JP3570781B2 - Software protection system - Google Patents

Description

[0001]
[Industrial applications]
The present invention relates to a software protection system, and more particularly, to a software protection system that distributes software in an inactive state and acquires an execution right to activate the software using a communication path such as a telephone. About.
[0002]
[Prior art]
In recent years, various multimedia devices have been developed, and many paid multimedia software including games and educational software have been sold. However, the protection of such software is incomplete, and a large number of illegally copied software is now available. In order to prevent such illegal copying, there are laws and regulations such as the Patent Law and the Copyright Law, but at the same time, there is a strong demand for software protection from the mechanism side.
[0003]
For example, there is a method in which a recording medium such as a floppy disk for storing software has a special format so that copying cannot be performed by a copy function provided by an OS (operating system). However, even in such a method, copying can be performed in many cases by using a copy tool of a type that performs copying bit by bit. In addition, for a regular user, there is a problem that a backup cannot be made.
[0004]
In addition, a method of encrypting software and performing copy protection has been proposed. In this method, the software is encrypted and distributed inactive to the user. Then, according to a user's order, an execution right (an encrypted file key in the following conventional example) for activating the software on a specific device is distributed. Since this execution right is information dependent on a specific device, it cannot be used to activate the same software on another device. This method is disclosed, for example, in Japanese Patent Publication No. 2-60007. FIG. 6 shows the configuration. FIG. 6 is a diagram obtained by extracting portions necessary for explanation from FIGS. 1 to 6 of Japanese Patent Publication No. 2-60007 and reassembling them into one diagram.
[0005]
6, the software protection system includes a software execution unit 601 that executes software, and an order management unit 602 that distributes software to the software execution unit 601.
[0006]
The software execution unit 601 includes an encryption software storage unit 603, an order creation unit 604, an execution unit ID storage unit 605, an encryption key storage unit 606 that stores a unique execution unit encryption key corresponding to the execution unit ID, An encrypted file key storage unit 607 for storing the encrypted file key received from the order manager 602, an encrypted file key decryption unit 608 for decrypting the encrypted file key with the executable device encryption key to obtain a file key, A software decryption execution unit 609 for decrypting and executing the encrypted software using the file key. The software execution unit 601 having such a configuration transmits the order in the order creation unit 604 and the execution unit ID to the order management unit 602, and requests an encrypted file key for executing the encryption software.
[0007]
The order management unit 602 includes a file key storage unit 610 storing file keys of all software, an execution unit encryption key storage unit 611 storing execution unit encryption keys of all software execution units, and a file key. And an encrypted file key generation unit 612 that generates an encrypted file key by encrypting the encrypted file key with a specified executor encryption key. The order manager 602 having such a configuration retrieves the file key of the specified software from the software executor 601 from the file key storage unit 610, and extracts the encryption key corresponding to the execution unit ID from the execution unit encryption key storage unit 611. Take out.
[0008]
Next, the operation of the conventional software protection system shown in FIG. 6 will be described. The encryption software is obtained by encrypting the original software with a file key unique to the software. A plurality of the encrypted software are collectively stored in a recording medium such as a CD-ROM in advance, and distributed to the software execution unit 601. The distributed encryption software is stored in the encryption software storage unit 603. The encryption software is inactive software that cannot be executed by itself. If execution is desired, the order creation unit 604 specifies the ID of the software of the order, and notifies the order management unit 602 of the ID stored in the execution unit ID storage unit 605 to place the order. This order is practically made using a telephone or the like.
[0009]
In the order manager 602, the file key storage unit 610 stores the file keys of all software using the software ID as an index. The executor encryption key storage unit 611 stores and manages all executor encryption keys using the executor ID as an index. Then, the order manager 602 receiving the order from the software executor 601 obtains the file key of the software of the order from the file key storage unit 610, and the encrypted file key generation unit 612 stores the file key in the corresponding execution unit. Create an encrypted file key by encrypting with the encryption key. Then, the encrypted file key is notified to the software execution unit 601.
[0010]
The software executor 100 that has received the encrypted file key stores it in the encrypted file key storage unit 107. Then, during execution of the software, the encrypted file key decryption unit 108 decrypts the encrypted file key stored in the encrypted file key storage unit 107 with its own encryption key stored in the executor encryption key storage unit 106. To get the file key. The software decryption execution unit 109 decrypts the encrypted software with the file key obtained by the encrypted file key decryption unit 108 and executes the software. It should be noted that the encrypted file key is information that is valid only for the execution unit, and cannot be used even if it is obtained by another person from the communication path or the storage unit.
[0011]
[Problems to be solved by the invention]
However, in the conventional software protection system as described above, if it is assumed that the order of the software and the reception of the encrypted file key are all performed via the telephone, a large amount of information is transmitted by telephone as described below. , Lacks practicality.
[0012]
First, the bit numbers of the file key and the executor encryption key will be described. The file key is a key for encrypting the original software. The executor encryption key is a key for encrypting the file key. Incidentally, the encryption here is generally performed using a secret key block cipher. Examples of the secret key block cipher include DES (Data Encryption Standard), which is the most widely used encryption system in the United States, and FEAL (Fast Data Enforcement Algorithm) developed in Japan after that. Regardless of which of these encryption methods is adopted, it is currently recognized that the number of bits of the key needs to be about 64 bits in order to ensure security. Therefore, each of the file key and the executor encryption key is data of about 64 bits. DES is described in FIP PUB 46, NBS Jan. , 1977; Shimizu & S.M. Miyaguchi: "Fast Data Enhancement Algorithm FEAL", Advances in Cryptology-EUROCRYPT'87, Springer bookstore, respectively, is described in detail.
[0013]
Next, the number of bits of the encrypted file key will be described. The encrypted file key is obtained by encrypting the file key with the execution unit encryption key. As described above, since the file key and the executor encryption key require about 64 bits, the encrypted file key also has a value of about 64 bits. If 64 bits are represented by, for example, a decimal number, it is approximately 20 digits. By the way, the encrypted file key is verbally transmitted by telephone from an operator who operates the order manager 602 to a user who operates the software executor 601. Further, the operator of the software executor 601 needs to input the transmitted encrypted file key to the software executor 601. However, with such a long digit, the possibility of mistakes, misunderstandings, and mistakes in input becomes extremely large, and a practical problem arises.
[0014]
Conversely, if the number of digits of the encrypted file key is reduced in consideration of the above practicality, the number of bits of the file key and the execution encryption key is reduced, and the security is reduced.
[0015]
Further, in the above conventional example, one encrypted file key corresponds to one software order. Therefore, for N software orders, the amount of information to be transmitted is N times.
[0016]
In the above-described conventional example, once the encrypted file key for the software is obtained, the software can be executed any number of times, that is, the execution right is purchased. However, depending on the type of software, it may be more convenient to pay a fee according to the amount of software used. In this mode, for example, execution can be performed a predetermined number of times using the execution right received from the order management device.
[0017]
A first object of the present invention is to reduce the amount of information between a software execution unit and an order management unit without deteriorating security (for example, without reducing the number of bits of a cryptographic key). It is to provide a software protection system that can.
[0018]
A second object of the present invention is that the amount of information between the software executor and the order manager does not depend on the number of software to be ordered (that is, the amount of information when ordering N software is one piece of information). (The amount of information is the same when ordering software).
[0019]
A third object of the present invention is to provide a software protection system that flexibly responds to a conditional execution right such as a limit on the number of times.
[0020]
[Means for Solving the Problems]
The invention according to claim 1 manages one or more software executors that execute the provided software, is connected to each software executor via a communication path, and manages software orders received from each software executor. A software protection system with an order manager
Each software executor
Executing unit ID storing means for storing a unique executing unit ID;
First secret information storage means for storing unique executor secret information;
Order creation means for creating and storing order information of one or more software execution rightsWhen,
Executor ID and order informationTo, Sent to order management device via communication channelThe first sending means to,
The order manager is
Second secret information storage means for storing all the executor secret information stored in each software executor;
Executor secret information corresponding to the executor ID received from the software executor is obtained from the second secret information storage means, and execution right generation is dependent on the obtained executor secret information and the order information received from the software executor. Execution right generation password generation means for generating a passwordWhen,
Execution right generation passwordTo, Sent to software executor via communication channelAnd second sending means,
Each soft executor further
Using the order information stored in the order creation means and the executor secret information stored in the first secret information storage means, an execution right for checking the validity of the execution right generation password received from the order manager. Generated password checking means,
When the execution right generation password checking unit checks the validity of the execution right generation password as a result of the check, the execution right is generated to generate the execution right of the ordered software based on the order information stored and held in the order creation unit. Right generation means;
Software for which execution rights existRealAnd software executing means for executing the software.
[0021]
The invention according to claim 2 is the invention according to claim 1,
The execution right generation password generation unit converts the order information received from the software execution unit and the execution unit secret information obtained from the second secret information storage unit into a data compression function whose output relates to all of the input bits. Input and output the output result of this data compression function as the execution right generation password,
The execution right generation password checking unit uses the order information stored and held in the order creation unit and the executor secret information stored in the first secret information storage unit to perform data compression using the execution right generation password generation unit. Input to the same data compression function as the function, and when the output result matches the execution right generation password received from the order management device, judge that the execution right generation password is valid.You.
[0022]
The invention according to claim 3 is the invention according to claim 1,
The order manager further includes third secret information storage means for storing secret information used for the public key signature scheme,
The execution right generating password generating means uses the secret information stored in the third secret information storing means, the executor secret information obtained from the second secret information storing means, and the order information received from the software executor. , Generate an execution right generation password digitally signed by a public key signature method,
The software executor further includes public information storage means for storing public information corresponding to secret information used for the public key signature scheme,
The execution right generation password checking means,further,Public information stored in public information storage meansInformationThe validity of the execution right generation password received from the order management device is confirmed by the signature confirmation method corresponding to the public key signature method.AlsoInspectYou.
[0023]
The invention according to claim 4 manages one or more software executors that execute the provided software, is connected to each software executor via a communication path, and manages an order of software received from each software executor. A software protection system with an order manager
Each software executor
Executing unit ID storing means for storing a unique executing unit ID;
First secret information storage means for storing unique executor secret information;
Order creation means for creating and storing order information for execution rights of one or more software;
Change value generating means for generating and storing a change value which changes each time order information is created by the order creating meansWhen,
Executor ID,Order information and change valuesTo, Sent to order management device via communication channelThe first sending means to,
Order Manager
Second secret information storage means for storing all the executor secret information stored in each software executor;
Executor secret information corresponding to the executor ID received from the software executor is obtained from the second secret information storage means, and the obtained executor secret information depends on the order information and the change value received from the software executor. Execution right generation password generation means for generating an execution right generation passwordWhen,
Execution right generation passwordTo, Sent to software executor via communication channelAnd a second sending means,
Each soft executor further
The order information is received from the order manager using the order information accumulated and held in the order creation means, the change value accumulated and held in the change value generation means, and the executor secret information stored in the first secret information storage means. Execution right generation password checking means for checking the validity of the execution right generation password,
When the execution right generation password checking unit checks the validity of the execution right generation password as a result of the check, the execution right is generated to generate the execution right of the ordered software based on the order information stored and held in the order creation unit. Right generation means;
Software for which execution rights existRealAnd software executing means for executing the software.
[0024]
The invention according to claim 5 is the invention according to claim 4,
The execution right generation password generation unit converts the order information and the change value received from the software execution unit and the execution unit secret information obtained from the second secret information storage unit into data whose output relates to all of the input bits. Input to the compression function, output the output result of this data compression function as the execution right generation password,
The execution right generation password checking unit compares the order information stored and held in the order creation unit, the change value stored and held in the change value generation unit, and the executor secret information stored in the first secret information storage unit. Input to the same data compression function as the data compression function used by the execution right generation password generation means, and when the output result matches the execution right generation password received from the order management device, the execution right generation password is valid. Judge that there isYou.
[0025]
The invention according to claim 6 manages one or more software executors for executing the provided software, is connected to each software executor via a communication path, and manages an order of software received from each software executor. A software protection system with an order manager
Each software executor
Executing unit ID storing means for storing a unique executing unit ID;
First secret information storage means for storing unique executor secret information;
Order creation means for creating and storing order information for execution rights of one or more software;
First time stamp generating means for generating and accumulating and holding a time stamp each time order information is generated by the order generating meansWhen,
Executor ID and order informationTo, Sent to order management device via communication channelThe first sending means to,
The order manager is
A second time stamp generating means for generating a time stamp upon receiving the executor ID and the order information from the software executor;
Second secret information storage means for storing all the executor secret information stored in each software executor;
Executor secret information corresponding to the executor ID received from the software executor is obtained from the second secret information storage means, and the obtained executor secret information, the order information received from the software executor, and the second Execution right generation password generation means for generating an execution right generation password dependent on the time stamp generated by the time stamp generation meansWhen,
Execution right generation passwordTo, Sent to software executor via communication channelAnd second sending means,
Each soft executor further
Order management using the order information stored and held in the order creation means, the time stamp stored and held in the first time stamp generation means, and the executor secret information stored in the first secret information storage means. Execution right generation password checking means for checking the validity of the execution right generation password received from the device;
When the execution right generation password checking unit checks the validity of the execution right generation password as a result of the check, the execution right is generated to generate the execution right of the ordered software based on the order information stored and held in the order creation unit. Right generation means;
Software for which execution rights existRealAnd software executing means for executing the software.
[0026]
The invention according to claim 7 manages one or more software executors that execute the provided software, is connected to each software executor via a communication path, and manages software orders received from each software executor. A software protection system with an order manager
Each software executor
Executing unit ID storing means for storing a unique executing unit ID;
First secret information storage means for storing unique executor secret information;
Order creation means for creating and storing order information for execution rights of one or more software;
Order authentication information generation means for generating, storing and holding order authentication information depending on order information and executor secret informationWhen,
Executor ID,Order information and order authentication informationTo, Sent to order management device via communication channelThe first sending means to,
The order manager is
Second secret information storage means for storing all the executor secret information stored in each software executor;
Executor secret information corresponding to the executor ID received from the software executor is obtained from the second secret information storage means, and the obtained executor secret information, the order information and the order authentication information received from the software executor are used. Executing the software execution unit and the order information, and if the authentication result is valid, an execution unit authentication unit that treats the order authentication information as order identification information for identifying the order;
Execution right generation password generation means for generating an execution right generation password depending on order information and order identification information only when the authentication result in the execution unit authentication means is validWhen,
Execution right generation passwordTo, Along with order identification information, sent to software executor via communication channelIncluding the second sending means,
Each soft executor further
An execution right generation password for checking the validity of the execution right generation password received from the order manager using the order information stored and held in the order creation means and the order authentication information stored and held in the order authentication information generation means. Inspection means;
When the execution right generation password checking unit checks the validity of the execution right generation password as a result of the check, the execution right is generated to generate the execution right of the ordered software based on the order information stored and held in the order creation unit. Right generation means;
Software for which execution rights existRealAnd software executing means for executing the software.
[0027]
The invention according to claim 8 is the invention according to claim 7,
The order authentication information generating means converts the order information created by the order creating means and the executor secret information stored in the first secret information storing means into a data compression function such that the output relates to all of the input bits. And outputs the output result of this data compression function as order authentication information,
The executor authentication unit converts the executor secret information obtained from the second secret information storage unit and the order information received from the software executor into the same data compression function as the data compression function used in the order authentication information generation unit. If the output result of this data compression function matches the order authentication information received from the software executor, authenticate the software executor that made the order and that the order information is valid,
The execution right generation password generation means inputs the order information and the order identification information received from the software executor to the same data compression function as the data compression function used in the order authentication information generation means, and outputs the data compression function. Is output as the execution right generation password,
The execution right generation password checking unit compares the order information stored and held in the order creation unit and the order authentication information stored and held in the order authentication information generation unit with the same data compression function used in the order authentication information generation unit. When input to the data compression function and the output result matches the execution right generation password received from the order management device, the execution right generation password is determined to be valid.You.
[0028]
According to a ninth aspect of the present invention, one or more software executors for executing the provided software are connected to each software executor via a communication path, and manage the order of software received from each software executor. A software protection system with an order manager
Each software executor
Executing unit ID storing means for storing a unique executing unit ID;
First secret information storage means for storing unique executor secret information;
Order creation means for creating and storing order information for execution rights of one or more software;
A change value generating unit that changes each time order information is created by the order creating unit, generates a change value having a predetermined data structure or meaning, accumulates and holds,
An order authentication information generating means for obtaining a value dependent on the order information and the executor secret information, and converting a change value by the obtained value to generate and store and hold the order authentication information;When,
Executor ID,Order information and order authentication informationTo, Sent to order management device via communication channelAnd a first sending means to
The order manager is
Second secret information storage means for storing all the executor secret information stored in each software executor;
Executor secret information corresponding to the executor ID received from the software executor is obtained from the second secret information storage means, and a value depending on the obtained executor secret information and the order information from the software executor is obtained. Reverse conversion means for reverse converting the order authentication information from the software execution device using this value,
When the output of the inverse conversion means has the same data structure or meaning as the change value, an execution unit authentication means for authenticating that the software execution unit and the order information are valid,
An execution right generation password generation unit that generates an execution right generation password depending on order information only when the authentication result of the execution unit authentication unit is valid.When,
Execution right generation passwordTo, Sent to software executor via communication channelAnd second sending means,
Each soft executor further
An execution right generation password for checking the validity of the execution right generation password received from the order manager using the order information stored and held in the order creation means and the order authentication information stored and held in the order authentication information generation means. Inspection means;
When the execution right generation password checking unit checks the validity of the execution right generation password as a result of the check, the execution right is generated to generate the execution right of the ordered software based on the order information stored and held in the order creation unit. Right generation means;
Software for which execution rights existRealAnd software executing means for executing the software.
[0029]
The invention according to claim 10 is the invention according to claim 9, wherein
The order authentication information generating means compresses the order information created by the order creating means and the executor secret information stored in the first secret information storage means such that the output relates to all of the input bits. Input to the function, output the exclusive OR of the output result and the change value as order authentication information,
The inverse conversion means inputs the order information from the software executor and the executor secret information obtained from the second secret information storage means to the same data compression function as the data compression function used in the order authentication information generation means. By performing an exclusive OR operation on the output result and the order authentication information from the software execution unit, the order authentication information is inversely transformed,
The execution right generation password generation means inputs the order information and the order identification information received from the software executor to the same data compression function as the data compression function used in the order authentication information generation means, and outputs the data compression function. Is output as the execution right generation password,
The execution right generation password checking unit compares the order information stored and held in the order creation unit and the order authentication information stored and held in the order authentication information generation unit with the same data compression function used in the order authentication information generation unit. When input to the data compression function and the output result matches the execution right generation password received from the order management device, the execution right generation password is determined to be valid.You.
[0030]
The invention according to claim 11 is the invention according to claim 7 or 9,
The execution right generation password generation means generates an execution right generation password dependent on the execution unit secret information obtained from the second secret information storage unit, in addition to the order information received from the software execution unit,
The execution right generation password checking unit uses the order information accumulated and held in the order creation unit and the execution unit secret information stored in the first secret information storage unit to execute the execution right generation password received from the order management unit. Check password validityYou.
[0031]
The invention according to claim 12 is the invention according to claim 7 or 9,
The order manager further includes third secret information storage means for storing secret information used for the public key signature scheme,
The execution right generation password generation means includes: secret information stored in the third secret information storage means; executor secret information obtained from the second secret information storage means; order information and order authentication received from the software executor. Using the information, generate an execution right generation password digitally signed by a public key signature method,
The software executor further includes public information storage means for storing public information corresponding to secret information used for the public key signature scheme,
The execution right generation password checking means,further,Public information stored in public information storage meansWhen,Using the executor secret information stored in the first secret information storage means, the validity of the execution right generation password received from the order manager is confirmed by a signature confirmation method corresponding to the public key signature method.AlsoInspectYou.
[0032]
The invention according to claim 13 manages one or more software executors that execute the provided software, is connected to each software executor via a communication path, and manages software orders received from each software executor. A software protection system with an order manager
Each software executor
Executing unit ID storing means for storing a unique executing unit ID;
First secret information storage means for storing unique executor secret information;
Order creation means for creating and storing order information of one or more software execution rightsWhen,
Executor ID and order informationTo, Sent to order management device via communication channelAnd a first sending means to
The order manager is
First module storage means for storing a first execution right generation module;
Second secret information storage means for storing all the executor secret information stored in each software executor;
First calculating means for calculating a value dependent on order information from the software executor and executor secret information obtained from the second secret information storage means;
An execution right generation password generation unit that generates an execution right generation password by converting a first execution right generation module using the calculation result of the first calculation unitWhen,
Execution right generation passwordTo, Sent to software executor via communication channelAnd a second sending means,
Each soft executor further
Second module storage means for storing a second execution right generation module;
Second calculating means for calculating a value dependent on the order information stored and held in the order creating means and the executor secret information stored in the first secret information storing means;
An execution right generation password reverse conversion unit that generates a first execution right generation module by inversely converting the execution right generation password from the order manager using the calculation result of the second calculation unit;
Using the first execution right generation module generated by the execution right generation password reverse conversion unit and the second execution right generation module stored in the second module storage unit, the order execution unit stores and holds the execution right generation module. Execution right generation means for generating software execution right based on the received order information;
Module erasing means for erasing the first execution right generation module after execution right generation;
Software for which execution rights existRealAnd software executing means for executing the software.
[0033]
The invention according to claim 14 is the invention according to claim 13,
The first execution right generation module stored in the first module storage means has a predetermined data structure and meaning,
The execution right generation module is configured to execute the first execution right generation module and the second execution right generation module only when the inverse conversion result of the execution right generation password reverse conversion unit has the same data structure and meaning as the first execution right generation module. A software execution right based on the order information stored and held in the order creation means by using the execution right generation module ofYou.
[0035]
Claim 15The invention according to claims 1 to 14In the invention according to any of the above,
The software provided to the software executor is encrypted including software-specific information,
The execution right generation means decrypts the encrypted software corresponding to the order information stored and held in the order creation means when the execution right generation password checking means confirms the validity of the execution right generation password from the order management device. By obtaining the software-specific information and encrypting the obtained software-specific information with the executor secret information, an execution right of the ordered software is generated,
The software execution means decrypts the encrypted software corresponding to the order information stored and held in the order creation means to obtain the software and software unique information, and decrypts the execution right using the executor secret information to decrypt the software unique information. Information, and execute the decrypted software only if the software-specific information obtained by decryption matches.You.
[0036]
Claim 16The invention according to claims 1 to 14In the invention according to any of the above,
The order creation means stores and holds the created order information in a nonvolatile manner, and deletes the order information after the execution right creation means generates the execution right of the corresponding software.You.
[0037]
Claim 17The invention according to claims 1 to 14In the invention according to any of the above,
The software executor and the order manager each maintain a history of information exchanged between them.You.
[0038]
Claim 18The invention according to claims 1 to 14In the invention according to any of the above,
The software executor and the order manager maintain the codes corresponding to all software combinations as tables,
The software executor sends the code obtained from the table to the order management device as order information.You.
[0039]
[Action]
According to the first aspect of the present invention, the software execution unit generates an execution unit ID and order information and sends them to the order management unit to order software. The order management unit generates an execution right generation password, which is information dependent on the received order information and the execution unit secret information corresponding to the execution ID, and sends it to the software execution unit. The software executor determines whether the execution right generation password is consistent with the order information previously sent to the order management device or its own executor secret information. An execution right for software corresponding to the information is generated, and the software is executed. As described above, only the execution right generation password, that is, the information that gives permission for the software execution unit to generate the software execution right corresponding to the order information is sent from the order management device to the software execution device. The number of digits can be reduced as compared with the case of sending the data itself. Even if the software executor orders a plurality of software at one time, the amount of information is the same as the amount of information when one software is ordered.
[0040]
In the invention according to claim 2, the order manager inputs the order information received from the software executor and the executor secret information corresponding to the executor ID to a predetermined data compression function (for example, a hash function). The output result of this data compression function is output as an execution right generation password. On the other hand, the soft executor inputs the order information stored and held therein and its own executor secret information to the same data compression function as described above, and the output result is the execution right received from the order manager. When the password matches the generated password, it is determined that the execution right generated password is valid. As described above, since the execution right generation password is generated using the data compression function, the number of digits can be further reduced.
[0041]
In the invention according to claim 3, the order manager holds the secret information used for the public key signature scheme, the secret information, the executor secret information corresponding to the executor ID, and the order received from the software executor. Using the information, an execution right generation password digitally signed by a public key signature scheme is generated. On the other hand, the software executor holds the public information corresponding to the secret information used in the public key signature scheme, and uses the public information, the order information, and its own executor secret information to perform the public key signature scheme. The validity of the execution right generation password received from the order management device is checked by the signature confirmation method corresponding to (1). As described above, since the execution right generation password digitally signed is sent to the software execution unit, it is almost impossible to forge the execution right generation password on the software execution unit side, and the extremely secure software protection is realized. The system can be realized.
[0042]
In the invention according to claim 4, a change value that changes each time order information is created is sent from the software execution unit to the order management unit together with the order information. Then, the order manager generates an execution right generation password depending on the executor secret information, the order information, and the change value, and sends it to the order manager. The software executor checks the validity of the execution right generation password using the order information, the change value, and the executor secret information. Therefore, the execution right generation password from the order manager becomes valid only in the software executor holding the corresponding change value. Therefore, even if you create the same order at different times and enter the previous execution right generation password, the change value generated at the time of the subsequent order is different from the change value generated at the time of the previous order, The entered password is not valid.
[0043]
In the invention according to claim 5, the order manager inputs the order information, the change value, and the executor secret information to a data compression function such as a hash function, and uses an output result of the data compression function as an execution right generation password. Output. On the other hand, the software executor inputs the order information, the change value, and the executor secret information held therein to the same data compression function as described above, and outputs the execution right generation password received from the order manager. When it matches, the execution right generation password is determined to be valid. As described above, since the execution right generation password is generated using the data compression function, the number of digits can be further reduced.
[0044]
In the invention according to claim 6, a time stamp is used instead of the change value in claim 4. Since the time stamp is held in common by the software execution unit and the order management unit, it is not necessary to send a change value from the software execution unit to the order management unit.
[0045]
In the invention according to claim 7, by introducing the order authentication information depending on the order information and the executor secret information, the order management device authenticates the order information and the software executor before issuing the execution right generation password. It can be carried out. If the authentication result is OK, the order manager treats the order authentication information as order identification information for identifying the order, generates an execution right generation password depending on the order information and the order identification information, and generates a software. Send to executor. The software executor checks the validity of the execution right generation password received from the order manager using the order information and the order authentication information held therein, and when the check result is OK, the software execution is executed. Generate rights and execute the corresponding software.
[0046]
In the invention according to claim 8, the software execution unit inputs the order information and the execution unit secret information to a data compression function such as a hash function, and obtains an output result of the data compression function as order authentication information. In addition, the order manager inputs the executor secret information and the order information received from the software executor to the same data compression function as described above, and the output result matches the order authentication information received from the software executor. If so, the software executor and the order information are authenticated as valid. Further, the order manager inputs the order information and the order identification information to the same data compression function as described above, outputs the output result of this data compression function as an execution right generation password, and sends it to the software execution unit. On the other hand, the software execution unit inputs the order information and the order authentication information to the same data compression function as described above, and when the output result matches the execution right generation password from the order management unit, the execution right generation password Judge as legitimate.
[0047]
In the invention according to claim 9, the software execution unit converts a change value that changes every time order information is created and has a predetermined data structure or meaning with a value that depends on the order information and the execution unit secret information. , Generate order authentication information. The order authentication information is sent to the order management device together with the execution device ID and the order information. The order manager obtains a value depending on the executor secret information corresponding to the executor ID and the order information from the software executor, and uses this value to inversely convert the order authentication information from the software executor, If the result of the inverse conversion has the same data structure or meaning as the change value, it verifies that the software executor and the order information are valid. Then, only when the authentication result is valid, the order management device generates an execution right generation password depending on the order information and sends it to the software execution device. The software executor checks the validity of the execution right generation password received from the order management device using the order information and the order authentication information held therein, and when the validity of the execution right generation password is confirmed. Then, the execution right of the ordered software is generated. With such a configuration, the number-of-times limiting function and the user authentication function can be realized without increasing the amount of information exchanged between the software execution unit and the order management unit.
[0048]
In the invention according to claim 10, the software execution unit inputs the order information and the execution unit secret information to a data compression function such as a hash function, and uses the exclusive OR of the output result and the change value as the order authentication information. It has gained. The order manager inputs the order information from the software executor and the executor secret information corresponding to the executor ID to the same data compression function as described above, and outputs the result and the order authentication information from the software executor. By performing an exclusive OR operation on the order authentication information, the order authentication information is inversely converted. Further, the order manager inputs the order information and the order identification information from the software executor to the same data compression function as described above, and outputs the output result of this data compression function as an execution right generation password. I have. The software executor inputs the order information and order authentication information held therein to the same data compression function as described above, and when the output result matches the execution right generation password received from the order management device, It is determined that the execution right generation password is valid.
[0049]
In the invention according to claim 11, the order management device generates an execution right generation password depending on the order information received from the software execution device and the execution device secret information corresponding to the execution device ID. On the other hand, the software executor checks the validity of the execution right generation password received from the order manager using the order information and the executor secret information held therein.
[0050]
In the invention according to claim 12, the order management device communicates secret information used in the public key signature scheme, executor secret information corresponding to the executor ID, and order information and order authentication information received from the software executor. To generate an execution right generation password digitally signed by a public key signature method and send it to the software execution unit. The software executor uses the public information corresponding to the secret information used in the public key signature scheme, and the order information, order authentication information and the executor secret information held therein, and performs the signature corresponding to the public key signature scheme. The validity of the execution right generation password received from the order management device is checked by the confirmation method. As described above, since the execution right generation password digitally signed is sent to the software execution unit, it is almost impossible to forge the execution right generation password on the software execution unit side, and the extremely secure software protection is realized. The system can be realized.
[0051]
In the invention according to claim 13, the execution right cannot be generated only by the second execution right generation module stored in the software execution unit. The order manager converts the first execution right generation module for activating the second execution right generation module into a form depending on the order information from the software execution unit and the execution unit secret information, and executes the execution right. Send as a generated password. On the software executor side, if the order information and the executor are correct, the second execution right generation module stored therein can be activated using this execution right generation password. In this case, even if the software executor attempts to generate an execution right illegally, the information cannot be used in the second execution right generation module in terms of the amount of information. Therefore, a more secure software protection system can be realized.
[0052]
In the invention according to claim 14, the first execution right generation module stored in the order management unit has a predetermined data structure and meaning, and the software execution unit determines that the inverse conversion result of the execution right generation password is the first conversion result. The software execution right is generated using the first execution right generation module and the second execution right generation module only when the data has the same data structure and meaning as the execution right generation module.
[0053]
In the invention according to claim 15, the order manager uses the secret information used for the public key signature scheme and the calculation result of the first calculation means that is a value dependent on the order information and the executor secret information, By converting the first execution right generation module, an execution right generation password digitally signed by a public key signature method is generated. On the other hand, the software executor uses the public information corresponding to the secret information used in the public key signature scheme and the calculation result of the second calculating means, which is a value dependent on the order information and the executor secret information, to obtain the public key. The execution right generation password from the order manager is inversely converted by the signature confirmation method corresponding to the signature method.
[0054]
In the invention according to claim 16, the software provided to the software execution unit is encrypted including the software-specific information. Then, when confirming the validity of the execution right generation password from the order management device, the software execution device obtains software-specific information by decrypting the encryption software corresponding to the order information held therein, The right to execute the ordered software is generated by encrypting the acquired software unique information with the executor secret information. Also, the software executor obtains the software and software unique information by decrypting the encrypted software corresponding to the order information held therein, and decrypts the execution right using the executor secret information to obtain the software unique information. Information is obtained, and the decrypted software is executed only when the software-specific information obtained by the decryption matches.
[0055]
In the invention according to claim 17, the software execution unit stores and stores the created order information in a nonvolatile manner, and deletes the order information after generating the execution right of the corresponding software. Thus, it is possible to send only the order continuously for the time being, and control the execution of the software based on the execution right generation password returned later.
[0056]
In the invention according to claim 18, the software execution unit and the order management unit hold a history of information exchanged between them. This makes it possible to flexibly deal with troubles that occur later.
[0057]
In the invention according to claim 19, the software execution device and the order management device hold codes corresponding to all combinations of software as a table, and the software execution device orders the code obtained from the table as order information. It is sent to the management device. Thereby, the data amount of the order information can be further reduced.
[0058]
【Example】
(1) First embodiment
FIG. 1 is a block diagram showing the configuration of the software protection system according to the first embodiment of the present invention. In FIG. 1, the software protection system of the present embodiment includes a software execution unit 101 that executes software, and an order management unit 102 that distributes software to the software execution unit 101.
[0059]
The software executor 101 stores an encrypted software storage unit 3, an order creation unit 4, an execution unit ID storage unit 5, and an execution unit encryption key (an example of execution unit secret information) corresponding to the execution unit ID. Device encryption key storage unit 6, an execution right generation password checking unit 7 for checking the validity of the execution right generation password received from the order management unit 102, and an execution right using the execution device encryption key based on the order information. An execution right generation unit 8 for generating, an execution right storage unit 9 for storing the generated execution right, and a software decryption execution unit for decrypting and executing the encrypted software when the corresponding execution right is valid when executing the software 10 is included. In the software execution unit 101 having such a configuration, the order information created by the order creation unit 4 and the execution unit ID are transmitted to the order management unit 102, and the execution right generation password for executing the encryption software is transmitted. Required.
[0060]
On the other hand, the order management unit 102 includes an execution unit encryption key storage unit 11 storing the execution unit encryption keys of all the software execution units, and an execution right depending on the order information and the execution unit encryption key of the corresponding software execution unit. An execution right generation password generation unit 12 that generates a generation password.
[0061]
Next, the operation of the software protection system of the first embodiment shown in FIG. 1 will be described. In the following description, communication between the software execution unit 101 and the order management unit 102 is performed by a person who operates them via a telephone.
[0062]
First, a method for generating encrypted software will be described. A unique authenticator authA is defined for the software SoftA. Then, SoftA and the authenticator authA are combined, and the combined data is encrypted using common secret information S (not shown) in the system to generate encrypted software. In terms of the expression, the encryption software ESSoftA is
ESSoftA = E (S, authA‖SoftA)
It becomes. In the above equation, E (S, *) indicates a cryptographic function using S as a key, and ‖ indicates a combination. Similarly, for the other software SoftB, encryption software is created in correspondence with the unique authenticator authB. Hereinafter, a plurality of encryption software created by the same procedure are stored in, for example, one CD-ROM and distributed to the software execution unit 101 in advance. In the embodiment shown in FIG. 1, the encryption software is stored in the encryption software storage unit 3.
[0063]
By operating the software executor 101, the user of the software executor 101 designates the software desired to be executed from the software stored in the encrypted software storage unit 3. For example, software A and software C. In response, order creation unit 4 generates corresponding order information. This order information is temporarily stored in the order creation unit 4. Then, the user of the software execution unit 101 sends the order information and the execution unit ID unique to the software execution unit 101 (stored in the execution unit ID storage unit 5) to the operator of the order management unit 102 by telephone. Notice. This completes the order.
[0064]
When the order information notified from the software execution unit 101 is input, the execution right generation password generation unit 12 in the order management unit 102 first performs authentication (or user authentication) of the software execution unit 101 that has placed the order. Next, the encryption key of the corresponding software execution unit 101 is obtained from the execution unit encryption key storage unit 11. Next, the execution right generation password generation unit 12 combines the order information received from the software execution unit 101 with the execution unit encryption key obtained from the execution unit encryption key storage unit 11, and determines the combined data in advance. Input to the hash function. The output of this hash function is transmitted to the user of the software execution unit 101 by telephone as an execution right generation password.
[0065]
Here, the hash function is a data compression type cryptographic process, whose output depends on all the bits of the input, and has a property that a different input pair having the same output cannot be easily found. I have. The specific configuration method is described in detail in, for example, “Modern Cryptography Theory” by Ikeno and Koyama, pages 224 to 225 published by the Institute of Electronics, Communication and Communication Engineers. The hash function used in this embodiment is, for example, a function that compresses an input into a value of about 10 decimal digits.
[0066]
The user of the software executor 101 inputs the execution right generation password received by telephone to the execution right generation password checking unit 7. This execution right generation password checking unit 7 stores the same hash function as that used in the order management unit 102. Then, the execution right generation password checking unit 7 combines the hash information with the order information stored in the order creation unit 4 and the execution unit encryption key stored in the execution unit encryption key storage unit 6. Enter the data. Next, the execution right generation password checking unit 7 compares the output result of the hash function with the execution right generation password obtained from the order manager 102. At this time, the order information stored in the order creation unit 4 is different from the content actually transmitted to the order management unit 102, or the execution unit encryption key stored in the software execution unit 101 is If it is different from the executor encryption key obtained in 102, the result of this comparison is NG (mismatch).
[0067]
The execution right generation unit 8 is activated and generates an execution right only when the check result of the execution right generation password check unit 7 is OK (match). The method is as follows. First, the execution right generation unit 8 refers to the order information stored in the order creation unit 4, and extracts the corresponding encryption software from the encryption software storage unit 3. For example, assuming that ESSoftA is extracted as encryption software, the execution right generation unit 8 decrypts the extracted encryption software ESSoftA using a common secret key S (not shown) in the system, and An authenticator authA is obtained. Next, the execution right generation unit 8 encrypts the authenticator authA using the execution unit encryption key stored in the execution unit encryption key storage unit 6, and authenticates the authenticator obtained by this encryption to the execution right. And stored in the execution right storage unit 9. In general, in the case of the soft executor X having a specific executor encryption key Sx, the execution right of the software A is E (Sx, authA). Since this execution right is encrypted with the encryption key Sx unique to the execution unit X, even if a general memory that is not protected from being read from the outside is used as the execution right storage unit 9, there is no security leak. No problem arises.
[0068]
When executing the software A, the software decryption execution unit 10 first decrypts the encrypted software ESSoftA using a common secret key S in the system, and obtains an authenticator authA and SoftA. Next, the software decryption execution unit 10 extracts the execution right E (Sx, authA) corresponding to the software A from the execution right storage unit 9. Next, the soft decryption execution unit 10 compares the value obtained by decrypting the execution right E (Sx, authA) with the executor encryption key Sx and the authenticator obtained earlier. Then, the software decryption execution unit 10 executes the software SoftA when they match.
[0069]
As described above, in the first embodiment of the present invention, the execution right generation (corresponding to the generation of an encrypted file key in the conventional example) performed by the order manager in the conventional system is performed by the software execution unit. The side is doing. That is, in the present embodiment, the order manager 102 has a function of only giving the execution right generation unit 8 permission to start. Here, since the execution right generation password serving as the permission information is an output of a hash function depending on the order information and the encryption key of the execution unit, it can be realized with a value of about 10 decimal digits, The number of input errors is reduced, and the user interface is improved. Also, authentication of the order information and the executor becomes possible. Further, since the order manager 102 only gives the permission to start to the execution right generation unit 8, the execution right generation password can always be realized with a small number of digits without depending on the number of software to be ordered.
[0070]
Next, in the software protection system of the first embodiment, security against fraudulent activities will be described. In the system of the first embodiment, when the order manager 102 receives an order from the software executor 101 and issues an execution right generation password for the order, a charge corresponding to the order is made. As a method of payment, generally, a method such as credit will be adopted. Therefore, if it is difficult for the software executor 101 to generate an unauthorized execution right that is not subject to billing, the security of the system is high.
[0071]
First, as an external attack for generating an unauthorized execution right, the execution right generation unit 8 in the software execution unit 101 may be operated alone. Further, an attack may be considered in which the execution right generation unit 8 creates an execution right of software other than the order created by the order creation unit 4. These attacks can be dealt with by preventing the user from changing each component in the software execution unit 101.
[0072]
In the first embodiment, the execution right generation unit 8 is activated only after a series of operations in which an order is placed in the order creation unit 4 and the corresponding execution right generation password is checked next. That is, in the first embodiment, it is not possible to make a change so that only the execution right generation unit 8 operates alone. In the first embodiment, the execution right generation password check and the execution right generation unit 8 alone cannot be operated except for the order creation from the above series of operations. Further, when the order information created by the order creation unit 4 is used by the execution right generation password checking unit 7 and the execution right generation unit 8, the user cannot change the contents of the order information in any of them. Therefore, in the first embodiment, the execution right is not generated even if the above-mentioned unauthorized attack is performed.
[0073]
Considering that it is very common that the software executor 101 is a special-purpose device or that the program in the software executor is realized on a CD-ROM or the like, it is very easy for the user to execute the software executor. The fact that each of the constituent elements cannot be changed is realistic.
[0074]
Also, in order to execute software illegally, enter the execution right generation password received for one order as the execution right generation password for another order, or execute the software execution unit other than the software execution unit that placed the order There is also an attack that attempts to enter the password. However, in the system of the first embodiment, the execution right generation password is a value dependent on the order information and the execution unit encryption key. Therefore, when the order information and the software execution unit are different, the execution right generation password is not changed. Inspection does not pass. Therefore, the first embodiment can cope with such an unauthorized attack.
[0075]
Furthermore, in order to illegally execute software, an attack may be considered in which a password having an appropriate value is brute force input for an execution right generation password of a certain order. However, in the first embodiment, the number of digits of the password is set to about 10 in decimal, so that even if an unauthorized user tries to input the password appropriately, the probability that the password accidentally passes through the inspection unit 7 is obtained. Is actually considered to be close to zero. Therefore, the first embodiment can cope with such an attack.
[0076]
Further, in order to illegally execute the software, the user may forge the execution right generation password. This can be dealt with by using, for example, a public key signature method. When the public key signature method is used, a private key of the order manager 102 is required to generate the execution right generation password, so that a general user cannot forge the password. In addition, a method of not disclosing a procedure (operation) for issuing an execution right generation password can be dealt with. In the first embodiment, the execution right generation password checking unit 7 in the software execution unit 2 checks the execution right generation password in the same procedure as the generation of the execution right generation password. Is not published. Furthermore, since the execution right generation password checking unit 7 cannot be used alone (that is, the components in the software execution unit 101 can be changed), the problem of password forgery does not occur.
[0077]
When the execution right storage unit 9 is configured using a general memory having no read protection function, the execution right stored in the execution right storage unit 9 is analyzed to generate the execution right illegally. It is also conceivable. However, in the first embodiment, the execution right stored in the execution right storage unit 9 is encrypted with the corresponding encryption key of the software execution unit 101, and the execution unit encryption key is set to about 64 bits. The execution right cannot be easily analyzed. Further, by preventing the user from observing the executor encryption key or not disclosing the decryption process to the user, security can be further improved.
[0078]
From the above description, it can be seen that it is practically impossible to forge the execution right on the software execution unit 101 side.
[0079]
It should be noted that the system of the first embodiment is configured as a system in which the user can use the execution right an infinite number of times when the user obtains the execution right, that is, a “execution right purchase type” system. Therefore, the execution right generation password for the same order information may be input a plurality of times.
[0080]
(2) Second embodiment
FIG. 2 is a block diagram showing the configuration of the software protection system according to the second embodiment of the present invention. The second embodiment is different from the “execution right purchase type” system as in the first embodiment, and is effective when a condition such as the number of executions is added to the software execution right.
[0081]
By the way, in order to limit the number of executions of the ordered software, the execution right generation password must be valid only at the first input. This is because the following inconvenience arises if it is effective at the time of the second and subsequent inputs. For example, a software executor is software ARealIt is assumed that an order to be executed is created, and an execution right generation password for the order is obtained from the order manager. When this password is entered into the software executor, the software ARealAn execution right that can be executed is generated. Then this execution rightGanaAt that point, the software A again runs on the same software executor.RealCreate an order to place and enter your previous password without placing an order in the Order Manager. If this password becomes valid, the software AFruitWhen authority is generated, the limit on the number of executions is practically meaningless.
[0082]
Therefore, in the second embodiment, in order to make the execution right generation password valid only at the first input, a value that changes for each order is introduced in addition to the configuration of the first embodiment. That is, in the second embodiment, for each order information, a change value whose value changes each time is generated, and only the execution right generation password corresponding to this change value is made valid. There are various methods for realizing the change value that changes for each order. In the second embodiment, a random number is generated for each order, and this random number is used as a change value that changes for each order.
[0083]
In FIG. 2, the software protection system of this embodiment includes a software execution unit 201 that executes software, and an order management unit 202 that distributes software to the software execution unit 201. The software executor 201 includes an encrypted software storage unit 3, an order creation unit 4, an execution unit ID storage unit 5, an execution unit encryption key storage unit 6, an execution right It includes a generation unit 8, an execution right storage unit 9, and a software decryption execution unit 10. Further, the software execution unit 201 includes a random number generator 20 that is activated every time an order is placed, and an execution right generation password check that verifies the validity of the received execution right generation password using the order information, the execution unit encryption key, and the random number data. Unit 21.
[0084]
On the other hand, the order management unit 202 includes the execution unit encryption key storage unit 11 having the same configuration as the embodiment of FIG. Further, the order manager 202 uses the order information and the random number sent from the software executor 201 and the encryption key of the software executor 202 obtained from the executor encryption key storage unit 11 to execute all of them. An execution right password generation unit 22 that generates a right generation password is included.
[0085]
As described above, in the second embodiment, a new random number is generated for each order. Then, the user of the software execution unit 201 notifies the operator of the order management unit 202 of this random number in addition to the order information and the execution unit ID in the first embodiment by telephone. The random number has a value of about 10 decimal digits in order to improve the user interface.
[0086]
The execution right generation password generation unit 22 in the order management unit 202 generates data obtained by combining order information, a random number, and an execution unit encryption key of the corresponding software execution unit 201 with a hash function similar to that used in the first embodiment. Enter Then, the 10-digit decimal value, which is the output result of the hash function, is notified to the user of the software execution unit 201 by telephone as an execution right generation password.
[0087]
The user of the software execution unit 201 that has received the notification inputs the execution right generation password into the execution right generation password checking unit 21 of the software execution unit 201. The execution right generation password checking unit 21 combines the order information and the random number obtained from the order creation unit 4 and the random number generation unit 20 with the executor encryption key obtained from the order management unit 202, and uses it in the order management unit 202. To a hash function similar to the hash function you are doing. Then, the execution right generation password checking unit 21 compares the output result of the hash function with the input execution right generation password, and activates the execution right generation unit 8 only when both match. Subsequent operations are the same as those in the first embodiment, and a description thereof will be omitted.
[0088]
In the second embodiment, a new random number is automatically generated for each order. In the case of a formal procedure, the order management unit 202 issues an execution right generation password depending on the random number (= value that changes for each order). This execution right creation password is valid only in the software execution unit 201 that holds the corresponding random number. Therefore, since the random number at the time of generating the second and subsequent orders is different from the random number generated at the time of generating the first order, the execution right generation password obtained at the time of generating the first order cannot be illegally used more than once. . In the second embodiment, in addition to the measures for ensuring the security described in the first embodiment, it is preferable that the user cannot change or set the random number without permission.
[0089]
In the second embodiment, the previous random number is configured to remain until a new order is created. However, if it is possible to save the order once, the execution right May be cleared or updated at the stage when is generated. This further enhances security.
[0090]
(3) Third embodiment
FIG. 3 is a block diagram showing the configuration of the software protection system according to the third embodiment of the present invention. The third embodiment is obtained by adding efficient execution unit authentication to the first embodiment. In FIG. 3, the software protection system according to the third embodiment includes a software execution unit 301 that executes software, and an order management unit 302 that distributes software to the software execution unit 301.
[0091]
The software executor 301 includes an encrypted software storage unit 3, an order creation unit 4, an executor ID storage unit 5, an executor encryption key storage unit 6, and a configuration similar to that of the first embodiment. An execution right generation unit 8, an execution right storage unit 9, and a software decryption execution unit 10 are included. Further, the software execution unit 301 generates an order authentication information generation unit 30 that generates order authentication information depending on the order information and the execution unit encryption key, and checks the validity of the execution right generation password received from the order management unit 302 with the order information. , An execution right generation password checking unit 31 for checking using an execution unit encryption key and order authentication information.
[0092]
On the other hand, the order manager 302 includes an execution unit encryption key storage unit 11 having the same configuration as that of the embodiment of FIG. Further, the order manager 302 authenticates the software executor using the order information and the order authentication information received from the software executor 301 and the executor encryption key obtained from the executor encryption key storage unit 11. When the execution unit authentication result is OK, the authentication unit 32 uses the order authentication information as order identification information for identifying the order information, and further generates the execution right using the order information and the order identification information (= order authentication information). And an execution right generation password generation unit 33 for generating a password.
[0093]
Next, the operation of the software protection system according to the third embodiment shown in FIG. 3 will be described. First, when order information is created by the order creation unit 4 of the software execution unit 301, the order authentication information generation unit 30 converts the order information and the execution unit encryption code into the same hash function as used in the first embodiment. The data obtained by combining the execution unit encryption key obtained from the key storage unit 6 is input. Then, the user of the software execution unit 301 transmits the output result of the hash function as order authentication information to the operator of the order management unit 302 by telephone in addition to the order information and the execution unit ID. The order information and the order authentication information are stored in the order creation unit 4 and the order authentication information generation unit 30, respectively.
[0094]
In the order manager 302, first, the executor authentication unit 32 searches the executor encryption key storage unit 11 using the executor ID received from the software executor 301 as a key, and executes the executor encryption key of the corresponding software executor 301. To win. Next, the executor authentication unit 32 inputs the data obtained by combining the order information and the executor encryption key received from the software executor 301 into a hash function similar to that used in the software executor 301. Next, the execution unit authentication unit 32 compares the output result of the hash function with the order authentication information received from the software execution unit 301. Then, only when the comparison results match, the executor authentication unit 32 determines that the other party is the correct executor and has placed the correct order, and uses the order authentication information as order identification information for identifying the order, for example, Used to manage and exchange order information and related information. In addition, the execution right generation password generation unit 33 inputs data obtained by combining the order information and the order identification information (= order authentication information) to the same hash function as described above. Then, the operator of the order manager 302 notifies the user of the software executor 301 of the output result of the hash function as an execution right generation password by pairing with the order identification information.
[0095]
The user of the software executor 301 inputs the transmitted execution right generation password to the execution right generation password checking unit 31. In response, the execution right generation password checking unit 31 inputs data obtained by combining the order information stored in the order creation unit 4 and the order authentication information stored in the order authentication information generation unit 30 into a hash function, and It checks whether the output result matches the input execution right generation password. Then, the execution right generation password check unit 31 activates the execution right generation unit 8 only when the check results match. Subsequent operations are the same as in the first embodiment, and a description thereof will be omitted.
[0096]
In the third embodiment, the order manager 302 authenticates the order information and the software executor before issuing the execution right generation password. In an actual system, an authentication function is required in any case because charging is performed according to an order. Although this authentication function can be provided separately from the order, for example, in a method in which a challenge is performed and authentication is performed by responding to the challenge, the exchange of the challenge and the response actually causes the user of the software execution device to have a considerable effect. Burden. Therefore, in the third embodiment, the order information and the authentication of the software executor are efficiently performed simultaneously with the order. Therefore, in the third embodiment, order authentication information dependent on the order information and the encryption key of the execution unit is introduced. Then, the order authentication information is transmitted to the order management unit 302 in addition to the order information and the execution unit ID. Since the order authentication information is an output of the hash function in the third embodiment, the order authentication information can be realized by, for example, about 10 decimal digits, and does not impose a great burden on the user even when transmitted by telephone.
[0097]
The order manager 302 authenticates the order information and the software executor 301 by using the order authentication information. In other words, if the order information created by the order execution unit 4 by the software execution unit 301 is different from the order information transmitted to the order management unit 302 by telephone, the execution unit authentication unit 32 of the order management unit 302 executes NG is output. Also, when a certain software execution unit transmits information different from its own execution unit ID by telephone, the execution unit authentication unit 32 can check the information.
[0098]
Only when the authentication result is OK, the order manager 302 uses the order authentication information as order identification information for identifying the order. Then, the order manager 302 generates an execution right generation password corresponding to the order. This execution right generation password is transmitted to the software execution unit 301. Since this execution right generation password is also an output of the hash function, it can be realized with about 10 decimal digits. The software execution unit 301 checks the input execution right generation password using order information and order authentication information (= order identification information) stored therein. After this inspection, the order authentication information corresponding to the input execution right generation password and an execution right that is valid only in a specific software executor that holds the order information are generated. In this case, since the information of the execution unit encryption key is already included in the order identification information (= order authentication information) of the execution right generation password, the execution unit generation key itself includes the execution unit encryption key. Not.
[0099]
In the third embodiment, the user of the software execution unit 301 transmits order authentication information to the order management unit 302 in addition to the information to be transmitted in the first embodiment when ordering. Thus, the order manager 302 can authenticate the order information and the software executor before issuing the execution right generation password. This order authentication information has a value of about 10 decimal digits, and does not impose a great burden on the user of the software execution unit 301. In addition, authentication can be realized by the same number of exchanges as in the first embodiment, which is more efficient than the case where user authentication is separately provided. The order authentication information is used as order identification information for identifying the order information to manage the order information and information related thereto.
[0100]
(4) Fourth embodiment
FIG. 4 is a block diagram showing the configuration of the software protection system according to the fourth embodiment of the present invention. In the fourth embodiment, an efficient execution unit authentication function is added to the second embodiment in which random numbers are introduced. Similarly to the second embodiment, the fourth embodiment is effective when, for example, a condition such as the number of executions is added to the software execution right. In FIG. 4, the software protection system according to the fourth embodiment includes a software execution unit 401 that executes software, and an order management unit 402 that distributes software to the software execution unit 401.
[0101]
The software executor 401 includes an encryption software storage unit 3, an order creation unit 4, an execution unit ID storage unit 5, an execution unit encryption key storage unit 6, and a configuration similar to that of the first embodiment. An execution right generation unit 8, an execution right storage unit 9, and a software decryption execution unit 10 are included. Further, the software execution unit 401 includes an order hash unit 40 that performs a hash operation by combining the order information and the execution unit encryption key, and a random number generation unit 41 that generates a random number having a predetermined structure and meaning for each order. And an exclusive OR unit 42 for calculating an exclusive OR of the random number and the output of the order hash unit 40.
[0102]
On the other hand, the order management unit 402 includes the execution unit encryption key storage unit 11 having the same configuration as the embodiment of FIG. Further, the order manager 402 combines the executor encryption key obtained from the executor encryption key storage unit 11 and the order information received from the software executor 401 to perform the same hash operation as the software executor 401. And an exclusive OR unit 45 for calculating the exclusive OR of the order number and the output of the order hash unit 44 received from the software executing unit 401, and inputting the output of the exclusive OR unit 45 to the software executing unit 401 An execution unit authentication unit 46 that authenticates the validity and an execution right generation password generation unit 47 that starts up only when the authentication result of the execution unit authentication unit 46 is OK and generates an execution right generation password are included.
[0103]
Next, the operation of the software protection system according to the fourth embodiment shown in FIG. 4 will be described. First, in the software execution unit 401, when the order creation unit 4 creates order information, the order hash unit 40 stores the order information and the execution unit encryption key in a hash function similar to that used in the first embodiment. The data obtained by combining with the encryption key of the software execution unit obtained from the unit 6 is input. Further, the random number generation unit 41 generates random number data having a predetermined structure and meaning. As an example, in this embodiment, the three most significant bits of the random number data are set to “0”, and the three least significant bits are set to “1”. Other bits store random numbers. In addition to this example, the order management unit 402 and the software execution unit 401 may be determined in advance, and some data of the execution unit ID may correspond to a part of the random number data. Next, the exclusive OR unit 42 calculates an exclusive OR of the output of the order hash unit 40 and the random number data generated by the random number generation unit 41. The user of the software execution unit 401 notifies the operator of the order management unit 402 of the operation result of the exclusive OR unit 42 as order authentication information together with the order information and the execution unit ID. If the number of bits of the random number data is set to be substantially the same as the output of the order hash unit 40, the order authentication information becomes about 10 decimal digits, which is very large for the user of the software execution unit 401 and the operator of the order management unit 402. No burden.
[0104]
In the order manager 402, the executor authentication unit 46 obtains the encryption key of the corresponding software executor from the executor encryption key storage unit 11, combines this with the order information, and inputs it to the order hash unit 44. Then, the exclusive OR unit 45 calculates an exclusive OR of the output of the order hash unit 44 and the order authentication information received from the software execution unit 401. If the order information and the execution unit ID are correct, the output of the order hash unit 44 is the same as the output of the order hash unit 40 in the software execution unit 401 that has placed the order. The output of the exclusive OR unit 45 is the same as the random number data generated by the random number generation unit 41 of the software execution unit 401 that has placed the order. That is, in this case, the three most significant bits of the random number data are "0" and the three least significant bits are "1". The executor authentication unit 46 checks whether or not the output of the exclusive OR unit 45 has a predetermined random number structure or meaning. If the output is OK, the order information and the executor are correct. And authenticate. Then, only when this authentication result is OK, the execution right generation password generation unit 47 generates an execution right generation password. Subsequent operations are the same as in the third embodiment. That is, the execution right generation password generated by the order management unit 402 is transmitted to the software execution unit 401 by telephone or the like, and the software execution unit checks the password and creates an execution right of the software corresponding to the case of OK. Is done.
[0105]
In the fourth embodiment, as in the second embodiment, random numbers can be introduced to cope with the execution right generation with a limited number of times. Further, the fourth embodiment has a user authentication function as in the third embodiment. As described above, the fourth embodiment has both the functions of the second and third embodiments, but the amount of data exchanged between the software executor 401 and the order manager 402, in particular, the random order number and the execution order. The number of digits of the right generation password has not increased.
[0106]
(5) Fifth embodiment
FIG. 5 is a block diagram showing the configuration of the software protection system according to the fifth embodiment of the present invention. In the fifth embodiment, an inactive execution right generation module is provided in each software execution unit, and the execution right generation module is activated by an execution right generation password given from the order management unit. The module is characterized in that a predetermined execution right is generated. In the following description, the execution right generation module is divided into two parts. One of the execution right generation modules A is stored in the software execution unit, and the other execution right generation module B is encrypted. The software executor receives from the order manager. The execution right generation modules A and B can generate a predetermined execution right only when both are prepared. Accordingly, only the execution right generation module A stored in the software execution unit is in an inactive state, and cannot generate an execution right.
[0107]
In FIG. 5, the software protection system according to the fifth embodiment includes a software execution unit 501 that executes software, and an order management unit 502 that distributes software to the software execution unit 501.
[0108]
The software executor 501 includes an encrypted software storage unit 3, an order creation unit 4, an executor ID storage unit 5, an executor encryption key storage unit 6, and a configuration similar to that of the first embodiment. An execution right generation unit 8, an execution right storage unit 9, and a software decryption execution unit 10 are included. Further, the software execution unit 501 combines the order information and the execution unit encryption key to perform a hash operation, an order hash unit 50, a storage unit 51 storing the execution right generation module A, and an execution unit received from the order management unit 502. It includes an inverse conversion unit 52 for inversely converting the right generation password, and a storage unit 53 for storing the result of the inverse conversion by the inverse conversion unit 52. If the order information and the execution unit ID are correct, the storage unit 53 stores the execution right generation module B.
[0109]
On the other hand, the order manager 502 includes an execution unit encryption key storage unit 11 having the same configuration as that of the embodiment of FIG. Further, the order manager 502 combines the order information received from the software executor 501 with the encryption key of the corresponding executor obtained from the executor encryption key storage unit 11 and performs an hash operation on the order hash unit 54. , A storage unit 55 for storing the execution right generation module B, and an execution right generation password generation unit 56 for converting the module B using the output of the order hash unit 54 and generating an execution right generation password.
[0110]
Next, the operation of the software protection system according to the fifth embodiment shown in FIG. 5 will be described. First, the user of the software executor 501 operates the software executor 501 to designate an order for software to be executed. In response, the order creation unit 4 creates corresponding order information. Then, the user notifies the order management device 502 of the order information and the execution device ID unique to the software execution device 501 by telephone or the like.
[0111]
Upon receiving the notification from the software executor 501, the order manager 502 searches the executor encryption key storage unit 11 based on the executor ID, and acquires the encryption key of the corresponding software executor. Next, the order hash unit 54 combines the order information received from the software executor 501 with the executor encryption key obtained from the executor encryption key storage unit 11 and uses it in the first embodiment. Input to a similar hash function. The execution right generation password generation unit 56 converts the execution right generation module B using the hash value output from the order hash unit 54 as a key, and issues an execution right generation password. The operator of the order management unit 502 transmits the execution right generation password to the user of the software execution unit 501 by telephone or the like.
[0112]
Next, the user of the software executor 501 that has received the execution right generation password by telephone inputs the password into the inverse conversion unit 52 of the software executor 501. The order hash unit 50 has the same hash function as that used by the order manager 502. Then, the order hash unit 50 combines the order information stored in the order creation unit 4 with the executor encryption key obtained from the executor encryption key storage unit 6, and performs a hash operation on the combined data. . The reverse conversion unit 52 reversely converts the execution right generation password received from the order management unit 502 using the hash value output from the order hash unit 50 as a key. If the order information and the executor encryption key are valid, the hash value output from the order hash unit 50 is the same as the hash value in the order manager 502 (the output of the order hash unit 54). Therefore, the output of the inverse conversion unit 52 is the execution right generation module B. Next, the execution right generation unit 8 generates an execution right corresponding to the order information by using the execution right generation module A stored in the storage unit 51 in advance and the obtained module B. After the execution right generation unit 8 generates the execution right, the module B is deleted according to the execution right generation module.
[0113]
In the fifth embodiment, the execution right generation module A pre-stored in the software execution unit is in an inactive state, and cannot operate with this alone in terms of information amount. The module B for activating this is converted in the order management unit 502 into a form depending on the order information of the software execution unit and the encryption key, and sent as an execution right generation password. In the first to fourth embodiments described above, the execution right generation module exists in the software executor in a complete form. However, in order to activate it, permission called an execution right generation password was required. On the other hand, in the configuration of the fifth embodiment, the execution right generation module exists in the software executor in a state where the information amount is insufficient. For this reason, the fifth embodiment is more secure against unauthorized generation of execution rights than the first to fourth embodiments. After the execution right generation modules A and B generate the execution right of the order, the module B is deleted in order to return to the original state.
[0114]
In the fifth embodiment, since the execution right generation module B is converted depending on the order information and the secret key of the execution unit, if the order is different or the execution unit is different, the user of the software execution unit is , The regular module B cannot be obtained. However, in the fifth embodiment, since the module B is included in the execution right generation password as information, the execution right generation password is slightly compared with the first to fourth embodiments in which only the permission information is included. Need to increase the number of digits. The data amount of the execution right generation password in the fifth embodiment does not depend on the number of software to be ordered.
[0115]
In the fifth embodiment, the software executor 501 uses the execution right generation password received from the order manager 502 as a module B immediately after the reverse conversion without checking the password. Therefore, if the order information and the execution device encryption key do not match the input execution right generation password, the execution right generation module does not operate properly. By the way, for example, assuming that the module B has a specific structure or meaning, it is also conceivable to check the structure or meaning after using the software executor 501 after performing the inverse conversion before using it. For example, if module B is an instruction code, that code must have a specific structure. Therefore, by checking whether the module B has this specific structure, it is possible to handle an error before the execution right generation module is executed.
[0116]
The random numbers used in the second and fourth embodiments described above need only be values that change for each order, and may be generated using a counter or the like. Further, a time stamp may be used instead of the random number. Since the time stamp can be generated in common by the software execution unit and the order management unit (can be generated by the clock circuit), there is no need to send a change value from the software execution unit to the order management unit.
[0117]
In the third and fourth embodiments, when the execution right generation password is generated, the execution right generation password may be made dependent on the execution device encryption key in addition to the order information and the order identification information. The software executor only knows his or her executor encryption key, except the order manager, so only the order manager can create this execution right generation password. Therefore, the execution right generation password can be considered as signature information of the order management device, and when trouble occurs, this information can be submitted to a third party as evidence. Further, instead of such a signature method using secret key cryptography, a signature method using public key cryptography may be used. In this case, the order manager holds the secret information and uses the secret information when generating the execution right generation password. On the other hand, the software executor holds public information corresponding to the secret information of the order manager, and uses this to confirm the validity of the execution right generation password. Only when the secret information of the order manager is used, the validity of the execution right generation password can be confirmed. Therefore, the execution right generation password can be considered as a signature of the order manager.
[0118]
Also, in the first to fourth embodiments, the original software SoftA and the corresponding authenticator authA are combined, and the combined data is encrypted with the system common key S, thereby encrypting the software. Although the data obtained by encrypting this authenticator with the executor encryption key Sx is used as the execution right, the present invention is not limited to such a method. For example, an authenticator and an executor ID may be combined, and the combined data encrypted with a key common to the system may be used as the execution right. When the execution right of the execution unit X is described by an expression,
E (S, authA @ IDx)
It becomes. In this case, the execution right is obtained by decrypting the execution right and the encrypted software with the common key of the system, the authenticators obtained from both are the same, and the execution unit ID is obtained from the decryption result of the execution right. , If this matches the executor ID in the executor, it is authenticated and executes the software. In any case, the present invention can be applied to any encryption method in which the execution right can be generated from the encryption software using the data already held by the execution unit.
[0119]
In the first to fourth embodiments, the order is placed in one telephone call and the execution right generation password is received for the order. However, this may be another call. That is, an order is first made from the software execution unit to the order management unit, and this order is temporarily saved. Next, the order manager calls the software executor, checks with the order number, and notifies the execution right generation password. This shortens the time during which the user of the software execution unit is making a phone call, which is convenient in terms of cost. In addition, the user of the software execution unit can perform another software execution operation or the like until the execution right generation password is notified from the user of the order management unit. On the other hand, the order manager can perform user authentication by performing the callback.
[0120]
In the first to fourth embodiments, when the software executor checks the execution right generation password to generate the execution right, the order information saved in advance is loaded and used. However, in order to reload the order information and prevent the password from being used again, it is necessary to first delete the saved order information after generating the execution right.
[0121]
Further, in each of the above embodiments, it is conceivable that the history of the exchange between the software execution unit and the order management unit is retained on both sides, so that it can be used as reference data in the event of trouble related to the order. In addition, by leaving what software has been purchased, for example, on the software executor side, it is possible to improve the user interface of the order guidance.
[0122]
Further, in each of the above embodiments, as the order information from the software execution unit to the order management unit, for example, software IDs such as software A and software B are used. It is also conceivable to further reduce the amount of communication information by using a correspondence table of software names and codes to be used. In other words, code 2 is used for software A and software B, and code 10 is used for software B only.
[0123]
Further, in each of the above embodiments, the exchange of information between the software execution unit and the order management unit has been described as being performed by a human through a telephone. May be transmitted and received.
[0124]
【The invention's effect】
According to the first aspect of the present invention, the software execution unit generates the software execution right only by inputting the regular execution right generation password corresponding to the order. Then, only the execution right generation password, that is, information giving permission for the software execution unit to generate the software execution right corresponding to the order information, is sent from the order manager to the software executor, which degrades security. The amount of information to be sent can be greatly reduced without causing this. Further, the information amount of the execution right generation password can always be realized with a small information amount without depending on the number of software to be ordered. That is, even if the software executor orders a plurality of software at one time, the amount of information is the same as the amount of information when one software is ordered. Due to this reduction in the amount of information, it is convenient in terms of a user interface particularly when transmitting and receiving a password by telephone. In addition, the order management device is less likely to make a mistake. Also, for the user of the soft executor, mistakes in hearing and mistakes in inputting this to the executor are reduced. In addition, there is also a merit in terms of charges because the time spent on the telephone can be reduced.
[0125]
According to the second, fifth, eighth, tenth, and fifteenth aspects, the execution right generation password is generated by using the data compression function, so that the information amount can be further reduced.
[0126]
According to the third aspect of the present invention, since the execution right generation password digitally signed is sent to the software execution unit, it is almost impossible to forge the execution right generation password on the software execution unit side, which is extremely safe. A software protection system with high reliability can be realized.
[0127]
According to the invention of claim 4, a change value that changes every time order information is created is introduced, and the execution right generation password from the order manager becomes valid only in the software execution device that holds the corresponding change value. Even if you create the same order at different times and enter the previous execution right generation password, the change value generated in the later order will be different from the change value generated in the previous order. Is different and the entered password is not valid. Thus, for example, when an execution right whose execution number is limited is generated, it is possible to prevent an unauthorized use of the execution right generation password repeatedly.
[0128]
According to the invention of claim 6, in order to distinguish orders placed at different times, a time stamp commonly held by the software execution unit and the order management unit is used. There is no need to send information for distinction to the vessel.
[0129]
According to the invention of claim 7, since the order execution information dependent on the order information and the execution device secret information is generated on the software execution device side and sent to the order management device, the order management device side has the execution right. Prior to issuing the generated password, order information and authentication of the software execution unit can be performed. The authentication of the order information and the software executor is an essential function since it is actually related to billing. In the present invention, this function is efficiently realized by notifying the order authentication information of a small number of digits from the software execution unit simultaneously with the order. The order authentication information can also be used as order identification information for identifying an order.
[0130]
According to the ninth aspect of the present invention, both the number-of-times limiting function and the user authentication function can be realized without increasing the amount of information exchanged between the software execution unit and the order management unit.
[0131]
According to the twelfth aspect of the present invention, since the execution right generation password digitally signed is sent from the order management unit to the software execution unit, it is almost impossible for the software execution unit to forge the execution right generation password. Thus, an extremely secure software protection system can be realized.
[0132]
According to the invention of claim 13, the first execution right generation module for activating the second execution right generation module stored on the software execution unit side is stored in the order management unit, and the first execution right generation module is stored in the order execution unit. Since the right generation module is included in the execution right generation password and sent, the software execution unit generates the correct execution right because the amount of information is insufficient even if it tries to generate the execution right illegally. Can not do it. Therefore, a more secure software protection system can be realized.
[0133]
According to the seventeenth aspect of the present invention, the software execution device stores and holds the created order information in a nonvolatile manner, and deletes the order information after generating the execution right of the corresponding software. And the execution of software can be controlled based on the execution right generation password returned later.
[0134]
According to the eighteenth aspect of the present invention, since the software execution unit and the order management unit each retain the history of information exchanged between them, it is possible to flexibly cope with troubles that occur later.
[0135]
According to the invention of claim 19, the software execution unit and the order management unit hold codes corresponding to all combinations of software as a table, and the software execution unit uses the code obtained from the table as order information. Since the data is sent to the order manager, the data amount of the order information can be further reduced.
[Brief description of the drawings]
FIG. 1 is a block diagram showing a configuration of a software protection system according to a first embodiment of the present invention.
FIG. 2 is a block diagram illustrating a configuration of a software protection system according to a second embodiment of the present invention.
FIG. 3 is a block diagram illustrating a configuration of a software protection system according to a third embodiment of the present invention.
FIG. 4 is a block diagram illustrating a configuration of a software protection system according to a fourth embodiment of the present invention.
FIG. 5 is a block diagram illustrating a configuration of a software protection system according to a fifth embodiment of the present invention.
FIG. 6 is a block diagram showing a configuration of a conventional software protection system.
[Explanation of symbols]
101-501: Software executor
102-502: Order management device
3. Encrypted software storage
4: Order creation department
5. Executor ID storage unit
6… Executor encryption key storage
7, 21, 31, 43 ... execution right generation password checking unit
8. Execution right generation unit
9: execution right storage unit
10: Software decryption execution unit
11 Executor encryption key storage
12, 22, 33, 47 ... execution right generation password generation unit
20: random number generator
30 ... Order authentication information generation unit
32 ... Executor authentication section
40, 44, 50, 54 ... order hash part
42, 45 ... Exclusive OR unit
46… Executor authentication section
51 ... Execution right generation module A storage unit
52, 55: execution right generation password reverse conversion unit
53 ... Execution right generation module B storage unit
56 ... Execution right generation password generation unit

Claims (18)

One or more software executors for executing the provided software, and an order manager connected to each software executor via a communication path and managing an order for software received from each software executor. A software protection system,
Each of the soft executors is
Executing unit ID storing means for storing a unique executing unit ID;
First secret information storage means for storing unique executor secret information;
Order creation means for creating and storing order information for execution rights of one or more software ;
First sending means for sending the execution device ID and the order information to the order management device via the communication path,
The order manager includes:
Second secret information storage means for storing all the executor secret information stored in each of the software executors;
Executor secret information corresponding to the executor ID received from the software executor is obtained from the second secret information storage means, and execution depending on the obtained executor secret information and the order information received from the software executor is performed. Execution right generation password generation means for generating a right generation password ,
Second sending means for sending the execution right generation password to the software execution device via the communication path ,
Each of the software executors further uses the order information stored and held in the order creation means and the executor secret information stored in the first secret information storage means to execute the execution received from the order manager. Execution right generation password checking means for checking the validity of the right generation password;
As a result of the check by the execution right generation password checking unit, when the validity of the execution right generation password is confirmed, the execution right of the ordered software is determined based on the order information stored and held in the order creation unit. Execution right generating means for generating;
And a soft executing means for executing the software the execution right exists, the software protection system. The execution right generating password generating means converts the order information received from the software executor and the executor secret information obtained from the second secret information storing means into data whose output relates to all of the input bits. Input to the compression function, and output the output result of the data compression function as the execution right generation password,
The execution right generation password checking unit uses the order information accumulated and held in the order creation unit and the executor secret information stored in the first secret information storage unit in the execution right generation password generation unit. enter the same data compression function and to have the data compression function, when the output result matches the execution right generated password received from the order management device, it determines that the execution right generated password is valid, according to claim 1 Software protection system as described in. The order manager further includes a third secret information storage unit that stores secret information used for a public key signature scheme,
The execution right generating password generating means includes: secret information stored in the third secret information storing means; executor secret information obtained from the second secret information storing means; and an order received from the software executor. Using the information, generate an execution right generation password digitally signed by a public key signature scheme,
The software executor further includes public information storage means for storing public information corresponding to secret information used in the public key signature scheme,
The execution right generation password check means further the public information stored using the public information stored in means, said by signature verification method corresponding to the public key signature scheme, it generates execution rights received from the order management unit It examined also the validity of the password, the software protection system according to claim 1. One or more software executors for executing the provided software, and an order manager connected to each software executor via a communication path and managing an order for software received from each software executor. A software protection system,
Each of the soft executors is
Executing unit ID storing means for storing a unique executing unit ID;
First secret information storage means for storing unique executor secret information;
Order creation means for creating and storing order information for execution rights of one or more software;
A change value generation unit that generates and stores a change value that changes each time order information is created by the order creation unit ;
First sending means for sending the execution device ID , the order information and the change value to the order management device via the communication path ,
The order manager includes:
Second secret information storage means for storing all the executor secret information stored in each of the software executors;
Executor secret information corresponding to the executor ID received from the software executor is obtained from the second secret information storage means, and the obtained executor secret information, the order information and the change value received from the software executor are added to the obtained secret information. An execution right generation password generating means for generating a dependent execution right generation password ,
Second sending means for sending the execution right generation password to the software execution device via the communication path,
Each of the software executors further includes an order information stored and held in the order creation means, a change value stored and held in the change value generation means, and an execution device secret stored in the first secret information storage means. Using the information, execution right generation password checking means for checking the validity of the execution right generation password received from the order management device,
As a result of the check by the execution right generation password checking unit, when the validity of the execution right generation password is confirmed, the execution right of the ordered software is determined based on the order information stored and held in the order creation unit. Execution right generating means for generating;
And a soft executing means for executing the software the execution right exists, the software protection system. The execution right generating password generating means outputs the order information and the change value received from the software executing unit and the executing unit secret information obtained from the second secret information storing unit, with respect to all of the input bits. Input to such a data compression function, the output result of this data compression function is output as the execution right generation password,
The execution right generation password checking unit includes an order information stored and held in the order creation unit, a change value stored and held in the change value generation unit, and an execution unit stored in the first secret information storage unit. The secret information is input to the same data compression function as the data compression function used in the execution right generation password generation means, and when the output result matches the execution right generation password received from the order management device, the execution right generated password it determined to be valid, the software protection system according to claim 4. One or more software executors for executing the provided software, and an order manager connected to each software executor via a communication path and managing an order for software received from each software executor. A software protection system,
Each of the soft executors is
Executing unit ID storing means for storing a unique executing unit ID;
First secret information storage means for storing unique executor secret information;
Order creation means for creating and storing order information for execution rights of one or more software;
First time stamp generating means for generating and accumulating and holding a time stamp each time order information is generated by the order generating means ;
First sending means for sending the execution device ID and the order information to the order management device via the communication path,
The order manager includes:
A second time stamp generating means for generating a time stamp when receiving an execution unit ID and order information from the software execution unit;
Second secret information storage means for storing all the executor secret information stored in each of the software executors;
Executor secret information corresponding to the executor ID received from the software executor is obtained from the second secret information storage means, and the obtained executor secret information, the order information received from the software executor, Execution right generation password generation means for generating an execution right generation password dependent on the time stamp generated by the second time stamp generation means ;
Second sending means for sending the execution right generation password to the software execution device via the communication path,
Each of the software executors further stores the order information stored and held in the order creation unit, the time stamp stored and held in the first time stamp generation unit, and the first secret information storage unit. An execution right generation password checking unit that checks the validity of the execution right generation password received from the order management device using the execution unit secret information;
As a result of the check by the execution right generation password checking unit, when the validity of the execution right generation password is confirmed, the execution right of the ordered software is determined based on the order information stored and held in the order creation unit. Execution right generating means for generating;
And a soft executing means for executing the software the execution right exists, the software protection system. One or more software executors for executing the provided software, and an order manager connected to each software executor via a communication path and managing an order for software received from each software executor. A software protection system,
Each of the soft executors is
Executing unit ID storing means for storing a unique executing unit ID;
First secret information storage means for storing unique executor secret information;
Order creation means for creating and storing order information for execution rights of one or more software;
Order authentication information generating means for generating and storing the order authentication information depending on the order information and the executor secret information ;
A first sending unit that sends the execution unit ID , the order information and the order authentication information to the order management unit via the communication path,
The order manager includes:
Second secret information storage means for storing all the executor secret information stored in each of the software executors;
Executor secret information corresponding to the executor ID received from the software executor is obtained from the second secret information storage means, and the obtained executor secret information, the order information and the order authentication information received from the software executor are obtained. Executing the software executor and the order information using, and if the authentication result is valid, an executor authentication unit that treats the order authentication information as order identification information for identifying the order,
An execution right generation password generation unit that generates an execution right generation password depending on the order information and the order identification information only when an authentication result in the execution unit authentication unit is valid ;
Second sending means for sending the execution right generation password , together with the order identification information, to the software executor via the communication path,
Each of the software executors further uses the order information stored and held in the order creating means and the order authentication information stored and held in the order authentication information generating means to generate the execution right received from the order manager. Execution right generation password checking means for checking the validity of the password;
As a result of the check by the execution right generation password checking unit, when the validity of the execution right generation password is confirmed, the execution right of the ordered software is determined based on the order information stored and held in the order creation unit. Execution right generating means for generating;
And a soft executing means for executing the software the execution right exists, the software protection system. The order authentication information generating means converts the order information created by the order creating means and the executor secret information stored in the first secret information storing means so that an output relates to all input bits. Input to the data compression function, output the result of the data compression function, output as the order authentication information,
The executor authentication unit compares the executor secret information obtained from the second secret information storage unit and the order information received from the software executor with the same data compression function as used in the order authentication information generation unit. Input to the data compression function, and when the output result of the data compression function matches the order authentication information received from the software executor, authenticate the software executor that made the order and that the order information is valid,
The execution right generation password generation unit inputs the order information and the order identification information received from the software execution unit to the same data compression function as the data compression function used in the order authentication information generation unit, and executes the data compression. Outputting the output result of the function as the execution right generation password,
The execution right generation password checking means uses the order information stored and held in the order creation means and the order authentication information stored and held in the order authentication information generation means as data used by the order authentication information generation means. enter the same data compression and compression functions, when the output result matches the execution right generated password received from the order management unit, the execution right generation password you determined to be legitimate, according to claim 7 Software protection system. One or more software executors for executing the provided software, and an order manager connected to each software executor via a communication path and managing an order for software received from each software executor. A software protection system,
Each of the soft executors is
Executing unit ID storing means for storing a unique executing unit ID;
First secret information storage means for storing unique executor secret information;
Order creation means for creating and storing order information for execution rights of one or more software;
A change value generation unit that changes each time order information is generated by the order generation unit, generates a change value having a predetermined data structure or meaning, accumulates and holds the change value,
Order authentication information generation means for obtaining a value dependent on the order information and the executor secret information, and converting the change value by the obtained value to generate and store and hold order authentication information ;
First sending means for sending the execution device ID, the order information, and the order authentication information to the order management device via the communication path,
The order manager includes:
Second secret information storage means for storing all the executor secret information stored in each of the software executors;
Executor secret information corresponding to the executor ID received from the software executor is obtained from the second secret information storage means, and a value depending on the obtained executor secret information and order information from the software executor is obtained. Inverse conversion means for inversely converting the order authentication information from the software execution device using this value,
When the output of the inverse conversion unit has the same data structure or meaning as the change value, an execution unit authentication unit that authenticates that the software execution unit and the order information are valid,
An execution right generation password generation unit that generates an execution right generation password depending on the order information only when an authentication result in the execution unit authentication unit is valid ;
Second sending means for sending the execution right generation password to the software execution device via the communication path,
Each of the software executors further uses the order information stored and held in the order creating means and the order authentication information stored and held in the order authentication information generating means to generate the execution right received from the order manager. Execution right generation password checking means for checking the validity of the password;
As a result of the check by the execution right generation password checking unit, when the validity of the execution right generation password is confirmed, the execution right of the ordered software is determined based on the order information stored and held in the order creation unit. Execution right generating means for generating;
And a soft executing means for executing the software the execution right exists, the software protection system. The order authentication information generating unit may be configured to convert the order information created by the order creating unit and the executor secret information stored in the first secret information storage unit so that an output relates to all of the input bits. And outputs the exclusive OR of the output result and the change value as order authentication information,
The inverse conversion means converts the order information from the software executor and the executor secret information obtained from the second secret information storage means into the same data compression function as the data compression function used in the order authentication information generation means. By inputting the function and calculating the exclusive OR of the output result and the order authentication information from the software execution unit, the order authentication information is inversely transformed,
The execution right generation password generation unit inputs the order information and the order identification information received from the software execution unit to the same data compression function as the data compression function used in the order authentication information generation unit, and executes the data compression. Outputting the output result of the function as the execution right generation password,
The execution right generation password checking means uses the order information stored and held in the order creation means and the order authentication information stored and held in the order authentication information generation means as data used by the order authentication information generation means. enter the same data compression and compression functions, when the output result matches the execution right generated password received from the order management unit, the execution right generation password you determined to be legitimate, according to claim 9 Software protection system. The execution right generation password generation unit generates an execution right generation password dependent on the execution unit secret information obtained from the second secret information storage unit, in addition to the order information received from the software execution unit,
The execution right generation password checking means receives the order information stored in the order creation means and the executor secret information stored in the first secret information storage means from the order manager. were you examined the validity of the execution right generated password, the software protection system according to claim 7 or 9. The order manager further includes a third secret information storage unit that stores secret information used for a public key signature scheme,
The execution right generating password generating means includes: secret information stored in the third secret information storing means; executor secret information obtained from the second secret information storing means; and an order received from the software executor. Using the information and the order authentication information, generate an execution right generation password digitally signed by a public key signature scheme,
The software executor further includes public information storage means for storing public information corresponding to secret information used in the public key signature scheme,
The execution right generation password check means, further wherein the public information stored in public information storing means, using said first executor secret information stored in the secret information storage unit, the public key signature scheme the signature verification scheme corresponding to, we examined also the validity of the execution right generated password received from the order management unit, the software protection system according to claim 7 or 9. One or more software executors for executing the provided software, and an order manager connected to each software executor via a communication path and managing an order for software received from each software executor. A software protection system,
Each of the soft executors is
Executing unit ID storing means for storing a unique executing unit ID;
First secret information storage means for storing unique executor secret information;
Order creation means for creating and storing order information for execution rights of one or more software ;
First sending means for sending the execution device ID and the order information to the order management device via the communication path,
The order manager includes:
First module storage means for storing a first execution right generation module;
Second secret information storage means for storing all the executor secret information stored in each of the software executors;
First calculating means for calculating a value depending on the order information from the software executor and the executor secret information obtained from the second secret information storage means;
An execution right generation password generation unit that generates an execution right generation password by converting the first execution right generation module using the calculation result of the first calculation unit ;
Second sending means for sending the execution right generation password to the software execution device via the communication path,
Each software executor further includes a second module storage unit that stores a second execution right generation module;
Second calculating means for calculating a value depending on the order information stored and held in the order creating means and the executor secret information stored in the first secret information storing means;
An execution right generation password reverse conversion unit that generates a first execution right generation module by inversely converting the execution right generation password from the order management device using the calculation result of the second calculation unit;
Using the first execution right generation module generated by the execution right generation password reverse conversion unit and the second execution right generation module stored in the second module storage unit, the order creation unit Execution right generating means for generating software execution right based on the stored order information;
Module erasing means for erasing the first execution right generation module after execution right generation;
And a soft executing means for executing the software the execution right exists, the software protection system. The first execution right generation module stored in the first module storage means has a predetermined data structure and meaning,
The execution right generation module is configured to execute the first execution right generation module only when the reverse conversion result of the execution right generation password reverse conversion unit has the same data structure and meaning as the first execution right generation module. , by using the second execution right generation module, that generates an execution right for the software based on the order information the accumulated and held in the order making means, software protection system according to claim 13. The software provided to the software executor is encrypted including software-specific information,
The execution right generation means, when the execution right generation password checking means confirms the validity of the execution right generation password from the order manager, encryption software corresponding to the order information stored and held in the order creation means. To obtain the software-specific information, and encrypt the obtained software-specific information with the executor secret information to generate an execution right of the ordered software,
The software execution means decrypts the encrypted software corresponding to the order information stored and held in the order creation means to obtain software and software-specific information, and decrypts the execution right using executor secret information. acquiring soft unique information Te, only when the soft-specific information acquired by these decoding match, to run the decrypted software, software protection system according to any one of claims 1 to 1 4. The order creation unit holds storing the order information created in a non-volatile manner, you erase the order information after the execution right generation means generates the execution right of the corresponding software, any claim 1 to 1 4 Software protection system according to crab. Said soft executor and the order management device is that maintains a history of the information that is exchanged between each other, respectively, the software protection system according to any one of claims 1 to 1 4. The software executor and the order manager hold codes corresponding to all software combinations as a table,
The soft running instrument, the code obtained from the table, sent to the order management unit as the order information, the software protection system according to any one of claims 1 to 1 4.

Images