Validy Technology (VT) is a program protection method. It uses a secure coprocessor and manipulates variables mandatory for the correct execution of the program inside this coprocessor.
The secure coprocessor uses a silicon chip which can take several different form factors:
VT is based on a "subtractive" protection method, hiding "critical portions" of the program in the coprocessor, but instead of securely executing "Remote Procedure Calls", it secures part of the program state. In other words, it permanently keeps some of the program variables into the coprocessor and during execution of the program the values of the variables residing into the coprocessor are modified. VT ensures secure execution of the modifications by sending encrypted instructions to the coprocessor (instructions are encrypted at compilation time). Only when absolutely necessary, the value of one of the variables residing inside the coprocessor, or even better, information derived from one or several of those variables, is transmitted back to the main part of the program. VT security is based on the extreme difficulty for an attacker to regenerate correct values during those transmissions.
For added security, the coprocessor continuously monitors the instruction flow conformance to what was planned at program compile time. To this means, the coprocessor architecture and
instruction set are designed with the addition of special fields allowing automatic real-time monitoring of the chaining of the instructions. This security mechanism is simple to implement yet extremely powerful. If the coprocessor detects an anomaly, it can take
retaliation measures forcing the program to stop: if the coprocessor stops working, part of the program state is suddenly missing and the program cannot continue working.
With the execution of a few coprocessor "XOR" instructions or with the execution of a specially designed coprocessor "MutualCheck" instruction, this security mechanism is simply extended to mutually protect several different computations executed inside the coprocessor i.e. if one computation is modified or suppressed, another-one will fail. Mutual protection, in turn, greatly enhance VT protection abilities:
VT rests on well-known computer science principles. Its implementation doesn't present major stumbling blocks and doesn't require secret know-how. VT doesn't require a secure machine to execute but just a secure coprocessor. It can work with any operating system or even with embedded systems.
Protection of a program must be done by the software publisher creating or maintaining the program. During the protection of a program, most of the protection work is automatic because moving variables to the coprocessor and modifying them here is a classical compilation problem similar to the use of an arithmetic coprocessor. Also most of the program integrity verification (for instance verifying the chaining of the instructions or protecting the calling graph) can be automated with a compiler.
Several manufacturers already build secure microcontrollers that can be used for VT. Those components are generally designed for banking cards applications; they have a low price tag and a high security level. With an appropriate program runtime and microcontroller firmware, the microcontroller can be seen by the program as a "loosely coupled" coprocessor, plugged for instance on the USB bus, without requiring any hardware change to the machine.
Despite the lose coupling between the main processor and the coprocessor, the execution inside the coprocessor takes place concurrently with the execution of the main part of the program
and the program slowdown is minimal.
We have gone all the path from inventing the concepts, protecting the intellectual property, implementing a USB coprocessor and the associated runtime for Windows, implementing two compilers (one for Java and one for .NET) to finally demonstrating that protected programs are running with acceptable performance. We now intend to grant licenses to interested parties. If anyone is interested in the Validy Technology, then feel free to contact. CYBER COPS India will be happy to provide expert services with the original inventors and the patent holders - Validy Net Inc.
The secure coprocessor uses a silicon chip which can take several different form factors:
- USB key,
- SIM Module,
- MMC Card,
- Smart card,
- SMD device...
VT is based on a "subtractive" protection method, hiding "critical portions" of the program in the coprocessor, but instead of securely executing "Remote Procedure Calls", it secures part of the program state. In other words, it permanently keeps some of the program variables into the coprocessor and during execution of the program the values of the variables residing into the coprocessor are modified. VT ensures secure execution of the modifications by sending encrypted instructions to the coprocessor (instructions are encrypted at compilation time). Only when absolutely necessary, the value of one of the variables residing inside the coprocessor, or even better, information derived from one or several of those variables, is transmitted back to the main part of the program. VT security is based on the extreme difficulty for an attacker to regenerate correct values during those transmissions.
For added security, the coprocessor continuously monitors the instruction flow conformance to what was planned at program compile time. To this means, the coprocessor architecture and
instruction set are designed with the addition of special fields allowing automatic real-time monitoring of the chaining of the instructions. This security mechanism is simple to implement yet extremely powerful. If the coprocessor detects an anomaly, it can take
retaliation measures forcing the program to stop: if the coprocessor stops working, part of the program state is suddenly missing and the program cannot continue working.
With the execution of a few coprocessor "XOR" instructions or with the execution of a specially designed coprocessor "MutualCheck" instruction, this security mechanism is simply extended to mutually protect several different computations executed inside the coprocessor i.e. if one computation is modified or suppressed, another-one will fail. Mutual protection, in turn, greatly enhance VT protection abilities:
- Mutual protection prevents an attacker to use a "divide and conquer" approach to gradually remove protections.
- Mutual protection allows the coprocessor to verify program integrity during execution by executing integrity checks that cannot be removed. One very effective such check is to verify that the calling graph of the program is not modified.
- Mutual protection allows a background thread to protect real time threads.
- Mutual protection allows protected programs to mutually protect the others. For instance, to attack a client program, one must also attack the server program.
- Mutual protection allows data protection by permitting effective generation/check of data authentication information or by permitting effective encryption/decryption of data.
VT rests on well-known computer science principles. Its implementation doesn't present major stumbling blocks and doesn't require secret know-how. VT doesn't require a secure machine to execute but just a secure coprocessor. It can work with any operating system or even with embedded systems.
Protection of a program must be done by the software publisher creating or maintaining the program. During the protection of a program, most of the protection work is automatic because moving variables to the coprocessor and modifying them here is a classical compilation problem similar to the use of an arithmetic coprocessor. Also most of the program integrity verification (for instance verifying the chaining of the instructions or protecting the calling graph) can be automated with a compiler.
Several manufacturers already build secure microcontrollers that can be used for VT. Those components are generally designed for banking cards applications; they have a low price tag and a high security level. With an appropriate program runtime and microcontroller firmware, the microcontroller can be seen by the program as a "loosely coupled" coprocessor, plugged for instance on the USB bus, without requiring any hardware change to the machine.
Despite the lose coupling between the main processor and the coprocessor, the execution inside the coprocessor takes place concurrently with the execution of the main part of the program
and the program slowdown is minimal.
We have gone all the path from inventing the concepts, protecting the intellectual property, implementing a USB coprocessor and the associated runtime for Windows, implementing two compilers (one for Java and one for .NET) to finally demonstrating that protected programs are running with acceptable performance. We now intend to grant licenses to interested parties. If anyone is interested in the Validy Technology, then feel free to contact. CYBER COPS India will be happy to provide expert services with the original inventors and the patent holders - Validy Net Inc.
