What technology area does this patent fall under?

Primary CPC classification G06F21/121. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Nov 11 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).

Software protection method and apparatus, electronic device, and storage medium

US12468787B2 · US · B2

Patent metadata
Field	Value
Publication number	US-12468787-B2
Application number	US-202318467252-A
Country	US
Kind code	B2
Filing date	Sep 14, 2023
Priority date	Mar 15, 2021
Publication date	Nov 11, 2025
Grant date	Nov 11, 2025

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

The present disclosure provides a software protection method and apparatus, an electronic device and a storage medium. By identifying the sensitive data in the software source code and determining the point of use of the sensitive data; setting the sensitive data in the read-only section of the compilation product of the software source code so that the sensitive data is stored in the read-only area when the software is running; inserting the check code into the above point of use of the sensitive data, where the check code is used to check whether the sensitive data read is in the read-only area while the software is running, and determine whether to continue running the software according to the check result, embodiments of the present disclosure realize the integrity verification of the sensitive data, and thereby prevent the sensitive data from being corrupted with low performance overheads.

First claim

Opening claim text (preview).

What is claimed is: 1 . A software protection method, executed by a compiler in an electronic device during a compilation process, comprising: identifying sensitive data created by the compiler during the compilation process and determining a point of use of the sensitive data, wherein the sensitive data is operands of sensitive operations recognized by the compiler, the sensitive operations comprise program counter update, a sensitive application programming interface (API) call, a security check and a business-critical operation, wherein the business-critical operation comprises transferring and password decryption; setting the sensitive data in a read-only section of a compilation product of a software source code, so that the sensitive data is stored in a read-only area when a software is running; and inserting a check code at the point of use of the sensitive data, wherein the check code is used to check whether sensitive data read is in the read-only area while the software is running, and determine whether to continue running the software according to a check result wherein the identifying the sensitive data created by the compiler during the compilation process and determining the point of use of the sensitive data comprises: identifying data with a special marker as the sensitive data; and determining that a point of a memory read instruction associated with the sensitive data is the point of use of the sensitive data, wherein the memory read instruction is used to read the sensitive data by a pointer. 2 . The method according to claim 1 , wherein before the identifying the data with the special marker as the sensitive data, the method further comprises: identifying an instruction containing the sensitive operations according to a preset rule, and marking data used by the instruction using the special marker; and associating the data with the memory read instruction. 3 . The method according to claim 2 , wherein the method further comprises: marking the memory read instruction using the special marker; the inserting the check code at the point of use of the sensitive data comprises: inserting the check code before the marked memory read instruction; or modifying the marked memory read instruction to the memory read code containing the check code. 4 . The method according to claim 3 , wherein the setting the sensitive data in the read-only section of the compilation product of the software source code comprises: identifying a collection of legitimate values of the sensitive data, constituting an allowlist, and setting data in the allowlist in the read-only section of the compilation product of the software source code; and setting the sensitive data as the data in the allowlist. 5 . The method according to claim 2 , wherein the setting the sensitive data in the read-only section of the compilation product of the software source code comprises: identifying a collection of legitimate values of the sensitive data, constituting an allowlist, and setting data in the allowlist in the read-only section of the compilation product of the software source code; and setting the sensitive data as the data in the allowlist. 6 . The method according to claim 1 , wherein the setting the sensitive data in the read-only section of the compilation product of the software source code comprises: identifying a collection of legitimate values of the sensitive data, constituting an allowlist, and setting data in the allowlist in the read-only section of the compilation product of the software source code; and setting the sensitive data as the data in the allowlist. 7 . The method according to claim 6 , wherein the determining whether to continue running the software according to the check result comprises: continuing running the software if the sensitive data read is in the read-only area; and blocking the software from running if the sensitive data read is not in the read-only area. 8 . The method according to claim 1 , wherein the setting the sensitive data in the read-only section of the compilation product of the software source code comprises: identifying a collection of legitimate values of the sensitive data, constituting an allowlist, and setting data in the allowlist in the read-only section of the compilation product of the software source code; and setting the sensitive data as the data in the allowlist. 9 . The method according to claim 1 , wherein the check code is generated based on features provided by different processors, hardware, or operating systems. 10 . An electronic device, comprising: at least one processor and a memory; the memory stores computer executable instructions; and the at least one processor executes the computer executable instructions stored in the memory, enables the at least one processor to: identify sensitive data created during a compilation process and determine a point of use of the sensitive data, wherein the sensitive data is operands of sensitive operations recognized by the compiler, the sensitive operations comprise program counter update, a sensitive application programming interface (API) call, a security check and a business-critical operation, wherein the business-critical operation comprises transferring and password decryption; set the sensitive data in a read-only section of a compilation product of a software source code, so that the sensitive data is stored in a read-only area when a software is running; and insert a check code at the point of use of the sensitive data, wherein the check code is used to check whether sensitive data read is in the read-only area while the software is running, and determine whether to continue running the software according to a check result wherein the at least one processor is configured to: identify data with a special marker as the sensitive data; and determine that a point of a memory read instruction associated with the sensitive data is the point of use of the sensitive data, wherein the memory read instruction is used to read the sensitive data by a pointer. 11 . The electronic device according to claim 10 , wherein the at least one processor is configured to: identify an instruction containing the sensitive operations according to a preset rule, and mark data used by the instruction using the special marker; and associate the data with the memory read instruction. 12 . The electronic device according to claim 11 , wherein the at least one processor is configured to: mark the memory read instruction using the special marker; and insert the check code before the marked memory read instruction; or, modify the marked memory read instruction to the memory read code containing the check code. 13 . The electronic device according to claim 12 , wherein the at least one processor is configured to: identify a collection of legitimate values of the sensitive data, constitute an allowlist, and set data in the allowlist in the read-only section of the compilation product of the software source code; and set the sensitive data as the data in the allowlist. 14 . The electronic device according to claim 11 , wherein the at least one processor is configured to: identify a collection of legitimate values of the sensitive data, constitute an allowlist, and set data in the allowlist in the read-only section of the compilation product of the software source code; and set the sensitive data as the data in the allowlist. 15 . The electronic device according to claim 10 , wherein the at least one processor is configured to: identify a collection of legitimate values of the

Assignees

Univ Tsinghua

Inventors

Classifications

G06F21/6245
Protecting personal data, e.g. for financial or medical purposes · CPC title
G06F21/121Primary
Restricting unauthorised execution of programs · CPC title
G06F21/125Primary
by manipulating the program code, e.g. source code, compiled code, interpreted code, machine code · CPC title
G06F21/64
Protecting data integrity, e.g. using checksums, certificates or signatures · CPC title
G06F21/52
during program execution, e.g. stack integrity {; Preventing unwanted data erasure; Buffer overflow} · CPC title

Patent family

Related publications grouped by family.

View patent family 76471788

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US12468787B2 cover?: The present disclosure provides a software protection method and apparatus, an electronic device and a storage medium. By identifying the sensitive data in the software source code and determining the point of use of the sensitive data; setting the sensitive data in the read-only section of the compilation product of the software source code so that the sensitive data is stored in the read-only…
Who is the assignee on this patent?: Univ Tsinghua
What technology area does this patent fall under?: Primary CPC classification G06F21/121. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Nov 11 2025 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 1 related publication on this page (citations in our corpus or others sharing the same primary CPC).