JP3344810B2 - Software protection system - Google Patents

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a software protection system, and more particularly, to a software protection system in which software stored in a recording medium is executed only by a predetermined execution unit.

[0002]

2. Description of the Related Art In recent years, various multimedia devices have been developed, and many paid multimedia software including games and educational software have been sold.
However, the protection of such software is incomplete, and a large number of illegally copied software is now available. In order to prevent such illegal copying, there are laws and regulations such as patent law and copyright law, but at the same time, software protection from the mechanism side is also necessary.

For example, there is a method in which a copy function provided by an OS (operating system) cannot be copied by making a format of a recording medium (a floppy disk or the like) for storing software special. . However, even in such a method, copying can be performed in many cases by using a copy tool of a type that performs copying bit by bit. In addition, for the authorized user, there is a problem that a backup disk cannot be created.

[0004] A method of encrypting software to prevent copy has been proposed. This method is disclosed in, for example, JP-A-61-145842. FIG.
The configuration is shown in FIG. 7, a personal computer 501 includes an encryption mechanism 502. A program 503 sold by a software distributor is encrypted with a unique file key KF, and is stored as a single program file on a disk (Japanese Patent Application Laid-Open No. 61-14564).
No. 2, it is called a diskette).

[0005] A user who purchases a disk storing the encrypted program 503 must first obtain a secret password generated at the key distribution center 504 from a software distributor. With this password, the encrypted program 503 can be decrypted and executed only by a pre-designated personal computer 501 having a properly initialized encryption mechanism 502. This secret password is unique to the particular program and the particular computer on which it is restored and executed. With this password, no other encrypted program can be restored on that computer, and the same encrypted program cannot be restored on another computer. Further, even if the disk on which the encrypted program is stored is copied, it cannot be restored on a computer other than the personal computer designated in advance, and the copying makes no sense. This implements a copy protection function.

[0006]

However, in the above-mentioned conventional software protection method, even if the owner of the software is legitimate, the software cannot be executed by a device other than the designated execution device. And it is difficult to transfer software to other users.

In order to be able to run elsewhere,
It is conceivable that not only a recording medium storing software but also a pre-designated personal computer 501 is moved. However, considering that the personal computer 501 is generally large and hard to move as compared with a recording medium, it is impractical. is there.

On the other hand, in order to make the transfer of software effective, it is conceivable to transfer the software for each personal computer 501 to another user. However, this is also the case where the personal computer 501 originally belongs to that user. It is also impractical to transfer one piece of software to another user in consideration of the fact that the software of the present invention is executed. In this case, it is conceivable that the user creates software for the transfer destination user, but since the original software can be executed even at the transfer source, a substantial transfer is not established.

Therefore, an object of the present invention is to provide a software protection system that can execute software on another execution unit and that can also prevent illegal copying. Another object of the present invention is to provide a software protection system suitable for lending software. Still another object of the present invention is to provide a software protection system that can control the number of times software is copied.

[0010]

The invention according to claim 1 is
A software protection system that causes software stored in a recording medium to be executed only by a pre-designated executor, wherein the recording medium includes software, first unique information unique to the software or the recording medium, Executor that is to execute the software stores second unique information unique to the device, and reads out the software and the second unique information from the recording medium, and the second unique information is unique to the own device. Checking means for accepting the execution of the software only in the case of the information of
Conversion means for converting the second unique information stored in the recording medium into information unique to another executor designated by the executor designation means; non-executable information storage means for storing information on unexecutable software; When a change destination of the executor is designated by the executor designation means, the first one stored in the recording medium is
Unique information writing means for writing the unique information in the execution impossible information storage means, and the first information stored in the recording medium.
First execution control means for controlling the check means so as not to accept the execution of the software stored in the recording medium when the same unique information as the unique information is stored in the non-executable information storage means. ing.

According to a second aspect of the present invention, in the first aspect of the invention, the recording medium further stores a cumulative number in pair with the first unique information, and the non-executable information storage means includes: Further, the reference number is stored in pairs with the first unique information, the initial values of the cumulative number and the reference number are selected to be the same value, and the execution unit changes the execution unit by the execution unit designation means. When the destination is designated, the apparatus further comprises an adding means for adding a predetermined value to each of the cumulative number and the reference number, wherein the first execution control means has the same unique information as the first unique information stored in the recording medium. If the information is not stored in the non-executable information storage unit, or if the first
If the same unique information as the unique information is stored in the non-executable information storage means but the cumulative number is larger than the reference number,
The check means is given permission to execute the software stored in the recording medium, and the first means stored in the recording medium is
If the same unique information as the unique information is stored in the non-executable information storage means and the cumulative number is equal to or smaller than the reference number, execution of the software stored in the recording medium is not permitted. Is given to the checking means.

According to a third aspect of the present invention, in the first aspect of the present invention, a random number is further stored in the recording medium in pair with the first unique information, and the non-executable information storage means further stores , A random number is stored in pairs with the first unique information, and the executor further includes a random number generating means for generating a random number when a change destination of the executor is specified by the executor specifying means, and a random number generating means. Random number writing means for adding the random number to the non-executable information storage means each time a random number is generated, and random number rewriting means for rewriting the random number stored in the recording medium each time the random number is generated by the random number generation means The first execution control means is provided when the same unique information as the first unique information stored in the recording medium is not stored in the non-executable information storage means, or is stored in the recording medium. If the same unique information as the first unique information is stored in the non-executable information storage means, but the same random number as the random number stored in the recording medium is not stored in the non-executable information storage means, The execution permission of the software stored in the recording medium is given to the checking means, and the same unique information as the first unique information stored in the recording medium is stored in the non-executable information storage means. When the same random number as the stored random number is stored in the non-executable information storage unit, execution of the software stored in the recording medium is not permitted to the check unit.

According to a fourth aspect of the present invention, in any one of the first to third aspects of the invention, the software stored in the recording medium is encrypted, and the second unique information stored in the recording medium is: The encrypted software key is an encrypted software key, and the check means includes secret information storage means for storing secret information different for each execution device, and soft key decryption means for reading the soft key from a recording medium and decrypting the secret key using the secret information. And software decryption means for reading the encrypted software from the recording medium and decrypting using the decrypted software key,
Software execution means for executing the decrypted software, the conversion means, the decrypted soft key,
Soft key encryption means for encrypting only the secret information in another execution unit designated by the execution unit designation means so that the secret information can be decrypted, and an encrypted soft key stored in the recording medium,
And a soft key rewriting means for rewriting to a soft key encrypted by the soft key encryption means.

According to a fifth aspect of the present invention, in the fourth aspect of the invention, the recording medium further includes at least one of the encrypted software, the first unique information, the encrypted software key, and the cumulative number. The digital signature information created for any one of them is stored.
Further, it checks whether the digital signature information stored in the recording medium is valid, and if not, controls the checking means so as not to accept the execution of the software stored in the recording medium. When the change destination of the executor is designated by the control means or the executor designation means,
Digital signature information creating means for creating digital signature information using secret information, and signature information rewriting means for rewriting digital signature information stored in a recording medium to digital signature information created by the digital signature information creating means. ing.

According to a sixth aspect of the present invention, in any one of the first to fifth aspects of the present invention, the recording medium further stores the number of copies that can be made, and the executor further executes the number of copies of the recording medium. Cumulative storage means for storing the cumulative number indicating, a copy control means for executing the copy of the recording medium only when the number of permitted copies stored in the recording medium is larger than the cumulative number stored in the cumulative number storage means, And a cumulative number updating means for updating the cumulative number stored in the cumulative number storing means each time the copy control means executes copying of the recording medium.

According to a seventh aspect of the present invention, when renting a recording medium storing software, the executor on the lender performs a change procedure to specify an executor on the borrower side capable of executing the software. A software protection system, wherein the recording medium includes encrypted software, software / recording medium specific information specific to the software or the recording medium, and an encrypted second code specific to the lender's execution unit. 1 and an encrypted second soft key unique to the borrower's executor, and the lender's executor stores a first secret unique to the borrower's executor. First secret information storage means for storing information, first soft key decryption means for reading a first soft key from a recording medium and decrypting the first soft key using the first secret information;
First software decryption means for reading the encrypted software from the recording medium and decrypting using the decrypted first software key, first software execution means for executing the decrypted software, software Executor designating means for designating an executor on the borrower's side, and a second soft key capable of decrypting the decrypted first soft key only by the executor on the borrower's side designated by the executor designating means And a soft key rewriting means for rewriting the encrypted second soft key stored in the recording medium into a second soft key encrypted by the soft key encryption means. In preparation, the borrower's implement is
A second secret information storage unit for storing second secret information unique to the borrower's executor, a second soft key read from the recording medium, and decrypted using the second secret information;
Soft key decryption means, second software decryption means for reading the encrypted software from the recording medium and decrypting using the decrypted second soft key, and second software decrypting means for executing the decrypted software (2) software execution means, return procedure instructing means for instructing a return procedure of the recording medium, non-executable information storage means for storing information about unexecutable software, and when the return procedure is instructed by the return procedure instructing means, Unique information writing means for writing the stored software / recording medium unique information to the non-executable information storage means, and the same software / recording medium unique information as the software / recording medium unique information stored in the recording medium is not executable information. When stored in the storage unit, the software stored in the storage medium is And a execution control means for controlling the second software execution means not to accept the line.

According to an eighth aspect of the present invention, there is provided a software protection system for executing software stored in a recording medium only by a pre-designated execution unit. , Software or recording medium specific information is stored, and the executor reads out the encrypted software from the recording medium, secret information storage means for storing secret information different for each executor. , Software decrypting means for decrypting using secret information, software executing means for executing the decrypted software, executing unit specifying means for specifying a change destination of the executing unit for executing the software,
Software encrypting means for encrypting the decrypted software so that it can be decrypted only with the secret information in another executor designated by the executor designating means, the encrypted software stored in the recording medium, Software rewriting means for rewriting software encrypted by the software encryption means, non-executable information storage means for storing information about unexecutable software, and a storage medium when an execution unit change destination is specified by the execution unit designation means. The stored software / recording medium specific information is
If the unique information writing means to be written into the non-executable information storage means and the same software / recording medium unique information as the software / recording medium unique information stored in the recording medium are stored in the non-executable information storage means, Execution control means is provided for controlling the software execution means so as not to accept the execution of the software stored in the medium.

[0018]

In the invention according to the first aspect, the second unique information unique to the execution unit that is to execute the software is stored in the recording medium, and the execution unit executes the software and the second unique information from the recording medium. Is read, and the execution of the software is accepted only when the second unique information is information unique to the own device. This makes it possible to specify in advance an executable device that can execute software. When a change destination of an execution unit that executes software is designated, the second unique information stored in the recording medium is converted into information unique to another designated execution unit. This allows the user to easily change the execution unit that executes the software.
Further, when the change destination of the execution unit is designated, the first unique information stored in the recording medium is written in the non-executable information storage unit, and thereafter, the first unique information stored in the non-executable information storage unit is stored. Even if a recording medium having the same unique information as the original information is attached to the original execution unit, execution of software stored in the recording medium is not accepted. Thus, it is possible to prevent the software copied before the change of the execution unit from being illegally executed by the original execution unit.

According to the second aspect of the present invention, when the change destination of the execution unit that executes the software is designated, each of the accumulated number stored in the recording medium and the reference number stored in the non-executable information storage means is specified. A predetermined value is added. Thereafter, even if a recording medium having the same unique information as the first unique information stored in the execution impossible information storage means is mounted on the original execution unit, only when the cumulative number is larger than the reference number, The execution of the software stored in the recording medium is permitted. Accordingly, when the original execution unit is designated again as the change destination in the execution unit of the change destination, the software can be executed on the original execution unit.

According to the third aspect of the present invention, when a change destination of the execution unit for executing software is designated, a random number is generated by the execution unit, and the random number is additionally written into the non-executable information storage means. The random number stored in the recording medium is rewritten with the random number. Thereafter, even if the recording medium having the same unique information as the first unique information stored in the execution impossible information storage means is attached to the original execution unit, the same random number as the random number stored in the recording medium is used. Is stored in the non-executable information storage means, the execution of the software stored in the recording medium is permitted. As a result, when the original executor is designated again as the change destination in the change executor,
The execution of the software on the original executor becomes possible.

In the invention according to claim 4, the encrypted soft key is stored in a recording medium, and the execution unit executes
The software key is decrypted using unique secret information, and the software read from the recording medium is decrypted and executed using the decrypted software key.
This makes it possible to specify in advance an executable device that can execute software. When a change destination of an execution unit that executes software is specified, the decrypted software key is encrypted so that it can be decrypted only by another specified execution unit, and the encrypted software key stored in the recording medium is encrypted. Soft key
At this time, it is rewritten to an encrypted soft key. This allows the user to easily change the execution unit that executes the software. Further, when the change destination of the execution unit is specified, the software unique information stored in the recording medium is written in the non-executable information storage unit, and then the software unique information stored in the non-executable information storage unit is written. Even if a recording medium having the same software-specific information is attached to the original execution unit, execution of software stored in the recording medium is not accepted. Thus, it is possible to prevent the software copied before the change of the execution unit from being illegally executed by the original execution unit.

In the invention according to claim 5, digital signature information created for at least one of the encrypted software, software-specific information, the encrypted software key, and the cumulative number is recorded. The execution unit checks whether the digital signature information stored on the recording medium is valid. If the digital signature information is not valid, the execution unit does not accept execution of the software stored on the recording medium. I have to. by this,
The validity of the information stored in the recording medium can be more accurately confirmed, and an unauthorized duplicated product can be prevented.

In the invention according to claim 6, the cumulative number updated each time the recording medium is copied is stored in the execution unit, and the number of times of copying stored in the recording medium is larger than the cumulative number. Only in such a case, copying of the recording medium is permitted. As a result, the number of copies of the recording medium can be limited to a predetermined number.

[0024] In the invention according to claim 7, the lender's executor decrypts the software using the first soft key stored in the recording medium. Therefore, the borrower-side execution device does not need to rewrite the second soft key in the recording medium when returning the recording medium to the lender.

In the invention according to claim 8, the software itself stored in the recording medium is encrypted so that it can be decrypted only by the designated executor. Therefore,
The executor decrypts and executes the software using the unique secret information.

[0026]

【Example】

(1) First Embodiment FIG. 1 is a block diagram showing a configuration of a software protection system according to a first embodiment of the present invention. In FIG. 1, solid arrows indicate data movement, and broken arrows indicate control information movement. In the following description, software means, for example, an application program.

In FIG. 1, the disk 1 includes an encrypted software recording unit 11 and an information recording unit 12. The encryption software recording unit 11 stores the encryption software E
(KA, softA) are stored. Information recording unit 1
2 is a software identifier including software-specific information IDA indicating the type of software and an accumulated number CNT [A] indicating the number of changes of the designated executor capable of executing the software, and a designated executor that can be decrypted only by the designated executor. A soft key E (X, KA) and signature information indicating the validity of each piece of information are recorded.

The player 2 executes the software by confirming the software identifier in the disk 1, the software key E (X, KA) for the designated executor, and the contents of the signature information, and further executes the procedure for changing the designated executor. have. The player 2 includes a connection unit 201, a software ID search unit 202, a storage unit 203, a signature information confirmation unit 204, an execution control unit 205, a reference number / cumulative number comparison unit 206, a soft key encryption / Decryption unit 207, secret information storage unit 208, encrypted software decryption unit 20
9, software execution unit 210, execution unit designation unit 21
1, a non-executable software information update unit 212, and a signature information creation unit 213.

The connection unit 201 connects the disc 1 to the player 2
It has a function of reading various information from the disk 1 and writing predetermined information to the disk 1. The software ID search unit 202 has a function of searching whether or not the input software unique information IDA is stored in the storage unit 203 as unexecutable software. The storage unit 203 stores the software unique information IDA ′ of the unexecutable software and the reference number N that is the same value as the accumulated number CNT [A] recorded in the information recording unit 12 when the software is set to the unexecutable state.
UM [A] is stored as a software identifier in pairs.

The signature information confirmation unit 204 confirms whether the signature information recorded in the information recording unit 12 is valid for the software recorded as unexecutable software in the storage unit 203, and Is valid, the reference number NUM is added to the reference number / cumulative number comparison unit 206.
It has a function of instructing to compare [A] with the cumulative number CNT [A], and inputting information on execution permission of the software to the execution control unit 205 when the signature information is invalid. The execution control unit 205 includes information input from the signature information confirmation unit 204 (information indicating whether the signature information recorded in the information recording unit 12 is valid) and the reference number / cumulative number comparison unit 2
06 (information on permission / non-permission of execution of the software) inputted from the
It has a function of controlling whether to decode (KA, softA). Reference number / cumulative number comparison unit 206
Is the reference number NUM [A] of the software stored in the storage unit 203 and the information recording unit 12 for the disk 1 whose signature information is confirmed to be valid by the signature information confirmation unit 204.
Has a function of comparing the magnitude relationship with the cumulative number CNT [A] recorded in the execution control unit 205 and inputting information on permission / non-permission of software execution to the execution control unit 205 based on the result.

The soft key encryption / decryption unit 207 receives the designated executor soft key E recorded in the information recording unit 12.
(X, KA) is decrypted with the secret information SX unique to the player 2 stored in the secret information storage unit 208, and when there is a change in the designated executor, the designated executor software for the change destination It has the function of encrypting a key. The secret information storage unit 208 records secret information SX unique to the player 2. The encryption software decryption unit 209 receives the encryption software E (KA, softA) recorded in the encryption software recording unit 11 and decrypts it with the soft key encryption / decryption unit 207 using a soft key.
It has a function of decrypting the encryption software E (KA, softA). The software execution unit 210 has a function of executing the software softA decrypted by the encrypted software decryption unit 209.

The executor designation unit 211 controls the soft key encryption / decryption unit 207 to change the designated destination executor soft key in accordance with the inputted change destination information. The connection unit 201 is instructed to rewrite the accumulated number CNT [A], and the change of the information stored in the storage unit 203 is instructed to the non-executable software information update unit 212 accordingly, and the signature for the new software identifier is signed. It has a function of instructing the signature information creation unit 213 to create information. The non-executable software information update unit 212 changes the information stored in the storage unit 203 along with rewriting the cumulative number recorded in the information recording unit 12 when the designated executor is changed. Has a function. The signature information creation unit 213 has a function of creating signature information for a new software identifier changed by the unexecutable software information update unit 212.

In the player 2 of FIG. 1, the software ID search unit 202, the storage unit 203, the signature information confirmation unit 204, the execution control unit 205, the reference number / cumulative number comparison unit 206, and the soft key encryption / decryption Unit 207, secret information storage unit 208, encrypted software decryption unit 209, software execution unit 210, executor designation unit 211, unexecutable software information update unit 212, and signature information creation unit 21
Numerals 3 are arranged in areas which cannot be changed, analyzed and copied.

In brief, in the software protection system according to the first embodiment, the software softA itself is encrypted with a key soft key KA common to all disks of the software, and the soft key KA is the designated execution unit. By encrypting so that only the player 2 can decrypt it, it is possible to execute it only by the designated executor.

FIG. 2 is a flowchart showing a processing procedure of a software execution operation in the software protection system of the first embodiment. Further, FIG.
It is a flow chart which shows a processing procedure of a change procedure of a designated executor in a software protection system of an example. Hereinafter, with reference to FIG. 2 and FIG.
The operation of this embodiment will be described.

In the following, the encryption software E (K, K) having the soft key E (X, KA) encrypted for the player 2 (hereinafter, referred to as a player X) in FIG.
A, softA) is decrypted and executed, and thereafter, another player not shown (hereinafter, referred to as player Y)
In the case where the designated player change procedure is performed for the game, will be described. In the following description, the soft key E
(X, KA) indicates that the soft key KA is encrypted in a format that can be decrypted only with the secret information SX unique to the player X. In addition, software E (KA, soft
A) shows the software softA encrypted with the soft key KA, which is decrypted with the soft key KA.

(A) Decryption / Execution Operation of Encrypted Software First, referring to FIG.
The execution operation will be described. First, connect the disk 1 to the connection unit 201.
Is connected (step S101). Next, the software unique information IDA of the software identifier recorded in the information recording unit 12 is input to the software ID search unit 202 through the connection unit 201. The software ID search unit 202 determines the input software unique information I
Unexecutable software unique information IDA 'that matches DA
Is searched for in the storage unit 203 (step S102).

As a result of the search in step S 102, unexecutable software unique information IDA ′ that matches input software unique information IDA is stored in storage unit 203.
Is stored in the software ID search unit 202
Reads the signature information and the software identifier from the information recording unit 12 via the connection unit 201, and inputs them to the signature information confirmation unit 204. The signature information confirming unit 204 determines whether the contents of the software identifier recorded in the information recording unit 12 are valid or not, by checking the executor identifier of the digital signature creator of the signature information (not shown in FIG.
(Stored in the file) is confirmed using the public key of the digital signature creator easily derived from the public key (step S103). If it is determined in step S103 that the software identifier is not valid, the signature information confirmation unit 20
4 instructs the execution control unit 205 to prohibit execution of the software (step S104). Therefore, the execution control unit 205 does not execute software.

On the other hand, if it is determined in step S103 that the content of the software identifier is valid, the signature information confirmation unit 204 sends the reference number / cumulative number comparison unit 206 to the storage unit 203. Executable software unique information IDA 'as software identifier
Is instructed to compare the reference number NUM [A] stored in the pair with the cumulative number CNT [A] of software identifiers recorded in the information recording unit 12. Accordingly, the reference number / cumulative number comparison unit 206 stores the non-executable software unique information ID from the storage unit 203 as the software identifier.
The reference number NUM [A] recorded as a pair with A 'is read. Also, via the connection unit 201, the cumulative number CNT [A] of software identifiers recorded in the information recording unit 12
Is read. Next, the reference number / cumulative number comparison unit 206 compares the input reference number NUM [A] with the cumulative number CNT [A] (step S105).

If the software stored on the disc 1 is legitimate software, the inequality NUM [A] <CNT [A] is satisfied by a designated player change procedure described later, and the reference number / cumulative number comparison unit 206 The software execution permission information is input to the execution control unit 205 (step S106). On the other hand, the inequality NUM [A] <CNT
If [A] does not hold, the disk 1 is a disk that has already been invalidated by the designated executor change procedure, and therefore, the execution control unit 205 is input with information indicating that the execution of the software softA is not permitted (step S104). Therefore, in this case, the execution control unit 205 does not execute the software softA.

When the execution permission of the software is issued from the reference number / cumulative number comparison unit 206, the execution control unit 205 sends the designated execution unit soft key E (X, KA) from the information recording unit 12 via the connection unit 201. Is read and input to the soft key encryption / decryption unit 207. Further, the execution control unit 205
The secret information SX unique to the player X is read from the secret information storage unit 208 and input to the soft key encryption / decryption unit 207. Accordingly, the soft key encryption / decryption unit 207
Sends the designated executor soft key E (X, KA) to the player X
Decrypted with the secret information SX unique to the key (step S107). At this time, if the designated player soft key E (X, KA) is not for the player X, the software key KA cannot be decrypted and the software cannot be executed.

Next, the soft key encryption / decryption unit 207
Inputs the decrypted soft key KA to the encrypted software decryption unit 209. Further, the execution control unit 205
Via the connection unit 201, the encryption software E (KA, soft) is transmitted from the encryption software recording unit 8 of the disk.
A) is read out and input to the encryption software decryption unit 209. Accordingly, the encryption software decryption unit 209
Using the soft key KA input from the soft key encryption / decryption unit 207, the software softA is decrypted (step S108). Next, the encrypted software decryption unit 209 outputs the decrypted software softA.
Is input to the software execution unit 210. Therefore, the software execution unit 210 executes the decrypted software (Step S109).

On the other hand, as a result of the search in step S102, if the unexecutable software unique information IDA ′ that matches the input software unique information IDA is not stored in the storage unit 203, the software ID search unit 202 executes The software execution permission information is input to the control unit 205 (step S106). Hereinafter, step S1
The processing in steps S107 to S109 is the same as the processing in steps S107 to S109.
The operation is exactly the same as 109.

(B) Procedure for Changing Designated Executor Next, a procedure for changing the designated executor will be described with reference to FIG. In the following description, a designated executor change procedure for making software stored on the disc 1 that can be currently executed only by the player X unexecutable by the player X and executable by another player Y different from the player X will be described. State.

First, information (executor identifier) indicating that the change destination is the player Y is input from the input device (not shown) such as a keyboard and a mouse to the executer specifying section 211 (step S201). Then, the executor designation unit 211 reads out the designated executor soft key E (X, KA) from the information recording unit 12 via the connection unit 201, and executes the soft key encryption /
The data is input to the decoding unit 207. Also, the execution unit designation unit 211
Reads the secret information SX unique to the player X from the secret information storage unit 208, and reads out the soft key encryption / decryption unit 207.
To enter. The soft key encryption / decryption unit 207 uses the secret information SX unique to the player X input from the secret information storage unit 208 and uses the designated execution device soft key E (X, K
A) is decrypted into a soft key KA. Thereafter, a public key for the player Y is generated from the execution unit identifier of the change destination player Y given from the execution unit designating unit 211, and the soft key KA is generated using the generated public key. To obtain a soft key E (Y, KA) for the player Y (step S202). Further, the executor designation unit 211 deletes the soft key E (X, KA) for the player X previously recorded in the information recording unit 12 via the connection unit 201. Further, the execution unit designation unit 2
Reference numeral 11 records the soft key E (Y, KA) for the player Y in the information recording unit 12 via the connection unit 201 as the soft key for the designated executor. This soft key E for player Y
(Y, KA) can be decrypted only by the secret information SY unique to the player Y (stored in the secret information section 208 of the player Y). Therefore, the disc 1 can be executed only by the player Y thereafter.

Next, the execution unit designating unit 211
The record is updated so that the value of the cumulative number CNT [A] of the software identifier recorded in the information recording unit 12 increases by 1 through 1 (step S203). Next, the executor designation unit 211 determines the updated new cumulative number CNT.
Change the value of [A] to the new software identifier reference number NUM
Unexecutable software unique information ID as the value of [A]
A is written into the storage unit 203 via the unexecutable software information update unit 212 as a software identifier in combination with A ′ (step S204). At this time, the executor designation unit 211 deletes the old reference number value from the storage unit 203 at the same time. As a result, the software stored on the disc 1 cannot be executed by the player X thereafter.

Next, the execution unit designating unit 211
1, the software unique information IDA, which is a software identifier, from the information recording unit 12 and the cumulative number CNT [A].
And the secret information SX unique to the player X is read from the secret information storage unit 208, and is input to the signature information creation unit 213, respectively. The signature information creation unit 213 creates signature information that can be created only by the player X using the secret information SX unique to the player X for the software unique information IDA and the cumulative number CNT [A] that are the input software identifier. The created signature information is used as new signature information via the connection unit 201 as the information recording unit 12.
(Step S205). At this time, the signature information creation unit 213 deletes old signature information at the same time.

Even if the disc for player X is copied before the designated player change procedure, after the designated player change procedure, the reference number NUM in the storage unit 203 is changed.
Since [A] is larger than the cumulative number of the copied discs, the reference number NUM [A] in the player and the cumulative number CNT in the disc in step S105 of FIG.
As a result of the comparison operation with [A], it is determined that execution is not possible, and the player X
This can prevent the copy disk from being executed undesirably.

As described above, according to the first embodiment, in a software protection system in which a soft key cannot be decrypted by anyone other than the designated executor, the designated executor can be changed and illegal copying can be prevented. In addition, an environment in which software can be executed by an arbitrary execution device can be realized.

In the first embodiment, the software main body is encrypted with a common software key KA for all disks of the software, and the software key KA is encrypted so that it can be decrypted only by a designated execution unit. Although the present invention is configured as a system, the present invention may be configured so as to encrypt software itself so that it can be decrypted only by a designated executable executor. In this case as well, the same effect as in the first embodiment is obtained. Is obtained.

In the first embodiment, the software key is used to prevent the software from being executed by a device other than the designated executor. However, the ID information of the designated executor is stored in the disk, and the execution device is executed. Before executing the software, the ID information of the disk corresponding to its own device
It may be configured to check whether the information is D information and execute the software only in the case of ID information corresponding to the own device.

In the first embodiment, the disk 1
Was used as the information indicating the invalid disk, the cumulative number having the ordered number and the reference number were used.
A random number may be generated in place of the cumulative number and the reference number, and the random number may be recorded as a software identifier in the information recording unit 12 and the storage unit 203 in combination with the software unique information. In this case, the storage unit 203
Is recorded without erasing all generated random numbers, and the old random number is rewritten to the new random number in the information recording unit 12 every time a new random number is generated. Then, the software identifier on the disk 1 is compared with all software identifiers stored in the storage unit 203, and execution of the software is permitted only when there is no match.

In the first embodiment, the disk 1
To ensure the validity of the software identifier above, a digital signature was generated for this, but the digital signature was applied to all or part of the contents of the software identifier, software key for the designated executor, and encryption software. It may be. As a result, the validity of the contents of the encrypted software recorded in the encrypted software recording unit 11 and the executor identifier can also be ensured.

In the first embodiment, the disk 1
Although a digital signature is used to indicate the validity of the above data, a software identifier or the like may be encrypted in a form that cannot be decrypted by a device other than the designated executor. The effect is obtained.

Further, in the first embodiment, as the information for identifying the software of the software identifier, the software-specific information IDA that differs for each software type and is common for each disk is used. An identifier unique to the disc may be used. by this,
After the procedure for changing the designated executor of the disk 1, it is possible to cope with a case where another disk storing software of the same type as the previous disk is to be executed.

In the first embodiment, an off-line software distribution mode is assumed. However, even if the present invention is applied to an on-line software distribution mode, the same effects as in the first embodiment can be obtained. can get.

(2) Second Embodiment The second embodiment of the present invention is configured as a rental software system using the software protection system described in the first embodiment. FIG. 4 is a flowchart showing a processing procedure in the rental software system according to the second embodiment. Hereinafter, the details of the second embodiment will be described with reference to FIG. 4 while using the configuration described in the first embodiment.

In this rental software system, a disk exclusively for rental is introduced. In the first embodiment, only the encrypted designated execution unit soft key is recorded in the information recording unit 12 (see FIG. 1) of the disk 1 as information on the soft key. On the other hand, in the rental-only disc in the second embodiment, not only the designated executor soft key but also the rental shop soft key are always recorded in the information recording unit 12 in the disc. Information recording unit 12
Are the same as the information recorded in the information recording unit 12 in the first embodiment.

A procedure for renting the rental exclusive disk to the member Y (considered to be the same as the player Y) at the rental shop X will be described. In the rental shop X, the change procedure is performed by the player of the rental shop with the member Y as the change destination, as described in the first embodiment. At this time, this disk 1
Is encrypted in a format that can be executed only by the player Y of the member Y (step S3).
01). The member Y inserts the disc 1 into his / her player Y and executes the software (step S302). Hereinafter, the procedure for executing the software in the disk 1 is as described in the first embodiment.

Next, the case where the member Y returns the disk to the rental shop X will be described. The member Y may simply perform a return procedure instead of designating a rental store as a transfer destination in the designated executor change procedure described in the first embodiment. The reason is that the information recording unit 12 of the disc 1 always records the rental shop soft key, so that the rental shop X can execute the disc 1 using the rental shop soft key. It is. At this time, the executor designating unit 211 in the player of the member Y deletes the soft key for the player Y in the information recording unit 12, increases the cumulative number by 1, and updates the reference number in the storage unit 203 (step S303). By this process, even if you copy the rental disk and try to execute it after the return procedure,
The copy disk cannot be executed by step S105 in FIG. In other words, on a rental-only disc,
Although the soft key for member Y can be deleted, the procedure for changing the designated executor is possible only at the rental shop.

As described above, according to the second embodiment, when returning rental software encrypted for a rental destination to a rental store, the member side changes the designated execution device with the rental store as the designated execution device. No need to take any steps,
Eliminates hassle. In addition, since the rental exclusive disk can be executed only by the designated executor, the rental of the rental software can be prevented. Further, updating the cumulative number and the reference number can also prevent members from making unauthorized copies.
Also, since only the rental shop can change the designated executor of the rental exclusive disk, it is not possible to lend and borrow between members.

(3) Third Embodiment FIG. 5 is a block diagram showing a configuration of a third embodiment of the present invention. In FIG. 5, in the third embodiment, a master disk 10 that can be copied a specified number of times is used. The master disk 10 has the number of copies permitted number No. in addition to the information recorded on the disk 1 of FIG.
[Copy], the cumulative number SUM [disk], and the master disk identifier are recorded in the information recording unit 12.
Other recording information on the master disk 10 is the same as the recording information on the disk 1 in FIG.

The player 2 has a copy control unit 214 and a buffer memory 215 in addition to the configuration of the player 2 described in the first embodiment. FIG. 6 is a flowchart showing a processing procedure in the software protection system according to the third embodiment. The operation of the third embodiment will be described below with reference to FIG.

First, a case where a copy disk is created from the master disk 10 will be described. It is assumed that the master disk 10 can be executed only by the player X. When the master disk 10 is connected to the connection unit 201 (step S401), the copy control unit 214 reads a master disk identifier from the information recording unit 12, and
It identifies that the connected disk is the master disk 10 (step S402). Next, the copy control unit 214 sends the cumulative count SUM [dis
k] is read, and it is determined whether or not copying from the master disk 10 is first (step S403). If a copy disk has never been created from the master disk 10 (that is, if the cumulative number SUM [disk] is 0), the copy control unit 214 transmits the unexecutable software information update unit 212 via the connection unit 201. Then, the number of possible copies No [copy] and the cumulative number SUM [disk] are read from the information recording unit 12 and stored in the storage unit 203 as No [copy, X] and SUM [X], respectively (step S404). Further, the copy control unit 214 reads the master disk identifier from the information recording unit 12 via the connection unit 201, and pairs the number of copies permitted No [copy, X] and the cumulative number SUM [X] with the storage unit. 203.

On the other hand, when a copy disk has been created at least once from the master disk 10, the copy control unit 214 determines the number of copies No. [copy, X] and the cumulative number SUM stored in the storage unit 203.
[X], the permitted number of copies No [copy] recorded in the information recording unit 12, and the cumulative number SUM [disk]
And it is determined whether or not both are equal (step S405). If it is determined in step S405 that the two do not match, the copy control unit 214 determines that copying from the master disk 10 is not permitted (step S406). Therefore, in this case, the master disk 10 is not copied. On the other hand, step S40
5, if the two are matched, the copy control unit 214 determines whether the number of copies permitted number No [copy] recorded in the information recording unit 12 and the cumulative number SUM [X] stored in the storage unit 203 are larger or smaller. Compare the relationships and find the inequality No [co
py]> SUM [X] is permitted only when master disk 10 is copied (step S40).
7).

Next, the operation in the case where the copy permission of the master disk 10 is issued and the contents of the master disk are copied to another disk will be described. When the number n of times of continuous copying at one time is input to the copy control unit 214 from an external input device (not shown), the copy control unit 214 The cumulative count SUM [disk] recorded in the unit 12 is updated so as to be increased by the designated copy number n, and similarly, the cumulative count SUM [X] in the storage unit 203 is updated (step S).
408). However, n is selected as a value such that the cumulative number to be updated does not become equal to or larger than the number of copies permitted No [copy]. Next, the copy control unit 214
Reads the encryption software and the software key for the designated executor from the master disk 10 via the connection unit 201, and stores them in the buffer memory 214 (step S4).
09).

The copy disk has the same recording format as the disk described in the first embodiment, and includes an information recording unit 12 and an encrypted software recording unit 8. When the copy disk is replaced with the master disk 10 and connected to the connection unit 201 (step S410), information on the designated executor is input from an external input device (not shown) to the executor designation unit 211 (step S411). ). The execution unit designation information is input to the copy control unit 211. Depending on,
The copy control unit 214 reads the encryption software from the buffer memory 215, and writes the encryption software into the encryption software recording unit 11 of the copy disk via the connection unit 201 (Step S412). Also, the copy control unit 214
Records the software unique information and the cumulative number as a software identifier in the information recording unit 12 of the copy disk (step S412). At this time, the cumulative number is recorded as 0. Further, the copy control unit 214 causes the soft key encryption / decryption unit 207 and the certification information creation unit 213 to create the designated executor soft key and signature information, respectively, and records the information on the copy disk via the connection unit 201. The recording is performed by the unit 12 (step S412). Thus, one new copy disc has been created. After that, the copy control unit 214 generates a copy disk for the copy number n specified in advance. When n copy disks are generated, the copy control unit 214
The encryption software stored in the buffer memory 215 is deleted (step S413).

As described above, according to the third embodiment, it is possible to generate a copy disk that can be executed only by a newly specified specific execution unit a predetermined number of times.

[0069]

According to the first aspect of the present invention, the second specific information unique to the execution unit that is to execute the software is stored in the recording medium, and the execution unit executes the software and the second processing from the recording medium. The unique information is read out, and the execution of the software is accepted only when the second unique information is information unique to the own device, so that the software is prevented from being executed by a device other than the designated execution device. can do. When the change destination of the execution unit is designated, the second unique information stored in the recording medium is converted into information unique to the designated other execution unit, so that the software can be executed. The user can easily change the execution unit. Further, when the change destination of the execution unit is designated, the first unique information stored in the recording medium is written in the non-executable information storage unit, and thereafter, the first unique information stored in the non-executable information storage unit is stored. Even if a recording medium having the same unique information as that of the original medium is attached to the original execution unit, execution of software stored in the recording medium is not accepted. It is possible to prevent the copied software from being illegally executed on the original executor.

According to the second aspect of the present invention, when the change destination of the execution unit is designated, a predetermined value is added to each of the cumulative number stored in the recording medium and the reference number stored in the non-executable information storage means. After that, even if a recording medium having the same unique information as the first unique information stored in the execution impossible information storage means is attached to the original execution unit, the accumulated number is larger than the reference number. In such a case, the execution of the software stored in the recording medium is permitted. Therefore, even when the original executor is designated again as the change destination in the change-destination executor, the software can be executed on the original executor.

According to the third aspect of the invention, when the change destination of the execution unit is designated, a random number is generated by the execution unit, and this random number is additionally written in the execution impossible information storage means and stored in the recording medium. Rewrite the random number with the random number,
Even if a recording medium having the same unique information as the first unique information stored in the non-executable information storage means is attached to the original execution unit, the same random number as the random number stored in the recording medium is executed. When the information is not stored in the unacceptable information storage means, execution of the software stored in the recording medium is permitted. Therefore, even when the original executor is designated again as the change destination in the change-destination executor, the software can be executed on the original executor.

According to the fourth aspect of the present invention, the encrypted soft key is stored in the recording medium, and the executor decrypts the soft key using the unique secret information, and further decrypts the soft key. Since the software read from the recording medium is decrypted and executed using the soft key, it is possible to prevent the software from being executed by a device other than the designated executor. When the change destination of the executor is designated, the decrypted soft key is encrypted so that it can be decrypted only by another designated executor, and the encrypted soft key stored in the recording medium is encrypted. Is rewritten to an encrypted software key at this time, so that the user can easily change the execution unit that executes the software. Further, when the change destination of the execution unit is specified, the software unique information stored in the recording medium is written in the non-executable information storage unit, and then the software unique information stored in the non-executable information storage unit is written. Even if a recording medium having the same software-specific information is attached to the original execution unit, execution of the software stored in the recording medium is not accepted. It is possible to prevent software from being illegally executed on the original executor.

According to the fifth aspect of the present invention, digital signature information created for at least one of the encrypted software, software-specific information, the encrypted software key, and the cumulative number is recorded. The execution unit checks whether the digital signature information stored on the recording medium is valid. If the digital signature information is not valid, the execution unit does not accept execution of the software stored on the recording medium. Therefore, the validity of the information stored in the recording medium can be confirmed more accurately, and an unauthorized duplicated product can be prevented.

According to the sixth aspect of the present invention, the cumulative number updated each time the recording medium is copied is stored in the execution unit, and the permitted number of copies stored in the recording medium is larger than the cumulative number. Only in such a case, the copying of the recording medium is permitted, so that the number of copying of the recording medium can be limited to a predetermined number.

According to the seventh aspect of the present invention, the executor of the lender decrypts the software using the first soft key stored in the recording medium. When returning to the lender, there is no need to rewrite the second soft key in the recording medium.

According to the invention of claim 8, since the software itself stored in the recording medium is encrypted so that it can be decrypted only by the designated executor, the software is executed by a device other than the designated executor. Can be prevented.
When the change destination of the execution unit is specified, the decrypted software is encrypted so that it can be decrypted only by another specified execution unit, and the software stored in the recording medium is encrypted at this time. Because the software is rewritten, the user can easily change the execution unit that executes the software. Further, when the change destination of the execution unit is specified, the software unique information stored in the recording medium is written in the non-executable information storage unit, and then the software unique information stored in the non-executable information storage unit is written. Even if a recording medium having the same software-specific information is attached to the original execution unit, execution of the software stored in the recording medium is not accepted. It is possible to prevent software from being illegally executed on the original executor.

[Brief description of the drawings]

FIG. 1 is a block diagram illustrating a configuration of a software protection system according to a first embodiment of the present invention.

FIG. 2 is a flowchart showing a processing procedure of a software execution operation in the software protection system according to the first embodiment of the present invention.

FIG. 3 is a flowchart showing a processing procedure of a procedure for changing a designated executor in the software protection system according to the first embodiment of the present invention;

FIG. 4 is a flowchart showing a processing procedure in a rental software system according to a second embodiment of the present invention.

FIG. 5 is a block diagram showing a configuration of a third exemplary embodiment of the present invention.

FIG. 6 is a flowchart illustrating a processing procedure in a software protection system according to a third embodiment of the present invention.

FIG. 7 is a block diagram showing a configuration of a conventional software protection system.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 ... Disk 11 ... Encryption software recording part 12 ... Information recording part 2 ... Player 201 ... Connection part 202 ... Software ID search part 203 ... Storage part 204 ... Signature information confirmation part 205 ... Execution control part 206 ... Reference number / cumulative number Comparison unit 207: Soft key encryption / decryption unit 208 ... Secret information storage unit 209 ... Encrypted software decryption unit 210 ... Software execution unit 211 ... Executor designation unit 212 ... Unexecutable software information update unit 213 ... Signature information creation unit 214: copy control unit

Continuation of the front page (72) Inventor Mitsuko Miyaji 1006 Kazuma Kadoma, Kadoma-shi, Osaka Matsushita Electric Industrial Co., Ltd. (56) References JP-A-6-51975 (JP, A) JP-A-63-300322 (JP) , A) (58) Field surveyed (Int. Cl. ⁷ , DB name) G06F 1/00, 9/06

Claims (8)

(57) [Claims] 1. The software stored in a recording medium,
A software protection system to be executed only by a pre-designated executor, wherein the recording medium has software, first unique information unique to the software or the recording medium, and the software should be executed. Second specific to the executor
The execution unit reads out the software and the second unique information from the recording medium, and only when the second unique information is information unique to its own device, Checking means for receiving the execution of the software; executing unit specifying means for specifying a change destination of the executing unit for executing the software; and second specifying the second unique information stored in the recording medium by the executing unit specifying means. A conversion unit for converting the information into executable information specific to the execution unit; an unexecutable information storage unit for storing information about unexecutable software; and storing the information in the recording medium when a change destination of the execution unit is designated by the execution unit designation unit. The obtained first unique information,
In the case where the unique information that is the same as the first unique information stored in the recording medium and the same unique information as the first unique information stored in the recording medium is stored in the unexecutable information storage means, A software protection system comprising first execution control means for controlling the check means so as not to accept execution of stored software. 2. The storage medium further stores a cumulative number in pair with the first unique information, and the non-executable information storage unit further stores the cumulative number in pair with the first unique information. The initial number of the cumulative number and the reference number are selected to be the same value, and the execution unit is designated by the execution unit designation unit as a change destination of the execution unit. And an adding unit for adding a predetermined value to each of the cumulative number and the reference number, wherein the first execution control unit includes the same unique information as the first unique information stored in the recording medium. Is not stored in the non-executable information storage means, or the same unique information as the first unique information stored in the recording medium is stored in the non-executable information storage means, but the cumulative number is Greater than the reference number In this case, the execution permission of the software stored in the recording medium is given to the checking unit, and the same unique information as the first unique information stored in the recording medium is stored in the non-executable information storage unit. And when the accumulated number is equal to or smaller than the reference number, the check means is given a permission to execute the software stored in the recording medium. Software protection system as described in. 3. The recording medium further stores a random number paired with the first unique information, and the non-executable information storage unit further stores a random number paired with the first unique information. The execution unit further includes a random number generation unit that generates a random number when a change destination of the execution unit is specified by the execution unit designating unit, and a random number is generated by the random number generation unit. A random number writing unit that writes the random number in addition to the non-executable information storage unit, and a random number rewriting unit that rewrites the random number stored in the recording medium each time a random number is generated by the random number generation unit. The first execution control unit may be configured to store the same unique information as the first unique information stored in the recording medium in the non-executable information storage unit, or The same unique information as the first unique information stored in the body is stored in the non-executable information storage means, but the same random number as the random number stored in the recording medium is stored in the non-executable information storage means. If not stored, the execution permission of the software stored in the recording medium is given to the checking unit, and the same unique information as the first unique information stored in the recording medium is stored in the non-executable information storage. If the same random number stored in the storage medium and the same random number as the random number stored in the recording medium is stored in the non-executable information storage unit, the execution of the software stored in the recording medium is prohibited. Being given to the checking means,
The software protection system according to claim 1. 4. The software stored in the recording medium is encrypted, the second unique information stored in the recording medium is an encrypted software key, and the check unit executes Secret information storage means for storing secret information different for each device; soft key decryption means for reading out the soft key from the recording medium and decrypting using the secret information; Software decrypting means for reading out the software and decrypting using the decrypted software key; and software executing means for executing the decrypted software, wherein the converting means comprises the decrypted software Soft key encryption means for encrypting a key so that it can be decrypted only with secret information in another execution unit designated by the execution unit designation means; And a soft key rewriting means for rewriting an encrypted soft key stored in a medium to a soft key encrypted by the soft key encryption means.
4. The software protection system according to any one of 3. 5. The recording medium according to claim 1, further comprising at least one of the encrypted software, the first unique information, the encrypted software key, and the cumulative number. The executed digital signature information is further stored, and the executor further confirms whether the digital signature information stored in the recording medium is valid. Second execution control means for controlling the check means so as not to accept execution of software, when a change destination of an execution unit is designated by the execution unit designation means, the digital signature information is converted using the secret information. Digital signature information creating means for creating, and digital signature information stored in the recording medium, creating the digital signature information by the digital signature information creating means. Comprising a signature information rewriting means for rewriting the digital signature information,
The software protection system according to claim 4. 6. The recording medium further stores a permitted number of copies, wherein the executor further stores a cumulative number indicating the number of times the recording medium has been copied; Copy control means for executing the copy of the recording medium only when the number of permitted copies stored in the storage medium is greater than the cumulative number stored in the cumulative number storage means, and the copy control means executes the copy of the recording medium The software protection system according to any one of claims 1 to 5, further comprising a cumulative number updating unit that updates the cumulative number stored in the cumulative number storage unit each time the processing is performed. 7. A software protection system for renting a recording medium in which software is stored, such that an executor of the lender performs a change procedure to specify an executor of the borrower that can execute the software. Wherein the recording medium includes: encrypted software; software / recording medium specific information unique to the software or the recording medium; and an encrypted first unique to the lender's executor. A soft key and an encrypted second soft key unique to the borrower-side executor are stored, and the lender-side executor has a first secret unique to the lender-side executor. First secret information storage means for storing information; a first soft key decryption means for reading the first soft key from the recording medium and decrypting the first soft key using the first secret information; A first software decryption unit that reads the encrypted software from the recording medium and decrypts the decrypted software using the decrypted first software key; and a first software that executes the decrypted software. Software executing means, executing unit designating means for designating the borrower-side executor that executes the software, and decrypting the first soft key with the borrower-side executing unit designated by the executor specifying means Only decryptable second
Soft key encrypting means for encrypting the second soft key stored in the recording medium, and a second soft key encrypted by the soft key encrypting means.
A soft key rewriting means for rewriting the executor on the borrower side, a second secret information storage means for storing second secret information unique to the executor on the borrower side; A second soft key decryption means for reading a second soft key and decrypting the second soft key using the second secret information; reading the encrypted software from the recording medium; Second software decrypting means for decrypting using a soft key, second software executing means for executing the decrypted software, return procedure instructing means for instructing a return procedure of the recording medium, unexecutable software Non-executable information storage means for storing information about the return procedure stored in the recording medium when a return procedure is instructed by the return procedure instructing means Unique information writing means for writing software / recording medium unique information into the non-executable information storage means; and software / recording medium unique information identical to software / recording medium unique information stored in the recording medium. When stored in the storage unit, the storage unit includes an execution control unit that controls the second software execution unit so as not to receive the execution of the software stored in the recording medium.
Software protection system. 8. The software stored in a recording medium,
A software protection system to be executed only by a predetermined execution unit, wherein the recording medium stores encrypted software and software / recording medium specific information unique to the software or the recording medium. Wherein the executor comprises: secret information storage means for storing secret information different for each of the executors; software decryption means for reading encrypted software from the recording medium and decrypting using the secret information; Software executing means for executing the decrypted software; executing unit specifying means for specifying a change destination of an executing unit for executing the software; and executing the decrypted software by another executing unit specified by the executing unit specifying means. Software encryption means for encrypting only the secret information in the executor so that it can be decrypted, Software rewriting means for rewriting encrypted software stored in a recording medium to software encrypted by the software encryption means; non-executable information storage means for storing information about unexecutable software; When the change destination of the executor is designated by the software, the unique information writing means for writing the software / recording medium unique information stored in the recording medium into the non-executable information storage means, and the software stored in the recording medium. If the same software / recording medium specific information as the recording medium specific information is stored in the non-executable information storage unit, the software execution unit is controlled so as not to execute the software stored in the recording medium. Software having execution control means for performing Protection system.