JP2017004293A - Security control device, electronic apparatus, security control method, and security control program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a security control device that can prevent unauthorized access to classified information that is managed for each of time lapse information, such as a life cycle.SOLUTION: There is provided a security module 7 comprising a security processing part 4 that performs processing of encryption and decryption of data, the security module including an OTP memory 6 that stores classified information, and an OTP access controller 5 that controls access to the TOP memory 6 from the security processing part 4 or the outside on the basis of access authority to the OTP memory 6 set for each piece of life cycle information.SELECTED DRAWING: Figure 3

Description

  The present invention relates to a security control device, an electronic device, a security control method, and a security control program.

  In recent years, an embedded device that can download various applications from the Internet or the like and execute the applications is known. This type of device may contain information such as electronic money, electronic tickets, and digital content that must be kept confidential, and must be protected against attacks from inside and outside.

  To deal with such a problem, for example, in Patent Document 1, a module that performs encryption / decryption processing of data exchanged between the MPU and the nonvolatile memory is arranged between the MPU and the nonvolatile memory. A configuration is disclosed.

  However, the information processing apparatus described in Patent Document 1 has not been managed by the passage of time such as the life cycle of the apparatus or the industrial equipment having the apparatus. The life cycle generally refers to a series of cycles from production of equipment such as production, distribution, sales, service, collection, or disposal to disposal or recycling.

  In the case of Patent Document 1, a malicious user illegally divides confidential information by monitoring data transmitted through the MPU bus, local bus, etc. by means such as using the debugging function of the embedded device. There was a problem that it was possible to obtain.

  In the case of Patent Document 1, since confidential information is not managed based on the life cycle, even confidential information used only in a specific stage of the life cycle can be accessed at any time. It was.

  The present invention aims to solve such problems. That is, an object of the present invention is to provide a security control device capable of preventing unauthorized access to confidential information managed based on time-lapse information such as a life cycle.

  In order to solve the problems described above, the present invention provides security information in which the confidential information is stored in a security control device having an encryption processing unit that performs encryption and decryption of data based on confidential information. Access to a storage unit, a time lapse information holding unit that holds the time lapse information, and the security information storage unit set for each access request source in a unit of time lapse of time lapse information that is changed as time elapses And an access control unit that controls access from the access request source to the security information storage unit based on the right.

  According to the present invention, since access control to the security information storage unit can be performed based on the access right set for each time lapse unit of the time lapse information, the confidential information managed based on the time lapse information Can be prevented from unauthorized access.

It is a figure which shows an example of a life cycle. It is a figure which shows the example of the control module mounted in a vehicle. It is a block block diagram of the control module which has a security module concerning the 1st Embodiment of this invention. FIG. 4 is an explanatory diagram showing an example of a storage area in the OTP memory shown in FIG. 3. FIG. 4 is a control flowchart of the encryption operation of the control module shown in FIG. 3. It is an example of the table of the access right set to the OTP access controller shown by FIG. FIG. 4 is a control flowchart of confidential information writing operation of the control module shown in FIG. 3. It is a control flowchart of the operation | movement which confirms whether the writing to the OTP memory of the security module concerning the 2nd Embodiment of this invention is performed correctly. It is an example of the life cycle stage change monitoring table of the OTP access controller of the security module concerning the 3rd Embodiment of this invention. It is a block diagram of the security module by which the security control program concerning the 4th Embodiment of this invention is performed.

(First embodiment)
A security control apparatus according to an embodiment of the present invention will be described with reference to FIGS. First, life cycle information as time lapse information will be described. FIG. 1 shows an example of a life cycle of an embedded device as an electronic device.

  The life cycle state (stage) of an electronic device such as an embedded device is not only a process in which a user uses the embedded device, but also a production stage 101 for manufacturing the embedded device in a factory, and a transportation means such as a truck for sale. There is a logistics stage 102 that transports the vehicle. In the life cycle state of the embedded device, a service for providing a service such as a sales stage 103 for selling the embedded device at a store, and a repair when the embedded device breaks down while being used by the user. There is a stage 104. Further, in the life cycle state of the embedded device, there is a collection / recycling stage 105 for collecting and recycling the embedded device from the viewpoint of environmental protection. Depending on the embedded device, there is a disposal stage 106 that discards the embedded device in conjunction with or instead of the recovery and recycling process. Each stage is a time lapse unit of time lapse information.

  The life cycle shown in FIG. 1 may vary depending on the destination such as the country or region, but in this embodiment, operating an embedded device through each of these stages is generically referred to as a life cycle. In this embodiment, for example, in order to ensure collection and recycling from the viewpoint of environmental protection, and to prevent unauthorized use after disposal, the life cycle is operated on a regular route (through a regular stage). Control.

  Next, FIG. 2 shows a device (control module) mounted on the vehicle as an example of the embedded device. In the case of FIG. 2, a drive control module 200, an engine control module 300, a navigation module 400, and an in-vehicle camera module 500 are shown. These control modules are connected by a bus 50 to form a network. Examples of the standard used for the bus 50 include CAN (Controller Area Network), LIN (Local Interconnect Network), Ethernet (registered trademark), FlexRay (registered trademark), and the like.

  In the present embodiment, a control module mounted on a vehicle as an electronic device will be described as an example. Needless to say, the control module is not limited to a control module mounted on a vehicle. For example, it may be a control module for industrial equipment, a module, a substrate, a semiconductor integrated circuit, etc. included in home appliances or information communication equipment. Of course, it is not limited to an embedded device, and any electronic device that handles confidential information may be used.

  FIG. 3 shows a configuration example of the control module. In the following description, the control module is described with reference numeral 10. As shown in FIG. 1, the control module 10 includes a CPU (Central Processing Unit) 1, a ROM (Read Only Memory) 2, a RAM (Random Access Memory) 3, a security module 7, and a bus 8. Have. The control module 10 is connected to the bus 8 with other functional modules such as a GPS module for the navigation module 400 and a camera module for the in-vehicle camera module 500.

  The CPU 1 governs overall control of the control module 10 and operates based on a program stored in the ROM 2. The CPU 1 also makes a request for causing the security module 7 to encrypt predetermined data stored in the RAM 3. Further, the CPU 1 updates (changes) the life cycle information held in the security module 7.

  The ROM 2 stores programs, data, and the like that operate on the CPU 1. The RAM 3 temporarily stores data processed by the CPU 1. The RAM 3 also temporarily stores data that is encrypted by the security module 7.

  As shown in FIG. 3, the security module 7 as the security control apparatus according to the first embodiment of the present invention includes a security processing unit 4, an OTP access controller 5, an OTP (One Time Programmable) memory 6, have.

  The security processing unit 4 as an encryption processing unit encrypts and decrypts data stored in the RAM 3 based on a request from the CPU 1 based on secret key information as confidential information stored in the OTP memory 6. I do. The encryption algorithm is not particularly limited as long as a known algorithm such as DES (Data Encryption Standard) is used.

  The OTP access controller 5 serving as an access control unit performs access control such as reading and writing on the OTP memory 6 based on an access right to the OTP memory 6 described later in response to a request from the security processing unit 4 or the CPU 1. .

  The OTP memory 6 as a security information storage unit and a time lapse information holding unit is a memory in which secret key information and life cycle information used in the security processing unit 4 are stored. The OTP memory 6 is a known memory having a characteristic that information of each bit can be rewritten only once from 0 to 1 (or from 1 to 0). Since the OTP memory 6 has the above-described characteristics, it is suitable for a memory in which confidential information such as secret key information that can be written only once is stored. It is also suitable for a memory used for managing information such as life cycle information that changes in one direction each time (e.g., can be updated only in the time lapse direction). In the present embodiment, the OTP memory 6 is configured to function as both a security information storage unit and a time lapse information holding unit, but may be divided into two memories.

  FIG. 4 shows an example of a storage area in the OTP memory 6. As shown in FIG. 4, the storage area of the OTP memory 6 includes a data area 61 capable of storing a plurality of confidential information and life cycle information 62.

  The data area 61 stores the secret key information described above in the present embodiment. A plurality of data areas 61 are provided so that a plurality of secret key information can be stored according to the function and use of the control module 10. Of course, there may be one.

  In the life cycle information 62, the current life cycle is set for each data area. For example, the life cycle information corresponding to the data area # 0 (the life cycle information of the data area # 0) is set to be divided into the six stages of the production stage 101 to the disposal stage 106 illustrated in FIG. Here, since the same bit cannot be rewritten twice or more due to the characteristics of the OTP memory 6, for example, one bit is allocated from the LSB to the MSB in the life cycle stage order (time lapse order). In this case, the bits for writing “1” are changed in order, such as 000001 for the production stage 101, 000011 for the distribution stage 102, 000111 for the sales stage 103, and the like.

  Incidentally, confidential information such as secret key information stored in the data area 61 may be managed by further subdividing (hierarchizing) the stages shown in FIG. For example, the stage of the service stage 104 is subdivided into operation and maintenance. In order to enable such management, the life cycle information 62 is configured so that the number of bits can be variably set for each data area. That is, life cycle information is subdivided and held for each confidential information.

  In the example of FIG. 4, the life cycle information of the data area # 1 divides the service stage 104 into operation and maintenance. In this way, it is possible to set an access right that allows only the operation to access the data area # 1.

  The contents of the life cycle information of the data area # 0, the life cycle information of the data area # 1, and the life cycle information of the data area # 2 are changed in the same manner as the life cycle stage shifts (changes). The However, when the stage is subdivided, the subdivided stage may differ from the life cycle information of other data areas.

  For example, in FIG. 4, when the stage shifts from sales to service, the life cycle information of data area # 0 is “1” for service, but the life cycle information of data area # 1 is “1” for operation. become. When maintenance is performed thereafter, the life cycle information of the data area # 0 is not changed, but the life cycle information of the data area # 1 is “1”. When the stage shifts from service (maintenance) to collection / recycling, the collection / recycling becomes “1” for both life cycle information of the data areas # 0 and # 1.

  In the case of the example in FIG. 4, if it is permitted to shift to collection and recycling without performing maintenance, maintenance may be changed to “1” when shifting from operation to collection and recycling. Good.

  The bus 8 transfers data to and from the CPU 1, ROM 2, RAM 3, security module 7, and the like. As is well known, the bus 8 may be a common path used by each functional block to exchange data. For example, an AXI (Advanced eXtensible Interface) bus may be used.

  Next, the encryption operation of the control module 10 configured as described above will be described with reference to the control flowchart of FIG. First, the CPU 1 requests the security processing unit 4 (security module 7) for encryption processing (step S101). The security processing unit 4 requests confidential information (secret key information) from the OTP access controller 5 (step S102).

  The OTP access controller 5 reads the current life cycle stage from the life cycle information 62 of the OTP memory 6 to determine whether or not the target data area can be written (steps S103 and S104), and the read life cycle stage. The access right is confirmed based on (Step S105). An example of the access right set in the OTP access controller 5 is shown in FIG.

  FIG. 6 is set for each stage of the life cycle. In each stage, access rights such as writable, readable, and inaccessible are set in the CPU 1 and the security processing unit 4 as an accessor (access request source). That is, an access right is set for each access request source in the life cycle stage (every time elapsed information). In step S105, the OTP access controller 5 confirms the access right based on the access right table as shown in FIG. In the case of the control flow diagram of FIG. 5, since it is a request for secret key information from the security processing unit 4, access is possible at any stage. Therefore, the OTP access controller 5 reads out the secret key information (target confidential information) and outputs it to the security processing unit 4 (steps S106, S107, S108).

  In FIG. 6, only the CPU 1 and the security processing unit 4 are shown, but there may be other accessors (functional modules and the like).

  That is, steps S103 to S108 are performed based on the OTP from the security processing unit 4 based on the access right to the OTP memory 6 in which confidential information is stored, which is set for each stage of the life cycle that is changed with time. This is an access control process for controlling access to the memory 6.

  Next, the security processing unit 4 reads information to be encrypted from the RAM 3 (steps S109 and S110). Note that steps S109 and S110 may be executed between steps S103 to S108.

  Subsequently, the security processing unit 4 performs an encryption process using the secret key information output from the OTP access controller 5 (step S111), and writes the encrypted data in the RAM 3 (steps S112 and S113). Here, step S113 is a response from the RAM 3 indicating that data has been written. At the same time as the encryption process is completed, the security processing unit 4 discards the secret key information. Then, the security processing unit 4 notifies the CPU 1 that the encryption process has been completed (step S114).

  Next, the confidential information (secret key information) writing operation of the control module 10 will be described with reference to the control flow diagram of FIG. First, the CPU 1 makes an access request for secret key information to the OTP access controller 5 (step S201). At this time, secret key information to be written in the OTP memory 6 is also output. The OTP access controller 5 reads life cycle information from the OTP memory 6 to determine whether or not the target data area can be written (steps S202 and S203), and confirms the access right (step S204). Steps S202 to S204 are the same as steps S103 to S105 described in FIG. If it is confirmed that the user has the access right, the OTP access controller 5 writes the secret key information in the OTP memory 6 (steps S205 and S206).

  In FIG. 7, the OTP access controller 5 does not return a response indicating whether writing has succeeded or failed. In other words, no response notification is made when data is written to the OTP memory 6 (security information storage unit) in response to an external request. By doing in this way, it is avoided that a malicious person writes illegally in the OTP memory 6 using CPU1. For example, even if a malicious person writes to the OTP memory 6 many times, it cannot know that it has worked. Therefore, it becomes complicated and difficult for a malicious person to confirm unauthorized writing, and unauthorized use can be reduced.

  According to this embodiment, the OTP access controller 5 that performs access control to the OTP memory 6 from the security processing unit 4 or from the outside based on the access right to the OTP memory 6 set for each stage of the life cycle information. Have. By doing so, since the OTP memory 6 in which the confidential information is stored cannot be accessed without passing through the OTP access controller 5, it is possible to prevent unauthorized access to the confidential information.

  Further, since the access right to the confidential information is set for each stage of the life cycle information, the confidential information can be appropriately managed based on the stage of the life cycle.

  Further, since the security module 7 has the OTP memory 6 and the security processing unit 4, the confidential information stored in the OTP memory 6 is not output outside the security module 7, and the confidential information is received from the bus 8. Unauthorized acquisition can be prevented.

  In addition, once the OTP memory 6 is rewritten to “1”, it cannot be reset to “0”, so it is impossible to return the life cycle stage in time series, and the life cycle information is rewritten illegally. Can be prevented.

  The OTP memory 6 can store a plurality of confidential information in the data area 61, and the life cycle information 62 stores a plurality of life cycle information corresponding to the plurality of confidential information, respectively. In this way, confidential information can be stored and operated by function and application.

  Moreover, since the life cycle information 62 is subdivided and held for each confidential information, the life cycle information 62 can set a fine access right for each confidential information.

  In the example shown in FIG. 4, in order to use a plurality of confidential information properly, the life cycle information can be divided and set for each data area, but this is not restrictive. For example, when recycling, the first cycle of the life cycle uses the life cycle information of data area # 0 and data area # 0, and the second cycle uses the life cycle information of data area # 1 and data area # 1. To do. Thus, it may be used properly according to the number of laps of the life cycle.

  Since the OTP memory 6 cannot be reset to “0” once it is rewritten to “1” due to its characteristics, illegal access such as returning the life cycle stage while supporting recycling can be performed. Can be prevented.

  Moreover, you may combine the usage method corresponding to the recycling mentioned above, and the usage method shown in FIG. For example, a plurality of data areas storing confidential information and a plurality of corresponding life cycle information are set as one set, and by providing a plurality of sets, the first set is the first cycle of the life cycle, and the second set is the second cycle. Usage such as the life cycle of the eye is possible.

(Second Embodiment)
Next, a security processing unit apparatus according to a second embodiment of the present invention will be described with reference to FIG. Note that the same parts as those in the first embodiment described above are denoted by the same reference numerals and description thereof is omitted.

  In the first embodiment, a response indicating whether writing to the OTP memory 6 is successful or unsuccessful is not returned. However, in the case of only this function, if writing fails, the CPU 1 or the like cannot grasp it, and there is a possibility that incorrect information is shipped while being written in the OTP memory 6. Therefore, in this embodiment, although a direct response to the write request itself to the OTP memory 6 is not made, a write request succeeds or fails by making a confirmation request from the CPU 1 or the like to the security module 7 thereafter. It is to be able to grasp what has been done.

  The operation for confirming whether or not the writing to the OTP memory 6 is correctly performed will be described with reference to the control flow chart of FIG. First, the CPU 1 requests a writing check (confirmation) from the security processing unit 4 (security module 7) (step S301). This write check request is transmitted including the written data.

  The security processing unit 4 confirms whether the access is from a person authorized to access from the CPU 1 (step S302). This step S302 is effective when writing is permitted from a functional module other than the CPU 1 or an external device, and confirms whether the access is valid. In the case of access from an unauthorized person, the subsequent processing is not performed.

  Next, the security processing unit 4 requests write data from the OTP memory 6. That is, a data read request is made to the OTP access controller 5 in order to read the data written in the OTP memory 6 (step S303).

  The OTP access controller 5 reads the current life cycle stage from the life cycle information 62 of the OTP memory 6 (steps S304 and S305), and confirms the access right based on the read stage (step S306). Confirmation of the access right is the same as step S105 in FIG. The OTP access controller 5 reads the written data (target confidential information) and outputs it to the security processing unit 4 (steps S307, S308, and S309).

  Next, the security processing unit 4 compares the write data included in the write check request received in step S301 with the write data acquired from the OTP access controller 5 (OTP memory 6) in step S309 (step S310). Then, the comparison result is notified to the person who has output the write check request, such as CPU 1 (step S311). If the comparison results do not match, the CPU 1 or the like, for example, reflects it in the subsequent processing or outputs a notification such as a write error to the host computer or external device.

  According to the present embodiment, since confirmation of writing to the OTP memory 6 is performed separately after the write request, it is confirmed whether or not the write is successful even when there is no direct response to the write request. Can do.

(Third embodiment)
Next, a security processing unit apparatus according to a third embodiment of the present invention will be described with reference to FIG. The same parts as those in the first and second embodiments described above are denoted by the same reference numerals and description thereof is omitted.

  This embodiment has the same basic functional configuration as the first embodiment. In the present embodiment, other functions of the OTP access controller 5 and the security processing unit 4 will be described.

  As described in the first embodiment, the security module 7 uses the OTP memory 6 to prevent the life cycle stage from being returned to the previous stage. In addition, the life cycle stage is illegally changed. You can't go forward.

  The OTP access controller 5 can change the life cycle information 62 of the OTP memory 6 by receiving a request for changing the life cycle stage from the outside of the CPU 1 or the like. Whether or not the request is received from a person.

  In monitoring, monitoring is performed based on the table as shown in FIG. 9, and the life cycle stage is not changed for a request from an unauthorized accessor. In FIG. 8, an external I / F is an interface (circuit, connector, etc.) with an external device connected to the bus 8 of FIG. That is, the control module 10 can change the stage from an external device or the like via the external I / F. However, if the stage can be changed indefinitely from an external device or the like, there is a high possibility that the stage of the life cycle is illegally advanced, so the stages that can be changed are limited. In the case of FIG. 9, the external I / F cannot be accessed in the production stage 101, and therefore cannot be changed to the next physical distribution stage 102.

  In the example of FIG. 8, only the CPU 1 and the external I / F are shown, but there may be other accessors (for example, a functional module connected to the bus 8). Further, although the CPU 1 can change all the stages, it may be limited. In that case, it goes without saying that at least one other accessor must be able to change the stage.

  In this way, since the OTP access controller 5 functions as a time lapse information change management unit that performs access monitoring for changing the life cycle stage from the outside, it is possible to change the life cycle stage illegally. Can be prevented.

  The OTP access controller 5 has a memory for storing access records (logs) to the OTP memory 6 via the OTP access controller 5. In this log, not only the unauthorized access request described above, but also the case of regular access described in the first embodiment is accumulated. Examples of contents to be stored include accessor, access time (year / month / day, time), and the like.

  In this way, since the OTP access controller 5 functions as an access record storage unit for storing access records to the OTP access controller 5 (OTP memory 6), unauthorized access can be analyzed. In addition, the log can be used for analysis of defects in the security module 7 itself.

  Next, other functions of the security processing unit 4 will be described. If the CPU 1 or the like directly requests the OTP access controller 5 to change the life cycle stage described above, the content of the request is illegally acquired by monitoring the bus 8, and based on that, There is a possibility of unauthorized access. For this reason, for example, only the production stage 101 can be directly requested to the OTP access controller 5, and subsequent stage changes are made via the security processing unit 4 so as to reduce unauthorized access. To do.

  In this case, the request encrypted with the regular secret key is output to the security processing unit 4, and the security processing unit 4 decrypts the cipher and outputs it to the OTP access controller 5 to change the life cycle information 62 in the OTP memory 6. To do.

  Even in the case of a life cycle stage change using the security processing unit 4 described above, a malicious party attempts to change the stage by sending a request encrypted with an illegal secret key (unauthorized secret key). There is a case. Therefore, the security processing unit 4 also monitors access by an unauthorized secret key. When there is an access with an illegal secret key, the decryption result is not output to the OTP access controller 5.

  The security processing unit 4 performs not only the life cycle stage change request described above but also the same processing for access to the OTP memory 6 with an unauthorized secret key (data writing, etc.). Further, the access using such an illegal secret key may be notified to the OTP access controller 5 and stored as a log.

  In this way, the security processing unit 4 functions as an access monitoring unit that monitors whether the data input from the outside is legitimate data, thereby preventing access by an unauthorized secret key. Can do.

(Fourth embodiment)
Next, a security control program according to the fourth embodiment of the present invention will be described with reference to FIG. In addition, the same code | symbol is attached | subjected to the same part as the 1st-3rd embodiment mentioned above, and description is abbreviate | omitted.

  In the present embodiment, the security processing unit 4 and the OTP access controller 5 described in the first embodiment function as a computer program that operates on the CPU 1A (computer). Further, when these are operated as computer programs, as shown in FIG. 10, the ROM 2 storing the computer program and the OTP memory 6 are connected by a local bus 9 provided separately from the bus 8.

  The local bus 9 is a bus that is not connected except for the ROM 2 and the OTP memory 6 and cannot be directly accessed from the bus 8.

  Note that only the RAM 3 is described in the bus 8 illustrated in FIG. 10, but other functional modules and the external I / F are connected as in the first embodiment.

  In the configuration shown in FIG. 10, the CPU 1 reads the security control program from the ROM 2 connected to the local bus 9 and executes it. By doing so, the functions described in the first to third embodiments of the security processing unit 4 and the OTP access controller 5 shown in FIG. Accordingly, in the control flow diagrams of FIGS. 5 and 7, the portions related to the CPU 1, the security processing unit 4, and the OTP access controller 5 are operations in the CPU 1A.

  As described above, the OTP memory 6 is connected to the local bus 9, and the CPU 1 </ b> A performs reading and writing via the local bus 9.

  According to the present embodiment, the CPU 1 </ b> A can function as the security processing unit 4 and the OTP access controller 5 by executing the security control program stored in the ROM connected to the local bus 9. Therefore, since the OTP memory 6 in which confidential information is stored cannot be accessed without going through the CPU 1, it is possible to prevent unauthorized access to the confidential information.

  In the above-described embodiment, the life cycle information is described as the time lapse information, but the present invention is not limited to this. For example, simple time information such as year unit, month unit, day unit or hour unit may be used. Further, the time elapsed unit may be a fixed period, or may be an indefinite period in which the period is determined by an external trigger each time as in the life cycle.

  The present invention is not limited to the above embodiment. That is, those skilled in the art can implement various modifications in accordance with conventionally known knowledge without departing from the scope of the present invention. Of course, such modifications are included in the scope of the present invention as long as the configuration of the security processing apparatus of the present invention is provided.

1, 1A CPU
2 ROM
3 RAM
4, 4A Security processing part (encryption processing part)
5, 5A OTP access controller (access control unit)
6 OTP memory (security information storage)
7 Security module (security control device, time lapse information holding unit)
10 Control module (electronic equipment)

JP 2006-350494 A

Claims (10)

In a security control device having an encryption processing unit that performs data encryption and decryption processing based on confidential information,
A security information storage unit for storing the confidential information;
A time lapse information holding unit for holding the time lapse information;
Based on the access right to the security information storage unit set for each access request source in the time lapse unit of the time lapse information changed with the passage of time, the access information from the access request source to the security information storage unit An access control unit that performs access control;
A security control device comprising: The security information storage unit stores a plurality of the confidential information,
The time lapse information holding unit is configured by a storage element that can update the time lapse information only in the time lapse direction, and a plurality of the time lapse information is held corresponding to the plurality of confidential information, respectively. Yes,
The security control apparatus according to claim 1.   The security control apparatus according to claim 2, wherein the time lapse information holding unit subdivides and holds a time lapse unit of the time lapse information for each of the plurality of confidential information.   The security control according to any one of claims 1 to 3, wherein the access control unit does not perform a response notification when writing to the security information storage unit is performed by an external request. apparatus.   The security control apparatus according to claim 1, further comprising a time lapse information change management unit that performs access monitoring for changing the time lapse information from the outside.   The security control according to any one of claims 1 to 5, wherein the cryptographic processing unit further includes an access monitoring unit that monitors whether the data input from the outside is regular data. apparatus.   The security control according to any one of claims 1 to 6, further comprising an access record storage unit that stores an access record to at least one of the security information storage unit and the access control unit. apparatus.   An electronic apparatus comprising the security control device according to claim 1. In a security control method including an encryption processing step of performing data encryption and decryption processing based on confidential information,
Based on the access right to the security information storage unit in which the confidential information is stored, set for each access request source in the time lapse unit of the time lapse information changed with the passage of time, from the access request source. A security control method comprising an access control step for controlling access to the security information storage unit.   A security control program that causes a computer to execute the security control method according to claim 9.

Images