Search

KR-20260063757-A - CRYPTOGRAPHIC MODULE LICENSE PROTECTION DEVICE AND ITS METHOD

KR20260063757AKR 20260063757 AKR20260063757 AKR 20260063757AKR-20260063757-A

Abstract

The cryptographic module license protection device according to the present invention includes: a copy count setting module that sets the number of copies (replications) allowed by an allowable count setting program, which is a local count manager; and a cryptographic module installed in the device that receives the number of copies allowed set by the copy count setting module, monitors whether the number of copies allowed is exceeded, and restricts usage when the number of copies allowed is exceeded; thereby enabling license verification and management even in an environment without a network connection.

Inventors

  • 이선우
  • 김수현
  • 홍예진
  • 김민용
  • 김태훈
  • 이준영

Assignees

  • 한전케이디엔주식회사

Dates

Publication Date
20260507
Application Date
20241031

Claims (6)

  1. A copy count setting module that sets the number of copies (clones) allowed by an allowable count setting program, which is a local count manager; and A cryptographic module license protection device characterized by including a cryptographic module installed in a device, receiving the number of copies allowed set by the copy count setting module, monitoring whether the number of copies allowed is exceeded, and restricting use if the number of copies allowed is exceeded.
  2. In Article 1, The above cryptographic module is A copied count storage unit that records and stores the number of times a copy is made each time it is copied to a copy count file, which is a file that records the current number of copies of the above-mentioned cryptographic module; A copyable count storage unit in which the number of allowed copies is stored and managed according to the settings input from the above copy count setting module; An allowable count verification unit that compares and verifies the number of copyable counts set by the copyable count storage unit and the number of copyable counts to date stored in the copied count storage unit; and A cryptographic module license protection device characterized by including a main control unit that restricts additional use of the cryptographic module when the number of times copying is allowed is exceeded according to the verification result of the above-mentioned allowance verification unit.
  3. In Paragraph 2, The above keyword section A cryptographic module license protection device characterized by strengthening the license security of the cryptographic module by making the use of the cryptographic module impossible when the number of allowed copies is exceeded, and restricting it from operating correctly if the license is invalid.
  4. (a) A step in which a copy count setting module executes an allowable count setting program to input an allowable number of copies; (c) A step in which a storage unit of the number of copies allowed in the cryptographic module receives and stores the number of copies allowed set in the copy count setting module; (d) When a copy count storage unit performs a copy of the cryptographic module, a step of recording and storing the current number of copies of the cryptographic module in a copy count file; (e) A step in which an allowable count verification unit compares and verifies the allowable number of copies stored in the copyable count storage unit with the number of copies made up to now stored in the copied count storage unit; (f) a step in which the main keyword of the above cryptographic module determines whether the number of times copied up to now has exceeded the number of times allowed to copy based on the verification result in step (e); and (g) a step of making the use of the cryptographic module (100) impossible when the above keyword unit exceeds the number of times copying is allowed in step (f); characterized by including a cryptographic module license protection method.
  5. In Paragraph 4, A method for protecting a cryptographic module license, characterized in that if the above keyword part does not exceed the number of times copying is allowed in step (f) at step S600, the process after step (d), which stores the number of times copying is done, is repeated so that copying of the cryptographic module is performed up to the number of times copying is allowed set by the copy count setting module.
  6. In Paragraph 4, After the above step (a), (b) a step of encrypting and storing the number of copies allowed set by the copy count setting module within the allowable count setting program; further comprising a cryptographic module license protection method.

Description

Cryptographic Module License Protection Device and Method The present invention relates to a cryptographic module license protection device and a method thereof, and more specifically, to a cryptographic module license protection device and a method thereof that allows duplication only up to a predetermined number of times as a method to prevent unauthorized use of a cryptographic module. Existing cryptographic modules have a problem in that they cannot prevent unauthorized use when used in an offline environment because there is no way to manage licenses. The commonly used general method of license management is conducted in an online (Internet) environment. This method has the problem that management is possible only when communication with the license management server is possible, but it cannot be used offline. In the case of power systems, since there are many closed networks rather than open online environments, license management methods for online environments are not appropriate. In other words, there is a problem in that unauthorized use of the cryptographic module cannot be prevented because communication with the license management server is impossible. FIG. 1 is a configuration diagram of a cryptographic module license protection device according to the present invention. FIG. 2 is a diagram illustrating an example of setting the number of times copies are allowed in the copy count setting module of a cryptographic module license protection device according to the present invention. FIG. 3 is a diagram illustrating that the number of times a copy is allowed is encrypted in a cryptographic module license protection device according to the present invention. FIG. 4 is a flowchart of a cryptographic module license protection method according to the present invention. Terms and words used in this specification and claims should not be interpreted as being limited to their ordinary or dictionary meanings, and should be interpreted in a meaning and concept consistent with the technical spirit of the invention, based on the principle that the inventor can appropriately define the concept of the terms to best describe his invention. Therefore, the embodiments described in this specification and the configurations illustrated in the drawings are merely one preferred embodiment of the present invention and do not represent all of the technical ideas of the present invention; thus, it should be understood that various equivalents and modifications that can replace them may exist at the time of filing this application. Hereinafter, a cryptographic module license protection device and a method according to the present invention will be described with reference to the attached drawings. FIG. 1 is a configuration diagram of a cryptographic module license protection device according to the present invention. As illustrated in FIG. 1, the cryptographic module license protection device according to the present invention includes a copy count setting module (100) and a cryptographic module (200). The above copy count setting module (100) sets the allowable number of copies of the cryptographic module by the allowable number setting program, which is a local count manager, to allow the amount (number) of copies of the cryptographic module. That is, when an administrator executes an allowable count setting program as exemplified in FIG. 2 through the copy count setting module (100) and inputs a copy count, the copy count is encrypted within the allowable count setting program and then stored in the "set allowable count file." When the administrator presses save in Fig. 2, the copy count within the program is encrypted as shown in Fig. 3. For example, the above copy count setting module (100) changes the input copy count value into an unreadable encrypted value through the block cipher ARIA algorithm. More specifically, as illustrated in FIG. 3, the copy count setting module (100) converts the input value into a 16-byte block, adds padding, encrypts the data using the ARIA algorithm, and represents the encrypted result as a hexadecimal string. The padding mentioned above means that data is filled to fit the size of the block. For example, if I need to divide data into 16-byte blocks but I only have 15 bytes of data, I add a special value to fill the remaining 1 byte. In other words, if the data is ‘12345’, 11 zeros can be added to the end to fit into 16 bytes, and the added part is padding. The ARIA algorithm mentioned above is a block encryption algorithm that uses blocks of 16 bytes to divide data into blocks of a fixed size and encrypt them. For example, when A wants to send a message to B, if A uses ARIA to put the message into a lock and transmit it, the message can be safely delivered because the lock can only be opened with a special key. For reference, the above local count is an indicator representing the limited quantity of specific licenses that can be used simultaneously. The above replication or copying