JP2018026651A - Method for protecting program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To improve security of program.SOLUTION: In a method for protecting a first program containing updatable first parameters, a processor encodes a first update program for updating the first program and first parameters according to an encoding program, by using second parameters. The processor decodes the encoded first program and encoded first update program according to a decoding program, by using the second parameters, and also updates the decoding program according to a second update program.SELECTED DRAWING: Figure 2

Description

  The present invention relates to a technique for obfuscating a program and preventing unauthorized analysis.

  With the spread of mobile terminals and the advancement of Web services, the types of services are diversifying. In particular, in recent years, services such as mobile payments, where services related to payment and remittance that have conventionally been routed through ATMs, windows, and dedicated terminals, are running on mobile terminals.

  When using such a service, a user generally installs a dedicated application program (referred to as an application) on a terminal and uses the service via the application. Also, user authentication (or terminal authentication) needs to be performed when using the service. At this time, secret information possessed only by the user (or terminal) is used.

  Such processing is preferably performed in an area on the SIM chip. However, as described above, in most cases, an application operating on a memory handles secret information. This is because the storage capacity and processing capacity of the SIM chip are insufficient to install the service application.

  On the other hand, from the viewpoint of security of mobile terminals, there is a reality that about 10% of terminals are infected with malware, and the existence of malware specialized for financial services has also been confirmed. Therefore, it is important for the application to protect secret information (secret key and biometric information) required for user authentication and communication path protection.

  As a countermeasure against the above-described problems, an obfuscation technique is known that makes it difficult to read without retaining confidential information as it is. Therefore, by obfuscating the application and key set, the risk of leakage of confidential information can be reduced. Many methods have already been examined for obfuscation. For example, Non-Patent Document 1 discloses a method of encrypting a program to make analysis difficult.

Christian Collberg and Jasvir Nagra, Surreptitious software, Addison-Wesley, p. 359, 2010.

  For example, it is assumed that the application has a built-in encryption function for using the service. Since the application downloaded to the terminal is the same, the secret key set by default is the same for different terminals. That is, the attacker can apply the analysis result of one terminal to another terminal, and the attack on the service is easy.

  In addition, it is necessary to periodically update the secret key for using the service. When the obfuscated application includes an encrypted application and a module for decrypting the encrypted application, a portion having no difference appears when the difference between the obfuscated applications before and after the secret key update is taken. This includes the decoding module. That is, it is possible to specify a decryption module for decrypting an encrypted application by updating a key used by the application, and an attack is easy.

  A typical example of the present invention is a method for protecting a first program including an updatable first parameter, in which a processor updates the first program and the first parameter according to an encoding program. An update program is encoded using a second parameter, and the processor decodes the encoded first program and the encoded first update program using the second parameter according to a decoding program. The processor updates the decryption program according to the second update program.

  According to one embodiment of the present invention, the security of a program can be improved.

1 is a diagram illustrating a system configuration in Embodiment 1. FIG. FIG. 4 is a sequence diagram illustrating a key initialization and update protocol in the first embodiment. 2 is a diagram illustrating a device configuration in Embodiment 1. FIG. It is a flowchart showing the process from the download of the application in Example 1 to the storing to a terminal. In Example 1, it is a figure explaining the outline | summary of the technique which obfuscates an application. In Example 1, it is a function block diagram of the application containing the obfuscated encryption communication function. In Example 1, it is another example of the function block diagram of the application containing the obfuscated encryption communication function. FIG. 8 is a flowchart for explaining a process for updating a secret key used for an encrypted communication / authentication function of an obfuscated application in the case of the functional configuration of FIG. 6 is a diagram illustrating a system configuration in Embodiment 2. FIG. FIG. 10 is a sequence diagram illustrating a key initialization and update protocol in the second embodiment.

  Embodiments of the present invention will be described below with reference to the accompanying drawings. It should be noted that this embodiment is merely an example for realizing the present invention, and does not limit the technical scope of the present invention. In each figure, the same reference numerals are given to common configurations. In the following, a technique for obfuscating a downloaded application program (also referred to as an application) to prevent unauthorized analysis by malware or the like is disclosed.

  FIG. 1 shows the system configuration of this embodiment. This system includes a user terminal 102 possessed by a user 101, an application distribution server 103 that distributes an application, and a service provider 104 that provides a service to the user via the application. Here, the service provider 104 indicates one or a plurality of servers. The service provider 104 entrusts the application distribution server 103 to distribute an application necessary for using the service.

  When using a service provided by the service provider 104, the user accesses the application distribution server 103 from the user terminal 102 owned by the user and downloads the application. Then, use the service through the installed application.

  Normally, the application download from the application distribution server 103 uses encrypted communication in order to prevent tampering during the communication. This communication is temporary, and the application distribution server 103 often does not authenticate the terminal 102.

  On the other hand, the service provider 104 confirms that the owner of the user terminal 102 is a valid service user when providing the service. The user terminal 102 proves that it has some secret information and indicates to the service provider 104 that it is a legitimate service user.

  The user terminal 102 stores secret information 105 such as a password, a secret key, or temporarily captured user biometric information for proving to the service provider 104 that the user terminal 102 is a legitimate user terminal. The user terminal 102 also holds an obfuscation parameter 106 used for obfuscation for protecting the secret information 105. Obfuscation encodes an app using obfuscation parameters 106, making analysis difficult. Details of the obfuscation and obfuscation parameter 106 will be described later.

  FIG. 2 is a sequence diagram illustrating a key initialization and key update protocol according to this embodiment. Hereinafter, the protocol will be described with reference to FIG. The service provider 104 performs obfuscation processing on the application using fixed parameters, and combines the application and the obfuscation function (201).

  As will be described later, the obfuscated application includes an app encoded for obfuscation and a program (at least a part of) a program for obfuscation (encoding / decoding of the app). In the following description, “function” indicates a program (program module) unless otherwise specified. Obfuscation is coded to protect the app. In the example described below, the obfuscation parameter is an obfuscation secret key. Obfuscation may use a different encoding than the encryption that uses the key.

  Next, the service provider 104 transmits an application registration request to the application distribution server 103, and registers the obfuscated application in the application distribution server 103 (202). Note that the service provider 104 may register the application in the application distribution server 103 without obfuscating the application.

  Next, the obfuscated application is downloaded from the application distribution server 103 to the user terminal 102 as described below. First, the user terminal 102 transmits an application download request to the application distribution server 103 (203). Furthermore, when receiving the application download request, the application distribution server 103 transmits the obfuscated application registered to the user terminal 102 (204).

  Next, the user terminal 102 initializes parameters for the downloaded application. In particular, the user terminal 102 receives the initialization parameters such as the terminal specific information, the system log, and the communication log, generates the obfuscated secret key 106, and performs the obfuscation process (205).

  In this example, the obfuscation secret key 106 is a key for encrypting / decrypting the application. The user terminal 102 decrypts the downloaded application using the fixed parameter, and further encrypts the application using the generated obfuscation secret key 106. The user terminal 102 generates image data of the obfuscated application including the encrypted application and the obfuscation function, and stores the image data in the storage device. The fixed parameter is preset in the user terminal 102 or transmitted from the application distribution server 103, for example.

  Next, user registration is performed as follows. First, the user 101 performs user registration with the service provider 104 via the user terminal 102 in which the application is installed (206). The user terminal 102 and the service provider 104 share a key for protecting the communication path (207). Further, the user terminal 102 updates the obfuscated secret key 106 using the shared key data and / or other data (208).

  After the user registration, the user 101 performs cryptographic communication with the service provider 104 via the user terminal 102 and uses the service (209).

  The key for using the service and the key for obfuscation are updated as follows. First, the user terminal 102 communicates with the service provider 104 to update a secret key for communication path protection (service use) (210). Further, the user terminal 102 updates the obfuscated secret key 106 using the updated key data and / or other data (211).

  The user terminal 102 uses the updated obfuscation secret key 106 to execute obfuscation processing on the application. Specifically, the user terminal 102 encrypts the application using the updated obfuscation secret key 106, and combines the encrypted application and the obfuscation function to obtain the image data of the obfuscated application. Generate and store in storage. The image data is an execution program or file.

  FIG. 3 is a diagram illustrating the hardware configuration of the system according to the present embodiment. The application distribution server 103 and the user terminal 102 communicate via the network 321. Each of the application distribution server 103 and the user terminal 102 can have a typical computer configuration. The service provider 104 server may similarly have a typical computer configuration.

  The application distribution server 103 includes a communication device 301, a CPU 302 that is a processor, a memory 303, and a storage device 304. The storage device 304 stores the obfuscated application 305. The application is a program that can be executed on the terminal 102. The memory 303 stores a program executed by the CPU 302 and data used for the program. The CPU 302 functions as a predetermined means by operating according to a program.

  The user terminal 102 includes a communication device 311, a CPU 312 that is a processor, a memory 313, and a storage device 314. The memory 313 stores a program executed by the CPU 312 and data used for the program. The CPU 312 realizes a predetermined function (not a program) by operating according to the program.

  The storage device 314 stores a terminal-specific application image 315 that is an obfuscated application. The user terminal 102 executes obfuscation processing on the application downloaded from the application distribution server 103, and stores the obfuscated application 315 in the storage device 314. In the obfuscation process, the obfuscation secret key 106 is generated using the initialization parameter 316. As described above, the initialization parameter 316 is, for example, terminal-specific information, and / or a system log and a communication log.

  FIG. 4 is a flowchart showing processing for downloading and storing an application in the user terminal 102. First, the user terminal 102 and the application distribution server 103 establish encrypted communication (401). For example, TLS may be used as the communication method. Next, the user terminal 102 transmits an application download request to the application distribution server 103 (402).

  In response to the application download request from the user terminal 102, the application distribution server 103 transmits the target obfuscated application 305 to the terminal 102 (403).

  The user terminal 102 creates a terminal-specific application image 315 using the initialization value 316 using the unique value of the user terminal 102 such as the MAC address, CPU number, OS version information, current time information, and system log. Then, the created application image 315 is stored in the storage device 314 (405).

  Specifically, the user terminal 102 uses the initialization parameter 316 to generate the obfuscation parameter 106. The user terminal 102 decrypts the encrypted application in the obfuscated application 305, and further encrypts the application using the obfuscation parameter 106. The user terminal 102 generates an application image 315 including an encrypted application and a function for obfuscation.

  For example, if the obfuscated application 305 includes an encryption function, a decryption function, and a key update function for obfuscation as in the example illustrated in FIG. 6, the installer of the user terminal 102 uses the initialization parameter 316. To the key update function, and the key update function generates a new obfuscation parameter 106. The decryption function and the encryption function of the obfuscated application 305 respectively decrypt and encrypt the application.

  If any of the functions is not included in the obfuscated application 305, the installer executes the process instead. Regardless of the configuration of the obfuscation function included in the obfuscated application 305, the installer may execute all the processes for generating the application image 315.

  The user terminal 102 inputs the initialization parameter 316 to a hash function such as SHA-256, uses the output as a seed for the random number generator, and randomizes the memory arrangement of the dll using the obtained random number. May be executed. The user terminal 102 may encrypt the application using the obtained random number as a secret key. Since the entity of the application image 315 obtained as a result is different for each terminal, the risk of attack by malware can be reduced.

  Further, the user terminal 102 may use a value derived from a secret key in encrypted communication as the initialization parameter. For example, when DH (Diffie-Hellman) key sharing is used, since the DH component is secret information known only to the terminal, the communication partner server cannot estimate the initialized application.

  FIG. 5 is a diagram for explaining an outline of a packing technique for obfuscation (a technique for making analysis difficult by encrypting an application). The encryption device 501 encrypts the application 505. The encryption device 501 may generate the obfuscation secret key (obfuscation parameter) 106 used for encryption from a value unique to the terminal or system information as described with reference to FIG. . When the application 505 is downloaded using encrypted communication, the encryption device 501 may generate the secret information used for encrypted communication.

  For example, when the Diffie-Hellman key exchange method is used for key sharing for cryptographic communication, if the DH employee generated by the user terminal 102 is used for generation of the obfuscated secret key 106, the partner of the cryptographic communication also It is difficult to know the value of the obfuscated secret key 106.

  The terminal-specific application image 315 includes a boot loader 511, a decryption function 512 in which the obfuscation secret key 106 is embedded, and an application 513 encrypted with the obfuscation secret key 106. The encrypted application 513 is packed data. The decryption function 512 is a program module.

  When the terminal-specific application image 315 is executed, the boot loader 511 is executed first, and the boot loader 511 executes the decryption function 512. The decryption function 512 decrypts the encrypted application 513 and develops it on the memory 313 of the user terminal 102. When the decryption is completed, the decryption function 512 passes the processing to the decrypted application 505.

  FIG. 6 is a functional configuration diagram of an application obfuscated using the packing technique. In addition to the service use function 602 for using the service, the application 505 includes an encryption communication / authentication function 603 for authenticating the user terminal 102 and the user, a key update function 604, and a secret key used for encryption communication and authentication. 105.

  In addition to this, the obfuscated application 315 has an input interface (IF) that receives data via the boot loader 511, the decryption function 512, the encryption function 614, the obfuscation secret key update function 615, and the communication function of the user terminal 102. ) 616.

  The obfuscation secret key update function 615 uses the secret key update key data 621 of the encryption communication / authentication function 603 received via the input IF 616, the system information of the terminal, and the time information 622 as external inputs. Update the private key. The obfuscated application 611 holds a communication log therein, and the obfuscated secret key update function 615 may use the communication log for key update.

  In FIG. 6, the service use function 602, the encryption communication / authentication function 603, the key update function 604, and the secret key 105 are targets for packing, and the obfuscated secret key update function 615 is not a target for packing processing. However, the obfuscated secret key update function 615 may be a target of packing processing. The key update function 604 may execute processing instead of the obfuscation secret key update function 615. Similarly, the encryption function 614 (including the obfuscated secret key 106) may be included in the packing processing target.

  FIG. 7 is a software configuration diagram including a function for checking the validity of data input from the outside in the key update. The obfuscated application 315 includes an input data authentication function 701 and an output IF 702 in addition to the functions shown in FIG. The input data authentication function 701 can improve security. Details of the operation of the input data authentication function 701 will be described with reference to FIG.

  FIG. 8 is a flowchart illustrating a process for updating a key for using a service. Specifically, FIG. 8 is a flowchart for explaining a process for updating the secret key 105 used for the encrypted communication / authentication function 603 of the obfuscated application 513 in the configuration shown in FIG.

  The user terminal 102 receives the secret key update data 621 of the encryption communication / authentication function 603 from the network 321 (801). The secret key update data 621 changes over time. The input data authentication function 701 verifies that the received secret key update data 621 is a value generated by the service provider 104 (802). As a result of the verification, when it is determined that the received data is invalid (802: illegal), the input data authentication function 701 notifies the service provider 104 of an authentication failure (803) and ends the processing.

  In step 802, in one method for confirming the validity of the received data, the data sender (for example, the service provider 104) uses the secret key shared with the user terminal 102 and uses the received data message. An authenticator is added to the transmission data. In addition, other validity confirmation methods such as a method using an electronic signature may be used. Information used for protecting the communication path between the service provider 104 and the user terminal 102 may be used for information such as a secret key and public key used for validity verification.

  When the input data authentication function 701 determines that the received data is valid (802: valid), the key update function 604 generates a new secret key 105 using the received secret key update key data 621, and the old data is updated. Replace with the secret key 105 (804).

  The obfuscation secret key update function 615 generates a new obfuscation secret key from the received secret key update key data 621 or the new secret key 105 generated in step 804 and the old obfuscation secret key 106. (805).

  The obfuscation secret key update function 615 updates the encryption function 614 and the decryption function 512 using the new obfuscation secret key 106 generated in Step 805 (806). Specifically, the obfuscation secret key update function 615 updates the obfuscation secret key 106 included in the encryption function 614 and the decryption function 512.

  The encryption function 614 updated in step 806 encrypts the key update function 615, the secret key 105, the service use function 602, and the encryption communication / authentication function 603 with the new obfuscation secret key 106 and stores it in the storage device (314). Store (807).

  For example, the encryption function 614 generates an application encrypted with the new secret key 106 from an unencrypted application on the memory 313 and replaces the old encrypted application 513 in the image 315. Alternatively, the decryption function 512 decrypts the old encrypted application 513 in the image 315 before updating the secret key 106. The encryption function 614 generates an application encrypted with the new secret key 106 from the decrypted application, and replaces the old encrypted application 513 in the image 315.

  The obfuscation secret key update function 615 notifies the service provider 104 of the key update success (808).

  In this way, when the obfuscation target program (the secret key 105 in the above example) is updated, the obfuscation target program is updated by updating the obfuscation parameter (the obfuscation secret key 106 in the above example). And the obfuscation decoding function can be made difficult to read.

  As described above, when receiving the input information from the outside and the instruction to update the private key 105 for using the service, the user terminal 102 updates the private key 105 held by the application. The user terminal 102 further updates the obfuscated secret key 106 for encrypting / decrypting the application using the received input information.

  As a result, when the key 105 for use of the service is updated, the entire obfuscated application 315 including the decryption function (module) 512 for obfuscation is updated, and decryption for obfuscation is performed even if the module difference is seen. The function 512 cannot be specified, and the attack becomes more difficult.

The obfuscation secret key 106 may not be synchronized with the update of the service use key 105, that is, the obfuscation secret key 106 is always updated when the service use key 105 is updated. You don't have to. The obfuscation secret key 106 may be updated by using data different from the data in the update of the key 105 for use of the service (for example, the key 105 or the encryption communication / authentication function update key data 621). By using the update data of the key 105, the decryption function 512 for obfuscation can be updated efficiently with high security.

  In addition, the user terminal 102 uses the terminal unique information as an entropy source to initialize application secret information (for example, a public key pair or a random number generator seed) and an obfuscation secret key. Initialization using terminal-specific information as an entropy source provides a unique module instance for each terminal.

  In the flowchart of FIG. 8, the secret key update data 621 is composed only of data received via the network. In contrast, the obfuscation secret key may be updated using information 622 such as time information and system log that changes over time. By using such information 622, the obfuscated application can realize the backing security. Even if information about an app whose malware has been obfuscated is transmitted to an external attacker, the risk of future analysis of the obfuscated app can be reduced by the analysis result by the attacker.

  In the flowchart of FIG. 8, the private key update data 621, for example, the private key for authentication, is generated by the service provider 104 and transmitted to the terminal. The key update method is not limited to this. For example, the user terminal 102 may generate a new private key / public key pair and register the new public key with the service provider 104. The key update may be executed starting from the user terminal 102.

  In the above system configuration, the service provider 104 is in charge of all processing related to user authentication. However, a certificate authority that issues a public key certificate may perform a public key update process and further update the obfuscated application 315.

  The session key when using the service may be disposable. In this case, the session key may not be obfuscated. Further, the obfuscated application may be updated when the session key is established.

  The session key may be maintained when the cryptographic communication is temporarily suspended and the application is terminated. For example, TLS (Transport Layer Security) has a mechanism called session resumption that keeps a key across sessions.

  In such a case, the user terminal 102 may update the obfuscated application when the information to be stored is updated when the application is terminated or interrupted. The encryption function 614, the obfuscation secret key update function 615, and the input data authentication function 701 may also be subject to encryption.

  In the above example, the decryption function and the encryption function are updated by updating the key. Thereby, the decryption function and the encryption function can be updated with high security efficiently. The decryption function and the encryption function may be updated by a different method, for example, by changing the code layout.

  FIG. 9 is a diagram illustrating a configuration of a system according to the second embodiment. This configuration assumes a single sign-on service. The single sign-on system provides a plurality of services, and includes an authentication server 903 in addition to the user 101, the user terminal 102, the application distribution server 103, and the service providers 901 and 902 constituting the system of FIG. . The authentication server 903 performs user authentication on behalf of the plurality of service providers 901 and 902.

  FIG. 10 is a sequence diagram illustrating a key initialization and update protocol according to the second embodiment of the present invention. Hereinafter, the protocol will be described with reference to FIG. The service provider (901 (902)) obfuscates the application using a fixed parameter, and combines the application and the obfuscation function (1001).

  Next, the service provider (901 (902)) transmits an application registration request to the application distribution server 103, and registers the obfuscated application in the application distribution server 103 (1002). The service provider (901 (902)) may register the application in the application distribution server 103 without obfuscation.

  Next, the obfuscated application is downloaded from the application distribution server 103 to the user terminal 102 as described below. First, the user terminal 102 transmits an application download request to the application distribution server 103 (1003). Furthermore, when receiving the application download request, the application distribution server 103 transmits the obfuscated application registered to the user terminal 102 (1004).

  Next, the user terminal 102 initializes parameters for the downloaded application. In particular, the user terminal 102 receives the initialization parameters such as the terminal specific information, the system log, and the communication log, generates the obfuscated secret key 106, and performs the obfuscation process (1005).

  Next, the user 101 performs user registration in the authentication server 903 via the user terminal 102 in which the application is installed, and registers an authentication key (1006). Next, the user terminal 102 updates the obfuscated secret key 106 using the authentication key and / or other data (1007).

  Next, user registration with the service provider is executed as follows. First, the user 101 connects to the authentication server 903 via the user terminal 102 and performs user authentication (1008). The authentication server 903 issues a ticket to the user terminal 102 (1009). The user terminal 102 accesses the service provider 901 (902) using the ticket acquired in step 1009, and performs user registration (1010).

  Next, the user 101 uses the service as follows. First, the user 101 connects to the authentication server 903 via the user terminal 102 and performs user authentication. The authentication server 903 issues a ticket to the user terminal 102 (1011). The user terminal 102 accesses the service provider 901 (902) using the ticket acquired in Step 1012, and uses the service (1012).

  The key for using the service and the key for obfuscation are updated as follows. First, the user terminal 102 communicates with the authentication server 903 to update a secret key for communication path protection (service use) (1013). Further, the user terminal 102 updates the obfuscated secret key 106 using the updated key data and / or other data (1014).

  The key update may be performed every predetermined period, and the service use step may be executed a plurality of times during the period until the key update. FIG. 9 and FIG. 10 show an agent method using a ticket issued by the authentication server 903. The concept of the present embodiment can be applied to any other single sign-on implementation method.

  For example, even in the reverse proxy method in which the authentication server 903 performs an authentication response with the service provider 901 (902) on behalf of the user 101, (1) authentication of the user 101 by the authentication server 903, and (2) the user terminal 102 The basic flow of key establishment between the service provider 901 (902) and the service provider 901 does not change. Therefore, the obfuscated application can be updated based on the sequence of FIG.

  In the sequence of FIG. 10, the session establishment between the user terminal 102 and the service provider 901 (902) and the update of the obfuscation parameters are executed at different times. However, the obfuscation parameters may be updated by using the established session key or shared secret when the encryption communication key between the user terminal 102 and the service provider 901 (902) is established.

  In addition, this invention is not limited to an above-described Example, Various modifications are included. For example, the above-described embodiments have been described in detail for easy understanding of the present invention, and are not necessarily limited to those having all the configurations described. Further, a part of the configuration of one embodiment can be replaced with the configuration of another embodiment, and the configuration of another embodiment can be added to the configuration of one embodiment. Further, it is possible to add, delete, and replace other configurations for a part of the configuration of each embodiment.

  Each of the above-described configurations, functions, processing units, and the like may be realized by hardware by designing a part or all of them, for example, by an integrated circuit. Each of the above-described configurations, functions, and the like may be realized by software by interpreting and executing a program that realizes each function by the processor. Information such as programs, tables, and files for realizing each function can be stored in a memory, a hard disk, a recording device such as an SSD (Solid State Drive), or a recording medium such as an IC card or an SD card. In addition, the control lines and information lines are those that are considered necessary for the explanation, and not all the control lines and information lines on the product are necessarily shown. In practice, it may be considered that almost all the components are connected to each other.

101 user, 102 user terminal, 103 application distribution server, 104 service provider, 105 secret key, 106 obfuscated secret key, 301 communication device, 303 memory, 304 storage device, 305 obfuscated app, 311 communication device, 313 Memory, 314 storage device, 315 application image, 316 initialization parameter, 321 network, 501 encryption device, 505 application, 511 boot loader, 512 decryption function, 513 encrypted application, 602 service use function, 603 encryption communication / Authentication function, 604 key update function, 614 encryption function, 615 obfuscation secret key update function, 616 input IF, 621 secret key update data, 622 time information, 701 input data authentication function, 702 output IF, 901, 9 2 service provider, 903 authentication server

Claims (9)

A method for protecting a first program including a first parameter that can be updated, comprising:
The processor encodes the first update program for updating the first program and the first parameter according to the encoding program using the second parameter,
The processor decodes the encoded first program and the encoded first update program using the second parameter according to a decoding program,
A method in which the processor updates the decryption program according to a second update program. The method of claim 1, comprising:
The method, wherein the processor updates the encoding program according to the second update program. The method of claim 1, comprising:
The method, wherein the processor updates the decoding program in synchronization with the update of the first parameter. The method according to claim 1, 2 or 3,
The processor updates the first parameter based on the first parameter and the update data;
The method, wherein the processor updates the decoding program based on data in the update of the first parameter and the decoding program. The method of claim 4, comprising:
The processor receives the update data via a network;
The processor checks the validity of the update data using the authentication data received together with the update data,
When the update data is valid,
The method, wherein the processor updates the first parameter and the decoding program. A method according to any one of claims 1 to 5, comprising
The first parameter is a key for the first program to perform encrypted communication;
The decryption program includes the second parameter,
The method
The method, wherein the processor updates the decoding program by updating the second parameter included in the decoding program. The method according to any one of claims 1 to 6, comprising:
The processor is included in a terminal;
The method
The processor downloads the first program encoded by the second parameter of an initial value from a server connected to the terminal via a network;
The processor decrypts the downloaded first program with the initial value;
The processor updates the second parameter from the initial value to a value generated from information in the terminal;
The method, wherein the processor encodes the first program with the updated second parameter and stores the first program in a storage device of the terminal. A program for protecting a first program including a first parameter that can be updated,
In the calculator,
An encoding function for encoding the first program and the first update program for updating the first parameter using a second parameter;
A decoding function for decoding the first program and the first update program encoded by the encoding function using the second parameter;
A second update function for updating a decryption program for realizing the decryption function;
A program to realize An apparatus for protecting a first program including a first parameter that can be updated, comprising:
Memory for storing the program;
A processor that operates according to a program stored in the memory,
The processor is
According to an encoding program, the first update program for updating the first program and the first parameter is encoded using a second parameter,
According to a decoding program, the encoded first program and the encoded first update program are decoded using the second parameter,
An apparatus for updating the decryption program according to a second update program.