JP2020150310A - Information processing unit, decryption method of encryption data and electronic apparatus - Google Patents

Abstract

To limit such data as program codes and set values, stored in apparatus included in an information processing unit, only to those procured from reliable origins.SOLUTION: In an information processing unit including a first apparatus, and a second apparatus having a tamper-resistance higher than that of the first apparatus, the first apparatus receives encryption data, obtained by performing first encryption processing using a first cryptographic key and a second encryption processing using a second cryptographic key for prescribed data, from an external unit, and performs first decryption processing using a first decryption key capable of decrypting data encrypted by first encryption processing, for the data encrypted by the first encryption processing in the encryption data. The second apparatus performs second decryption processing using a second decryption key capable of decrypting data encrypted by second encryption processing, for the data encrypted by the second encryption processing in the encryption data.SELECTED DRAWING: Figure 4

Description

The technical field of information processing equipment such as IoT (Internet of Things) equipment.

The IoT device is used for the purpose of acquiring data measured by a sensor included in the IoT device on a server via the Internet, remotely managing the IoT device by the server, and the like. Since IoT devices are connected to a server via the Internet, security is required. Therefore, there is a movement to provide secure elements in IoT devices to manage confidential information such as keys. Patent Document 1 discloses a system for transmitting and receiving confidential information by establishing a secure communication path between a security chip that holds key information and a server.

Japanese Unexamined Patent Publication No. 2006-129143

In addition, with the spread of IoT devices, IoT devices are increasingly targeted for attacks, and unauthorized installation of computer viruses has become a social problem. In addition, there is a concern that the value set in the IoT device may be falsified to cause abnormal operation. On the other hand, devices such as microcomputers used for IoT devices have only the minimum performance required to control IoT devices, and resident antivirus software such as PCs (Personal Computers) have been introduced. The problem is that it is not realistic to do.

In view of these circumstances, the information processing device that can limit data such as program codes and setting values stored in devices such as microcomputers included in information processing devices such as IoT devices to those obtained from a reliable source. Etc. are the issues to be provided.

In order to solve the above problems, the invention according to claim 1 is an information processing apparatus including a first apparatus and a second apparatus having a tamper resistance higher than that of the first apparatus, and the first apparatus. Receives the encrypted data obtained by performing the first encryption process using the first encryption key and the second encryption process using the second encryption key on the predetermined data from the external device. A first decryption key capable of decrypting the data encrypted by the first encryption process is used for the receiving means to be performed and the data encrypted by the first encryption process in the received encrypted data. The second apparatus includes the first decryption means for performing the first decryption process, and the second apparatus performs the second encryption on the data encrypted by the second encryption process in the received encrypted data. It is characterized by comprising a second decoding means for performing a second decryption process using a second decryption key capable of decrypting the data encrypted by the process.

The invention according to claim 2 is the information processing apparatus according to claim 1, wherein the first apparatus stores the predetermined data obtained by the first decoding process and the second decoding process. It is characterized by further providing a data storage means.

The invention according to claim 3 is the information processing apparatus according to claim 2, wherein the encrypted data is obtained by performing the second encryption process on a first portion of the predetermined data. The second encryption obtained by performing the first encryption process on the obtained first encrypted data and the second part which is the remaining part of the predetermined data excluding the first part. The first decryption means is composed of data, and the first decryption means performs the first decryption process on the second encrypted data in the received encrypted data, and the second decryption means receives the received said. The second decryption process is performed on the first encrypted data in the encrypted data, and the data storage means obtains the first part obtained by the second decryption process and the first decryption process. It is characterized in that the predetermined data composed of the second portion is stored.

The invention according to claim 4 is the information processing apparatus according to claim 3, wherein the receiving means relates to partially encrypted data composed of the first encrypted data and the second portion. A digital signature generated by using the message digest generated by the first generation process and the private key is further received from the external device, and the second device uses the public key corresponding to the private key. An acquisition means for acquiring a message digest by decrypting the digital signature, the first encrypted data in the encrypted data received by the receiving means, and the second portion obtained by the first decryption process. A first comparison means for comparing the message digest generated by the first generation process with respect to the partially encrypted data composed of the above and the message digest acquired by the acquisition means is further provided, and the second decryption The means is characterized in that the second decoding process is performed when the results of comparison by the first comparison means are in agreement.

The invention according to claim 5 is the information processing apparatus according to claim 2, wherein the encrypted data is obtained by performing the second encryption process on a first portion of the predetermined data. The first encryption is performed on the partially encrypted data composed of the obtained first encrypted data and the second part which is the remaining part of the predetermined data excluding the first part. The data obtained by performing the processing, the first decoding means performs the first decoding processing on the received encrypted data, and the second decoding means is obtained by the first decoding processing. The second decryption process is performed on the first encrypted data in the partially encrypted data, and the data storage means includes the first part obtained by the second decryption process and the first. It is characterized in that the predetermined data composed of the second part of the partially encrypted data obtained by the decryption process is stored.

The invention according to claim 6 is the information processing apparatus according to claim 5, wherein the receiving means relates to partially encrypted data composed of the first encrypted data and the second portion. A digital signature generated by using the message digest generated by the first generation process and the private key is further received from the external device, and the second device uses the public key corresponding to the private key. An acquisition means for acquiring a message digest by decrypting the digital signature, a message digest generated by the first generation process for the partially encrypted data obtained by the first decryption process, and the acquisition means. The second decoding means further includes a first comparison means for comparing the message digest, and the second decoding means performs the second decoding process when the comparison results by the first comparison means are in agreement. And.

The invention according to claim 7 is the information processing apparatus according to claim 4 or 6, wherein the predetermined data is a program code, and the second device has a result of comparison by the first comparison means. Further, a message digest storage means for storing the compared message digests when there is a match is further provided, and the first device includes a program code executing means for executing the program code and the program code by the program code executing means. When the execution of the program is the first time, the program code transmitting means for transmitting the program code stored in the data storage means to the second device is further provided, and the second device is provided with the program. The first encryption is performed by performing the second encryption processing on the program code receiving means for receiving the program code transmitted by the code transmitting means and the first part of the program code received by the program code receiving means. Message digest generation means that acquires encrypted data and generates a message digest by the first generation process for partially encrypted data composed of the first encrypted data and the second part in the program code. When the second comparison means for comparing the message digest stored in the message digest storage means and the message digest generated by the message digest generation means and the comparison result by the second comparison means are in agreement. In addition, the program code executing means further includes a notification means for notifying the first device to that effect, and when the program code transmitting means transmits the program code, the result of comparison by the second comparing means is provided. The program code is executed after receiving the notification that the data matches.

The invention according to claim 8 is the information processing apparatus according to claim 7, wherein the second device is the program code receiving means when the results of comparison by the second comparison means are in agreement. The first apparatus further comprises a check code generation means for generating a check code by a second generation process for the program code received by the program code, and a check code storage means for storing the check code generated by the check code generation means. In the case where the program code is executed by the program code executing means for the second time or later, a check code is generated by the second generation process for the program code stored in the data storage means, and the check code is generated. The second device further includes a check code transmitting means for transmitting to the second device, and the second device includes a check code receiving means for receiving the check code transmitted by the check code transmitting means and a check code received by the check code receiving means. When the third comparison means for comparing the check code stored in the check code storage means with the check code stored in the check code storage means and the comparison result by the third comparison means are in agreement, the first device is notified to that effect. The program code executing means further includes a second notifying means, and when the check code transmitting means transmits the check code, the program code executing means receives a notification that the comparison results by the third comparing means are in agreement. After that, the program code is executed.

The invention according to claim 9 is the information processing apparatus according to any one of claims 1 to 8, wherein the first device is a non-secure element, and the second device is a secure element. It is characterized by being.

The invention according to claim 10 is the information processing apparatus according to any one of claims 1 to 9, wherein the second device further includes a key storage means for storing the second decryption key. It is characterized by.

The invention according to claim 11 is the information processing apparatus according to any one of claims 1 to 10, wherein the predetermined data is a program code, and the first part is the program code. It is characterized by including address information for specifying the first execution address.

The invention according to claim 12 is a method for decrypting encrypted data in an information processing device including a first device and a second device having a tamper resistance higher than that of the first device. The first encryption process in the encrypted data obtained by performing the first encryption process using the first encryption key and the second encryption process using the second encryption key on the predetermined data. The first decryption step of performing the first decryption process using the first decryption key capable of decrypting the data encrypted by the first encryption process on the data encrypted by the above, and the second apparatus A second decryption process using a second decryption key capable of decrypting the data encrypted by the second encryption process is performed on the data encrypted by the second encryption process in the encrypted data. It is characterized by including a second decoding step to be performed.

The invention according to claim 13 is a cipher obtained by performing a first encryption process using a first encryption key and a second encryption process using a second encryption key on predetermined data. It is possible to decrypt the data encrypted by the first encryption process against the receiving means for receiving the encrypted data from the external device and the data encrypted by the first encryption process in the received encrypted data. An electronic device having a tamper resistance higher than that of a predetermined device including a first decryption means for performing a first decryption process using the first decryption key, and the encrypted data from the predetermined device. The receiving means for receiving the data encrypted by the second encryption process and the data encrypted by the second encryption process received by the receiving means are encrypted by the second encryption process. It is characterized by including a second decoding means for performing a second decoding process using a second decoding key capable of decoding data, and a delivery means for delivering the data acquired by the second decoding process to the predetermined device. And.

According to the present invention, when the encrypted data is received from an external device, the first device uses the first decryption key for the data encrypted by the first encryption process in the encrypted data. 1 Decryption process is performed, and the second device performs a second decryption process using the second decryption key on the data encrypted by the second encryption process in the encrypted data. That is, since data obtained from a source other than a reliable source cannot be properly decrypted, the device included in the information processing device stores only the data that can be normally decrypted from the encrypted data, thereby storing the stored data. You can limit it to those obtained from trusted sources.

It is a figure which shows the communication system configuration example in 1st Embodiment. (A) is a block diagram showing a configuration example of the IoT terminal 1 in the first embodiment, and (B) is a block diagram showing a configuration example of the server S in the first embodiment. It is a figure which shows the outline of the encryption of the program code in 1st Embodiment. It is a figure which shows the outline of the flow of encryption and decryption of the program code in 1st Embodiment. It is a flowchart which shows the processing example by the server S in 1st Embodiment. It is a flowchart which shows the processing example of the server S and IoT terminal 1 at the time of program code installation in 1st Embodiment. It is a flowchart which shows the processing example of the IoT terminal 1 at the time of the first execution of the program code in 1st Embodiment. It is a flowchart which shows the processing example of the IoT terminal 1 at the time of execution of the program code 2nd time or later in 1st Embodiment. It is a figure which shows the outline of the encryption of the program code in 2nd Embodiment. It is a figure which shows the outline of the flow of encryption and decryption of a program code in 2nd Embodiment. It is a flowchart which shows the processing example by the server S in 2nd Embodiment. It is a flowchart which shows the processing example of the server S and IoT terminal 1 at the time of program code installation in 2nd Embodiment.

[1. First Embodiment]
Hereinafter, the first embodiment of the present invention will be described in detail with reference to the drawings. The first embodiment is an embodiment when the present invention is applied to an IoT terminal connected to a server via a network such as the Internet.

As shown in FIG. 1, the communication system includes a server S and an IoT terminal 1. The IoT terminal 1 receives the program code (including the patch file) executed by itself from the server S. The server S and the IoT terminal 1 each store a key used for encryption and decryption, the server S encrypts the program code and sends it to the IoT terminal 1, and the IoT terminal 1 decrypts the program code and then transmits the code. Remember and execute.

[1.1. Configuration of IoT terminal 1]
The configuration of the IoT terminal 1 will be described with reference to FIG. 2 (A). FIG. 2A is a diagram showing a hardware configuration example of the IoT terminal 1. The IoT terminal 1 includes a microcomputer 11, a communication unit 12, an input unit 13, an output unit 14, and a secure element 2.

The microcomputer 11 is configured to include a CPU (Central Processing Unit) 111, a RAM (Random Access Memory) 112, a ROM (Read Only Memory) 113, an I / O circuit 114, and a non-volatile memory 115, and controls the entire IoT terminal 1. To do. For example, the microcomputer 11 performs processing based on the input data and input information input to the input unit 13, and outputs the output data and output information to the output unit 14. The communication unit 12 has an antenna for wireless communication, and performs processing for communicating with the server S via the network N. The input unit 13 inputs input data and input information to the microcomputer 11. For example, if the input unit 13 is a sensor, the detection data is input, if the input unit 13 is a timer, the input data indicating that a certain time has passed is input, and if the input unit 13 is an operation unit such as a keyboard or a button, the operation is performed. Enter the input information that indicates the operation details for the unit. The output unit 14 outputs based on the output data and output information output from the microcomputer 11. For example, if the output unit 14 is an LED (Light Emitting Diode), it emits light, and if it is an audio output device, it outputs audio.

The RAM 112 stores, for example, data temporarily required for the OS (Operating System) and various applications to function. The OS, various applications, and the like are stored in the ROM 113. The I / O circuit 114 serves as a communication interface with the secure element 2. For example, a flash memory or an "Electrically Erasable Programmable Read-Only Memory" can be applied to the non-volatile memory 115. The non-volatile memory 115 stores a program or the like for executing a process described later.

The secure element 2 includes a CPU 21, a RAM 22, a non-volatile memory 23, and an I / O circuit 24. The secure element 2 has high tamper resistance. High tamper resistance means unreasonable observation / modification of confidential information such as keys for encryption, decryption, and signature verification, and the mechanism for processing confidential information from the outside. It means that it is extremely difficult to modify it. In this embodiment, the secure element 2 has higher tamper resistance than the microcomputer 11 which is a non-secure element.

The RAM 22 stores, for example, data temporarily required for the OS and various applications to function.

For example, a flash memory or an "Electrically Erasable Programmable Read-Only Memory" can be applied to the non-volatile memory 23. The non-volatile memory 23 stores an OS, various applications, a program for executing a process described later, a key, and the like.

The I / O circuit 24 serves as a communication interface with the microcomputer 11.

[1.2. Configuration of server device S]
Next, the configuration of the server S will be described with reference to FIG. 2 (B). As shown in FIG. 2B, the server S includes a control unit 31, a storage unit 32, a communication unit 33, a display unit 34, and an operation unit 35.

The storage unit 32 is composed of, for example, an HDD (Hard Disk Drive), an SSD (Solid State Drive), or the like, and stores an OS, a program for executing a process described later, other various data, a key, and the like.

The communication unit 33 controls communication with the IoT terminal 1.

The display unit 34 is composed of, for example, a liquid crystal display or the like, and displays information such as characters and images.

The operation unit 35 is composed of, for example, a keyboard, a mouse, or the like, and receives an operation instruction from an operator and outputs the instruction content as an instruction signal to the control unit 31.

The control unit 31 is composed of a CPU that controls the entire control unit 31, a ROM in which a control program that controls the control unit 31 is stored in advance, and a RAM that temporarily stores various data. Then, the CPU realizes various functions by reading and executing various programs stored in the ROM and the storage unit 32.

[1.3. Program code installation to post-installation processing]
Next, using FIGS. 3 to 8, the process until the server S transmits the encrypted program code to the IoT terminal 1 and the IoT terminal 1 decrypts it and installs the program code, and the IoT terminal 1 This section describes the process when executing the program code installed by.

The server S and the IoT terminal 1 have two sets of common key cryptography keys (common key pairs) and one pair of public key cryptography keys (public key and private key pairs). Share each. Specifically, the server S uses the common key 1 (sometimes called "key 1"), the common key 3 (sometimes called "key 3"), and the private key 2 (sometimes called "key 2"). The IoT terminal 1 holds the common key 1 (sometimes called "key 1"), the common key 3 (sometimes called "key 3"), and the public key 2 (sometimes called "key 2"). To do. That is, the data encrypted by the server S using the key 1 (or key 3) held by the server S can be decrypted by the IoT terminal 1 using the key 1 (or key 3) held by the server S. Further, the IoT terminal 1 can decrypt the data encrypted by the server S using the key 2 held by the server S by using the key 2 held by the server S. Further, the IoT terminal 1 can verify the digital signature generated by the server S using the key 2 (private key) held by the server S by using the key 2 (public key) held by the server S. The server S stores the key 1, the key 2, and the key 3 in the storage unit 32, and the IoT terminal 1 stores the key 1, the key 2, and the key 3 in the non-volatile memory 23 of the secure element 2. Further, the key 1, the key 2, and the key 3 stored in the server S and the IoT terminal 1, respectively, are session keys (keys valid for a certain period of time).

[13.1. Encryption by server S]
First, the flow in which the control unit 31 of the server S encrypts the program code to be installed in the IoT terminal 1 will be described with reference to FIG.

When encrypting the program code 300 installed by the IoT terminal 1, the control unit 31 divides the program code 300 into a program code (PART1) 301 and a program code (PART2) 302. The method of division and the ratio of the data size at the time of division are arbitrary.

Next, the control unit 31 encrypts the program code (PART1) 301 with the key 1 (common key) to generate the encrypted program code (PART1) 301E.

Next, the control unit 31 combines the encryption program code (PART1) 301E and the program code (PART2) 302 to generate a partial encryption program code 300H. Next, the control unit 31 acquires a message digest (hash value) 310 by using a partial encryption program code 300H and a predetermined cryptographic hash function.

Next, the control unit 31 generates a digital signature 311 by encrypting the message digest with the key 2 (private key).

Further, the control unit 31 encrypts the program code (PART2) 302 with the key 3 (common key) to generate the encrypted program code (PART2) 302E.

Next, the control unit 31 combines the encryption program code (PART1) 301E and the encryption program code (PART2) 302E to generate the encrypted data 300E.

As will be described later, the encryption program code (PART2) 302E is decrypted by the microcomputer 11 in the IoT terminal 1, and the encryption program code (PART1) 301E is decrypted by the secure element 2 in the IoT terminal 1. It is preferable that the important part of the program code 300 is decoded by the secure element 2 having higher tamper resistance than the microcomputer 11. Therefore, when the program code 300 is divided, the important portion is divided so as to be included in the program code (PART1) 301. The important part in the program code 300 is, for example, a part in which the address information for specifying the first execution address in the program code is described. Since the address information is generally described at the beginning of the program code, it is preferable to divide the program code 300 so that the portion is included in the program code (PART1) 301.

[1.3.2. Installation of program code by IoT device 1]
Next, the flow until the IoT device 1 downloads the encryption program code 300E from the server S and installs (stores) it in the non-volatile memory 115 of the microcomputer 11 will be described with reference to FIG.

When the microcomputer 11 (CPU111) of the IoT device 1 receives the encryption program code 300E and the digital signature 311 from the server S, the microcomputer 11 (CPU111) divides the encryption program code (PART1) 301E and the encryption program code (PART2) 302E. It should be noted that which part of the encryption program code 300E or the program code 300 is the encryption program code (PART1) 301E or the program code (PART1) 301 may be agreed with the server S in advance, or separately. Information indicating this may be received from the server S.

Next, the microcomputer 11 (CPU111) decrypts the encryption program code (PART2) 302E with the key 3 (common key) and acquires the program code (PART2) 302. The key 3 (common key) is acquired from the secure element 2 and deleted when the decryption is completed.

Next, the microcomputer 11 (CPU111) uses a predetermined cryptographic hash function to digest a message from the encryption program code (PART1) 301E and the program code (PART2) 302 (that is, the partial encryption program code 300H). Hash value) 310S is acquired.

Next, the microcomputer 11 (CPU111) passes the encryption program code (PART1) 301E, the message digest 310S, and the digital signature 311 to the secure element 2.

When the secure element 2 (control unit 21) receives the encryption program code (PART1) 301E, the message digest 310S, and the digital signature 311, the secure element 2 (control unit 21) transfers the digital signature 311 to the key 2 (public key) (nonvolatile memory 23). Decrypt with the stored key 2) and acquire the message digest 310.

Next, the secure element 2 (control unit 21) compares and verifies the message digest 310S and the message digest 310. The secure element 2 (control unit 21) determines that the verification is successful when the message digest 310S and the message digest 310 match, and determines that the verification fails if they do not match.

When the secure element 2 (control unit 21) determines that the verification is successful, the secure element 2 (control unit 21) decrypts the encryption program code (PART1) 301E with the key 3 (common key) (key 3 stored in the non-volatile memory 23). , Acquire the program code (PART1) 301.

Next, the secure element 2 (control unit 21) passes the program code (PART1) 301 to the microcomputer 11.

When the microcomputer 11 (CPU111) receives the program code (PART1) 301 from the secure element 2, the microcomputer 11 (CPU111) installs the program code 300, which is a combination of the program code (PART1) 301 and the program code (PART2) 302, in the non-volatile memory 115 ( Remember).

[1.3.3. Encryption process by server S]
First, the encryption process by the control unit 31 of the server S will be described with reference to the flowchart of FIG.

The control unit 31 of the server S divides the program code 300 into the program code (PART1) 301 and the program code (PART2) 302 (step S101).

Next, the control unit 31 encrypts the program code (PART1) 301 with the key 1 (common key) and acquires the encrypted program code (PART1) 301E (step S102).

Next, the control unit 31 calculates the message digest 310 from the partially encrypted program code 300H composed of the encryption program code (PART1) 301E and the program code (PART2) 302 by using a predetermined cryptographic hash function (step). S103).

Next, the control unit 31 generates a digital signature 311 by encrypting the message digest 310 calculated in the process of step S103 using the key 2 (private key) (step S104).

Next, the control unit 31 encrypts the program code (PART2) 302 with the key 3 (common key) and acquires the encrypted program code (PART2) 302E (step S105).

Next, the control unit 31 includes an encryption program code 300E composed of an encryption program code (PART1) 301E acquired in the process of step S102 and an encryption program code (PART2) 302E acquired in the process of step S105, and step S104. The digital signature 311 generated in the above process is transmitted to the IoT terminal 1 (step S106), and the encryption process is completed.

[13.4. Installation process by IoT terminal 1]
First, the installation process by the microcomputer 11 and the secure element 2 of the IoT terminal 1 will be described with reference to the flowchart of FIG.

When the microcomputer 11 (CPU 111) receives the encryption program code 300E and the digital signature 311 from the server S (step S201), the microcomputer 11 (CPU 111) notifies the secure element 2 to that effect. On the other hand, the secure element 2 (CPU 21) transmits the key 3 (common key) stored in the non-volatile memory 23 to the microcomputer 11 (step S301).

When the microcomputer 11 (CPU111) receives the key 3 (common key) from the secure element 2 (step S202), the microcomputer 11 (CPU111) decrypts the encryption program code (PART2) 302E in the encryption program code 300E with the key 3, and the program code (PART2). ) Acquire 302. Then, the partial encryption program code 300H including the encryption program code (PART1) 301E and the program code (PART2) 302 in the encryption program code 300E is acquired (step S203).

Next, the microcomputer 11 (CPU111) uses a predetermined cryptographic hash function (used by the control unit 31 of the server S in the process of step S103 in FIG. 5) from the partial encryption program code 300H acquired in the process of step S203. The message digest 310S is calculated using the same function as in (step S204).

Next, the microcomputer 11 (CPU111) secures the encryption program code (PART1) 301E in the encryption program code 300E, the message digest 310S calculated in the process of step S204, and the digital signature 311 received from the server S. It is transmitted to the element 2 (step S205).

When the secure element 2 (CPU 21) receives the encryption program code (PART1) 301E, the message digest 310S, and the digital signature 311 from the microcomputer 11 (step S302), then the key 2 (public key) is used. The message digest 310 is extracted from the digital signature 311 by decrypting the digital signature 311 (step S303).

The secure element 2 (CPU 21) compares the message digest 310S received in the process of step S302 with the message digest 310 extracted in the process of step S303 (step S304). If it is determined as a result of comparison that the secure element 2 (CPU 21) does not match (step S305: NO), the secure element 2 (CPU 21) ends the installation process. The secure element 2 (CPU 21) may terminate the installation process after performing error processing. For example, an error notification indicating that the signature verification has failed may be transmitted to the microcomputer 11. When the microcomputer 11 receives the error notification from the IoT terminal 1, the installation process may be terminated, and the server S may be notified that the installation process has failed.

On the other hand, when the secure element 2 (CPU 21) determines that they match as a result of comparing the message digests (step S305: YES), the secure element 2 (CPU 21) stores the message digest 310 (message digest 310S) in the non-volatile memory 23 (step S305: YES). Step S306). The reason for storing in the non-volatile memory 23 is to use it at the first execution of the program code described later.

Next, the secure element 2 (CPU21) decrypts the encryption program code (PART1) 301E received in the process of step S302 with the key 1 (common key), and acquires the program code (PART1) 301 (step S307). ..

Next, the secure element 2 (CPU 21) transmits the program code (PART1) 301 acquired in the process of step S307 to the microcomputer 11 (step S308), and ends the installation process.

When the microcomputer 11 (CPU111) receives the program code (PART1) 301 from the secure element 2 (step S206), the microcomputer 11 (CPU111) is a program code composed of the program code (PART1) 301 and the program code (PART2) 302 acquired in the process of step S203. The 300 is stored in the non-volatile memory 115 (step S207), and the installation process is completed.

[1.3.5. Program code first run-time processing by IoT terminal 1]
Next, the process at the time of initial execution of the program code of the IoT terminal 1 will be described with reference to the flowchart of FIG. 7. The first execution of the program code by the microcomputer 11 is generally performed immediately after the installation process is completed.

First, the microcomputer 11 (CPU 111) transmits the program code 300 to the secure element 2 before executing the program code 300 stored in the non-volatile memory 115 for the first time (step S231).

When the secure element 2 (CPU 21) receives the program code 300 (step S331), the secure element 2 (CPU 21) encrypts the program code (PART1) 301 in the program code 300 with the key 1 (common key) and acquires the encrypted program code (PART1) 301E. (Step S332).

Next, the secure element 2 (CPU 21) has a predetermined cryptographic hash function (FIG.) from the partially encrypted program code 300H composed of the encryption program code (PART1) 301E and the program code (PART2) 302 in the program code 300. The message digest is calculated by the same function as the function used in the process of step S303 in step 6 (step S333).

Next, the secure element 2 (CPU 21) compares the message digest saved in the process of step S306 of FIG. 6 with the message digest calculated in the process of step S333 (step S334). If it is determined as a result of the comparison that the secure element 2 (CPU 21) does not match (step S335: NO), the secure element 2 (CPU 21) ends the program code initial execution time processing. The secure element 2 (CPU 21) may end the program code initial execution processing after performing error processing. For example, an error notification indicating that the verification of the message digest has failed may be transmitted to the microcomputer 11. When the microcomputer 11 receives the error notification from the IoT terminal 1, the microcomputer 11 ends the processing at the time of initial execution of the program code.

On the other hand, the secure element 2 (CPU 21) calculates a check code from the program code 300 (step S336) when it is determined that they match as a result of comparing the message digests (step S335: YES). The method for calculating the check code is arbitrary, but the predetermined cryptographic hash function described above or another cryptographic hash function may be used.

Next, the secure element 2 (CPU 21) stores the check code calculated in the process of S336 in the non-volatile memory 23 (step S337). The reason why the non-volatile memory 23 is stored is that the program code described later is used for the second and subsequent executions.

Next, the secure element 2 (CPU 21) invalidates the message digest saved in the process of step S306 of FIG. 6 (step S338), and transmits a notification to the microcomputer 11 that the verification of the message digest is successful (step S339). ), Ends the processing at the first execution of the program code.

When the microcomputer 11 (CPU 111) receives the notification from the secure element 2 that the verification is successful (step S232), the microcomputer 11 (CPU 111) executes the program code 300 stored in the non-volatile memory 115 (step S233), and executes the program code for the first time. Ends time processing.

[13.6. Program code by IoT terminal 1 Second and subsequent run-time processing]
Next, the run-time processing of the IoT terminal 1 from the second time onward will be described with reference to the flowchart of FIG.

First, the microcomputer 11 (CPU 111) calculates a check code from the program code 300 before executing the program code 300 stored in the non-volatile memory 115 for the second and subsequent times (step S251). For the calculation of the check code, the same calculation method as that used by the secure element 2 in the process of step S336 of FIG. 7 is used.

Next, the microcomputer 11 (CPU111) transmits the check code calculated in the process of step S251 to the secure element 2 (step S252).

When the secure element 2 (CPU 21) receives the check code from the microcomputer 11 (step S351), the secure element 2 (CPU 21) compares it with the check code saved in the process of step S337 of FIG. 7 (step S352). If it is determined as a result of the comparison that the secure element 2 (CPU 21) does not match (step S353: NO), the secure element 2 (CPU 21) ends the run-time processing from the second time onward of the program code. The secure element 2 (CPU 21) may terminate the run-time processing from the second time onward of the program code after performing the error processing. For example, an error notification indicating that the check code verification has failed may be transmitted to the microcomputer 11. When the microcomputer 11 receives the error notification from the IoT terminal 1, the microcomputer 11 ends the run-time processing from the second time onward of the program code.

On the other hand, when the secure element 2 (CPU 21) determines that they match as a result of the check code comparison (step S353: YES), the secure element 2 (CPU 21) transmits a notification to the microcomputer 11 that the check code verification is successful (step S353: YES). S354), the run-time processing is terminated after the second time of the program code.

When the microcomputer 11 (CPU 111) receives the notification from the secure element 2 that the verification is successful (step S253), the microcomputer 11 (CPU 111) executes the program code 300 stored in the non-volatile memory 115 (step S254), and the program code is second. After that, the run-time processing ends.

Although it has been explained that the key 1, the key 2, and the key 3 are session keys (keys valid for a certain period of time), at least from the process of step S102 in FIG. 6 to the completion of the process in step S332 of FIG. It shall be valid.

[2. Second Embodiment]
Next, a second embodiment of the present invention will be described with reference to the drawings. The second embodiment differs from the first embodiment in the method of encrypting and decrypting the program code. Since the second embodiment has many parts in common with the first embodiment, the differences thereof will be mainly described, and the common members and treatments will be omitted.

[2.1. Configuration of IoT terminal 1 and server device S]
Since the configurations of the IoT terminal 1 and the server device S in the second embodiment are the same as those in the first embodiment, the description thereof will be omitted.

[2.2. Program code installation to post-installation processing]
[2.2.1. Encryption by server S]
A flow in which the control unit 31 of the server S in the second embodiment encrypts the program code to be installed in the IoT terminal 1 will be described with reference to FIG.

First, the flow from the program code 300 to the generation of the partially encrypted program code 300H and the digital signature 311 by the control unit 31 is the same as that in the first embodiment.

In the second embodiment, the partial encryption program code 300H is encrypted with the key 3 (common key) to generate the encryption program code 320E.

As will be described later, the encryption program code 320E is decrypted by the microcomputer 11 in the IoT terminal 1, and the encryption program code (PART1) 301E is decrypted by the secure element 2 in the IoT terminal 1. Similar to the first embodiment, it is preferable that the important part in the program code 300 is decoded by the secure element 2 having higher tamper resistance than the microcomputer 11. Therefore, when the program code 300 is divided, the important portion is divided so as to be included in the program code (PART1) 301. The important part in the program code 300 is, for example, a part in which the address information for specifying the first execution address in the program code is described. Since the address information is generally described at the beginning of the program code, it is preferable to divide the program code 300 so that the portion is included in the program code (PART1) 301.

[2.2.2. Installation of program code by IoT device 1]
Next, using FIG. 10, the IoT device 1 in the second embodiment downloads the encryption program code 320E from the server S, and installs (stores) the decrypted program code 300 in the non-volatile memory 115 of the microcomputer 11. The flow up to is explained.

When the microcomputer 11 (CPU111) of the IoT device 1 receives the encryption program code 320E and the digital signature 311 from the server S, the microcomputer 11 (CPU111) decrypts the encryption program code 320E with the key 3 (common key), and the encryption program code (PART1). Acquires a partially encrypted program code 300H composed of 301E and program code (PART2) 302.

Next, the microcomputer 11 (CPU111) acquires a message digest (hash value) 310S from the partial encryption program code 300H by using a predetermined cryptographic hash function.

After that, the microcomputer 11 (CPU111) passes the encryption program code (PART1) 301E, the message digest 310S, and the digital signature 311 to the secure element 2, and the secure element 2 (CPU21) verifies the digital signature 311. The program code (PART1) 301 obtained by decrypting the encryption program code (PART1) 301E is returned to the microcomputer 11, and the microcomputer 11 (CPU111) is a program composed of the program code (PART1) 301 and the program code (PART2) 302. Since the flow until the code 300 is installed (stored) in the non-volatile memory 115 is the same as that in the first embodiment, the description thereof will be omitted.

[2.22.3. Encryption process by server S]
Next, the encryption process by the control unit 31 of the server S in the second embodiment will be described with reference to the flowchart of FIG.

Since the processing of steps S101 to S104 by the control unit 31 of the server S is the same as that of the first embodiment, the description thereof will be omitted.

When the control unit 31 finishes the process of step S104, the control unit 31 then encrypts the partial encryption program code 300H with the key 3 (common key) and acquires the encryption program code 320E (step S105A).

Next, the control unit 31 transmits the encryption program code 320E acquired in the process of step S105A and the digital signature 311 generated in the process of step S104 to the IoT terminal 1 (step S106), and performs the encryption process. finish.

[2.2.4. Installation process by IoT terminal 1]
Next, the installation process by the microcomputer 11 and the secure element 2 of the IoT terminal 1 in the second embodiment will be described with reference to the flowchart of FIG.

Since the processing of steps S201 to S202 by the microcomputer 11 (CPU111) and the processing of step S301 by the secure element 2 (CPU21) are the same as those in the first embodiment, the description thereof will be omitted.

After the processing of step S202 is completed, the microcomputer 11 (CPU111) decrypts the encryption program code 320E received in the processing of step S201 with the key 3 (common key), and acquires a partial encryption program code 300H. (Step S203A).

Hereinafter, the processing of steps S204 to S207 by the microcomputer 11 (CPU111) and the processing of steps S302 to S308 by the secure element 2 (CPU21) are the same as those in the first embodiment, and thus the description thereof will be omitted.

[2.2.5. Program code run-time processing by IoT terminal 1]
Since the first execution processing of the program code by the IoT terminal 1 and the second and subsequent execution processing of the program code by the IoT terminal 1 in the second embodiment are the same as those in the first embodiment, the description thereof will be omitted.

As described above, the IoT terminal 1 of the first embodiment and the second embodiment includes the microcomputer 11 (an example of the "first device") and the secure element 2 ("second") having higher tamper resistance than the microcomputer 11. The CPU 111 (an example of the "receiving means" and the "first decoding means") of the microcomputer 11 includes the key 3 (common) with respect to the program code 300 (an example of the "predetermined data") including the "equipment"). An encryption process using a key) (an example of a "first encryption key") (an example of a "first encryption process") and an encryption using a key 1 (common key) (an example of a "second encryption key") The processing (an example of the "second encryption processing") and the encryption program code 300E (an example of the "encrypted data") obtained by performing the processing are received from the server S (an example of the "external device"). Decryption using key 3 (common key) (an example of "first decryption key") for data encrypted by encryption processing using key 3 (common key) in the received encryption program code 300E. The process (an example of the "first decryption process") is performed, and the CPU 21 of the secure element 2 (an example of the "second decryption means") is encrypted using the key 1 (common key) in the received encryption program code 300E. A decryption process (an example of the "second decryption process") using the key 1 (common key) (an example of the "second decryption key") is performed on the data encrypted by the process.

Therefore, according to the IoT terminal 1 of the first embodiment and the second embodiment, when the encryption program code 300E is received from the server device S, the microcomputer 11 uses the key 3 (common key) in the encryption program code 300E. The data encrypted by the encryption process used is decrypted using the key 3 (common key), and the secure element 2 is encrypted using the key 1 (common key) in the encryption program code 300E. Decryption processing using key 1 (common key) is performed on the data encrypted by the processing. That is, since data obtained from a source other than a reliable source cannot be properly decrypted, the microcomputer 11 stores only the data that can be normally decrypted from the encryption program code 300E, so that the stored data can be transmitted reliably. You can limit it to what you originally obtained.

Further, in the IoT terminal 1 according to the first embodiment and the second embodiment, the non-volatile memory 115 (an example of the "data storage means") of the microcomputer 11 is subjected to a decryption process using the key 3 (common key) and the key 1 (an example of the "data storage means"). The program code 300 obtained by the decryption process using the common key) is stored. As a result, the microcomputer 11 can store only the data that can be normally decrypted from the encryption program code 300E (encryption program code 320E), that is, the data obtained from a reliable source.

Further, in the IoT terminal 1 of the first embodiment, the encryption program code 300E uses the key 1 (common key) for the program code (PART1) 301 (an example of the "first part") in the program code 300. Key 3 (common key) is applied to the encryption program code (PART1) 301E obtained by performing the encryption processing and the program code (PART2) 302 (an example of the "second part") in the program code 300. It is composed of the encryption program code (PART2) 302E obtained by performing the encryption process used, and the CPU 111 of the microcomputer 11 is the key 3 with respect to the encryption program code (PART2) 302E in the encryption program code 300E. The decryption process using the (common key) is performed, and the CPU 21 of the secure element 2 performs the decryption process using the key 1 (common key) for the encryption program code (PART1) 301E in the encryption program code 300E. The non-volatile memory 115 of the microcomputer 11 has a program code (PART1) 301 obtained by a decoding process using the key 1 (common key) and a program code (PART1) 301 obtained by the decoding process using the key 3 (common key). Stores the program code 300 including PART2) 302. As a result, the non-volatile memory 115 of the microcomputer 11 has a program code 300 (that is, reliable) composed of the program code (PART1) 301 decoded by the microcomputer 11 and the program code (PART2) 302 decoded by the secure element 2. Data obtained from the source) can be stored.

Furthermore, the CPU 111 of the microcomputer 11 of the IoT terminal 1 in the first embodiment is a partial encryption program code 300H (“partial encryption” composed of an encryption program code (PART1) 301E and a program code (PART2) 302. Digital signature 311 generated by using the message digest 310 generated by the process using a predetermined cryptographic hash function (an example of the "first generation process") and the private key 2 for "an example of the encrypted data"). Is further received from the server S, and the CPU 21 of the secure element 2 (an example of the "acquisition means" and the "first comparison means") decrypts the digital signature 311 using the public key 2 corresponding to the private key 2. The message digest 310 is acquired, and the encryption program code (PART1) 301E in the encryption program code 300E received by the microcomputer 11 and the program code (PART2) 302 obtained by the decryption process using the key 3 (common key). Compared with the message digest 310S generated by processing using a predetermined cryptographic hash function for the partially encrypted program code 300H composed of, key 1 (common key) when the comparison results are in agreement. ) Is used for decryption processing. As a result, only when the verification of the digital signature is successful, the decoding process using the key 1 (common key) and the process of storing the program code 300 in the non-volatile memory 115 of the microcomputer 11 are executed, so that the microcomputer 11 is executed. The program code 300 obtained from a reliable source can be stored.

Furthermore, in the IoT terminal 1 of the second embodiment, the encryption program code 320E is obtained by performing an encryption process using the key 1 (common key) on the program code (PART1) 301 in the program code 300. Encryption processing using key 3 (common key) for partially encrypted program code 300H composed of the encrypted program code (PART1) 301E and the program code (PART2) 302 in the program code 300 ( This is the data obtained by performing "an example of the first encryption process"), and the CPU 111 of the microcomputer 11 performs a decryption process using the key 3 (common key) on the encryption program code 320E, and secure element. The CPU 21 of 2 performs a decryption process using the key 1 (common key) for the encryption program code (PART1) 301E in the partial encryption program code 300H, and the non-volatile memory 115 of the microcomputer 11 uses the key 3 (P). The program code (PART1) 301 obtained by the decryption process using the key 3 (common key) and the program code (PART2) 302 in the partially encrypted program code 300H obtained by the decryption process using the key 3 (common key). The program code 300 composed of ,, is stored. As a result, the non-volatile memory 115 of the microcomputer 11 has a program code 300 (that is, reliable) composed of the program code (PART1) 301 decoded by the microcomputer 11 and the program code (PART2) 302 decoded by the secure element 2. Data obtained from the source) can be stored.

Furthermore, the CPU 111 of the microcomputer 11 of the IoT terminal 1 in the second embodiment is a predetermined encryption for the partial encryption program code 300H composed of the encryption program code (PART1) 301E and the program code (PART2) 302. The digital signature 311 generated by using the message digest 310 generated by the process using the hash function (an example of the "first generation process") and the private key 2 is further received from the server S, and the secure element 2 is further received. CPU 21 (an example of "acquisition means" and "first comparison means") acquires the message digest 310 by decrypting the digital signature 311 using the public key 2 corresponding to the private key 2, and the key 3 (common). When compared with the message digest 310S generated by the processing using the predetermined cryptographic hash function for the partial encryption program code 300H obtained by the decryption processing using the key), and the comparison results are in agreement. , Performs decryption processing using key 1 (common key). As a result, only when the verification of the digital signature is successful, the decoding process using the key 1 (common key) and the process of storing the program code 300 in the non-volatile memory 115 of the microcomputer 11 are executed, so that the microcomputer 11 is executed. The program code 300 obtained from a reliable source can be stored.

Furthermore, the non-volatile memory 23 (an example of the "message digest storage means") of the secure element 2 of the IoT terminal 1 in the first embodiment and the second embodiment is a comparison between the message digest 310S and the message digest 310 (FIG. 6). When the results of step S304) are in agreement, the compared message digest 310 (message digest 310S) is stored, and the CPU 111 (example of "program code executing means" and "program code transmitting means") of the microcomputer 11 stores the compared message digest 310 (message digest 310S). When the program code 300 is executed for the first time, the program code 300 stored in the non-volatile memory 115 is transmitted to the secure element 2 before the execution, and the CPU 21 of the secure element 2 (“program code receiving means”, “ An example of the "message digest generation means", "second comparison means", and "notification means") receives the program code 300 transmitted by the microcomputer 11, and the key 1 (for the program code (PART1) 301 in the program code 300) The encryption program code (PART1) 301E is acquired by performing the encryption process using the common key), and is composed of the encryption program code (PART1) 301E and the program code (PART2) 302 in the program code 300H. A message digest generated by processing using a predetermined cryptographic hash function for the partial encryption program code 300H is generated and compared with the message digest stored in the non-volatile memory 23 (step S334 in FIG. 7) and compared. When the results of the above are the same, the microcomputer 11 is notified to that effect, and when the CPU 111 of the microcomputer 11 transmits the program code 300 to the secure element 2, the notification that the comparison results are the same is notified. Is received from the secure element 2, and then the program code 300 is executed. As a result, for example, when the program code 300 stored in the non-volatile memory 115 in the process of step S207 of FIG. 6 is modified by an attack, the result of the comparison by the secure element 2 (step S334 of FIG. 7) is obtained. The program code 300 is not executed because of the mismatch. That is, when the program code 300 stored in the non-volatile memory 115 is modified, it is possible to prevent the CPU 111 of the microcomputer 11 from executing the program code 300.

Furthermore, the non-volatile memory 23 (an example of the "check code generation means") of the secure element 2 of the IoT terminal 1 in the first embodiment and the second embodiment has the same comparison results in the process of step S334 of FIG. If this is the case, a check code is generated by a cryptographic hash function (an example of the “second generation process”) for the program code 300 received in the process of step S331 in FIG. 7, and the non-volatile memory 23 of the secure element 2 ( An example of "check code storage means") stores the generated check code. The CPU 111 of the microcomputer 11 (an example of the “check code transmitting means”) encrypts the program code 300 stored in the non-volatile memory 115 before executing the program code 300 for the second time or later. A check code is generated by a hash function (“an example of the second generation process), transmitted to the secure element 2, and the CPU 21 of the secure element 2 (“check code receiving means”, “third comparison means”, “second notification means”. (Example) receives the check code transmitted from the microcomputer 11 and compares it with the check code stored in the non-volatile memory 23 (step S352 in FIG. 8), and when the comparison results are in agreement, the check code is compared. Notify the microcomputer 11 to that effect. When the CPU 111 of the microcomputer 11 transmits the check code to the secure element 2, the CPU 111 executes the program code 300 after receiving a notification that the results of the check code comparison by the secure element 2 are in agreement. As a result, for example, when the program code 300 stored in the non-volatile memory 115 is modified by an attack after being executed in the process of step S233 of FIG. 7, comparison by the secure element 2 (step S352 of FIG. 8). ) Will be inconsistent, so the program code 300 will not be executed. That is, when the program code 300 stored in the non-volatile memory 115 is modified, it is possible to prevent the CPU 111 of the microcomputer 11 from executing the program code 300. Further, since the check code can be calculated without using the key 1 (common key) as in the message digest, the time required for the comparison verification of the check code is shorter than the time required for the comparison verification of the message digest. That is, when the CPU 111 executes the program code 300, the modification check of the program code 300 can be completed in a short time, and the time until the program code 300 is executed can be shortened.

Furthermore, the non-volatile memory 23 (an example of "key storage means") of the secure element 2 of the IoT terminal 1 in the first embodiment and the second embodiment stores the key 1 (common key). As a result, the key 1 (common key) can be held more safely than being stored in the non-volatile memory 115 of the microcomputer 11.

Furthermore, in the IoT terminal 1 in the first embodiment and the second embodiment, the program code (PART1) 301 includes the address information for specifying the first execution address in the program code 300, so that the microcomputer 11 The secure element 2 having higher tamper resistance can decrypt the encryption program code (PART1) 301E including the address information which is an important part in the program code 300.

Furthermore, the secure element 2 (an example of an "electronic device") of the IoT terminal 1 in the first embodiment and the second embodiment has a key 3 (common) with respect to the program code 300 (an example of "predetermined data"). An encryption process using a key) (an example of a "first encryption key") (an example of a "first encryption process") and an encryption using a key 1 (common key) (an example of a "second encryption key") The processing (an example of "second encryption processing") and the encryption program code 300E (encryption program code 320E) (an example of "encrypted data") obtained by performing the processing are transferred to the server S ("external device"). For data received from (one example) and encrypted by the encryption process using the key 3 (common key) in the encryption program code 300E (encryption program code 320E), the key 3 (common key) (" A microcomputer 11 (“predetermined device”) including a CPU 111 (an example of a “receiving means” and a “first decoding means”) that performs a decoding process (an example of a “first decoding process”) using an example (an example of a first decoding key). The CPU 21 (an example of the "receiving means", the "second decoding means", and the "delivery means") has a higher tamper resistance than the "example"), and the key 1 (common key) in the encryption program code 300E is transmitted from the microcomputer 11. ) Is received and the data encrypted by the encryption process using the key 1 (common key) is decrypted with respect to the data. Key 1 (common key) A decoding process (an example of the "second decoding process") using (an example of the "second decoding key") is performed, and the data acquired by the decoding process is passed to the microcomputer 11.

Therefore, according to the secure element 2 of the first embodiment and the second embodiment, when the encryption program code 300E is received from the server device S, the microcomputer 11 uses the key 3 (common key) in the encryption program code 300E. The data encrypted by the encryption process used is subjected to decryption processing using the key 3 (common key), and the secure element 2 is encrypted using the key 1 (common key) in the encryption program code 300E. Decryption processing using key 1 (common key) is performed on the data encrypted by the processing. That is, since data obtained from a source other than a reliable source cannot be properly decrypted, the microcomputer 11 stores only the data that can be normally decrypted from the encryption program code 300E, so that the stored data can be transmitted reliably. You can limit it to what you originally obtained.

Since the processing speed of the secure element 2 is generally slower than that of the microcomputer 11 and the secure element 2, when the server S divides the program code 300, the program code (PART1) 301 is changed to the program code (PART2). ) By making it smaller than 302, the time required for the decryption process of the encryption program code 300E in the IoT device 1 can be shortened.

[3. Modification example]
Next, a modified example of this embodiment will be described. The modifications described below can be combined as appropriate.

[3.1. Modification 1]
In the first embodiment and the second embodiment, the key 3 (common key) is stored in the non-volatile memory 23 of the secure element 2, and the microcomputer 11 receives the encryption program code 300E and the digital signature 311 from the server S. In this case, it was decided to receive the key 3 (common key) from the secure element 2 and perform the decryption process, but the key 3 (common key) is stored in the non-volatile memory 115 of the microcomputer 11 during the decryption process. The key 3 (common key) stored in the non-volatile memory 115 may be used for this.

[3.2. Modification 2]
In the first embodiment and the second embodiment, the case where the target to be received from the server S, decoded and stored is the program code 300 has been described. However, regardless of the type of the target, for example, the control of the IoT device 1 It may be a set value or the like used for.

[3.3. Modification 3]
In the first embodiment and the second embodiment, the CPU 111 of the microcomputer 11 calculates the message digest 310S from the partially encrypted program code 300H in the process of step S204 of FIG. 6 (FIG. 12), but the secure element 2 The CPU 21 of the above may acquire a partial encryption program code 300H from the microcomputer 11 and calculate it.

1 IoT terminal 11 Microcomputer 111 CPU
112 RAM
113 ROM
114 I / O circuit 115 Non-volatile memory 12 Communication unit 13 Input unit 14 Output unit 2 Secure element 21 CPU
22 RAM
23 Non-volatile memory 24 I / O circuit S server 31 Control unit 32 Storage unit 33 Communication unit 34 Display unit 35 Operation unit N network

Claims (13)

An information processing device including a first device and a second device having a higher tamper resistance than the first device.
The first device is
Receiving the encrypted data obtained by performing the first encryption process using the first encryption key and the second encryption process using the second encryption key on the predetermined data from the external device. Means and
A first decryption process using a first decryption key capable of decrypting the data encrypted by the first encryption process with respect to the data encrypted by the first encryption process in the received encrypted data. A first decoding means for performing the above,
The second device is
A second decryption process using a second decryption key capable of decrypting the data encrypted by the second encryption process with respect to the data encrypted by the second encryption process in the received encrypted data. An information processing apparatus including a second decoding means for performing the above. The information processing device according to claim 1.
The first device is an information processing apparatus further comprising a data storage means for storing the predetermined data obtained by the first decoding process and the second decoding process. The information processing device according to claim 2.
The encrypted data excludes the first encrypted data obtained by performing the second encryption process on the first part of the predetermined data and the first part of the predetermined data. It is composed of the second encrypted data obtained by performing the first encryption process on the second part, which is the remaining part.
The first decryption means performs the first decryption process on the second encrypted data in the received encrypted data.
The second decryption means performs the second decryption process on the first encrypted data in the received encrypted data.
The data storage means stores the predetermined data composed of the first portion obtained by the second decoding process and the second portion obtained by the first decoding process. An information processing device characterized by. The information processing device according to claim 3.
The receiving means is generated by using the message digest generated by the first generation process for the partially encrypted data composed of the first encrypted data and the second part, and the private key. Further receiving a digital signature from the external device
The second device is
An acquisition means for acquiring a message digest by decrypting the digital signature using a public key corresponding to the private key.
The first generation process for partially encrypted data composed of the first encrypted data in the encrypted data received by the receiving means and the second portion obtained by the first decryption process. A first comparison means for comparing the message digest generated by the above and the message digest acquired by the acquisition means is further provided.
The information processing apparatus is characterized in that the second decoding means performs the second decoding process when the results of comparison by the first comparison means are in agreement. The information processing device according to claim 2.
The encrypted data excludes the first encrypted data obtained by performing the second encryption process on the first part of the predetermined data and the first part of the predetermined data. It is the data obtained by performing the first encryption process on the partially encrypted data composed of the second part which is the remaining part and the second part.
The first decryption means performs the first decryption process on the received encrypted data, and then performs the first decryption process.
The second decryption means performs the second decryption process on the first encrypted data in the partially encrypted data obtained by the first decryption process.
The data storage means is composed of the first part obtained by the second decryption process and the second part of the partially encrypted data obtained by the first decryption process. An information processing device characterized by storing predetermined data. The information processing device according to claim 5.
The receiving means is generated by using the message digest generated by the first generation process for the partially encrypted data composed of the first encrypted data and the second part, and the private key. Further receiving a digital signature from the external device
The second device is
An acquisition means for acquiring a message digest by decrypting the digital signature using a public key corresponding to the private key.
A first comparison means for comparing the message digest generated by the first generation process with respect to the partially encrypted data obtained by the first decryption process and the message digest acquired by the acquisition means is further provided.
The information processing apparatus is characterized in that the second decoding means performs the second decoding process when the results of comparison by the first comparison means are in agreement. The information processing device according to claim 4 or 6.
The predetermined data is a program code and
The second device is
A message digest storage means for storing the compared message digests when the results of the comparison by the first comparison means are in agreement is further provided.
The first device is
A program code execution means for executing the program code and
Further provided is a program code transmitting means for transmitting the program code stored in the data storage means to the second device before the execution of the program code by the program code executing means for the first time. ,
The second device is
A program code receiving means for receiving the program code transmitted by the program code transmitting means, and a program code receiving means.
The first encrypted data is acquired by performing the second encryption process on the first part of the program code received by the program code receiving means, and the first encrypted data and the program code are used. A message digest generation means for generating a message digest by the first generation process for partially encrypted data composed of the second part, and
A second comparison means for comparing the message digest stored by the message digest storage means and the message digest generated by the message digest generation means.
If the results of the comparison by the second comparison means are in agreement, a notification means for notifying the first device to that effect is further provided.
When the program code transmitting means transmits the program code, the program code executing means executes the program code after receiving a notification that the comparison results by the second comparing means are in agreement. An information processing device characterized by this. The information processing device according to claim 7.
The second device is
A check code generation means that generates a check code by a second generation process for the program code received by the program code receiving means when the results of the comparison by the second comparison means match.
A check code storage means for storing the check code generated by the check code generation means is further provided.
The first device is
In the case where the program code is executed by the program code executing means for the second time or later, a check code is generated by the second generation process for the program code stored in the data storage means, and the check code is generated. Further equipped with a check code transmission means for transmitting to the second device,
The second device is
A check code receiving means for receiving the check code transmitted by the check code transmitting means, and a check code receiving means.
A third comparison means for comparing the check code received by the check code receiving means with the check code stored in the check code storage means.
When the results of comparison by the third comparison means are in agreement, a second notification means for notifying the first device to that effect is further provided.
When the check code transmitting means transmits the check code, the program code executing means executes the program code after receiving a notification that the comparison results by the third comparing means are in agreement. An information processing device characterized by this. The information processing device according to any one of claims 1 to 8.
The first device is a non-secure element and
The second device is an information processing device characterized by being a secure element. The information processing device according to any one of claims 1 to 9.
The second device is an information processing device further comprising a key storage means for storing the second decryption key. The information processing device according to any one of claims 1 to 10.
The predetermined data is a program code and
The first portion is an information processing apparatus including address information for specifying a first execution address in the program code. A method for decrypting encrypted data in an information processing device including a first device and a second device having a higher tamper resistance than the first device.
In the encrypted data obtained by the first apparatus performing a first encryption process using the first encryption key and a second encryption process using the second encryption key on the predetermined data. A first decryption step of performing a first decryption process using a first decryption key capable of decrypting the data encrypted by the first encryption process on the data encrypted by the first encryption process. ,
The second device uses a second decryption key capable of decrypting the data encrypted by the second encryption process in the encrypted data with respect to the data encrypted by the second encryption process. The second decoding step of performing the second decoding process and
A method of decrypting encrypted data, which comprises. Receiving the encrypted data obtained by performing the first encryption process using the first encryption key and the second encryption process using the second encryption key on the predetermined data from the external device. A first method using means and a first decryption key capable of decrypting the data encrypted by the first encryption process in the received encrypted data by the first encryption process. (1) An electronic device having a tamper resistance higher than that of a predetermined device including a first decoding means for performing a decryption process.
A receiving means for receiving the data encrypted by the second encryption process in the encrypted data from the predetermined device, and
For the data encrypted by the second encryption process received by the receiving means, a second decryption process using a second decryption key capable of decrypting the data encrypted by the second encryption process is performed. The second decoding means to be performed and
A delivery means for delivering the data acquired by the second decoding process to the predetermined device, and
An electronic device characterized by being equipped with.

Images