JP2005018725A5 - - Google Patents
Download PDFInfo
- Publication number
- JP2005018725A5 JP2005018725A5 JP2003282663A JP2003282663A JP2005018725A5 JP 2005018725 A5 JP2005018725 A5 JP 2005018725A5 JP 2003282663 A JP2003282663 A JP 2003282663A JP 2003282663 A JP2003282663 A JP 2003282663A JP 2005018725 A5 JP2005018725 A5 JP 2005018725A5
- Authority
- JP
- Japan
- Prior art keywords
- program
- partial
- memory
- information
- execution
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Claims (25)
プログラムを、暗号化された複数の部分プログラムの集合の形で保持している記憶手段と、
前記部分プログラムの各々について、復号後の実行用メモリ空間における配置エリアを示すメモリ配置情報を読み込むメモリ配置情報読込手段と、
前記部分プログラムを順次読み出して復号する復号手段と、
前記復号手段によって復号された部分プログラムを、前記メモリ配置情報に従って前記実行用メモリ空間内の配置エリアに配置するロード手段と、を有し、
前記メモリ配置情報は、前記複数の部分プログラムのうち少なくとも1つについて、当該部分プログラムの少なくとも一部が、当該部分プログラムの復号より前に別の部分プログラムが配置されていた配置エリアに上書きされるような内容となっていること、
を特徴とする暗号化データ復号装置。 An encrypted data decryption device for decrypting a program stored in an encrypted form for execution on a computer system,
Storage means for holding the program in the form of a set of encrypted partial programs;
Memory arrangement information reading means for reading memory arrangement information indicating an arrangement area in the execution memory space after decoding for each of the partial programs;
Decoding means for sequentially reading and decoding the partial programs;
Loading means for placing the partial program decrypted by the decrypting means in a placement area in the execution memory space according to the memory placement information;
In the memory arrangement information, for at least one of the plurality of partial programs, at least a part of the partial program is overwritten on an arrangement area in which another partial program has been arranged before decoding of the partial program. It ’s like that,
An encrypted data decryption device characterized by the above.
前記ロード手段は、前記暗号化されたメモリ配置情報を復号した後、復号された部分プログラムを配置エリアに配置すること、
を特徴とする請求項1に記載の暗号化データ復号装置。 At least a part of the memory arrangement information is stored in an encrypted state;
The loading means, after decrypting the encrypted memory placement information, placing the decrypted partial program in a placement area;
The encrypted data decryption apparatus according to claim 1.
を特徴とする請求項1または2に記載の暗号化データ復号装置。 The loading means writes dummy data in an empty area of the arrangement area caused by a size difference when the partial program is arranged in the arrangement area and the size of the arrangement area is larger than the size of the partial program.
The encrypted data decryption apparatus according to claim 1, wherein:
を特徴とする請求項1乃至3のいずれかに記載の暗号化データ復号装置。 The loading means erases the partial program arranged in the arrangement area when the next partial program is not arranged in the arrangement area after the execution of the partial program arranged in the arrangement area is completed. thing,
The encrypted data decryption apparatus according to any one of claims 1 to 3.
を特徴とする請求項1乃至4のいずれかに記載の暗号化データ復号装置。 When decrypting the partial program, the decryption means obtains an encryption key that has been decrypted before that and is embedded in one or more other partial programs arranged in the execution memory space, Used to decrypt partial programs of
The encrypted data decryption apparatus according to any one of claims 1 to 4.
を特徴とする請求項1乃至5のいずれかに記載の暗号化データ復号装置。 The loading means dynamically determines an absolute address of the placement area prior to placement in the execution memory space of the partial program to be decoded first;
The encrypted data decryption apparatus according to claim 1, wherein:
前記ロード手段は、前記部分プログラムを配置した配置位置の情報を保持するメモリ管理情報保持部をさらに有し、
前記メモリ配置決定手段は、前記メモリ管理情報保持部が保持する情報に基づいて前記メモリ配置情報を生成すること、
を特徴とする請求項6に記載の暗号化データ復号装置。 A memory arrangement determining unit;
The loading unit further includes a memory management information holding unit that holds information on an arrangement position where the partial program is arranged,
The memory arrangement determination means generates the memory arrangement information based on information held by the memory management information holding unit;
The encrypted data decryption apparatus according to claim 6.
を特徴とする請求項7に記載の暗号化データ復号装置。 The memory allocation determining means generates the memory allocation information based on a random number generated each time execution is performed;
The encrypted data decryption apparatus according to claim 7.
前記メモリ配置決定手段は、前記順番の情報に基づいてメモリ配置情報を生成すること、
を特徴とする請求項7に記載の暗号化データ復号装置。 The memory management information holding unit further holds information of the order in which the loading means arranges the partial programs,
The memory arrangement determining means generates memory arrangement information based on the order information;
The encrypted data decryption apparatus according to claim 7.
前記復号支援プログラムの正当性を確認する復号プログラム確認手段をさらに有し、
前記復号手段は、復号に先立って、前記復号プログラム確認手段に前記復号支援プログラムの正当性確認を行わせ、正当性が認証された場合にのみ復号を行うこと、
を特徴とする請求項1乃至9のいずれかに記載の暗号化データ復号装置。 Decoding by the decoding means is performed using a decoding support program,
A decryption program confirmation means for confirming the validity of the decryption support program;
Prior to decryption, the decryption means causes the decryption program confirmation means to confirm the validity of the decryption support program, and performs decryption only when the validity is authenticated,
The encrypted data decryption apparatus according to claim 1, wherein:
を特徴とする請求項1乃至9のいずれかに記載の暗号化データ復号装置。 An unauthorized access preventing means for erasing a partial program arranged in the execution memory space as an unauthorized access preventing process when an interrupt is detected;
The encrypted data decryption apparatus according to claim 1, wherein:
を特徴とする請求項1乃至11のいずれかに記載の暗号化データ復号装置。 When an interrupt is detected, it is determined whether it is an intentionally generated interrupt. If it is not an intentionally generated interrupt, it is placed in the execution memory space as unauthorized access prevention processing. Further having an unauthorized access prevention means for erasing the already executed partial program,
The encrypted data decryption apparatus according to claim 1, wherein:
を特徴とする請求項11または12に記載の暗号化データ復号装置。 The unauthorized access preventing means executes a dummy program when executing the unauthorized access preventing process;
The encrypted data decryption apparatus according to claim 11 or 12, wherein:
前記復号手段は、格納位置情報認証手段によって格納位置情報が正当と判定された場合に、前記記憶手段から部分プログラムを読み出して復号すること、
を特徴とする請求項1乃至13のいずれかに記載の暗号化データ復号装置。 Storage position information authentication means for determining whether or not the storage position information indicating the storage position of the partial program in the storage means is valid;
The decoding means reads and decodes the partial program from the storage means when the storage position information authentication means determines that the storage position information is valid;
The encrypted data decryption apparatus according to claim 1, wherein:
記憶手段に保持されている部分プログラムの各々について、復号後の実行用メモリ空間におけるメモリ配置エリアを示すメモリ配置情報を読み込むメモリ配置情報読込ステップと、
前記部分プログラムを順次読み出して復号する復号ステップと、
前記復号ステップにおいて復号された部分プログラムを、前記メモリ配置情報に従って前記実行用メモリ空間内の配置エリアに配置するロードステップと、を有し、
前記メモリ配置情報は、前記複数の部分プログラムのうち少なくとも1つについて、当該部分プログラムの少なくとも一部が、当該部分プログラムの復号より前に別の部分プログラムが配置されていた配置エリアに上書きされるような内容となっていること、
を有することを特徴とする暗号化データ復号方法。 An encrypted data decryption method for decrypting a program stored in an encrypted form for execution on a computer system,
For each of the partial programs held in the storage means, a memory arrangement information reading step for reading memory arrangement information indicating a memory arrangement area in the execution memory space after decoding;
A decoding step of sequentially reading and decoding the partial programs;
Loading the partial program decoded in the decoding step in a placement area in the execution memory space according to the memory placement information, and
In the memory arrangement information, for at least one of the plurality of partial programs, at least a part of the partial program is overwritten on an arrangement area in which another partial program has been arranged before decoding of the partial program. It ’s like that,
A method for decrypting encrypted data, comprising:
前記暗号化データ復号装置が、
記憶手段に保持されている部分プログラムの各々について、復号後の実行用メモリ空間におけるメモリ配置エリアを示すメモリ配置情報を読み込むメモリ配置情報読込手段と、
前記記憶手段に保持されている前記部分プログラムを順次読み出して復号する復号手段と、
前記復号手段によって復号された部分プログラムを、前記メモリ配置情報に従って前記実行用メモリ空間内の配置エリアに配置するロード手段と、を有し、
前記メモリ配置情報は、前記複数の部分プログラムのうち少なくとも1つについて、当該部分プログラムの少なくとも一部が、当該部分プログラムの復号より前に別の部分プログラムが配置されていた配置エリアに上書きされるような内容となっていること、
を特徴とするプログラム。 A program for operating a computer as an encrypted data decryption device for decrypting a program stored in an encrypted form for execution on a computer system,
The encrypted data decryption device comprises:
Memory allocation information reading means for reading memory allocation information indicating a memory allocation area in the execution memory space after decoding for each of the partial programs held in the storage means;
Decoding means for sequentially reading and decoding the partial programs held in the storage means;
Loading means for placing the partial program decrypted by the decrypting means in a placement area in the execution memory space according to the memory placement information;
In the memory arrangement information, for at least one of the plurality of partial programs, at least a part of the partial program is overwritten on an arrangement area in which another partial program has been arranged before decoding of the partial program. It ’s like that,
A program characterized by
プログラムを実行用メモリ空間に配置され実行される部分プログラムの単位で分割するプログラム分割手段と、
前記プログラムを分割された複数の部分プログラムの集合の形で暗号化するプログラム暗号化手段と、
前記プログラム暗号化手段が暗号化した複数の部分プログラムの各々について、復号後に配置される前記実行用メモリ空間における配置エリアを示すメモリ配置情報を生成するメモリ配置情報生成手段と、を有し、
前記メモリ配置情報は、前記複数の部分プログラムのうち少なくとも1つについて、当該部分プログラムの少なくとも一部が、当該部分プログラムの復号より前に別の部分プログラムが配置されていた配置エリアに上書きされるような内容となっていること、
を特徴とする暗号化プログラム生成装置。 An encryption program generation device that encrypts a program on the premise of execution on a computer system,
A program dividing means for dividing the program into units of partial programs arranged and executed in the execution memory space;
Program encryption means for encrypting the program in the form of a set of a plurality of divided partial programs;
Memory allocation information generating means for generating memory allocation information indicating an allocation area in the execution memory space allocated after decryption for each of the plurality of partial programs encrypted by the program encryption means,
In the memory arrangement information, for at least one of the plurality of partial programs, at least a part of the partial program is overwritten on an arrangement area in which another partial program has been arranged before decoding of the partial program. It ’s like that,
An encryption program generation device characterized by the above.
を特徴とする請求項17に記載の暗号化プログラム生成装置。 The program dividing means embeds information used for the decoding process of another partial program into at least one of the plurality of partial programs, and when the partial program is decoded, The information embedded in the partial program is used,
The encryption program generation device according to claim 17.
を特徴とする請求項17または18に記載の暗号化プログラム生成装置。 The information used for the decryption process of the partial program is a part or all of the encryption key used for the decryption process of another partial program,
The encryption program generation apparatus according to claim 17 or 18, characterized by the above.
を特徴とする請求項18または19に記載の暗号化プログラム生成装置。 The information used for the decryption process of the partial program is an encryption key generation program for generating a part or all of the encryption key used for the decryption process of another partial program,
20. The encryption program generation device according to claim 18 or 19, characterized in that:
部分プログラムの復号処理は、それ以前に復号されて前記実行用メモリ空間に配置されている他の部分プログラムから取得される鍵用暗号鍵を用いて復号された暗号鍵を用いて行われること、
を特徴とする請求項18または19のいずれかに記載の暗号化プログラム生成装置。 The information used for the decryption process of the partial program is a key encryption key for decrypting an encryption key used for the decryption process of another partial program,
The decryption process of the partial program is performed using an encryption key that has been decrypted using a key encryption key that has been previously decrypted and obtained from another partial program that is arranged in the execution memory space;
20. The encryption program generation device according to claim 18 or 19, characterized in that:
を特徴とする請求項17乃至21のいずれかに記載の暗号化プログラム生成装置。 The memory arrangement information generating means dynamically determines an absolute address of the arrangement area prior to arrangement in the execution memory space of the partial program to be decoded first;
The encrypted program generation device according to any one of claims 17 to 21.
を特徴とする請求項17乃至22のいずれかに記載の暗号化プログラム生成装置。 The memory allocation information generating means generates the memory allocation information based on a random number generated each time it is executed;
The encrypted program generation device according to any one of claims 17 to 22.
プログラムを実行用メモリ空間に配置され実行される部分プログラムの単位で分割するプログラム分割ステップと、
前記プログラムを分割された複数の部分プログラムの集合の形で暗号化するプログラム暗号化ステップと、
前記プログラム暗号化ステップにおいて暗号化された複数の部分プログラムの各々について、復号後に配置される前記実行用メモリ空間における配置エリアを示すメモリ配置情報を生成するメモリ配置情報生成ステップと、を有し、
前記メモリ配置情報は、前記複数の部分プログラムのうち少なくとも1つについて、当該部分プログラムの少なくとも一部が、当該部分プログラムの復号より前に別の部分プログラムが配置されていた配置エリアに上書きされるような内容となっていること、
を特徴とする暗号化プログラム生成方法。 An encryption program generation method for encrypting a program on the premise of execution on a computer system,
A program dividing step for dividing the program into units of partial programs arranged and executed in the execution memory space;
A program encryption step for encrypting the program in the form of a set of a plurality of divided partial programs;
A memory allocation information generating step for generating memory allocation information indicating an allocation area in the execution memory space allocated after decryption for each of the plurality of partial programs encrypted in the program encryption step;
In the memory arrangement information, for at least one of the plurality of partial programs, at least a part of the partial program is overwritten on an arrangement area in which another partial program has been arranged before decoding of the partial program. It ’s like that,
An encryption program generation method characterized by the above.
前記暗号化プログラム生成装置が、
プログラムを実行用メモリ空間に配置され実行される部分プログラムの単位で分割するプログラム分割手段と、
前記プログラムを分割された複数の部分プログラムの集合の形で暗号化するプログラム暗号化手段と、
前記プログラム暗号化手段が暗号化した複数の部分プログラムの各々について、復号後に配置される前記実行用メモリ空間における配置エリアを示すメモリ配置情報を生成するメモリ配置情報生成手段と、を有し、
前記メモリ配置情報は、前記複数の部分プログラムのうち少なくとも1つについて、当該部分プログラムの少なくとも一部が、当該部分プログラムの復号より前に別の部分プログラムが配置されていた配置エリアに上書きされるような内容となっていること、
を特徴とするプログラム。 A program for operating a computer as an encrypted program generation device that encrypts a program on the premise of execution on a computer system,
The encryption program generating device is
A program dividing means for dividing the program into units of partial programs arranged and executed in the execution memory space;
Program encryption means for encrypting the program in the form of a set of a plurality of divided partial programs;
Memory allocation information generating means for generating memory allocation information indicating an allocation area in the execution memory space allocated after decryption for each of the plurality of partial programs encrypted by the program encryption means,
In the memory arrangement information, for at least one of the plurality of partial programs, at least a part of the partial program is overwritten on an arrangement area in which another partial program has been arranged before decoding of the partial program. It ’s like that,
A program characterized by
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2003282663A JP4475894B2 (en) | 2002-08-01 | 2003-07-30 | Device for decrypting encrypted data and placing it in execution memory space, and method thereof |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2002225289 | 2002-08-01 | ||
JP2002359072 | 2002-12-11 | ||
JP2003157255 | 2003-06-02 | ||
JP2003282663A JP4475894B2 (en) | 2002-08-01 | 2003-07-30 | Device for decrypting encrypted data and placing it in execution memory space, and method thereof |
Publications (3)
Publication Number | Publication Date |
---|---|
JP2005018725A JP2005018725A (en) | 2005-01-20 |
JP2005018725A5 true JP2005018725A5 (en) | 2007-11-22 |
JP4475894B2 JP4475894B2 (en) | 2010-06-09 |
Family
ID=34199126
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2003282663A Expired - Lifetime JP4475894B2 (en) | 2002-08-01 | 2003-07-30 | Device for decrypting encrypted data and placing it in execution memory space, and method thereof |
Country Status (1)
Country | Link |
---|---|
JP (1) | JP4475894B2 (en) |
Families Citing this family (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1871568B (en) | 2003-08-26 | 2010-04-28 | 松下电器产业株式会社 | Program execution device |
JP4548025B2 (en) * | 2004-07-14 | 2010-09-22 | ソニー株式会社 | Information processing apparatus, information processing method, and program |
JP2006238154A (en) * | 2005-02-25 | 2006-09-07 | Sony Corp | Data processing method |
JP4840782B2 (en) | 2005-03-25 | 2011-12-21 | パナソニック株式会社 | Program conversion device, secure processing device, computer program, and recording medium |
JP2006303963A (en) | 2005-04-21 | 2006-11-02 | Internatl Business Mach Corp <Ibm> | System, method, and program for managing information |
US7953985B2 (en) | 2005-05-09 | 2011-05-31 | Panasonic Corporation | Memory card, application program holding method, and holding program |
KR20080013940A (en) | 2005-06-01 | 2008-02-13 | 마츠시타 덴끼 산교 가부시키가이샤 | Electronic device, update server device, key update device |
JP4631658B2 (en) | 2005-11-09 | 2011-02-16 | ソニー株式会社 | Digital broadcast receiving system and digital broadcast receiving apparatus |
JP4048382B1 (en) | 2006-09-01 | 2008-02-20 | 富士ゼロックス株式会社 | Information processing system and program |
JP5178500B2 (en) * | 2008-12-26 | 2013-04-10 | 三菱電機株式会社 | Data processing apparatus and data processing method |
JP2010217975A (en) * | 2009-03-13 | 2010-09-30 | Nec System Technologies Ltd | Information processor, application program, and method for executing application program |
EP2430584B1 (en) * | 2009-05-06 | 2019-11-13 | Irdeto B.V. | Interlocked binary protection using whitebox cryptography |
JP5644194B2 (en) * | 2010-06-10 | 2014-12-24 | 株式会社リコー | Information protection device and information protection program |
JP5775738B2 (en) | 2011-04-28 | 2015-09-09 | 富士通株式会社 | Information processing apparatus, secure module, information processing method, and information processing program |
JP5839659B2 (en) * | 2011-06-20 | 2016-01-06 | ルネサスエレクトロニクス株式会社 | Semiconductor device |
JP5988473B2 (en) * | 2011-09-20 | 2016-09-07 | 株式会社Dnpハイパーテック | Module encryption / decryption program |
JP2013250739A (en) * | 2012-05-31 | 2013-12-12 | Fujitsu Ltd | Information processor, information processing method and program |
JP5574550B2 (en) * | 2012-11-22 | 2014-08-20 | 京セラドキュメントソリューションズ株式会社 | Information concealment method and information concealment device |
JP6343869B2 (en) * | 2013-02-20 | 2018-06-20 | 凸版印刷株式会社 | Portable terminal device and decryption processing program |
JP6322961B2 (en) * | 2013-11-07 | 2018-05-16 | 大日本印刷株式会社 | Application program and execution method thereof |
US9607178B2 (en) * | 2014-03-20 | 2017-03-28 | Qualcomm Incorporated | Protection against key tampering |
KR101566145B1 (en) * | 2014-10-23 | 2015-11-06 | 숭실대학교산학협력단 | Mobile device and method operating the mobile device |
JP5986279B2 (en) * | 2015-08-28 | 2016-09-06 | ルネサスエレクトロニクス株式会社 | Semiconductor device |
JP2016028334A (en) * | 2015-09-25 | 2016-02-25 | 株式会社Dnpハイパーテック | Encryption/decryption program of module |
JP6374453B2 (en) * | 2016-08-08 | 2018-08-15 | 株式会社Dnpハイパーテック | Module encryption / decryption program |
JP6374454B2 (en) * | 2016-08-08 | 2018-08-15 | 株式会社Dnpハイパーテック | Module encryption / decryption program |
JP7348701B2 (en) * | 2019-05-03 | 2023-09-21 | ライン プラス コーポレーション | Methods and systems for loading executable images into memory |
JP7056785B1 (en) * | 2021-03-26 | 2022-04-19 | 三菱電機株式会社 | Management system and program |
-
2003
- 2003-07-30 JP JP2003282663A patent/JP4475894B2/en not_active Expired - Lifetime
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP2005018725A5 (en) | ||
JP6046360B2 (en) | Sensitive data encryption and storage | |
EP2777213B1 (en) | Authenticator | |
CN101231622B (en) | Data storage method and equipment base on flash memory, as well as data fetch method and apparatu | |
KR100792287B1 (en) | Method for security and the security apparatus thereof | |
WO2004013744A3 (en) | Apparatuses and methods for decrypting encrypted blocks of data and locating the decrypted blocks of data in memory space used for execution | |
CN1329787C (en) | Method of preventing firmware piracy | |
JP2003198534A (en) | Apparatus for encrypting data and method thereof | |
US9047445B2 (en) | Memory device and method for updating a security module | |
CN105450620A (en) | Information processing method and device | |
EP2579178A1 (en) | Controller, control method, computer program, program recording medium, recording apparatus, and method of manufacturing recording apparatus | |
JP2006277411A (en) | Processor, memory, computer system and data transfer method | |
US20140047240A1 (en) | Data recording device, and method of processing data recording device | |
JP2009104445A (en) | Data management device, data management system, and program | |
CN107832589A (en) | Software copyright protecting method and its system | |
CN101169971A (en) | Electronic hard disk | |
CN109344656B (en) | Database data encryption/decryption method, device and equipment | |
JP2006293516A (en) | Bus access control unit | |
CN103246852A (en) | Enciphered data access method and device | |
US9003201B2 (en) | Hardware protection for encrypted strings and protection of security parameters | |
KR101405915B1 (en) | Method for writing data by encryption and reading the data thereof | |
CN100464341C (en) | Generation and management method for digital content use trace based on reliable computing technology | |
JP4592337B2 (en) | Data storage | |
KR100857760B1 (en) | A method and device to store secret key in flash memory | |
CN116090031B (en) | Firmware encryption method based on UUID of chip |