JP2000307569A - Electronic data protecting system, device on side of use permitting person and device on side of user - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a medium characteristic number to a medium, to give permission to execute software to the medium characteristic number, to store the number in a normal medium and to make only permitted software executable. SOLUTION: A medium 1 for storing ciphered electronic data 14 and a medium characteristic number 12 characteristic to the medium 1 is provided; a permitting side generates a medium characteristic key based on the number 12 of the medium 1 and ciphers an electronic data decoding key by means of this medium characteristic key to make it permitting information 13; a using side generates a medium characteristic key based on the number 12 read from the medium 1, decodes the information 13 by means of this medium characteristic key to generate the electronic data decoding key, decodes read data 14 by means of the electronic data decoding key to constitute it to be electronic data of a plain text.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an electronic data protection system for preventing unauthorized use of computer software and electronic publications stored in a storage medium, a licensor's device, and a user's device.

[0002] Software is generally easy to copy. In addition, such illegal copying is frequently performed, which hinders the legitimate interests of software vendors, and as a result, creates a vicious cycle in which software prices must be set higher. In recent years, electronic publications have been actively published, and the issue of copyright has become even more important, and it has been demanded to prevent unauthorized copying of these programs and data.

[0003]

2. Description of the Related Art Conventionally, as a protection method for protecting programs, electronic publications, and especially software, there is a method of generating license information 72 using a user-specific user-specific number 91 as shown in FIG. In this conventional method, for example, a device number (a unique device number assigned to a computer) is used as the user unique number 91. The software is
The data is encrypted and stored in the software storage medium 71. Further, a user unique key is generated from the user unique number 91 as the license information 72, and the software decryption key 82 is encrypted with the unique key to generate the license information 72 and stored in the software storage medium 71. By receiving the sales of the encryption software 73 and the license information 72 stored in the software storage medium 71, the user
3 is decrypted into plaintext software and executed. Hereinafter, the conventional configuration and operation of FIG. 14 will be briefly described.

FIG. 14 is an explanatory diagram of the prior art. FIG.
4, the software storage medium 71 is a medium for storing the encrypted software 73 and the license information 72 obtained by encrypting the software decryption key 82, for example, a magneto-optical disk, and is a target for the user to purchase from the sales side. Medium. The license information 72 is information that decrypts the encrypted software 73 and converts it into plaintext software, and is obtained by encrypting the software decryption key 82. The encryption software 73 is obtained by encrypting software. On the sales side of the license information, an individual key generation 81, a soft decryption key 8
2 and an encryption circuit 83. Individual key generation 81
Generates an individual key unique to a user based on a user unique number (for example, a device number) 91 of the user computer.

[0005] The software decryption key 82 is a key for decrypting the encrypted software 73 into the original plaintext software. The encryption circuit 83 is a circuit that generates the license information 72 obtained by encrypting the soft decryption key 82 with the user-specific individual key generated by the individual key generation 81. The user computer on the user side includes a user unique number 91, an individual key generation 92, a decryption circuit 93, a soft decryption key 94, and a decryption circuit 95. The user unique number 91 is a unique number possessed by the user computer, and is, for example, a device number.

[0006] The individual key generator 92 is for generating an individual key unique to the user based on the user unique number 91. The decryption circuit 93 decrypts the license information 72 read from the purchased software storage medium 71, and generates a software decryption key 94. The software decryption key 94 is a key for decrypting the encrypted software 73 and decrypting it into plaintext software. The decryption circuit 95 decrypts the encrypted software 73 read from the software storage medium 71 on the basis of the software decryption key 94 to make the original plaintext software. The plaintext software is loaded into the main memory of the user computer and executed.

Next, the operation will be described. (1) On the licensing side of the licensing information, the individual key generation 81 generates a user-specific individual key based on the user unique number 91 of the user computer. The encryption circuit 83 encrypts the soft decryption key 82 based on the generated individual key,
As No. 2, the data is written in the software storage medium 71 storing the encrypted software 73 obtained by encrypting the software.

(2) The user purchases the software storage medium 71 in which the license information 72 and the encrypted software 73 are written in (1), and mounts the software storage medium 71 on the user computer. A unique user unique number (for example, a device number) that the individual key generation 92 has in the user computer
Based on 91, an individual key unique to the user is generated. The decryption circuit 93 decrypts the license information 72 read from the purchased software storage medium 71 based on the generated individual key unique to the user, and generates a software decryption key 94. Next, the decryption circuit 95 decrypts the encrypted software 73 read from the software storage medium 71 based on the generated software decryption key 94 to generate plaintext software. The generated plain text software is loaded into the main memory and executed.

[0009]

The conventional protection system having the configuration shown in FIG. 14 uses a user unique number 91, and usually uses a unique number of a computer or a unique number of portable hardware. . When the unique number of the computer is used, the permission information 72 gives execution permission to the computer, and can be executed only by this computer. Then, there is a problem that execution becomes impossible.
Neither can the software be transferred.

In addition, when a unique number of portable hardware is used, it is necessary to provide an interface with the hardware itself and a computer. Has occurred.

The present invention has been made to solve these problems.
For the purpose of giving a medium unique number to the medium of digitized data, granting permission to use this medium unique number, and allowing only the digitized data stored on a legitimate medium and licensed to be executable I have.

[0012]

To achieve the above object, an electronic data protection system according to the first aspect of the present invention uses a license for electronic data stored in a storage medium used in a user device. In the computerized data protection system for protecting based on a license from a user side device, the storage medium stores encrypted encrypted computerized data and a medium unique number for uniquely specifying the storage medium, The licensor-side device encrypts the digitized data decryption key based on the digitized data decryption key for decrypting the encrypted digitized data stored in the storage medium and the medium unique number stored in the storage medium. A license information generating unit that generates license information by reading the encrypted electronic data and a medium unique number from the storage medium; Decryption key generation means for decrypting the license information based on the recording medium unique number to generate the digitized data decryption key; and the encryption electronic device based on the digitized data decryption key generated by the decryption key generation means. Electronic data decoding means for decoding the digitized data.

According to the first aspect of the present invention, the encrypted electronic data and the medium unique number for uniquely specifying the storage medium are stored in the storage medium, and the licensor-side apparatus stores the storage medium. Based on the medium unique number stored in the medium, the electronic data decryption key is encrypted to generate license information, and the user device reads the encrypted electronic data and the medium unique number from the storage medium, and converts the read data into the medium unique number. The license information is decrypted based on the generated electronic data decryption key, and the encrypted electronic data is decrypted based on the generated electronic data decryption key. Only the encrypted digitized data that has been given a license from the licensor side device can be used by the user side device.

According to a second aspect of the present invention, in the computerized data protection system according to the first aspect, the license information generating means and the decryption key generating means are based on a medium unique number stored in the storage medium. Media license key generation means for generating a media unique key by decrypting the digitized data decryption key based on the medium unique key generated by the medium unique key generation means. Key decryption means, wherein the decryption key generation means further comprises decryption key decryption means for decrypting the encrypted digitized data based on the medium unique key generated by the medium unique key generation means. Features.

According to the second aspect of the present invention, a medium unique key is generated based on a medium unique number stored in a storage medium,
Encrypts the digitized data decryption key based on the generated medium unique key, generates a medium unique key based on the medium unique number stored in the storage medium, and encrypts the encrypted data based on the generated medium unique key. Has been decided, so
The encryption strength of the digitized data decryption key can be further increased.

Further, the electronic data protection system according to the third aspect of the present invention is the electronic data protection system according to the first or second aspect of the present invention.
The licenser-side device has different digitized data decryption keys respectively corresponding to the plurality of encrypted digitized data stored in the storage medium, and the license information generating means includes a medium unique number stored in the storage medium. Encrypting only the digitized data decryption key corresponding to the encrypted digitized data permitted to be used on the basis of to generate the license information, and the decryption key generation means generates the license information based on the medium unique number. It is characterized in that it decrypts and generates a digitized data decryption key corresponding to the encrypted digitized data permitted to be used.

According to the third aspect of the present invention, the licenser's device is provided with different digitized data decryption keys respectively corresponding to the plurality of encrypted digitized data stored in the storage medium, The license information is generated by encrypting only the digitized data decryption key corresponding to the encrypted digitized data permitted to be used based on the stored medium unique number, and decrypting the license information based on the medium unique number. Since the digitized data decryption key corresponding to the encrypted digitized data permitted to be used is generated, it is possible to store a plurality of digitized data in one storage medium.

According to a fourth aspect of the present invention, there is provided an electronic data protection system according to the first, second or third aspect, wherein the storage medium is in a format which cannot be rewritten by the user device. It is characterized by storing a medium unique number.

According to the fourth aspect of the present invention, the storage medium stores the medium unique number in a format that cannot be rewritten by the user side device. Unauthorized use of copying data to another storage medium can be prevented.

According to a fifth aspect of the present invention, there is provided a licensor-side apparatus for licensing electronic data stored in a storage medium used by the user-side apparatus. Encrypting the digitized data decryption key based on a digitized data decryption key for decrypting the encrypted digitized data stored in the medium and a medium unique number uniquely identifying the storage medium stored in the storage medium; And license information generating means for generating license information.

According to the fifth aspect of the present invention, an electronic data decryption key for decrypting the encrypted electronic data stored in the storage medium is provided, and the storage medium stored in the storage medium is uniquely stored. Since the digitized data decryption key is encrypted based on the specified medium unique number to generate the license information, the license can be given only to the encrypted digitized data stored in the authorized storage medium.

According to a sixth aspect of the present invention, in the licensor side apparatus according to the fifth aspect of the present invention, the license information generating means generates a medium unique key based on a medium unique number stored in the storage medium. And a decryption key encrypting means for encrypting the digitized data decryption key based on the medium unique key generated by the medium unique key generating means.

According to the sixth aspect of the present invention, a medium unique key is generated based on a medium unique number stored in a storage medium,
Since the digitized data decryption key is encrypted based on the generated medium unique key, the encryption strength of the digitized data decryption key can be further increased.

According to a seventh aspect of the present invention, in the licensor-side apparatus according to the fifth or sixth aspect of the present invention, a different digitized data decryption corresponding to each of the plurality of encrypted digitized data stored in the storage medium. A license information generation unit that generates license information by encrypting only the digitized data decryption key corresponding to the encrypted digitized data that is permitted to be used based on the medium unique number stored in the storage medium. It is characterized by doing.

According to the seventh aspect of the present invention, different electronic data decryption keys respectively corresponding to a plurality of encrypted electronic data stored in the storage medium are provided, and the medium unique number stored in the storage medium is provided. Since only the digitized data decryption key corresponding to the encrypted digitized data permitted to be used is encrypted to generate the license information, a plurality of digitized data may be stored in one storage medium. Can also respond.

The licensor-side device according to an eighth aspect of the present invention is the licensor-side device according to the fifth, sixth or seventh aspect, wherein the storage medium is in a format that cannot be rewritten by the user-side device. It is characterized by storing a medium unique number.

According to the eighth aspect of the present invention, the storage medium stores the medium unique number in a format that cannot be rewritten by the user side device. Unauthorized use of copying data to another storage medium can be prevented.

According to a ninth aspect of the present invention, there is provided the user-side device for using the digitized data stored in the storage medium based on a license from the licensor-side device. Reading means for reading a medium unique number uniquely identifying the storage medium from the medium and encrypted encrypted digitized data, and generating the digitized data decryption key by decoding the license information based on the medium unique number And a digitized data decryption unit for decrypting the encrypted digitized data based on the digitized data decryption key generated by the decryption key generation unit.

According to the ninth aspect of the present invention, the medium unique number for uniquely specifying the storage medium and the encrypted encrypted electronic data are read from the storage medium, and the license information is read based on the read medium unique number. To generate an electronic data decryption key, and decrypt the encrypted electronic data based on the generated electronic data decryption key. Only the encrypted electronic data that has been given permission from the device can be used.

In a tenth aspect of the present invention, in the user-side device according to the ninth aspect, the decryption key generation means generates a medium unique key based on a medium unique number stored in the storage medium. It is characterized by comprising a medium unique key generation means, and a decryption key decryption means for decrypting the encrypted digitized data based on the medium unique key generated by the medium unique key generation means.

According to the tenth aspect, the medium unique key is generated based on the medium unique number stored in the storage medium, and the encrypted digitized data is decrypted based on the generated medium unique key. Therefore, the encryption strength of the digitized data decryption key can be further increased.

[0032] Also, in the user-side device according to the invention of claim 11, in the invention of claim 9 or 10, the decryption key generation means transmits the license information based on a medium unique number stored in the storage medium. The decryption is performed by generating an electronic data decryption key corresponding to the encrypted electronic data permitted to be used among the plurality of encrypted electronic data stored in the storage medium.

According to the eleventh aspect of the present invention, the license information is decrypted based on the medium unique number stored in the storage medium, and the use of the plurality of encrypted digitized data stored in the storage medium is permitted. Since the computerized data decryption key corresponding to the encrypted computerized data is generated, it is possible to cope with a case where a plurality of computerized data is stored in one storage medium.

According to a twelfth aspect of the present invention, in the user-side device according to the ninth, tenth or eleventh aspect, the storage medium is provided in a format that cannot be rewritten by the user-side device. It is characterized by storing a medium unique number.

According to the twelfth aspect of the present invention, the storage medium stores the medium unique number in a format that cannot be rewritten by the user side device. Unauthorized use of copying the digitized data to another storage medium can be prevented.

More specifically, FIG. 1 is a diagram showing the principle configuration of the present invention. In FIG. 1, a medium 1 includes encrypted encrypted electronic data 14 and a unique medium unique to the medium. The number 12 and the license information 13 are stored.

The individual key generations 21 and 31 have the medium unique number 1
2 to generate a medium individual key. Encryption 23
Is for encrypting the digitized data decryption key 22 with the medium individual key. The decryption 32 is for decrypting the license information 13 with the medium individual key to generate a digitized data decryption key 33. The decryption 34 is for decrypting the encrypted digitized data 14 with the digitized data decryption key 33 to generate plaintext digitized data.

According to the present invention, as shown in FIG. 1, the encrypted electronic data 14 which has been encrypted together with the unique medium unique number 12 is previously written on the medium 1 and the individual key generation 2
1 generates a medium unique key based on the unique medium unique number 12 of the medium 1, an encryption 23 encrypts the digitized data decryption key 22 with the medium unique key, and a user generates an individual key 3.
1 generates a medium unique key based on the medium unique number 12 read from the medium 1, and decrypts the license information 13 received by the decryption 32 with the medium unique key to obtain the original electronic data decryption key 3.
3, and the decryption unit 34 decrypts the encrypted digitized data 14 read by the digitized data decryption key 33 to obtain plaintext digitized data.

Further, a different electronic data decryption key 22 is associated with each of the encrypted electronic data 14 stored in one medium 1, and the encrypted electronic data 14 that is permitted to be used on the license side.
Only the digitized data decryption key 22 is encrypted with the medium unique key to obtain the license information 13, and only the encrypted digitized data 14 corresponding to the license information 13 received by the use side is decrypted and converted into plain text digitized data. I am trying to do it.

Also, a unique medium unique number 12 unique to the medium
Is written in a form that cannot be rewritten by the user. Also, as the encrypted electronic data 14, software for operating a computer or various data (characters, images, audio data, etc.) is encrypted.

Also, the medium 1 storing the encrypted digitized data 14 is provided with a unique medium unique number 12 in a non-rewritable form, and a license to use the digitized data is given to the medium unique number 12. By giving it, it is possible to use only the encrypted digitized data 14 that is stored in the authorized medium 1 and given the license, and it is possible to transfer the digitized data stored in the medium 1. The medium 1 can be used by loading it into another computer.

[0042]

Next, the configuration and operation of an embodiment of the present invention will be described in detail with reference to FIGS. Here, as an example of the digitized data described with reference to FIG.
The following describes the software used for the computer as an example.

FIG. 2 shows a configuration diagram of an embodiment of the present invention. In FIG. 2, a software storage medium 11 is a medium for storing software licensed by a licensee to a use side, and is a medium such as a magneto-optical disk (a disk having a capacity of several hundred Mbytes to several Gbytes). As shown in the figure, this software storage medium 11 stores a non-rewritable medium unique number 12, license information 13 for giving a license of the software to the user, and encrypted software 15 obtained by encrypting the software.

The medium unique number 12 is a unique medium unique number that cannot be rewritten on the software storage medium 11.
The medium unique number 12 may be written in a non-rewritable area by the user and managed by the OS. Alternatively, the medium unique number 12 may be written in advance in a non-rewritable form even if the OS is used, or may be modified once written. It may not be possible.

The licensing information 13 is information for the licensing side to give the licensing side of the software to the using side. Here, the licensing information 13 is encrypted data for decrypting the encrypted software 15 (FIG. 6,
This will be described in detail with reference to FIG. 7).

The encryption software 15 is obtained by encrypting the software (described in detail with reference to FIGS. 3 to 5). The permitted computer is provided with an individual key generator 21, a software decryption key 24, an encryption 23, and the like.

The individual key generation unit 21 generates a medium individual key based on the medium unique number 12 read from the software storage medium 11 (to be described in detail with reference to FIG. 6). The encryption 23 is for encrypting the soft decryption key 24 with the medium individual key generated by the individual key generation 21. The encrypted data is stored as license information 13 in the software storage medium 11.

The computer on the use side is provided with an individual key generation 31, a decryption 32, a software decryption key 35, a decryption 34 and the like. The individual key generation 31 generates a medium individual key based on the medium unique number 12 read from the software storage medium 11 (described in detail with reference to FIG. 6). This generates a medium individual key which is the same as the individual key generation 21 on the license side.

The decryption 32 decrypts the license information 13 read from the software storage medium 11 using the medium individual key generated by the individual key generation 31,
(To be described in detail with reference to FIG. 8).

The decryption 34 uses a soft decryption key 35 to
It decrypts the encrypted software 15 read from the software storage medium 11 to generate plaintext software (detailed with reference to FIG. 8). The generated plaintext software is executed.

Hereinafter, the configuration and operation of FIG. 2 will be sequentially described in detail. FIG. 3 shows a flowchart when storing software according to the present invention. This is a flowchart when the encrypted software 15 created and encrypted, and the encrypted license information 13 are stored in the software storage medium 11.

In FIG. 3, S1 creates software. In this, a maker creates software (various business programs) to be stored in a software storage medium.
In step S2, a software encryption key is created.

Step S3 stores the information in the encryption key management table in association with the software. This is because the software name of the software created in S1 and the encryption key created in S2 are stored in the software encryption key management table 4 shown in FIG.
As shown in FIG.

In step S4, a software encryption key corresponding to the designated software is extracted. That is, the software encryption key corresponding to the software name stored in the software storage medium is extracted from the software encryption key management table 4 in FIG.

In step S5, the plaintext software is encrypted with the software encryption key extracted in step S4 to generate encrypted software. In this method, for example, as shown in FIG. 4, the software name portion of the created software name and software body is encrypted with an encryption key, and the software name and the encrypted software body are created as shown in the figure. The encryption at this time uses DES or the like, and repeats the substitution and the bit transposition to encrypt the data, as described in the lower part.

In step S6, the encryption software is stored in the storage medium on the manufacturer side. As a result, the encrypted software once encrypted is stored, and from the next time on, the stored encrypted software is taken out and the encryption is omitted.

S7 reads the encryption software,
It is stored in the software storage medium 11. In S8, it is determined whether or not the encryption software stored in the software storage medium 11 has been completed. If YES, the process ends. NO
In the case of, S7 is repeated, and the encrypted software having the designated software name is stored in the software storage medium 1.
1 sequentially.

As described above, software is created, and the software is converted into encrypted software, which is stored in the software storage medium 11. FIG. 4 shows an example of software encryption according to the present invention.

FIG. 4A shows the state of software encryption. Here, the header stores the name of software that plays a role as an identifier. This header is not subject to encryption. The software body is to be encrypted, and is encrypted with an encryption key to create an encrypted software body. The encryption at this time uses, for example, DES (Data Encryption Standard) as shown in the figure. This DES performs encryption by repeating substitution and bit transposition.

FIG. 4B shows the state of encryption. According to the DES, the encryption is performed by using an encryption key on a 64-bit bit string as shown in the figure to generate the same 64-bit bit string. In the decryption, the original 64-bit bit string is decrypted using the decryption key.

FIG. 5 shows a storage example of the encryption software of the present invention. In FIG. 5, the software encryption key management table 4 is a table for integrally managing the created software name and the created encryption key in association with each other, as described above with reference to FIG. The software encryption key management table 4 includes software names with “ENC” indicating that the software is encrypted, and 64
Bit encryption keys are stored in pairs.

Hereinafter, the operation will be described. (1) For plaintext software to be stored in the software storage medium, the software encryption key is extracted from the software encryption key management table 4.

(2) The encryption circuit 41 encrypts the plaintext software using the passed software encryption key.
The encryption is performed using, for example, the DES in FIG.

(3) The encrypted encryption software is stored in the software storage medium 11 as shown in FIG.
Stored as This process is repeated until all the specified plaintext software is completed. At this time, if the encrypted software is once stored, the stored encrypted software may be taken out and stored in the software storage medium 11 from the next time. The medium unique number 12 is a unique number unique to the software storage medium 11 as described above, and is written in a non-rewritable form. Further, when the encryption key stored in the software encryption key management table 4 uses the target key number for the encryption algorithm, the decryption key matches the encryption key.

As described above, for the plaintext software, the corresponding software encryption key is extracted from the software encryption key management table 4, and is encrypted using the software encryption key to create encrypted software and stored in the software storage medium 11.

FIG. 6 shows a flow chart for generating license information according to the present invention. This is a flowchart in which encrypted license information 13 of software to be licensed is generated and stored in the software storage medium 11.

In FIG. 6, S11 inputs the name of software to be licensed. In S12, a soft decryption key is extracted from the decryption key management table 5. This is shown in FIG.
The decryption key of the software name to be given a license is extracted from the software decryption key management table 5 of FIG.

In step S13, a medium unique number is extracted. This reads the medium unique number of the software storage medium 11 for which the license information is to be written. S14 is
Generate a medium individual key. This is, as described on the right side, for the plaintext medium unique number 12 read from the software storage medium 11, a medium individual key encrypted with a secret key, or a plaintext medium unique number 1.
For example, a medium individual key encrypted by a secret algorithm is generated.

In step S15, the software decryption key is encrypted with the medium individual key to generate license information. This is, as described on the right side, for the plaintext soft decryption key in S14.
The license information is generated by encrypting with the medium individual key generated in step (1).

In step S16, the license information encrypted in step S15 is stored in the software storage medium 11.

As described above, from the software storage medium 11 in which the encryption software 15 is stored, the medium unique number 1
2 to generate a medium individual key, encrypt the software decryption key with this medium individual key, and encrypt the encrypted license information 1
3 is generated and stored in the software storage medium 11. As a result, the encrypted software 15 and the encrypted license information 13 are stored in the software storage medium 11.

FIG. 7 is a diagram for explaining generation of license information according to the present invention. In FIG. 7, a software decryption key management table 5 manages a software decryption key necessary for decrypting the encrypted software 15 and decrypting it into plaintext software in association with the software name. The software decryption key management table 5 stores the same decryption key as the software encryption key management table 4 described with reference to FIG. Here, "ENC" indicating that the data is encrypted
And a software decryption key of 64 bits corresponding to each software is stored in a pair. The operation will be described.

(1) When selling license information to the user,
First, from the software storage medium 11 to the medium unique number 12
Read out. The read medium unique number 12 is input to the individual key generation circuit 211 to generate a medium individual key (FIG. 6).
S14).

(2) Next, the software decryption key of the software to be sold is taken out from the software decryption key management table 5, input to the encryption circuit 231 and encrypted with the medium individual key to generate the illustrated license information 13. . The license information 13 is a pair of the software name to which an identifier called ENC indicating that the license is encrypted and the encrypted license information are stored in the software storage medium 11 as the license information 13. Here, the software decryption key and the algorithm (or secret key) of the individual key generation circuit 211 are protected by secure means.

As described above, the licensing side generates a medium individual key based on the medium unique number 12 read from the software storage medium 11, and encrypts the software decryption key based on the medium individual key to store the software. The license information 13 is stored on the medium 11.

FIG. 8 shows a flowchart of software decoding according to the present invention. This is a flowchart when the software storage medium 11 purchased by the user is mounted on a computer, and the software is loaded into the main storage and executed.

In FIG. 8, S21 receives a software execution instruction. In step S22, the medium unique number 12 is extracted from the software storage medium 11.

In step S23, a medium individual key is generated. This generates a medium individual key encrypted with a secret key for the medium unique number 12 extracted from the software storage medium 11 in S22, as described on the right side. Alternatively, an encrypted medium individual key is generated from the medium unique number 12 by a secret algorithm.

In step S24, the license information 13 read from the software storage medium 11 is decrypted with the medium individual key generated in step S23, and a software decryption key is generated. This is the medium individual key encrypted in S23 as described on the right side.
The license information 13 which is a ciphertext is decrypted to generate a plaintext soft decryption key 35.

In step S25, the encrypted software 15 is read from the software storage medium 11. S26 is
The encryption software 15 read in S25 is decrypted with the software decryption key to generate plaintext software. As described above, the ciphertext encryption software 15 is decrypted with the software decryption key 35 generated in S24 to generate plaintext software, as described on the right side. In step S27, the software is executed.

As described above, a medium individual key is generated from the medium unique number 12 extracted from the software storage medium 11 in accordance with the software execution instruction, and the license information extracted from the software storage medium 11 based on the medium individual key. 13 is restored to generate a software decryption key 35, and the encrypted software 15 extracted from the software storage medium 11 is decrypted with the software decryption key 35 to generate plaintext software. This plaintext software can be loaded into the main memory and executed.

FIG. 9 is an explanatory diagram in the case of the program of the present invention. This is an explanatory diagram in the case of a program as digitized data. FIG. 9A shows an overall configuration diagram.

In FIG. 9A, the magneto-optical disk 6
Stores an encryption program and the like, and corresponds to the software storage medium 11 in FIG.
The medium stores the medium unique number 12, the license information 13, and the encryption program 16. This magneto-optical disk 6
Is purchased from the licensee and mounted on the magneto-optical disk drive. In addition to the magneto-optical disk 6, an optical disk, a CD-
A storage medium such as a ROM, an FD, an HD, a magnetic tape, and a cassette tape may be used.

The program loader 61 loads the corresponding decrypted program from the magneto-optical disk 6 to the main memory 63 when the program command is executed, and makes it executable. The processing unit includes (individual key generation 31), decryption (decryption 32, 34), and the like.

The main memory 63 is a RAM (readable / writable memory) for expanding the plaintext program which the program loader 61 has taken out from the magneto-optical disk 6 and decrypted.

Next, the operation of the configuration of FIG. 9A will be described according to the order shown in the flowchart of FIG. 9B. In FIG. 9B, S31 receives execution of a program instruction.

In S32, the program loader 61 finds, extracts, and decrypts the execution program. In step S33, the memory is developed on the main memory. This means that the plaintext program decrypted in S32 is developed on the main memory 63, and is made operable.

At step S34, the program is executed. At S33, the plaintext program developed on the main memory 63 is executed. FIG. 9C is an explanatory diagram of execution of software (program) on the user computer.

(1) The user computer extracts the medium unique number 12 from the software storage medium 11 and inputs it to the individual key generation circuit 311 to generate an encrypted medium individual key (see S23 in FIG. 8).

(2) The decryption circuit 321 decrypts the license information 13 as shown in the drawing taken out of the software storage medium 11 using the medium individual key generated in (1), and the software decryption key 351 (software) as shown in the figure. Decryption key 3
5 (corresponding to 5).

(3) The decryption circuit 341 decrypts the encrypted software 15 extracted from the software storage medium 11 using the software decryption key 351 generated in (2) to generate plaintext software (program). This plaintext software (program) is stored in the main memory 6
3 and execute.

Here, the encrypted software 15 in which the license information 13 is not stored cannot be decrypted and cannot be executed. If the software storage medium 11 is illegally copied from another medium, the correct software decryption key 351 cannot be decrypted from the license information 13 because the medium unique number 12 does not exist or is different. It cannot be decrypted by plaintext software and cannot be executed. On the user computer, the algorithm or secret key of the individual key generation circuit 311, the generated software decryption key, and the decrypted plaintext software are protected by secure means.

FIG. 10 is an explanatory diagram for data of the present invention. This is an explanatory diagram in the case where data is digitized data, for example, character data (text) such as a publication, symbols, image data, and voice data.

FIG. 10A shows an overall configuration diagram. 10A, the magneto-optical disk 6 stores encrypted data and the like, and corresponds to the software storage medium 11 in FIG.
2, a medium for storing license information 13 and encrypted data 17. This magneto-optical disk 6 is purchased from the licensee and mounted on a magneto-optical disk device. In addition to the magneto-optical disk 6, an optical disk, CD-ROM, FD, HD,
A storage medium such as a magnetic tape or a cassette tape may be used.

The R / W module 64 stores the corresponding decrypted data from the magneto-optical disk 6 in the main memory 63 when the read command is executed. In this case, the R / W module 64 generates the key described above (the individual key generation 31). ), Decoding (decoding 32, 34)
It is a processing unit provided with such as.

The main memory 63 is a RAM (readable / writable memory) for storing plaintext data which is read out from the magneto-optical disk 6 by the R / W module 64 and decoded. Next, the operation of the configuration of FIG. 10A will be described in accordance with the order shown in the flowchart of FIG.

In FIG. 10B, S41 executes an application. S42 executes a data read command. In step S43, the R / W module 64 finds the data, reads and decodes the data. In step S44, the data is stored in the main memory. In step S45, data is displayed and reproduced.

As described above, when a data read command is issued in S42, the R / W module 64 takes out the encrypted data 17 from the magneto-optical disk 6 and decrypts it to generate plaintext data. It is stored in the storage 63.
Then, it is taken out from the main memory 63 and displayed on the display as a character string of a publication, an image is displayed, or generated as a sound. Next, the R / W module 6
4 will be described in detail.

FIG. 10C is a diagram for explaining display / reproduction of data on the user computer. (1) The user computer extracts the medium unique number 12 from the data storage medium 111, inputs the medium unique number 12 to the individual key generation circuit 311 and encrypts it to generate a medium individual key (see S23 in FIG. 8).

(2) The decryption circuit 321 decrypts the license information 13 extracted from the data storage medium 111 as shown in the figure using the medium individual key generated in (1), and generates a data decryption key 352 (software) as shown in the figure. (Corresponding to the decryption key 35).

(3) For the encrypted data 17 extracted from the data storage medium 111 by the decryption circuit 341,
The data is decrypted with the data decryption key 352 generated in (2) to generate plaintext data (character data, image data, audio data, etc.). The plaintext data is stored in the main memory 63, and is displayed on the display as a character string, an image, or a symbol of the publication, or is generated as a sound.

FIG. 11 shows a case where the present invention is applied to a ROM / RAM mixed type magneto-optical disk. The ROM / RAM mixed type magneto-optical disk has a user non-rewritable area, a read / write area, a read-only area / read-write area as shown in the figure. Therefore, the medium unique number 12, the license information 13, and the encryption software 15 are stored in these areas as shown in the figure. Thus, since the medium unique number 12 is written in the area where the user cannot rewrite, the unique medium unique number of the magneto-optical disk is given, so that the present invention can be protected.

FIG. 12 shows an example in which the license information of the present invention is stored in another storage medium. In this case, as shown in the figure, only a unique medium unique number unique to the software storage medium and only the encrypted software are stored in advance. Then, the license information is stored in another license information storage medium. In this method, a medium unique number and encryption software (encrypted data) are previously written on a medium having no write area such as a CD-ROM, and permission information for granting permission from the CD-ROM or the like is separately written. This is an embodiment in the case of writing on a possible license information storage medium (for example, FLOPY (registered trademark)).

FIG. 13 is an explanatory diagram in the case of storing a plurality of software of the present invention on one medium. This is an embodiment in which a plurality of software (or data) are stored in one large-capacity medium (eg, a magneto-optical disk, a CD-ROM) and sold individually. In this case, for each of the software decryption keys 1, 2,... N, license information 1, 2,. When the user notifies the license information seller of the name of the software desired to be purchased among the encryption software 1, 2,... N stored in the software storage medium 11, the license information seller responds to the software. The software decryption key is encrypted with the medium individual key generated from the medium unique number, and this is stored in the software storage medium 11 as license information. The user mounts the software storage medium 11, decrypts the purchased encrypted software, converts it into plaintext software, and uses it. On the other hand, the user cannot decrypt and cannot use the encrypted software even if he tries to use the software without the license information. Further, even if the license information of another software storage medium 11 is copied, correct decryption cannot be performed because the medium unique number of the software storage medium 11 cannot be copied. This makes it possible to sell software individually.

[0105]

As described above, according to the first aspect of the present invention, the encrypted electronic data and the medium unique number for uniquely specifying the storage medium are stored in the storage medium. The licensor-side device encrypts the digitized data decryption key based on the medium unique number stored in the storage medium to generate license information, and the user-side device encrypts the encrypted digitized data and the medium-specific information from the storage medium. The number is read, the license information is decrypted based on the medium unique number, the digitized data decryption key is generated, and the encrypted digitized data is decrypted based on the generated digitized data decryption key. An effect is obtained that an electronic data protection system can be obtained in which only the encrypted electronic data stored in the storage medium and licensed by the licensor device can be used in the user device. Achieve the.

According to the second aspect of the present invention, a medium unique key is generated based on a medium unique number stored in a storage medium, and an electronic data decryption key is encrypted based on the generated medium unique key. At the same time, a medium unique key is generated based on the medium unique number stored in the storage medium, and the encrypted electronic data is decrypted based on the generated medium unique key. This has the effect of providing an electronic data protection system that can be made even higher.

According to the third aspect of the present invention, the licenser's device is provided with different electronic data decryption keys respectively corresponding to a plurality of encrypted electronic data stored in the storage medium. Only the digitized data decryption key corresponding to the encrypted digitized data permitted to be used is encrypted based on the medium unique number stored in the medium to generate license information, and the license information is decrypted based on the medium unique number. Is configured to generate the digitized data decryption key corresponding to the encrypted digitized data that is permitted to be used, so that it is possible to cope with a case where a plurality of digitized data is stored in one storage medium. There is an effect that an electronic data protection system can be obtained.

According to the fourth aspect of the present invention, since the storage medium is configured to store the medium unique number in a format that cannot be rewritten by the user device, the encryption stored in the storage medium is performed. There is an effect that an electronic data protection system capable of preventing unauthorized use of copying electronic data to another storage medium can be obtained.

Further, according to the invention of claim 5, an electronic data decryption key for decrypting the encrypted electronic data stored in the storage medium is provided, and the storage medium stored in the storage medium is provided. Since the license information is generated by encrypting the digitized data decryption key based on the uniquely specified media unique number, it is possible to grant the license only to the encrypted digitized data stored in the authorized storage medium. Thus, an advantageous effect is obtained in that an effective licenser-side device can be obtained.

According to the invention of claim 6, a medium unique key is generated based on the medium unique number stored in the storage medium, and the digitized data decryption key is encrypted based on the generated medium unique key. With such a configuration, it is possible to obtain a licenser-side device that can further increase the encryption strength of the digitized data decryption key.

According to the seventh aspect of the present invention, different electronic data decryption keys respectively corresponding to a plurality of encrypted electronic data stored in the storage medium are provided, and the medium unique number stored in the storage medium is provided. Since only the digitized data decryption key corresponding to the encrypted digitized data permitted to be used based on is configured to generate the license information,
An advantage is obtained in that a licenser-side device that can cope with the case where a plurality of digitized data is stored in one storage medium is obtained.

According to the eighth aspect of the present invention, the storage medium is configured to store the medium unique number in a format that cannot be rewritten by the user side device. There is an effect that a licensor-side device capable of preventing unauthorized use of copying digitized data to another storage medium can be obtained.

According to the ninth aspect of the present invention, a medium unique number for uniquely specifying the storage medium and the encrypted electronic data are read from the storage medium, and based on the read medium unique number. The license information is decrypted to generate a digitized data decryption key, and the encrypted digitized data is decrypted based on the generated digitized data decryption key. This has the effect of providing a user-side device that can use only the encrypted digitized data to which permission has been given from the user-side device.

According to the tenth aspect of the present invention,
Since the medium unique key is generated based on the medium unique number stored in the storage medium and the encrypted electronic data is decrypted based on the generated medium unique key, the encryption strength of the electronic data decryption key is further increased. There is an effect that a user-side device that can be made higher can be obtained.

According to the eleventh aspect of the present invention,
The license information is decrypted based on the medium unique number stored in the storage medium, and digitization corresponding to the encrypted digitized data permitted to be used among the plurality of encrypted digitized data stored in the storage medium is performed. Since the configuration is such that the data decryption key is generated, it is possible to obtain a user-side device that can cope with a case where a plurality of digitized data is stored in one storage medium.

According to the twelfth aspect of the present invention,
Since the storage medium is configured to store the medium unique number in a format that cannot be rewritten by the user device,
This has the effect of providing a user-side device capable of preventing unauthorized use of copying the encrypted digitized data stored in the storage medium to another storage medium.

[Brief description of the drawings]

FIG. 1 is a principle configuration diagram according to the present invention.

FIG. 2 is a configuration diagram of an embodiment according to the present invention.

FIG. 3 is a flowchart when storing software according to the present invention.

FIG. 4 is an example of software encryption according to the present invention.

FIG. 5 is an example of storage of encrypted software according to the present invention.

FIG. 6 is a flowchart of generating permission information according to the present invention.

FIG. 7 is an explanatory diagram of generation of license information according to the present invention.

FIG. 8 is a flowchart of software decoding according to the present invention.

FIG. 9 is an explanatory diagram in the case of a program according to the present invention.

FIG. 10 is an explanatory diagram in the case of data according to the present invention.

FIG. 11 shows a case where the present invention is applied to a ROM / RAM mixed type magneto-optical disk.

FIG. 12 is an example of a case where license information according to the present invention is stored in another storage medium.

FIG. 13 is an explanatory diagram in the case where a plurality of software according to the present invention is stored on one medium.

FIG. 14 is an explanatory diagram of a conventional technique.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 Medium 11 Software storage medium 111 Data storage medium 12 Medium unique number 13 License information 14 Encrypted electronic data 15 Encrypted software 16 Encrypted program 17 Encrypted data 21 Individual key generation 211 Individual key generation circuit 22 Electronic data decryption key 23 encryption 231 encryption circuit 24 software decryption key 31 individual key generation 311 individual key generation circuit 32 decryption 321 decryption circuit 33 digitized data decryption key 34 decryption 341 decryption circuit 35 software decryption key 351 software decryption key 352 data decryption key 41 encryption Circuit 6 magneto-optical disk 61 program loader 63 main memory 64 R / W module

Continued on the front page (72) Inventor Makoto Yoshioka 4-1-1, Kamidadanaka, Nakahara-ku, Kawasaki-shi, Kanagawa Prefecture Fujitsu Limited

Claims (12)

[Claims] 1. An electronic data protection system for protecting electronic data stored in a storage medium used by a user side device based on a license from a licenser side device, wherein the storage medium is an encryption device. Storing the encrypted encrypted digitized data and a medium unique number that uniquely specifies the storage medium, wherein the licensor-side device stores the digitized data for decrypting the encrypted digitized data stored in the storage medium. A decryption key, and license information generating means for generating the license information by encrypting the digitized data decryption key based on the medium unique number stored in the storage medium. Reading means for reading the encrypted digitized data and the medium unique number from the medium; and a decryption key generator for decrypting the license information based on the medium unique number and generating the digitized data decryption key. Computerized data protection system, comprising: a computerized data decryption unit that decrypts the encrypted computerized data based on the computerized data decryption key generated by the decryption key generation unit. . 2. The license information generating means, wherein the license information generating means and the decryption key generating means each include a medium unique key generating means for generating a medium unique key based on a medium unique number stored in the storage medium. Further comprises decryption key encrypting means for encrypting the digitized data decryption key based on the medium unique key generated by the medium unique key generating means, wherein the decryption key generating means comprises: 2. The computerized data protection system according to claim 1, further comprising a decryption key decrypting means for decrypting the encrypted computerized data based on the medium unique key generated by the method. 3. The licensor-side apparatus includes different digitized data decryption keys respectively corresponding to a plurality of encrypted digitized data stored in the storage medium, and the license information generating means stores the license information in the storage medium. Based on the stored medium unique number, only the digitized data decryption key corresponding to the encrypted digitized data permitted to be used is encrypted to generate license information, and the decryption key generation means is configured to generate the license information based on the medium unique number. The digitized data protection system according to claim 1, wherein the license information is decrypted to generate a digitized data decryption key corresponding to the encrypted digitized data permitted to be used. 4. The electronic data protection according to claim 1, wherein the storage medium stores the medium unique number in a format that cannot be rewritten by the user-side device. system. 5. A licensor-side device for licensing digitized data stored in a storage medium used by a user-side device, wherein the licenser-side device decrypts the encrypted digitized data stored in the storage medium. Electronic data decryption key, and license information generating means for generating license information by encrypting the electronic data decryption key based on a medium unique number uniquely identifying the storage medium stored in the storage medium. A licensor's device. 6. A medium unique key generating means for generating a medium unique key based on a medium unique number stored in the storage medium, and a medium unique key generated by the medium unique key generating means. 6. The licensor-side apparatus according to claim 5, further comprising: decryption key encrypting means for encrypting the digitized data decryption key based on the key. 7. The license information generating means includes different electronic data decryption keys respectively corresponding to a plurality of encrypted electronic data stored in the storage medium, wherein the license information generating means is configured to execute the processing based on a medium unique number stored in the storage medium. 7. The licensor-side apparatus according to claim 5, wherein only the digitized data decryption key corresponding to the encrypted digitized data permitted to be used is encrypted to generate the license information. 8. The licenser according to claim 5, wherein the storage medium stores the medium unique number in a format that cannot be rewritten by the user device. apparatus. 9. A user-side device that uses digitized data stored in a storage medium based on a license from the licensor-side device, wherein a medium unique number that uniquely specifies the storage medium from the storage medium. Reading means for reading encrypted and encrypted electronic data; decryption key generation means for decrypting the license information based on the medium unique number to generate an electronic data decryption key; and A user-side device comprising: digitized data decryption means for decrypting the encrypted digitized data based on the generated digitized data decryption key. 10. A medium unique key generating means for generating a medium unique key based on a medium unique number stored in the storage medium, and a medium unique key generated by the medium unique key generating means. 10. The user-side device according to claim 9, further comprising: a decryption key decrypting unit configured to decrypt the encrypted electronic data based on the decryption key. 11. The decryption key generation means decrypts the license information based on a medium unique number stored in the storage medium and uses the license information among a plurality of encrypted digitized data stored in the storage medium. 11. The user-side device according to claim 9, wherein an electronic data decryption key corresponding to the encrypted electronic data permitted to be generated is generated. 12. The user side according to claim 9, 10 or 11, wherein the storage medium stores the medium unique number in a format that cannot be rewritten by the user side device. apparatus.