JPH096608A - Software protection system - Google Patents

Abstract

PURPOSE: To reduce the number or digits or data, especially, a random value on a communication line at the time of using the communication line to acquire the execution right of software. CONSTITUTION: A software executer 101 generates the executer ID and order information and sends them to an order manager 102 to order the software. The order manager 102 generates an execution right generation password, which is information dependent upon received order information and executer secret information corresponding to the executer ID, and sends it to the software executer 101. The software executer 101 discriminates whether this execution right generation password matches with order information sent to the order manager 102 before and its own executer secret information or not; and if it matches, the software executer 101 generates the execution right of software corresponding to order information to execute this software.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a software protection system, and more specifically, to distributing software in an inactive state and activating the software using a communication path such as a telephone. It relates to a software protection system that acquires rights.

[0002]

2. Description of the Related Art In recent years, various multimedia devices have been developed and many paid multimedia software such as games and educational software have been sold.
However, the protection of the software is incomplete, and there is a lot of illegally copied software. In order to prevent such illegal copying, there are regulations such as patent law and copyright law, but at the same time, there is a strong demand for software protection in terms of mechanism.

For example, there is a method of making a recording medium for storing software, such as a floppy disk, a special format so that copying cannot be performed by a copy function provided by an OS (operating system). . However, even with such a method, in many cases, duplication is possible by using a copy tool of the type that makes a copy bit by bit. In addition, for a legitimate user, the inconvenience that backup cannot be made occurs.

Further, a method of encrypting software to prevent copy is proposed. In this method, the software is encrypted and distributed to users in an inactive state. Then, according to a user's order, an execution right (an encrypted file key in the following conventional example) for activating the software on a specific device is distributed. Since this execution right is information that depends on a specific device, it cannot be used to activate the same software in another device. This method is disclosed in, for example, Japanese Patent Publication No. 2-60007. FIG. 6 shows the configuration. Note that this FIG.
Is a diagram in which the parts necessary for explanation are taken out from FIGS.

In FIG. 6, the software protection system includes a software executor 601 for executing software.
And an order management unit 602 that distributes software to the software execution unit 601.

The software execution unit 601 includes an encrypted software storage unit 603, an order creation unit 604, an execution unit ID storage unit 605, and an encryption key storage unit for storing a unique execution unit encryption key corresponding to the execution unit ID. 606 and order manager 6
The encrypted file key storage unit 607 for storing the encrypted file key received from 02, the encrypted file key decryption unit 608 for decrypting the encrypted file key with the execution device encryption key to obtain the file key, and the file key And a software decryption execution unit 609 that decrypts and executes encrypted software using the software. The software execution unit 601 having such a configuration
Notifies the order management unit 602 of the order in the order creation unit 604 and the execution unit ID, and requests an encrypted file key for executing the encryption software.

The order manager 602 includes a file key storage unit 6 that stores the file keys of all software.
10, an execution unit encryption key storage unit 611 storing execution unit encryption keys of all software execution units, and an encrypted file for encrypting a file key with a specified execution unit encryption key to generate an encrypted file key. And a key generation unit 612. The order management unit 602 having such a configuration retrieves the file key of the software specified by the software execution unit 601 from the file key storage unit 610, and also outputs the encryption key corresponding to the execution unit ID from the execution unit encryption key storage unit 611. Take it out.

Next, the operation of the conventional software protection system shown in FIG. 6 will be described. The encrypted software is the original software encrypted with a file key unique to the software. A plurality of pieces of this encrypted software are stored in advance in a recording medium such as a CD-ROM and distributed to the software execution unit 601.
The distributed encrypted software is stored in the encrypted software storage unit 603. Cryptographic software is inactive software that cannot be executed by itself. If you want to execute, order creation unit 604
Specify the software ID of the order, and specify the ID stored in the execution device ID storage unit 605 to the order manager 6
02 to place an order. Note that this order is practically made using a telephone or the like.

In the order manager 602, the file key storage unit 610 stores the file keys of all the software using the software ID as an index. The execution unit encryption key storage unit 611 stores and manages all execution unit encryption keys using the execution unit ID as an index. And
Order manager 6 that has received an order from the software execution unit 601
02 acquires the file key of the ordered software from the file key storage unit 610, and the encryption file key generation unit 612 encrypts this file key with the encryption key of the relevant execution unit to create an encrypted file key. . Then, this encrypted file key is used by the software execution unit 6
Notify 01.

Upon receiving the encrypted file key, the software execution unit 100 stores it in the encrypted file key storage unit 107.
Stored in. Then, when executing the software, the encrypted file key decryption unit 108 decrypts the encrypted file key stored in the encrypted file key storage unit 107 with its own encryption key stored in the execution unit encryption key storage unit 106. To get the file key. Soft decryption execution unit 1
09 decrypts the encrypted software with the file key obtained by the encrypted file key decryption unit 108, and executes the software. Since the encrypted file key is valid only for the execution unit, it cannot be used even if the encrypted file key is acquired by another person from the communication path or the storage unit.

[0011]

However, in the conventional software protection system as described above, it is assumed that the ordering of the software and the receipt of the encrypted file key are all carried out via the telephone, which will be described below. As you can see, the amount of information that can be transmitted over the phone is so large that it becomes impractical.

First, the bit numbers of the file key and the executor encryption key will be described. The file key is a key for encrypting the original software. The execution device encryption key is a key for encrypting this file key,
By the way, a secret key block cipher is generally used for the encryption here. As the private key block cipher, DES (D
ata Encryption Standard),
FEAL (Fast data) developed in Japan after that
Encipherment Algorithm) and the like. Regardless of which of these encryption methods is used, the number of bits in the key is 64 to ensure security.
The current recognition is that a bit is needed.
Therefore, each of the file key and the execution device encryption key is data of about 64 bits. Regarding DES, FIP PUB 46, NBS Jan. , 197
7. For FEAL, A. Shimizu &
S. Miyaguchi: "Fast Data En
cipherment Algorithm FEA
L ", Advances in Cryptolog
y-EUROCRYPT'87, Springer Bookstore, respectively.

Next, the number of bits of the encrypted file key will be described. The encrypted file key is the file key encrypted with the execution device encryption key. As described above, since the file key and the execution device encryption key require about 64 bits, this encryption file key also needs to be 64 bits.
It becomes a value of about a bit. If 64 bits are represented by a decimal number, for example, there are about 20 digits. By the way, the encrypted file key is verbally transmitted by telephone from the operator who operates the order management unit 602 to the user who operates the software execution unit 601. Further, the operator of the soft executor 601 needs to input the transmitted encrypted file key to the soft executor 601. However, with such a long digit,
The possibility of making a mistake in making a mistake, making a mistake in making a mistake, and making a mistake in making an input becomes very large, which causes a practical problem.

On the contrary, if the number of digits of the encrypted file key is reduced in consideration of the above practicality, the number of bits of the file key and the execution encryption key is reduced accordingly, and the security is lowered.

Further, in the above conventional example, one encrypted file key corresponds to one software order. Therefore, for N software orders, the amount of information to be transmitted is N times.

[0016] In the above-mentioned conventional example, after the encrypted file key for the software is once acquired, the software can be executed any number of times, that is, the "execution right purchase type". However, depending on the type of software, it may be more convenient to pay a fee according to the amount of software used. In this form, for example, it is possible to execute a predetermined number of times by using the execution right received from the order manager.

The first object of the present invention is to reduce the amount of information between the software execution unit and the order management unit without degrading the security (for example, without reducing the bit number of the encryption key). It is to provide a software protection system that can do.

A second object of the present invention is that the amount of information between the software executor and the order manager does not depend on the number of pieces of software to be ordered (that is, the amount of information when ordering N pieces of software is It is the same as the amount of information when ordering one piece of software).

A third object of the present invention is to provide a software protection system that flexibly responds to execution rights with conditions such as a limited number of times.

[0020]

The invention according to claim 1 is
One or more soft executors that execute the provided software and are connected to each soft executor via a communication path,
A software protection system including an order management unit that manages software orders received from each software execution unit, wherein each software execution unit includes an execution unit ID storage unit that stores a unique execution unit ID, and a unique execution unit ID storage unit. Of the execution unit secret information, and an order creation unit for creating and storing the order information of the execution right of one or more software, and the execution unit ID and the order information are: The order management unit is sent via the communication path to the order management unit, and the order management unit stores second execution secret information storing means for storing all execution unit secret information stored in each software execution unit, and the execution received from the software execution unit. The execution device secret information corresponding to the execution device ID is acquired from the second secret information storage means, and the execution right generation password depends on the acquired execution device secret information and the order information received from the software execution device. And the execution right generation password is transmitted to the software execution unit via the communication path, and each software execution unit further stores the order information stored and held in the order creation unit, An execution right generation password checking means for checking the validity of the execution right generation password received from the order management device using the execution device secret information stored in the first secret information storage means, and an execution right generation password checking means When the validity of the execution right generation password is confirmed as a result of the inspection by the, the execution right generation means for generating the execution right of the ordered software based on the order information accumulated and held in the order generation means, and the execution Software execution means for executing the software for which the right exists according to the execution condition indicated by the execution right.

According to a second aspect of the present invention, in the first aspect of the invention, the execution right generation password generation means has the order information received from the software execution device and the execution device secret information acquired from the second secret information storage means. Is input to the data compression function whose output is related to all of the input bits, and the output result of this data compression function is output as the execution right generation password. The order information stored and held and the execution device secret information stored in the first secret information storage means are input to the same data compression function as the data compression function used in the execution right generation password generation means, and the output thereof. When the result matches the execution right generation password received from the order management device, the execution right generation password is determined to be valid.

According to a third aspect of the present invention, in the first aspect of the invention, the order management device further includes third secret information storage means for storing secret information used in the public key signature system, and the execution right generation password. The generation unit uses the secret information stored in the third secret information storage unit, the execution unit secret information acquired from the second secret information storage unit, and the order information received from the software execution unit to generate a public key signature. The execution right generation password digitally signed by the method, and the software execution unit further includes public information storage means for storing public information corresponding to secret information used in the public key signature method, and the execution right generation password checking means. Is the public information stored in the public information storage means, the order information accumulated and held in the order creation means, and the execution unit secret information stored in the first secret information storage means. Used, the signature verification system corresponding to the public key signature scheme, characterized in that checking the validity of the execution right generated password received from the order management device.

According to a fourth aspect of the present invention, one or more software execution units that execute the provided software, and software that is connected to each software execution unit via a communication path and is received from each software execution unit. A software protection system including an order manager that manages orders, wherein each software executor stores an executor ID storage unit that stores a unique executor ID, and a first executor secret information. Secret information storing means, order creating means for creating and accumulating and storing order information of one or more software execution rights, and generating a change value that changes every time the order creating means creates order information. And a change value generating means for storing and holding, and an executor I
D, the order information and the change value are sent to the order manager via the communication channel, and the order manager stores the second secret information storage means for storing all the secret information of the execution units stored in each software execution unit. And the execution device secret information corresponding to the execution device ID received from the software execution device, is acquired from the second secret information storage means, and the acquired execution device secret information, the order information received from the software execution device, and the change value are obtained. And an execution right generation password generating means for generating a dependent execution right generation password, and the execution right generation password is sent to the software execution device via the communication path, and each software execution device further stores and holds it in the order creation means. The execution right received from the order management unit using the ordered information, the change value accumulated and held in the change value generation unit, and the execution unit secret information stored in the first secret information storage unit. Order information stored and held in the order creating means when the validity of the execution right generation password is confirmed as a result of the inspection by the execution right generation password checking means for checking the validity of the password and the execution right generation password checking means. The execution right generating means for generating the execution right of the ordered software based on the above, and the software execution means for executing the software having the execution right according to the execution condition indicated by the execution right.

According to a fifth aspect of the invention, in the invention of the fourth aspect, the execution right generation password generation means obtains the order information and the change value received from the software execution device, and the execution obtained from the second secret information storage means. The device secret information is input to a data compression function whose output is related to all of the input bits, and the output result of this data compression function is output as an execution right generation password. The order information stored and held in the creating means, the change value stored and held in the change value generating means, and the executor secret information stored in the first secret information storing means are used in the execution right generating password generating means. Input to the same data compression function as the existing data compression function, and when the output result matches the execution right generation password received from the order manager, the execution right generation path It is over de characterized in that it is determined that the legitimate.

According to a sixth aspect of the present invention, one or more software execution units that execute the provided software, and software that is connected to each software execution unit via a communication path and received from each software execution unit. A software protection system including an order manager that manages orders, wherein each software executor stores an executor ID storage unit that stores a unique executor ID, and a first executor secret information. Secret information storage means, an order creation means for creating and storing the order information of the execution right of one or more software, and a time stamp for creating and storing the order information every time the order creation means creates the order information. The execution unit ID and the order information are sent to the order management unit via the communication channel, and the order management unit sends the execution unit ID and the execution unit ID from the software execution unit. When the sentence information is received, second time stamp generating means for generating a time stamp, second secret information storing means for storing secret information of all the execution units stored in each software execution unit, and the software execution unit The execution device secret information corresponding to the received execution device ID is acquired from the second secret information storage means, and the acquired execution device secret information, the order information received from the software execution device, and the second time stamp generation means. The execution right generation password includes an execution right generation password generation means for generating an execution right generation password dependent on the time stamp generated in
Each software execution unit is sent to the software execution unit via the communication path, and each software execution unit further stores the order information stored in the order creating unit, the time stamp stored in the first time stamp generating unit, and the first time stamp. Execution right generation password checking means for checking the validity of the execution right generation password received from the order management device by using the execution device secret information stored in the secret information storage means, and the inspection by the execution right generation password checking means. As a result, when the validity of the execution right generation password is confirmed, there is the execution right generation means for generating the execution right of the ordered software based on the order information stored and held in the order creation means, and the execution right exists. Software executing means for executing the software to be executed according to the execution condition indicated by the execution right.

According to a seventh aspect of the present invention, one or more software executors for executing the provided software, and software connected to each software executor via a communication path and received from each software executor. A software protection system including an order manager that manages orders, wherein each software executor stores an executor ID storage unit that stores a unique executor ID, and a first executor secret information. Secret information storage means, order creation means for creating and storing the order information of the execution right of one or more software, and order authentication information depending on the order information and the secret information of the execution device for storing and holding. Executor I including an order authentication information generation means
D, the order information and the order authentication information are sent to the order manager via the communication channel, and the order manager stores the second secret information storage for storing all the secret information of the execution units stored in each software execution unit. Means and executor I received from the soft executor
The execution device secret information corresponding to D is acquired from the second secret information storage means, and the execution device secret information, the order information and the order authentication information received from the software execution device are used, and the software execution device and the order information are acquired. Authentication is performed, and when this authentication result is valid, only if the execution result authenticator that treats the order authentication information as order identification information for identifying an order and the authentication result in the execution device authentication means are valid. And an execution right generation password generating means for generating an execution right generation password depending on the order information and the order identification information. The execution right generation password is sent together with the order identification information to the software execution device via the communication path. The software execution unit further uses the order information accumulated and held in the order creating means and the order authentication information accumulated and held in the order authentication information generating means to execute the order management. Execution right generation password checking means for checking the validity of the execution right generation password received from the container and the order creation means when the validity of the execution right generation password is confirmed as a result of the inspection by the execution right generation password checking means. An execution right generating means for generating an execution right of the ordered software based on the order information stored and stored in the software; and a software execution means for executing the software having the execution right according to the execution condition indicated by the execution right. Is included.

The invention according to claim 8 is the invention according to claim 7, wherein the order authentication information generating means has the order information created by the order creating means and the execution unit secret stored in the first secret information storing means. Input the information and to a data compression function whose output is related to all of the input bits, and output the output result of this data compression function as order authentication information,
The executor authenticating means uses the secret information of the executor acquired from the second secret information storing means and the order information received from the software executor, the same data compressing function as the data compressing function used in the order certifying information generating means. When the output result of this data compression function matches the order authentication information received from the software execution unit, it is authenticated that the software execution unit that placed the order and the order information are valid, and the execution right generation password The generation means inputs the order information and the order identification information received from the software execution unit into the same data compression function as the data compression function used in the order authentication information generation means,
The output result of this data compression function is output as an execution right generation password, and the execution right generation password checking means stores the order information accumulated and held in the order creating means and the order authentication information accumulated and held in the order authentication information generating means. Is input to the same data compression function as the data compression function used in the order authentication information generation means, and when the output result matches the execution right generation password received from the order manager, the execution right generation password is valid. It is characterized by determining that

According to a ninth aspect of the present invention, one or more software executing units that execute the provided software and software connected to each software executing unit via a communication path and received from each software executing unit are provided. A software protection system including an order manager that manages orders, wherein each software executor stores an executor ID storage unit that stores a unique executor ID, and a first executor secret information. Secret information storage means, order creating means for creating and storing order information of execution rights of one or more software, and changing each time the order information is created by the order creating means, a predetermined data structure or Change value generating means for generating and storing a change value having a meaning, and a value dependent on the order information and the execution device secret information, and by converting the change value by the calculated value, An order authentication information generation means for generating and accumulating and storing the statement authentication information, and the execution unit ID, the order information and the order authentication information are sent to the order management unit via a communication path, and the order management unit controls each software. The second secret information storage means for storing all the secret information of the execution unit stored in the execution unit, and the secret information of the execution unit corresponding to the execution unit ID received from the software execution unit are obtained from the second secret information storage unit. Then
A value that depends on the acquired secret information of the execution unit and the order information from the software execution unit is obtained, and using this value, the inverse conversion unit that reversely converts the order authentication information from the software execution unit and the output of the inverse conversion unit Order has the same data structure or meaning as the change value, only if the execution unit authentication means that authenticates that the software execution unit and order information are valid and the authentication result by the execution unit authentication unit are valid And an execution right generation password generation means for generating an execution right generation password depending on information, and the execution right generation password is sent to the software execution device via the communication path, and each software execution device further transmits to the order creation means. Order information stored and held,
Using the order authentication information stored and stored in the order authentication information generating means, the execution right generating password checking means for checking the validity of the execution right generating password received from the order manager and the inspection by the execution right generating password checking means As a result of
When the validity of the execution right generation password is confirmed, the execution right generation means for generating the execution right of the ordered software based on the order information accumulated and held in the order generation means, and the software for which the execution right exists Is executed according to the execution condition indicated by the execution right.

According to a tenth aspect of the invention, in the invention of the ninth aspect, the order authentication information generating means includes the order information created by the order creating means and the execution unit secret stored in the first secret information storing means. The information is input to a data compression function whose output is related to all of the input bits, the exclusive OR of the output result and the change value is output as order authentication information, and the inverse conversion means executes software execution. The order information from the device and the execution device secret information acquired from the second secret information storage means are input to the same data compression function as the data compression function used in the order authentication information generation means, and the output result and software The order authentication information is inversely converted by calculating the exclusive OR with the order authentication information from the execution unit, and the execution right generation password generation means generates the order information and the order information received from the software execution unit. The sentence identification information is input to the same data compression function as the data compression function used in the order authentication information generation means, and the output result of this data compression function is output as the execution right generation password. , Order information stored and held in the order creating means, and order authentication information stored and held in the order authentication information generating means,
When input to the same data compression function as the data compression function used in the order authentication information generation means and the output result matches the execution right generation password received from the order manager,
It is characterized in that the execution right generation password is judged to be valid.

The invention according to claim 11 is the invention according to claim 7 or 9, wherein the execution right generation password generation means is:
In addition to the order information received from the software execution unit, an execution right generation password that depends on the execution unit secret information acquired from the second secret information storage unit is generated, and the execution right generation password checking unit is stored in the order generation unit. It is characterized in that the validity of the execution right generation password received from the order manager is checked using the held order information and the execution unit secret information stored in the first secret information storage means.

According to a twelfth aspect of the invention, in the invention of the seventh or ninth aspect, the order management device further includes third secret information storage means for storing secret information used in the public key signature system, and the execution right is included. The generated password generation means includes the secret information stored in the third secret information storage means, the execution device secret information acquired from the second secret information storage means, the order information and the order authentication information received from the software execution device. Is used to generate the execution right generation password digitally signed by the public key signature method, and the software execution unit further includes public information storage means for storing public information corresponding to secret information used in the public key signature method. The execution right generation password checking means includes public information stored in the public information storage means, order information accumulated and held in the order creating means, and order authentication information generating means. Generation of the execution right received from the order manager by the signature confirmation method corresponding to the public key signature method using the accumulated and held order authentication information and the execution unit secret information stored in the first secret information storage means. Characterized by checking the validity of the password.

The invention according to claim 13 is one or more software executors for executing the provided software, and software connected to each software executor via a communication path and received from each software executor. A software protection system including an order manager that manages orders, wherein each software executor stores a unique executor ID.
The execution unit ID includes a storage unit, a first secret information storage unit that stores unique execution unit secret information, and an order creation unit that creates and stores order information for execution rights of one or more software. And the order information is sent to the order management unit via the communication path, and the order management unit stores the first module storing means for storing the first execution right generation module and all the software execution units. A first secret information storage unit for storing the secret information of the execution unit, a first order for calculating a value depending on the order information from the software execution unit, and the secret information of the execution unit acquired from the second secret information storage unit. An execution right generation password is included including a calculation means and an execution right generation password generation means for generating an execution right generation password by converting the first execution right generation module using the calculation result of the first calculation means. Sent to the software execution unit via the communication path, and each software execution unit further stores a second module storing unit for storing a second execution right generation module, and order information stored and held in the order creation unit, Execution right generation from the order manager using the second calculation means for calculating a value depending on the execution device secret information stored in the first secret information storage means and the calculation result of the second calculation means An execution right generation password reverse conversion means for generating a first execution right generation module by reverse converting the password, a first execution right generation module generated by the execution right generation password reverse conversion means, and a second execution right generation module Using the second execution right generation module stored in the module storage means, the execution right generation means for generating the execution right of the software based on the order information accumulated and held in the order creation means After execution right generation includes a module erasing means for erasing the first execution right generation module, a software execution right exists, the software execution means for executing according to the execution condition indicated in the execution right.

According to a fourteenth aspect of the present invention, in the thirteenth aspect of the present invention, the first execution right generation module stored in the first module storage means has a predetermined data structure and meaning, and the execution right generation is performed. The means executes the first execution right generation module and the second execution right only when the reverse conversion result of the execution right generation password reverse conversion means has the same data structure and meaning as the first execution right generation module. The generation module is used to generate the software execution right based on the order information accumulated and held in the order creating means.

According to a fifteenth aspect of the present invention, in the invention of the thirteenth aspect, the order management device further includes third secret information storage means for storing secret information used in the public key signature system, and the execution right generation password. The generation means converts the first execution right generation module by using the calculation result of the first calculation means and the secret information stored in the third secret information storage means, thereby performing the public key signature method. The software execution unit generates a digitally signed execution right generation password, and the software execution unit further includes public information storage means for storing public information corresponding to secret information used in the public key signature method. , The conversion result of the second calculation means and the public information are used to reverse-convert the execution right generation password from the order manager by the signature confirmation method corresponding to the public key signature method. And wherein the Rukoto.

The invention according to claim 16 is defined by claims 1 to 15.
In any one of the inventions, the software provided to the software execution unit is encrypted by including the software unique information, and the execution right generation means executes the execution right generation password checking means from the order management unit. When the validity of the right generation password is confirmed, the encrypted software corresponding to the order information stored and held in the order creation means is decrypted to acquire the software unique information, and the acquired software unique information is used as the execution device secret information. By executing the encryption, the execution right of the ordered software is generated, and the software execution means decrypts the encrypted software corresponding to the order information stored and held in the order creation means to obtain the software and the software unique information. Then, the execution right is decrypted by using the secret information of the executor to obtain the software unique information, and the software unique information obtained by these decryption matches. If it is only and executes the decoded software.

The invention according to claim 17 is claims 1 to 15.
In any one of the inventions, the order creating means stores and holds the created order information in a non-volatile manner, and deletes the order information after the execution right creating means creates the execution right of the corresponding software. And

The invention of claim 18 relates to claims 1 to 15.
In the invention described in any one of (1) to (4), the software execution unit and the order management unit each hold a history of information exchanged between them.

The invention of claim 19 relates to claims 1 to 15.
In the invention described in any one of 1, the software execution unit and the order management unit hold codes corresponding to all combinations of software as a table, and the software execution unit uses the code obtained from the table as order information. The feature is that it is sent to the order manager.

[0039]

In the invention according to claim 1, the software executor orders the software by generating an executor ID and order information and sending them to the order manager.
The order management unit generates an execution right generation password, which is information dependent on the received order information and the execution unit secret information corresponding to the execution ID, and sends it to the software execution unit. The software execution unit determines whether this execution right generation password is consistent with the order information sent to the order management unit or the confidential information of the execution unit of its own. Generate the execution right of the software corresponding to the information and execute the software. In this way, the order management unit sends only the execution right generation password, that is, the information that gives the permission for the software execution unit to generate the software execution right corresponding to the order information, to the software execution unit. The number of digits can be reduced compared to the case of sending the item itself.
Further, even if the software execution unit orders a plurality of software at one time, the amount of information is the same as the amount of information when one piece of software is ordered.

In the invention according to claim 2, the order management device is
The order information received from the software executor and the executor secret information corresponding to the executor ID are input to a predetermined data compression function (for example, hash function), and the output result of this data compression function is generated as an execution right. Output as password. On the other hand, the soft executor inputs the order information stored internally and the secret information of its own executor into the same data compression function as above, and the output result is the execution right received from the order manager. When it matches the generated password, it is determined that the execution right generation password is valid. In this way, since the execution right generation password is generated using the data compression function, the number of digits can be further reduced.

In the invention according to claim 3, the order management device is
The secret information used in the public key signature method is held, and is digitally signed by the public key signature method using this secret information, the execution unit secret information corresponding to the execution unit ID, and the order information received from the software execution unit. Generate the execution right generation password. On the other hand, the soft executor holds the public information corresponding to the secret information used in the public key signature method, and uses the public information, the order information, and the secret information of the executor of its own, the public key signature method. By the signature confirmation method corresponding to, the validity of the execution right generation password received from the order manager is checked. In this way, since the execution right generation password that is digitally signed is sent to the software execution unit, it is almost impossible to forge the execution right generation password on the software execution unit side, and extremely safe software protection is possible. The system can be realized.

In the invention according to claim 4, a change value that changes every time the order information is created is sent from the software execution unit to the order management unit together with the order information. Then, the order management device generates an execution right secret password, order information, and an execution right generation password depending on the change value, and sends the execution right generation password to the order management device. The software executor uses the order information, the change value, and the executor secret information to check the validity of the execution right generation password. Therefore, the execution right generation password from the order management unit is valid only in the software execution unit that holds the corresponding change value. Therefore, even if you create the same order at different times and enter the previous execution right generation password, the change value generated at the time of the later order is different from the change value generated at the time of the previous order. The password you entered is not valid.

In the invention according to claim 5, the order management device is
The order information, the change value, and the secret information of the executor are input to a data compression function such as a hash function, and the output result of this data compression function is output as an execution right generation password. On the other hand, the soft executor inputs the order information, the change value, and the executor secret information, which are held internally, to the same data compression function as above, and the output result is the execution right generation password received from the order manager. When it matches with, the execution right generation password is determined to be valid. In this way, since the execution right generation password is generated using the data compression function, the number of digits can be further reduced.

In the invention according to claim 6, a time stamp is used instead of the change value in claim 4. Since this time stamp is held in common in the software execution unit and the order management unit, it is not necessary to send the change value from the software execution unit to the order management unit as in claim 4.

In the invention according to claim 7, by introducing the order authentication information depending on the order information and the secret information of the execution unit, the order information and the software execution unit are issued before the issuance of the execution right generation password on the order management unit side. Can be authenticated. When the authentication result is OK, the order management device treats the order authentication information as order identification information for identifying the order, generates the execution right generation password depending on the order information and the order identification information, and generates the software. Send to the execution device. The software execution unit checks the validity of the execution right generation password received from the order management unit by using the order information and the order authentication information held internally, and executes the software when the check result is OK. Generate the right and execute the corresponding software.

In the invention according to claim 8, the software executor inputs the order information and the executor secret information to a data compression function such as a hash function, and obtains the output result of this data compression function as the order authentication information. ing. In addition, the order manager inputs the secret information of the execution unit and the order information received from the software execution unit to the data compression function similar to the above,
When the output result matches the order authentication information received from the software execution unit, the software execution unit and the order information are authenticated as valid. Further, the order manager inputs the order information and the order identification information to the same data compression function as above, outputs the output result of this data compression function as an execution right generation password, and sends it to the software execution unit. On the other hand, the software execution unit inputs the order information and the order authentication information into the same data compression function as above, and when the output result matches the execution right generation password from the order management unit, the execution right generation password is Judge as legitimate.

In the invention according to claim 9, the software executor converts a change value which changes each time the order information is created and which has a predetermined data structure or meaning, by a value depending on the order information and the executor secret information. By doing so, order authentication information is generated. This order authentication information is sent to the order management unit together with the execution unit ID and the order information. The order management device obtains a value depending on the execution device secret information corresponding to the execution device ID and the order information from the software execution device, and uses this value to reverse-convert the order authentication information from the software execution device,
If the result of this inverse conversion has the same data structure or meaning as the above-mentioned change value, it is verified that the software execution unit and the order information are valid. Then, only when this authentication result is valid, the order management device generates an execution right generation password depending on the order information and sends it to the software execution device. When the software execution unit checks the validity of the execution right generation password received from the order management unit using the order information and order authentication information held internally, and when the validity of the execution right generation password is confirmed. In addition, the execution right of the ordered software is generated. With such a configuration, the number-of-times limiting function and the user authentication function can be realized without increasing the amount of information exchanged between the software execution unit and the order management unit.

According to the tenth aspect of the invention, the soft executor inputs the order information and the secret information of the executor to a data compression function such as a hash function and orders the exclusive OR of the output result and the change value. Obtained as authentication information. The order management unit inputs the order information from the software execution unit and the execution unit secret information corresponding to the execution unit ID to the same data compression function as the above, and outputs the output result and the order authentication information from the software execution unit. The order authentication information is inversely converted by calculating the exclusive OR of Further, the order management unit inputs the order information and the order identification information from the software execution unit to the same data compression function as the above, and outputs the output result of this data compression function as the execution right generation password. There is. The soft executor inputs the order information and order authentication information held internally to the same data compression function as above, and when the output result matches the execution right generation password received from the order manager, Judge that the execution right generation password is valid.

According to the eleventh aspect of the invention, the order management unit includes the order information received from the software execution unit and the execution unit I.
An execution right generation password that depends on the execution device secret information corresponding to D is generated. On the other hand, the software executor checks the validity of the execution right generation password received from the order manager using the order information and the executor secret information held inside.

According to the twelfth aspect of the present invention, the order management unit includes the secret information used in the public key signature system and the execution unit I.
Using the secret information of the execution unit corresponding to D and the order information and the order authentication information received from the software execution unit, an execution right generation password digitally signed by the public key signature method is generated and sent to the software execution unit. . The soft executor uses the public information corresponding to the secret information used in the public key signature method, the order information, the order authentication information and the secret information of the executor held internally, and the signature corresponding to the public key signature method. The verification method verifies the validity of the execution right generation password received from the order manager. In this way, since the execution right generation password that is digitally signed is sent to the software execution unit, it is almost impossible to forge the execution right generation password on the software execution unit side, and extremely safe software protection is possible. The system can be realized.

According to the thirteenth aspect of the present invention, only the second execution right generation module stored in the software executor side is
Execution rights cannot be generated. The order management unit converts the first execution right generation module for activating the second execution right generation module into a form depending on the order information from the software execution unit and the execution unit secret information and executes the execution right. Send as generated password. On the software executor side, if the order information and the executor are correct, this execution right generation password can be used to activate the second execution right generation module held inside. In this case, even if the software executor tries to illegally generate the execution right, the second amount of information is
Since there is not enough information for that in the execution right generation module of, the injustice cannot be done. Therefore, a more secure software protection system can be realized.

In the fourteenth aspect of the present invention, the first execution right generation module stored in the order management unit has a predetermined data structure and meaning, and the software execution unit determines the reverse conversion result of the execution right generation password. Generate an execution right of the software using the first execution right generation module and the second execution right generation module only when has the same data structure and meaning as the first execution right generation module. .

According to the fifteenth aspect of the invention, the order management unit stores the secret information used in the public key signature method and the calculation result of the first calculation means which is a value depending on the order information and the execution unit secret information. The first execution right generation module is converted by using the generated execution right generation module to generate the execution right generation password digitally signed by the public key signature method. on the other hand,
The soft executor uses the public information corresponding to the secret information used in the public key signature method and the calculation result of the second calculation means, which is a value depending on the order information and the executor secret information, and uses the public key signature method. By the signature confirmation method corresponding to
Reverse the execution right generation password from the order manager.

In the sixteenth aspect of the invention, the software provided to the software execution unit is encrypted by including the software unique information. When the software execution unit confirms the validity of the execution right generation password from the order management unit, the software execution unit decrypts the encrypted software corresponding to the order information stored inside and acquires the software unique information. The execution right of the ordered software is generated by encrypting the acquired software unique information with the execution device secret information. In addition, the software execution unit decrypts the encrypted software corresponding to the order information held inside to acquire the software and the software unique information, and decrypts the execution right using the execution device secret information to obtain the software unique information. The decrypted software is executed only when the information acquired and the software unique information acquired by the decryption match.

According to the seventeenth aspect of the invention, the software execution unit accumulates and holds the created order information in a non-volatile manner, and deletes the order information after generating the execution right of the corresponding software. As a result, it is possible to control the execution of the software based on the execution right generation password sent back after sending only the orders for the time being.

In the eighteenth aspect of the present invention, the software execution unit and the order management unit each hold a history of information exchanged between them. This makes it possible to flexibly deal with problems that occur later.

In the nineteenth aspect of the invention, the software execution unit and the order management unit hold the codes corresponding to all combinations of software as a table, and the software execution unit orders the codes obtained from the table. The information is sent to the order manager. As a result, the data amount of order information can be further reduced.

[0058]

【Example】

(1) First Embodiment FIG. 1 is a block diagram showing the configuration of a software protection system according to the first embodiment of the present invention. In FIG. 1, the software protection system of the present embodiment includes a software execution unit 101 that executes software and a software execution unit 1.
Order manager 102 that distributes software to 01
And

The software execution unit 101 includes an encrypted software storage unit 3, an order creation unit 4, and an execution unit ID storage unit 5.
And an execution unit encryption key storage unit 6 for storing an execution unit encryption key (an example of execution unit secret information) corresponding to the execution unit ID, and an execution for checking the validity of the execution right generation password received from the order management unit 102. Right generation password checking unit 7, execution right generation unit 8 that generates an execution right using an execution unit encryption key based on order information, execution right storage unit 9 that stores the generated execution right, and at the time of software execution And a software decryption execution unit 10 that decrypts and executes the encrypted software when the corresponding execution right is valid. In the software executing unit 101 having such a configuration, the order information created by the order creating unit 4 and the executing unit ID are the order management unit 102.
The execution right generation password for executing the encryption software is requested.

On the other hand, the order management unit 102 depends on the execution unit encryption key storage unit 11 storing the execution unit encryption keys of all the soft execution units, the order information and the execution unit encryption keys of the corresponding software execution units. And an execution right generation password generation unit 12 for generating the execution right generation password.

Next, the operation of the software protection system of the first embodiment shown in FIG. 1 will be described. In the following description, the communication between the software execution unit 101 and the order management unit 102 is assumed to be performed by a person who operates them via a telephone.

First, a method of generating encrypted software will be described. A unique authenticator authA is defined for the software SoftA. And SoftA
And the authenticator authA are combined, and the combined data is encrypted in the system using common secret information S (not shown) to generate encrypted software. When expressed by a formula, the encryption software ESsoftA is ESsoftA = E (S, authA / | SoftA). In the above equation, E (S, *) indicates an encryption function with S as a key, and ‖ indicates a combination. Similarly, for other software SoftB, a unique authenticator authB
The encryption software is created in correspondence with. Less than,
A plurality of encrypted software created by the same procedure is stored in, for example, one CD-ROM and distributed to the software execution unit 101 in advance. In the embodiment of FIG. 1, this encrypted software is stored in the encrypted software storage unit 3.

The user of the software executor 101 operates the software executor 101 to specify the software desired to be executed from the software stored in the encrypted software storage unit 3. For example,
Software A and software C.
In response, the order creation unit 4 creates corresponding order information. This order information is temporarily stored in the order creation unit 4. Then, the user of the software execution unit 101 stores the order information and the execution unit ID (stored in the execution unit ID storage unit 5) unique to the software execution unit 101 in the order management unit 1
02 operator is notified by telephone. This completes the order.

When the order information notified from the software execution unit 101 is input, the execution right generation password generation unit 12 in the order management unit 102 first authenticates the software execution unit 101 that placed the order (or user authentication). ) And then
From the execution unit encryption key storage unit 11 to the corresponding software execution unit 10
Obtain a cryptographic key of 1. Next, the execution right generation password generation unit 12 combines the order information received from the software execution unit 101 and the execution unit encryption key acquired from the execution unit encryption key storage unit 11, and determines this combined data in advance. Enter into the hash function. The output of this hash function is transmitted to the user of the soft executor 101 by telephone as an execution right generation password.

Here, the hash function is a data compression type cryptographic process, the output of which depends on all the bits of the input, and it is not easy to find a different input pair having the same output. have. The specific construction method is described in detail, for example, in "Modern Cryptography" by Ikeno and Koyama, pages 224 to 225, published by The Institute of Electronics, Communication and Communication. The hash function used in this embodiment is, for example, a function that compresses an input into a value of about 10 decimal digits.

The user of the software executor 101 inputs the execution right generation password received by telephone to the execution right generation password checking unit 7. The same right hash function used in the order management unit 102 is stored in the execution right generation password checking unit 7. Then, the execution right generation password checking unit 7 uses the hash function to store the order information stored in the order creating unit 4 and the execution unit encryption key storage unit 6.
Enter the data that is combined with the execution unit encryption key stored in. Next, the execution right generation password checking unit 7
The output result of this hash function is compared with the execution right generation password obtained from the order manager 102. At this time, the order information stored in the order creation unit 4 is different from the content actually transmitted to the order management unit 102, or the execution unit encryption key stored in the software execution unit 101 is the order management unit. If it is different from the executor encryption key obtained in 102, the comparison result is NG (mismatch).

The execution right generation unit 8 is activated and generates the execution right only when the check result of the execution right generation password checking unit 7 is OK (match). The method is as follows. First, the execution right generation unit 8 refers to the order information stored in the order creation unit 4, and extracts the corresponding encrypted software from the encrypted software storage unit 3. For example, as encryption software, ESsoftA
Assuming that the encrypted software ESsoftA has been extracted, the execution right generation unit 8 decrypts the extracted encrypted software ESoftA using a common secret key S (not shown) in the system to obtain a corresponding authenticator authA. Next, the execution right generation unit 8
Uses the authenticator authA as the executor encryption key storage unit 6
It is encrypted using the execution device encryption key stored in the execution right encryption unit, and the authenticator obtained by this encryption is used as the execution right.
To be stored. Generally, in the case of the soft executor X having a specific executor encryption key Sx, the execution right of the software A is E
(Sx, authA). This execution right is the execution device X
Since it is encrypted with the unique encryption key Sx, even if a general memory that is not protected from external read is used as the execution right storage unit 9, the problem of confidentiality leakage does not occur.

When executing the software A, the software decryption executing unit 10 firstly executes the encrypted software ESsoft.
A is decrypted using the common secret key S in the system to obtain the authenticators authA and SoftA. Next, the software decryption execution unit 10 executes the execution right E (S
x, authA) is extracted from the execution right storage unit 9. Next, the software decryption executing unit 10 executes the execution right E (Sx, auto
The value obtained by decrypting hA) with the execution device encryption key Sx is compared with the previously obtained authenticator. Then, the soft decryption executing unit 10 determines that the software Sof
Perform tA.

As described above, in the first embodiment of the present invention, the execution right generated by the order manager in the conventional system (corresponding to the generation of the encrypted file key in the conventional system) is It is done on the software execution unit side. That is, in this embodiment, the order management unit 102 has a function of only giving the activation right generation unit 8 permission to start. Here, since the execution right generation password that is the permission information is the output of the hash function that depends on the order information and the encryption key of the executor, it can be realized with a value of about 10 decimal digits. Input mistakes are reduced and the user interface is improved. Further, it becomes possible to authenticate the order information and the execution device. Also, the order manager 102
Since only the permission to start is given to the execution right generation unit 8, the execution right generation password can always be realized with a small number of digits without depending on the number of ordered software.

Next, the security against fraud in the software protection system of the first embodiment will be described. In the system of the first embodiment, the order manager 1
It is assumed that when 02 receives an order from the soft executor 101 and issues an execution right generation password for the order, the fee corresponding to the order is charged. As a payment method, a method such as credit will be generally adopted. Therefore, if it is difficult for the software executor 101 to arbitrarily generate an unauthorized execution right that is not subject to billing, the system is highly safe.

First, as an external attack for generating an illegal execution right, it is conceivable to operate the execution right generation unit 8 in the software execution unit 101 independently. Further, an attack may be considered in which the execution right generation unit 8 creates the execution right of software other than the order created by the order creation unit 4. In response to these attacks, the user executes software execution unit 1
This can be dealt with by making it impossible to change each component in 01.

In the first embodiment, the execution right generation unit 8 has to perform a series of operations in which an order is placed in the order creation unit 4 and then the execution right generation password corresponding thereto is inspected. It does not start. That is, in the first embodiment, it is not possible to change only the execution right generation unit 8 to operate independently. Further, in the first embodiment, it is not possible to operate only the execution right generation password inspection and the execution right generation unit 8 except for the order creation from the above series of operations. Further, the order information created by the order creation unit 4 is the execution right generation password checking unit 7 and the execution right generation unit 8
In both cases, the user cannot change the content of the order information. Therefore, in the first embodiment, the execution right is not generated even if the above-mentioned illegal attack is performed.

Considering that it is very common that the software executor 101 is a dedicated device or that the program in the software executor is realized by a CD-ROM or the like, the user can execute the software. Making each component in the executor unchangeable is a realistic one.

Further, in order to execute the software illegally, the execution right generation password received for one order is input as the execution right generation password for another order, or a software execution device other than the ordering software execution device is entered. An attack of inputting to the software execution unit is also possible. However, in the system of the first embodiment, the execution right generation password is a value that depends on the order information and the execution device encryption key. Therefore, if the order information and the software execution device are different, the execution right generation password The inspection does not pass. Therefore, the first embodiment can deal with such an unauthorized attack.

Further, in order to illegally execute the software, an attack in which a password having an appropriate value is brute force input is considered for the execution right generation password of a certain order. However, in the first embodiment, the number of digits of the password is set to about 10 in decimal, so even if an unauthorized user tries to input the password properly,
The probability that it happens to pass the inspection unit 7 is considered to be practically close to zero. Therefore, the first embodiment can deal with such an attack.

Further, in order to illegally execute the software, the user may forge the execution right generation password. This can be dealt with using, for example, the public key signature method. When the public key signature method is used, the private key of the order management device 102 is required to generate the execution right generation password, and therefore the general user cannot forge the password. It is also possible to deal with this by not exposing the procedure (operation) for issuing the execution right generation password. In the first embodiment, the execution right generation password checking unit 7 in the software executor 2 performs the inspection in the same procedure as the generation of the execution right generation password. Is not published. Furthermore, the execution right generation password checking unit 7 uses it independently (that is, the software execution unit 1
Since the components in 01 cannot be changed), the problem of password forgery does not occur.

When the execution right storage unit 9 is constructed by using a general memory having no read protect function, the execution right stored in the execution right storage unit 9 is analyzed to make the execution right illegal. It is also possible to generate in. However, in the first embodiment, the execution right storage unit 9
The execution right stored in the corresponding software execution unit 1
Since the encryption key is 01 and the execution device encryption key is set to about 64 bits, the execution right cannot be easily analyzed. Further, by preventing the user from observing the executor encryption key or by not exposing the decryption process to the user, the security can be further enhanced.

From the above description, it can be understood that it is virtually impossible to forge the execution right on the software execution unit 101 side.

The system of the first embodiment is configured as a system in which the user can use the execution right for an unlimited number of times, that is, the "execution right purchase type" system. There is. Therefore, the execution right generation password for the same order information may be input multiple times.

(2) Second Embodiment FIG. 2 is a block diagram showing the configuration of the software protection system according to the second embodiment of the present invention. The second embodiment is effective when a condition such as the number of executions is added to the software execution right, unlike the "execution right purchase type" system as in the first embodiment.

By the way, in order to limit the number of times the ordered software is executed, the execution right generation password must be valid only at the first input. This is 2
This is because the following inconvenience will occur if it is valid at the time of the subsequent input. For example, it is assumed that a certain software executor creates an order to execute the software A N times and obtains the execution right generation password for the order from the order manager. When this password is input to the software execution unit, an execution right for executing the software A N times is generated. Next, when this execution right is exhausted, an order for executing the software A again N times is created in the same software execution unit, and the previous password is input without making an order in the order management unit. If this password becomes valid and the execution right of the software A N times is generated again, the limitation of the execution count becomes practically meaningless.

Therefore, in the second embodiment, in order to make the execution right generation password valid only at the first input, a value that changes for each order is introduced in addition to the configuration of the first embodiment. . That is, in the second embodiment, a change value whose value changes each time is generated for each order information, and only the execution right generation password corresponding to this change value is valid. There are various possible methods for realizing the change value that changes for each order, but in the second embodiment,
A random number is generated for each order, and this random number is used as a change value that changes for each order.

In FIG. 2, the software protection system of this embodiment is a software execution unit 2 that executes software.
01 and an order management unit 202 that distributes software to the software execution unit 201. The software execution unit 201 has an encrypted software storage unit 3, an order creation unit 4, an execution unit ID storage unit 5, an execution unit encryption key storage unit 6, and an execution right, which have the same configuration as that of the embodiment of FIG. A generator 8 and
The execution right storage unit 9 and the software decryption execution unit 10 are included. Further, the software execution unit 201 checks the validity of the random number generator 20 that is activated each time an order is placed and the received execution right generation password by using the order information, the execution unit encryption key, and the random number data to check the execution right generation password. And a part 21.

On the other hand, the order management unit 202 includes the execution unit encryption key storage unit 11 having the same configuration as that of the embodiment of FIG. Further, the order management unit 202 includes the order information and the random number sent from the software execution unit 201, and the execution unit encryption key storage unit 1.
Using the encryption key of the software executor 202 acquired from the above 1, an execution right password generation unit 22 for generating an execution right generation password dependent on them is included.

As described above, in this second embodiment, a new random number is generated every time an order is placed. Then, the user of the software execution unit 201 notifies the operator of the order management unit 202 by telephone of this random number in addition to the order information and execution unit ID in the first embodiment. Note that this random number is 10 in order to improve the user interface.
It should be a value of about 10 decimal digits.

The execution right generation password generation unit 22 in the order management unit 202 uses the same hash function as that used in the first embodiment with the order information, the random number, and the execution unit encryption key of the corresponding software execution unit 201. Enter the combined data. The output result of this hash function is 10
The 10-digit decimal value is notified to the user of the software executor 201 by telephone as an execution right generation password.

Upon receiving the notification, the user of the software execution unit 201 sets the execution right generation password to the software execution unit 201.
It is input to the execution right generation password check unit 21. The execution right generation password checking unit 21 combines the order information and the random number obtained from the order creating unit 4 and the random number generating unit 20 with the execution unit encryption key obtained from the order management unit 202, and uses them in the order management unit 202. Input to the same hash function as the current hash function. Then, the execution right generation password checking unit 21 compares the output result of this hash function with the input execution right generation password, and activates the execution right generation unit 8 only when both match. The operation after this is
Since it is similar to the above-described first embodiment, the description thereof will be omitted.

In the second embodiment, a new random number is automatically generated every time an order is placed. Then, in the case of a regular procedure, the order management unit 202 issues an execution right generation password depending on this random number (= value that changes for each order). Then, this execution right creation password is valid only in the software execution unit 201 that holds the corresponding random number. Therefore, since the random number generated when the second and subsequent orders are generated is different from the random number generated when the first order is generated, the execution right generation password obtained when the first order is generated cannot be illegally used multiple times. . In addition, in the second embodiment, in addition to the measures for ensuring the security described in the first embodiment, it is preferable that the random number cannot be arbitrarily changed or set by the user.

In the second embodiment, the previous random number remains until a new order is created. However, if it is possible to save the order once, The random numbers involved in the execution right may be cleared or updated at the stage of generation. This further enhances safety.

(3) Third Embodiment FIG. 3 is a block diagram showing the configuration of the software protection system according to the third embodiment of the present invention. In the third embodiment, efficient executor authentication is added to the first embodiment described above. In FIG. 3, the software protection system of the third embodiment includes a software execution unit 301 that executes software and an order management unit 302 that distributes software to the software execution unit 301.

The software execution unit 301 has the same configuration as that of the first embodiment described above, the encrypted software storage unit 3, the order creation unit 4, the execution unit ID storage unit 5, and the execution unit encryption key storage unit. 6, an execution right generation unit 8, an execution right storage unit 9, and a soft decryption execution unit 10. Furthermore, software execution unit 3
01 is the order authentication information generation unit 30 that generates the order authentication information that depends on the order information and the execution device encryption key, and the validity of the execution right generation password received from the order management device 302. And an execution right generation password checking unit 31 for checking using the order authentication information.

On the other hand, the order management unit 302 includes the execution unit encryption key storage unit 11 having the same configuration as that of the embodiment of FIG. Further, the order manager 302 authenticates the software executor using the order information and the order authentication information received from the software executor 301, and the executor encryption key acquired from the executor encryption key storage unit 11. When the authentication unit 32 and the execution unit authentication result are OK, the order authentication information is used as order identification information for identifying the order information, and the execution right is generated by using the order information and the order identification information (= order authentication information). An execution right generation password generation unit 33 that generates a password is included.

Next, the operation of the software protection system of the third embodiment shown in FIG. 3 will be described. First, when order information is created by the order creation unit 4 of the software execution unit 301, the order authentication information generation unit 30 uses the same hash function as that used in the first embodiment to place the order information and execution unit encryption. The data combined with the execution unit encryption key obtained from the key storage unit 6 is input. Then, the user of the soft executor 301 informs the operator of the order manager 302 by telephone, using the output result of the hash function as order authentication information, in addition to the order information and the executor ID. The order information and the order authentication information are stored in the order creating unit 4 and the order authentication information generating unit 30, respectively.

In the order management unit 302, the execution unit authentication unit 32 first receives the execution unit ID received from the software execution unit 301.
Is used as a key to search the execution unit encryption key storage unit 11 to obtain the execution unit encryption key of the corresponding software execution unit 301.
Next, the executor authentication unit 32 inputs the data obtained by combining the order information and the executor encryption key received from the software executor 301 into the same hash function as that used by the software executor 301. Next, the executor authentication unit 32 compares the output result of this hash function with the order authentication information received from the software executor 301. Then, the executor authentication unit 32 determines that the other party is the correct executor and made a correct order only when the comparison results match, and the order authentication information is, for example, the order identification information for identifying the order. Used to manage and exchange order information and related information. Further, the execution right generation password generation unit 33 inputs the data obtained by combining the order information and the order identification information (= order authentication information) into the same hash function as above. Then, the operator of the order management unit 302 telephones the output result of the hash function to the user of the software execution unit 301 as an execution right generation password in combination with the order identification information.

The user of the software execution unit 301 inputs the transmitted execution right generation password into the execution right generation password checking unit 31. In response, the execution right generation password checking unit 31 inputs the data obtained by combining the order information accumulated in the order creating unit 4 and the order authentication information accumulated in the order authentication information generating unit 30 into the hash function, It is checked whether the output result matches the input execution right generation password. Then, the execution right generation password checking unit 31 checks the execution right generation unit 8 only when the check results match.
To start. The subsequent operation is similar to that of the first embodiment, and the description thereof is omitted.

In the third embodiment, the order manager 302
Authenticates the order information and software execution unit before issuing the execution right generation password. In an actual system, since an order is charged, an authentication function is necessary anyway. This authentication function can be separately provided separately from the order, but, for example, in the method of performing a challenge and authenticating by a response to the challenge, the exchange of the challenge and the response is actually considerably difficult for the user of the soft executor. Will be burdened. Therefore, in the third embodiment, the order information and the software executor are efficiently authenticated at the same time as the order is placed.
Therefore, in the third embodiment, order authentication information that depends on the order information and the encryption key of the executor is introduced. Then, this order authentication information is added to the order information and the execution unit ID and is transmitted to the order management unit 302. Since the order authentication information is the output of the hash function in the third embodiment, it can be realized with, for example, 10 decimal digits, and does not burden the user so much when transmitting it by telephone.

The order management unit 302 uses the order authentication information to obtain the order information and the software execution unit 301.
Is certified. That is, the order information created by the software execution unit 301 by the order creation unit 4 and the order management unit 302
If the order information transmitted by telephone is different from the order information, the executor authentication unit 32 of the order manager 302 outputs NG. Also, a certain software execution unit has its own execution unit ID.
Even when information different from the above is transmitted by telephone, it can be checked by the executor authentication unit 32.

Only when the authentication result is OK, the order management unit 302 uses the order authentication information as the order identification information for identifying the order. And the order manager 302
Generates an execution right generation password corresponding to this order. This execution right generation password is the software execution unit 301.
Conveyed to. Since this execution right generation password is also the output of the hash function, it can be realized with about 10 decimal digits.
The soft executor 301 checks the input execution right generation password using the order information and the order authentication information (= order identification information) stored inside. After this inspection, the execution right that is valid only in the specific software execution unit that holds the order authentication information and the order information corresponding to the input execution right generation password is generated. In addition, here
Since the order identification information (= order authentication information) of the execution right generation password already includes the execution unit encryption key information, the execution right generation password itself does not include the execution unit encryption key.

In the third embodiment, the software execution unit 30
The first user transmits the order authentication information to the order manager 302 in addition to the information to be transmitted in the first embodiment at the time of ordering. As a result, the order manager 302 can authenticate the order information and the software executor before issuing the execution right generation password. This order authentication information is 1
It is a value of about 10 decimal digits, and does not impose much burden on the user of the software execution unit 301. Further, the authentication can be realized by the same number of exchanges as in the first embodiment, which is more efficient than the case where the user authentication is separately provided. Then, this order authentication information is used to manage the order information and information related thereto as order identification information for identifying the order information.

(4) Fourth Embodiment FIG. 4 is a block diagram showing the configuration of the software protection system according to the fourth embodiment of the present invention. In the fourth embodiment, an efficient executor authentication function is added to the second embodiment in which random numbers are introduced. Similar to the second embodiment, the fourth embodiment is also effective when a condition such as the number of executions is added to the software execution right. In FIG. 4, the software protection system of the fourth embodiment is
A software execution unit 401 that executes software and an order management unit 402 that distributes software to the software execution unit 401 are provided.

The software executor 401 has the same configuration as that of the first embodiment described above, the encrypted software storage unit 3, the order creation unit 4, the executor ID storage unit 5, and the executor encryption key storage unit. 6, an execution right generation unit 8, an execution right storage unit 9, and a soft decryption execution unit 10. Furthermore, software execution unit 4
01 is an order hash unit 40 that performs a hash operation by combining the order information and the executor encryption key, a random number generation unit 41 that generates a random number having a predetermined structure and meaning for each order, the random number and the order. An exclusive OR unit 42 that calculates an exclusive OR of the output of the hash unit 40 is included.

On the other hand, the order management unit 402 includes the execution unit encryption key storage unit 11 having the same configuration as that of the embodiment of FIG. Furthermore, the order management unit 402 combines the execution unit encryption key acquired from the execution unit encryption key storage unit 11 and the order information received from the software execution unit 401 to perform the same hash operation as the software execution unit 401. Of the order number and the output of the order hash unit 44 received from the soft executor 401, and the output of the exclusive OR unit 45, An execution unit authentication unit 46 that authenticates the correctness and an execution right generation password generation unit 47 that starts up and generates an execution right generation password only when the authentication result of the execution unit authentication unit 46 is OK are included.

Next, the operation of the software protection system of the fourth embodiment shown in FIG. 4 will be described. First, in the software execution unit 401, when the order creation unit 4 creates the order information, the order hash unit 40 stores the order information and the execution unit encryption key in the same hash function as that used in the first embodiment. Input the data combined with the encryption key of the software execution unit obtained from the unit 6. In addition, the random number generation unit 41 generates random number data having a predetermined structure and meaning. As an example, in this embodiment, the most significant 3 bits of the random number data are "0" and the least significant 3 bits are "1". Other bits store random numbers. In addition to this example, an arrangement may be made in advance between the order management unit 402 and the software execution unit 401, and a part of the random number data may be associated with a part of the execution unit ID data. Next, the exclusive OR unit 42 calculates the exclusive OR of the output of the order hash unit 40 and the random number data generated by the random number generation unit 41. The user of the software execution unit 401 notifies the operator of the order management unit 402 of the operation result of the exclusive OR unit 42 as the order authentication information together with the order information and the execution unit ID. If the number of bits of the random number data is set to be about the same as the output of the order hash unit 40, the order authentication information will be about 10 decimal digits, which is very large for the user of the software execution unit 401 and the operator of the order management unit 402. Do not give a burden.

In the order management unit 402, the execution unit authentication unit 46
Acquires the encryption key of the corresponding software execution unit from the execution unit encryption key storage unit 11, combines this with the order information, and inputs it to the order hash unit 44. And the exclusive OR section 4
5 is the output of the order hash unit 44 and the software execution unit 40
The exclusive OR with the order authentication information received from 1 is calculated. If the order information and the execution device ID are correct, the output of the order hash unit 44 is the software execution device 401 that has made the order.
It becomes the same as the output of the order hash unit 40 inside. Further, the output of the exclusive OR unit 45 becomes the same as the random number data generated by the random number generation unit 41 of the ordered software executor 401. That is, in this case, the most significant 3 bits of the random number data are "0", and the least significant 3 bits are "1". The executor authenticating unit 46 confirms whether the output of the exclusive OR unit 45 has a predetermined random number structure or meaning, and if the result is OK, the order information and the executor are correct. Authenticate with. And only when this authentication result is OK,
The execution right generation password generation unit 47 generates an execution right generation password. The subsequent operation is the same as that of the third embodiment. That is, the execution right generation password generated by the order manager 402 is the software execution unit 4 by telephone or the like.
01, inspected it by the software executor side, O
In the case of K, the execution right of the corresponding software is created.

In the fourth embodiment, similarly to the second embodiment, random numbers can be introduced to support execution right generation with a limited number of times. Further, the fourth embodiment has a user authentication function as in the third embodiment. As described above, the fourth embodiment has the functions of the second and third embodiments together, but the amount of data exchanged between the software executor 401 and the order manager 402, especially the random order number and execution. The number of digits in the right generation password has not increased.

(5) Fifth Embodiment FIG. 5 is a block diagram showing the configuration of the software protection system according to the fifth embodiment of the present invention. In the fifth embodiment, each software execution unit is provided with an execution right generation module in an inactive state, and the execution right generation module is activated by the execution right generation password given from the order manager, The module is characterized in that a predetermined execution right is generated. In the following explanation,
The execution right generation module is divided into two parts, one of which is stored in the software execution unit, and the other execution right generation module B is encrypted and the software execution unit is an order management unit. Receive from The execution right generation modules A and B can generate a predetermined execution right only when both of them are assembled. Therefore, the execution right generation module A stored in the software executor alone is in an inactive state and cannot generate the execution right.

In FIG. 5, the software protection system of the fifth embodiment comprises a software execution unit 501 for executing software and an order management unit 502 for distributing software to the software execution unit 501.

The soft executor 501 has the same configuration as that of the first embodiment described above, the encrypted software storage unit 3, the order creation unit 4, the executor ID storage unit 5, and the executor encryption key storage unit. 6, an execution right generation unit 8, an execution right storage unit 9, and a soft decryption execution unit 10. Furthermore, software execution unit 5
01 is an order hash unit 50 that combines the order information and the execution unit encryption key to perform a hash operation, a storage unit 51 that stores the execution right generation module A, and an execution right generation password that is received from the order management unit 502. The inverse conversion unit 52 for conversion and the storage unit 53 for storing the inverse conversion result of the inverse conversion unit 52 are included. If the order information and the executor ID are correct, the storage unit 53 stores the execution right generation module B.

On the other hand, the order management unit 502 includes the execution unit encryption key storage unit 11 having the same configuration as that of the embodiment of FIG. Further, the order management unit 502 combines the order information received from the software execution unit 501 with the encryption key of the relevant execution unit obtained from the execution unit encryption key storage unit 11 and performs an order hash unit 54 that performs a hash operation. , A storage unit 55 for storing the execution right generation module B, and an order hash unit 5 for the module B.
And an execution right generation password generation unit 56 for converting the output of FIG. 4 to generate an execution right generation password.

Next, the operation of the software protection system of the fifth embodiment shown in FIG. 5 will be described. First, the user of the software executor 501 operates the software executor 501 to specify the order of software desired to be executed. In response, the order creation unit 4 creates the corresponding order information. Then, the user notifies the order management unit 502 of the order information and the execution unit ID unique to the software execution unit 501 by telephone or the like.

Upon receiving the notification from the software execution unit 501, the order management unit 502 searches the execution unit encryption key storage unit 11 based on the execution unit ID and acquires the encryption key of the corresponding software execution unit. Next, the order hash unit 54
The order information received from the soft executor 501 and the executor encryption key obtained from the executor encryption key storage unit 11 are combined and input to the same hash function as that used in the first embodiment. The execution right generation password generation unit 56 converts the execution right generation module B using the hash value output from the order hash unit 54 as a key, and issues the execution right generation password. The operator of the order management unit 502 sends this execution right generation password to the software execution unit 50 by telephone or the like.
Tell 1 user.

Next, the user of the software execution unit 501 who received the execution right generation password by telephone is
This password is input to the inverse conversion unit 52 of 01. The order hash unit 50 has the same hash function as that used by the order manager 502. Then, the order hash unit 50 combines the order information accumulated in the order creation unit 4 and the execution unit encryption key obtained from the execution unit encryption key storage unit 6, and performs a hash operation on this combined data. . The reverse conversion unit 52 reversely converts the execution right generation password received from the order management unit 502, using the hash value output from the order hash unit 50 as a key. If the order information and the execution unit encryption key are valid, the hash value output from the order hash unit 50 is the order management unit 50.
It is the same as the hash value in 2 (output of the order hash unit 54). Therefore, the output of the inverse conversion unit 52 becomes the execution right generation module B. Next, the execution right generation unit 8 uses the execution right generation module A previously stored in the storage unit 51.
And the obtained module B are used to generate an execution right corresponding to the order information. After the execution right is generated by the execution right generation unit 8, the module B is deleted according to the execution right generation module.

In the fifth embodiment, the execution right generation module A stored in advance on the software executor side is in the inactive state, and cannot operate by this amount of information alone.
Module B for activating this is the order manager 5
In 02, it is converted into a form depending on the order information of the software execution unit and the encryption key, and sent as the execution right generation password. In the above-described first to fourth embodiments, the execution right generation module is completely present in the soft executor. However, in order to start this, it was necessary to have permission called the execution right generation password. On the other hand, in the configuration of the fifth embodiment, the execution right generation module exists in the software executor in a state in which the amount of information is insufficient. Therefore, the fifth embodiment is different from the first to fourth embodiments in that
Higher security against illegal generation of execution rights. After the execution right generation modules A and B generate the execution right of the order, the module B is deleted in order to restore the original state.

In the fifth embodiment, the execution right generation module B is converted depending on the order information and the secret key of the execution unit, so that if the order is different or the execution unit is different, the soft execution unit is executed. Users cannot get the regular module B. However, in the fifth embodiment,
The module B is included as information in the execution right generation password, so only the permission information is included.
It is necessary to slightly increase the number of digits of the execution right generation password as compared with the above embodiment. The data amount of the execution right generation password in the fifth embodiment does not depend on the number of ordered software.

In the fifth embodiment, the software execution unit 5
01 does not check the execution right generation password received from the order manager 502 and uses it as the module B immediately after the reverse conversion. Therefore, if the order information and the executor encryption key do not match the entered execution right generation password, the execution right generation module does not operate properly. By the way, for example, if the module B has a certain structure or meaning, the software execution unit 501
It is also conceivable to check the structure and meaning after using the reverse transformation in before using it. For example, if module B is an instruction code, that code should have a particular structure. Therefore, by checking whether module B has this particular structure, the error can be handled before the execution right generation module is executed.

The random numbers used in the second and fourth embodiments described above may be values that change for each order, and may be generated using a counter or the like. Also,
A time stamp may be used instead of the random number. Since the time stamp can be generated in common in the software execution unit and the order management unit (can be generated by the clock circuit), it is not necessary to send the change value from the software execution unit to the order management unit.

In addition, in the third and fourth embodiments, when the execution right generation password is generated, the execution device encryption key may be made to be dependent in addition to the order information and the order identification information. The software execution unit knows its own execution unit encryption key only for the order management unit other than itself, so only the order management unit can create this execution right generation password. Therefore, the execution right generation password can be considered as signature information of the order management device, and when trouble occurs, this information can be submitted to a third party as evidence. Further, a signature method using public key cryptography may be used instead of such a signature method using secret key cryptography. In this case, the order manager holds secret information, and uses this secret information when generating the execution right generation password. On the other hand, the software execution unit side holds public information corresponding to the secret information of the order management unit, and uses this to confirm the validity of the execution right generation password. Since the validity of the execution right generation password can be confirmed only when the secret information of the order management unit is used, this execution right generation password can be considered as the signature of the order management unit.

In the first to fourth embodiments, the original software SoftA and the corresponding authenticator authA are used.
The software was encrypted by combining and with and encrypting the combined data with the system common key S. Also, this authenticator was encrypted with the execution device encryption key Sx. Although the data is used as the execution right, the present invention is not limited to such a method. For example, an authenticator and an execution unit ID are combined, and the combined data is encrypted with a system common key,
It may be used as an execution right. When the execution right of the executor X is described by an expression, it becomes E (S, authA / | IDx). In this case, the execution right is obtained by decrypting the execution right and the encrypted software with a key common to the system, the certifiers obtained from both are the same, and the execution device ID is obtained from the decryption result of the execution right. , If it matches with the execution unit ID in the execution unit, it is authenticated and the software is executed.
In any case, the present invention can be applied to any encryption method in which the execution right can be generated using the data already held by the execution unit from the encryption software.

In addition, in the above first to fourth embodiments,
The order is made in one telephone call and the execution right generation password for the order is received, but this may be another telephone call. That is, first, an order is placed from the software execution unit to the order management unit, and this order is temporarily saved.
Next, the order manager calls the software execution unit,
Check the order number and notify the execution right generation password. As a result, the user of the soft executor can make a phone call for a shorter time, which is convenient in terms of charges. In addition, the user of the software execution unit can perform other work such as execution of software until the user of the order management unit notifies the execution right generation password. On the other hand, the order manager can also perform user authentication by making a callback.

In the first to fourth embodiments, when the software execution unit checks the execution right generation password to generate the execution right, the order information saved in advance is loaded and used. However, in order to reload the order information and prevent the password from being used again, it is necessary to delete the saved order information after first generating the execution right.

Further, in each of the above-mentioned embodiments, it is conceivable that the history of the exchange between the software execution unit and the order management unit may be left on both sides to serve as a reference material in case of trouble regarding the order. Further, by leaving, for example, what software has been purchased up to now on the software executor side, it is possible to improve the user interface of the order guidance.

Further, in each of the above-mentioned embodiments, as the order information from the software execution unit to the order management unit, software IDs such as software A and software B are used, but this part is coded. Then, it is possible to further reduce the communication information amount by using the correspondence table of the corresponding software name and code. In other words, software A
With software B, the code number is 2, and with software B only, the code number is 10.

Further, in each of the above-mentioned embodiments, the description has been made on the assumption that a person exchanges information between the software execution unit and the order management unit via a telephone. Information may be exchanged via the Internet.

[0124]

According to the invention of claim 1, the software execution unit generates the software execution right only by inputting the regular execution right generation password corresponding to the order. Then, the order management unit sends only the execution right generation password, that is, the information that gives the permission for the software execution unit to generate the software execution right corresponding to the order information, to the software execution unit, which deteriorates the security. It is possible to significantly reduce the amount of information to be sent without causing it. Further, the amount of information of the execution right generation password can be always realized with a small amount of information without depending on the number of pieces of software to be ordered. That is, even if the software executor orders multiple pieces of software at one time, the amount of information is the same as the amount of information when one piece of software is ordered. This reduction in the amount of information is convenient for the user interface, especially when transmitting and receiving a password by telephone. In addition, the order manager is less likely to make a mistake. In addition, the user of the soft executor is less likely to make a mistake in listening and inputting the mistake into the executor. Also, the time spent on the phone can be reduced, which is advantageous in terms of charges.

According to the inventions of claims 2, 5, 8, 10 and 15, since the execution right generation password is generated by using the data compression function, the amount of information can be further reduced. .

According to the third aspect of the present invention, since the execution right generation password digitally signed is sent to the software execution device, it is almost impossible to forge the execution right generation password on the software execution device side. , A highly secure software protection system can be realized.

According to the fourth aspect of the present invention, a change value that changes each time order information is created is introduced, and the execution right generation password from the order management unit is used only by the software execution unit that holds the corresponding change value. Since it is configured to be effective,
Even if you create the same order at different times and enter the previous execution right generation password, the change value generated in the later order is different from the change value generated in the previous order. Does not take effect. Thus, for example, when an execution right with a limited number of executions is generated, it is possible to prevent fraud of repeatedly using the execution right generation password.

According to the invention of claim 6, since the time stamps commonly held by the software executor and the order manager are used to distinguish orders placed at different times, the software executor is used. There is no need to send the order manager information for distinction.

According to the seventh aspect of the present invention, the software execution unit generates the order authentication information depending on the order information and the execution unit secret information, and sends the order authentication information to the order management unit. With, it is possible to authenticate the order information and software execution unit before issuing the execution right generation password. Order information and software execution unit authentication are indispensable functions because they are actually related to billing. In the present invention,
This function is efficiently realized by notifying the order authentication information of a small number of digits from the software execution unit at the same time as placing an order. The order authentication information can also be used as order identification information for identifying an order.

According to the ninth aspect of the invention, both the number-of-times limiting function and the user authentication function can be realized without increasing the amount of information exchanged between the software execution unit and the order management unit.

According to the twelfth aspect of the present invention, since the digitally signed execution right generation password is sent from the order management unit to the software execution unit, the execution right generation password can be forged on the software execution unit side. Almost impossible,
A very safe software protection system can be realized.

According to the thirteenth aspect of the invention, the first execution right generation module for activating the second execution right generation module stored on the software execution unit side is stored in the order management unit, and the first execution right generation module is stored in the order management unit. Since the execution right generation module No. 1 is included in the execution right generation password and sent, even if the software execution unit attempts to illegally generate the execution right,
The right to execute cannot be generated due to lack of information. Therefore, a more secure software protection system can be realized.

According to the seventeenth aspect of the invention, the software executor accumulates and holds the created order information in a non-volatile manner, and deletes the order information after generating the execution right of the corresponding software. For the time being, only the order is sent continuously, and the execution of the software can be controlled based on the execution right generation password returned later.

According to the eighteenth aspect of the present invention, since the software execution unit and the order management unit each hold a history of information exchanged with each other, it is possible to flexibly deal with troubles that occur later. .

According to the nineteenth aspect of the present invention, the software execution unit and the order management unit hold the codes corresponding to all combinations of software as a table, and the software execution unit stores the code obtained from the table as Since the order information is sent to the order management device, the data amount of the order information can be further reduced.

[Brief description of drawings]

FIG. 1 is a block diagram showing a configuration of a software protection system according to a first exemplary embodiment of the present invention.

FIG. 2 is a block diagram showing a configuration of a software protection system according to a second exemplary embodiment of the present invention.

FIG. 3 is a block diagram showing a configuration of a software protection system according to a third exemplary embodiment of the present invention.

FIG. 4 is a block diagram showing a configuration of a software protection system according to a fourth exemplary embodiment of the present invention.

FIG. 5 is a block diagram showing a configuration of a software protection system according to a fifth exemplary embodiment of the present invention.

FIG. 6 is a block diagram showing a configuration of a conventional software protection system.

[Explanation of symbols]

 101-501 ... Software execution unit 102-502 ... Order management unit 3 ... Encrypted software storage unit 4 ... Order creation unit 5 ... Execution unit ID storage unit 6 ... Execution unit encryption key storage unit 7, 21, 31, 43 ... Execution Right generation password checking unit 8 ... Execution right generation unit 9 ... Execution right storage unit 10 ... Software decryption execution unit 11 ... Executor encryption key storage unit 12, 22, 33, 47 ... Execution right generation password generation unit 20 ... Random number generation unit 30 ... Order authentication information generation unit 32 ... Execution device authentication unit 40, 44, 50, 54 ... Order hash unit 42, 45 ... Exclusive OR unit 46 ... Execution device authentication unit 51 ... Execution right generation module A storage unit 52, 55 ... Execution right generation password reverse conversion unit 53 ... Execution right generation module B storage unit 56 ... Execution right generation password generation unit

Claims (19)

[Claims] 1. Order management for managing software orders received from each software execution unit and one or more software execution units executing the provided software and connected to each software execution unit via a communication path. A software protection system including: an execution unit ID storing unit for storing a unique execution unit ID; and a first secret information storage unit for storing a unique execution unit secret information. And an order creating unit that creates and stores the order information of one or more software execution rights, and the execution unit ID and the order information are sent to the order management unit via the communication path. The order management unit stores a second secret information storage unit that stores all the secret information of the execution unit stored in each software execution unit, and an execution unit ID that is received from the software execution unit. Execution right generation password generation means for acquiring execution device secret information from the second secret information storage means and generating an execution right generation password depending on the acquired execution device secret information and the order information received from the software execution device. And the execution right generation password is sent to the software executor via the communication path, and each of the software executors further stores order information stored and held in the order creating means, and the first execution information. An execution right generation password checking unit for checking the validity of the execution right generation password received from the order management unit by using the execution unit secret information stored in the secret information storage unit, and the execution right generation password inspection unit. result of the examination,
When the validity of the execution right generation password is confirmed, based on the order information accumulated and held in the order creation means, an execution right generation unit that generates an execution right of the ordered software; A software protection system including software execution means for executing existing software according to the execution condition indicated by the execution right. 2. The execution right generation password generation means,
The order information received from the software execution unit, and the second
The secret information of the execution unit acquired from the secret information storage means of
The output is input to a data compression function that is related to all of the input bits, and the output result of this data compression function is output as the execution right generation password. The accumulated and held order information and the execution device secret information stored in the first secret information storage means are input to the same data compression function as the data compression function used in the execution right generation password generation means, When the output result matches the execution right generation password received from the order manager,
The software protection system according to claim 1, wherein the execution right generation password is judged to be valid. 3. The order manager further includes third secret information storage means for storing secret information used in a public key signature system, and the execution right generation password generation means stores the third secret information. Execution right digitally signed by a public key signature method using the secret information stored in the means, the secret information of the execution unit acquired from the second secret information storage unit, and the order information received from the software execution unit The generated password is generated, the software execution unit further includes public information storage means for storing public information corresponding to secret information used in the public key signature method, and the execution right generation password checking means is the public information. Public information stored in storage means, order information accumulated and held in the order creation means, and execution device secret information stored in the first secret information storage means. The software protection system according to claim 1, wherein the validity of the execution right generation password received from the order management device is checked by using a signature confirmation method corresponding to the public key signature method. 4. One or more software execution units that execute the provided software, and order management that is connected to each software execution unit via a communication path and that manages software orders received from each software execution unit. A software protection system including: an execution unit ID storing unit for storing a unique execution unit ID; and a first secret information storage unit for storing a unique execution unit secret information. An order creating unit that creates and stores and holds order information of one or more software execution rights; and a change that creates and stores a change value that changes each time the order information is created by the order creating unit. Value execution means, the execution unit ID, the order information, and the change value are sent to the order management unit via the communication path, and the order management unit stores the software execution unit in each software execution unit. Second secret information storage means for storing all the executed secret information of the execution device, and execution device secret information corresponding to the execution device ID received from the software execution device, obtained from the second secret information storage device, An execution right generation password generating means for generating an execution right generation password dependent on the acquired execution device secret information, the order information received from the software execution device, and the change value. The order information stored in the order creating means, the change value stored in the change value generating means, and the first secret. Execution right generation password check for checking the validity of the execution right generation password received from the order management unit using the execution unit secret information stored in the information storage means And stage, the result of inspection by the execution right generated password checking means,
When the validity of the execution right generation password is confirmed, based on the order information accumulated and held in the order creation means, an execution right generation unit that generates an execution right of the ordered software; A software protection system including software execution means for executing existing software according to the execution condition indicated by the execution right. 5. The execution right generation password generation means,
The order information and the change value received from the soft executor, and the executor secret information obtained from the second secret information storage means are input to a data compression function whose output is related to all of the input bits, The output result of this data compression function is output as the execution right generation password, and the execution right generation password checking means stores and holds the order information accumulated and held in the order creating means and the change value generating means. The change value and the secret information of the executor stored in the first secret information storage means are input to the same data compression function as the data compression function used in the execution right generation password generation means, and the output result is The execution right generation password is judged to be valid when it matches with the execution right generation password received from the order management device. Software protection system listed. 6. An order management for managing one or more software executors that execute the provided software, and software orders connected to each software executor via a communication path and for receiving software orders received from each software executor. A software protection system including: an execution unit ID storing unit for storing a unique execution unit ID; and a first secret information storage unit for storing a unique execution unit secret information. An order creating means for creating and accumulating and holding order information of execution rights of one or more software; and a first time creating and accumulating and holding a time stamp every time the order information is created by the order creating means. A time stamp generating unit, the execution unit ID and the order information are sent to the order management unit via the communication path, Second time stamp generation means for generating a time stamp when receiving the line device ID and order information, and second secret information storage means for storing all execution device secret information stored in each software execution device. Acquiring the execution device secret information corresponding to the execution device ID received from the software execution device from the second secret information storage means, the acquired execution device secret information, and the order information received from the software execution device; An execution right generation password generation unit that generates an execution right generation password that depends on the time stamp generated by the second time stamp generation unit, wherein the execution right generation password is the software via the communication path. The order information stored in the order creating means is sent to the execution unit, and each software execution unit further generates the first time stamp. Execution right for checking the validity of the execution right generation password received from the order management device using the time stamps accumulated and held in the column and the execution device secret information stored in the first secret information storage means. Generated password checking means, and the result of the check by the execution right generating password checking means,
When the validity of the execution right generation password is confirmed, based on the order information accumulated and held in the order creation means, an execution right generation unit that generates an execution right of the ordered software; A software protection system including software execution means for executing existing software according to the execution condition indicated by the execution right. 7. An order management for managing one or more software executors executing the provided software and software orders connected to each software executor via a communication path and for receiving software orders from each software executor. A software protection system including: an execution unit ID storing unit for storing a unique execution unit ID; and a first secret information storage unit for storing a unique execution unit secret information. And an order creating unit that creates and stores and holds order information of one or more software execution rights, and order authentication information that creates and stores and holds order authentication information that depends on the order information and the execution unit secret information. Generating means, the execution unit ID, the order information, and the order authentication information are sent to the order management unit via the communication path, Second secret information storage means for storing all the secret information of the execution device stored in the execution device, and secrecy information of the execution device corresponding to the execution device ID received from the software execution device. The software execution unit and order information are authenticated using the acquired execution unit secret information, the order information and the order authentication information received from the software execution unit, and if the authentication result is valid, An executor authentication unit that handles order authentication information as order identification information for identifying an order, and an execution right generation password that depends on the order information and the order identification information only when the authentication result by the executor authentication unit is valid. And an execution right generation password generating means for generating the execution right generation password, the execution right generation password together with the order identification information, and the software realization password via the communication path. Each of the software execution units is sent from the order management unit by using the order information stored and stored in the order creating unit and the order authentication information stored and stored in the order authentication information generating unit. An execution right generation password inspection means for inspecting the validity of the received execution right generation password, and a result of the inspection by the execution right generation password inspection means,
When the validity of the execution right generation password is confirmed, based on the order information accumulated and held in the order creation means, an execution right generation unit that generates an execution right of the ordered software; A software protection system including software execution means for executing existing software according to the execution condition indicated by the execution right. 8. The order authentication information generation means outputs the order information created by the order creation means and the execution device secret information stored in the first secret information storage means, all of which have an input bit as an output. Is input to the data compression function related to the above, and the output result of this data compression function is output as the order authentication information, and the execution device authentication means acquires the execution device secret obtained from the second secret information storage device. The information and the order information received from the software execution unit are input to the same data compression function as the data compression function used in the order authentication information generation means, and the output result of this data compression function is received from the software execution unit. If it matches the order authentication information, it authenticates that the software execution unit that placed the order and the order information are valid, and the execution right generation password generation means is The order information and the order identification information received from the line unit,
The same data compression function as the data compression function used in the order authentication information generation means is input, and the output result of this data compression function is output as the execution right generation password. The order information accumulated and held in the order creating means and the order authentication information accumulated and held in the order authentication information generating means are input to the same data compression function as the data compression function used in the order authentication information generating means. The software protection system according to claim 7, wherein when the output result matches the execution right generation password received from the order manager, the execution right generation password is determined to be valid. 9. One or more software execution units that execute the provided software, and order management that manages software orders received from each software execution unit, connected to each software execution unit via a communication path. A software protection system including: an execution unit ID storing unit for storing a unique execution unit ID; and a first secret information storage unit for storing a unique execution unit secret information. And an order creating unit that creates and stores order information of execution rights of one or more software, and changes every time the order information is created by the order creating unit,
Change value generation means for generating and accumulating and holding a change value having a predetermined data structure or meaning, and a value depending on the order information and the execution device secret information is obtained, and the change value is converted by the obtained value. Accordingly, the order authentication information generating means for generating, storing, and holding the order authentication information is included, and the execution unit ID, the order information, and the order authentication information are sent to the order management unit via the communication path. The order management device includes a second secret information storage unit that stores all the execution device secret information stored in each software execution device, and an execution device secret corresponding to the execution device ID received from the software execution device. Information is obtained from the second secret information storage means, a value depending on the obtained secret information of the execution unit and the order information from the software execution unit is obtained, and the value is used to determine whether the software execution unit is used. Inverse transforming means for inversely transforming the order authentication information, and an executor for certifying that the software executor and the order information are valid when the output of the inverse converting means has the same data structure or meaning as the change value. The execution right generation password includes an authentication means and an execution right generation password generation means for generating an execution right generation password dependent on the order information only when the authentication result in the executor authentication means is valid. Order information stored in the order creation means and stored in the order authentication information generation means, and order authentication information stored in the order authentication information generation means are sent to the software execution apparatuses via the communication path. Using the execution right generation password checking means for checking the validity of the execution right generation password received from the order management device; The results of the inspection by the inspection means,
When the validity of the execution right generation password is confirmed, based on the order information accumulated and held in the order creation means, an execution right generation unit that generates an execution right of the ordered software; A software protection system including software execution means for executing existing software according to the execution condition indicated by the execution right. 10. The order authentication information generation unit outputs the order information created by the order creation unit and the execution unit secret information stored in the first secret information storage unit as an output of each input bit. Input to a data compression function that is related to all, outputs the exclusive OR of the output result and the change value as order authentication information, the inverse conversion means,
The order information from the software executor and the executor secret information obtained from the second secret information storage means are input to the same data compression function as the data compression function used in the order authentication information generation means, By calculating the exclusive OR of the output result and the order authentication information from the software execution unit,
The order authentication information is inversely converted, and the execution right generation password generation means sets the order information and the order identification information received from the software execution device,
The same data compression function as the data compression function used in the order authentication information generation means is input, and the output result of this data compression function is output as the execution right generation password. The order information accumulated and held in the order creating means and the order authentication information accumulated and held in the order authentication information generating means are input to the same data compression function as the data compression function used in the order authentication information generating means. 10. The software protection system according to claim 9, wherein when the output result matches the execution right generation password received from the order management device, the execution right generation password is determined to be valid. 11. The execution right generation password generation means generates an execution right generation password depending on the execution device secret information acquired from the second secret information storage means in addition to the order information received from the software execution device. Then, the execution right generation password checking means uses the order information accumulated and held in the order creating means and the execution device secret information stored in the first secret information storage means to perform the order management device. 10. The software protection system according to claim 7, wherein the execution right generation password received from the server is checked for validity. 12. The order management device further includes third secret information storage means for storing secret information used in a public key signature method, and the execution right generation password generation means stores the third secret information storage. Digitally by a public key signature method using the secret information stored in the means, the execution unit secret information acquired from the second secret information storage unit, and the order information and the order authentication information received from the software execution unit. A signed execution right generation password is generated, and the software execution unit further includes public information storage means for storing public information corresponding to secret information used in the public key signature method, and the execution right generation password checking means. Is the public information stored in the public information storage means, the order information stored and held in the order creating means, and the storage information in the order authentication information generating means. Execution received from the order manager by a signature confirmation method corresponding to the public key signature method using the held order authentication information and the execution unit secret information stored in the first secret information storage means. 10. The software protection system according to claim 7, wherein the right protection password is checked for validity. 13. Executing the provided software 1
A software protection system comprising one or more software executors and an order manager connected to each software executor via a communication path and managing an order for software received from each software executor. The soft executor comprises: an executor ID storage means for storing a unique executor ID; a first secret information storage means for storing unique executor secret information; and order information of one or more software execution rights. Order execution means for creating, storing, and storing the order execution unit, the execution unit ID and the order information are sent to the order management unit via the communication path, and the order management unit generates a first execution right. First module storing means for storing a module, second secret information storing means for storing secret information of all execution units stored in each software execution unit, and an order from the software execution unit Information, and first calculation means for calculating a value depending on the execution unit secret information acquired from the second secret information storage means, and the first calculation means using the calculation result of the first calculation means. And an execution right generation password generating means for generating an execution right generation password by converting the execution right generation module. The execution right generation password is sent to the software execution unit via the communication path, The executor further includes second module storage means for storing a second execution right generation module, order information accumulated and held in the order creating means, and executor stored in the first secret information storage means. Second calculation means for calculating a value depending on the secret information; and a calculation result of the second calculation means for inversely converting the execution right generation password from the order management device to obtain a second value. Stored in the second module storage means, the first execution right generation password reverse conversion means for generating the first execution right generation module, the first execution right generation module generated by the execution right generation password reverse conversion means, A second execution right generating module for generating an execution right of the software based on the order information accumulated and held in the order creating means, and a first execution right generation after the execution right is generated. A software protection system including a module erasing means for erasing a module, and a software executing means for executing software having the execution right according to an execution condition indicated by the execution right. 14. The first execution right generation module stored in the first module storage means has a predetermined data structure and meaning, and the execution right generation means is the execution right generation password reverse conversion means. Only when the inverse conversion result of the first execution right generation module has the same data structure and meaning as the first execution right generation module,
14. The execution right of the software is generated based on the order information accumulated and held in the order creating means by using the execution right generation module and the second execution right generation module. Software protection system. 15. The order management device further includes third secret information storage means for storing secret information used in a public key signature method, and the execution right generation password generation means is equivalent to the first calculation means. The execution right generation password digitally signed by the public key signature method by converting the first execution right generation module by using the calculation result and the secret information stored in the third secret information storage means. And the software execution unit further includes public information storage means for storing public information corresponding to secret information used in the public key signature method, wherein the execution right generation password reverse conversion means includes the second public information storage means. Using the calculation result of the calculation means and the public information, the execution right generation password from the order manager is reversely changed by the signature confirmation method corresponding to the public key signature method. 14. The software protection system according to claim 13, wherein the software protection system is replaced. 16. The software provided to the software execution unit is encrypted by including software unique information, and the execution right generation unit executes the execution right generation password checking unit from the order management unit. When the validity of the right generation password is confirmed, the encrypted software corresponding to the order information stored and held in the order creating means is decrypted to acquire the software unique information, and the acquired software unique information is used by the execution unit. By encrypting with the secret information, the execution right of the ordered software is generated, and the software executing means decrypts the encrypted software corresponding to the order information accumulated and held in the order creating means to convert the software and the software. Unique information is acquired, the execution right is decrypted by using the secret information of the executor, and the soft unique information is obtained. Soft-specific information only when the match, and executes the decoded software, software protection system according to any one of claims 1 to 15 were. 17. The order creating means stores and holds the created order information in a nonvolatile manner, and deletes the order information after the execution right creating means creates an execution right of the corresponding software. A software protection system according to any one of claims 1 to 15. 18. The software protection according to claim 1, wherein the software execution unit and the order management unit hold a history of information exchanged with each other. system. 19. The software execution unit and the order management unit hold codes corresponding to all combinations of software as a table, and the software execution unit stores the codes obtained from the table,
16. The software protection system according to claim 1, wherein the order protection information is sent to the order manager.