software developer, to The identification information of the software of publication, software to be released and first cryptographic Hash storage are on the application server.
9. software safeguards according to claim 8, which is characterized in that the sending module is also used to the node Identity information and the public key of the node be sent to other nodes in the peer-to-peer network.
10. software safeguards according to claim 6, which is characterized in that the receiving module is also used to receive institute State the corresponding relationship of the identity information of the software developer of Software Development Platform transmission and the public key of the software developer;
The software safeguards further include memory module, and the memory module is used for the identity information of the software developer It is stored in the historical record with the corresponding relationship of the public key of the software developer.
CN201710313959.4A 2017-05-05 2017-05-05 Software protection method and device Active CN107135077B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710313959.4A CN107135077B (en) 2017-05-05 2017-05-05 Software protection method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710313959.4A CN107135077B (en) 2017-05-05 2017-05-05 Software protection method and device

Publications (2)

Publication Number Publication Date
CN107135077A CN107135077A (en) 2017-09-05
CN107135077B true CN107135077B (en) 2019-08-06

Family

ID=59732423

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710313959.4A Active CN107135077B (en) 2017-05-05 2017-05-05 Software protection method and device

Country Status (1)

Country Link
CN (1) CN107135077B (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI662428B (en) * 2018-03-16 2019-06-11 艾維克科技股份有限公司 Decentralized information system and method for product evaluation
CN110287087B (en) * 2018-03-19 2023-06-13 百度在线网络技术(北京)有限公司 Method and device for detecting application
TWI685767B (en) * 2018-06-07 2020-02-21 艾維克科技股份有限公司 Decentralized software information creation system and method
CN110941818A (en) * 2018-09-21 2020-03-31 武汉安天信息技术有限责任公司 Reputation obtaining method and device for mobile application program developer
CN110362967A (en) * 2019-07-15 2019-10-22 北京奇艺世纪科技有限公司 The anti-tamper detection method of application program, device, terminal device and storage medium
CN112187880B (en) * 2020-09-10 2022-03-18 中国联合网络通信集团有限公司 Network content management method and device
CN114428952B (en) * 2022-04-07 2022-07-19 北京亿赛通科技发展有限责任公司 Method, system and server for verifying characteristic value of public network electronic file

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105204914A (en) * 2015-10-23 2015-12-30 中国联合网络通信集团有限公司 Downloading method and device of application software
CN106530088A (en) * 2016-12-19 2017-03-22 杜伯仁 Method for trading stock product based on block chain security nodes
CN106549995A (en) * 2015-09-21 2017-03-29 北京广密华安科技有限公司 Information cache and the method, apparatus and system for pushing in peer-to-peer network

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8050410B2 (en) * 2006-12-08 2011-11-01 Uti Limited Partnership Distributed encryption methods and systems

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106549995A (en) * 2015-09-21 2017-03-29 北京广密华安科技有限公司 Information cache and the method, apparatus and system for pushing in peer-to-peer network
CN105204914A (en) * 2015-10-23 2015-12-30 中国联合网络通信集团有限公司 Downloading method and device of application software
CN106530088A (en) * 2016-12-19 2017-03-22 杜伯仁 Method for trading stock product based on block chain security nodes

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Android应用软件防护技术研究与实践;文学路;《中国优秀硕士学位论文全文数据库(电子期刊)·信息科技辑》;20170305;全文
关于区块链原理及应用的综述;姚忠将;《科研信息化技术与应用》;20170415;全文

Also Published As

Publication number Publication date
CN107135077A (en) 2017-09-05

Similar Documents

Publication Publication Date Title
JP7372434B2 (en) Script-based blockchain interaction
CN107135077B (en) Software protection method and device
US10474823B2 (en) Controlled secure code authentication
KR102493744B1 (en) Security Verification Method Based on Biometric Characteristics, Client Terminal, and Server
TWI667586B (en) System and method for verifying changes to uefi authenticated variables
US10482255B2 (en) Controlled secure code authentication
CN107257336A (en) A kind of user authen method and system
TW201918049A (en) Trusted remote attestation method, device and system capable of ensuring information security without causing an influence on the operation of the server terminal during the policy deployment process
CN112989426B (en) Authorization authentication method and device, and resource access token acquisition method
CN107491519B (en) Query method and device for blockchain ledger
WO2018112482A1 (en) Method and system for distributing attestation key and certificate in trusted computing
CN110210863A (en) Block chain method for secure transactions, device, electronic equipment and storage medium
CN114372245A (en) Blockchain-based IoT terminal authentication method, system, equipment and medium
US8667278B2 (en) Information processing apparatus and data transmission method of information processing apparatus
CN108256355A (en) The method and device of BIOS integralities is verified when refreshing BIOS outside a kind of band
CN101789939A (en) Effective realization method for credible OpenSSH
AU2021252200B2 (en) Key attribute verification
CN111723347B (en) Identity authentication method, identity authentication device, electronic equipment and storage medium
CN114650175B (en) A verification method and device
CN116599650B (en) Ciphertext deduplication method, ciphertext deduplication device, ciphertext deduplication equipment and storage medium
TW201917621A (en) Detection method and system for preventing password file leakage building an index database to store the correct account/password pairing code

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant