JP2001118038A - Computer, computer system, and recording medium - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a computer, a computer system, and a recording medium which make it possible to record only input information from a proper device. SOLUTION: The computer is equipped with a storage part 32 which enters a data writable state only when receiving a write acknowledgement signal and an adequacy judgment part 10 which outputs the write acknowledgement signal to the storage part so that data received from a communication partner or data based upon the mentioned data can be written when the adequacy of the communication partner is authenticated by communicating with external equipment.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a computing device, a computer system, and a recording medium, and more particularly to a computing device and a recording device suitable for a device having a low computing capability to safely utilize the computing capability of a device having a high and reliable computing capability. It is about media.

[0002]

2. Description of the Related Art In recent years, computing devices, such as IC cards and memory cards, which are small and lightweight, have excellent portability, and can store various information, have become widespread.

However, since it is often difficult to provide such a portable computing device with sufficient computational power, a device called "requested computation" for performing a complicated computation by a device having a low computational power is required. May be used. According to this technology, for example, a calculation required for a bank IC card is performed by a cash transaction machine (ATM).
r Machine) and is used when performing complicated calculations.

[0004] On the other hand, various methods of using the portable computing device have been proposed, but depending on the type of information to be handled, it is necessary to prevent unauthorized information input / output and reliably prevent falsification of recorded information. . For example, there is a case where an IC card is used for storing electronic money or the above-described ATM, or a case where a copyrighted content (music or the like) to be prohibited from being illegally copied is stored in a memory card.

[0005] In these cases, in order to prevent inconvenience, it is necessary to surely authenticate whether the other computer system is legitimate. However, this authentication process requires some complicated calculations, and a portable computing device such as an IC card or the like may have a low computational capability and prevent unauthorized access from being sufficiently prevented.

Here, it is difficult to use the above-described request calculation technique at the stage before requesting calculation. First, it is necessary to check whether the requested computer (such as an ATM) is reliable (validity), and it is dangerous to perform processing dependent on the partner until the validity of the partner can be determined.

At present, portable equipment such as an IC card has
In order to provide a strong unauthorized access prevention mechanism, a complicated circuit (random number generator) capable of generating a highly uniform random number or the like is mounted. In addition to the case where this random number generator is used, there are also cases where random numbers are prepared in advance. That is, in determining the validity of the other party, authentication processing is performed using a random number prepared in advance. The reason why the random numbers are prepared in advance in this way is that high calculation capability is required to generate random numbers with high uniformity.

[0008]

However, if authentication is performed using a random number or the like prepared in advance, there is a limit to the defense ability against an attack from a malicious third party. That is, if the prepared random numbers are used up, there is a possibility that an attacker may analyze the pattern and impersonate a legitimate device.

The present invention has been made in view of such circumstances, and a first object of the present invention is to provide a computing device, a computer system, and a recording device capable of recording only input information from a legitimate device or process. To provide a medium.

A second object is to provide a computing device, a computer system, and a recording medium which have a high computing capability and depend on the computing capability of a reliable device and which can safely use information calculated by the device. To provide.

[0011]

According to a first aspect of the present invention, there is provided a computing device including a storage unit which is in a data writable state only when a write enable signal is received. .

When communication with an external device is performed and the validity of the communication partner is authenticated, the validity determination means enables data received from the communication partner or data based on the data to be written. , A write enable signal is output to the storage unit.

Therefore, it is possible to record only input information from a valid device.

[0014] Next, a second invention for solving the problem is that, in the first invention, when data received in the past from an external device whose authenticity has been authenticated is the result of arithmetic processing, the storage is performed. The data stored in the unit or the data based on the data is used as if it is data calculated by itself.

[0015] Therefore, it is possible to safely use the information calculated in the device, which depends on the calculation capability of the device having high and reliable calculation capability.

Next, a third invention for solving the problem is that in the first invention, in order to authenticate whether or not the external device to be communicated has legitimacy, the validity has been authenticated in the past. Data received from the external device and stored in the storage unit or data based on the data.

Therefore, the information calculated on the external device can be safely used depending on the calculation capability of the external device which has a high calculation capability and is reliable. This makes it possible to more effectively prevent external unauthorized access to the computing device.

Next, a computer according to a fourth aspect of the present invention for solving the problem includes a storage unit which is in a data writable state only when a write permission signal is received.

Then, only when the validity of a process for writing data to the storage unit by a valid procedure or an external device is authenticated, the validity determining means sends a write permission signal to the storage unit. Is output.

Therefore, it is possible to record only input information from a valid device or process.

Next, a fifth invention for solving the problem is that, in the fourth invention, the validity judgment by a valid procedure is performed by communicating with an external device and the validity of the communication partner is authenticated. Whether or not.

Therefore, writing to the storage unit can be performed only by emphasizing work with an external device, and the security of the stored contents can be further enhanced.

In a sixth aspect of the invention for solving the problem, in the fifth aspect, the data determining means determines the validity of the received data itself, and the data is already valid. Only when it is determined that the data is received from an authenticated external device, the data is written and input to the storage unit.

By confirming the validity of the data in this way, the normal operation of the computer based on the written data is guaranteed.

Next, a seventh invention for solving the problem is made for a computing system including at least a first computing device and a second computing device.

First, the first computing device includes a storage unit which is in a data writable state only when receiving a write permission signal. The communication unit communicates with the second computing device, and when the validity is authenticated, the validity determining unit stores the data received from the second computing device or data based on the data so that the data can be written. , A write enable signal is output.

Next, the second computing device communicates with the first computing device, and if its validity is authenticated, the data or write data to be written to the storage section of the first computing device. Is transmitted to the first computing device.

Therefore, only when the second computing device is a valid device, the transmission data and the like can be recorded in the first computing device.

Next, an eighth invention for solving the problem is a recording medium in which a program for causing a computer to realize the first invention is recorded.

The computer controlled by the program read from the recording medium functions as the computing device of the first invention.

Next, a ninth invention for solving the problem is a recording medium storing a program for causing a computer to realize the second invention.

The computer controlled by the program read from the recording medium functions as the computing device according to the second aspect.

Next, a tenth invention for solving the problem is as follows.
It is a recording medium on which a program for causing a computer to realize the third invention is recorded.

The computer controlled by the program read from the recording medium functions as the computing device according to the third aspect.

Next, an eleventh invention for solving the problem is as follows:
This is a recording medium on which a program for causing a computer to implement the fourth invention is recorded.

The computer controlled by the program read from the recording medium functions as the computing device according to the fourth aspect.

Next, a twelfth invention for solving the problem is as follows:
It is a recording medium on which a program for causing a computer to implement the sixth invention is recorded.

The computer controlled by the program read from the recording medium functions as the computing device according to the sixth aspect.

[0039]

Embodiments of the present invention will be described below.

(First Embodiment of the Invention) FIG. 1 is a block diagram showing a schematic configuration example of a computer according to the first embodiment of the present invention. The computing device 31 includes at least an access-restricted memory 32 and a validity determination circuit 10. The access-restricted memory 32 stores the data write line 3
And a physical switch 9 provided on a data write line 37 extending to the memory main body 8 to which information is actually written via a data read line 38 and read out via a data read line 38. I have.

The physical switch 9 is in a disconnected state in a normal state, and the data write line 3 is only used when the validity judgment circuit 10 judges that the data writer is valid.
7 is connected. The validity determination circuit 10 determines whether the access target (data writer) is valid, and controls the physical switch 9 so that the write line is connected only when the access target is valid.

Therefore, information can be freely read from the access-restricted memory 32 via the data read line 38, but if it is determined that the information is valid according to a predetermined valid procedure. Otherwise, writing to the access-limited memory 32 cannot be performed.

FIG. 2 is a diagram showing a configuration example of a computer system including a portable device to which the computer shown in FIG. 1 is applied and a server device.

The portable device 35 is a computing device having a low computing ability such as an IC card to which the computing device 31 shown in FIG. 1 is applied, and receives information from the server device 36,
Request calculation. Before these processes, the server device 36 is authenticated and key exchange is performed.

On the other hand, the server device 36 is a server that provides various information to the portable device 35 such as an IC card by encrypted communication, or receives a request calculation, and further transmits a random number for the next authentication to the portable device 35. Is provided.

The portable device 35 and the server device 36 each have a communication means for communicating between them, and are connected to a data transmission path to enable communication, or transmit and receive data wirelessly. (Not shown).

Here, in FIG. 1, the portable device 3
5 and the server device 36, the mutual authentication and the key exchange are performed by a challenge-response (Challenge-R).
(esponse; question-response) method.

Now, in order to perform authentication and key exchange based on the challenge-response and to exchange information thereafter, the portable device includes a secret operation circuit 2, a register 6, an access-restricted memory 32, a secret operation Circuit 5
, A validity determination circuit 10, a shared key generation circuit 12, an encryption / decryption processing circuit 41, and a content storage unit 42.

The secret operation circuit 2 performs an operation on the challenge (question) received from the server device 36, generates a response (response), returns the response to the server device 36, and stores the response in the register 6. The calculation performed at this time is a content that the third party cannot know the content of the calculation from the challenge and the response. This prevents a third party from making free input / output (challenge, response) and prevents impersonation of a legitimate device.

The register 6 temporarily stores the response generated by the secret operation circuit 2 and, if the authentication is successful, writes and inputs this information into the access-restricted type memory 32. Input to 12.

The access-restricted memory 32 has the configuration shown in FIG. 1, inputs the output of the register 6 from the data write line, and delivers the output from the data read line to the server device 36 as a challenge from the portable device 35. . In addition,
In the present embodiment, a random number for challenge is stored in the memory body 8. This random number is written in advance in an initial state (for example, at the time of shipment) by a legitimate means, and is changed each time the legitimate server device 36 is accessed thereafter.

The secret operation circuit 5 performs an operation on the read information (challenge) from the access-restricted type memory 32 under the same conditions as the secret operation circuit 2 to create a response. Output to the shared key generation circuit 12.

The validity judgment circuit 10 compares the response output from the secret operation circuit 5 with the response from the server device 36 in response to the challenge from the access-restricted memory 32. If the two responses match, the other party is valid. Authenticate that there is. If it is determined that the access is valid, the physical switch 9 of the access-restricted memory 32 is set to the connection state, and the contents of the register 6 are written into the memory body 8. If it is determined that the other party is not valid, it outputs a message indicating that the authentication has failed.

The shared key generation circuit 12 generates a shared key for the secret key cryptosystem with the server device 36 from the response output from the register 6 and the response output from the secret operation circuit 5, and communicates with the server device. Provide for encrypted communication.

The encryption / decryption processing circuit 41 includes a shared key generation circuit 1
Using the shared key generated by 2, the communication message to server device 36 is encrypted, and the communication message received from server device 36 is decrypted and stored in content storage unit 42.

The content storage unit 42 stores the decrypted content from the server 36.

On the other hand, the server device 36 has a random number generator 1
, Secret operation circuit 3, authentication circuit 7, secret operation circuit 4
, A shared key generation circuit 11, an encryption / decryption processing circuit 43, and a content storage unit 44.

The random number generator 1 generates a random number for authentication with the portable device 35 as a challenge (question) and sends it to the secret operation circuit 3 and the portable device 35. At this time, since the server device 36 has a sufficient calculation capability, the random number generated by the random number generator 1 has a sufficient accuracy.

The secret operation circuit 3 operates in the same manner as the secret operation circuit 2 on the portable device 35 side. The secret operation circuit 3 performs an operation on the challenge from the random number generator 1 to create a response and outputs the response to the authentication circuit 7. .

The authentication circuit 7 compares the response output from the secret operation circuit 3 with the response from the portable device 35 in response to the challenge from the random number generator 1, and authenticates the other party if both responses match. I do.
If it is determined that the response is valid, the response generated by the secret operation circuit 3 is output to the shared key generation circuit 11.
If it is determined that the other party is not valid, it outputs a message indicating that the authentication has failed.

The secret operation circuit 4 operates in the same manner as the secret operation circuit 5 on the portable device 35 side. The secret operation circuit 4 performs an operation on the challenge from the portable device 35 to generate a response, and the response is used as a shared key generation circuit. 12 is output.

The shared key generation circuit 11 generates a shared key for a secret key cryptosystem with the portable device 35 from the response output from the authentication circuit 7 and the response output from the secret operation circuit 4, and Provided for encrypted communication with

The encryption / decryption processing circuit 43 includes a shared key generation circuit 1
1 encrypts the content for the portable device 35 using the shared key generated, and decrypts the encrypted content received from the portable device 35. The content storage unit 44 stores content to be transmitted to the portable device 35.

Next, the operation of the computer system according to this embodiment configured as described above will be described. Here, a part for performing mutual authentication and key exchange will be described in detail.

1) First, the random number generator 1 of the server device 36
Then, a random number Ns-c for challenge (where s-c indicates data transmitted from the server to the client (here, the portable device 35)) is generated, and is transmitted to the portable device 35. Since the random number Ns-c (challenge) is generated by the server device 36 having sufficient calculation capability, the random number has a high randomness.

2) In the portable device 35, the secret operation circuit 2 calculates a response R'cs from the challenge Ns-c (cs indicates data sent from the client to the server), and R'c -S is stored in its own register 6 and sent to the server.

3) In the server device 36, an operation is performed on the challenge Ns-c by the secret operation circuit 3, and a response Rc-s is obtained as an operation result. The response Rc-s obtained by the secret operation circuit 3 and the portable device 3
5 is compared with the response R′cs sent from the portable device 35 if they are the same.
Is found to be legitimate. If not, the portable device 35 is considered an unauthorized device and stops the authentication and key sharing process.

4) On the other hand, the value Nc-s stored in the memory body 8 of the access-restricted memory 32 is transmitted from the portable device 35 to the server device 36 as a challenge.

5) In the server device 36, the secret operation circuit 4 converts the response N'-s from the challenge Nc-s.
−c is calculated and transmitted to the portable device 35.

6) The portable device 35 performs an operation on the challenge Nc-s by its own secret operation circuit 5, and obtains a response Rs-c which is a value obtained as a result.
And the response R's sent from the server device 36
-C is compared. As a result, if they are the same, the server device 36 is recognized as valid, and if not, the server device 36 is regarded as an unauthorized device and the authentication and key sharing process is stopped.

7) When the server device 36 is found to be valid according to 6), writing to the memory body 8 is permitted. That is, control is performed from the validity determination circuit 10 to connect the data write line to the physical switch 9, and the value stored in the register 6 of the portable device 35 is written in the memory body 8. The data R'cs written in the memory body 8 is a challenge Nc-s from the portable device 35 in the next authentication and key sharing process.
Used as

8) After authenticating the portable device 35, the shared key generation circuit 11 of the server device 36
A shared key (Ks) is generated from s and R's-c.

9) Similarly, after authenticating the server device 36,
In the shared key generation circuit 12 of the portable device 35,
A shared key (Ks) is generated from Rs-c and R'cs.

As described above, the secret operation circuit 2 and the secret operation circuit 3 operate in the same manner, and the secret operation circuit 4 and the secret operation circuit 5 operate in the same manner.
Further, the secret operation circuit 3 and the secret operation circuit 4 in the server device 36 may be the same circuit, and therefore, can be realized by one circuit, and the secret operation circuit 2 and the secret operation circuit in the portable device 35 can be realized. The same applies to No. 5. In this case, the secret operation circuit 2, the secret operation circuit 3, the secret operation circuit 4, and the secret operation circuit 5 all operate in the same manner.

As described above, when mutual authentication and key sharing (exchange) between the two devices are completed, the server device 36 to the portable device 35 perform encrypted communication as necessary.

As described above, according to the computing device and the computing system according to the embodiment of the present invention, the contents can be freely read by the portable device 35 having a low computing ability, but the contents must be read through legitimate means. Since the access-restricted memory 32 and the validity judging circuit 10 which cannot perform writing / rewriting are provided, information from the server device 36 whose validity has been proved to the memory 32 or an arithmetic operation is performed on the information. Alone can be recorded as input information from the legitimate device 36.

As described above, only the information (information based on the information) from the server device 36 is stored in the storage area (the memory body 8).
In this case, it is possible to replace the calculation that must be performed by the computing device (the portable device 35) with the device (the server device 36) whose validity has been confirmed.

In this case, since the contents of the memory body 8 can be written / rewritten only when authenticated by the validity judgment circuit 10, only reliable information is stored in the storage area (memory body 8). Therefore, the portable device 35 can safely use the stored information.

As described above, the self-challenge data is acquired by using the random numbers generated by the reliable and high-performance computing device 36. Therefore, even if the portable device 35 has a low computing capability, the random number can be obtained. A highly challenging challenge can be used as if it were data generated by itself.

In this embodiment, the data (challenge Ns-c) from the server device 36 is not stored in the access control type memory 32 as it is, but the data Ns-c
Is converted by the secret operation circuit 2 and the result R'cs is stored. However, since the original data Ns-c is data having high randomness, R'cs can be easily converted to data having high randomness even if the conversion by the secret operation circuit 2 is performed.

Therefore, even a device 35 having a low calculation ability can behave as if it were capable of performing a complicated calculation as if it had a higher capacity. This function is particularly effective when it is desired to use different data every time, such as random number data for device authentication.

In this embodiment, since the response based on the previously received challenge is stored after authentication, the data is generated in advance by a device which is to be a reliable device, and the trust confirmation is performed. Later, the data or data based on the data can be used for a device whose reliability has not been confirmed. By receiving data requiring complicated calculations in advance, it is possible to efficiently execute the request calculation.

(Second Embodiment of the Invention) In the first embodiment, a case will be described where an operation is performed on received data, temporarily stored in a register 6, and the register information is stored in an access-restricted memory 32. did. However, the present invention is not limited to such a form, and the validity judgment circuit 10
May be stored in the direct access restricted memory 32. In the present embodiment, this case will be described.

FIG. 3 is a diagram showing a configuration example of a computer and a computer system according to the second embodiment of the present invention.
Alternatively, the same parts as those in FIG. 2 are denoted by the same reference numerals, and the description thereof will be omitted. In the figure, a server device 36 'has the same configuration as that of the first embodiment except that a data generation circuit 46 is provided.

The portable device 3 as a computing device
5 'has the same configuration as that of the first embodiment except that the register 6 is deleted and the input to the data write line of the access-restricted memory 32 is changed from the register 6 to the data generation circuit 46. ing.

In the computer system configured as described above, the data generated by the data generation circuit 46 is written to the access-restricted memory 32 after the authentication of the server device 36 'instead of the output of the register 6 in FIG.

As described above, according to the computing device and the computing system according to the embodiment of the present invention, in addition to the provision of the same configuration as in the first embodiment, the access-restricted memory 32
Since the data writing to the server is the transmission data from the server device 36 'after the authentication, the data is not limited to the information used in the authentication process as in the first embodiment, and various data transmitted from the legitimate device can be used. Can write.

In this embodiment, the access-restricted memory 3
2 is not limited to information generated in the authentication stage, the information stored in the memory body 8 is not limited to random numbers, but may be any password, communication key, portable device specific key, etc. Data input can be obtained safely.

(Third Embodiment of the Invention) This embodiment is a modification of the first embodiment, and uses the response R'cs acquired in the access control type memory 32 as it is for the next challenge. , But as a seed for a random number that is a challenge.

FIG. 4 is a diagram showing an example of the configuration of a computer according to the third embodiment of the present invention. The same parts as those in FIG. 1 or FIG. Only the different parts will be described. In FIG.
6 is the same as in the first embodiment, and is not shown. The portable device 35 ″ includes a simple random number generator 13 that generates a random number using the output from the access-restriction-type memory 32 as a seed and transfers the random number to the server device 36 and the secret operation circuit 5, and is the same as the first embodiment. Since the simple random number generator 13 simply generates a random number, the calculation load is small.

The server device 36 to the portable device 3 in the computer system of the present embodiment configured as described above.
The processing of mutual authentication and key sharing between 5 ″ is the same as that of the first embodiment except for step 4) in the first embodiment. In the present embodiment, step 4) is as follows.

4) In the portable device 35 ", the data stored in the memory body 8 is read out, and the value is used as a seed for the random number Nc by the simple random number generator 12.
-S is generated. This random number Nc-s is transmitted to the server device 36 as a challenge, and is passed to the secret operation circuit 5.

As described above, according to the computer and the computer system according to the embodiment of the present invention, in addition to the provision of the same configuration as in the first embodiment, the simple random number generator 13 is provided, Is used as a seed for the random number generator 13, so that every time the authentication is successful, new data is stored in the memory body 8 as a seed. In the next authentication, the simple random number generator is used based on the seed. 12 can be reset to a different state.

In this embodiment, when the simple random number generator 13 is a random number generator capable of storing its state, for example, when data is written in the memory body 8, the data (seed) is used. Until the state of the simple random number generator 12 is reset at the same time, and the next data is written to the memory body 8, the simple random number generator 13 can be continuously driven without input of a new seed.

(Fourth Embodiment of the Invention) In each of the above-described embodiments, a portable device mainly having a low computing ability such as a memory card or an IC card is mainly intended. However, the present invention can be applied to a personal computer or the like having relatively high computational power. On the other hand, in the present embodiment, an IC card, a personal computer, or the like, that is, a computing device (client device) having a computing ability enough to operate application software is targeted.

The present embodiment prevents such a client device from recording data that is not allowed by the original rules, such as an unauthorized application or virus software, on the device. Therefore, the application target of the present embodiment is not limited to a computing device having a low computing ability.

FIG. 5 is a diagram showing a configuration example of a computer and a computer system according to the fourth embodiment of the present invention.
Alternatively, the same parts as those in FIG. 2 are denoted by the same reference numerals, and the description thereof will be omitted. This calculation system includes a server device 52 and a client device 51.
It is composed of

The server device 52 and the client device 51 are provided with any of the configurations shown in FIGS. 2 to 4 for performing authentication and key sharing, and the authentication and key exchange protocol 14 is performed by these configurations. It has become. Note that these configurations are specifically the parts except for the content storage unit 44, the encryption / decryption processing circuits 43 and 41, and the content storage unit 42 in FIGS. The configuration for realizing the authentication and key exchange protocol 14 may be a configuration other than the above, provided that the client device 51 includes the validity determination circuit 10.

The server device 52 includes the content storage section 44 in the server devices 36 and 36 'shown in FIGS.
An application storage unit 53 and an encryption circuit 15 are provided instead of the encryption / decryption processing circuit 43. The application storage unit 53 stores the application to be transmitted, and the encryption circuit 15 encrypts the application with the shared key (Ks) and transmits the encrypted application to the client device.

On the other hand, the client device 51
In the portable devices 35, 35 ', and 35 "shown in FIG. 4, instead of the content storage unit 42 and the encryption / decryption processing circuit 41, the decryption circuit 16, the decryption determination circuit 54, the application storage unit 55, and the application execution module 1
9 are provided.

The decryption circuit 16 converts the application encrypted and sent from the server device 52 into a shared key (Ks).
To decrypt.

The decryption determination circuit 54 determines the decryption by the decryption circuit 16, and outputs the decrypted application to the memory main unit 8 via the data write line 37 of the application storage unit 55 if the decryption is successful. If the decoding has failed, the process ends.

The application storage unit 55 is a recording device constituted by the access-limited memory 32 shown in FIG. In the present embodiment, the access-restricted memory 32
To store the application. Note that the client device side of the authentication and key exchange protocol 14 includes a validity determination circuit 10, and a signal for connecting the physical switch 9 is output when the authentication of the server device 52 is successful. ing.

The application execution module 19
The application read from the memory main body 8 of the application storage unit 55 is executed.

Next, the operation of the computer system according to this embodiment configured as described above will be described. Here, a part for writing the application received from the server device 52 into the application storage unit 55 will be described in detail.

1) First, the authentication and key exchange protocol 14 is executed between the server device 52 and the client device 51. This protocol 14 finally sets the key Ks between the two parties.
Any protocol can be used as long as it can be shared and can confirm that the authentication has succeeded (corresponding to the validity check output of the validity determination unit 10).

2) In the server device 52, the application stored in the application storage unit 53 is encrypted by the encryption circuit 15 using the shared key (Ks).
This encrypted data Eks [AP] is transmitted to the client device 5
1 is sent.

3) The decryption circuit 16 of the client device 51
, The data Eks [A
P] is decoded. Further, the generation of the shared key (Ks) is performed after the authentication of the server device 52, and after the authentication, the connection command of the physical switch 9 is output from the validity determination circuit 10 (Step 1 above). Therefore, writing to the memory 8 via the data writing line 37 is enabled, and when the application is correctly decoded, the application is written to the memory body 8.

If the application is not correctly decrypted, it is determined that data has been sent from a device other than the server device 52 that has been authenticated this time, and the process ends without writing the application in the memory body 8.

4) Memory body 8 of client device 51
Can be freely read out via the data readout line 38, and the application execution module can use it freely.
However, the contents of the memory body 8 cannot be rewritten. Also, unless the authentication and key exchange protocol 14 between the client device 51 and the client device 51 succeeds, other devices cannot rewrite the data in the memory 18, so that an unauthorized application is not written from an unauthorized device.

As described above, according to the computer apparatus and the computer system according to the embodiment of the present invention, in addition to the provision of the same configuration as that of the first embodiment, an access-restricted memory is provided in a data storage portion such as an application. 32, only the encrypted communication information from the partner whose authentication and key exchange have succeeded is stored, so that only the input information from a valid device can be reliably recorded.

As described above, the application storage unit 55
The application stored in the memory body 8 of the client device 5 has been proved to be correct.
2 can use the application with confidence.

The present invention is not limited to the above embodiments, but can be variously modified without departing from the scope of the invention. In addition, the embodiments may be implemented in appropriate combinations as much as possible, and in that case, the combined effects can be obtained.

Each circuit shown in each figure of the embodiment may be configured as a hardware circuit, or may be configured as software means such as program processing.

Further, in the embodiment, the physical switch 9 is provided on the data write line 37 in the access-restricted memory 32 so that writing cannot be performed in normal times, and by using this, a proper means must be used. This realizes a storage area in which data cannot be written. However, the present invention is not limited to the physical switch 9. For example, writing to the memory main body 8 may not be performed at normal times by signal control.

The method described in the embodiment can be implemented by a computer (computer) as a program (software means) such as a magnetic disk (floppy (registered trademark) disk, hard disk, etc.)
It can be stored in a storage medium such as an optical disk (CD-ROM, DVD, etc.), a semiconductor memory, or the like, and can also be transmitted and distributed via a communication medium. The program stored on the medium side includes a setting program for causing the computer to execute software means (including not only an execution program but also a table and a data structure) to be executed in the computer. A computer that realizes the present apparatus reads a program recorded in a storage medium, and in some cases, constructs software means by using a setting program, and executes the above-described processing by controlling the operation of the software means.

[0117]

As described above in detail, according to the present invention, it is possible to provide a computer, a computer system, and a recording medium which can record only input information from a valid device.

Further, according to the present invention, there is provided a computing device, a computer system and a recording medium which have a high computing capability and depend on the computing capability of a reliable device and which can safely use information calculated by the device. Can be provided.

[Brief description of the drawings]

FIG. 1 is a block diagram showing a schematic configuration example of a computing device according to a first embodiment of the present invention.

FIG. 2 is a diagram showing a configuration example of a computer system including a portable device and a server device to which the computer shown in FIG. 1 is applied.

FIG. 3 is a diagram showing a configuration example of a computing device and a computer system according to a second embodiment of the present invention.

FIG. 4 is a diagram showing a configuration example of a computing device according to a third embodiment of the present invention.

FIG. 5 is a diagram showing a configuration example of a computing device and a computer system according to a fourth embodiment of the present invention.

[Explanation of symbols]

 REFERENCE SIGNS LIST 1 random number generator 2 secret operation circuit 3 secret operation circuit 4 secret operation circuit 5 secret operation circuit 6 register 7 authentication circuit 8 memory body 9 physical switch 10 validity determination circuit 11 shared Key generation circuit 12 ... Shared key generation circuit 13 ... Simple random number generator 14 ... Authentication and key exchange protocol 15 ... Encryption circuit 16 ... Decryption circuit 19 ... Application execution module 31 ... Computing device 32 ... Access restricted type memory 35 ... Portable device 36 server device 37 data write line 38 data read line 41 encryption / decryption processing circuit 42 content storage unit 43 encryption / decryption processing circuit 44 content storage unit 46 data generation circuit 51 client device 52 server device 53: application storage unit 54: decryption determination circuit 55: application storage unit

──────────────────────────────────────────────────の Continued on the front page (51) Int.Cl. ⁷ Identification symbol FI Theme coat ゛ (Reference) H04L 9/32 H04L 9/00 675A 5B089 // G06F 19/00 G06F 15/30 330 5J104 F term (reference) 5B019 GA10 HB06 5B035 BB09 CA29 CA38 5B055 BB03 HA02 HA12 JJ00 KK05 5B058 CA27 KA31 KA35 5B085 AA01 AA08 AE00 BC02 5B089 GB02 KA17 KB13 KC58 5J104 AA01 AA07 JA03 NA07 NA40 NA06

Claims (12)

[Claims] 1. A storage unit which is in a data writable state only when a write permission signal is received, and a data received from the communication partner when the communication unit communicates with an external device and the communication partner is authenticated. Alternatively, a computing device comprising: a validity determining unit that outputs the write permission signal to the storage unit so that data based on the data can be written. 2. When data received in the past from an external device whose validity has been authenticated is a result of a calculation process, the data stored in the storage unit or data based on the data is calculated by itself. 2. The computing device according to claim 1, wherein the computing device uses the data as if it were data. 3. The data received from an external device whose authenticity has been authenticated in the past and stored in the storage unit in order to authenticate whether or not the external device to be communicated has legitimacy. 2. The computing device according to claim 1, wherein data based on said data is used. 4. A storage unit in which data can be written only when a write permission signal is received, and a process for writing data to the storage unit by a proper procedure or an external device is authenticated. And a validity judging unit that outputs the write permission signal to the storage unit only when the operation is performed. 5. The judgment of legitimacy according to the legitimate procedure,
5. The computing device according to claim 4, wherein communication is performed with an external device to determine whether the communication partner is authenticated. 6. The storage unit stores the data only when it is determined that the received data itself is received from an external device whose validity has already been authenticated. 6. The computing device according to claim 5, further comprising data determination means for writing and inputting the data to the computer. 7. A computing system including at least a first computing device and a second computing device, wherein the first computing device is in a data writable state only when receiving a write permission signal. A communication unit that communicates with the second computing device and, when its validity is authenticated, stores the data received from the second computing device or data based on the data so as to be writable. The second computing device communicates with the first computing device, and when the validity is authenticated, the second computing device A computer system comprising: means for transmitting data to be written to a storage unit of one of the computing devices or data serving as a basis of the write data to the first computing device. 8. When a communication is made with an external device and the validity of the communication partner is authenticated, a write permission signal is transmitted so that data received from the communication partner or data based on the data can be written. A computer-readable recording medium storing a program for causing a computer to function as a validity judging unit that outputs the write permission signal to a storage unit that is in a data writable state only when received. 9. When the data received in the past from an external device whose validity has been authenticated is the result of a calculation process, the data stored in the storage unit or the data based on the data is calculated by itself. 9. The recording medium according to claim 8, wherein a program for causing a computer to function is recorded as a means for causing the data to appear to be used. 10. In order to authenticate whether an external device to be communicated has legitimacy, the data is received from an external device whose legitimacy has been authenticated in the past, and the data stored in the storage unit. 9. The recording medium according to claim 8, wherein a program for causing a computer to function is recorded as a means for using data based on the data. 11. A process in which data is written to the storage unit by a valid procedure or an external device is in a data writable state only when the validity is authenticated and only when a write permission signal is received. A computer-readable recording medium on which a program for causing a computer to function is recorded as validity determining means for outputting the write permission signal to a storage unit. 12. The validity judging means makes a validity judgment by a valid procedure by communicating with an external device and determining whether or not the validity of the communication partner is authenticated. By determining the validity of
Only when it is determined that the data is received from an external device whose validity has already been authenticated, as data determination means for writing and inputting the data to the storage unit,
The computer-readable recording medium according to claim 11, on which a program for causing a computer to function is recorded.