Search

EP-4517572-B1 - SOFTWARE FILE, AND SOFTWARE RUNNING METHOD AND RELATED APPARATUS THEREFOR

EP4517572B1EP 4517572 B1EP4517572 B1EP 4517572B1EP-4517572-B1

Inventors

  • JIANG, XIN
  • YING, ZHIWEI

Dates

Publication Date
20260513
Application Date
20230830

Claims (10)

  1. A software running method, adapted to an operating system, wherein software comprises a software file, the software file comprises: an encryption container disk image file (1), encrypted by a first encryption key (3) and comprising an encryption container disk image (11) packaged with working software (12); a bootstrap program (2), used to instruct a security processor to obtain a first decryption key corresponding to the first encryption key (3), so that an encryption container decrypts the encryption container disk image file (1) according to the first decryption key to obtain the encryption container disk image (11) and the working software (12) to be stored into an encryption memory of the encryption container, wherein the encryption container is a container corresponding to the encryption container disk image (11), wherein the encryption container disk image (11) further comprises a local authorization file corresponding to the working software (12), the method further comprises the operating system: obtaining a booting request to boot the working software (12) of the software file; booting the bootstrap program (2) of the software file according to the booting request and allocating an encryption memory for an encryption container corresponding to the software file; wherein the method comprises instructing the security processor through the bootstrap program (2) to obtain the first decryption key of the encryption container disk image file (1) of the software file and sending the first decryption key to the encryption container, so that the encryption container decrypts the encryption container disk image file (1) to obtain the encryption container disk image (11) and the working software (12) to be stored into the encryption memory, wherein the software method comprises the encryption container booting the working software (12) when the encryption container determines that the local authorization file in the encryption container disk image (11) is legal, wherein the local authorization file is legal when the local authorization file is within a validity period, and/or is within a trial period.
  2. The software running method according to claim 1, characterized in that : the software running method further comprises: instructing the encryption container, when the encryption container determines that the local authorization file of the working software (12) is illegal, to obtain an authorization reply from a software server corresponding to the working software (12), so as to boot the working software (12) when the encryption container obtains an authorization legal reply.
  3. The software running method according to claim 2, characterized in that : the software running method further comprises: instructing the encryption container, when the encryption container determines that the local authorization file of the working software (12) is illegal, to obtain an authorization reply from a software server corresponding to the working software (12), so as to exit abnormally when the encryption container obtains an authorization illegal reply.
  4. The software running method according to claim 2 or 3, characterized in that : the instructing the encryption container to obtain an authorization reply from a software server corresponding to the working software (12) comprises: instructing the encryption container to obtain software authorization feature information of the working software (12) and a software authorization code obtained according to the software authorization feature information; and instructing the encryption container to send the software authorization feature information and the software authorization code to the software server of the working software (12) to obtain the authorization reply.
  5. The software running method according to any one of claims 1-4, characterized in that : the software running method further comprises: booting the working software (12) in a trial state when the encryption container is instructed to be connected to a software server of the working software (12) and the encryption container is not capable of being connected to the software server.
  6. The software running method according to any one of claims 1-5, characterized in that : the software file further comprises a key ciphertext (5) obtained by encrypting the first encryption key (3) with a second encryption key (4), the instructing the security processor through the bootstrap program (2) to obtain the first decryption key of the encryption container disk image file (1) of the software file and sending the first decryption key to the encryption container, so that the encryption container decrypts the encryption container disk image file (1), further comprises: instructing the security processor through the bootstrap program (2) to obtain a second decryption key for the key ciphertext (5), decrypting the key ciphertext (5) to obtain the first encryption key (3) wherein the second decryption key corresponds to the second encryption key (4).
  7. The software running method according to claim 6, characterized in that : the second encryption key (4) comprises a second public key, and the second decryption key comprises a second private key, the instructing the security processor through the bootstrap program (2) to obtain the first decryption key of the encryption container disk image file (1) of the software file and sending the first decryption key to the encryption container, so that the encryption container decrypts the encryption container disk image file (1), further comprises: instructing the security processor through the bootstrap program (2) to obtain the second private key, decrypting the key ciphertext (5) to obtain the first encryption key (3) and the first decryption key corresponding to the first encryption key (3).
  8. A software running apparatus, including an operating system and a software file, the software file comprises: an encryption container disk image file (1), encrypted by a first encryption key (3) and comprising an encryption container disk image (11) packaged with working software (12); a bootstrap program (2), used to instruct a security processor to obtain a first decryption key corresponding to the first encryption key (3), so that an encryption container decrypts the encryption container disk image file (1) according to the first decryption key to obtain the encryption container disk image (11) and the working software (12) to be stored into an encryption memory of the encryption container, wherein the encryption container is a container corresponding to the encryption container disk image (11), wherein the encryption container disk image (11) further comprises a local authorization file corresponding to the working software (12), and the operating system comprises: a booting request obtaining unit (100), adapted to obtain a booting request to boot the working software (12) of the software file; an encryption memory allocation unit (110), adapted to boot the bootstrap program (2) of the software file according to the booting request and allocate an encryption memory for an encryption container corresponding to the software file; wherein the bootstrap program comprises an encryption container disk image and working software obtaining unit (120), adapted to instruct the security processor to obtain the first decryption key of the encryption container disk image file (1) of the software file and send the first decryption key to the encryption container, so that the encryption container decrypts the encryption container disk image file (1) to obtain the encryption container disk image (11) and the working software (12) to be stored into the encryption memory, wherein the encryption container comprises a working software booting unit (130), adapted to boot the working software (12) when the encryption container determines that the local authorization file in the encryption container disk image (11) is legal, wherein the local authorization file is legal when the local authorization file is within a validity period, and/or is within a trial period.
  9. The software running apparatus according to claim 8, characterized in that : the software running apparatus further comprises: an authorization reply obtaining unit (140), adapted to instruct the encryption container, when the encryption container determines that the local authorization file of the working software (12) is illegal, to obtain an authorization reply from a software server corresponding to the working software (12), so as to boot the working software (12) when the encryption container obtains an authorization legal reply; optionally, wherein the authorization reply obtaining unit (140) is further adapted to instruct the encryption container, when the encryption container determines that the local authorization file of the working software (12) is illegal, to obtain an authorization reply from a software server corresponding to the working software (12), so as to exit abnormally when the encryption container obtains an authorization illegal reply; optionally, wherein the authorization reply obtaining unit (140), when adapted to instruct the encryption container to obtain an authorization reply from a software server corresponding to the working software (12), is adapted to: instruct the encryption container to obtain software authorization feature information of the working software (12) and a software authorization code obtained according to the software authorization feature information; and instruct the encryption container to send the software authorization feature information and the software authorization code to the software server of the working software (12) to obtain the authorization reply.
  10. The software running apparatus according to claim 8 or 9, characterized in that : the working software booting unit (130) is further adapted to boot the working software (12) in a trial state when the encryption container is instructed to be connected to a software server of the working software (12) and the encryption container is not capable of being connected to the software server; optionally, wherein the software file further comprises a key ciphertext (5) obtained by encrypting the first encryption key (3) with a second encryption key (4), and the encryption container disk image and working software obtaining unit (120), when adapted to instruct the security processor through the bootstrap program (2) to obtain the first decryption key of the encryption container disk image file (1) of the software file and send the first decryption key to the encryption container, so that the encryption container decrypts the encryption container disk image file (1), is further adapted to: instruct the security processor through the bootstrap program (2) to obtain a second decryption key for the key ciphertext (5), decrypt the key ciphertext (5) to obtain the first encryption key (3) wherein the second decryption key corresponds to the second encryption key (4); optionally, wherein the second encryption key (4) comprises a second public key, and the second decryption key comprises a second private key, and the encryption container disk image and working software obtaining unit (120), when adapted to instruct the security processor through the bootstrap program (2) to obtain the first decryption key of the encryption container disk image file (1) of the software file and send the first decryption key to the encryption container, so that the encryption container decrypts the encryption container disk image file (1), is further adapted to: instruct the security processor through the bootstrap program (2) to obtain the second private key, decrypt the key ciphertext (5) to obtain the first encryption key (3) and the first decryption key corresponding to the first encryption key (3).

Description

CROSS-REFERENCE TO RELATED APPLICATION The present application claims priority of the Chinese Patent Application No. 202310865291.X filed on July 13, 2023. TECHNICAL FIELD Embodiments of the present disclosure relate to a software file, a software running method and an apparatus related thereto. BACKGROUND Commercialized software is usually released through offline sale of CDs and online downloads, and is licensed to allow a user to use a function of the software in order to achieve the profits of the enterprise. However, through the reverse analysis technology, the pirated software can invalidate the authorization function of the software, but the business function of the software can still work normally, which will greatly affect the profits of the software enterprise. Therefore, the ability to prevent software piracy is directly related to the profits of the software enterprise. Software reverse analysis technology by disassembling the software binary file to obtain its computer CPU instruction, and then analyze and crack. Therefore, in order to prevent the disassembly of the software binary file, the software is encrypted to form encrypted software to improve the anti-piracy ability of the software. However, for the encrypted software, it is still possible to implement to reverse and crack the encrypted software. Therefore, how to improve the anti-reversal and anti-cracking ability of the software has become an urgent problem for those skilled in the art to solve. "High-Secured Data Communication for Cloud Enabled Secure Docker Image Sharing Technique Using Blockchain- Based Homomorphic Encryption" presents a distributed-system framework called Safe Decker Image Sharing with Homomorphic Encryption and Blockchain (SeDIS-HEB). WO2021/004863A1 provides techniques facilitating security hardening systems that host containers. SUMMARY The technical problem solved by embodiments of the present disclosure is how to improve the anti-reversal and anti-cracking ability of the software. The invention is defined by the attached independent claims. In order to solve the above problem, embodiments of the present disclosure provide the following technical solutions. Embodiments of the present disclosure provide a software file, which includes: an encryption container disk image file, encrypted by a first encryption key and comprising an encryption container disk image packaged with working software;a bootstrap program, used to instruct a security processor to obtain a first decryption key corresponding to the first encryption key, so that an encryption container decrypts the encryption container disk image file according to the first decryption key to obtain the encryption container disk image and the working software stored to an encryption memory of the encryption container, the encryption container being a container corresponding to the encryption container disk image and the encryption container disk image further comprising a local authorization file corresponding to the working software, the working software being booted when the local authorization file is legal. Optionally, the software file further includes a key ciphertext of the first encryption key, the key ciphertext is obtained by encrypting the first encryption key with a second encryption key; the bootstrap program is used to instruct the security processor to decrypt the key ciphertext according to a second decryption key to obtain the first encryption key and the first decryption key, so that the encryption container decrypts the encryption container disk image file according to the first decryption key to obtain the encryption container disk image and the working software stored to the encryption memory of the encryption container, the first encryption key corresponds to the first decryption key, and the second decryption key corresponds to the second encryption key. Optionally, the second encryption key comprises a second public key, and the second decryption key comprises a second private key. Optionally, the first encryption key comprises a first public key, and the first decryption key comprises a first private key. Embodiments of the present disclosure further provide a software running method adapted to an operating system, the software includes the software file according to any one described above, and the software running method includes: obtaining a booting request to boot the working software of the software file;booting the bootstrap program of the software file according to the booting request and allocating an encryption memory for an encryption container corresponding to the software file;instructing the security processor through the bootstrap program to obtain the first decryption key of the encryption container disk image file of the software file and sending the first decryption key to the encryption container, so that the encryption container decrypts the encryption container disk image file to obtain the encryption container disk