Authorization mechanism for the use of a software process with source code security

A method using a client certificate regenerator for secure authorization of non-compilable software code addresses the need for secure execution control in both on-premises and cloud environments, ensuring secure communication and preventing unauthorized access.

FR3143244B1Active Publication Date: 2026-06-12ELECTRICITE DE FRANCE

Patent Information

Authority / Receiving Office
FR · FR
Patent Type
Patents
Current Assignee / Owner
ELECTRICITE DE FRANCE
Filing Date
2022-12-07
Publication Date
2026-06-12

AI Technical Summary

Technical Problem

Existing solutions for securing and authorizing the use of non-compilable software code, such as those written in languages like Python or R, require maintaining storage and computing infrastructure for data processing, which can be cumbersome and violate data sensitivity regulations, especially in cloud environments.

Method used

A method using a regenerator of a client certificate signed by a certification authority, which regenerates and issues a client certificate upon application execution, establishing a secure connection with a server to execute obfuscated code, ensuring authorization and preventing access to the protected code, with optional deletion of the certificate after use.

Benefits of technology

Enables secure, granular, and remote control of protected code execution without requiring service-based infrastructure, ensuring secure communication and preventing unauthorized access, applicable in both on-premises and cloud environments.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure 00000009_0000
    Figure 00000009_0000
  • Figure 00000010_0000
    Figure 00000010_0000
  • Figure 00000011_0000
    Figure 00000011_0000
Patent Text Reader

Abstract

A method for executing protected software code is proposed. The method is implemented by an application containing a regenerator for a client certificate previously signed by a certification authority and obfuscated code corresponding to the protected software code. Upon execution of the application, the method comprises: - regenerating the client certificate using the regenerator and issuing a request including the client certificate; and - when, following the issuance of the request, a connection is established with a server and an indicative response confirming the validity of the client certificate is received via the established connection, executing the obfuscated code within the software container; otherwise, terminating the application without executing the obfuscated code. Abstract: Figure 1
Need to check novelty before this filing date? Find Prior Art

Description

Title of the invention: Authorization mechanism for the use of a software process with source code security technical field

[0001] This disclosure falls within the domain of information systems security.

[0002] More specifically, this disclosure relates to a method for executing protected software code, a corresponding computer program and recording medium. Previous technique

[0003] Regarding authorization to use proprietary software, the state of the art is based on two principles: - Protected software code, i.e., secure software code, can be installed on on-premises servers, in other words locally, and authorization to use it is then subject to a license, meaning that a key or a file allows the software code to function, or - the protected software code is accessible as a hosted service, for example in a cloud computer network, or "cloud", and the operator offers all the necessary authorization mechanisms to allow its execution without giving access to the code itself.

[0004] Many research projects, particularly in the field of machine learning, lead to the production of computer codes using programming languages ​​that do not compile, such as Python or R.

[0005] To secure such code, one possible solution is not to distribute it. For example, it may be stipulated that the owner of protected software code collects data transmitted to him by a user, processes this data using the protected software code he owns, and transmits only the result of this processing to the user.

[0006] This service-based approach has the disadvantage for the owner of the protected code of maintaining a storage and computing infrastructure to process the data of its partners and clients. Furthermore, if the data is sensitive, sharing it can prove cumbersome given the applicable regulations.

[0007] There is therefore a need for a mechanism allowing a user to use protected software code which can be written in a non-compilable language, without disclosing the content of the lines of code to the user and without requiring the maintenance of storage and computing infrastructures. Summary

[0008] This disclosure improves the situation.

[0009] A method for executing protected software code is proposed, the method being implemented by an application containing a regenerator of a client certificate previously signed by a certification authority and an obfuscated code corresponding to the protected software code, the method comprising, upon execution of the application: - regenerate the client certificate using the regenerator and issue a request including the client certificate, and - when, following the issuance of the request, a connection is established with a server and an indicative response of the validity of the client certificate is received via the established connection, execute the obfuscated code in the software container, otherwise, stop the execution of the application without executing the obfuscated code.

[0010] The client certificate is regenerated only once per application execution and can be regenerated and reused during subsequent application executions. The client certificate grants authorization to use the protected code, which can be limited, particularly in terms of time, and enables secure communication with the authorization server. Access to the protected software code is prevented by its obfuscation. The application can be, for example, a software container that can be stored either on-premises infrastructure or in the cloud and does not require delivery as a service.

[0011] It has been found that the proposed method does not cause any performance impact on the execution of the obfuscated code.

[0012] Implementing a secure and reliable authorization mechanism, with the ability to remotely control the execution of protected code, allows for granular management of execution authorization. For example, it is possible to grant authorization for a limited number of executions over a limited period, with the first one expiring. Furthermore, a server typically has a connection log that records, at the server level, all executions of the protected code implemented by applications distributed to a set of clients.

[0013] Optionally, the method further comprises: - Delete the regenerated client certificate immediately after the request is issued.

[0014] This strengthens the security of the authorization mechanism by preventing the client or a third party from accessing the client certificate.

[0015] Optionally, the certificate regenerator is offended.

[0016] This strengthens the security of the authorization mechanism by preventing the customer or a third party from obtaining a copy of the customer certificate through analysis of the certificate regenerator.

[0017] Optionally, the application is managed by a software container in a cloud computer network.

[0018] Unlike known solutions, the proposed authorization mechanism does not depend on a particular hardware component and is therefore applicable to the use of protected code in a decentralized network.

[0019] Optionally, the request is an HTTPS request.

[0020] In general, it is desirable that each data link used to implement the process be a secure link, so as to prevent any interception of data streams and, more specifically, any interception of the client certificate. These secure links obviously include the data link between the application and the server, but also, potentially, data links within the client's computer system or within the computer system to which the server is connected.

[0021] Optionally, the execution of the application is triggered by a task scheduling software.

[0022] This makes it possible in particular to force a periodic renewal of the authorization to execute the protected code, for example every day, and possibly transparently for the end user.

[0023] A computer program is also proposed comprising instructions for implementing the above process when this program is executed by a processor.

[0024] A non-transient recording medium readable by a computer is also proposed on which a program is recorded for the implementation of the above process when this program is executed by a processor. Brief description of the drawings

[0025] Other features, details and advantages will become apparent from reading the detailed description below and from analyzing the accompanying drawings, in which: Fig. 1

[0026] [Fig.1] represents a network architecture connecting computer systems for the implementation of protected code. Fig. 2

[0027] [Fig.2] illustrates by means of a flowchart a method of executing protected software code, according to an example of an embodiment. Fig. 3

[0028] [Fig.3] illustrates by means of a flowchart a validation and authorization process that can be implemented on the server side for authorization to execute software code protected by a client-side application, according to an example embodiment. Description of the implementation methods

[0029] Code obfuscation is a known technique that makes computer code unreadable to humans while maintaining its "executability" by the machine.

[0030] Regarding authorization to use obfuscated code, several licensing mechanisms are known: via NTP (Network Time Protocol), disk serial number, or MAC address. These licensing mechanisms are not entirely satisfactory. The NTP protocol is not a secure protocol. Moreover, with limited networking knowledge, it is easy to redirect the address of an NTP server to another server and enable the software-implemented process to be used indefinitely. Authorizations linked to a specific disk serial number or MAC address are also unsuitable in the cloud. Indeed, it is not possible to know the serial number of the underlying hard drive or the MAC address of the network interface, and, more importantly, there is no guarantee that these components are fixed.

[0031] The invention differs from the prior art and aims to allow the granting of a time-limited authorization to use a software-implemented process, both locally and in a "cloud", without requiring an implementation of the type of a service provision and without allowing access to the source code.

[0032] To this end, a method is proposed implemented by an application containing a regenerator of a client certificate previously signed by a certification authority and an obfuscated code corresponding to the protected software code, the method comprising, upon execution of the application: - regenerate the client certificate using the regenerator and issue a request including the client certificate, and - when, following the issuance of the request, a connection is established with a server and an indicative response of the validity of the client certificate is received via the established connection, execute the obfuscated code in the application, otherwise, stop the execution of the application without executing the obfuscated code.

[0033] Code protection is ensured by a combination of its obfuscation with a secure use authorization mechanism whose execution is compatible with both on-site use and use in a "cloud".

[0034] A particular example of an embodiment is now described with reference to [Fig.1] which represents a network architecture connecting computer systems for the implementation of protected code.

[0035] A first computer system (104) of a client allows a user terminal (102) of the client to access an application (100) designed to control the execution of protected code. The protected code is obfuscated to make it inaccessible to the client.

[0036] A second computer system (204) from a supplier implements a validation and authorization server (200). The computer systems (104, 204) are adapted to be able to implement, under certain conditions, communication between the application (100) and the validation and authorization server (200) before the application (100) triggers the execution of the protected code.

[0037] By way of example, in [Fig.1], the computer systems (104, 204) are represented in the form of clouds and the validation and authorization server (200) is considered to have been previously configured from a user terminal (202) of the provider.

[0038] In order to ensure the security of exchanges between the application (100) and the validation and authorization server (200), one possibility is to implement a mini public key infrastructure or "mini-pki" based on an SSL mechanism.

[0039] The SSL mechanism is as follows. Using a cryptography tool, for example OpenSSL, it is possible to create a certificate authority and generate a certificate of the certificate authority as well as a server certificate and client certificates signed by the certificate authority. Each client certificate thus generated can be intended for a particular target client.

[0040] The server certificate is provided to the validation and authorization server (200) to implement two-way authentication of the "SSL two-way" type.

[0041] The mini public key infrastructure includes, at the application level (100), an integration code generator. An integration code is a technical security code. In the example of the SSL mechanism mentioned, the technical security code is configured to regenerate, during its execution, a client certificate intended for a target client. This client certificate is signed by the certificate authority and can be recognized by the validation and authorization server (200) that holds the server certificate.

[0042] To establish a secure connection with the authorization server, the SSL mechanism needs to write the certificates to disk. To address the issue of leaving no trace of these certificates after the connection with the server (200), it is possible to implement a volatile write operation to disk for the certificates only at the time of connection, with the generated temporary files then disappearing instantly. In addition to this precaution, the technical security code can be obfuscated to ensure that neither the client nor a malicious third party has access to its contents.

[0043] To design a version of the application (100) for a target client, one possibility is now detailed. A client certificate signed by the certification authority is generated for the target client. A software module is then created to incorporate the client certificate for the target client and the certificate of the certification authority. The software module can, for example, be written in Python. The software module and The code to be protected can be combined and compromised together.

[0044] The resulting package takes the form of an application that can be installed, for example, on a virtual machine. A particular option involves installing the application in a software container, that is, a lightweight execution environment that groups together all the system components necessary to run its content. In this case, the application's content includes at least the software module and the protected code. Such a container can be distributed either as on-premises software or as a hosted subscription service.

[0045] A particular embodiment is now described with reference to [Fig.2] which represents a flowchart of a computer program suitable for implementing a method of executing the software code protected by the application (100) in a given version for a target client.

[0046] The execution of the application (100) can be triggered in various ways, active or passive. An example of an active trigger is a human-computer interaction at the level of a user terminal (102) of the client. An example of a passive trigger is the passing of a predefined time marker in task scheduling software.

[0047] At runtime, the application (100) creates, or regenerates (300), via the software module, the certificate of the certification authority and the client certificate for the target client signed by the certification authority. These certificates are temporarily regenerated as certificate files. There are many known methods for actively or passively deleting files after their intended use.

[0048] The application sends (302) a request to the validation and authorization server (200). The request presents the client certificate for the target client.

[0049] The application acts as a launcher for the obfuscated protected code and conditions the execution (310) of the obfuscated protected code on a double check: - the first check (304) concerns the establishment of the secure connection between the application (100) and the server (200), and - the second check (306) concerns the acceptance by the server (200) of the client certificate provided by the application (100) in the request.

[0050] Conversely, any SSL error or bad response from the server (200) results in the application exiting (100).

[0051] As soon as the certificates are no longer needed, that is, as soon as the request is issued (302), they are automatically deleted (308). This deletion occurs regardless of whether the secure connection is subsequently established or whether an SSL error or a bad response from the server causes the application to exit.

[0052] By proceeding in this way, the version of the application (100) delivered to the target client is certain to be addressing the correct server. In fact, any attempt to connect to another server results in an SSL error because only the certificate authority is considered trustworthy. Conversely, the server (200) only accepts client certificates that have been signed by the certificate authority.

[0053] The validity of the client certificate corresponds to a time limit on the usage authorization that can be granted. This duration can be modified, i.e., extended or reduced, by actions taken at the server level (200). In particular, it is possible to terminate usage authorization for a target client by revoking the client certificate for that target client.

[0054] The server infrastructure can be implemented in different ways with commercial software or with specific software.

[0055] A particular embodiment is now described with reference to [Fig.3] which represents a flowchart of a computer program suitable for implementing a validation and authorization process by the validation and authorization server (200).

[0056] The server (200) receives (400) a request, issued by the application (100) and presenting a client certificate. The server thus obtains (402) the presented client certificate and verifies (404) whether this certificate has been signed by the certificate authority.

[0057] When the result of this check is positive, that is, when the server recognizes the presented client certificate, a secure communication is established (408) with the application (100).

[0058] The server, after subsequently verifying (410) the validity of the presented client certificate, emits (412) a signal indicating authorization to execute the protected code. The execution of the protected code can therefore be triggered by the application (100).

[0059] If the presented client certificate is invalid, for example because its validity date has expired, the target client is not authorized to execute the protected code. The server then emits (414) a signal indicating a lack of authorization to execute the protected code. Execution of the protected code by the application (100) is therefore prohibited, which, in combination with the process described with reference to [Fig. 2], results in the termination of the application (100).

[0060] If the server does not recognize the presented client certificate, the connection is not established (406), which, in combination with the process described with reference to [Fig.2], results in the application being closed (100).

Claims

Demands

1. A method for executing protected software code, the method being implemented by an application containing a regenerator for a client certificate previously signed by a certification authority and an obfuscated code corresponding to the protected software code, the method comprising, upon execution of the application: - regenerating, using the certificate regenerator, the client certificate and issuing a request including the client certificate, and - when, following the issuance of the request, a connection is established with a server and an indicative response of the validity of the client certificate is received via the established connection, executing the obfuscated code in the application, otherwise, stopping the execution of the application without executing the obfuscated code.

2. Method according to claim 1, further comprising: - deleting the regenerated client certificate immediately after the request is issued.

3. Method according to claim 1 or 2, wherein the certificate regenerator is obliterated.

4. A method according to any one of claims 1 to 3, wherein the application is managed by a software container in a cloud computer network.

5. A method according to any one of claims 1 to 4, wherein the request is an HTTPS request.

6. A method according to any one of claims 1 to 5, wherein the execution of the application is triggered by task scheduling software.

7. A computer program comprising instructions for carrying out the method according to any one of claims 1 to 6 when this program is executed by a processor.

8. A non-transient, computer-readable recording medium on which a program is recorded for the implementation of the method according to any one of claims 1 to 6 when this program is executed by a processor.