Products Main Summary FAQ Customers Contact TOC Choose format
FAQ - Dangers and their treatment
What is the difference between active and passive encryption?
Text encryption is passive. An eavesdropper does not learn anything new that otherwise would not have been learnt if the parties had used other means of communication - for example personal meeting in a secure environment. People usually take this for granted, but it is understandable because this is our natural state. However, recently deployed information technology starts to reshape this perception. Without unbreakable text encryption, deployment of mass wiretapping tools is a threat to our freedom.
UPE is an active form of encryption because the process ends in a program, which can be executed. One may encrypt agents with big effects in a strongly networked environment. It is capable of redistributing power and control. This feature poses a danger which makes special constraints on our business strategy, especially on our business and development models, working environment and methods of attracting investment and talent.
TPVS's unique and powerful universal program encryption (UPE) technology has not only exciting promises but also some dangers (as every important technological achievement does if it is used carelessly or maliciously).
One can encrypt any program by UPE. But we do not want to give tips for malicious use and inadvertently rise the interest for it. The well-known phrase "Forewarned is forearmed" has never been more important, therefore our team does address these issues carefully and thoroughly. One of the most fascinating advantages of UPE technology is that the very same technology (if it is introduced in the correct way and order) can prevent the extremities it otherwise poses.
Will UPE push intellectual property protection to the extreme?
Yes, it may. It is an ideal tool for copyright and intellectual property right fundamentalists. If somebody implements an algorithm, and encrypts it by UPE, no one can find it out, no one can learn from it, unless the algorithm is reinvented independently - or UPE is cracked, which we think is impossible, unless P=NP. Dealing with intellectual property is a very difficult task. Its treatment defines whole cultures and economies.
The main advantage of UPE technology is its flexibility. One can implement (in a tamper-proof way) expiring encryptions, and OS-es allow programs to run only with such encryptions, following some universally or locally accepted standards. Thus the above problem is solved.
How to avoid the little roly-poly scenario?
The name of this scheme comes from a well known tale. Little roly-poly just devours everything and at the end it bursts. One can do the same with program encryption. By slightly modifying the output channels of a program (encrypted or not) one can encrypt it and no one can prove what was the original.
As long as UPE is kept in secret, the little roly-poly scenario can be avoided by the policy that we do not encrypt encrypted programs, or programs with questionable intellectual property. There are also some technical solutions which make these tricks more difficult which we implement into our products if requested.
I have nothing to hide. Should I still use UPE?
Yes, obviously. Every not verified software contains bugs and unexpected security breaches. Crackers can find these hidden weaknesses by disassembling the executables. If you encrypt the code by UPE, they can use only the far less economical trial and error method to uncover the security holes. If the security breach is not primitive, then program encryption makes your buggy program more secure.
Also, even if the crackers have access to your source code, for example because your program is an open source program, or the source code is stolen, your users are still protected against several attacks which are based on overwriting the executables at some points. (This is not necessarily true if you apply only a weak form of UPE, like the secure key hiding technology.) So, even if the crackers do know the weaknesses of your product, they cannot apply a popular attack.
Furthermore, if your program, - used e.g. for viral marketing - contains an ad or message, which some people - well, who else, your competitors - dislike, or somebody just want to ridicule you or to cause harm, they can change your message to their own advantage not for yours. They also may hide malicious code in your program to ruin your reputation. Applying universal program encryption (UPE) keeps the integrity of your message and prevent any modification of your program. You have full control, and you are not at the mercy of some faceless criminal, idiot or your sneaky competitors.